A

You're listening to the Cyberwire network, powered by N2K. Do you know how the space and cybersecurity domains connect? T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing, new episodes every Sunday.

B

Hello everyone and welcome to the Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world all Dave I'm Dave Buettner and joining me is Joe Kerrigan. Hey Joe.

C

Hi Dave.

B

And our N2K colleague, Maria Vermazes.

A

Maria hi Dave and hi Joe.

B

We've got some good stories to share this week, but first let's get into our follow up. Here we've got a lovely kind note from someone named Don who wrote in and said hello, I'm a fan of your podcast and may have a story you might be interested in. I lived in Japan for 15 years and studied a martial art there. So a little on the nose, don't you think? Yes, I now live in Colorado and have a website for my dojo with my email address I use for dojo business on the site. That is probably how these got sent to me. I checked my spam folder this morning and found two emails claiming to be from the Japan pension system. I did pay into it and will get a small payout in a few years. But they of course use the email I use for dojo business and not the one I use with my in laws in Japan. As I said, two emails but from different addresses. One seems almost certainly from China. The headers and such are the same as the legit pension system. Of course they're saying there's a problem that needs to be dealt with right now or there will be dire consequences. There's a link claiming to go to PayPal in both. I, not being Maria, did not click on it.

A

Good job, good job.

B

But I am certain it does not go to the actual PayPal login, and my credentials would be used in seconds after I punch them in wherever the links go. Despite being from two different email accounts, both list a fee of about 26,000 yen. Fairly small potatoes. Anybody know what that is in real money?

A

26 bucks, basically, or 260 bucks. Or 26 bucks. One of those.

C

260 bucks. 10 to 1, I think.

B

All right.

A

Yeah.

B

Don says I've shared these photos with groups devoted to Bujinkan. Bujinkan, okay. He says it's sometimes called boozycon after all the drinking that they do after training. I suppose other groups linked to any martial arts organization with headquarters in Japan will be targeted in the future, if not already. You may note. Oh, he included some screenshots. You may note. I did crop them, so you won't be able to make fun of how much battery life I have left.

A

He's paying attention, Don.

B

Yes. Thank you for the work you do and the way you make it fun. Since Maria's joined, I've noticed just how much better the interactions have gone.

A

Aw.

B

Joe and I Both agree.

C

Yeah, 100%.

A

Arigatou, Don San.

B

You lived in Japan for a while, didn't you, Maria?

A

Yeah, a little bit Japanese. Was my minor in college, so.

B

Oh, nice.

A

Yeah.

B

Okay, very good. Don says when one of you three is absent, it just isn't as great.

A

Aw.

B

Please keep up the work. And say hello to the chickens for me. All right. Well, thank you, Don.

C

That's a very, very nice letter.

B

Very nice kind note, and sounds like you've got things under control there.

C

I will tell the chickens that Don says hi.

B

All right, we're going to take a quick break to hear from our sponsors, and when we come back, we will dive into our stories. Every attacker counts on one thing. Environments that Trust too much. ThreatLocker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing configurations verified with ThreatLocker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. And we are back. Joe, you have the honors. This week, you want to start things off for us?

C

Last week, I bummed everybody out with my horrible story about the woman who lost was now her family were now homeless. So I figured this week I would come in with two stories. I have two short ones, but they both have happy endings and the first one comes from our friend, Mallory Safoste, friend of the show, right up the road in Baltimore. And this is a story about a guy, Matthew Middleton. And it says he almost fell for it. Somebody calls him out of the blue and says, here's some life changing information. My name is Dave Clark and you have won the Reader's Digest and Publisher Clearinghouse sweepstakes. And he said, Dave, Dave in air quotes says, he said I was the winner of $9.4 million and a brand new Mercedes Benz.

B

Wow.

C

So he was suspicious at first, Matthew Middleton. And he. But the call reminded him he'd entered the sweepstakes online, which I think is an interesting angle. Right. Because we always say, hey, did you buy a lottery ticket? No. Then you didn't win the lottery.

B

Right.

C

Did you enter a sweepstakes? No. Then you didn't enter the sweepstakes. So here's how they're getting around that. They're saying you entered the sweepstakes online. H. Do you remember everything you've ever done online, Dave? If I said it was three months ago you entered the sweepstakes and now you've won.

B

Yeah.

C

I wouldn't be able to pull that out of my memory.

B

No, I don't remember what I did 10 minutes ago.

C

Right.

A

Who are you people? Why am I here?

C

This is not my beautiful house. Oh, yeah, work. That's a good one.

B

Yeah.

C

The caller told him the prize money would be delivered in cash and sent videos and photos. He claimed to be of them counting Middleton's money.

B

Right.

C

So they just got some random videos off some line of, you know, money going through money counters.

B

Right. You know, stock footage.

A

Love those things.

B

Yeah.

C

Then came, of course, the catch. He said, the only thing is you need to pay a document fee of $500 via an Apple Gaming gift card.

B

Ah, yes.

C

Right. And that's when Middleton went, ding. There's my red flag.

A

We need a red flag sound.

C

Right.

B

That's true. I have to ask the audio guys, what would a red flag sound like? I mean, you. I could hear a. Like a flag swapping in the wind.

C

Yeah, but a red flag's more like

B

a little like the. What about the sound from Family Feud? You know, the strike sound.

C

That's pretty good.

B

Yeah, that would be a good one.

C

That'd be good. All right, we'll work big red X. Yeah. So Matt Middleton does something very smart here. He says, let me contact Mallory. Mallory safoste at wm. W. What is it?

B

WMAR.

C

WMAR. Yeah, I almost said WMAL, but that's in D.C. yeah. Also featured in the Day the Earth Stood Still. By the way, if you go back and watch that movie, there's somebody with a WMAL microphone sitting on the desk.

B

Great story. Yeah.

C

Anyway, he calls Mallory. Mallory, of course, says, yeah, it is a scam. You are so Mallory. The thing I like about this story is that Mr. Middleton thought it was a scam, reached out to somebody he knew as an expert, Mallory Safoste. And Mallory was like, oh, absolutely, that was a scam. And he is very grateful. So that's over. Interesting in this story is the guy was persistent about it. The guy was very persistent and almost had him believing it at the end of the story. But once he asked for the Apple gift card, he was. He was. That's when the red flag went up. Now, if you remember, a couple of weeks ago, I talked about how somebody tried to scam me, calling me from the Carroll County Sheriff's Department, again with quotes around the Carroll County Sheriff's Department.

B

Yes.

C

And I said, oh, well, let me get your name and your badge number and I'm gonna call the Carroll County Sheriff's Department back and they're gonna route me right to you.

B

Right.

C

And then we can discuss this matter. Cause this is an inbound call and I don't really trust it. I know a lot of scams go like this, but the guy was. The guy was really aggressive and it was not as easy as I would have thought to do this. Right. You know, I always thought, oh, yeah, another scam. Haha. But the way these guys call you on the phone, they get you not thinking about it.

B

Right? Yeah. Off kilter.

C

Right. And one of the things Mallory asked in this article is, did you let yourself imagine what you would be doing with that money when you got it? And he's like, I did imagine that.

A

Yeah.

C

So, I mean, Dave, imagine if you had $9 million.

B

Oh, only nine.

C

Yeah.

B

Be a downgrade for me, right? No, I'm kidding. Of course. Yes. There are many things I could fantasize about, things I would use $9 million for sure.

C

Yeah, exactly.

B

Yeah.

C

So thank you, Mallory, and thank you, Mr. Middleton, for sharing your story. My next story comes from the Los Angeles Times. And this has elected to remain anonymous, the victim here. But let me tell you what happens. He first gets a suspicious text message and then he gets another communication. That was a return phone call and a plea to call him immediately. And this is by the evening's end. This is a senior citizen in Ventura, California, who eventually hands over $25,000 to somebody who has said, we've locked your account. Your. Your. Your bank account. Your bank account has been associated with distribution of CSAM in Canada.

B

Right.

C

You need to take $25,000 in cash and meet somebody at a location. Here's the code word. Right. They do all this stuff, and he does that. And then a little while later, he starts thinking that might have been a scam. So he calls the police, and the police are there interviewing him. Right. And this is where the story gets good. Okay, what do we say about criminals on this show all the time with these social engineering attacks? So they hit you once. What are they going to do?

B

Oh, they're going to come back for more.

C

They're going to come back for more. This guy.

A

This guy.

C

No problem getting $25,000 together. So let's hit him up for $50,000.

B

Yeah.

C

They call just as the. As the victim is sitting down with the. With the police to discuss it, they call him and they say, hey, it's us again. Now we need $50,000 to keep you from going to prison. Right. And the cops go, oh, awesome. Where would you like us to meet you?

B

How often does this happen?

C

Right. This almost never happens. Right, right, right. So they said. They said, act like you're going to give him 50 grand. And Ventura police arrested two of them, a man and a woman. The woman was the one making the contact with him. And as soon as the cops showed up, she tried to run, but they caught her. And then the man, they caught him, too, and they got the original $25,000 back from him. And both of these people have now pleaded guilty to elder abuse, which I don't think. I think. What do you. I think fraud might be more of a maybe. I don't know. Maybe elder abuse has a bigger crime or bigger sentence.

B

Yeah. I don't know. Higher sentencing with the police, I'm sure. Did you know what they thought was best going to get them a conviction, I guess.

A

Yep. Yep. I would hope so.

B

Yeah.

C

So they're. Yeah, well, they both. They both pled guilty, and the guy got his money back, which is great. I'm very happy to see that.

B

I mean, one of the things as you were describing, the story that I was wondering was, would the people at the drop site, the people who were there to collect the $50,000 or the $25,000, might they have just been money mules?

C

They might have been.

B

Cause we hear that pretty common, too. Like, they'll just send a courier.

C

Right.

B

You know, so that this police Situation doesn't happen, or at least I guess, gets it harder.

C

Yeah, that's an excellent question. But apparently in this case, no, these were the guys running the scam. And I mean, as indicated by the fact that they got that $25,000 back from one of them.

B

That's great. You know, this reminds me. This is not my story today, but it reminds me of something I saw just earlier today in our local community, Joe, where somebody in one of the Facebook marketplace groups was selling a laptop, and someone contacted them. They agreed on a price, agreed to meet in a public place. They met. Everything felt safe. The person who was buying the laptop counted out all of the cash,

A

put

B

it in an envelope, handed the envelope to the person. The person handed them the laptop. They went their separate ways. The person with the laptop opened the envelope, and it was full of just paper scraps. So the person who was buying the laptop had used some kind of sleight of hand to make it appear as though they were handing them the envelope full of cash, but it was actually not full of cash.

C

Really?

B

Yeah.

C

Like a magic trick.

B

Exactly.

A

That takes some actual skill.

B

Yeah.

C

Right, right.

A

I'm almost impressed.

C

Yeah, I'm almost impressed. Exactly the sentence I was gonna say. I'm almost impressed. If it weren't for the fact that you were cheating somebody out of a laptop, I would be impressed.

B

Yeah, I always wondered, like, if you're a really good sleight of hand magician, does that mean that you never have to pay for a candy bar?

C

That's an excellent question. I've only ever learned sleight of hand for card tricks, so, yeah, I did dabble a little bit in magic when I was in college. Did not impress the ladies like I thought it would.

A

Joe, I hate to say it, but the moment you said you dabbled in magic, the thought that came to mind was, that is not a surprise.

C

Right, That's.

B

Yeah. Yep. Okay, everybody, listen. We're gonna pause the party here for a second while Joe.

C

Joe Knacked the Magnificent.

B

No. Nice cape, Joe.

C

Yeah. You like to top hat. Yeah. Right.

B

Except you don't have a rabbit. You have a chicken.

C

Yes, that's right. Watch me pull a chicken out of my head.

B

Right? Yeah.

A

Which chicken, though?

C

It's going to be snuggle bug every time.

A

No, see, he got the answer right there. Yeah, you've thought about.

B

Snuggle bug is the chicken who plays long.

C

Yeah.

B

Right.

C

My. My favorite thing is if you can do a card trick with any deck of cards, you know, there. There are, of course, all these gimmicked out cards that you can. That you can get. And there is. I have a bunch of these tricks. I was like, oh, these are pretty cool, but they're all pretty. You know, if you think about them for half a second, it's. Some of them are good, but most of them are kind of lame. Yeah, but the card. The thing you can do with any card deck. I mean, I'll tell you. I was doing this story for this trick for one of the kids in our friend group, and, like, halfway through the trick, you're supposed to make it look like you've messed up. And this kid's like, do you need me to show you how to do the card trick right? And I'm like, yeah, maybe. Hold on. Let me. Let me. Let me try something else.

B

Right?

C

And that's actually part of the trick. You know what's going on. And then at the end, when I've shown him, like, a bunch of different cards and I slide his card across and I say, but this. And I like, four clubs. That's your card. Right? And he looks at me, like, shocked, and he turns it over, and there it is. And he's like, how'd that even get there? It's a really good trick. It's the only one I know right now. Okay.

B

You can practice it for the chickens.

C

Yes.

A

They'll be very impressed.

B

Yeah.

A

Yeah.

B

All right. We will have a link to both of Joe's stories in the show notes. My story actually comes from the Wall Street Journal, and this is about a man who got caught up in a travel scam, and it ended up costing him over $12,000. So there's a nice little cautionary tale. So this is a man named David Calder, who is a retired engineer, happens to be from our great state of Maryland, and he says he's a seasoned traveler. He's visited over 30 countries. And he got caught up in a scam that started when he got what looked like a routine flight change email from Lufthansa. Did I say that right? Lufthansa.

A

Lufthansa.

B

Lufthansa.

C

Lufthansa.

B

Yeah. So the airline said that he'd missed a connection to Budapest and he needed to rebook, and he couldn't get the link to work. So he did what lots of people do. He googled the airline's customer service number, and he called them.

C

Right.

B

And the person who answered sounded legit. They had his confirmation number. They found alternate flights on partner airlines, but they told him that he needed to pay more than $12,000 upfront for the changes. And there would be a refund coming later. Wow.

A

Damn. I'd be like, I'm walking home. $12,000.

C

12 grand. Yeah.

A

No way. I'll swim across the ocean. That's crazy, right?

C

I can take a cruise for that much money.

B

Well, he approved the charge, and the scam unraveled the next day after additional fraudulent airline tickets appeared on his credit card. Only later did Lufthansa confirm the rebooking had been made through a third party agency, not the airline itself. So it's weird. Yeah. So it sounds to me like this could have. It seems to me like this was somebody who had access to the travel booking system.

C

Right.

B

Which is not a very high bar. I know someone who used to run a travel agency.

A

Oh, I remember those.

B

Yeah.

C

Yeah.

B

Not anymore, but used to run a travel agent, you know, and they could print tickets right there in the office, and they could do all kinds of things. So anyway, the warning here is that, you know, a travel scam doesn't look sloppy or obvious. Everything looked right to this person.

C

And how did he get the scammer's number? From Google? Was that a fraudulent ad?

B

Correct.

C

Yes. Okay.

A

Yeah.

B

So he probably did a search for Lufthansa customer service, and an ad popped up with the phone number which he dialed, which was a scam ad that connected him to the people pretending to be Lufthansa. But it seems like whoever they were, somehow they had access to the travel system. They were able to do some things, but then they did a lot more than that once they had his credit card information. And in the end, he says that this cost him months of disputes, police reports, and frustration with his bank. He says never trust the first customer service number you find in a search result.

C

Yep.

B

Go directly through the airline's app or official website. Every single time.

A

Yep.

B

I. You know, I hadn't really thought about the app. That's a good idea, right?

A

Yeah. I had resisted doing the app thing. Cause I hate that everything requires an app now. Like, I really, really hate it. But I will say, for airline travel, that is genuinely the best way to book or rebook or get any customer service. Like, they want you to use the app first. And I'm a convert now. But, yeah, I really didn't want to, though. I just was like, oh, I want my everything printed on paper. I don't want to deal with my phone. But genuinely, the app is the way

C

to go when you fly domestically. Maria, what's your airline of choice?

A

It depends. On where I'm going to. It used to be JetBlue.

C

Okay.

A

Nowadays it's a toss up between United and Delta, but again, I'm in the Northeast, so I don't have access to a lot of the other. Like Southwest barely exists up here, and I know a lot of people love Southwest, so.

C

Yeah, PWI is a big Southwest airport, so. Yeah, I use a lot of Southwest.

B

Me, too.

C

Every time I see a plane flying over my house. Southwest.

B

Yeah, it's true.

A

Yeah.

B

All right, so obviously the lesson here, as David Calder said, just be careful that when you make a phone call or try to get in touch with, in this case, an airline, but really, anybody that you're doing business with, you cannot trust what pops up in a Google search or basically an online search. We've said over and over again they are so commonly being gamed these days. Yeah, you need to have a direct connection with them.

C

I mean, we've talked before about American Express and using them as a credit card, especially for travel, because it's generally more accepted for travel.

B

Right, right.

C

So, you know, and when you call and you say, hey, this was a scam and I got scammed out of 12 grand, they'll go, oh, okay, right. I'd like to. I'd like to know if this would have worked. I'd like to know what kind of credit card he used and, you know, what kind of evidence he had to present.

B

Yeah.

C

Also, I wonder if there's some liability here on Google's part.

B

Yeah, I was thinking the same thing. Like, and I was wondering, like, suppose I'm a billboard company, right. I sell billboards along the side of the road, and somebody comes along and puts up an ad for a scam airline or puts up an ad for a real airline, but with a scam number, a scam website or whatever. As the billboard provider, am I in any way liable? Obviously, billboard providers don't have Section 230 of the Communications Decency act, which gives platform providers a lot of leeway. But, yeah, it's an interesting question.

A

What kind of due diligence they do.

B

Are we headed in that direction where we could see some liability from? Because it sure seems like they're not doing much.

C

Right.

B

They'll tell you they're doing a lot, and they'll float these huge numbers about all the millions and millions of scams and fraud that they eliminate on the platforms. And I'm sure all that's true.

C

But.

B

But the fact that this still happens all the time means that they're not being Very effective.

C

It's like when you're talking population numbers, right? Like, you know, America has the most automotive deaths per. Per. No, they say America has the most automotive deaths in the world. The only one that has more than us is China.

B

Right?

C

Well, okay, well, that's because China has a billion people And America has 300 million people and nobody else. And you're not looking at 400.

B

What?

A

We're at well over 400 million now, are we now? Oh, yeah.

B

Oh, really?

C

I have to look that up because I hadn't heard that.

A

No, let me double check that.

B

But I was going to say what popped into my mind was 330.

C

Yeah, I was going to say 360. Okay, Maria, my bad.

A

Sorry I'm wrong. It's 350.

C

I don't know.

A

I had heard 400. Well, rounding.

C

If you're rounding to the. To the most significant digit, you're correct.

B

Tell you what, let's take a quick break to hear from our show sponsor. We'll be right back after this message. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threat locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Maria, it's your turn. What do you got for us?

A

So there's a scam going around in my neck of the woods, and I'm sure it's going around a lot of necks of woods. This one is necks of woods. This one is going around in the news.

C

Thank you for properly pluralizing that.

A

You're like attorneys general. Yes, you're welcome up here in Massachusetts in Springfield, Mass. WWLP a story via Emma McCorkendale. Thank you, Emma. About a story coming from the Springfield Police Department of a potential scam call relating to a fake safety kit being marketed at parents of young children through a local elementary school. And I was Just like, okay, as a parent of a child in elementary school, I was very interested in this story. So let me just start with first what the scam is. There is a mailer going out to parents of local elementary school up here in Mass that's got the school name right at the top of the mailer. So it seems to be official and affiliated with the school. And either in the mailer or as a subsequent follow up from this mailer, it's asking for the child's full name, address, birth date, Social Security number, fingerprints, physical description, emergency contacts, clear photographs, medical information, as well as any information about disabilities or mental illnesses. And the idea with this quote unquote safety kit is that it's a service offering to help you collect all that really important information about your kid and hold onto it for you. So should every parent's worst nightmare occur and your child goes missing, the idea is that this information is already gathered for you. So it's handy in one spot and can be given to law enforcement quickly because you will probably be too distraught to go around and gather that information yourself in those crucial moments when your kid has gone missing.

B

Yes, yes.

A

And wow. And this is even a free service. Isn't this wonderful?

C

A free service?

A

A free service that just wants literally

C

all the information necessary to steal your child's identity or just straight up abduct them.

A

Yeah. And there are also versions of this ploy going around that also encourage the use of an app based version of this free service. Well, in addition to all that information I just mentioned, they'll also take your kids biometrics like their fingerprints. I know, I know. And so you'll have it all in one handy spot. So there is some tiny, tiny fine print on the bottom of this mailer that says that this is actually a service provided by a life insurance company. And so if you start reading about this mailer and similar ones over the years, apparently before the kit supposedly arrives, and I don't know if it actually ever does, there's apparently a zoom call that you are set up to join and where they will introduce the kit to you and how you use it in case your kid goes missing. But also, gosh, when you're thinking about it, funerals are really expensive, aren't they? And man, if one of you parents just dropped dead, who would provide for your child, especially if they're missing? I guess, man, wouldn't life insurance just make so much sense? So if we could just get your banking and routing numbers to set that up, that would be super easy. Peasy.

C

So it's an upsell for life insurance for the parents.

A

Yeah. And funeral coverage and all that kind of stuff. So this has been going on. So. Yeah. Okay, first of all, let me. Don't do this. Do not. Do not do this. Do not hand that information about your kid over to anybody. I don't care what mailer is coming home with your kids. Do not do that. So, yeah, that is if you only remember one thing. Don't.

B

Well, let me just interrupt because I remember when my kids were in elementary and middle school, there was a thing that was part of them getting their school pictures.

A

Oh, I was gonna get to that. That's a different thing. No, no, I actually was gonna mention that. Cause I have that here on my desk. I have my daughters. I'm a big fan of that. That's a different thing.

B

Proceed.

A

Yeah, yeah, I'm glad you know about that. Cause that is a different thing. But related this specific scam, I was very curious about this, so I did a little sleuthing on the Internets and I was seeing stories about this going back to 2019. A lot of them, the same life insurance company doing this flavor of scam. And of course they say it's not a scam, that it's a legitimate service that they're doing. Okay, whatever, sure, yeah. Sometimes they use door to door tactics. Sometimes they will often say that they're affiliated with local or state police and the police will go out of their way to say, no, they are not. So that is definitely not a thing. But in a lot of cases there is a mailer that actually goes home with the kids from school because presumably someone presented this to a busy administrator and the administrator's like, well, who doesn't like child safety? So yes, we should send this to all the parents.

C

Right.

A

And they're not aware that this is putting it generously lead generation for an insurance company and not actually a thing to keep your kids safe. And as I was looking into this scam, and again there are videos and posts about this going back many, many years about it. And people going, I got scammed and this sucks. Don't let it happen to you. I saw a lot of astroturfed comments defending this and I'm pretty sure they were from the scammy company in question. One of them on a YouTube channel from a local news outlet reporting on the scam said the program is a national campaign at no cost to protect our children. How can you consider this a scam being called to get registered? I could understand if they're calling, informing that there's a fee and asking for credit card information. But don't ruin something that's trying to do good, especially for our youths.

C

I was like, sounds like it came right out of the marketing department.

A

Yeah, it's totally legit. Because they're not asking for your credit card. Right. I mean, just all your credit cards information.

C

Yeah.

B

And a bloodshed.

A

All of your kids info, but not your credit card. So that's what makes it legit. The gall. The absolute gall. So, yeah. So if you feel in your family's risk profile or in your world that this is a kit that you genuinely want to have together and at your hands, should the worst happen, you can do this yourself and work directly with your local law enforcement to put this together. But this is 100% a DIY situation. There is no service you should be using for this because nobody should be having that information about your kid.

C

I guarantee you they sell this information as soon as they get it.

A

I. I think that is even generous. Like, I. I don't even want to know what they would do with it. Aside from selling like a mean Social

B

Security number that has, you know, from a child. No.

C

CL.

B

Yeah.

C

Yeah.

B

You can do all kinds of things.

A

Cha Ching. Yeah. So the endnote. I wanted to mention, Dave, was the thing that you were talking about, which is a legitimate thing that I'm a big fan of with my kids. Yearly school photo. There's a card that comes with it every year that I really appreciate. I'm not gonna name the company name. Cause I feel like that's probably unnecessary. But all it does, it has a clear photo of my kid that I can use to handle law enforcement. And it reminds you to immediately call 911 and how to get in touch with the national center for Missing and Exploited Children, whom they officially have partnered with. And I did check that. That is the case on both sides. So it's an official partnership and it's on the up and up, and that is it. They're not asking for your money. They're not asking for your kids social. It's literally. Get in touch with your local law enforcement immediately. Reach out to the national center for Missing and Exploited Children and go from there.

C

Yeah. Time is of the essence.

A

Yes. Yeah. So you don't want a third party in the middle of that.

C

I have ever. I have a story about this similar to this. My dad actually did put these together for my brother and myself when we were kids. Oh, did. Yeah. He actually took down to the police station and had us fingerprinted. He looked at us and said, I probably should get some experience with this. Before these two miscreants become adults, they should at least know what the fingerprinting at the police station's like. Never had to be fingerprinted by law enforcement after that. But they gave him back the fingerprint cards, and he had those. He may still have them, I don't know. But a funny story about this is as my brother and I are walking out of the police station, we see a bunch. It's like the police put out a public service announcement, said, hey, come on, get your kids fingerprinted. We'll give you the fingerprints and keep them on file. And that way, if your kid goes missing, we will ask for the fingerprints. But the point was, you kept the fingerprints. You were responsible for keeping them. And this was in Montgomery county, just one county south of here. And we're walking down the steps of the police station, and I kind of nudged my brother, and I go, hey, come on with me. And there's like, let's go rob a bank. No. There's like five kids walking up, and

B

I go, oh, my fingers.

C

It hurts so bad.

B

Oh, no.

C

And my dad. And my brother starts doing the same thing.

A

Oh.

C

And my dad on the steps of the police station, slaps back of both of us in the back of the head.

B

Oh, my gosh.

C

Knock that off.

A

Yeah, yeah. Listen, I'm glad your dad did that. He felt that it was an important thing to do. And again, that's the way to approach it. If this is something you want to have done.

C

Yes.

A

Go to your local police and do it. Don't go through some other party and

C

ignore any jackass kids coming out telling you that it hurts. It does not hurt.

B

We had those pictures, the ones from the school photo we put on our refrigerator with magnets. And then one day, I got a passport photo. So I put my photo up next to the kids.

A

In case you go missing, Right.

B

My wife was like, why did you put your picture on the refrigerator next to the kids? And I said, in case I go missing,

C

something to give them.

A

Right.

B

I said, you can just hand it to the police and they'll know who to look for, right? Yeah. I don't know. She didn't think that was funny.

A

Well, I mean, it's that or they're going to use a terrible picture of you from Facebook.

C

So maybe with a chicken on your shoulder.

B

That's true.

A

But to be fair, Joe, if you went missing, you probably would have a chicken with you.

C

I mean, yeah, a good chance.

A

Yeah.

C

Can I grab a chicken before. You kidding me?

B

He wouldn't starve to death, right? I'm thinking eggs, Right? Eggs.

C

Eggs.

B

Eggs.

A

Drums.

B

All right, we will have a link to that story in the show notes. Joe, Maria, it is time for our Catch of the day.

C

Dave, our catch of the Day comes from another subreddit, R Scammers. And it begins.

A

Oh, no.

C

This I love.

A

Oh, my God.

C

I love the title of this. I'm going to read it.

A

Oh, wow.

C

Hearken, brethren. Behold how I did smite a worker of iniquity with the Word and brought him unto great wrath.

A

Amen.

B

All right, so I'll tell you what. I'll be the scammer reaching out here in the gray. And, Joe, since you seem to be enthusiast about this.

C

This. Yes. I love the way this guy writes,

B

you can be the person in blue.

C

Okay.

B

All right. It goes. So it begins here. Hello, dear friend. How are you doing today? I pray this message meets you well.

C

Peace be unto thee, stranger. What tidings dost thou bring me on this day which the Lord hath made?

B

Amen. I bring great news. You have been selected randomly by the Global Relief foundation to receive a blessing grant of $50,000. Kindly reply. Yes. To claim your funds.

C

Verily, verily, I say unto thee, the love of money is the root of all evil. Lay not up for yourselves treasure upon earth where moth and rust doth corrupt and where thieves break in and steal.

B

Sir, I do not understand. This really is a blessing from God. You just need to pay a small clearance fee of $50 so the delivery agent can bring the cash to your door. Are you ready?

C

What profiteth a man if he gain $50,000, yet lose his soul to the delivery agent? Get thee behind me. What is it?

B

Something of worker of inequity.

A

Worker?

C

Worker of iniquity?

B

What are you talking about? Who is iniquity? Sir, listen to me. This is not a joke. Go to Walgreens right now and buy a $50 Apple gift card and send me the picture of the back.

C

Thou speakest as one of the foolish wind. Speaketh. Yes. I'm not. What's with the sexism?

B

I'm not missing today yet.

C

I'm not done with this.

A

What is going on?

C

Shall I journey to the merchants to buy deceitful wares? Nay. My feet shall not walk in the counsel of the ungodly, nor stand in the way of the Apple store.

B

Are you crazy? Stop talking like Shakespeare and listen. Do you want the $50,000 or not just go get the card.

A

It's King James, you heathen.

C

Anyway, jeez, Jeez, I know your medieval literature. He that hath ears to hear, let him hear. Thy tongue frameth deceit like a sharp razor. Woe unto thee, for thou art weighed in the balances and art found wanting of gift cards.

B

Listen to me, you idiot. I'm trying to help you here. I have the money right here. Stop wasting my time and send the code.

C

Thou art a stiff necked and rebellious generation. A wicked man. Hardeneth the face. The Lord shall smite thee with a madness and blindness and a frozen WhatsApp account.

B

Okay, f you, man. You're crazy in the burn in hell.

C

Yea, though I walk through the valley of the shadow of death, I will fear no scammer. For thy rod and clearance fees comfort me not. Depart from me, ye accursed into the everlasting fire, prepared for the devil and his telemarketers. I like that one.

B

Wow. Insane.

C

That's from Matthew, chapter 25, isn't it?

B

I'll take your word for it.

A

Peace be unto thee.

B

The reader, chapter and verse. All right, well, yeah, I mean, that's a good way to deal with a scammer.

C

Yes, I. Weird amount. I think that I may do this next time. Rather than getting Mabel Johnson on the phone, they may get this character that I just created.

B

Now, I love how exasperated the scammer was getting. Do we really have to go through this? Just go get the gift card. Come on, Like, I don't want to do this dance with you right now. I'm just sitting here in this bullpen. I gotta make 100 calls an hour, right?

A

You're ruining my average Fire and Brimstone, Foghorn and Leghorn going on there.

C

Brimstone, Foghorn and Leghorn.

B

Yeah. All right, well, that is our catch of the day. And of course, we'd love to hear from you. If there's something you'd like us to consider for the show, please email us. It's hackinghumans2k.com. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution. Blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is our show, brought to you by N2K Cyberwire. We'd love to know what you think of this podcast, your feedback and we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmaza.

B

Thanks for listening, you idiot.