Managing online security throughout the decades. - Hacking Humans

Summary5 min read

Podcast Title: Hacking Humans
Host/Author: N2K Networks
Episode: Managing Online Security Throughout the Decades
Release Date: June 12, 2025

Introduction

In this episode of "Hacking Humans", hosts Dave Buettner and Joe Kerrigan, joined by Maria Varmazes, delve into the evolving landscape of online security. The conversation spans from contemporary scams to generational differences in cybersecurity practices, providing listeners with valuable insights and practical advice to navigate the increasingly complex digital world.

Nationwide Medical Insurance Scam

One of the episode's central discussions revolves around a burgeoning medical insurance scam that has garnered attention from both the FBI and local healthcare organizations like Health First Health Plans.

Dave Buettner introduces the scam:
“The scammers target individuals who are looking for cheap health insurance and urge them to pay for a full year upfront. Victims are contacted via calls, texts, emails, and social media ads, and are offered low-cost plans that ultimately provide no coverage at all.” ([07:44])

A Maryland resident's plight exemplifies the scam's impact:
A man incurred a $7,000 hospital bill after an emergency surgery, only to find his supposed insurance offer was nonexistent.

The hosts share personal experiences with health insurance challenges:

Dave discusses the complexities of navigating the Affordable Care Act marketplace to secure insurance for his freelance son.
Maria recounts her struggles with expensive COBRA insurance before Massachusetts introduced MassHealth, a program that alleviated some of her financial burdens during unemployment.

They emphasize the importance of verifying insurer legitimacy: “Verify the insurer's legitimacy with your state insurance department and check with healthcare providers to ensure they accept the plan.” ([13:30])

Google’s Survey on Privacy and Security

Maria Varmazes presents findings from a recent Google survey conducted in March 2025, which explores user perceptions of privacy and security across different generations.

Key Findings:

60% of users reported an increase in online scams over the past year.
Confidence in Identifying Scams:
- 52% are somewhat confident.
- 32% are very confident.
- 15% lack confidence.

Maria remarks on these statistics:
"I would really love to test those folks." ([16:42])
“It's more about people relying on out-of-date authentication methods and the need to transition to more secure alternatives like passkeys.” ([20:54])

Discussion Points:

Email and Text Messages remain the top vectors for scams, each reported by 60% of respondents.
Surprisingly, only 20% encountered scammy websites, a figure that Maria finds unusually low.
Social Media Scams were reported by 27%, which Maria also finds underwhelming given the prevalence of such threats.

Security Practices:

60-75% of users employ strong unique passwords, with 75% of Boomers leading in this practice.
Two-Factor Authentication (2FA) usage remains stagnant at 50%, highlighting a significant area for improvement.

Generational Insights:

Gen Z leads in adopting passkeys, with 40% using them as their primary login method, compared to 35% of Millennials and Gen X, and 26% of Boomers.
Social Sign-Ins like "Sign in with Google" are more popular among younger users, but trust issues persist among older generations.

Quotes with Attribution:

Joe Kerrigan on overconfidence:
“I would like to say they are overconfident.” ([16:45])
Dave Buettner on generational trust issues:
“I don't trust those platforms to be my sign in.” ([22:54])

Real-Life Scam Anecdotes

The hosts share personal encounters with deceptive practices that illustrate the subtlety of modern scams.

Joe Kerrigan’s Brunch Experience: Joe recounts a misleading survey attempt at a brunch spot where he was tricked into leaving a Google review instead of completing a legitimate survey.
“I felt a little bit of betrayal there from the company... That's a little bit of an underhanded trick.” ([27:22])

Dave Buettner’s Vacation Scam: While checking into a resort in Florida, Dave and his family were pressured into creating accounts and providing personal information to retrieve their baggage.
“I would create an account... but I'm feeling trapped because he's got my bags.” ([28:55])

Catch of the Day: Fake Report Scam: A redacted scam message was shared, purporting to notify Dave of alleged drug use at his previous employer, McDonald's. The hosts dissect the elements that make such scams compelling:
“They’re trying to inject some fear here... Either you did do some drugs or you're being falsely accused.” ([37:14])

AI and the Illusion of Automation

Joe Kerrigan discusses the collapse of Builder AI, an AI startup backed by Microsoft, revealing that their touted AI capabilities were actually powered by 700 human engineers in India. The company's promise of a no-code AI development platform was a façade, leading to their downfall and receivership.

Key Insights:

Builder AI's Collapse: Highlighting how reliance on human labor masked as AI can erode trust and lead to business failure.
Round Tripping: Joe introduces the term, describing a fraudulent accounting practice where companies inflate revenues by billing each other without actual service delivery.

Maria relates this to similar schemes in the art world, where repeated transactions with the same few entities create an illusion of business activity.

Quotes with Attribution:

Joe Kerrigan on Builder AI:
“It's like Mechanical Turk, which was an old scam run by... It’s just 700 engineers writing code for people under the guise of AI.” ([33:04])
Maria Varmazes on round tripping:
“I'm familiar with this scheme because in the art world...” ([35:10])

Protecting Yourself from Scams

Throughout the episode, the hosts emphasize the importance of vigilance and education in combating online scams. They advocate for:

Awareness of Common Scams: Understanding the tactics used by scammers to manipulate victims.
Verification of Information: Always double-check the legitimacy of offers and communications.
Adoption of Strong Security Practices: Utilizing strong, unique passwords and enabling two-factor authentication wherever possible.

Maria concludes with a positive note on password practices:
"We've been beating that drum for so long that we're at almost 3/4 of people say they actually do that. That is amazing." ([21:05])

Conclusion

This episode of "Hacking Humans" provides a comprehensive overview of the current state of online security threats, the psychological tactics employed by scammers, and the evolving practices across different generations to safeguard digital identities. By sharing personal anecdotes and analyzing recent surveys, the hosts equip listeners with the knowledge needed to recognize and defend against sophisticated cyber threats.

Notable Quotes

Dave Buettner on prioritizing security:
“I think I made the right choice [attending his son's graduation].” ([00:51])
Joe Kerrigan on overconfidence in scam detection:
“I would like to say they are overconfident.” ([16:45])
Maria Varmazes on user confidence:
“Have you tested it? Right? Like, I mean, I think I do, but how do you know?” ([08:55])
Dave Buettner on the US healthcare system:
“The irrationality of the US healthcare system... They pay $20 and people are apologetic their bills are so high.” ([10:13])
Maria Varmazes on generational password practices:
“At least strong unique passwords are at 60 to 75% so that feels like a win.” ([21:05])
Joe Kerrigan on Builder AI’s downfall:
“It's like Mechanical Turk... 700 engineers writing code for people under the guise of AI.” ([33:04])

Stay Informed: For more insights and to stay ahead in the rapidly changing world of cybersecurity, visit hackinghumans2k.com.

Loading summary

Transcript293 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
Dave Buettner
Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe.
[00:31]
Joe Kerrigan
Hi, Dav.
[00:32]
Dave Buettner
Our N2K colleague and host of the T minus Space Daily podcast, Maria Vermazes.
[00:36]
Maria Varmazes
Maria, hello, Dave. And hello, Joe. And here. Cheers.
[00:39]
Dave Buettner
We've got some great stories to share this week and why don't we jump right into the fun here? We do have a little bit of follow up. Maybe self serving.
[00:48]
Joe Kerrigan
Yes. We can't not talk about the chickens, Dave.
[00:51]
Dave Buettner
Okay.
[00:52]
Joe Kerrigan
Last week I was listening to the episode. Cause I'm like that. I listen to every single episode just in case I say something profoundly stupid. I can come in here in the next episode and correct it. Okay, that's really the case. But I tell people it's. Cause I love hearing the sound of my own voice. But we were talking last week while you were at your son's graduation.
[01:11]
Dave Buettner
Yes.
[01:11]
Joe Kerrigan
Not very dedicated to the podcast, I assume.
[01:15]
Dave Buettner
Sorry. I did an analysis of my priorities and I think I made the right choice. Okay, agreed, agreed.
[01:23]
Joe Kerrigan
But Maria said one of the things I should do is come up with some names of chickens that were related to malware. And I was like, okay. But I couldn't come up with off the top of my head. So I took a little bit of time, came up with some chicken names based on malware.
[01:37]
Dave Buettner
Okay.
[01:38]
Joe Kerrigan
Number one. Kluxnet.
[01:40]
Maria Varmazes
Mm, that's a good one.
[01:41]
Dave Buettner
Good con.
[01:42]
Joe Kerrigan
Chicker. Like Conflicker.
[01:44]
Maria Varmazes
Yep, yep. Oh, yeah. An oldie but goodie, right?
[01:47]
Joe Kerrigan
Because they are Wyandottes. I could call one of them Wyancry. Like Wannacry.
[01:53]
Maria Varmazes
Wanna cry. Yeah. Yep.
[01:54]
Joe Kerrigan
You remember the very first self replicating worm? The Morris Worm?
[01:58]
Maria Varmazes
The Morris Worm, 1989. Yeah, right.
[02:01]
Joe Kerrigan
Morris worm eater.
[02:02]
Maria Varmazes
Love that.
[02:03]
Joe Kerrigan
Because now I'm getting into the. And then like Blaster Worm. I was thinking Boxster, but now I feel like at this point I'm just like kind of shoehorning these into the. Into the. Into the name. So that's all I've come up with.
[02:18]
Maria Varmazes
Those are really good though. I like Kluxnet a lot.
[02:21]
Dave Buettner
Kluxnet.
[02:22]
Maria Varmazes
10 horsepower meter.
[02:24]
Dave Buettner
Do you know what chicken based malware uses?
[02:27]
Joe Kerrigan
What does it use?
[02:28]
Dave Buettner
Hencryption.
[02:29]
Joe Kerrigan
Hencryption.
[02:31]
Dave Buettner
Oh.
[02:31]
Maria Varmazes
Good night, everybody. All right.
[02:34]
Dave Buettner
A little bit of foul Play.
[02:36]
Maria Varmazes
Oh, my God.
[02:40]
Joe Kerrigan
By the way, the chickens have been moved now to the garage. They are too big to be in the basement anymore. They are now out in the garage and they are. They are getting very large very quickly.
[02:50]
Dave Buettner
Yeah.
[02:50]
Joe Kerrigan
And eating a lot of food.
[02:52]
Maria Varmazes
Yeah, I relate to that strongly.
[02:55]
Dave Buettner
Do you? So you. Is there, like, specific chicken chow that you feed them?
[02:59]
Joe Kerrigan
Yes, it's. It's just chicken feed. Yeah, it's got, like, oyster shells ground up into it to make their eggs harder. Oh, and then.
[03:07]
Maria Varmazes
Oh, they eat oysters. Fancy.
[03:09]
Joe Kerrigan
Well, they eat the shells of oysters.
[03:12]
Maria Varmazes
Yeah, but you got to get the oysters.
[03:14]
Joe Kerrigan
Right. And then they also eat. There's also some mealworms, and they love the mealworms. Oh, mealworms are their favorite.
[03:21]
Dave Buettner
You know, as you know, Joe, you've been to my house. I live near a lake.
[03:27]
Joe Kerrigan
Yes, you do.
[03:28]
Dave Buettner
And I was out there one day walking around the lake, and there was a guy who had a little net, like a little, you know, four by four foot net. And he was tossing this net out near the shore and just bringing it in. And I went over to him, I said, hey, you know, what are you up to? I'm curious. And he said, oh, I'm catching crayfish.
[03:47]
Maria Varmazes
Crayfish?
[03:47]
Dave Buettner
Yeah, crayfish. You know, crayfish. Right. Little mini lobsters.
[03:52]
Maria Varmazes
Yep.
[03:53]
Dave Buettner
Right.
[03:53]
Joe Kerrigan
Mud bugs, they call them in Louisiana.
[03:55]
Dave Buettner
Yeah. And I said, oh, that's interesting. What are you catching crayfish for? And he said, to feed my ducks. So evidently, crayfish to a duck is, well, I mean, I guess like a lobster. Right. I'm picturing ducks with little lobster bibs.
[04:11]
Joe Kerrigan
Little crayfish bibs.
[04:12]
Maria Varmazes
Little drawn butter.
[04:14]
Dave Buettner
Yeah, yeah.
[04:15]
Maria Varmazes
Do they eat the green stuff? Yeah, of course they do.
[04:17]
Dave Buettner
I wonder if the chickens would enjoy crayfish as well.
[04:21]
Joe Kerrigan
I don't know, but there are lots of spotted lanternflies out near where my daughter lives. Oh, do they eat. They're all over the place. I hope so.
[04:29]
Dave Buettner
Yeah.
[04:29]
Joe Kerrigan
Because they're all over the place out there.
[04:32]
Maria Varmazes
Oh, my God.
[04:33]
Joe Kerrigan
And they're invasive. And I live like five or six miles from my daughter's house and haven't seen a single one of them yet. And right now they're in the cute little nymph phase. You know, if you can call bugs cute and little. But some bugs I do like click beetles. My favorite bug of all. And Maria's laughing because I have a favorite bug.
[04:51]
Maria Varmazes
No, I'm just like, of course it was. Of course you do.
[04:56]
Dave Buettner
My favorite bug is the praying mantis.
[04:58]
Joe Kerrigan
I Like praying mantises, too.
[04:59]
Dave Buettner
They're pretty cool. They're cool because they're. They're big. They're big. They live around here.
[05:04]
Joe Kerrigan
Yep.
[05:05]
Dave Buettner
And also I like the fact that they can move their head.
[05:08]
Joe Kerrigan
Yeah.
[05:08]
Dave Buettner
You know, can't move their head. And a praying mantis will track you.
[05:12]
Joe Kerrigan
As you walk by and they watch you.
[05:15]
Dave Buettner
Yeah, yeah.
[05:16]
Joe Kerrigan
It always unnerves me, but I love them and they're good to have around.
[05:19]
Dave Buettner
Yeah, that's true.
[05:20]
Maria Varmazes
That is true.
[05:21]
Joe Kerrigan
They are.
[05:32]
Dave Buettner
And now a few thoughts from our sponsors at ThreatLocker. The tactics used by cyber criminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back. So let's get on to our stories. Welcome to Animal Husbandry Corner. Let me start things off. Oh, my goodness. So this is a story. It's actually from the Space Coast Daily, which, Maria, sounds like your.
[06:20]
Maria Varmazes
It's not my story. Yes, it's your story. Okay.
[06:25]
Dave Buettner
T minus. And I guess the Space coast is what the. Where's the Space Coast, Maria?
[06:31]
Maria Varmazes
Around the Florida area. Yeah. Where they launch from, basically. I'm gonna get angry emails about this, but I'm being very well say.
[06:38]
Dave Buettner
Okay. Yeah.
[06:39]
Joe Kerrigan
All I'm thinking of is Space Ghost coast to coast.
[06:42]
Dave Buettner
Right. Speaking of praying mantises.
[06:43]
Joe Kerrigan
Right.
[06:45]
Maria Varmazes
I have that mug. When I started T minus, Brandon thought of Space Ghost for me. So now I have a Space Ghost mug.
[06:51]
Dave Buettner
Nice. There you go. Nice. So the Space Coast Daily, which is a local newspaper, around that neck of the wood, they posted an article about a scam that's been making the rounds. It's actually national. And the FBI put out some warnings about this. And it was sort of a joint announcement from the FBI and a local healthcare organization down in Florida called Health First Health Plans. And they were warning folks about this nationwide medical insurance scam. And how it works is the scammers target individuals who are looking for cheap health insurance and it urges them to pay for a full year upfront. And so the victims get contacted via calls or texts or emails, and also, wait for it, social media ads.
[07:44]
Maria Varmazes
Yay.
[07:46]
Dave Buettner
And they're offered low cost plans, but the plans don't actually have any coverage at all.
[07:53]
Joe Kerrigan
This is the ideal insurance business model.
[07:58]
Dave Buettner
Go on. So, I mean, it's the ideal business model for anything if you think about it.
[08:03]
Joe Kerrigan
Go ahead. I'm sorry. The ideal insurance business model is you tell people, hey, we're going to pay for everything that happens when it's bad and when things go wrong and then they actually don't pay anything. Oh, no, you weren't covered for this because of xyz. You know, you didn't. So, I mean, I'm always afraid that every form of insurance is like this.
[08:24]
Dave Buettner
Well, yes, same, you know, look, our international listeners, I'm sure, scratch their heads at the irrationality of the US healthcare system and how we still seem to go on day by day and be okay with it compared to the kind of coverage that other people get. And what I wonder is like, and I say this myself, people say I have good health insurance. Do you?
[08:54]
Maria Varmazes
Have you tested it?
[08:55]
Dave Buettner
Right? Like, I mean, I think I do, but how do you know? You know only when you try to use it and whether it gets approved or denied.
[09:04]
Joe Kerrigan
Right.
[09:05]
Dave Buettner
So I think I have good health insurance. Sure. Sure as hell does cost a lot.
[09:09]
Joe Kerrigan
Right.
[09:10]
Dave Buettner
But, but I don't know. And there's really no way to know. Like, I suppose I could, you know, read through whatever the mountain of paperwork and also get a master's degree in this sort of thing. But anyway, so what happens with the scam is people think that they have coverage and then they go and they get services and they try to use this insurance and it's just no good. This article talks about a man here in Maryland who was left with a $7,000 hospital bill after he had emergency surgery and it wasn't covered.
[09:46]
Joe Kerrigan
Hmm.
[09:47]
Maria Varmazes
So which, if you were telling me this about it without knowing that this was a scam, I would say this sounds like day to day insurance problems that everybody has.
[09:55]
Joe Kerrigan
Goodness, $7,000 for surgery. Pretty good deal.
[09:59]
Maria Varmazes
I was gonna say. That's not bad.
[10:03]
Dave Buettner
Again, the irrationality of the US healthcare system. We think a $7,000 hospital bill is a good deal. Our European listeners are like, what are you talking about?
[10:14]
Joe Kerrigan
Right.
[10:17]
Dave Buettner
We pay $20 and the people who hand us the bill are apologetic that it's so high. So, yeah. I'm curious if either of you have been in the situation of trying to help a friend or a loved one get affordable healthcare, someone who doesn't have it provided through their employer. If you've been through that lately of trying to get someone you know or love healthcare insurance, I ask because I just went through that. My son just turned 26, which means he fell off of our health insurance.
[10:54]
Joe Kerrigan
Right.
[10:55]
Dave Buettner
He is a freelancer, so we had to go find him, basically go through the Affordable Care act, the state of Maryland, the marketplace. Yeah. The marketplace that Maryland provides and try to find him. And, boy, let me tell you, is that fun.
[11:10]
Maria Varmazes
Yeah.
[11:12]
Dave Buettner
I'm curious if either of you have been through that at all or if I'm the lucky one.
[11:16]
Joe Kerrigan
I have not been through it. I haven't had to deal with this. I know my dad had to deal with that. Something similar with my grandmother when she was living up with us because she needed some Medicare gap insurance.
[11:28]
Dave Buettner
Yeah.
[11:28]
Joe Kerrigan
You know, something like that.
[11:29]
Dave Buettner
Yeah.
[11:30]
Joe Kerrigan
But my father, like I said, I've said many times, he was. He actually still is an accountant, a cpa. I found out recently he's still a cpa. I thought he had given up the credential, but nope, he keeps up. Keeps up with it for him. That's good.
[11:42]
Dave Buettner
Yeah.
[11:43]
Joe Kerrigan
And he. He's always handled it, so I don't have to do that for younger people. My kids are both employed and have health insurance through their employers, and they have kids of their own. Both of them do, so they're doing that.
[11:58]
Dave Buettner
Yeah. Okay. Yeah. How about you, Maria?
[12:01]
Maria Varmazes
Yeah, I've been through this personally a couple of times, either with myself or helping other people. Now I live in Massachusetts. We have something sort of like. It's not technically universal healthcare in the proper definition of it, but we have something that's pretty close. It's called Mass health. But it's. That's sort of newish to me. When I was unemployed in my 20s, I had gotten laid off from my job. At the time, I. MassHealth did not exist. So I had to get COBRA insurance and part of my severance agreement with my previous employer, they generously offered to pay half of my COBRA for at least a few months. And COBRA is extraordinarily expensive. And I remember my bill went from $1,200 a month to a mere $600 for me, who was struggling to pay rent at the time. So that was really painful. I'm very glad I didn't have. I had. I already had a chronic condition that I was managing at the time, so I was sweating bullets. It's honestly thanks to a lot of my friends that helped me quite literally find places to get cheap groceries that I managed to get through all that. But, yeah, I mean, it was. It was a tough time. This is a long time ago, but I still remember it very, very strongly. And thankfully, not long after that happened, MassHealth came into. Came into being. And so it's not perfect. There are certainly gaps there, but a lot of my friends who've had to use it, it helps them out so I'm grateful for it.
[13:30]
Dave Buettner
Well, getting back to this scam here, the warnings are look out for someone really trying to get you to pay for upfront. And what they do is they, you know, they offer you irresistible deal. If you pay everything up front, you're going to save a lot of money if you pay up front rather than paying month to month. And really what they're after is to get that big bulk payment and then, you know, you'll never see them again.
[13:59]
Joe Kerrigan
Right.
[13:59]
Dave Buettner
Some cases they're, they're out of here, you know, because it was a scam from the beginning. From the beginning. And of course, just verify the insurer's legitimacy with your state insurance department, check with healthcare providers to make sure that they accept the plan. Just that sort of general stuff. But kind of to your point, Maria, if you're in a situation where you really need insurance and you've got that emotional component of being under a time constraint or a financial constraint, you can see how people could, could go in on this kind of thing.
[14:36]
Maria Varmazes
Absolutely. I'm, I think in my case, if I had received this scam at that time when I was in between jobs and also trying to manage some health stuff and figure out how to pay rent and figure out how to get groceries, very lucky that I didn't have like a kid or anything at that time. If someone said, you can pay for all this upfront, not that I had the money to do that, but if I did, that would have been a very tempting way to take that concern off of my mind. So I can absolutely see that.
[15:01]
Dave Buettner
Yeah. They also point out that if you find yourself a victim of this, report it to the FBI's Internet Crimes Complaint center or call 1-800-Medicare for Medicare related fraud. So we'll have a link to that story in the show notes here. Maria, you're up next. What do you have for us this week?
[15:23]
Maria Varmazes
I have a little survey that Google just put out on their blog post, the Privacy and Security blog, via their vice president, Evan Kotzevinos. And it's a survey that Google put out, presumably of their own user set about privacy and security within the United States divided by generational groups. So we can get into the fun. Boomers do this versus zoomers do that if we want. And I was sort of expecting that. But honestly, across the board, a lot of things are pretty consistent across age groups. So I actually found that more interesting. So some of the across the board findings from this survey was that of all the users surveyed, 60% said they saw an increase in online scams in the last year. And this was done in March 2025. So between March 2024 and March 2025. Yeah, I think that tracks with what we've been talking about also. And in terms of all the users surveyed, confidence is mid. I guess, as the kids would say about how confident people are that they could actually identify scams. They didn't say whether or not AI and deepfakes play into this, but I have a feeling it really would. So 52% of the surveillance said they are somewhat confident they could ID scams. 32% are very confident. That is an interesting number. And 15% are not very or not at all. That 32%. I would really love to test those folks.
[16:43]
Joe Kerrigan
I would like to say they are overconfident.
[16:45]
Maria Varmazes
I'm feeling the same way about that.
[16:49]
Dave Buettner
Let me pause for a second. How do the three of us feel? How would we rate ourselves?
[16:54]
Maria Varmazes
I would say somewhat. Even doing what I do, I would always say somewhat. I want to be humble.
[16:59]
Joe Kerrigan
I would be somewhat confident only because we do this podcast and we talk about this kind of stuff every single week. My question would be, how many false negatives would I be getting? That would be a good measure. Could I identify something as a scam or legitimate? And if I identify it as legitimate or as a scam, when it is legitimate, do I get penalized in the scoring? Probably. And I would probably identify a lot of things that are legitimate as scams.
[17:28]
Maria Varmazes
It's interesting. Yeah, that's exactly. I mean, I'm the person in my family. I'm sure you both have a similar role. People text me or email me things. Is this a scam? I get phone calls from my family all the time. I got this email or phone or whatever. Can you tell me this is a scam? And there are times where I'm going, I'm not entirely sure. Let me look into this for you. I can't tell you off the bat, like, it's a good thing you didn't respond to it right away. But there have been a few times where I was thinking, I think it is a scam and ends up actually, it wasn't. It was legit. So, yeah, maybe my radar can be off on that one, too.
[18:00]
Dave Buettner
That's interesting. See, I would have said I would. I would be very confident. And I don't know. You know, it's. Maybe it's just one of those things, like, what is it like? I forget what it was like. 80% of men think they could beat Serena Williams in A tennis match or something. It's completely unearned and is more a reflection of the baseline overconfidence of your average middle aged white man.
[18:28]
Joe Kerrigan
I have.
[18:28]
Dave Buettner
It might be that.
[18:29]
Joe Kerrigan
No such overconfidence.
[18:30]
Maria Varmazes
I was gonna say in our sample size of 2. 50. 50 here.
[18:35]
Joe Kerrigan
So Serena Williams would kick my ass in a game of tennis?
[18:39]
Maria Varmazes
Yeah, yeah, same.
[18:41]
Joe Kerrigan
I'm sure she can run from one end of the court to the other without getting winded. And that's where she'd get me in the endurance party.
[18:47]
Dave Buettner
I'd like to see you try to jump over the net to congratulate.
[18:50]
Joe Kerrigan
Not gonna happen.
[18:50]
Maria Varmazes
No.
[18:52]
Joe Kerrigan
And the attention Clay on that one.
[18:54]
Dave Buettner
All right, go on, Maria.
[18:58]
Maria Varmazes
In terms of the actual vector for ATT and ck, the way people are seeing scams come in in their lives, I don't think this is a huge surprise to any of us that email and text messages are actually neck and neck for the top ways that people are receiving scams. So 60% of respondents saw each both email and text message threats, or scams rather. But the ones that surprised me were that scams via websites were 20. Under 20% of respondents saw scammy websites. That number just feels like it has plummeted and that's just based on nothing but vibes for me. I just, I feel like not that long ago that number would have been a lot higher. Yeah, yeah, 20%.
[19:37]
Dave Buettner
It's just because so much is being done on mobile devices. Like we've got the whole generation, you know, I consider the generation below my own and I'm solidly in Gen X are just so mobile device centric, you know. Is that what we think could be the cause? Like they are. They just aren't using computers, you know, desktop computers to the degree that we are.
[20:03]
Maria Varmazes
Yeah, they're using. I mean, things are more app based, I would presume. And then also the web has become so centralized, we don't have as many bespoke websites where I feel like they'd be easier to breach or make, you know, inject malicious code like it used to be. True. Yeah, that. That's just. To me, I just. That number just feels so much lower than I would have thought. But I think that's probably just gut feeling on that one. And then another lower than I expected number was social media threats only came in at 27%. So again, that's 27% of respondents to this survey said they saw scams on social media. That number feels way too low given how many social media scams we talk about on this show Facebook alone.
[20:46]
Dave Buettner
And is that reflective of their ability to identify them?
[20:50]
Maria Varmazes
That is a great question. I think that is the question, truly, yes.
[20:54]
Dave Buettner
So let me just roll in with some of my confidence and tell them what's what.
[21:00]
Maria Varmazes
They're dumb. I'm smart. No.
[21:02]
Dave Buettner
Yeah, step aside.
[21:05]
Maria Varmazes
That's a great question though, honestly. And for happier news, I suppose, 60 to 75% of the users surveyed said they use strong unique passwords and I wanted to throw a little parade. We've been beating that drum for so long that we're at almost 3/4 of people say they actually do that. That is amazing. And I have to give credit to the boomers. They come in at the highest percentage. 75% say they use strong unique passwords, which is I don't think what people might expect, but they are winning at this. So that is well done, boomers. And then consistent with what I think a lot of us have known, two factor authentication, two FA, about 50, 50 use it. So I, I feel like that needle hasn't moved in a very long time. People either use it or they don't and we can't really get a lot of people to adopt it past that halfway percent, that halfway point. So the Google's point about these two data points, about the strong unique passwords and two FA means is that people are still relying on what they consider to be these out of date authentication methods and they want to deprecate them as soon as possible for things like passkeys and social sign ins. But you know, at least strong unique passwords are at 60 to 75% so that feels like a win. And so Google is saying that their social sign ins, like sign in with Google, as one example is the percentages are much higher with youth, with the zoomers and it drops as you get older. And my thought on that was social media platform fatigue because the older you get, the more social media platforms you've seen come and go. I still remember Friendster, for God's sake. Not that there was social sign in with Friendster, but maybe you just kind of go, I've had enough of tying everything to this one service and then it goes away and now nothing works. So I wonder how that might change as people get older.
[22:55]
Dave Buettner
For me it's trust. Like I don't trust those platforms to be my sign in.
[23:00]
Joe Kerrigan
No controller.
[23:04]
Maria Varmazes
There's also that. Yeah, yes. Do you want Google having all of the keys to the kingdom? Do you want Facebook having all the keys to the kingdom? Yeah.
[23:12]
Dave Buettner
No, I don't want Google and I and I. And it is a million times less that I want Facebook.
[23:18]
Joe Kerrigan
Right.
[23:20]
Maria Varmazes
Exactly.
[23:22]
Joe Kerrigan
I just Google sign in for things that are easy and don't matter to me.
[23:25]
Dave Buettner
Yeah.
[23:25]
Joe Kerrigan
Like my Zillow sign in is a Google sign in.
[23:28]
Dave Buettner
Yeah.
[23:28]
Joe Kerrigan
I don't care about, you know, if, if, if Google goes ahead and uses my information to sign in and look at my Zillow history, I don't care enough. They're not going to see anything I want, but they're not gonna be my authentication method for my bank.
[23:43]
Maria Varmazes
Yeah.
[23:44]
Joe Kerrigan
Can you imagine anything? Yeah. For anything else.
[23:48]
Maria Varmazes
Yep. And then similar pattern with things that are higher with youth and drop as you get older. Don't read into that too much. Passkeys, our highest use with gen Z. So 40% of gen Z say they use passkeys as their primary way to log into things. Millennials and Gen x are around 35% and then boomers are 26%. 40% of Gen Z using passkeys is higher than I would have expected. Only because I didn't realize that people were adopting passkeys that much. But Google's also been, and other services, I should say they've been pushing it pretty aggressively for the past year, at least for people to switch to pass keys. So I, I, maybe, maybe I shouldn't be surprised. So Google's giving the crown to the zoomer, saying they're leading the way with the most secure sign in methods and by leading with passkeys.
[24:34]
Dave Buettner
God bless them.
[24:35]
Maria Varmazes
God bless them. So I guess the rest of us have some catching up to do because I'm pretty sure none of us are zoomers. Pretty sure.
[24:41]
Joe Kerrigan
Nope.
[24:41]
Dave Buettner
No, no, no, no, no, no. Dave and I, there's very little zooming going on in my life right now.
[24:47]
Joe Kerrigan
Dave and I are Generation Marie. Were you born after 1981?
[24:52]
Maria Varmazes
I was. I'm a millennial, but I'm an elder millennial, so most of, most of my friends are also Gen X because that seems to be the generation I get along with the best. But yeah, I'm technically millennial, so.
[25:03]
Dave Buettner
Yeah, just an old soul millennial.
[25:06]
Maria Varmazes
It's just when I was born, I remember the analog years very, very well. And I was, you know, in high school when the Internet was still very bespoke. So those are, those are good years.
[25:18]
Joe Kerrigan
So good. So good.
[25:19]
Maria Varmazes
Yeah. So good.
[25:21]
Joe Kerrigan
According to Purdue Global. This is from Purdue Global Edu, Generation X. Their keywords are flexible, informal, skeptical and independent. I'll agree with the skeptical part, skeptical, informal part and the flexible part. And I agree with all Those, I think those are me pretty darn great.
[25:41]
Dave Buettner
As I say, we were raised on hose water and neglect.
[25:44]
Joe Kerrigan
Right? And that's because boomers were one of the words is workaholics.
[25:50]
Dave Buettner
Right, There you go. All right, well, I tell you what, let's take a quick break here to hear from our sponsor. We will be right back. So let's return to our sponsor, Threat Locker. Threatlocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust endpoint protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for a approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show. And we are back. Joe, you are up. What do you got for us this week?
[27:23]
Joe Kerrigan
First, I want to talk about how since we all got together last time, I want to tell you I got got. Oh, mildly, mildly. But I got got. So Sunday morning I, we went out to brunch and had a good time at brunch. And the waiter comes up at the end after I'm paying the bill and he goes, hey, here's our survey app. Scan this, scan this barcode and, and give us a rating on the survey app. And my name is right here and let us know how it, how it works. So I, oh sure. I mean this guy was great. So I'm gonna go and give him a good review on their survey app. So I scan the barcode, tap the barcode, tap the link and I go. And as I'm entering the information and giving it five stars, I realize I'm writing a Google review. It is not a survey app at all. It's a Google review that I'm writing. So now out there, and I still went through with it and said, you know, it's a great place go get to have brunch. Matt's great, wonderful service. And I noticed the comment right below me was, same thing. Matt's great. Apparently Matt's a very good waiter.
[28:38]
Dave Buettner
You.
[28:38]
Joe Kerrigan
Know, but I, I, I felt a little bit of betrayal there from, from, from the company. Yeah, I know they're not, you know, it's not Matt's fault. They're not making him do, or they're making him do this. It's not his. But I was like, you know, that's a little bit of an underhanded trick, I think, you know?
[28:56]
Maria Varmazes
Yeah.
[28:57]
Dave Buettner
I had a similar thing happen when we were on vacation earlier this year. We took a trip to Florida to the big theme parks down there. And we were checking into the resort where we were, and I don't remember the details, but for some reason we had to give our baggage to the.
[29:18]
Joe Kerrigan
Homeless guy out front.
[29:20]
Dave Buettner
No, I don't think so. No. You know the guys at the front who help you with your bags?
[29:25]
Joe Kerrigan
The bellhops.
[29:26]
Dave Buettner
The bellhops. Thank you. That's the word I was looking for. And so I hand over the bags and the bag guy does exactly the same thing. Hey, can you rate us? And this and that and the other. And I'm like, oh, God. So I would create an account and this and that and the other.
[29:41]
Joe Kerrigan
Give me back my bags.
[29:42]
Dave Buettner
Right. But I'm thinking like, but I'm feeling trapped because he's got my bags. So am I going to say no? No. Because my bags are going to end up in the swamp.
[29:52]
Joe Kerrigan
Right.
[29:53]
Dave Buettner
Being eaten by an alligator. But so it was left a little bit of a bad day.
[29:59]
Joe Kerrigan
But Dave, your fedora will look so good in an alligator.
[30:01]
Dave Buettner
That's true. My traveling hat. All right, Joe, what else you got?
[30:08]
Joe Kerrigan
So this story comes from business today, which I don't, I guess India. That's India.
[30:16]
Maria Varmazes
India, right.
[30:18]
Joe Kerrigan
There was a company called Builder AI. Perhaps you've talked about this in the Cyberwire, Dave.
[30:25]
Dave Buettner
I don't. That doesn't ring a bell, but keep going.
[30:27]
Joe Kerrigan
All right. They were an AI startup backed by Microsoft, and they have now collapsed into receivership after their one of their creditors seized a bunch of money for defaulting on things or seized a bunch of accounts. They had an artificial intelligence platform that was no code development. Turns out it was actually powered by 700 human engineers in India. The company marketed its platform as an AI assistant named Natasha, which could assemble software applications like LEGO bricks. But recent reports and commentary have revealed that behind the scenes, customer requests were actually manually fulfilled by developers and not by machines.
[31:11]
Dave Buettner
Pay no attention to the man behind the curtain.
[31:13]
Maria Varmazes
Seriously, is literally that. Yeah.
[31:17]
Joe Kerrigan
Automated Turk.
[31:19]
Maria Varmazes
Yep.
[31:19]
Joe Kerrigan
Or mechanical Turk.
[31:21]
Maria Varmazes
Mechanical turk. That's what it is.
[31:22]
Joe Kerrigan
Mechanical Turk. Mechanical Turk. Which was an old scam run by a. I can't remember where the guy was from, but he said, I have this mechanical turk. It looks like a robot and it plays chess. And it's just a guy that's really good at chess. Inside the machine, moving an arm.
[31:42]
Dave Buettner
Right.
[31:42]
Joe Kerrigan
That's all it was. It's an apocryphal story. But here we are in 2025 with real Mechanical Turks writing code, 700 of them writing code for people. And under the guise of it being AI, and the company is now essentially shut down. It's gone into receivership. Well, what that means, actually, they're a London company, so I don't know what that means exact. Exactly. But here in the US when you go into receivership, that means you have somebody has been appointed as a trustee of the company, and they're going to decide how the assets are distributed among creditors. So it's shutting down is what it is.
[32:26]
Dave Buettner
Yeah. I wonder how you pull that off. I mean, how. I'm just thinking about. Because what people want out of an AI is speed, right?
[32:35]
Joe Kerrigan
Yeah.
[32:36]
Dave Buettner
So how do you get 700 engineers? How do you break them up into teams so that if someone queries this fake system that it looks like your response is coming quickly?
[32:51]
Joe Kerrigan
Maybe you say, oh, this is going to be very hard. Give us a minute. Give me a minute. I have to put something together.
[32:55]
Maria Varmazes
That was just what I was thinking when I've used ChatGPT and it's like, oh, we're actually really busy right now. We'll let you know when this is done. 20 minutes later. I'm still thinking about it.
[33:05]
Joe Kerrigan
Yeah.
[33:05]
Maria Varmazes
Yeah. Especially if you use the free versions of stuff, it might take some time to do a stupid meme image or whatever. The. What was it? The. The. The image of everybody is an action figure that overloaded their systems when they opened them. It's just a bunch of engineers with Photoshop. Just really quickly.
[33:23]
Joe Kerrigan
You did one of you as a Muppet, right, Dave? Yes, I did one of me as a Muppet. It doesn't look anything like the one you did as a Muppet.
[33:30]
Dave Buettner
Yeah.
[33:30]
Joe Kerrigan
Yours looked like an actual Muppet. Like it was an actual puppet standing there.
[33:33]
Dave Buettner
Right.
[33:34]
Joe Kerrigan
Mine looked like somebody drew a Muppet.
[33:36]
Dave Buettner
Yeah.
[33:36]
Joe Kerrigan
And I didn't like that.
[33:37]
Dave Buettner
Okay.
[33:38]
Joe Kerrigan
I could have probably asked it to prompt again and do something else. I did get a really cool. Recently, a really cool picture of me with a shotgun standing on a pile of skulls. That was pretty awesome.
[33:49]
Maria Varmazes
What are you making?
[33:51]
Dave Buettner
The image for your new heavy metal album.
[33:53]
Joe Kerrigan
Yes, yes.
[33:57]
Maria Varmazes
With chickens, obviously.
[34:00]
Joe Kerrigan
And again, I look more like John Goodman than I do like me. Which is kind of weird. In the face, it looks more like John Goodman than it does me.
[34:07]
Dave Buettner
Huh. Okay.
[34:11]
Joe Kerrigan
Maybe the AI thinks, hey, this is just John Goodman pretending to be Joe Kerrigan.
[34:16]
Dave Buettner
Yeah, I'm sure that's what it is.
[34:17]
Joe Kerrigan
That's what it thinks.
[34:17]
Maria Varmazes
That's exactly what it is. Yes.
[34:20]
Joe Kerrigan
Anyway, there were also some other shenanigans going on at this company. I learned a new term, by the way, called round tripping, which is a. Is a. This is a term for if you're. If you're a startup company, you want to look like you've got a lot of business, you find another startup company that wants to look like they have a lot of business, right? And then they bill you for a million dollars and you pay them. And then you bill them for a million dollars and they pay you. And you go, look at this revenue. We got a million dollars of revenue coming in every month.
[34:52]
Maria Varmazes
That is. I'm familiar with this scheme because in the art world, when you go to, like, a comic or a zine show, there's a joke that the same $5 bill makes its way around the whole show. Just artists buying from each other and paying the five bucks for the comic, and then it moves on. So it's just. It's the same $5 bill, but you've made a lot of sales.
[35:11]
Joe Kerrigan
Yeah, right. There was a joke about that in. Where I went to college up in the western part of Maryland in Frostburg, somebody, the one of the bar owners said there's just one $20 bill, and it just keeps making its way around this town.
[35:24]
Maria Varmazes
Round tripping. All right, I'm adding that to the lexicon. All right.
[35:28]
Joe Kerrigan
No, but round tripping, you know, you're billing for services that aren't actually happening.
[35:32]
Dave Buettner
Yeah, Right.
[35:34]
Joe Kerrigan
So all you're doing is creating entries in the books. You're not actually doing anything else. You're not incurring any cost for it beyond the accountants cost, you know, your bookkeepers. But it's completely fake. And this company was just a scam from front to back on it. And they built Microsoft out of a ton of money, apparently.
[35:54]
Dave Buettner
Yeah.
[35:54]
Maria Varmazes
It's just like when businesses tell you how they're doing in percentages only. We've increased our revenues by 500%. Oh, yeah, right. What did you start from?
[36:04]
Joe Kerrigan
Right, $2. Now we've made 10.
[36:09]
Dave Buettner
Yeah.
[36:10]
Joe Kerrigan
This is not really something that people need to be on the lookout for. It's really a, you know, a scam for, you know, more of a corporate kind of scam. What's interesting is that they, they got people to pay for the service that was really just essentially other people doing things for them.
[36:27]
Dave Buettner
Yeah. What's that online thing? Fiverr. Is that the one?
[36:31]
Joe Kerrigan
Fiverr. And, and believe it or not, there's actually an Amazon service where you can do this called MTurk, right?
[36:36]
Dave Buettner
Yes.
[36:36]
Maria Varmazes
Yeah, I'm familiar with that.
[36:37]
Joe Kerrigan
But it's like micro tasks. Those are. Those are smaller tasks. I've used that service to buy people's time for filling out surveys, which is nice.
[36:47]
Dave Buettner
All right. All right, well, we will have links to all of our stories in the show notes and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com. All right, Joe and Maria, it is time for our catch of the day.
[37:14]
Joe Kerrigan
Dave, our catch of the day comes from the scams subreddit and it's highly edited with somebody putting. Putting things in there. So I'm just gonna let you read this one.
[37:25]
Dave Buettner
Yeah. And I'll put my own information in for the things that have been redacted as if they were being sent to me. Okay. All right. So it says. Hello, Dave, Good evening. Sorry to reach out so late. We understand that you were previously employed at McDonald's. It has come to our attention that potentially upsetting camera footage was flagged from March 2023. This incident involving yourself, Tom and Bob leads management to believe that drug use during working hours may have occurred. We must inform you that a report is being filed. Although it says we must inform you that a report it being filled and CyberWire LLC has been notified when convenient. Please use this link to review the details. Oh, I'm in big trouble, guys.
[38:18]
Joe Kerrigan
You are druggies at McDonald's.
[38:23]
Dave Buettner
Say it as so going through the drive thru. Here's your chicken nuggets with a side of weed.
[38:28]
Joe Kerrigan
Right.
[38:29]
Maria Varmazes
I would love to know where that McDonald's is. Please let me know.
[38:33]
Dave Buettner
I'm just basing that on the smell.
[38:35]
Maria Varmazes
Damn.
[38:39]
Dave Buettner
I'll take over cigarette smoke any day of the week.
[38:41]
Joe Kerrigan
One time I went through a McDonald's and I was getting. My wife was hungry, she needs something to eat. So I just got something for her and the guy says it's $4.15. I look at the guy and I gauge him and I go, should have been 5 cents more. And he takes a second, he goes. And I look at him and go, aha.
[39:03]
Maria Varmazes
Gotcha.
[39:04]
Dave Buettner
Free from madness. Get away from me. Druggie got him. Yeah. So obviously we're trying to inject some fear here.
[39:17]
Joe Kerrigan
Yes.
[39:17]
Dave Buettner
That you're gonna get fired from your current workplace. Because either. So two things here. I mean, maybe you did do some drugs at your previous employer, or you're being falsely accused of doing some drugs at your previous employer. Either way, not good. And something that gets your attention.
[39:36]
Joe Kerrigan
Right. This all hinges on how accurate the information is as well.
[39:40]
Dave Buettner
Right.
[39:41]
Joe Kerrigan
Right. So if you actually had worked at McDonald's.
[39:43]
Dave Buettner
Which I have never done.
[39:44]
Joe Kerrigan
Which you've never done.
[39:45]
Dave Buettner
I should have said Radio Shack. I have worked at Radio Shack. Have you? Oh, yeah. Oh, it was a great job.
[39:50]
Joe Kerrigan
Yeah.
[39:51]
Dave Buettner
Dream come true.
[39:52]
Joe Kerrigan
Seriously, I used to go over there for my Battery of the Month club.
[39:56]
Dave Buettner
Yeah. No, I was at Radio Shack during the golden age of Radio Shack. When I worked at Radio Shack, there were more radio shacks than McDonald's.
[40:02]
Maria Varmazes
Really, man. Those were the.
[40:04]
Dave Buettner
Wait.
[40:05]
Maria Varmazes
Battery of the Month club. You know, Tell me about that offline joke.
[40:08]
Joe Kerrigan
Okay.
[40:09]
Dave Buettner
There are lots of listeners who are shaking their heads up and down like, yeah, yeah, I had.
[40:13]
Maria Varmazes
I remember Radio Shack well. But not Battery of the Month Club. So, okay.
[40:16]
Dave Buettner
Oh, yeah. All right. Well, that is our catch of the day. And once again, we would love to hear from you. You can email us. It's hackinghumans2k.com.
[40:28]
Maria Varmazes
Foreign.
[40:34]
Dave Buettner
And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices. And that is Hacking Humans brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. Please look for the show survey in the show notes or send an email to hacking humans@n2k.com this episode is produced by Liz Stokes. Our executive producers, Jennifer Ibin were mixed by Elliot Peltzman and Trey Hester. Peter Kilpie is our publisher. I'm Dave Bittner.
[41:32]
Joe Kerrigan
I'm Joe Kerrigan.
[41:33]
Maria Varmazes
And I'm Maria Varmazes.
[41:35]
Dave Buettner
Thanks for listening.