A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hi, Joe.

C

Hi, Dave.

B

And, and our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria.

A

Hi, Dave. Hi, Joe.

B

I got a little bit of follow up here for us. One of our listeners sent this in. Listener, I believe it's McCall is how you pronounce this person's name. It's not an English name, so apologies to McCall if I get it wrong.

C

Right.

B

But sent us the kind note that says scam warning. There's a new scam targeting conferences. They scrape the website and then email you as if you are in charge of hotel bookings, asking you to book through them. They act as if they are agents for the organizers, while in truth, the organizers know nothing about it. So don't fall for it. I almost did. If it hadn't been for the dear professor red flag. And if in doubt, ask others if it's legit. Who knows, you could be left without anywhere to stay while the scammers pocket all the money.

C

Indeed.

B

Yeah, that's.

C

Oh, that's pretty good. Pretty good scam. How do they find out if you're going to go to the conference? Maybe they scrape the list of publications or presentations.

B

Yeah, I'm thinking, I mean, you could.

A

Just go after the speaker list. Right after the speakers.

B

Right, yeah, go after the speakers. Some of these conferences have dozens of speakers, so hit them up, get them to log into a fake site with travel information and profit. Yeah, that's, that's a new one.

C

It's an easy, easy way to make a bunch of money.

B

Yeah. Yeah.

C

Wow.

A

So dastardly tip.

B

So beware, beware. All right, well, thanks for sending that in. And again, we'd love to hear from you. If there's something you would like us to share on the show, you can email us. It's hackinghumans2k.com we'll be right back with our stories after this quick break. And now a word from our sponsor. Threatlocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, Network resources, other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. All right, we are back, and I'm going to kick things off for us here. And as you both know, we have a regular listener to the show who prefers to remain anonymous. But I know who they are.

C

I don't. They're some Maria, and I don't know who they are.

B

Well, I'm. I'm happy to share behind the scenes, but they have probably the way they.

A

Want to keep it.

B

They requested anonymity. As far as the show goes, don't.

C

Tell Joe who I am.

B

This person is a former federal law enforcement officer, someone who spent many years investigating scams and fraud. And this person has been digging into the psychology of scams in his retirement. And what he sent along recently was just too good to not pass along. So they call it the scammer psychological kill chain. And according. Yeah, right. According to him. Scammers don't just improvise. They operate with a precision that looks a lot like military doctrine. But instead of seizing territory, they're capturing trust. So I'm gonna do my best to unpack it here for you. There's two parts to this. So the first part with this kill chain, stage zero is reconnaissance. And this is before the victim even knows there's a threat. The scammer's laying the groundwork, setting up the fake websites, the spoof numbers, and writing the scripts that they're going to use when they're talking to people. And everything is designed so that that first contact feels safe and familiar and legit. Next up is stage one, which is the initial contact. This could be a text, an email, a call, which is crafted to break through your attention just long enough to plant a seed. Stage two is the pretext. This is the story. Maybe there's a banking issue, a tax problem, or a romantic encounter. This is designed to hook your emotions before the victim has time to think critically. Stage three is trust building. This is where the scammer becomes a confidant or a mentor or a partner. And the victim's skepticism fades as they feel understood right, building that rapport. Step four is foothold establishment. This is where the scammer starts giving procedures. Stay online, install this app, follow this bank protocol, and each step along the way deepens the compliance from the victim. And stage five is escalation. This is where the commitments grow larger, the choices narrow, and the victim feels trapped into going along. Stage six is execution. That's when the scammer gets the money, the data, or whatever they're after all, while keeping the victim inside the control bubble. And stage seven is Aftermath Control. This is sometimes where the scammers disappear. Sometimes they'll linger, grooming the victim for another round and see what comes next. So before I dig into the second part of what our listener sent us, let's start here. Do these multiple stages make sense to the two of you?

C

They do. I'm going to start with Stage zero. This is, and this is very much like any other kind of attack reconnaissance phase, and it is the phase over which none of us have any control. Right. This is the, the part where the bad actor doesn't matter what kind of attack it is. They're out there just doing their homework. And I think it's really important to realize that by the time you get contacted in like stage one, the initial contact, they've already done a lot of legwork. So that legwork helps them seem legitimate, helps it seem realistic, and helps it seem reasonable. So I think we all need to be mindful of this all the time about what kind of information is out there about us and how it's available just online. Like I've said many times, LinkedIn is a great open source intelligence tool for finding, finding things out.

B

Yeah.

C

So as are just about every other social media platform.

B

Yeah. Maria, what do you think?

A

Yeah, it's brilliant. As you're walking through the Kill Chain, I was thinking of some recent examples I was reading about earlier this week and just following the Kill Chain step by step and how well it lines up. I'm familiar with the Kill Chain when we talk about it in more like cybersecurity contexts. But this works brilliantly also. And certainly it's not exclusive to cybersecurity, so it works really well. And yeah, it's that asymmetry of when you come into this situation without even knowing it, as Joe was saying, you're in a way almost outgunned from the beginning, so you really have to try and live. It's very difficult and it should. And engender some sympathy. Well, I would hope a lot more sympathy in all of us when we hear about people who become victims. It would be nice because yeah, we, as you said, Joe from Stage zero, they know a lot more about you. You don't know who's calling you. And of course we say don't answer that call or just hang up immediately, but.

C

Right.

A

Many people do take those calls and, and they don't realize how much is known about them already when that call starts.

B

Yeah.

A

So that. Very asymmetrical. Yeah.

B

So our listener didn't just outline the problem, he also shared what he calls the global immutable counter rules. These are the defensive maneuvers. He's definitely betraying himself as an old fed. Right, right.

A

What's the acronym? Gicr. The gicrs.

B

Yeah. Gikker. Gikker. He says never trust incoming calls or texts. Never click links, never pay with gift cards, crypto or wire transfers. Never let someone take remote control of your phone or computer. And if anyone tells you to keep this private or stay on the line, that is your cue to hang up. Caller id, lies, logos can be faked. And urgency, that's the scammer's sharpest weapon. And he mapped out what he calls the scam levels. Level one are the quick hits. These are like the smishing text, the QR code traps or fake antivirus renewals. Level two is structured authority. This would be fake IRS agents or bogus bank fraud or fake tech support. Level three is romance scams or pig butchering or the long cons that build emotional bonds. Level four is what he calls synthetic reality. This is entire fake trading dashboards, AI driven group chats or deepfake video that try to prove legitimacy. And level five, which is the top level, that's the closed world. That's where victors live inside the scammer controlled ecosystem where everything reinforces the fraud. And this is the where people are in this level, the family and the banks become the enemy while the scammers world feels like the only safe place left. So he says a key point is that scams don't neatly progress from level one to level five. They start wherever the scammer wants. A RoboCall is level one, a fake crypto dashboard. Level four, a big full blown pig butchering goes straight to level five. So they say that the lesson here is chilling but empowering, that scams are evolving, mixing psychology, technology and manipulation. But once you know the kill chain and once you follow the counter rules, you can spot the levels. That makes you a lot harder to trap. And again he says anything that happens, that implies any level of urgency. That's probably the biggest red flag there is.

A

Yeah.

B

So again, but before we move on here, and let's revisit here again these five levels of the scam levels, let me start with you, Maria, this time. What do you make of this?

A

It's I, I was thinking level four, that's the synthetic reality, one that is getting so much easier to do now with AI. And we talk about it a lot on the show because. Because as you were describing it, I was thinking not that long ago that would have been a really high effort scam. Now it seems it's super trivial to do so. That makes me wonder about the Level 5, very encompassing, almost cult like situation. Not that I have an answer to that, because if I knew how to break people out of cults, I would be on a different show. But it's just. It's just alarming that, you know, level one, two, and three, are we. We almost consider those, like table stakes at this point. Level 4 is becoming much more commonplace. I'm really worried. I'm not trying to freak people out, but I'm just going. This, this actually kind of scares me right now thinking about it in this way.

B

Yeah.

A

Yeah.

B

Joe, how about you?

C

I like this whole. Whole structure. And I'm wondering if this person is pursuing a PhD somewhere close by.

A

Put this on a poster somewhere. Seriously, this is good stuff.

C

Yeah, this looks like a. Almost like a. Like there's an institution nearby US called Capital Technology University.

B

Okay.

C

That has a PhD in cyberpsychology. Oh, I think this would be an excellent part of your research if you were there and in that. In that. In that program.

B

Right. Well, maybe we can give them an honorary PhD from hacking humans University.

C

Sure. And we can start that up and give away honorary degrees to everybody.

A

Are we qualified?

C

Yes. Don't allow honorary PhDs. Absolutely.

B

Sure. Who isn't?

C

Right.

B

The coveted. Yeah, just put that on your LinkedIn, put it on your resume. It'll open doors for you.

C

Yes.

B

Oh, I see here you have the coveted hacking humans PhD printed on a napkin. Right, right. An old soggy napkin. We have to come up with a clever thing that PhD actually stands for, you know, piled hip deep. Right, right. All right, well, that is my story this week. We do not have a link to that since, again, this came from one of our dear listeners. And I do appre sending this in. He's a regular contributor, and I have to say, I have learned a lot from the things he's shared with me over the years from his on the ground experience in the federal law enforcement workforce. He's shared a lot of insights that helped give me a better, deeper understanding of the way things actually are out there. And so I'm very grateful for him taking the time. And this goes right along with all that. All right, Maria, you're up next. What do you got for us this week?

A

Another look at job scams? Because why not? I know a lot of people who are unemployed or fun employed at the moment. And it's just top of mind for me, for a lot of my friends who are trying to regain employment at the moment. So there's actually two stories that I'm combining for today. So we'll have links to both of these, but the first was a Data point from McAfee that Newsweek just published saying that job scams in the United States have jumped up a thousand percent, give or take, because of the current labor market situation in the States, which is not super great. So these, they, they qualify job scams as something that we've talked about a lot, which is not just the. The garbage ones by email that we can spot a mile away, but the WhatsApp ones, the ones that come in by text. Those have all just exploded. We've noticed them on the show. Our. Our listeners certainly have written in with a lot of examples. And. And the numbers seem to back that up. That a thousand percent is. Is quite a lot. And I wanted to tie in also a recent example about a woman who has seen a bunch of these job scans come her way as she's been looking for a job. She is from Pasadena, Maryland. So this story comes from wmar, Baltimore. And this woman, Lisa, was looking for.

C

Yes, it's Mallory Safoste, Dave.

B

It's a Mallory Safoste story. So, Mal, in the days. This is gonna sound good. The days bm, before Maria.

C

Don't call it that.

A

Oh, please don't call it that. Oh, now it's gonna be called that, isn't it?

C

How about we just call it bv? Before Vermaz's.

A

Before Vermazes.

B

Yeah, before Vermazas. Mallory Safaste. Yeah. Mallory Sefaste has been a regular contributor to our show. She's a regular guest. She's kind of the. She's a consumer reporter at wmar, but also one of their anchors. So what a lovely coincidence that you came across one of her stories.

A

It's totally in our wheelhouse. I read that. So that is a. Well, go figure. Well, thank you, Mallory. Full attribution to you for this wonderful story. And it really does align very well with not just the Newsweek and McAfee number, but again, we've been noticing it a lot here. So Mallory spoke to this woman, Lisa Owens, who was a server for a long time, and she fell out of because of an injury. So she'd been looking for remote work that she could do from home since she can't stand and. And. And be ambulatory for quite some time. While she recovers. And she says that she's been getting a ton of spammy job offers that she didn't realize were spam at the beginning. So we'll walk through a little bit of what she's been encountering. So she would get a lot of messages about looking for remote work where the jobs that she was applying were for were filled. But, oh, we'll pass your information on to someone that I know will refer you for an alternative opportunity. And they just so happened to have an opening. And one job in that vein that she was offered overnighted her a $2,864 check. Literally, just, we're giving you this job and here's some money. Thank you for being an executive assistant for us, a personal assistant. This is just money we're giving you up front. No surprise to all of us. That was a fake check. But she didn't know at first. She didn't realize that this was actually a scam. She just figured she sort of won the lottery essentially with a really generous job. How wonderful that they sent me money up front, you know, that's always nice, isn't it? Thankfully, when she sent it to a check cashing service, they realized that it was fake. So she didn't get roped into the whole check cashing scam that we've talked about a whole lot of time and get stuck on the hook for money that, you know, was not hers.

C

Right, that's good.

A

That's good. That's great. It just sort of got a little lucky there, but yeah. And then another job that she got tagged for while again applying for online jobs was for being a property manager assistant, where the job was to repost real rental listings on Craigslist and Facebook and then change the details. And this for the Facebook postings especially, would be using her own Facebook account to do this. So. Right. So they would just.

C

We need you as legwork for another scam.

B

Her virtual.

C

Right.

A

Exactly. Exactly. Yep. Yeah. So they asked her to repost or again, real listings, but then say the security you deposit is actually $1,000 higher than the original one. And also the contact info points to us and not the original listing. So just enough to make the listing look legit. If you looked it up, you'd be like, it looks kind of correct. And she was worried about people contacting her. You know, it's my Facebook account that I'm using to post these. Aren't people going to get mad and yell at me? And they said, don't worry about it, just send them to us. Just give them our phone number.

C

Yeah, we're not going to shouldn't either.

B

Yeah, yeah.

A

So yeah.

B

Show up at your house.

A

No, I'm sure nobody angry is going to show up. Yeah, exactly. So yeah, she was doing the legwork. She was the mule. And her again, her, she had a legitimate Facebook account so that made it look super legit. Isn't that nice for the scammers? And she, she caught on thankfully pretty quickly with that one. But she says at least in. She's gotten at least four scammy job offers in just a matter of weeks. And actually when talking to Mallory, I think she said she got one just that morning. So the job offers just keep coming her way as someone looking for remote work. So yeah, it was just amazing to see how much BS talking about bmv, we're talking about BS in this case is flying in her direction and she legitimately does need remote work. So it's just a lot for her to have to sift through. So it's just a fair warning and just be cautious everybody who may be in a similar situation. These job scams are getting more sophisticated. There's a lot of them right now and there's more and more, as we've said, a thousand percent increase. A lot of these scammers, as Dave and Joey mentioned, they're looking for in betweens money mules. So a lot of these job offers may have you do something quasi legit ish, but you're helping to run fraud. So then you could be implicated in fraud. So that's really. You become an accomplice. That's bad. That's wicked bad. So wicked, wicked bad bad.

C

Maria's Boston is coming up.

A

It's wicked bad, kid. You don't want to do it. So yeah, the two good to be true offers definitely. Look at them askance. You want to always verify with the company directly. Don't trust unsolicited messages. And I wanted to follow up on that one. Remember last time I talked about the Spotify job offer, I got to be a vice president there.

C

Yes. Are you a vice president now?

A

I am not.

B

No.

A

No, no.

B

How's the onboarding been going, Maria?

A

I got the exact same email 2 days ago, but this time it was to be a vice president at Disney. You're welcome, everybody.

B

The happiest place on earth.

C

Yeah, that might work on Dave.

A

Dave will be delighted to hear that that Disney wants me to be a vice president.

B

Sure.

A

So yeah, don't, don't trust it. And third party check cashing services. I think in her case might have done her kind of a solid, but I wouldn't trust them. In general, you want to use your own bank and wait for funds to clear before you try to do anything with that money. Because it could be a fake check.

C

Absolutely correct.

B

But that little tiny component of it fascinates me because if you think about. And I'm theorizing here, because I don't want to say I'm talking out of my ass, but I'm.

C

What, on a podcast?

B

I'm making an informed.

C

Determine my hypothesis, speculate wildly.

B

That would a check cashing place, who I would presume sees the worst of the worst when it comes to bad checks.

A

Right.

B

So would they actually be a better defense, a higher fence, or a deeper moat against something like this than your regular bank branch?

C

I think that's an excellent point, Dave. I think that's 100% an excellent point. And first off, if you get the money, if you get the cash out of there, right, Then I don't know. I don't know how check cashing places work in terms of tracking you, but you're not out any money. And the check cashing place is. The check cashing place is gonna have the most defenses in their repertoire because that's their business model.

B

Right, right.

C

Yeah, I think that's an excellent point.

A

Well, I mean, the thing I would imagine it's just not. It's not worth the trouble for them. And they would probably make some money if the check bounces, Right. That would be probably in their interest. Wouldn't they make some money from that.

B

The check cashing place?

A

Yeah, if it's a bad check.

B

Because they take a fee. Well, do they take a fee or a percentage that I don't.

A

I think it may depend.

C

Yeah. I haven't used one of those places in decades. Yeah, it's been a little bit, I think once a year.

A

And it may depend on the place.

C

They wanted a fee, like a 20% fee. And I was like, no, yeah, yeah, I think.

A

And some of them, the mom and pops are going to be different from the bigger chains anyway. So the. I imagine for them, though it may have been in the past, they might not have done much about it because they make money. But nowadays, Dave, to your point, they're seeing a lot of these. It may not be worth the trouble now they might be going, actually, hang on a second. Because this is a lot of burn and churn for them. So that could be interesting. But I don't know if I would really want to trust them and their safeguards personally, just given what they do. So I don't know.

B

No, no, no. Obviously the best thing is to avoid this altogether, but it's just a curious thing to ponder, you know, does a check cashing place have more robust checks and balances than a regular bank branch? At this point? I don't know. You would hope that both would have the maximum amount, but there's also the balance that a bank branch would have of not causing undue friction. That's not worth it, right?

A

That's true. I'm just thinking about the time I was sent a fake check a couple years ago and I was trying to figure out what to do with the fake check. Obviously I was not going to deposit it, but I wanted to report it to the issuing bank and there was just no way for me to really do that. And when I finally tracked somebody down, they didn't seem to care. So it's just, yeah, I don't know, sort of an anecdote there.

C

But we don't care because when we get it, we're just going to send it back to your bank and it's going to bounce. That's all. Yeah, we trust the process because it doesn't impact us if you get ripped off for a bunch of money.

B

Yeah. Interesting.

A

Yeah.

B

All right, well, interesting stories and we will have links to those in the show notes. Tell you what, let's take a quick break here. We'll be right back with Joe's story. And now back to our sponsor, ThreatLocker, the powerful Zero Trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on Endpoint security, designed to prevent unauthorized software from running, control how applications interact and manage access to storage devices. Its building blocks are allowlisting, Ring fencing and network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class Endpoint protection from Threat Locker. And we thank Threat Locker for sponsoring Hacking humans. And we are back. Joe, you're up. What do you got for us this week?

C

Dave, at the end of my story, there is an M. Night Shyamalan esque twist.

B

Oh, okay, that's quite the teaser.

C

But first, let's talk about Forex Trading.

B

Okay.

C

Nothing. Okay, so Forex Trading sure, let's talk about it.

B

Okay.

C

I'm not all that familiar with forex trading. I know this foreign. It's foreign exchange trading.

B

Oh.

C

And because I don't know what it is, I don't participate in it, so.

B

Sounds like a good plan, Joe. Solid, solid plan, Joe.

A

Where's your sense of adventure, Joe? Come on.

C

I invest in things I understand, like mutual funds, ETFs, individual stocks, money markets, options, and just a touch of crypto, but not much crypto. But I know that foreign exchange or forexes are buying and selling currencies and hoping to profit as currencies move in value relative to one another. And to me, because there's all these different trading pairs of valid currencies. It seems to me like a Cartesian product that's just too big for me to get my head around.

B

Okay.

C

So I don't have any desire to participate in this, but I did look up. We'll put a link in the show Notes, the Investopedia page that tells you all about Forex. But one thing I see frequently when people talk about Forex is that some people claim they're making a lot of money in this. So when someone says to me that they want to invest in the stock market, but they don't understand how to invest in the stock market, and like I said, I do invest in stock, I say what I give the same advice that Warren Buffett is often cited as. I say, just go out and buy an S&P 500 mutual fund that puts you in the stock market, it diversifies your portfolio, it self manages for the largest companies in the world on the stock exchange. Just put it in there and if that's all you can do, that's great.

B

The Cyberwire legal team would like to remind you that this is not official advice on investing.

C

That's right.

B

Before you invest, please check with your financial advisor.

C

Check with your financial advisor.

B

Trusting investors, the last thing you want to do with your money is follow Joe's advice.

C

As soon as I calculators. As soon as I tell somebody to invest in something that stock tanks. So yeah, so take that with a grain of salt or just don't do what I tell you. But the great thing about a mutual fund is somebody else manages it, Right? So you invest your money and they manage your money. And it's very appealing to a lot of people. And actually, I'll tell you, that's where the vast majority of my money is, is in mutual funds.

B

Yeah, I think for a lot of people that's true.

C

Absolutely. So there are these two guys, Jason Rodriguez and Edwin Carrion, who said, you know what? We could give people the opportunity to invest in foreign exchanges. Forex. Do Forex trading with our own investment fund. Okay, so they did this and now 20 people are out about $4 million. Oh, no, that's not the twist though.

B

Oh, okay.

C

The twist is this is going where you don't think it, it was. And Rodriguez doesn't say anything about, about Carrion, about where he's going, but Rodriguez is going to federal Pomita prison for three years.

B

Oh my.

C

After this. Okay, and here's how this all went down. These two guys founded a, a trading fund. Rodriguez has pled guilty to crimes like wire fraud and other, other crimes that are in this article. I can't remember off the top of my head what they are, but in 2020, they founded a, a trading fund called the Technical Trading Team llc. And Rodriguez became the company's chief operating officer and the sole over the vast majority of $5 million that they raised. Okay, so there's a prosecutor who is the United States Attorney for the Eastern division of New York, Joseph Nokella, who he's quoted in here, is received that Rodriguez has received just punishment for defrauding over 20 investors out of millions of dollars of hard earned money. The defendant violated the client's trust placed in him by falsely promising them a safe investment opportunity. So let's look at the false promises he made. First off, he promises 18 to 24% return on your investment a year. Now that's really, really, really high.

B

Yeah.

C

Okay, now the S&P 500, which is like the benchmark averages like 10%, right. So somewhere around there it might average less when you calculate inflation in. But these returns would be like, everybody's like, oh, I would love to get those kind of returns who sign me up. Yeah, yeah. And this is something might get my attention because I don't know enough about Forex and I hear a lot of people make a lot of money on it. Plus, this seems plausible to me if you're, if you're dealing in fast trading in 24 hour markets, which is what Forex is, but still, I'd be cautious. I probably wouldn't do this because I really don't understand what's going on here. They promised investors, you know the promise they made. They promised investors they were, they were making safe investments. No, they disregarded numerous safeguards that they promised investors were in place to protect the investments.

B

Okay.

C

They also promised investors that they had a lost reserve account of funds that would not be traded and could be used to repay investors in the event of market losses. Almost like self insuring it.

B

Right.

C

There was no self insurance fund for this. It just simply didn't exist. There was no loss reserve fund. I. You know, every time you go to invest in something like any kind of, any kind of fun, any kind of mutual fund or individual stock, you have to sign a waiver that says, I understand I could lose some or all of my money.

B

Right, right.

C

These guys are not making you do that. They're trying to make you feel safe. And you should understand that with, with mutual funds and with stocks, you could lose some or all of your money. Yeah, it's a real possibility. It's not a highly likely possibility, but.

B

It'S a real one enough that it's a red flag. If someone tells you.

C

Right.

B

There's no way you're gonna lose your money.

C

You're perfectly safe.

B

It should be.

A

It should be a red flag. Yes.

B

Right, Right.

C

They promised investors that the team would never expose them to more than one would never expose more than 1% of the team investors funds to the market at any given time. And they just ignored that safeguard as well. So here is where I would start having a question. Let me ask you this question. Here's what I would say. You're gonna get me 18 to 24% return on my investment by only putting in 1% of what I'm giving you. Well, why don't I just give you that 1% and put that at risk?

B

Yeah.

C

Why do you need the rest of. Why do you need the other 99% of my money? Why can't I keep that if you're only gonna put 1% of it at risk? That claim doesn't make any sense to me.

B

Yeah.

C

And that should have been a red flag. But then they promised if you're bad.

A

At math, if you're bad, you wouldn't know that.

B

Right.

A

Seriously, a lot of people are just like numbers and they just don't really understand. Yeah, yeah.

C

I mean, that's. Something would have just stood out to me like a sore thumb. I would have had many questions about that and probably would have walked away from the deal if I was considering it at that point in time. I like to think that. Anyway, the final promise here is they promised investors the team would not hold trading positions through an open overnight. So Forex exchanges are 24 hours. Like I've already said, Rodriguez ignored this rule on multiple occasions, including one time holding a trade from February of 2021 to April of 2022, which is a long time to hold a foreign exchange, a forex trade. I think these things happen, like in hours and minutes. The result was a catastrophic loss of over. Of over $150,000 in losses, which, according to the prosecutors, represented about 12.61% of the fund's value. Now, $150,000 is not 12% of $5 million. So already a little back of the napkin math here. By 2021 or 2022, this 5 million or $4 million is now down to $1.1 million. They've already lost millions of dollars.

B

Okay.

C

Right.

B

So and by lost, we mean spent.

C

Probably actually. This is probably actually trading losses. Let's assume that it's trading losses.

B

I'm just thinking they're probably driving pretty nice cars.

C

Could be that. Yeah, yeah, it could be that, too. So what do you do when you have a bunch of people who, who you owe money to and you've promised money to in returns? And this is where the twist comes in. You take this legitimate investment opportunity. Legitimate. In air quotes. I mean, because there's a lot of fraud that's already happened here. And you, you go with the king of all frauds and you convert it into a Ponzi scheme. Remember how I was complaining we haven't had a good Ponzi scheme or pyramid scheme in a while?

B

Yeah.

C

Here we are.

A

Yes.

B

It wasn't already one.

C

No, it was not already one.

B

Okay.

C

It was not a Ponzi scheme. Scheme, but they converted it into a Ponzi scheme and started using the money from new investors to pay the old investors the money they owed them.

B

Right, right.

C

I can't. I don't know how you make the leap from going like, wow, we really screwed this up, to how can we make this worth worse? I know. Ponzi scheme.

B

But, but I, I could see their desperation, Right?

C

Yeah, absolutely.

B

And they don't want to admit failure.

C

Right.

B

And they're good at raising money.

C

Right. Because they, they've already run their mouth and they put, you know, said, we've got this, this big reserve fund that doesn't exist.

B

Right.

C

So you're not going to lose your money. We guarantee that. So they know they're going to have to pay it back somehow.

B

And they're probably thinking. They think highly enough of themselves that they're thinking this downturn is only temporary and in no time we will be actually making the money that we promised.

C

Could be that. That was their thought process.

B

We just need to buy ourselves some time.

C

Right. Or, yeah, I think that's what it was. Buying themselves time. Now, my thinking is that they were like, we have hosed this so bad, somebody's going to call the cops.

B

Right.

C

How do. How do we at least delay that from happening? Ponzi scheme. So Rodriguez's attorney, a man by the name of Benjamin Yaster. Okay, you thought I was going to say Benjamin Yellen, but it wasn't. Who was from a company called Federal Defenders maintained that the business was not started as a scam and that his client did not intend to fail, but should not have resorted to fraud to escape admitting defeat. He should not have. Here's a quote. He should not have crossed the line, crossed that moral and legal line to save his floundering company. Company. He said Jason realizes this now, and he knows his conviction in this case was the result of pride and hubris. So maybe you're right, Dave. Maybe it was the hubris that we can get this back on track if we just get some money in here and pay off the old investors.

B

Yeah, we've seen that countless times. Somebody, they just want to buy themselves some more time so they do something illegal to try to bridge the gap. Isn't that what John DeLorean did with the. When he was just, like, selling cocaine to try to keep cash flow going for the DeLorean?

C

I don't remember.

A

It feels very on brand for the DeLorean.

C

I don't remember what he was doing. All I remember, it was the 80s. He was not convicted on that charge. Yeah, yeah, he got off.

B

It was alleged.

C

Yeah, it was all alleged.

B

Well, he's dead now, so he's not gonna come after me.

C

Right.

A

In a car that doesn't run. Just kidding.

B

Yeah, that's right. Exactly. As long as I go faster than 88 miles an hour, he'll never catch up with me.

C

You need 1.21 gigawatts.

B

That's right. That's. That's right. So what's the M. Night Shyamalan esque.

C

Twist when they turn it into a Ponzi scheme?

B

Ah, I see.

C

That was the twist.

B

Got it. Got it. Did not see it coming. All right, we will have a link to that story in the show notes. Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from Shannon, who sent in a text message that you received. It is. I've gotten these text messages where there's, like, a hundred little head bubbles up top.

B

Oh, yes, yes.

C

It's a scam. But this one is New. We haven't seen this one yet.

B

I'm getting more and more of these.

C

Yeah, me too.

A

And I haven't gotten this one yet, but it's gonna be matter of days.

B

Okay. It says, Amazon recall notice. The product you purchased in August 2025 is being recalled due to safety and quality concerns. Your affected order number is. Please stop using this product immediately and contact us to receive a full refund. Your safety is our highest priority. We sincerely apologize for any inconvenience this may cause and thank you for your understanding. Sincerely, Amazon Safety Team.

C

Hmm. So my favorite part is they don't tell you what product it is. And in fact, Shannon writes us a little bit letter, a little bit of a letter here. She says, so I've not seen this scam text before and I honestly almost clicked on it. I thought, oh, my God, it's been recalled. Then I thought in my head about the things I'd ordered on Amazon in August. Dave, what did you order on Amazon in August?

B

That's a good question. What did I order on Amazon in August? I ordered a lot of stuff. Yeah, that's true.

C

Right.

B

Well, that, you know, that's. Yeah, okay, I see where you're going here, Joe. That is actually a really good point in that we have so many things on auto renew at this point for Amazon.

C

Yeah, I got my K cups coming. Auto renew.

B

Yeah.

C

Hey, I bought a chicken coop in. We haven't talked about my chickens, so I gotta inject that. I bought a chicken coop on Amazon.

A

See, this wouldn't work on me because I don't use Amazon anymore.

B

Ah, very good.

C

So you're immune to the one, right?

A

Well, I'm not the only one. But yeah, it's. I used to buy a lot on Amazon and I will say I've gotten actual recall notices and they do email you and they tell you what the product is.

C

Yes.

A

Because when I had. When my daughter was a baby, there was at least one item that I was using that was safety recalled. And you bet I needed to know.

C

Yeah, baby things. That's terrifying.

B

But bad news. Maria, the product you ordered, baby's first guillotine recalled.

A

How did you know? How did you know?

C

Possible safety doll heads rolling around your house.

A

Yeah, it was like her pack and play or something, which was kind of in use a lot. So that was pretty, pretty urgent.

C

Sure. Yeah. We're back in the pack and play. Part of the. Part of the life cycle in my family. My youngest grandchild is still in a pack and play on a regular basis and he is. He likes sleeping in it. Anyway, Shannon goes on to say, let me talk about my grandkids and my.

A

Children getting the wallet out. Let me see the pictures, Joe.

C

So she goes on to say, what did I buy in August? Sunscreen. Big. Big spray. I don't know what big spray is.

A

Bug spray.

C

Oh, bug spray. Okay.

B

Yeah, bug spray.

C

New towels, new beach towels, a lotion, shampoo and conditioner. Rechargeable flashlights, wilderness first aid kit. All these different things. She was planning on going on a hike in the north woods of Minnesota. So that's probably more information than we need, but these are all things that went through her head. And this, Shannon, is exactly what this text message is designed to do.

A

Yes.

C

It's designed. That information is missing so that you start thinking of everything you ordered, just like we were talking about. And you go, oh, my God. She says, Shanna says she can see this scam working on a lot of people because of the urgency and the perceived safety concerns.

B

Right.

C

I agree 100%.

A

That's like the fortune teller twerk. I. Oh, I'm detecting somebody's trying to reach you. A male from your life. Oh, is it Danny? You know, like if you just volunteer that. Oh, yeah, it's totally that.

C

That's good, because I hate Danny. Tell him to shut up.

B

I only showed up at Danny's funeral to make sure they put him deep in the ground.

C

Danny, you killed him. He doesn't know that because I didn't do that. I would love to mess with fortune tellers. I would. Also, like I've said many times before, when I in retirement, I'm going to just start a psychic business and just, you know, come out and just talk to people and ask them questions. Enough questions until they suss things out on their own. You know, kind of like a. Like a. Just an old guy therapist, but masquerading as a psychic.

B

I see.

C

Because there's no.

B

Right. Joe's call in psychic show.

C

Right.

B

Yeah, Just livestream it.

A

Listen to that. With. With bells on. Are you kidding? That would be amazing.

C

Dave, get with Peter Kilpiece. See if he wants to.

B

Yeah. Cause when I think about empathetic listening.

C

Right. You think of me.

B

Yeah.

C

Yeah, that's sure.

A

Smack upside the head.

C

That's what this psychic is gonna be. What are you stupid? What's wrong with you?

B

I can't believe you are this dumb to fall for this.

A

Maybe we need a little more of that in our world right now, Joe. I don't know.

C

Yeah.

A

Yeah.

B

All right. Before we go on? Let me explain the math.

C

Right.

B

All right, Let me get us out of here. We are going to take a quick break. We'll be right back. Thank you. To Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com.

C

And.

B

That is Hacking Humans brought to you by N2K Cyberwire. We would love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

I'm Maria Varmazes.

B

Thanks for listening.