Podcast Summary: Hacking Humans – "Smells like scam season is upon us"

Release Date: March 27, 2025
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cybercrime.

I. Introduction

In the episode titled "Smells like scam season is upon us," hosts Dave Buettner, Maria Varma, and Joe Kerrigan delve deep into the evolving landscape of cybercrime, focusing on various sophisticated scams that are increasingly targeting individuals and organizations alike. The discussion is enriched with real-world examples, expert analyses, and insightful commentary, providing listeners with a comprehensive understanding of the current scam trends and methods.

II. E Z Pass Scam and Automatic License Plate Readers (ALPRs)

The episode begins with an exploration of the E Z Pass scam, where individuals receive phishing text messages alleging unpaid tolls and demanding immediate payment. Joe Kerrigan introduces a compelling theory linking this scam to the exploitation of Automatic License Plate Readers (ALPRs).

Joe Kerrigan (01:25) explains:

“Not long ago, there was a YouTuber named Mike Brown who had reverse engineering of one of the license plate readers to find that, at least at the time, the video feed and data associated with it was wide open to the Internet.”

The hosts discuss how scammers might leverage accessible ALPR data to harvest license plate numbers, correlate them with breached databases to extract associated phone numbers, and automate the dissemination of scam texts. This method underscores the intricate interplay between physical surveillance technologies and digital phishing tactics.

Maria Varma (04:16) adds:

“It’s plausible, 100% plausible.”

The conversation highlights the pervasive deployment of ALPRs across police vehicles, shopping centers, and neighborhoods, emphasizing the potential civil liberties concerns and the ease with which such systems can be exploited by cybercriminals.

III. Detailed Analysis of a Romance Scam

A significant portion of the episode is dedicated to dissecting a detailed blog post by Ben Tasker from the UK, who meticulously documents his interactions with a romance scammer named Idana. Maria Varma introduces this segment:

Maria Varma (07:20) states:

“Ben put together what I have to say is the most detailed accounting of interacting with a romance scammer that I have ever seen.”

Key elements of the scam include:

1. Emotional Manipulation: Idana employs love bombing, rapidly establishing an intense emotional connection to lower the victim’s defenses.

2. Illusion of Intimacy: She shares fabricated personal details and photos (likely stolen), creating a facade of authenticity.

3. Financial Exploitation: After building trust, Idana introduces financial needs, such as visa fees or crises, escalating to urgent money requests.

Ben Tasker (11:50) observes:

“Emotional manipulation is key. The victims are emotionally invested and likely to overlook inconsistencies.”

The hosts discuss the possibility of scammers using conditioning techniques to reinforce desired behaviors, akin to behavioral psychology principles where compliance is rewarded (e.g., sending photos) and non-compliance is subtly punished.

Joe Kerrigan (13:24) quips:

“B.F. Skinner would be proud. God, maybe ashamed.”

This segment underscores the sophisticated strategies scammers employ to exploit human emotions and trust, making romance scams particularly insidious and difficult to detect.

IV. Family Experiences with Scams

Joe Kerrigan shares personal anecdotes highlighting the real-world impact of these scams on individuals close to him. He recounts conversations with his Aunt Margaret, who reported two alarming cases:

1. Romance Scam with a Fake Movie Star: A friend was deceived into believing they were in a relationship with a celebrity, leading to a significant financial loss of around $70,000.

2. Bank Withdrawal Scam: Another friend was on the brink of withdrawing $20,000 under the guise of purchasing a car. However, the bank manager intervened, recognizing the signs of a scam and preventing the loss.

Joe Kerrigan (15:06) narrates:

“She told me about two of her friends getting scammed. One was a woman getting scammed in a romance scam with a fake movie star out of, like 70 grand.”

Dave Buettner (16:47) commends the bank manager’s intervention:

“That’s great.”

These stories exemplify how scams can swiftly escalate, often targeting vulnerable individuals, and highlight the importance of vigilance and prompt action in preventing financial losses.

V. Fake Business Profiles on Google Maps

The discussion shifts to an investigative report covered by CBS News, brought forth by Joe Kerrigan. The focus is on the proliferation of fake business profiles on Google Maps, particularly targeting “duress verticals” such as locksmiths, towing services, and funeral directors.

Joe Kerrigan (17:34) summarizes:

“Google found 10,000 illegitimate business listings in this one event.”

Maria Varma (20:01) queries:

“What does that mean, first raised, you know, or the article doesn't say it.”

The hosts analyze how scammers create these fake listings to deceive consumers in urgent need of services, leading to financial exploitation through overcharged fees or substandard services. They critique Google's reactive approach to identifying and eliminating these fraudulent profiles, suggesting the need for more proactive measures leveraging advanced AI technologies.

Maria Varma (21:03) highlights:

“Scammers are becoming increasingly sophisticated, which is true.”

This segment emphasizes the challenges large platforms face in combating fraudulent activities and the significant impact on small to medium-sized businesses striving for legitimate online presence.

VI. FTC Action Against Click Profit

Dave Buettner presents an in-depth examination of the Federal Trade Commission’s (FTC) legal action against Click Profit, an organization accused of defrauding customers with promises of AI-powered e-commerce success.

Key Points:

• False Promises: Click Profit advertised advanced AI and a $5 million “supercomputer” to boost e-commerce storefronts, claiming users could achieve six to eight-figure profits.

• Upfront Costs: Victims were required to invest $45,000 to $75,000 for storefront management services and an additional $10,000 for inventory.

• Poor Returns: According to the FTC, a fifth of the stores generated no revenue, and a third made less than $2,500 in total sales, rendering the investments futile.

Dave Buettner (31:10) criticizes the misleading nature of Click Profit’s business model:

“If you have any winnings in this case, that they don't need the money. They're going to donate the damages to an organization in this case that works with fighting scams.”

• Exploitation and Harassment: When victims sought refunds, Click Profit allegedly threatened legal actions and seized family assets to silence negative reviews.

Joe Kerrigan (35:24) sarcastically remarks:

“Great, classy operation.”

The FTC's lawsuit aims to permanently shut down Click Profit and recover funds for the victims, highlighting the regulatory efforts to curb such deceptive business practices.

Maria Varma (36:26) summarizes:

“They're telling people to F off. Allegedly.”

This case serves as a stark reminder of the complexities and dangers inherent in high-stakes, AI-driven investment scams, emphasizing the need for due diligence and skepticism towards offers promising unrealistic returns.

VII. Catch of the Day: Work From Jail Scam

The episode features a humorous yet cautionary "Catch of the Day" segment based on a Reddit post from the "Our Scambait" subreddit. The scam involves an automated interaction where an individual in jail is offered a job that purportedly allows them to work from their cell, promising substantial earnings for minimal effort.

Dave Buettner (39:37) introduces the scenario:

“Wishing you a fantastic day full of opportunities. Diana just informed me to contact you to talk about the job opportunity we have.”

The conversation showcases the bot’s unwavering adherence to the scam script, attempting to elicit sensitive information such as Social Security numbers under the guise of job-related tasks.

Agent Shield (41:15) humorously interjects:

“I forgot to mention I'm in jail.”

Maria Varma (44:25) reflects:

“And it goes on from there.”

This segment underscores the automation behind many modern scams, highlighting how pre-programmed bots are employed to target a wide array of individuals through seemingly personalized interactions.

VIII. Conclusion

"Smells like scam season is upon us" effectively illuminates the sophisticated techniques employed by modern scammers, from exploiting surveillance technologies and social engineering to creating fraudulent online business profiles and enticing investment schemes. The hosts stress the critical need for heightened awareness, robust security measures, and proactive strategies to combat these evolving threats. By dissecting real-world examples and expert analyses, the episode equips listeners with the knowledge to recognize and defend against prevalent and emerging scams in today's digital age.

Notable Quotes:

• Joe Kerrigan (01:25): “Not long ago, there was a YouTuber named Mike Brown who had reverse engineering of one of the license plate readers to find that, at least at the time, the video feed and data associated with it was wide open to the Internet.”

• Maria Varma (07:20): “Ben put together what I have to say is the most detailed accounting of interacting with a romance scammer that I have ever seen.”

• Dave Buettner (31:10): “They told them. Google told CBS that it removed or blocked about 12 million fake business profiles in 2023...”

• Joe Kerrigan (35:24): “Great, classy operation.”

• Maria Varma (36:26): “They're telling people to F off. Allegedly.”

Final Thoughts:

This episode of "Hacking Humans" serves as a crucial alert to the myriad ways in which cybercriminals are adapting and enhancing their deceptive practices. By providing detailed analyses and real-life examples, the hosts empower listeners to stay vigilant and informed, fostering a community resilient against the tides of cyber deception.