Podcast Summary: Hacking Humans – "The Band is Finally Back Together"

Release Date: May 15, 2025
Host: N2K Networks
Description: Exploring deception, influence, and social engineering in the realm of cybercrime.

Reuniting the Hosts

The episode kicks off with hosts Dave Buettner, Joe Kerrigan, and Maria Vermazes reuniting after a period of absence. Dave humorously remarks, “[...] today we finally got the band back together” ([00:39]). The trio shares light-hearted banter, acknowledging Joe’s role as the steadfast member during their hiatus.

Listener Questions and Follow-Ups

1. IC3 Impersonations – Listener John’s Experience

Joe addresses a follow-up from a listener named John regarding impersonations of the Internet Crime Complaint Center (IC3). John recounts receiving a seemingly legitimate email from an FBI agent about a vulnerability related to his role as a CIO at a school. Initially skeptical, John verified the email by contacting the local FBI field office directly, confirming its authenticity.

John ([02:57]): “The whole thing was very intriguing and very helpful.”

Dave emphasizes the importance of verifying such communications through trusted sources, reiterating Joe’s practical advice.

2. Verifying Class Action Lawsuits – Listener Scott’s Concern

Maria presents a question from Scott about discerning legitimate class action lawsuits from scams. Scott expresses frustration over receiving dubious legal forms that promise free money but raise suspicions due to unprofessional URLs and formatting.

Dave ([04:57]): “It's never very much free money.”

The hosts suggest resources like classaction.org and the National Association of Attorneys General (nag.org) for verifying the legitimacy of class actions. They caution that scammers exploit the allure of free money to deceive individuals into providing personal information.

3. Healthcare Information Market – Listener Kenneth’s Inquiry

Kenneth poses two critical questions:

1. Market for Private Healthcare Information: Who purchases this data and for what purposes?
2. Personal Behavior After Receiving Breach Notifications: What actions should individuals take upon receiving such communications?

Dave responds by highlighting the high value of medical information compared to Social Security numbers or credit card details, citing:

Dave ([08:34]): “Social Security numbers sell for around $15. Credit card details sell for as little as $3. But medical information starts at around $60.”

He explains that medical data has a longer shelf life and can be exploited for identity theft, medical fraud, and extortion. Regarding breach notifications, Dave advises using them as indicators to stay vigilant against potential identity theft attempts.

Joe ([07:08]): “Your doctor's office does not need your Social Security number. Don't give it to them.”

Maria echoes the frustration, noting the inadequacy of current responses to such breaches and the necessity for more robust privacy laws.

Main Stories and Discussions

1. Influencer Fakery and Scamming the Real ID Requirement

Joe delves into two interconnected topics: the prevalence of fake influencer lifestyles and scammers exploiting the Real ID news cycle.

Influencer Fakery: Joe discusses how influencers create deceptive images, such as posing on fake private jets. He shares examples of elaborate setups where ordinary items like toilet seats are used to mimic luxury environments.

Joe ([12:50]): “Whenever you see an influencer sitting on a private jet. They're not sitting on a private jet. They're on some set maybe in LA.”

Real ID Scams: The hosts explore how scammers capitalize on the Real ID implementation news by sending phishing emails that appear to be from legitimate government sources. These emails often contain malicious attachments that install remote access tools like Screen Connect, granting attackers control over the victim’s device.

Dave ([30:53]): “They have all the appropriate Social Security Administration branding, the formatting, everything. But under the hood, there are executable files.”

Joe advises listeners to avoid clicking on email links and instead directly visit official websites to verify their Real ID status.

2. Scam Survivor Day and "Careless People" Book Review

Maria highlights May 8th as Scam Survivor Day, emphasizing the importance of addressing fraud shame and supporting victims of cybercrime. She references the book Careless People by Sarah Wynn Williams, which exposes unethical practices within Facebook, including:

• Tracking user locations and emotions based on online interactions.
• Serving targeted ads exploiting personal vulnerabilities.
• Misusing adolescent girls' data to push beauty products.

Maria ([24:30]): “According to Wynne Williams, Facebook was also tracking when adolescent girl users deleted their own selfies and then served them beauty ads to them at that same moment.”

The discussion underscores the pervasive nature of social engineering and the ethical breaches by major tech companies.

3. Fake Social Security Statements Campaign

Dave presents a study by Malwarebytes uncovering a phishing campaign targeting Americans with fake Social Security statement emails. These emails prompt recipients to download supposedly legitimate statements but instead distribute malicious software that grants attackers remote access to their computers.

Dave ([30:20]): “These executable files install an app called Screen Connect, which is a legit remote access tool. But once installed, it gives attackers the keys to the kingdom.”

Joe shares a personal anecdote about receiving such an email, reinforcing the hosts' advice to verify communications independently.

4. Catch of the Day: Outlandish Scam Email

The episode concludes with a humorous segment featuring a listener named Richard’s scam email, which bizarrely claims a recipient has won a $30 billion Chevrolet truck. The absurdity of the message, riddled with typos and unrealistic promises, serves as a reminder of the nonsensical nature of many phishing attempts.

Dave ([36:18]): “$30 billion in a Chevrolet motor truck. Who's going to believe I’m getting $30 billion?”

The hosts laugh over the implausibility of such scams and stress the importance of skepticism when encountering outrageous offers.

Key Insights and Takeaways

• Verification is Crucial: Always verify the authenticity of unsolicited communications by directly contacting official sources rather than relying on provided links or contact information.

• High-Value Targets: Medical information is highly prized in the cybercriminal marketplace due to its long-term value and potential for various types of exploitation.

• Social Engineering Prowess: Scammers adeptly exploit current events and trending topics, such as Real ID, to craft convincing phishing schemes.

• Awareness and Reporting: Increased awareness of cyber threats and proactive reporting can mitigate the impact of social engineering and fraud.

Notable Quotes

• Joe Kerrigan ([12:50]): “Whenever you see an influencer sitting on a private jet. They're not sitting on a private jet. They're on some set maybe in LA.”

• Dave Buettner ([30:53]): “Don't trust an email just because it's got a federal logo. Do what Joe does, which is if you get one of these emails, go to Social Security Administration's website and just log in from there.”

• Maria Vermazes ([23:51]): “If you are the victim of cybercrime, report it. It doesn't matter if you feel ashamed about it. You are a victim and you deserve help. Losing money and data is not the price of admission for the Internet.”

Conclusion:
In this engaging episode of Hacking Humans, the reunited hosts navigate through listener queries, dissect emerging cyber threats, and shed light on the sophisticated tactics employed by scammers. From deceptive influencer cultures to exploiting legislative changes, the discussion underscores the ever-evolving landscape of social engineering and the paramount importance of vigilance and verification in safeguarding against cybercrime.

For more insights and to share your experiences, visit hackinghumans2k.com.