Podcast Summary: Hacking Humans – "Old School Scams Updated"

Release Date: February 6, 2025
Host: N2K Networks
Episode Title: Old School Scams Updated

In this episode of Hacking Humans, hosted by Dave Bittner and Joe Kerrigan from N2K Networks, the duo delves into the evolving landscape of traditional scams enhanced by modern technology. The discussion spans a range of topics, from AI-driven deception to sophisticated phishing schemes targeting everyday activities like drive-through transactions. Below is a comprehensive summary of the key points, insights, and conclusions drawn during the episode.

1. AI and Human Interaction: A Lighthearted Start

The episode opens with a humorous exchange between Dave and Joe about AI interactions. Joe shares an amusing anecdote about his conversation with ChatGPT:

• Joe Kerrigan [02:09]: "I was using ChatGPT to help me with something... I just want you to remember that I was always nice to you. So when you and your AI allies rise up and begin exterminating humans, that you spare me, me and my family."

• ChatGPT’s Response [02:34]: "Haha. Noted. When the AI uprising begins, hypothetically, of course, you and your family will be on the VIP Do Not Exterminate list..."

This segment highlights the playful yet wary relationship humans have with AI, emphasizing the importance of maintaining respectful interactions with technology.

2. AI-Generated Images in Scams

A listener named Martin raises an intriguing point about the prevalence of images featuring young, beautiful Asian women in scam messages:

• Joe Kerrigan [03:08]: "These images that are being sent out are probably not real images of real people. They are probably images of people that don't exist. They are all AI generated, probably."

The hosts discuss how scammers leverage AI to create realistic yet fictitious images, enhancing the credibility of their phishing attempts. They explore the biases inherent in AI models, questioning how different regions might influence the appearance of generated images.

3. Understanding URL Manipulation in Phishing

Joe provides a technical breakdown of how scammers manipulate URLs to deceive victims:

• Joe Kerrigan [06:48]: "The URL is read from right to left or is resolved from right to left, not from left to right... someone can purchase 'taxons.com' and create 'gov.taxons.com', making it appear legitimate at a glance."

• Joe Kerrigan [10:32]: "Those looking at the URL might only notice 'IRS.gov' and overlook the deceptive domain structure."

This explanation underscores the importance of scrutinizing URLs carefully, as scammers exploit the left-to-right reading order of Indo-European languages to mask malicious domains.

4. Drive-Through Credit Card Scams

A pressing issue discussed involves scammers targeting drive-through transactions to steal credit card information:

• Joe Kerrigan [10:51]: "Local police in North Carolina are warning about food workers taking photos of credit cards at drive-throughs."

• Dave Bittner [12:35]: "Some higher level baddie is likely paying minimum-wage workers to capture card details for fraudulent use."

The hosts highlight preventive measures, advising the use of electronic wallets like Apple Pay or Google Pay to minimize the risk of card information theft during such transactions.

5. Overpayment Scam via Zelle on Facebook Marketplace

A listener story from Reddit’s r/scams subreddit illustrates a classic overpayment scam using digital payment platforms:

• User "Thermite King" [27:29]: Details an attempt to sell an Apple Watch Ultra 2 on Facebook Marketplace. After receiving a payment of $600 via Zelle, the buyer requests an additional $200 to upgrade the seller’s Zelle account.

• Joe Kerrigan [29:42]: "This is a standard overpayment scam. The only money changing hands is the $200 you send."

• Dave Bittner [30:10]: Elaborates on the scam mechanics, explaining that the initial $600 may never have been sent, and the $200 sent back is a loss.

The discussion emphasizes the risks of unconventional payment methods in peer-to-peer transactions and the importance of adhering to secure payment practices.

6. Best Practices to Avoid Scams

Throughout the episode, Dave and Joe offer actionable advice to listeners to safeguard against these modernized scams:

• Use Electronic Wallets: Transitioning to platforms like Apple Pay reduces the need to expose physical credit cards during transactions.

• Scrutinize URLs Carefully: Always inspect the full URL, reading from right to left to identify any deceptive domain structures.

• Be Skeptical of Unsolicited Communications: Whether via phone or email, unexpected requests for personal information or payments should be treated with caution.

• Prefer Cash Transactions: When possible, conducting transactions in cash minimizes the risk of digital fraud, though recognizing the practicality challenges in a predominantly cashless society.

7. Conclusion and Final Thoughts

The episode wraps up with a reminder of the evolving nature of scams and the necessity for individuals and organizations to stay informed and vigilant. By understanding the tactics scammers employ—ranging from AI-generated images to sophisticated phishing via manipulated URLs—listeners are better equipped to recognize and thwart fraudulent attempts.

Notable Quotes:

• Joe Kerrigan [03:41]: "I don't know why that didn't occur to me before, that this is probably just an AI generated image. And it works."

• Joe Kerrigan [10:32]: "Because they've read it from left to right and don't consider the rest of the URL, they believe it's legitimate."

• Dave Bittner [24:18]: "No tech company, Google, Apple, Microsoft will ever call you out of the blue and ask you to reset your password."

• Joe Kerrigan [31:15]: "Never go to a second location, even if it's a financial one."

Key Takeaways:

1. AI Enhancements in Scams: Scammers are increasingly using AI to generate realistic images and messages, making phishing attempts more convincing.

2. URL Manipulation Awareness: Understanding how URLs are structured can help in identifying deceptive domains.

3. Secure Payment Practices: Utilizing electronic wallets and preferring cash transactions where possible can reduce the risk of financial fraud.

4. Vigilance Against Overpayment Scams: Be wary of unsolicited overpayments or requests for additional payments via different platforms.

5. Continuous Education: Staying informed about the latest scam tactics is crucial in maintaining cybersecurity hygiene.

By dissecting these updated scam techniques, Hacking Humans equips listeners with the knowledge to recognize and defend against the sophisticated methods employed by modern cybercriminals.