Loading summary
Transcript277 lines
- [00:02]
Maria Varmazes
You're listening to the Cyberwire Network, powered by N2K.
- [00:15]
Dave Bittner
Hello everyone and welcome to N2K, CyberWire's hacking humans podcast where each week we look behind the social engineering schemes, phishing scams and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Kerrigan. Hey there Joe.
- [00:31]
Joe Kerrigan
Hi Dav.
- [00:32]
Dave Bittner
And our N2K colleague and host of the T minus Space Daily podcast, Maria Vermazes.
- [00:37]
Maria Varmazes
Maria, glory to you and your house.
- [00:40]
Dave Bittner
We've got some good stories to share this week, so I'll tell you what, let's jump right in. Actually, we've got some follow up here. Joe, you wanna get us followed up?
- [00:51]
Joe Kerrigan
Yes. Abdusaboor wrote in with a letter and a picture text exchange. He says. Hello, Dave. Jo, Maria, I hope this email finds you well. I believe there is a recent trend of potential cyber attacks. Just two days ago, my wife received a random text message asking her to meet the individual somewhere. The next day I got a similar text with a specific address. I'm still trying to wrap my head around this. Could there have been a data breach with phone numbers and addresses stolen with zip codes? Because the address I was told to meet up was close to my zip code. O. Yeah. I'm thinking also that this might be somewhere from a digital cyber incident to a physical cyber security issue. What are your thoughts? Your all time listener and fan of the show, Abdusaboor. So it's a. He sent along a picture, a screen capture. That is just a message that says please come to this address. And it's got a, it's the, an address you can all read. I'm not going to read it out because I don't know what it is.
- [01:56]
Dave Bittner
Right.
- [01:58]
Joe Kerrigan
But it's in Georgia, so in Marietta, Georgia. Like Georgia, United States. So I'm assuming that Abdusabor is here in the U.S. yeah. Can we all agree don't go to the address? Right. It kind of goes without saying, but.
- [02:13]
Dave Bittner
Where'S your sense of adventure?
- [02:14]
Maria Varmazes
Curious what's there.
- [02:16]
Joe Kerrigan
I'm going to wind up in pickle jars if I go to that address. That's my, that's my, that's my concern.
- [02:22]
Dave Bittner
Yeah. You don't eat two kidneys, Joe.
- [02:24]
Joe Kerrigan
Right?
- [02:25]
Dave Bittner
Yeah. I would look up where that address is on Google Maps. Street View, right?
- [02:34]
Joe Kerrigan
You got like a bunch of guys on Street View standing around with a big sack, right.
- [02:39]
Dave Bittner
They got black masks over their eyes and black and white striped shirts and berets. They're Just sitting around with brass knuckles and. Sure just happened to be the day that the street for your camera.
- [02:52]
Joe Kerrigan
Not today.
- [02:52]
Dave Bittner
Came by.
- [02:53]
Joe Kerrigan
Not going there.
- [02:54]
Dave Bittner
No, no. I convinced my son once that the satellite view from Google Maps was real time.
- [03:02]
Joe Kerrigan
Yes, I've heard of people doing that.
- [03:04]
Maria Varmazes
Diabolical.
- [03:06]
Dave Bittner
Go and wave.
- [03:07]
Joe Kerrigan
Go out and wave. I saw you.
- [03:10]
Dave Bittner
Yeah. Oh, yeah, yeah. It's great. Great. I'll go. You look for me.
- [03:15]
Joe Kerrigan
Right.
- [03:17]
Maria Varmazes
Well, I looked it up on Google Maps. Do we want to say what it is? It's nothing shady. It's just. It's Ollie's Bargain Outlet.
- [03:25]
Dave Bittner
Oh, really?
- [03:26]
Joe Kerrigan
You said it was nothing shady.
- [03:27]
Maria Varmazes
It's just.
- [03:28]
Joe Kerrigan
I mean, tell me it's an Ollie's.
- [03:29]
Maria Varmazes
It's an. Okay. All right. I mean, you might get a really musty floor rug or something, but, you know, it's a bargain.
- [03:36]
Dave Bittner
Yeah, yeah.
- [03:37]
Joe Kerrigan
It's cheap.
- [03:38]
Maria Varmazes
Good stuff. Cheap.
- [03:39]
Joe Kerrigan
Good stuff.
- [03:40]
Dave Bittner
Cheap. Okay, well, that makes it even more interesting, I think, because then now there's a possibility it's just spam, right?
- [03:48]
Joe Kerrigan
It's an advertising. Advertising. And this lines up with Ali's advertising. Remember the Christmas ad they're doing the say hello to friends, and then in the middle, they don't forget your wallet.
- [04:03]
Dave Bittner
Is that a big. This does align with Ollie's.
- [04:05]
Joe Kerrigan
Yes.
- [04:05]
Dave Bittner
For sure. For folks who aren't familiar, Ollie's is a deep discount store. Basically, they take overruns of things or things that are slightly defective or water damage, things that have been. Yeah, water damage. Things that have been returned and refurbed. You can find food that is just a little bit expired. You know, like, you can find all these things at Ollie's. My favorite thing. First of all, my dearly departed father was a regular visitor to Ollie's.
- [04:37]
Joe Kerrigan
Oh, was he?
- [04:37]
Dave Bittner
Yeah.
- [04:38]
Maria Varmazes
Oh, was he?
- [04:38]
Dave Bittner
There's one near where he lived, and he was, in fact, upon his passing. You know, I get all of his mail is postal mail, and he's, like, on the Ollie's VIP list, which, first of all, there's an Ollie's VIP list.
- [04:55]
Maria Varmazes
Okay.
- [04:56]
Dave Bittner
I'm serious. And here's what I learned. Ollie's has a special shopping night where only VIPs get access to the store with special discounts and so on. And so for the first crack at the good stuff, there's a velvet rope version of Ollie's.
- [05:16]
Joe Kerrigan
Premium.
- [05:16]
Dave Bittner
But my favorite store that is so.
- [05:18]
Maria Varmazes
Discount that they hand write all of their signs, like, with marker on paper. I mean, my goodness. Yeah, okay. All right.
- [05:26]
Dave Bittner
My favorite Ollie's story is my father was very proud of the new Jacket that he'd bought that was branded with University of Maryland athletics. Right. So it's a red kind of, you know, those like, kind of satin style jackets, you know, very shiny, has a sheen to it.
- [05:46]
Joe Kerrigan
Yes.
- [05:46]
Dave Bittner
So he had that. And just across the chest was sort of like an arc was the word Maryland.
- [05:53]
Joe Kerrigan
Right.
- [05:53]
Dave Bittner
And it was the University of Maryland colors. My father was a big fan of University of Maryland women's basketball. So he's very proud of himself that he could wear this jacket to the games and show his Maryland pride. My brother, I believe, was the first one to. To point out to him that it was missing the letter Y. Marlin just said Marland. Yeah.
- [06:17]
Maria Varmazes
Yeah.
- [06:18]
Dave Bittner
And the Y would have been right where the zipper or the buttons were, right up the middle. So that's why it wasn't obvious at first that the Y was missing, because you look at it and you go, well, maybe the Y is just tucked under the zip up part. No, no, it was just gone. Yeah.
- [06:33]
Maria Varmazes
Just use your imagination.
- [06:36]
Dave Bittner
Great deal. You really got your money's worth on that one.
- [06:38]
Joe Kerrigan
Yeah. University of Maryland, Marland.
- [06:41]
Dave Bittner
All right, so this could be just advertising.
- [06:45]
Joe Kerrigan
It could be.
- [06:46]
Dave Bittner
But the other thing this reminded me of when I first saw it, I don't remember if you all remember, this could be a decade ago now when the spam text messages started coming from telephone number prefixes that were close to wherever you lived.
- [07:04]
Joe Kerrigan
Yes. Neighbor numbers, they called them.
- [07:05]
Dave Bittner
Yes. There you go. So you have, you know, you have your area code and then you have your prefix. Right.
- [07:11]
Joe Kerrigan
Your exchange.
- [07:12]
Dave Bittner
Your exchange. Thank you. And so it would be from your area code and your exchange, which would trigger additional attention because. What is this? Is this someone who lives near me? Is this. It's coming from my town. But of course it wasn't. It's just, you know, some kind of automated thing where they're faking the phone number. So that's what I thought of when I first saw this. That. Is this just something to draw the person in into a conversation because it's somewhere nearby where they live. But the whole Ollie's thing, it's Ollie's.
- [07:45]
Maria Varmazes
Yeah.
- [07:46]
Dave Bittner
It sends the mind reeling of the possibilities they have.
- [07:49]
Maria Varmazes
Budget for advertising, SMS advertising. Ollie's not. I don't know, there's something odd.
- [07:55]
Joe Kerrigan
I mean, scammers use it, so it's gotta be cheap, right?
- [07:58]
Dave Bittner
Right.
- [08:01]
Maria Varmazes
I suppose.
- [08:02]
Dave Bittner
Can any of us claim that this would be off brand for Ollie's? No.
- [08:05]
Maria Varmazes
No, not really. I guess you're right. All right, well, I'm not blaming Ollie's.
- [08:09]
Joe Kerrigan
For This, I'm not saying this is them, but the address is an Ollie's. And I don't know, maybe you get beat up when you go to Ollie's.
- [08:18]
Dave Bittner
So they meet you out front.
- [08:19]
Joe Kerrigan
They meet you out front.
- [08:20]
Dave Bittner
Yeah, yeah, no, I, I, I enjoy Ollie's. I think it's a fun place to just kind of poke around in and see, you know, what's there. Because you just never know.
- [08:28]
Joe Kerrigan
Yeah.
- [08:29]
Dave Bittner
You know, you just never know what you're gonna find. Misspelled college jackets and, like I said, slightly expired food. So if you, like, if you're gonna do a Boy Scout camping trip or something, you need a case full of Pop Tarts.
- [08:44]
Joe Kerrigan
Right.
- [08:44]
Dave Bittner
You know, they're gonna all be consumed in the next couple days.
- [08:47]
Joe Kerrigan
Yep. Go get em.
- [08:48]
Dave Bittner
Go get em at Ollie's. Right. All right, well, thank you, Abdusabour, for writing in. This is an interesting one and we do appreciate it, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com, but don't do what this guy did.
- [09:10]
Joe Kerrigan
Maria.
- [09:12]
Maria Varmazes
Yeah, we got an actual fish today, just right before we started recording. Someone didn't forward us a fish. It's not a listener. But we actually, somebody attempted to phish us, so it kind of made me feel a little indignant, like, who's doing this? How dare you? But it was a fake docuSign. A fake contract being sent to our hacking humans email. So we're on to you. Don't try.
- [09:36]
Dave Bittner
Did it have anything to do with the show at all?
- [09:38]
Maria Varmazes
No, it was just generic text. You know, it was, you know, just sign this contract. And the link was very obviously fake. I mean, I may have clicked it out of curiosity.
- [09:51]
Dave Bittner
On your.
- [09:51]
Maria Varmazes
I'm everybody's worst nightmare. I used a personal computer, so it's okay.
- [09:57]
Dave Bittner
Sure, sure. I wonder what your husband thinks about that.
- [10:02]
Maria Varmazes
I didn't actually click it. I was just joking. I did mouse over it. I was like, this definitely doesn't go to DocuSign. And it did.
- [10:07]
Dave Bittner
Yeah. Yeah, that's terrific.
- [10:20]
Unknown Sponsor Voice
And now a few thoughts from our sponsors at ThreatLocker. The tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.
- [10:48]
Dave Bittner
All right, let's jump into our stories here. Joe, you have the honors this week. What do you got for us, Dave?
- [10:53]
Joe Kerrigan
My story comes from Sharon Lurie at the ap, and this was being reported on abc. So that's where we're gonna put the link to it. But the story starts with a woman named Heather Brady who lives in San Francisco and gets a visit from a police officer who says, are you attending Western Arizona Western College from San Francisco? And she says, no, I am not. Well, somebody else had applied to this Arizona community college, and her name and the effort. The end game here is they're scamming the government out of financial aid money.
- [11:29]
Dave Bittner
Oh.
- [11:30]
Joe Kerrigan
So what they've done is they've stolen her identity, and they have applied to this college in her name, and they've applied for financial aid in her name. And in fact, when Ms. Brady heard this, she went to her financial. Her Student Loan Servicing's website found out that there was a $9,000 loan taken out recently. So we're going to get to why, why it's important as a community college here. But it was. She, of course, has not seen any money.
- [12:05]
Dave Bittner
Yeah.
- [12:06]
Joe Kerrigan
So the article here asserts that this is the result of the confluence of AI and online college, and, I would add, and student loans. They have another student on here named Wayne Cha who started getting emails about a class he never signed up for at De Anza Community College. He had taken courses there a decade earlier, but identity thieves had attained his Social Security number, and they collected $1,395 of financial aid in his name. Now, this class required students to submit some homework. Right. That you could verify you were human. But these guys doing this probably just used some LLM to generate what looks like homework and handed it in. Even though I'm taking classes right now, every single professor I've taken a class from recently has said, don't do that. That's academic dishonesty.
- [13:01]
Dave Bittner
Okay.
- [13:02]
Joe Kerrigan
Right. And it is. So these students have a name. These students don't exist. Guess what the name is. It's a cool name.
- [13:12]
Dave Bittner
Go for it.
- [13:12]
Joe Kerrigan
Ghost students.
- [13:14]
Maria Varmazes
Ooh.
- [13:15]
Joe Kerrigan
Right. They even say that they have chatbots go so far as to join the classes. And these things stick around long enough so that the financial aid gets paid to the college. And in some cases, professors discover almost no one in their class is real.
- [13:32]
Unknown Sponsor Voice
Huh.
- [13:32]
Joe Kerrigan
I thought that was amazing.
- [13:33]
Maria Varmazes
But you have to pay tuition.
- [13:37]
Dave Bittner
Here's how.
- [13:37]
Maria Varmazes
I'm missing something. Yeah, I'm missing something here.
- [13:40]
Joe Kerrigan
Yeah, they're targeting community colleges, right? So if you apply for a loan, a student loan, you go to the financial aid Office. You apply for a student loan, and the college will admit you, and then the department of education will, or whoever the lender is, will send the student loan directly to the college to pay the tuition.
- [14:02]
Dave Bittner
Right.
- [14:03]
Joe Kerrigan
Now, why they're targeting community colleges is community colleges have very low tuitions. Less than $9,000. In fact, way less than $9,000. I took a class at a community college a couple years ago, or actually about a year ago. It was like $1,200.
- [14:20]
Dave Bittner
Yeah.
- [14:21]
Joe Kerrigan
So if I signed up for, like, three classes, that would be like $3,600. And I signed up for loans and $9,000 a semester, then I'd get a check for like $5,700 or something like that, and then I'd be buying cars and mink coats and gold bars and everything else.
- [14:39]
Maria Varmazes
I'm just surprised the amounts don't match. I guess this is the part where I just would have assumed that if one was giving out a loan, one would say, show me your receipts. I will give you a loan for that amount, no more. That's my naivete, I suppose.
- [14:52]
Joe Kerrigan
No, that's not how student loans work. That you get. You get a loan for a certain amount, and there are some guaranteed student loans you get that are. I think they. I don't know how much they come, but you can get. Anybody can get a guaranteed student loan. They're guaranteed to get it. And it. It does go directly to the college. But if your college is a community college, there's going to be an overage probably. So they're doing this now.
- [15:14]
Dave Bittner
Students.
- [15:14]
Joe Kerrigan
What happens here? Students get locked out of classes they might need to graduate. Victims of identity theft find out they've got these loans. Like Ms. Brady, she said $9,000. Now she has to go through the process of telling people that this is not her loan. Here's the most.
- [15:32]
Maria Varmazes
Sorry, this is the part that I'm confused. Is she actually college age or.
- [15:38]
Joe Kerrigan
Yeah, I don't know. It doesn't. It doesn't mention that. She might be. She might be.
- [15:41]
Maria Varmazes
Okay.
- [15:42]
Joe Kerrigan
She does have a student loan servicer, so she probably has student loans.
- [15:46]
Dave Bittner
Yeah, but she could be 60 and still be paying off her student loans, right?
- [15:49]
Maria Varmazes
Yeah, yeah, yeah.
- [15:51]
Joe Kerrigan
Yes.
- [15:51]
Dave Bittner
She could be at least 56 and.
- [15:53]
Joe Kerrigan
Still paying off student loans. I know, right?
- [16:00]
Maria Varmazes
Because I was thinking, like, if these are. If these are people who are just college age, could someone have stolen their identity as children and this scam has been going on for years without them knowing it?
- [16:09]
Joe Kerrigan
It could be.
- [16:11]
Maria Varmazes
Yeah. Okay. Oh, man, my gears are turning on this one.
- [16:14]
Dave Bittner
Okay, so I don't. So this is all new to me. I have never. I've been fortunate enough to have never been in the world of student loans. I suppose my day is coming with my youngest son having just graduated from high school.
- [16:30]
Joe Kerrigan
That's right. Where's he going to school?
- [16:32]
Dave Bittner
Well, he's going to a community college.
- [16:33]
Joe Kerrigan
Which one?
- [16:33]
Dave Bittner
Howard Community College.
- [16:34]
Joe Kerrigan
That is an excellent community college. In fact, that is where I took my statistics class most recently.
- [16:40]
Dave Bittner
So help me understand, Joe. Can student loans cover things like room and board?
- [16:48]
Joe Kerrigan
Yes.
- [16:48]
Dave Bittner
Okay.
- [16:49]
Joe Kerrigan
They can cover just about anything that you're going to experience.
- [16:51]
Dave Bittner
So that's where the overage could come in. So I could apply for a student loan for $5,000, for $2,500 worth of classes and say the rest is just for me to be able to eat and have a place to live?
- [17:04]
Joe Kerrigan
Correct.
- [17:05]
Dave Bittner
Okay. So does that answer your question, Maria?
- [17:07]
Maria Varmazes
It does. Because I was just wondering, since when does a loan go okay? We trust you. Just take as much money as you want. I mean, in theory, I'm sure they're like, well, it's more money for us to get paid back, but, yeah, okay. All right, I'm learning. I'm learning.
- [17:25]
Joe Kerrigan
So I think $9,000 is the annual guaranteed amount that you can get. And if I'm thinking about this right, then maybe Ms. Brady got woken up during the second semester, which would make sense. Anyway, two things. A couple things. Number one. Actually, I think it's three things. The Department of Education has said the rate of fraud through stolen identities has reached a level that imperils the federal student aid program. So that's a pretty profound statement from the Department of Education. The other thing is that. Actually, I guess there's only one more thing. What can students do? You know, your identity's been stolen. There's really nothing you can do to stop people from doing this until. Until you get notified that this is what's happening. The one thing I'm going to tell you is don't, under any circumstances, agree to any part of any loan that you've ever been that has ever been fraudulently taken out in your name. And my attitude for this is you act like this is the bank's problem and not yours. And because it is, it is, it is the bank's problem. And if they start harassing you, you gotta pay these loans back. You just be like, look, those aren't my loans. You guys got scammed. And this is not my problem. And you making it my problem is grounds for a lawsuit.
- [18:47]
Maria Varmazes
Yeah. Yeah. Well, I mean, I feel like that can be easier said than done, though. I mean, they could send collections after you to harass you and make your life miserable, and that's not fun to be on the receiving.
- [18:56]
Joe Kerrigan
Depending on the state you live in, that might have. That might be actionable as well.
- [19:01]
Maria Varmazes
Yeah, it does depend.
- [19:02]
Joe Kerrigan
In Maryland, we have the. Actually, no, that's the Federal Fair Debt Collection Practices act, where you can. For every. Every creditor that contacts you incorrectly, you can take them to court and get them to pay you 500 or something like that.
- [19:17]
Maria Varmazes
Okay. But you're 20 years old. Do you know this?
- [19:20]
Joe Kerrigan
If you listen to the show, you know it now.
- [19:22]
Maria Varmazes
I would hope so. I would hope so. I remember something like this happened to me when I was in my early 20s. It was for a tiny amount of money, but somebody had taken out some. Some account in my name that I didn't do, and collections was coming after me, and I had no idea what to do because I had no idea what this was. And thankfully, I eventually told my parents what was going on, and they told me, here's what you need to do. But, you know, it was. They really harassed the hell out of me, and it wasn't something that I had done so I could see someone's.
- [19:50]
Joe Kerrigan
Yeah, it's scary. Well, they're social engineers, too.
- [19:53]
Maria Varmazes
Yep.
- [19:55]
Dave Bittner
All right, interesting.
- [19:56]
Joe Kerrigan
Don't pay the loan. Never admit to any portion of it.
- [19:59]
Dave Bittner
Yeah.
- [20:00]
Maria Varmazes
Yep, yep.
- [20:01]
Dave Bittner
All right. We will have a link to that story in the show notes. My story this week comes from the folks over at the Record, which is mostly a cybersecurity news source. It's run by the folks over at Recorded Future. And this is about cybercriminals who are posing as job seekers on LinkedIn and targeting recruiters. But there's a specific thing that caught my eye here that made me want to include this one. So let's go through this together. So you are a recruiter, minding your own business.
- [20:36]
Joe Kerrigan
Right.
- [20:36]
Dave Bittner
Scanning LinkedIn, and you get a message from someone who wants to talk to you about an opportunity, and they say, hi, I'm Bobby Weissman, and I've attached my resume, but there's no link. Well, no active link. I actually cut and paste in our show notes here the message that someone had received, and it says, thank you for considering my application. For your convenience, you can also view my full resume along with additional information about my experience and portfolio@bobbyweissman.com I look forward to your feedback and hope to discuss my qualifications in further detail. Sincerely, Robert Weissman.
- [21:14]
Joe Kerrigan
I really want to go to bobbyweissman.com right now.
- [21:16]
Dave Bittner
So here's the thing, Bobby, drop tables. What's important about this and what caught my eye about this is that the bobbyweissman.com in the email address is not a link.
- [21:29]
Joe Kerrigan
Right?
- [21:30]
Dave Bittner
You cannot click through. So you have to either copy and paste it out of here or just type it in manually. And that's what makes this special because the email filters aren't going to catch it as being a link. They're not gonna try to filter that link. Cause there's nothing to filter. It's not a link. Right. So if you do type in the URL bobbyweissman.com you will go to a site that, that looks like a real site. It's hosted on trusted cloud servers like aws, and it looks like a personal portfolio site.
- [22:16]
Maria Varmazes
It sure does. Yeah.
- [22:18]
Joe Kerrigan
You guys are going there.
- [22:19]
Maria Varmazes
I'm looking at it right now. I'm looking at the source. It's totally harmless, just plain old HTML. Like old school HTML. Suspiciously so.
- [22:31]
Dave Bittner
But. All right, let's continue on here, Maria. Because there's something about that as well. So when you visit the site, the perpetrators have some guardrails built in, so they will check your IP. So they're trying to weed out VPNs or security tools. They check your web browser and if you're not on Windows, you get shown a simple, harmless page. Maria.
- [22:55]
Maria Varmazes
Which is what I'm. Yeah, I'm on macOS and using the Arc browser, which is Chrome based. But still, I am not pointing my.
- [23:04]
Joe Kerrigan
Windows machine at this site.
- [23:07]
Dave Bittner
So it checks if you pass a captcha. Maria, did you have to do a captcha?
- [23:11]
Maria Varmazes
I did not. I just got the plain old HTML site with nothing fancy. Pretty boring. Suspiciously plain.
- [23:19]
Dave Bittner
Okay, so the captcha is there obviously to prove that you're a real person. And so if they gather that information right, you're not a vpn, you're on Windows and you verified yourself with a captcha. They will get you to download a zip file. And inside the zip file is a LNK shortcut. And if you double click that, your computer installs some malware called More Eggs, which is a JavaScript based backdoor malware which happens to be sold by a hacker group called Venom Spider.
- [24:00]
Joe Kerrigan
Yeah, yeah, it's very scary.
- [24:03]
Dave Bittner
And what happens is it starts running in the background and it's stealing passwords and downloading other malicious code and possibly even enabling ransomware. So that's the trick. And of course, once that happens, that's it. It's been nice knowing you.
- [24:19]
Joe Kerrigan
Right.
- [24:22]
Dave Bittner
But again, what caught my eye about this was we always say over and over again, don't click the links.
- [24:27]
Joe Kerrigan
Right.
- [24:28]
Dave Bittner
Well, there's no link.
- [24:29]
Maria Varmazes
Which twice this episode alone I've.
- [24:33]
Dave Bittner
Yeah, exactly. So we know it works on Maria.
- [24:36]
Maria Varmazes
Well, I'm just like, I know this will be bad. I'm just very curious how bad it will be. And then I just wipe my machine after.
- [24:42]
Dave Bittner
Right. Maria buys used machines by the dozen on ebay.
- [24:48]
Maria Varmazes
Don't do what I do. Just do not take advice from me.
- [24:51]
Dave Bittner
She just throws them out her office window when she's done.
- [24:54]
Joe Kerrigan
And be more like me. And don't go to the website.
- [24:58]
Dave Bittner
Right, Right. So that's the part I thought was. Was worth sharing, that they're taking advantage of all of that training and reinforcement that folks like us are giving people saying, don't click on links. Don't click on links because you don't know what is behind that link. In this case, if you copy and paste the URL or just type it in, it's still going to take you somewhere that's going to deliver the malware.
- [25:28]
Joe Kerrigan
Malware to you.
- [25:29]
Maria Varmazes
So it's not like 100% working on it.
- [25:31]
Dave Bittner
It's hiding the link. Yeah. It's not hiding where you're going. It's the fact that where you're going is the malicious site. Right.
- [25:39]
Maria Varmazes
Would definitely work on me. Clearly.
- [25:44]
Dave Bittner
Yeah.
- [25:45]
Maria Varmazes
Good thing. I read ahead and was like, oh, okay. I should be all right. When I come on the show next week and I say, now all my machines are bricked, you'll be able to point to the moment.
- [25:55]
Dave Bittner
Right, Right.
- [25:57]
Joe Kerrigan
How are you going to be on this show if all your machines are bricked?
- [25:59]
Maria Varmazes
I'll call in.
- [26:00]
Joe Kerrigan
Okay.
- [26:01]
Dave Bittner
With a landline, A tin can with a piece of string. Yeah. Pro tip, never buy a used computer from Maria.
- [26:09]
Maria Varmazes
No, no, no. Definitely not.
- [26:14]
Dave Bittner
All right. We will have a link to that story in the show notes. I tell you what, let's take a quick break here to hear from our sponsor. We will be right back after this.
- [26:33]
Unknown Sponsor Voice
So let's return to our sponsor, ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker, allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company, using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank Threat Locker for sponsoring our show.
- [27:44]
Dave Bittner
And we are back. Maria, it is your turn this week. What do you got for us?
- [27:49]
Maria Varmazes
So another suspicious link for everyone to click on. Just kidding. I just nuked my credibility in one episode. It's amazing. All right, so the I have a little follow up to a story that I think we did talk about last year about a woman in Scranton, Pennsylvania. This sounds familiar to me, who is an accountant and a business instructor. She was an adjunct, adjunct business professor actually. And she was convicted of money laundering last year and her sentencing just went through, I think yesterday. So she apparently laundered over $800,000 from a number of victims. Many of them were based out of Iowa. And she's based out of Pennsylvania. Again, she's an accounting professional. So these were actually clients of hers. She was convicted on eight federal charges including bank fraud, money laundering and conspiracy for a scam that ran for about half a year. And the thing that I, we might have talked about this, I'm just going to go through it because I don't, I don't remember the details of this super. Well, she actually in some way, at least the, the federal case says that she hacked the emails of her clients. I don't know, they don't go into details of what that exactly means, but it sounds like she basically spoofed or slightly modified emails that went to her clients inboxes and changed salient details. So legitimate payments that were going to be going from her client to a contractor, for example, ended up getting shunted to her instead in accounts that she controlled. So the victims thought they were paying like there was a church that she defrauded. They thought they were paying a contractor who was doing work on their church and instead she got that money. So there were five known victims. One was a church in Iowa, there were businesses in Colorado and Pennsylvania, a non profit in Washington state and a builder in Montana. And so that that church example that she impersonated a contractor on a $7 million church renovation project. And in that case the church wired over $466,000 to a shell company that she had owned. So she would then launder the money that she would receive those stolen funds through multiple bank accounts, national crypto exchanges, and an individual we don't know who in Florida. This person has not been named. I don't know if this person has been found or prosecuted. So there's a bit of a mystery there. It's kind of interesting.
- [30:13]
Dave Bittner
It's a Mr. M. Mouse. He's.
- [30:16]
Maria Varmazes
Who. Whomst is this person? We don't know. Well, I guess maybe we'll find out. And even after her, I guess the banks were sort of onto her fraud. And they would do the cat and mouse game of closing those accounts down. She would just open new ones. Just keep. To keep the fraud going. And the. The interesting. Maybe the hook that a lot of news stories are grabbing onto it. Admittedly, this grabbed me too. Is that the woman who's just been convicted, Margo Ann Williams, says that she was manipulated by someone who was. She believed she was dating a famous British actor, unnamed. We don't know who it was, but she believed that she.
- [30:53]
Dave Bittner
Grant had to be.
- [30:53]
Maria Varmazes
Hugh Grant had to have been. Right Notting Hill. Hugh Grant had to have been.
- [30:58]
Dave Bittner
I mean, who couldn't fall for that adorable stuttering that he does?
- [31:03]
Maria Varmazes
No, my bet is it was Rowan Atkinson. Cause she has a thing for Mr. Bean. So.
- [31:08]
Dave Bittner
Okay, sure, you can go that way.
- [31:12]
Maria Varmazes
One can go that way, too. So, yeah, we don't know who it was, but one can guess. And she. Apparently she made a bunch of luxury purchases with the money that she made in all this fraud and profited less than you would think. Only $25,000. I'm kind of thinking that's not a lot of money for the amount that she frauded. So. Not sure this is worth it for you, but. She was sentenced to 48 months in federal prison. There is no parole in federal prison, so she's gonna have to. She has to serve that term. And she has been ordered to repay nearly $600,000. And after she is released from prison, she will serve three years of supervised release. So Hugh Grant probably will lose your.
- [31:50]
Joe Kerrigan
CPA certification too, you think?
- [31:52]
Maria Varmazes
Probably. Probably. I like how you're not really certain, but you know, crazy times we live in. Who knows?
- [32:06]
Joe Kerrigan
No, she will lose it.
- [32:09]
Dave Bittner
To what degree do we think that her knowledge as a CPA helped her commit these crimes?
- [32:17]
Joe Kerrigan
Oh, I would bet it helped a lot.
- [32:19]
Dave Bittner
Yeah.
- [32:19]
Joe Kerrigan
Yeah. I will also say that I kind of. I think I might buy the fact that she's also a victim in this because she makes $25,000 out of $400,000. She might be getting romance scammed by somebody at the same time, but still, she did make a deliberate effort to defraud her own clients, Right.
- [32:46]
Dave Bittner
I mean, you could make the argument that if anyone would know better, she would as a professional. Right?
- [32:54]
Maria Varmazes
Yeah. But the fact that she went in and monkeyed with the emails, that part's like, whoa. You know, that just feels like an extra step to go in there and, you know, mess with someone's email. So that's. That was a lot of trust she was given that she just.
- [33:07]
Dave Bittner
I guess we also don't know to what degree was she coached by whoever this romance scammer was who might have.
- [33:13]
Maria Varmazes
Been this individual in Florida. Potentially.
- [33:16]
Joe Kerrigan
Yeah. You found out. You're a. Found out that she's an accountant, and you go, oh, you have clients. Oh, clients with money, right? Oh, yeah. I mean, cause $400,000, that was just one event, right?
- [33:29]
Maria Varmazes
Yeah, it was over $800,000 in all, in total.
- [33:32]
Joe Kerrigan
And she wanted 25,000. Yeah.
- [33:34]
Dave Bittner
This. Yeah.
- [33:35]
Maria Varmazes
Math ain't masking, as the kids say.
- [33:37]
Joe Kerrigan
Yeah. This smacks of her being scammed as well. But again, yeah, I'm not sure I have. I mean, I have the understanding for the romance scam part of it, but for the. Violating the. I don't want to say oath of office, because it's not really an oath of office, but the. What is it? The code of? Not the code of conduct.
- [33:57]
Maria Varmazes
There is a professional ethics.
- [33:59]
Joe Kerrigan
Professional ethics, but it's something. There's like, the cissp. I had to learn it for the test, but, you know, like, if I ever get. If I ever get accused of or convicted of hacking anything, I can't call myself a CISSP anymore. My. My credential will be revoked because I violated the code of conduct.
- [34:18]
Maria Varmazes
Right. I mean, does one have scruples when. When hacking into someone else's emails? I mean, one would hope that you would maybe pump the brakes a little bit and go, hmm, yes. This is not normally a thing I should be doing.
- [34:30]
Joe Kerrigan
Yeah. Lying to customers and telling them to send the money somewhere else and then being like, oh, you guys must have gotten hacked. Oh, no. Where did the money go? Yeah.
- [34:39]
Maria Varmazes
Yeah.
- [34:40]
Dave Bittner
She's probably staring at those dreamy eyes of Rowan Atkinson, thinking to herself, soon we will be together. Soon we will be together. All right, we'll have a link to that story in the show notes. Joe, Maria, it is time to move on to our catch of the day.
- [35:06]
Joe Kerrigan
Dave, our catch of the day comes from someone who did not leave a name. Okay, so I'm just gonna call this person anonymous, long term fan of the podcast Hacking Humans and Caveat. I know that's Ben, not Joe, but anyway, I really enjoy them both.
- [35:22]
Dave Bittner
Well, that's nice.
- [35:23]
Joe Kerrigan
Well, that's good. I like caveat as well. Ben. We should have been on this show whenever we start pontificating about law stuff.
- [35:29]
Maria Varmazes
That's true.
- [35:29]
Dave Bittner
He can set it straight.
- [35:31]
Joe Kerrigan
Shut up, you idiots.
- [35:32]
Dave Bittner
Right. Exactly. You guys got it all wrong, right? Yeah.
- [35:36]
Joe Kerrigan
I received this scam today on my mobile number that I thought you might want to get the word out regarding or look into it for fun. It's cleverly written, but it's definitely mass produced and has so many red flags that pop out while reading it. I've attached a screenshot, but it's also transcribed below in the case that sending it as a screenshot doesn't work. And that is a good thing because the spam filter on my Cyberwire email did not let me open any of the attachments. And I was like, oh, yeah, I knew they're just images. Apparently Maria's spam Flitzer lets her open everything, right?
- [36:14]
Maria Varmazes
Everything. Everything. Good thing I have admin privileges on my machine. It's great.
- [36:21]
Joe Kerrigan
I don't know. That's a good thing. All right, Dave, you want to read the text here?
- [36:26]
Dave Bittner
Sure. It says, enforcement penalties begin on June 7th. Our records indicate your traffic fine is overdue in accordance with Regulation 15C 16.00 3. Failure to resolve payment by June 6, 2025 will result. 1. Violation logged in DMV records. 2. Vehicle registration suspension, effective June 7. 3. 30 day suspension of driver's license. 4. Referral to toll collection, incurring an extra 35% fee. 5. Possible legal action and negative impact on your credit history. Settle immediately here. Resolve immediately to avoid further legal repercussions. Reply Y and reopen this message to click the link or copy it in your browser. And then. So that's the end of that.
- [37:14]
Joe Kerrigan
That's the end of the message. But the. The listener has written in that says 15C 16.003 is a Florida admin code for record retention. And there is no such regulation for the state of Oklahoma, which I'm guessing is where this. Where this person lives. Yeah, Maybe the scammers are from Florida. I think the scammers just came up with some number.
- [37:36]
Maria Varmazes
Some random number. Yeah, yeah.
- [37:38]
Joe Kerrigan
Said we're gonna. Because how many times you heard somebody who works for some government agency cite Some law that you've never seen.
- [37:47]
Dave Bittner
Right.
- [37:48]
Joe Kerrigan
And you're just going, I guess that worked. That's right. That's okay.
- [37:50]
Dave Bittner
No, that's me on caveat with Ben.
- [37:52]
Joe Kerrigan
Right?
- [37:52]
Dave Bittner
He's like. He's like, in the Supreme Court in Jenkins versus, you know, the state of despair, like, okay, you just said a.
- [38:03]
Maria Varmazes
Bunch of words and letters and numbers. You must be correct. Cause I don't know what those are.
- [38:06]
Dave Bittner
He said them with confidence, so I'm just gonna go along with it. Yeah.
- [38:09]
Joe Kerrigan
And he uses Latin phrases.
- [38:11]
Dave Bittner
Yes, exactly.
- [38:11]
Joe Kerrigan
Supreme Court spoke ex cathedra.
- [38:13]
Dave Bittner
Yeah. Posse comitatus. So this, of course, is related to. I'd say, adjacent to all of the toll scams that we've been seeing lately.
- [38:26]
Joe Kerrigan
Yeah, it's kind of the same thing, except it's saying that you have a moving. Going to suspend your driver's license. A lot of scare in this one.
- [38:34]
Dave Bittner
Yeah.
- [38:35]
Joe Kerrigan
You know, not. I don't think there's anything to worry about. You just delete this message when you get it.
- [38:39]
Dave Bittner
Yeah, exactly. Let me tell you, as someone who has a child who thinks that speed limits are just suggestions.
- [38:49]
Joe Kerrigan
Right.
- [38:49]
Dave Bittner
In a town that has lots of speed cameras.
- [38:52]
Joe Kerrigan
Yes.
- [38:54]
Dave Bittner
If the DMV wants you, they will send you a letter in the mail. Yep. So, and also for our listeners, these are generated by kits. The bad guys, they buy an online kit and they pay a certain amount of money, and it just generates these things and spits them out. And it's just a numbers game. So there's nothing to these at all. All right, well, thanks to our listener for sending this in. We do appreciate it, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com.
- [39:41]
Unknown Sponsor Voice
And of course, we want to thank this week's sponsor, ThreatLocker. Go to threatlocker.com HH and check out their zero trust endpoint protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.
- [40:11]
Dave Bittner
And that is our show. This episode is produced by Liz Stokes. Our executive producer is Jennifer Ivan, were mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
- [40:22]
Joe Kerrigan
I'm Joe Kerrigan.
- [40:23]
Maria Varmazes
And I'm Maria Varmazes.
- [40:25]
Dave Bittner
Thanks for listening.