Scams in the henhouse.

Maria Varmazes

You're listening to the Cyberwire Network, powered by N2K. Hey, everybody, and welcome to N2K, CyberWire's hacking human podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Maria Varmazes doing a lousy Dave Buettner impression as he is out on vacation this week. With me is the one and only Joe Kerrigan. Hi, Joe.

Joe Kerrigan

Hi, Maria. I think you're doing a great Dave Bittner impression.

Maria Varmazes

Well, thank you very much. I just went into Elvis for some reason because you know he is the king, right?

Joe Kerrigan

That's right.

Maria Varmazes

Well, thank you for joining me, Joe, and we've got some interesting stories to share this week. We're. We will be right back after this message from our show sponsor.

ThreatLocker Sponsor

And now a few thoughts from our sponsors at ThreatLocker, the tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing as you're back.

Maria Varmazes

Okay, we're back and we have some follow up that is taking quite a.

Joe Kerrigan

Bit of follow up.

Maria Varmazes

Quite a bit of follow up. This is way, way, way, way, way back Machine. A longtime listener, Rob gave us the blessing to read his message on the air. So the title of his email was How Hacking Humans is saving us over $120 a year. Spammy title, but true. That got my attention. I got socially engineered really well and this is what he wrote. Maintain the website for my wife's psychiatric nurse practice. We had a very simple Brochure site using WordPress on a large hosting provider that was costing us over a hundred dollars a year. It's pretty. Yeah, Standard. Yep. It was way more service than what we needed. But all the other alternatives seemed to be equally expensive. It was a lot of work keeping WordPress locked down. Good for you for locking it down.

Joe Kerrigan

Yeah, it is.

Maria Varmazes

When Dave. Yeah, yeah. When Dave mentioned static site generators in the November 3, 2022 show, it caught my. I was not here for that.

Joe Kerrigan

I don't rem.

Maria Varmazes

So, Dave, the person who said this thing is not on our show today because he's on vacation, neither of us recall. This is great. But it caught Rob's attention. I started looking into Hugo and static site generators. By the way, Rob, I use Hugo, so good choice. It took two years of false starts and feeling in way over my head. But ultimately I decided Hugo and similar static site generators were a little too difficult for me to manage. But looking for alternatives led me to a similar solution called With Two Eyes.

Joe Kerrigan

Publy is a.

Maria Varmazes

Like Publi. Oh yeah, okay. I like does Pompeii.

Joe Kerrigan

Two Eyes or Pompeii.

Maria Varmazes

Yeah, that may be. I hope it doesn't have anything to do with a cataclysmic death by volcano, but yeah. Publy is a free WYSIWYG desktop program that designs and publishes a site to a GitHub repository. Then the GitHub repo can sync to Cloudflare pages, resulting in Cloudflare. I can't say Cloudflare this morning in Cloudflare hosting the site for free. $120 a year might not seem like a lot, but for a small business we need to save everywhere we can. Thanks for the show and thanks for the savings. We are not sponsored by Publy at all. This is just a. I think I.

Joe Kerrigan

Vaguely remember we were talking about this because I was working on a nonprofit project where we were. Because I've had a similar issue with a nonprofit project where we were trying to do. It's called crypto done right. And if Google it, you'll find it. Oh, Google that. It's not really active right now because we're. Nobody has time, which is hard to get together with people. But the problem is that we wanted, we didn't. The last thing in the world we want to do is maintain something like a WordPress site because Rob is 100% correct. Keeping that locked down and keeping up on that and making sure that you're up on all the security updates.

Maria Varmazes

Pain.

Joe Kerrigan

That's a full time job. I mean that's, you know, if you, if, if you, if you have the resources to do that, great. But if you're a small business, that is not what you need. What you need is a static website. And if you're a small nonprofit, that's also what you need. So we actually wound up using GitHub as our repository and I don't remember what the, what the solution was that pulled it and pushed it to a. Pulled it from the GitHub and pushed up to the web server was. But I think that's automated.

Maria Varmazes

The thing I love about your site and pretty much every static site is how fast they are, especially compared to how WordPress sites are now. They're so bloated.

Joe Kerrigan

That's correct. There is no database behind it. It's just serving out web pages. So yeah, it comes up really quick.

Maria Varmazes

90S all over again, right?

Joe Kerrigan

Yeah, it's back when the Internet was good, Maria.

Maria Varmazes

I know. I remember it well. Yeah. I also like static site generators. I use Hugo for my own stuff. Um, they. There's a little bit of a heavy lift if you're not. I'm not gonna say it's like easy peasy. But I, I love this alternative publy. That's a really interesting idea. Again, we're not sponsored by them. We're not getting any money from them. I haven't tried it, but. Cool. I'm just. That's great, Rob. I'm glad we were able to help you out. That's awesome. All right, so that's it for follow up. Let's. Joe, let's go into your story now. So tell. Regale me with your tale for today.

Joe Kerrigan

Okay, so I saw this one and I did a little search and I was immediately wanted to know more about this scam because, Maria, you know right now eggs are very expensive. We've mentioned that a couple times on the show.

Maria Varmazes

Yeah.

Joe Kerrigan

I went into a store and saw them priced at $9 and 50 cents a dozen.

Maria Varmazes

Yep.

Joe Kerrigan

Which.

Maria Varmazes

They're over 11 in a lot of places where I'm at now. Yeah, Yeah.

Joe Kerrigan

I went into an Aldi around here and they were, they were like $5 and 50 cents for a dozen eggs at an Aldi.

Maria Varmazes

Wow.

Joe Kerrigan

And that's Aldi. That's Aldi. Right. So I was, you know, the 950 is not a representative price for this area, but it is. They are still high. And Maria, I don't know if you know this about me, but I've always been a big fan of chickens.

Maria Varmazes

And so I was asked to ask you about cowboy hats again this week, but now I'm gonna add chickens.

Joe Kerrigan

I like to get my cowboy hat on and go out and. And tend to chickens. So my daughter has some. Bought a house up in this area where I live now. We've moved up so we can be closer to them. And on my daughter's land, with the county that we live in, I've just found out she can literally have unlimited chickens because she has more than three acres of land.

Maria Varmazes

Unlimited chickens.

Joe Kerrigan

Unlimited chickens.

Maria Varmazes

Now that's a retirement plan right there, right now.

Joe Kerrigan

That's right. So actually we're. We've been wanting to do this for a while, and my daughter and her husband are actually building a chicken coop on their property. And we're actually in the process of planning out getting chickens, so. And one of the reasons we're, we're. We're kind of accelerating. This now is because of the price of eggs. But even if the price of eggs weren't this high, we'd still be buying chickens.

Maria Varmazes

Sure. Now I want you to go down the rabbit hole and tell me what kinds of chickens you like.

Joe Kerrigan

My favorite kind of chicken is the Polish chicken.

Maria Varmazes

Have you ever seen Polish chicken?

Joe Kerrigan

Polish chicken?

Maria Varmazes

Let me Google that.

Joe Kerrigan

Polish chicken, crested chickens. And they look hilarious.

Maria Varmazes

That is. I feel like you undersold that a little bit. They are utterly ridiculous looking. Wow. Okay. I mean, I've heard of a Polish falcon, but a Polish chicken.

Joe Kerrigan

And I don't know if the chickens are actually from Poland, but that's what they're called here in America is Polish chickens.

Maria Varmazes

Wow.

Joe Kerrigan

And they are. They are. They're beautiful. And like the. The golden lace Polish chicken is one of my favorite, favorite breeds of chickens.

Maria Varmazes

But they look like they have a spray of peacock feathers. But like regular, like feather, like golden colored peacock feather spray on their head. Yes, exactly. It's. It's just. It's a lot. It's a lot going on up there.

Joe Kerrigan

It is. And sometimes you can't see their eyes. They just look like, you know, they're just wandering around blindly because the feathers get in their eyes. But I think they can see just fine because their eyes are actually on the sides of their head. But the kinds of chicken. We're not getting Polish chickens because Polish chickens, the eggs. Polish chickens lay are actually very small eggs. So we're getting laying chickens called Wyandotte or Wyandotte, which are also equally beautiful chickens, except they're not crusted, so they don't have the cool.

Maria Varmazes

Oh, those are lovely. See, that looks like the black and white mottled feathers with the red comb. That looks like a chicken. That's like a chickeny chicken.

Joe Kerrigan

That's a chickeny chicken. Exactly. Chicken. Good way to put it.

Maria Varmazes

I'm sure this is what our listeners come to us for.

Joe Kerrigan

That's right. Chicken Talk. Welcome to Chicken Talk. I'm Joe.

Maria Varmazes

Cluck, cluck, cluck, cluck. I'm Maria.

Joe Kerrigan

So, all right, so this story from Elise Haas talks about Fiona Hibbard, who has plenty of space on her property called Sweet Home. A lot of people like to name their properties. I haven't picked a name for my new house, but my last house was Stately Kerrigan Manor, after the Batman. Stately Wayne Manor.

Maria Varmazes

Very nice.

Joe Kerrigan

So Fiona says that. She says these chickens. She wants to get some chickens, and she has all these egg Shortages, of course. So she gets onto. Wait for it. Facebook Marketplace.

Maria Varmazes

Never.

Joe Kerrigan

And there's multiple people selling hens, right? Never. Why would my hens. Okay, I'm gonna say this. Mistake number one is going on Facebook Marketplace to buy a chicken, a live chicken, or even a dead chicken, a slaughtered chicken, if you're gonna buy. I wouldn't even buy eggs on Facebook Marketplace. Although actually, maybe I would. It depends on. Well, anyway, now I'm going back. Now we're going back to chicken talk.

Maria Varmazes

And now we're going back to chicken talk. Yeah. Okay.

Joe Kerrigan

Hacking humans, not chicken talk. Now, here. Here's the first pun I'm going to read directly from this article. In her haste to get some hens, Hibbert said she fell victim to some foul play. Get it?

Maria Varmazes

Yeah. Unfortunately, yes. Okay. Yep.

Joe Kerrigan

But she said she ignored the red flag, such as the sellers only accepting payments via apps like Zelle Venmo or Chime, which often led to rejected transactions and hidden fees. As crate returns and shipping were part of the scam, they were part of this demand for money. So these guys were demanding money upfront for crate returns and shipping.

Maria Varmazes

So you can order crate returns. Is that thing okay?

Joe Kerrigan

That is a chicken thing.

Maria Varmazes

It's a chicken thing or. I'm learning so much.

Joe Kerrigan

So you can buy online or get. Or buy remotely chicks, you know, little baby chickens, and they come delivered in a little tiny crate that keeps them safe in transport. And it's like a plastic crate. It's a walled crate with a little roof on top. And then you pull the roof off, and lo and behold, there are all your little chicks, all your little peeps in there.

Maria Varmazes

Right? Because you can get chicks by mail. I keep. That's like, one of my favorite jokes, Chicks by mail, Right?

Joe Kerrigan

This reminds me of something Bruce Schneier said when he bought an ant farm. He said he could buy it. You buy an ant farm, and everybody looked at it and said, yo, you send away for the ants. And Bruce Schneier said, I realized that for $10, I could send anybody I want in the world a tube of ants. Live ants. So you could do the same thing with chickens, I guess. Although somebody. That's me. I'd be like, all right, more chickens.

Maria Varmazes

Yeah. You'd be happy about it.

Joe Kerrigan

I would be. So anyway, those crates are not disposable. They're. They're reusable. So you need to send the crates back. Plus the. The cost of shipping live animals. You have to move the. The animals fast. Right. You can't. Of Course, you can't send them ups ground. Right. They have to be. They have to be shipped.

Maria Varmazes

So this is. Shipping is expensive. The crates are expensive, and then crates are recycling.

Joe Kerrigan

So these scammers are asking for this stuff up in front.

Maria Varmazes

Okay. Would that set off a red flag for you as a chicken guy?

Joe Kerrigan

I don't know. That's a good question. This might work on me. If I was gonna buy chickens remotely from. I would have to have a trusted source on this.

Maria Varmazes

You have to have a chicken guy. As a chicken guy. Okay.

Joe Kerrigan

You have to have a chicken guy. So you got to know a guy.

Maria Varmazes

All right?

Joe Kerrigan

You know, there's. You can go into a. I always say harbor freight, but it's not harbor freight. It's tractor supply. You go to tractor supply around this time of year and walk in, and they'll just have chicks in the back. And then you can pick up the chicks, buy the chicks right there, and walk out with.

Maria Varmazes

And for our listeners outside of the U.S. those are two stores that are. How do you just. How does one describe harbor freight and tractor supply? Like farm in general, Yard ware supply stores.

Joe Kerrigan

Yeah, yeah, it's harbor freights. Like a tool store.

Maria Varmazes

Yeah.

Joe Kerrigan

And then tractor supply is like a. Kind of like a farm or yard store.

Maria Varmazes

Yeah. Like, we have them here even in eastern Massachusetts, which is not where you usually think of farms. So it's not. So we. They're. They're kind of everywhere. But yeah, there are a lot of, like, stuff you need for your yard. But also, if you have chickens, you can get chicken stuff. Yep.

Joe Kerrigan

Yes.

Maria Varmazes

Okay. So for our non U. S. Listeners. Yeah.

Joe Kerrigan

And on the eastern shore of Maryland, there are. Chicken is a big industry down there. In fact, that's where we might be getting some of our chickens.

Maria Varmazes

I'm learning so much about chickens today. I hope our. You know, I think we should just let our listeners know at the top of the show. This is a chicken episode. If you're anti chicken, please go elsewhere.

Joe Kerrigan

Right. So Ms. Hibbard says she started to realize this may have been a scam or this was a scam. In the process of looking at these accounts, when one of them said, okay, I'll tell you what, rather than sending us money, why don't you buy us a gift card? And she was like, a gift card? Wait a minute.

Maria Varmazes

Where aren't these gift card scammers at this point? I don't know. They've infiltrated every subculture there is. They've gotten to the chicken guys.

Joe Kerrigan

Right. Well, what's happening here is this is. The scammers are looking at the news. They're seeing that, they're watching social media. They're seeing people are buying chickens because of the egg shortage.

Maria Varmazes

Oh my God. They're knees. Okay. Yep.

Joe Kerrigan

And they're, they're, they're news tracking. Exactly. And then they're just getting on Facebook, Marketplace and, and looking at people who are selling chickens. They're probably just taking the pictures from those, from those sellers and they're looking and saying, well, how do these guys make their money? Oh, look, shipping and crate return fees. Oo, that would be good. If we could get shipping and crate return sent to us, then we could make money on this and never send anybody any chickens. And that's how this scale.

Maria Varmazes

How does the scam scale though? I mean, honestly, what is it?

Joe Kerrigan

It doesn't scale magnificently, but the thing that everybody has to.

Maria Varmazes

How much money can you possibly make from this?

Joe Kerrigan

Yeah, I mean, they've actually. Hibbert says she lost $200 in this scam.

Maria Varmazes

Oh, okay.

Joe Kerrigan

You know, and maybe it took a week or two for that to happen. But remember, these scammers, this is their full time job. They're not just scamming one person, they're scamming everybody they can. At the same time, there are call centers that do this. So they're out there just, you know, this person has made $200 over the course of, let's say it took a month to scam $200 out of Ms. Hibbert. And this person is doing this to like five other people and they're scamming. So maybe $1,000 a month out of somebody. And they live in a country where the average revenue or average income is like $5,000 a month. So they're scamming somebody out of $12,000 a year.

Maria Varmazes

It's a lot.

Joe Kerrigan

They're doing pretty well.

Maria Varmazes

Yeah.

Joe Kerrigan

I mean, we think here in America where we have money to be scammed out of. Right, for now. Yeah, for now. Right. That. Why would anybody be interested in this small amount of money? Well, that is not a small amount of money to everybody in the world. It's a large amount of money. It can change, change someone's day or change someone's life. So, you know, whatever you're interested in the. This is really the point of my story today. I like chickens. There's an egg shortage right there. This is the point of my story today. I like chickens. That's a terrible way to say, okay, so that I. I like chickens. There's an egg Shortage. Those two things are coming together so that the scammers are saying, I'm going to scam the people like Joe during this egg shortage so I can make some money. So I kind of take this one a little personally. I'm a little upset about it, actually.

Maria Varmazes

Oh. Although that's fair. Yeah.

Joe Kerrigan

We haven't been scammed out of any money yet for chickens, so I'm just.

Maria Varmazes

Yeah, go ahead. Yeah, go ahead.

Joe Kerrigan

We're planning on driving to go get the chickens. We're not going.

Maria Varmazes

That seems like a smart mail order.

Joe Kerrigan

Chickens.

Maria Varmazes

Yeah.

Joe Kerrigan

Yeah.

Maria Varmazes

I think I could totally see a lot of one. I could see a lot of people falling for this, like, first time people who are very excited about having backyard chickens for the first time, who maybe are like, I read an article online, I'm sure I'll be fine. And what I'm going to do. And then wondering why their hand that they got is not laying any eggs. Like, well, yeah, I can guarantee you this is going to get a bunch of people. It's just so interesting to me. I just keep coming back to the idea that this is. This is definitely. I mean, being a backyard chicken person is definitely a bit of a subculture. Not everybody has them. A lot of people do. And, you know, it's just so fascinating that these scammers found the vulnerability in backyard chickens.

Joe Kerrigan

Backyard chickens, that's right.

Maria Varmazes

They.

Joe Kerrigan

They left no stone unturned here.

Maria Varmazes

Wow. You know, you have to admire it in this. In a weird way, but I mean, yeah, it's. I mean, it's awful, but it's also like, wow, you guys figured this out. Geez, imagine what they could do if they use their powers for good. Right, Right.

Joe Kerrigan

We. Well, we wouldn't have any scammers. That would be the first thing.

Maria Varmazes

And then our show would be gone. Oh, all right. That's true.

Joe Kerrigan

Yeah.

Maria Varmazes

All right. That was a great story and I learned a lot about chickens today, and I hope so. Yeah. And the Polish chicken is just made my day, so that's a great way to start.

Joe Kerrigan

Great looking chickens.

Maria Varmazes

They. They really are. Well, thank you for joining us for chicken Talk today, everybody. I hope you enjoyed our show. And for those of you who are around for hacking humans, I actually have a story for you, but it is not chicken related. Okay, I'm gonna. Joe, you may want to sign off at this point. I don't know if you're gonna wanna.

Joe Kerrigan

All right, goodbye, everybody. I'm gonna listen because I. I do have interest in other stuff.

Maria Varmazes

Yes, other stuff. Okay, good. All right. So my story comes from Edmund Brumagen at Cisco Telos Intelligence. And this was about frequently seen scams for online retail purchases. So a lot of times we see these kinds of articles and this actually this article points it out too. Usually when there's advice about protecting yourself from scams during, you know, a retail transaction online, it's usually for those of us on the purchasing side of things. Kind of like if you were buying chickens online.

Joe Kerrigan

Right, right.

Maria Varmazes

But this blog, I brought it back to chickens. This blog post from our friends at Telus notes that actually there are a lot of scams, increasingly a number of scams that are targeting sellers during online retail transactions. And I mean, this is not going to blow anyone's hair back going what? But there are some really interesting new flavors of seller targeted scams that this blog post highlighted. And I figured we'd go through some of them at a high level just so folks can be aware. I think anyone who's been doing anything like ebay since the, you know, the dawn of ebay knows that there are people who go after sellers. But there are a lot of sites now where you can sell stuff. I mean, Facebook Marketplace is one of them. But I mean, pretty much you name a site, there's usually a way that you can resell something on there. And scammers have taken note of this. So here's some of the things that this blog post highlighted. Mainly if you are selling a lot of high value items, so like you're selling a really expensive guitar, scammers are going to look at you more closely because they presume that you have a big stack of cash somewhere from selling perhaps a number of high value items and the attackers are going to go after you for it. So that's something to be aware of if you're selling this kind of stuff online. One thing that the this blog post notes, not probably again not going to be a surprise for a lot of our listeners is that a lot of phishing is happening targeting high value sellers via dm. So scammers use direct messaging features on online marketplaces to steal credit card information from seller payout accounts. So usually the message will be something impersonating the actual website itself. So one example they gave was reverb.com, which is I guess a buy and sell marketplace for musical instruments, especially like guitars. And the message will say something like, hey seller, you need to verify or re verify financial details in order to actually get the money from the sales that you are making.

Joe Kerrigan

I see.

Maria Varmazes

And that. Yeah, and which you Know, like that if I was selling stuff worth a lot of money, I'd go, oh shit, right. Make sure I get my money.

Joe Kerrigan

You'd have my immediate attention.

Maria Varmazes

Yeah, indeed. And so the attackers will then use some, some interesting little link obfuscation techniques to make the link look like it's legitimate. So you'll see like for reverb.com you'll see HTTPs reverb.com/ and then whole bunch of percent sign obfuscation following.

Joe Kerrigan

Right.

Maria Varmazes

So basically that'll. If you just glanced at it, you'll see reverb.com and HTTPs. Oh my gosh, maybe I'm okay. But those percent signs are obfuscating that actually if you de obfuscate that link, it is taking advantage of like a 302 redirect on the site, on the website and actually taking you off site, which is something that we say a lot of times, never let them take you to a second location.

Joe Kerrigan

Right, exactly.

Maria Varmazes

So that is exactly where they're taking.

Joe Kerrigan

Advantage of something in reverb.com in their infrastructure that allows this. Allows this link forwarding.

Maria Varmazes

Yeah, I don't know. I mean, this is where I'm way out of my zone here on redirects because I think if you completely disabled redirects, you're going to break a lot of how websites work nowadays. Redirects are kind of important for SEO and the like. Yes, I'm sure, I'm sure if you're super, super security aware, you could be like, I'm going to completely disable them, but then your entire web team will hate you. So I don't know, that might be one of those trade offs that people make. So when you are taken to the phishing site, of course it looks exactly like the legitimate thing. And here's where it starts getting like. Of course they reproduce the look of an AI chatbot in the lower right hand corner, which we see them on every website now. And the phishing site goes, hello, I'm a personal support for sellers. Our payment system has changed because of this. Seller accounts need to be reverified. All payments will now be made directly to the seller's card. Close chat. Click on the button and enter your card details. Follow the instructions from tech support so you don't make a mistake while verifying your profile. And then they kind of repeat that again. But the AI chatbot walks you precisely through how they want to fish you. It goes on to say, our service cares about your safety and we do our best to make sure your transaction is secure. Thank you. For your understanding. So, I mean, it, it seems almost legit. Ish.

Joe Kerrigan

Right? And it looks convincing.

Maria Varmazes

Yeah, it sure does. I'm looking at it right now and it looks, nothing about this looks off the AI chatbot. I mean, it sounds a little too overeager. That might set off some red flags for me personally, but it, you know, the fact that you see a little AI chatbot in the lower right hand corner walking you through what it wants to do in a very friendly way. Every website does that now. So, you know, it's amazing how much that they've sort of figured out how to fool all of us. And one thing. So the phish works by, you know, you put in your credit card information to re verify your account and then of course, now the attackers have it.

Joe Kerrigan

Right.

Maria Varmazes

And Talos then goes on to note that the attackers actually may choose to wait quite some time to withdraw funds from you until future sales occur because they're waiting for a bigger payout. So you may. Yeah, so you may do this and go, oh, maybe that was fishy, maybe I shouldn't have done that. And then you go, well, then nothing happened, so maybe it was fine.

Joe Kerrigan

Right.

Maria Varmazes

But they'll actually going to wait till later. So I thought that was like, interesting.

Joe Kerrigan

Your credit card has been compromised.

Maria Varmazes

Just not yet. It has been, but you don't know it yet, right? Yeah, yeah. Other things that Telus notes in this blog post was about fraudulent chargeback emails. So if you're a retailer or you're selling online, one of the worst things that can happen is someone does a chargeback saying, basically, I want a refund for the thing I'm doing and I'm denying you the credit card charge. So if you get a chargeback email as a retailer and it goes action needed, you're going to take action on that right away.

Joe Kerrigan

Right.

Maria Varmazes

Unfortunately, it's a fish. So another thing that they're noting is a lot of bad buyers are trying to skirt around security issues by using friends and family payment options. So all of us who've ever used PayPal who have said, I don't want to get a fee tacked onto this transaction, please use the friends and family or it's a gift option. On some sites, if you use these friends and family options, you are not only skirting fees, but you're also skirting some seller protections. So you're making yourself less safe by using these options. Yes. Which I didn't know that. That was actually very interesting to me. That was new to me as well. And then another one that they're noting was shipment detail changes, which I can't believe this works, but apparently it does. So shipment detail changes happen when a scammer notices that a transaction has happened. They are not the ones that have done it, but they've seen that like an auction has closed and they message the seller at the last minute saying, actually, I want you to send this high value item to a different address and they'll use a username that looks a little bit like the correct buyer.

Joe Kerrigan

Right.

Maria Varmazes

And they're hoping that if it's a high volume shipper, they're not going to notice that the username is slightly off. And I was just kind of going, how on earth does that actually work? How would the seller not notice that It's a different username, it's coming from a different inbox, but I'm guessing it does work if somebody's just doing a lot of transactions and are not being very careful. So I don't know. That one's interesting to me. So as always, don't go to a second location. These platforms often do a lot of work, or like one would hope that they do, to build in protections for buyers and sellers to slow down, if not stop these scams. So if you leave the platform, you leave all that detection and prevention behind. So please don't.

Joe Kerrigan

Right, Absolutely.

Maria Varmazes

There you go. All right, so before we get to our next story, let's take a quick break to hear a message from our sponsor.

ThreatLocker Sponsor

So let's return to our sponsor, ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker, allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides 00 trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust endpoint protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.

Maria Varmazes

Okay, we're back and we have a catch of the day. Joe, what is our catch of the day.

Joe Kerrigan

Well, our catch of the day is a really simple catch of the day comes from Scott who sent this along. He's and there's not much to this one in terms of content, but Scott's message is very illuminating. So I'll describe the the message first before I read what Scott said. It says you're invited. Click on the invitation to see more details into RSVP Special party invitation from. I'm going to say Tamra. I'm not going to use the last name and it just says you're invited and has an upside down candy corn and in like a looking like a stamp that's been canceled and it says open invitation.

Maria Varmazes

So it's a Halloween party invite. What could go wrong?

Joe Kerrigan

It does look like a Halloween party invite. That's exactly what I said. But Scott, Scott says my wife got an email from an acquaintance she's friends with. The email address was legitimate inviting her to a party. The screenshot is below. And that's what I just described. I have instilled a healthy skepticism and she looks at all messages as if they were spam, which is good. And she immediately thought it was suspicious. I had her forwarded to me so I could investigate it when I went to one of my Linux computers and attempted to open the invitation. When I did, it said I needed to log in with my email address and gave me a login screen for my email address and some password. I noticed the URL was redirecting me to some sketchy website for credential harvesting. Since these emails come from a legitimate address, no doubt harvested, which is probably correct.

Maria Varmazes

Yep, yep.

Joe Kerrigan

They may miss it and enter their actual email credentials. So it's essentially just a credential harvesting email that looks like an invitation and when you click on it, you go, you get redirected to someplace to log in to your, your email account again. So imagine you're on, you're on Gmail, you get this invitation, you click the link and it, it takes you back to Gmail what looks like the Gmail login screen and you go huh, that's odd. I thought I was logged into Gmail and, and you just enter username and password and whatever happens next happens next. But that's irrelevant. You've just given up your Gmail username.

Maria Varmazes

And password, which is like the house keys for a lot of us, honestly.

Joe Kerrigan

So that is really bad. I, I, I think I've made a big point on this show and I don't know if I made a big enough point but the email, Your email is the most important thing that you have on the Internet and it's also one of the worst things that you have on the Internet because anybody in the world can put something into your inbox. You, you don't need any special permission. Somebody can just send you an email and it shows up in your inbox. But remember, this is where all your password resets go for your bank, for your, for your mortgage, whatever. Everything goes to your email. Your emails are the key. Your email address is your, is the keys to your kingdom. I say keep a separate email address that you use for your financial stuff that your friends will never send you an invitation on. You know, have a personal. I have so many email addresses.

Maria Varmazes

I was going to say they're free for most of us. I mean, you can pay for them if you wish, but it's pretty easy. Get good free ones. So, yeah, why not? Yeah, it's, it's, it's, it's getting easier to manage it and with the password manager, it's pretty easy to, to, to manage all those different logins. So highly recommend that approach. It's a good one if you feel like doing it. I know for some of us who've had email addresses since time immemorial, it may seem like a heavy lift to shift that over, but it's actually not too bad. So it's worth doing. I agree. It's a good idea.

ThreatLocker Sponsor

And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.

Maria Varmazes

That is hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures that we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com we're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, NCUK makes it easy for companies to optimize your biggest investment. Your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilby is our publisher. I'm Maria Varmazes.

Joe Kerrigan

And I'm Joe Kerrigan.

Maria Varmazes

Thanks for listening.