A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to the Hacking Humans podcast, where each week we look behind the social engineering scams, the phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe.

C

Hi, Dave.

B

And our N2K colleague and host of the T Minus Space Cyber Briefing, Maria Ramazas.

A

Maria hi, Dave. And Hi, Joe.

B

We've got some good stories to share this week, but first let's get to our follow up. Joe, what do we got?

C

Dave, Ignacio wrote in with some hints for iPhone users, and since I am not an iPhone user, I'm going to let you read this one.

B

Okay. He writes in and says, just listen to your latest Hacking Humans podcast and and is always very entertaining and informative. Well, thank you. Just wanted to provide a suggestion to deal with unsolicited callers. The following is a GSM exploit designed specifically for iOS devices because they are all the same and the steps would apply to all. It does work on Androids, but since they are different versions of the OS and the manufacturer's models, the only consistent option is the screen will display an arrow, blah, blah, blah, blah, blah. All right, so here's the malicious. Here's the non malicious version of the GSM exploit. Most users have three options for incoming calls. Answer the call, silence, or miss the call and it'll be sent to voicemail, or reject the call and it goes directly to voicemail. This exploit modifies the default reject option to divert the call to any number you may choose. For iOS devices, you need to disable live voicemail in order for the exploit to work. Once that's disabled, all you need to do is open your phone app and dial the GSM code for if busy, it's 67 the destination number and your device will display the confirmation screen. For a free and fun option, I tell my friends to use 248-434-5508.

C

The RickRoll hotline.

B

Okay, it's just got a lot more fun.

C

Yes, I want to call that right now.

B

But the user can select whatever number they want. In addition, I use the jolly roger telephone.com option and that's just hilarious. The only issue is if you receive an incoming call when you're dialing out, the incoming call will go to the diverted number.

A

Okay, hang on a second. So.

B

Yeah, I hear it.

C

I was going to dial. You were faster on the fingers than I was.

B

Yeah, yeah.

A

Indeed, that is a girl number.

B

Okay. All right. One click on the lock to silence the call and send a voicemail. Two clicks to divert the call. Like it? Hope this helps your listeners who want to deploy this. Have some fun with unsolicited calls. He'll be presenting this call divert option at BSides STX. Where's STX?

C

I don't know.

B

Don't know either. And BSides RGV this month. Huge fan of the podcast. Well, thank you. Is it Ignacio or Ignacio?

C

Ignacio. Ignacio.

B

Ignacio.

C

Yeah, either one.

A

I don't know.

B

Well, we said them both, so hopefully one of them's right. All right, well, thanks for sending that in. I may give that a try myself. I couple questions I had before we dug into our stories here today. Joe, this one's for you.

C

Okay.

B

What if you started a podcast where you outline all of the challenges of raising chickens? What would you call it?

C

What would I. Probably stick with our chicken chat.

B

No, no. Maria, you have any idea where I'm going with this?

A

Pick a little, talk a little. Pick a little talk.

B

No, no. You're both way off.

A

Okay.

C

Does it involve the word Joe?

B

It does. Yes. Yes, it does. Yes, it does. Yes. Yes.

C

Joe's chicks.

B

No, no, no, no, no. All right, I'm thinking of a podcast called Wings Joe Hates.

C

Ah, Wings Joe Hates. Oh, okay.

A

That's a good one. I was going in a totally different direction.

B

Yeah, yeah, yeah, yeah. All right. Anyway, Joe, I came across a video, came upon my YouTube feed recently that I thought may be of interest to you. I put a link here in the show notes. This is a guy who used some of this magical cooling paint. Are you familiar with this stuff?

A

Magical?

C

I am not.

B

So this is. There is a paint that. That by some strange happenstance accident of physics.

C

Thermodynamic black magic, we'll call it.

B

Yes. It sends heat into space, and it actually does this. Like, there's a band of energy that our atmosphere is transparent to. So if you. It's kind of like, you know how things that are fluorescent are basically taking light and converting it. They're taking the ultraviolet and converting it into visible light. Like, that's what this paint does. It takes regular light, converts it into the bandwidth that can be sent out into space, and it does that, and by doing that, it cools things. It's cooler than being in the shade when this paint is in full sunlight.

C

Really?

B

Yeah. And this guy uses it on his chicken coop. Among other things. He also creates a suit out of it.

C

I was gonna say, sounds like Something I'd paint my clothes with.

B

Right, right. The paint is very expensive, but I have seen other YouTube videos where people make it themselves. You can homebrew. I don't think there's anything terribly exotic about the materials that go into this particular paint, but. So I was just thinking about you and your chickens and how you keep them comfortable on a hot day like it is here today in Maryland.

C

Yes.

B

That maybe something like this on your coop would help you have comfy birds.

C

I might do something like this. I'll take a look at this video. I can't watch it right now because we're recording a podcast, but I'm very interested in it.

B

Appreciate that. All right, well, I'll have a link to both the video and also the company that makes the paint. We'll put those in the show notes.

A

Oh, I was curious about this too. We can cut this part out, but apparently it's extremely white white. So it makes it more efficient. Like, the pigments are better at reflecting than just standard white paint. So it's just, like, super white.

B

Yeah, yeah. But it also has something to do with this, like, window in the atmosphere. You can use this to cool things. Like, you could cool your house. You could use this instead of air conditioning.

C

Really?

B

This effect you could use. Yeah, yeah.

C

But the problem with that is it always works. Right. Summertime or in the winter. In the summertime, that's great. But in the winter time, you're cooling a house, you want to heat.

B

Yeah. So, yeah, yeah. So anyway, little fun. Fun with physics.

C

Yes.

B

All right, let's take a quick break to hear from our sponsors, and when we come back, we will dive into our stories. Every attacker counts on one thing. Environments that Trust too much. ThreatLocker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with ThreatLocker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. And we are back. Maria, you're up first this week. What do you got for us?

A

Well, I saw something really interesting in my LinkedIn feed this week, and it felt like a good candidate for discussing on today's show. And the headline was, I got inside a North Korean hiring scam. What I found reveals a troubling shift in tactics. So, okay, I was hooked up. So, yeah, I got social engineered by a headline. It worked. So this, this story is by Craig Silverman and he wrote it for Indicator and essentially as the headline hints, he looked at North Korean hacker groups that are setting up elaborate multi step schemes just to obscure what they are doing. And so Silverman, to research this, he was actually a willing guinea pig for these scams. And they all apart, they all appear to be part of a larger campaign called Contagious Interview, which is something that MITRE has been tracking and micro also since about 2022, 2023. So have you, have either of you heard of Contagious Interview? This, this campaign?

C

Yeah, I haven't heard of this campaign, but I'm aware that the North Koreans do this frequently.

A

Yeah, yeah, so it was, I was very interested in just having, watching Silverman go through the steps of this because he was just like, yeah, okay, let's see if this can work on me. So the hook for Contagious Interview is job offers that specifically target tech workers. So the thing is, journalist Craig Silverman, again, he's a journalist, not a tech worker. He responded to a job offer, a job post for a Full Stack software engineer. And his LinkedIn says that he is a journalist covering basically deceptive practices on the Internet with and you know, zero relevant experience in software engineering. But they decided to reach out to him and give him an interview anyway. So you know, he, he was onto something.

C

So he even tells these guys what they're doing, what he's doing.

A

Yeah, he was just like, yeah, we're no relevant experience here. But they were like, it doesn't matter. Great, let's see where this goes. Maybe you've miraculously become a Full Stack software engineer.

C

We'll train you.

A

Yeah, yeah, that happens. So the ultimate goal of the Contagious Interview campaign is to install malware on a victim's computer to steal passwords through that malware and then exfiltrate any kind of crypto wallet information. So that is the ultimate goal here. So in order to do that though specifically as part of the campaign that Silverman put himself in the pipeline for the North Korean hacker groups don't do the hiring process themselves. I guess maybe, you know, AI deepfakes, they're not confident enough in how that works yet, or they just figure there's no point, maybe because it's just cheaper to outsource the hiring process. So they hire freelancers in the Philippines, in Nigeria, Colombia and in Bangladesh. And that freelancer will then conduct a video interview for a fake company like the company that is offering a job for a Full Stack software engineer. To a journalist.

B

So they've got fake headhunters, basically.

A

Yeah, fake headhunters. So again, there's zero AI face swapping going on. Nobody needs to do the put your hand in front of your face thing, because these are 100% fully human people doing this job, and they do an actual interview and they actually manage the hiring pipeline. And the freelancers in this case are fully coached. They are given scripts that they can follow, and they are also actually paid. Spoiler alert. They're paid in crypto, and it's almost like a real job for them. They actually collaborate in Slack and they're tracking their job candidates through the hiring pipeline in Google spreadsheet. So this, to the freelancers, probably feels like an actually legit job.

B

Do we, Maria? I'm sorry, do we know if the freelancers know this is a scam or not?

A

So this is. What's interesting in the article is we're not sure. So it'd be easy for us to say that they're mere intermediaries because it appears like maybe they are like the money mules that we've talked about in some of the other scams. But in some cases, Silverman's saying that they actually do know that this is what's going on, and they're very willing to just be a part of it. Um, so it's. It's debatable whether or not they know that they're part of a broader scheme here. They may believe that the company that they're being an interviewer for is legit and like, hey, I'm just. They've outsourced some of their HR processes to us, and isn't that wonderful? But they. They definitely have just visibility into their little part of the world, and they're just hired to do a simple job. That's it. Just keep. Just keep your head down and do this thing. And the broader scheme, the scripts that are being provided to them, they never meet those people who are giving them this. And, you know, their English is very sketchy. The boss. The boss is kind of like a faceless name, but don't worry about it. So that's it. When the interviewee, like in the case Silverman, joins a Zoom call, they are then asked to do a live coding exercise. After you go through the obligatory tell me about yourself and your goals and why you'd be a good fit for this job. So again, legitimate interview feel, the live coding exercise then comes up, and when that part of the interview happens, Malware is quietly working in the background to exfiltrate passwords and also steal crypto wallet details should they exist.

B

Oh, so do they say hey we're gonna do this live coding exercise and I just need to install this viewer software on your computer. Is it that?

A

Probably, I'm not entirely sure about that part, but yeah, very likely that's what's going on when they say go out

C

to GitHub and download this, download this thing.

A

Yeah, don't worry about it. And apparently some of the researchers who Craig Silverman collaborated with on the story because he, he is a journalist but he collaborated with a number of infosec groups, some of the researchers he worked with actually were able to capture the malware that was installed on the interviewees computer and they were saying something about the malware was like very elegant and well made. So this was not like some janky thing that somebody just bought and just started running. Like this was actually really neat and clean coding for malware. So that speaks to some level of really high proficiency there. But part of the, some of the groups that Craig Silverman also collaborated with while working on the story was TRM Labs and also the Google Threat Intelligence Group. And Google specifically they said that this specific scheme is something that they track as UNC5975, which they say is a financially motivated North Korean threat cluster that primarily targets blockchain and cryptocurrency related entities. So to me what was interesting about this, actually a lot of it was, but that they're paying upfront for a lot of infrastructure that's legit to have this scheme run. I mean this is not, you know, just some sort of castawide net and let's see what happens. Clearly the North Korean hacker group feels like all the upfront costs is worth it for the payoff that they're hyper targeting presumably higher net worth, higher skill set folks who are usually actual software engineers. Because I guess it seems more likely than that that group of people would have assets of some value, especially potentially crypto.

B

Right.

A

Compared to like the average bear I suppose. So it's just interesting that if this has been going on since 2023, it still happening and apparently it's still working a treat because it's going after it.

B

I also think about all the layoffs that we've seen in tech and so there's a lot of people out there who are hungry for a new job.

A

Indeed, yes. And I know a lot of the, there, there is a lot of discussion about this in sort of the software engineering world about how to protect yourself if you are either not on the market, but just a software engineer on LinkedIn. But especially if you are actively looking for a job, I mean, a full stack software engineer, that is about as generic a software engineer job job description as you can get. So. But yeah, you don't have to worry about like, hey, put your hand in front of your face. This guy's clearly a deep, deep fake dude. This is. You're talking to real people who probably speak native English, so maybe some of the usual red flags are not there. It's, it's. I don't know, it's pretty nasty, so. And live coding exercises are kind of standard too, but I imagine if anyone's telling you to download something that's a huge no, no, immediately disconnect and do not proceed. But yeah, another thing that these, these scammer groups are doing is they're, they're using fake company names and they're changing the fake company names all the time. So I imagine they're also spinning up fake websites that maybe look legit, because you can spin those up pretty much instantly now thanks to AI.

B

Yeah.

A

So good luck researching the company that you're trying to interview for because it may pass some of the initial sniff tests for legitimacy. Yeah. So, yeah, yikes.

C

A little bit behind the curtain on this. And you can listen to the entirety of the Lazarus podcast to get this information, but North Korea funds a lot of what they do through cryptocurrency theft. Yeah, that is pretty much the, the big thing keeping that regime afloat. Or at least I don't know if there's probably other things as well, but it's, it's a big contributor to the national economy.

A

Wild.

B

You know, one of the nice things about being a professional podcast host is that people rarely reach out to you on LinkedIn to try to poach you. Or it's such a weird job, you know,

C

Instead they reach out and go, hey, can I be on your podcast?

B

Well, yes, that is the other. Yes, that is the LinkedIn time suck for sure. But you rarely, rarely are people trying to scam you out of anything work related because very few people actually understand what goes into the job.

C

Right.

B

All right, well, that's interesting. We'll have a link to that story in the show notes here. My story this week, I gotta tell you both, this has gotten under my skin a little bit, this one.

A

Oh, all right. Let me grind your gears.

B

Yeah. Cause it's making the rounds as we record. Just this morning, I saw several friends on Facebook post about this alleged scam that turns out is probably a hoax, but it's one of those ones where once one person starts posting about it, all the usual suspects start posting about it.

A

All right, lay it on me.

C

I actually say something. I saw this this morning when I was looking for my. Looking for my story.

B

Yeah.

C

And I was like, what is this? This looks kind. That's B.S.

B

good. Well, my bar for including a story is lower than yours, Joe.

C

Right.

B

No, no, no, no.

C

I mean, you're not talking. You're not talking about. You're talking about the viral nature of the story, the how. How this. How this thing spreads.

B

Right? Right.

C

And. Yeah. So let's. I'm sorry for derailing you. Let's.

B

No, no, no, no. So. So here's the. So, basically, what the claim is is that criminals are altering gas pump nozzles to steal fuel. And so what happens is you go up to pump your gas at your local gas station. You take the nozzle out, you pump your gas. When you go to put the nozzle back in the pump, there's a screw that is sort of wedged in the little flap that goes down when you put the nozzle back into the pump.

C

Right. Which is the switch to tell the pump the transaction is over.

B

Correct. Right. So you put the nozzle back in, this screw is in the way, the flap doesn't go down, you drive away, and the scammer immediately drives up where you were, they fill their gas tank, and your card gets charged.

C

Right.

B

That's the scam.

C

Is that how this works?

B

Well, that's.

C

That's how they claim this works?

B

Yes.

A

Okay, so in other words, the victim

C

thinks that they allegedly. The victim thinks they've turned the pump off and completed the transaction.

A

Yeah, but, like, don't people stand there and just wait for the thing to say, you know, do you want a receipt or whatever?

B

Well, I do.

C

Yeah. Yeah.

A

I'm just. I thought that was. Do people just drive off? Not. I mean, really.

B

People got places to be, you know, they can't be waiting around for. For receipts and things.

A

I'm crazy impatient, but, like, I'm cheap as heck. I don't want somebody getting free gas. This is just me. For decades. I'm like. I'm waiting until this thing says I'm done.

B

Right.

A

And that they've closed out. I'm not driving off till it says this. Okay. Sorry.

C

There's a gas station around here, Maria, that you'd love, called Highs, owned by Carol Fuels. Now, Highs used to be a dairy when we were. When Dave And I were kids.

A

Her last name is Fuels and she owes a gas stat.

C

Well, it's Carol Fuels, because I think they're based out of Carol County. Yeah, yeah, but county I now reside

A

in, but it's a woman named Carol and her last name is Fuel. Fuel.

C

Yeah.

B

It was destiny. Yeah.

A

Right.

C

So every time I go to a highs. And. And. And I say, it says, would you like a receipt? And I say, yes. It essentially says. It says, clerk has receipt. In other words, we haven't both filled the paper.

A

Yeah.

C

Would you like a receipt? Well, too bad.

A

That'd be nice. Wouldn'.

B

Joke's on you.

A

We all like a receipt, but we're not getting one. Okay.

B

You should go in there sometime just to see the blank stare, like. Yeah, I'm sorry. What?

C

I don't feel like dealing with that.

B

You want a receipt? Is everything okay, sir?

C

Yeah, I'm traveling.

A

What year is it?

B

So here's the thing. When I saw people sharing this this morning, they were linking to a story from a local police station. Local police force.

A

Really?

B

Who was sharing the story on this?

C

Okay, can we just.

A

Can we just. Has anyone else noticed that sometimes local police Facebook pages, the official ones, do perpetuate, like, nonsense like this?

B

Yes.

A

Yes. Okay. It's not just me.

B

No, no.

A

It's like our local police is posting stuff. I'm like, that stuff. That's just not true. Just.

C

What are you doing?

A

Okay. Yeah, yeah, okay.

B

I understand. You know, I maybe say, better safe than sorry. Who knows? Whoever's running the social media channel, your local law enforcement agency, Summer intern. Right.

A

I know they're busy with actual stuff. I get it. Like, I get it.

B

Yeah. So according to this report here. So let me back up just a bit. I, too, was skeptical of this. It just didn't make a whole lot of sense to me. So I did what everyone does, which is. Well, evidently my friends don't do it. But I did a Google search, and the first thing I found was a page from Snopes. Right. Pretty reliable in terms of busting myths and that sort of thing. I know people have different opinions of Snopes, but overall, they're pretty good. And they looked into this. They found that back in May of this year, there was a Facebook post from the Queen Anne's County Sheriff's Office, which is right here in the great state of Maryland.

C

Yeah, Just over the bay.

B

They helped spread the warning. The office later revised the post and labeled the claim unfounded. And they also found that the screw that someone found in the pump Was a maintenance issue, not criminal activity. So they reached out to Shell. Shell Gasoline spokesperson was unaware of any such incident. They reached out to racetrack, Walmart, Philips, 66, Conoco and 76. None of them had any known cases of this. They say the earliest references appear to be in late 2025 on Reddit and TikTok showing screws in pump nozzle holders.

A

Oh, yes, TikTok. Nothing scammy or nonsense is ever posted there. Certainly not Reddit either. Yet.

B

Okay, so it just took off. It just became viral. TikTok videos. They said that the original sheriff's office post showed signs of AI assisted editing.

A

No, no, there's that. No, never.

B

They say there is a related scam. It's called a pump switching scam, where someone will dist or assist a customer at a pump and then add fuel to their own vehicle. But this is not that. So imagine somebody look over there and

C

then, hey, where'd my gas pump go?

B

Right.

A

I can't even get the gas thingy to go all the way around the right side of the car half the time. How are you going getting it to another car entirely? Okay, I'm sorry.

B

It's not like the old. Remember the old days, Joe, when the hoses would reach all the way around the car? Yeah, yeah.

C

It didn't matter what side you pulled up to.

B

No, no, it just. Now, they don't do that. No, they don't do that.

C

You got to pay attention to a little arrow next to your gas gauge.

B

Right, Right. Which overall is better. Because, you know, we're not running over gas hoses like we used to.

C

We're not pulling them off anymore.

B

Right.

C

Well, actually, they have breakaway nozzles now.

B

Right.

C

I saw someone actually, at a highs, break one of those away the other day.

B

Oh, really?

C

He was filling up a tank on the back of his truck, and the thing just falls off and he looks down and goes, that's unfortunate.

B

I mean, I handled it like a champ.

A

I was like, that's unfortunate.

C

I was impressed with how well he handled it.

B

Yeah.

A

Totally unbothered. That's kind of awesome.

C

He was on the phone with a customer and he was just like, it was great to watch. I need to be more like that guy.

B

Right, Right.

C

Because I know us been like, what the.

B

And taking life in stride.

C

Right.

A

What else is. What else could go wrong today? Yeah.

B

Again, according to Snopes, they say despite widespread social media warnings and news coverage, no verified evidence has emerged showing that criminals are using screws in gas pump nozzle holders to steal Fuel through open transactions.

C

I got. I got a question for both of you.

A

Bless the folks at Snopes, honestly, that they. They debunk stuff like this.

C

Here's my question for both of you.

B

Yeah.

C

How great do you think it feels to be the guy that came up with this thing and start distributing it, to see it blow up to this level?

A

I feel like you're cooking an idea right now, Joe.

C

Well, I've always wanted to do something like this.

A

Yeah, no kidding.

B

They used to do this on the Letterman show. Do you remember that, Joe, Back in the day?

C

What would they do?

B

They would start. They would try to start a rumor.

C

Oh, no, I don't remember that.

B

Yeah, yeah, they would just, you know, classic sort of Letterman, aren't I a stinker kind of thing to do on live television. But the one I remember is they were trying to start a rumor that the city of New York had put some additive in the water that would turn your urine blue. And so they started calling around to tell people that. That this was going to happen. And, you know, it was a good late night TV comedy, but. Yeah, I think you're right, though. Whoever did this must have some sort of perverse satisfaction seeing that. Probably would start it off as a stupid TikTok video or just. Yeah.

C

And now law enforcement reported on this. I just made this up.

B

This is awesome.

A

Yeah. So, Joe, if you would be starting a rumor, what would you start?

C

I don't know. I'd have to think about it. And this is where I fall short on this, is I can't think of something that isn't plausible. Like this, that. Because I actually have come up with a number of plausible things, but maybe next time I'll just. But highly unlikely, right?

B

Yeah. There is a bit of an art to this, isn't there?

C

Oh, you know what? Maybe my school bus idea.

B

Okay.

C

Do you remember the school bus idea?

B

Go on.

C

My wife and I, when we were thinking about buying a camper, drove by the school bus that was for sale. My wife said we could buy that and turn that into a camper.

B

Yes.

C

I said, no, don't worry about that. Think of all the kids we could have ducked with it.

A

Oh, my God.

C

Right? Of course, as you do my daughter's reaction.

A

Why is that where you're. Okay.

C

My daughter's reaction was exactly what Dave's was. She laughed because she has the same dark sense of humor. My wife was what Maria had, right? Where she was like, you're a disgusting human being. Why would you.

B

Is that where your mind Is right. Where was this in our wedding vows, Joe?

C

Definitely under sickness. So my son was like, he sits in the backseat and he goes, wait a minute. What stops somebody from doing that?

B

Yeah.

C

And I asked you about this once, Dave, and you said that patrols in Howard county were told what the license plate of Howard county buses looked like.

B

That's true.

C

Yes.

B

Back in the day they were. Anyway.

C

Right?

B

Yes.

C

And then somebody else. I asked somebody else about it and they said, well, nothing in Montgomery County. A guy who, who is a principal in Montgomery county, he said, yeah, there's really nothing that stops that from happening. And then I talked about it with other security professionals and one of them said that's not really the threat model for abducting kids.

B

Yeah.

C

Cuz you're gonna get way too many kids.

B

Yeah. So I just wanna say there is a famous case of this happening and there are plenty of YouTube videos about it where somebody did this. Got a school bus abducted, basically an entire route's worth of kids. I wanna say they had like an underground. They buried a U haul truck or something. There was some bizarre twist to it where they had built an underground bunker to keep the kids in and the teachers, you know, while they were basically holding them for ransom.

C

Right.

B

And somebody. It all, you know, it did not end well for the crooks. I don't believe any of the kids got hurt, but I hope I'm wrong on that.

C

Yeah, you hope you're right on that.

B

Yes, I hope

C

you're right that the kids all made it out.

B

It's not. The other rats got what's coming to them. Yeah.

C

No, that's a very important malaprobism to correct.

B

Good. But yes, anyone can buy an old school bus.

C

Right.

B

And it'll still be painted. I'm stalking you.

A

Just do it. Just go for it.

B

Everybody I know someone who bought an

A

old

B

like a Greyhound bus and converted it into a camper.

C

Yeah, well, that's. A Greyhound bus is essentially the same frame as a camper. Yeah, yeah, they're the same like mci, I think, is the Motorcoach International.

B

Okay.

C

Not the defunct dishonest accounting long distance company. But yeah, they build a lot of the camper bases and then camper companies take them and turn them into class A motorhomes.

B

Yeah. So bottom line here, this gas pump screw thing is not real.

C

Right?

B

Yeah. Write your own joke.

C

Right.

B

And if you see people spreading this around on social media, please do your part, refer them to the Snopes article or if you have another debunking website that you prefer, send them there to help tamp this one down, but it's currently making the rounds. All right, let's take a quick break before we get to Joe's story. We'll be right back after these messages. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Joe, you are up. What you got for us?

C

Good news, I think. I hope this is good news. I've been nothing but a ray of sunshine on this show lately.

B

Yeah.

C

This story comes from our friend Mallory Safoste up at wmar. Yeah, we gotta have her back on.

B

Yeah, Mallory's great.

C

Yeah. There has been a new law passed here in Maryland. Dave, that gives. Sorry, Maria. Not Massachusetts. That gives banks and credit unions the power to temporarily hit pause on suspicious transactions involving older people. Now, Mallory has the story of Judith boyvin, who lost $600,000, which amounted to all of her retirement from one of these FBI scams. And FBI impersonate. Hey, we. We think that you guys are laundering money. We need to get that money out of that account and put it into our custody.

B

Right.

C

Which is never how the FBI operates. If the FBI is going to seize your money, they have means of doing that. Right.

B

They won't warn you.

C

Right. And they will not warn you. Right. So this new law takes effect on October 1st of this year and gives financial institutions the authority to hold transactions. And one of the things in the law. I took a look at the law real quick. It says adults who are 65 and older and other vulnerable adults. The hold can last for 15 days or in some cases, 25 days while the transaction is reviewed.

B

That's quite a hold. It is.

C

It's significant. They're also. Financial institutions are now also permitted to notify Trusted contacts. This is from John Brotckitz, who's the president and CEO of the Maryland D.C. credit Union Association. Because Dave, you and I are members of credit unions.

B

That's true.

C

Right. And I'm a big fan of credit unions. Better rates, better. Better services. Yeah, it's for the members. You're a member. You're actually a shareholder when you're in the membership, which is good. That's what we're trying to do, is find better ways to protect our members is a quote from him. So they're adding a trusted contact person who is not a signer on the account. They don't have authority to access the money, but it's someone who might be helpful if a bank employee goes, this doesn't seem like it's in our customer's best interest. Let's call your trusted person and get them in here.

B

That's interesting.

C

And then the trusted person can come in and say, yeah, mom, dad, brother, whatever, this is a scam. Let's try to get a bunch of people in here to convince you that it's a scam. How do you guys think this is going to work in terms of romance scamming? How well do you think it will work?

A

I mean, we've talked about something like this a while ago. It wasn't institutionalized legislatively, but that a lot of financial institutions have training for their staff to kind of pump the brakes when they see something like this in an in person transaction.

C

Right.

A

And I do wonder, I mean, it

B

also reminds me that when my folks were still around, I had access. They made me co signer on their bank accounts, but I had automatic notification through the bank's app if a transaction over X amount of dollars happened. So if someone tried to drain an account or something like that, or something unusual happened, I would get notified. But part of what intrigues me about this legislation is why specifically would you want it to be someone who did not have access to the account? I guess that means it's someone who doesn't have any financial skin in the game.

C

I don't know if that's in the legislation. I think what the legislation says is a trusted individual so it can be somebody else on the account, but it doesn't have to be.

B

Oh, I see.

A

Right.

B

Okay.

C

So Bratsakis goes on to say that there was a credit union locally, that somebody requested a wire, they had all the correct information to conduct this wire transaction and it involved a mortgage payment and they wanted the money to go to an individual rather than a company. And the banks paused it and then they started to go through the process. When they started to go through the process and they were able to stop it and it was like $80,000 that somebody was going to send to some scammer. Oh, wow. They've already done these kind of things when they can, when they recognize a fraudulent transaction, they're, you know, they've said, hey, you're. You're sending a. What looks like a mortgage payment to an individual, not a mortgage company. So the AARP has a. Our favorite day, our favorite account, favorite website. Dave, the aarp.

B

Right. Maria hasn't hit this stage of life yet, but somewhere around 50, they just start. You don't even have to ask. They just start sending you things and you're like, too soon. Too soon.

A

I got one, I got a mailer from them when I was 29.

B

Oh my.

A

Wow. Yep. And that put me into a tailspin, let me tell you.

B

Wow.

A

Yep, 29. My knees were still good. I was very offended.

B

Right, right, exactly.

C

My knees are getting worse. It really sucks going upstairs.

A

They don't tend to get better with age, Joe.

B

No, they do not. Just all that goes just in one direction.

C

Yeah. I might have to do what my mom did. And at. Two new knees.

A

Two new knees.

C

So the AARP says that this is House Bill 1008 and Senate Bill 753. Vulnerable Banking Protection act allows financial institutions to temporarily delay or deny suspicious transactions. Banks and credit unions may pause a disbursement if they reasonably believe it could lead to financial exploitation, which I think is great. So I'm anxious to see how this plays out. I really want to see if this works. I'd like to know if the state of Maryland is going to collect data on this. Their state of Maryland does a lot of data collection on things like this. And one of the other things, as much as I complain about the state of Maryland, the government here is very consumer protection oriented.

B

Yeah, it's true.

C

So I mean, it's not a caveat emptor state like our neighbors to the south Virginia. It is consumer protection oriented, which is great. Which is one of the things I really appreciate about it.

B

It a thing I wonder about, I guess, if I had a slight concern is whether or not the banks could use this as an excuse to float money. Right. Because already when you do some large transactions, they're not immediately made available. Banks make a lot of money by floating your money, by making it unavailable for a few days or, or whatever the float may be, depending on the amount and in the meantime, that money's making money for the bank and that's part of their business plan and so be it. But if suddenly everyone over the age of 65 had a 15 day delay on every transaction. Right, right. Then I think we'd have a problem. But yeah, so hopefully it doesn't come to that. But that's the only thing that makes. Gives me a little bit of pause. Yep. If somebody.

C

And that's why I was wondering about data analytics. Actually, that's one of the benefits of my wondering about data. I wasn't thinking about that vector, Dave. But yeah, I mean, if you had the data on how many times, what percentage of, you know, how many transactions you conducted without putting a hold on it and how many transactions you conducted with putting a hold on it, it'd be pretty, pretty easy to spot that kind of thing.

B

Yeah. Overall I, I like, I like that they're trying to put things in place to look out for seniors who more and more are being targeted by this kind of thing.

C

Indeed.

B

All right, well, we will have a link to that story in the show notes. Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from one of our favorite locations, R. Scambait. It has to do with Prince Andrew who you say no longer a prince.

A

No longer a prince. He got deprinced.

C

He got deprinced.

B

This is titled Dr. Prince Andrew admits to drinking blood occasionally.

A

Dr. Prince Andrew.

B

So, Maria, I think I will be Prince Andrew.

A

Dr. Prince Andrew, Dr.

B

Prince Andrew to you. And the other person on the other end of the line here is a lady. So you are best suited for that part. Okay, there's no lady. That's Maria.

A

Yeah, that's right. That's damn right.

B

All right, here it goes. Starts out, it says hello, hello, Dr.

A

Prince Andrew. Smiley winky face.

B

How are you, dear? My old friend, it's been a while. Hope you're doing well.

A

Have we met? Blushing smiley face.

B

We have been friends for a long time ago on this app. I was not active here for a long time due to my challenges with Jeffrey Epstein scandal. I've been facing one ordeal to the other. Lost so many people close to me now. Isolated but looking for a new genuine friendship. After all the fake news about me, it's become clear I have no case to answer. I really would love to be a very close friend as I love your personality online.

C

I don't know that that statement is at all correct that he has no case.

B

To answ, please, where are you From I see.

A

It really is a shame that you turned out to be a pedo. Smiling, crying face. If we really were friends before like you say, please tell me something about myself to prove it.

B

I am never a pedophile. I made a wrong choice of friends. Been an elite. I had a few circles of powerful friends whose secret lives I wasn't aware of. We've been friends online. That's what I meant. I've never met you physically. The media over exaggerated my friendship with Epstein. A friendship I regret and had suffered a lot of humiliation.

A

Don't sweat it. Smiling face.

B

How are you today? I hope you're okay. I've been thinking about you. Have you been able to fill the form?

A

The form? Confused emoji.

B

Yes, dear. Please submit it here. Sorry, it wasn't meant for you. How have you been?

C

Was this scammer getting his wires crossed here?

A

You're an odd.

B

Sorry about that. I had a friend who suffered from cancer. So I recommended him to the British Royal Family non official ambassadorship so that he can receive the privileges accrue to members which include elite styled medical assistance and financial assistance. She was supposed to fill a form and submit a copy to me and send one to the British Royal Family non official membership committee. But I mistakenly ask you for the form. However she has done that. Sorry about the inconvenience.

A

Is your friend male or female emoji?

C

I was going to ask that.

B

Female. Why do you ask? Hope you're fine. Where are you from?

A

Antarctica. Pride Flag.

B

Okay. Are you single or married?

A

Widowed. My late husband Olfart choked to death on a chili cheese top. Crying face.

B

So sorry to hear that. Are you in any relationship now? And how old are you?

A

I am 47 and a half. I'm seeing my. Sorry, that's. I'm seeing my neighbor Earl. Casually. Happy winky face. How about you?

B

Not seeing anyone. M66. Can I see your pictures?

A

I don't even know how to describe that image. A hag with a really swamp hag. Perhaps.

B

Yes.

A

With very interesting choices in makeup.

B

Mm. Okay. But you're not 47, are you?

A

And a half.

B

It's okay.

A

There's an age difference of 18 and a half years between us. I would like to have children someday. Aren't you too old for that? Question marks. Why are you ignoring me? Sweat hard.

B

She probably meant sweetheart. I'm gonna just go with that.

C

Yeah.

B

Being busy. How are you?

A

I'm wondering if our goals are aligned. Thinking emojis. Of course.

B

It can be possible to be together. Heart emoji. But firstly, you need to apply for the Royal Family Non Official membership. But even before that, there's need for you to make a charity donation to the UK Royal Family Charity organization.

A

There it is.

C

Here it comes.

B

There it is.

C

Yeah.

A

You didn't even answer if you planned to have more children. Yes, dear wonderful heart emoji.

B

But you need to apply for the Royal Family Non Official Ambassadorship membership first.

A

What's the difference between the official and non official Ambassadorship membership?

B

The officials are for Carrier ambassadors, but the non official are for the people designated as influential persons on behalf of the Royal Family and are answerable to the Carriage King.

A

But I don't think the King even likes you privately.

B

We are very good brothers and good to one another. Don't worry about that. Okay. We are blood.

A

Do you drink it, though?

B

I do occasionally. What about you?

A

No, I'm vegetarian.

B

Okay, sweetheart, we can accommodate each other. Are you ready to apply for the Royal Family Non Official Ambassadorship membership?

A

Chip? I'm not emotionally ready, no.

B

And it ends there.

C

That's pretty good.

B

That is a pretty good one.

C

Yep.

A

So many questions. Dr. Prince Andrew.

B

Yeah, it's probably an honorary doctorate, I'm guessing, right?

C

Hasn't been stripped from him yet.

A

Holy cow.

B

Right?

A

Why? Why him? To. Why all the Reddit comments said exactly what I'm thinking. Why would you choose to pretend to be that guy?

C

Yes.

A

Right.

C

That's the top comment here. So he's fully aware of Prince Andrew's problematic history, but chooses to impersonate him anyway. Am I getting that part right?

A

Oh, man.

C

We should move to Bill Cosby or Gary Glitter for the next one.

A

Oh, my God.

B

Oh, my God. Like, what, Hitler wasn't available?

A

Yeah.

B

Oh, my God. All right, we will have a link to our catch of the day in the show notes, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, please email us. It's hackinghumans2k.com we're going to take a quick break here. We will be right back after this message. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution. Blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ivan. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Buettner.

C

I'm Joe Kerrigan.

A

And I'm Maria Vermazes.

B

Thanks for listening,

A

Sam.