Hacking Humans: New Tools, Old Problems – Detailed Summary

Released on December 26, 2024, by N2K Networks, the "Hacking Humans" podcast explores the intricate world of deception, influence, and social engineering within cybercrime. In the episode titled "New Tools, Old Problems," hosts Dave Bittner, Joe Kerrigan, and Maria Varmazes dissect recent scams, discuss evolving tactics employed by cybercriminals, and examine both listener experiences and potential countermeasures.

1. Listener Feedback on the Shoebox Scam

The episode opens with Dave Bittner sharing listener feedback from Alan, who references a previous discussion about a $50,000 shoebox scam featured in episode 278. Alan recounts a similar incident involving his sister-in-law in Australia:

Dave Bittner [01:41]: "They asked her to Google a police station in Shanghai and to look at the phone number. Then they proceeded to call her from this number and convinced her that they were the Chinese police."

This scam mirrors the shoebox tactic, where scammers physically present a shoebox containing money to gain trust before disappearing with the funds. Alan highlights the scam's sophisticated approach, including spoofing legitimate numbers and using video calls with counterfeit police uniforms to establish authority.

Joe Kerrigan emphasizes the severity of such organized scams:

Joe Kerrigan [05:57]: "These are not somebody you want to mess with. These are criminals. They're coming after $50,000. They want it really badly."

The hosts discuss the psychological manipulation involved, noting how scammers exploit the fight-or-flight response to diminish skepticism and induce panic, making victims more susceptible to deception.

2. Prevention and Best Practices

The conversation shifts to preventive measures against such scams. Clinton, another listener, provides critical insights:

Joe Kerrigan [06:39]: "He says the entire scenario began when they called her and the verification was accomplished when they called her. Had she insisted on hanging up the phone and verifying the number on her own, the scam would have failed."

However, Maria Varmazes counters the practicality of these best practices:

Maria Varmazes [08:08]: "I think we are sort of setting people up for failure if we're like, never trust any inbound phone call because your phone is just an attack vector at this point."

The trio acknowledges the complexity of balancing skepticism with the necessity of communication, especially for those reliant on phone interactions for legitimate purposes.

3. Calendly-Based Cryptocurrency Scam

Dave Bittner introduces a story from Brian Krebs of Krebs on Security, detailing a scam targeting cryptocurrency enthusiasts through the scheduling app Calendly:

Dave Bittner [12:18]: "They're using the online calendar scheduling app Calendly to engage targets and ultimately deploy malware through malicious links."

The scam involves sending legitimate-looking Calendly invitations that, when clicked, download malicious AppleScripts onto Mac computers, resulting in wallet-draining Trojans. Joe Kerrigan explains the technical aspect:

Dave Bittner [15:35]: "So you're gonna trust it because it says Calendly. It says Calendly. And you've already done business through Calendly to make all this happen."

The hosts underscore the importance of vigilance, reminding listeners that even trusted platforms can be exploited to facilitate cyberattacks.

4. AI Solutions to ATM Scams in Japan

Maria Varmazes presents an innovative, albeit controversial, solution employed in Japan to combat ATM scams targeting the elderly. The National Police Agency, in collaboration with Japan's Post Office Bank, has deployed AI-driven warnings at ATMs:

Maria Varmazes [19:29]: "There's a video that displays on ATMs if someone approaches with a phone to their ear, warning that the phone call is a fraud and advising them to hang up immediately."

This system, featuring alarming visuals and endorsements from public figures like former boy band member Keita Tachibana, aims to deter potential victims by interrupting the scammer's narrative.

Dave Bittner raises concerns about the sustainability and potential desensitization to these warnings:

Maria Varmazes [20:48]: "But it's very like alarms and red and blinky and meant to get your attention... I wonder if people are just gonna ignore it as an annoyance."

The hosts debate the effectiveness of such measures, considering the fine line between necessary warnings and user experience disruption.

5. Listener Stories: Fake Fraud Alerts and Romance Scams

The episode delves into multiple listener-submitted stories illustrating the pervasive nature of scams:

• Jax's Experience with Fake Chase Fraud Alerts:

  Joe Kerrigan narrates Jax's ordeal receiving fraudulent text messages claiming to be from Chase Bank, alerting him to unauthorized purchases. Despite asserting he doesn't hold a Chase account, Jax's attempts to resolve the issue lead him through frustrating automated phone systems, ultimately requiring a branch visit he couldn't undertake.

• Rodney's Encounter with Romance Scammers:

  Rodney describes interventions with individuals romantically deceived by scammers, including one who traveled internationally to meet their supposed partner, only to be confronted by vigilant staff who recognized the scam. Despite comprehensive efforts involving family and authoritative figures, some victims remained unconvinced of the deception, highlighting the deep psychological entrenchment scammers achieve.

Maria Varmazes [35:04]: "We brought in pretty much everyone we could think of, including the person I know who worked at the consulate in Nigeria. And literally none of that worked."

These narratives underscore the challenges in extricating victims from sophisticated and emotionally charged scams, emphasizing the need for proactive education and support mechanisms.

6. Additional Scam Insights: Wallet Drainers and Fake Reviews

Joe Kerrigan shares a warning about wallet drainers posing as legitimate wallet security plugins on platforms like Twitter:

Joe Kerrigan [37:40]: "They have an example of a fishing site that was designed to trick users into a wallet-draining app by faking a legitimate wallet security extension."

This tactic involves deceptive links that, once clicked, harvest private keys and drain cryptocurrency wallets. The discussion highlights the necessity for cryptocurrency users to adopt robust security practices, such as utilizing cold wallets and verifying the authenticity of security tools.

Additionally, the hosts discuss fake Amazon reviews, where sellers solicit five-star feedback through deceptive emails:

Joe Kerrigan [37:40]: "This is actually from the seller on the Amazon site. And they are just trying to buy a five-star review."

Such practices undermine platform integrity and exploit consumer trust, prompting a need for stricter enforcement of review policies.

Conclusion

The "New Tools, Old Problems" episode of "Hacking Humans" provides a comprehensive examination of current cybercrime strategies, illustrating how traditional scams evolve with technological advancements. Through listener stories and expert analysis, hosts Dave Bittner, Joe Kerrigan, and Maria Varmazes highlight the persistent and adaptive nature of social engineering threats. The episode not only sheds light on the sophisticated methods employed by scammers but also underscores the importance of education, vigilance, and innovative solutions in combating cyber fraud.

For more insights and detailed discussions on cybersecurity threats and defenses, tune into future episodes of "Hacking Humans" by N2K Networks.