A

You're listening to the Cyberwire network, powered by N2K. All right. Hello everybody and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Maria Ramazas from T minus Space Daily, standing in for my colleague Dave Buettner from the Cyberwire. And joining me today is Joe Kerrigan. Hi, Joe.

B

Hi, Maria. How are you?

A

Good. I miss Dave. Do you miss Dave?

B

I almost said, hi, Dave. I had to stop myself.

A

I know he'll be back next week, everybody. He's just at an off site today and so we're filling in. We're doing our best Dave impression and we have some, some interesting stories to share with you this week. But first let's get into some follow up and some listener feedback. And Joe, this listener feedback actually came about an hour before we started recording and it's a really good one. So I'm actually really amped to share this with everybody. And this one comes from listener Daniel. And he said, my son was recently in a car accident in Texas. Sorry to hear that, Daniel. While driving my vehicle. He wasn't at fault. But as usual, we had to wait for the official police report before starting any insurance claims. Since accident reports are public in Texas and include personal details, I suspect that is how my information was accessed. Shortly after, I assume he means the accident, I got a voicemail from someone referencing my truck's make and model and the accident date. And when I called back, they said they could send me the accident report and help me start a claim. To do this, they texted me a link that took me to a website that I'm not going to repeat because it's a scam website. Spoiler alert. Which only displayed basic info like my name, accident date and location. I. I was traveling in Greece at the time with limited SMS access, so my responses were delayed. The caller didn't seem to notice this and just kept reading from a script. That, plus the sense of urgency they tried to create made me suspicious. Good for you, Daniel. But only after I clicked the link and the subsequent link to, quote, get the free accident report. Fortunately, I was on mobile safari and the link just showed basic accident information with portions of the VIN numbers redacted. I still don't know if this was a scam, an aggressive claims or attorney service or a legitimate process. But it felt very similar to toll scams where just enough personal data is used. To make the call sound real and pressure you into acting quickly. Have you heard of this, Daniel? Good instincts. This sounds. This smells like a scam to me. What do you think, Joe?

B

I have not heard of this. But not being from Texas, even though I spend a lot of time in Texas with the hat on. Yeah, I do.

A

I have the hat. Cowboy hat.

B

It's upstairs. I'm recording from home today. So I do have it close by. Maybe I should get it.

A

You should get your cowboy hat. Just for this story.

B

Just Texas now I'll give you my Texas accent. This is actually more of a. There it is. So it. I don't. I'm not familiar. I've never gotten into a car accident in Texas, thankfully. Knock on there. I'm going to knock on some wood because hopefully we're going to be going down there again this coming winter. So. But no, I have not. I have not heard of this scam.

A

Yeah, it's. I, I did a little bit of digging because this, this really smelled like a scam to me. And Daniel, you. You, you noticed the same thing. So great instincts there. And I saw a post from the Fredericksburg police and Fredericksburg is in Texas, and they actually posted about this in 2024, this exact scam about the website that Daniel that you sent across, that is a scam. And I was looking into Texas's laws about accessing crash in the United States. Every state, it seems it's different what information you can get and what you can't get. But it seems in Texas, which I bet for most states it's similar, you just pay a very nominal fee like you would for getting a copy of your birth certificate. I think it's six or eight dollars from Texas dot and you can get a copy of your crash report. So any service that's trying to do this for you, purportedly I would absolutely never trust. I would imagine that they're probably going to try and shunt you into either some kind of insurance scam or maybe some really pushy lawyer who's going to try and try and extract money from you. But of course you're not going to win in this case. It's going to be just a money extraction process.

B

Right. Or they're going to try to push you towards a certain body shop or something.

A

Yeah, something like that. They're going to try and just funnel you somewhere in order to get money out of you. And my advice on anything like this is just never talk to anyone who's not your insurance or law enforcement or the department of transportation because there could be all sorts of nasty reasons why someone else is trying to talk to you about an accident. I would not do it.

B

Right.

A

Good. Good instincts, Daniels. On on not falling for this scam and well done. Well before we get to our stories, let's take a quick break now to hear from our sponsor.

C

And now a word from our sponsor. Threat Locker, the powerful zero trust enter solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.

A

Okay. And we are back. Joe, you are starting us off today. I always tell you to regale me with your stories so maybe tell us the tale Joe. Take me on that journey.

B

My first story comes from. Ok Hender Henderson. And that's okay Henderson. Not okay. And not like just I'm sure that okay Henderson is actually a pretty great Henderson.

A

Not just yeah, not just okay but.

B

I'm sure that Mr. Ms. Henderson hears that all the time. Anyway, this story says is about a judge sentencing four to a text scam run out of a Georgia prison.

A

Run out of a prison.

B

Right. And this is from Radio Iowa. So these are Iowan authorities who have helped bust a texting scam run out of an Iowa or a Georgia prison. So it's, it's multi state crime here in the police department in Iowa City and in in Iowa City, Council Bluffs and Omaha along with the state police and the FBI investigated what turned out to be a nationwide scam and the the U.S. justice Department has been involved in this and they said it was being led by a 26 year old Russell Weathersp who was an inmate at Georgia state prisons and he had gotten his hands on some phones that were flown in via drones. So you know he's sitting there in the prison. Somebody outside of the prison sends him a phone.

A

Okay. Via drone.

B

Via drone.

A

Not the way I would have expected because we're talking about prison and I've seen oranges than you black. And I, I, you know I was thinking about, I think I saw cell phones in and I'm like wait a second, that's gross.

B

So drones.

A

So nothing. Nothing Gross. Okay.

B

Yeah. Nothing. Nothing. Yeah. I'm going to just leave that I haven't seen. I'm going to leave it there because I'm guessing and immediately I've got horrible images in my Head.

A

Yeah.

B

So when they, the drones were they, they gave them the cell phones in the prison yard. And prosecutors say that for over two years for these inmates in this prison were able to send text messages out using the name and phone numbers of law enforcement officers. So they were spoofing, spoofing phone numbers. And victims were told they had failed to appear at a trial to testify as an expert and would be arrested if they didn't post a cash bond.

A

If that. They didn't appear as an expert.

B

Right, right.

A

They didn't experience someone else's misfortune. It's just that is such an angle. Like not you didn't appear at your trial or something, but you were supposed to be an expert at something and you didn't show up.

B

Right? Yeah. Now, I mean, I've, I've worked in this field before. I've worked with people who have testified. You know, you're going to testify if you're going to be called as an expert. Not only that, but you are paid a lot of money to show up and testify as an expert. You would not miss this. This is not something you would miss. Now, I will, I will happily agree. Not everybody knows this. Right. Not everybody has had the same life experience I have. If you haven't worked with people who have a particular technical expertise and, and you haven't worked with people who are looked. Looked to by law. Law firms to be their technical expert on things, you would have no idea how this, how this works.

A

Yeah, I'm just imagining if I got a text message like this, I'd go, I'm not an expert on anything. What do they want me to talk about?

B

What is this? Yeah, I'm frequently touted as a cyber security expert. I don't like to think that I am. I mean, truth of the matter is I know more about it than just about everybody else. And there's, there's people that know more, a lot more than I do, but, you know, they're few and far between. And, you know, and especially. And I hope I'm not sounding like I'm like an arrogant jackass.

A

No, no. I got called a cybersecurity expert at a recent webinar I was part of. And I cringe because I'm going, I'm not. I know more than the average bear, but I'm not an expert.

B

Right.

A

I would, I would root.

B

Knowing more than the average bear makes you an expert in this field? I think so. Right.

A

Oh, goodness. Anyway, yeah, so if I got a text message like this, I would Just I would immediately go, that doesn't make a lick of sense. However, maybe if I was somebody with a professional degree of some kind, maybe I would go, maybe I missed that email. So plausible, I suppose. But, wow, that. It's just. It seems a very risky angle to pursue as a scammer.

B

Well, it worked. They got one victim in Minnesota who told police she met two men across the street from a county office building and paid the scammer 16 grand.

A

What?

B

They got $16,000 out of one victim, which is a lot of money. Now, I was in Minnesota, so, you know, these guys are in Iowa or in Georgia. Iowa police are scamming them in the. And they're probably hitting people in Iowa as well. Once the FBI gets involved, they find out they're hitting people in Minnesota as well. So, yeah, $16,000. That's probably the highest amount they got out of somebody.

A

Yeah. I'm just thinking we've got drones, we've got illicit cell phones, we've got a list of people for this specific scam. And then you have the people on the ground receiving money. This is a very sophisticated scam.

B

Right, right. And these guys in prison don't have anything else to do but just. Well, good news, they're going to spend more time in prison and they're going to go to federal, federal prison. 3. It's not only Weatherspoon, but also three other guys and they're going to have to pay restitution to the victims. So that's the first story. I have the second story, this. And that's. It's good that they're. That these guys are going to be spending more time in prison. And I wanted to focus on people spending time in prison today because, you know, a little bit of good, good news because we frequently have these horrible stories about not being, you know, these stories not turning out good.

A

Yeah.

B

And there is a Cincinnati man who was accused of. Of taking over $2 million by defrauding people from websites. And this comes from Grace Irwin at wcpo, which I imagine would probably be one of Dave's favorite radio stations if he was, or television stations if he lived in Cincinnati.

A

C3PO. WCPO.

B

Yeah, WCPO. But, yeah, that's. I'm, I'm kind of reaching there, I guess. But I, my. I love the sub headline of this story.

A

I got it. Yeah. Yeah.

B

The sub headline is Cincinnati man pleads guilty to scamming dozens out of over $2 million in dating app fraud. The man is accused of creating dating profiles using false information. So.

A

Well, A lot of men are in trouble now, right?

B

Yeah, and women. But there are a lot of women out there who also drop. A lot of people are in trouble here.

A

All those six foot one men on dating apps are just sweating bullets right now. Hilariously, that is my husband's actual height, though. I'll just put that out.

B

Son is 62 and puts that on the apps.

A

And actually six' two.

B

Yeah, he's actually. He's tall. He's big guy. Gets a lot of. A lot of his genetics from my wife's side of the family, where the men tend to be much taller than in my side of the family, where I, at 6ft even, was one of the tallest men in my family. Anyway, this guy, his name is Richard Egamin Egan, a G Y M A N, and he is 41. And he has been accused of doing the typical thing where he's. He sets up dating profiles using other people's pictures and then goes on to trick the victims out into sending him money under the false pretenses that they're going to. Oh, I need. I need medical expenses. I have these medical expenses. Oh, I got into a terrible car accident. I need some money to fix my car. I. I need these other. I'll pay it back. I'll pay it back, I promise. But dozens of victims sent him over $2 million by wiring money or depositing checks into accounts he controlled. Wow. Yep. He was originally indicted on 11 charges, including conspiracy to commit wire fraud, money laundering, and engaging in a monetary transaction with proceeds from criminal activity, which I didn't know was a. Was a. Was a crime. So, I mean, if. So let me ask you. If you. If you're committing a crime and you're profiting from it, does that mean you can't spend the money? That doesn't make any sense to me.

A

Is that where you're drawing the line?

B

No, that's. I'm not drawing the line. I draw a line way before the criminal activity.

A

Like, excuse me, profit is sacred. What are we, Frankie? Anyway. Yes. Are we getting a little Star Trek? You know.

B

So after he was federally charged, which, by the way, when you hear those terms, understand that that is a no fooling charge. And when. When people. When the federal government charges you with a crime, they're pretty sure they can convict you. They don't waste their time on trials that they can't convict. You pled guilty to one count of money laundering stemming from a transfer of $32,000 from way back in 2022. And the plea agreement says that he's going to spend or recommends a sentence rather, because he hasn't been sentenced yet, but he has pled guilty. So they, they have recommended a sentence of 41 months in prison. So he's going to spend a little less than three and a half years in the federal pan, to quote.

A

Yeah, that's a rut row for sure if the feds are going after you. So don't.

B

Yeah, that's.

A

Don't be stupid. Don't do crime.

B

When you gain federal attention in these kind of cases. I'm really glad to see news stories like this. I, I think we need to see a lot more news stories of people who are, you know, even people who are in prison getting sentenced to more prison time and people who are not in prison then going into prison for three and a half years.

A

Honestly, I think I hear these stories and I also think some people need better hobbies. I mean, honestly, like, it's, it's just, it's so much work, and I'm just thinking it's just, Just do something more fun with your time. Yeah, you won't get to the federal prison. I mean, come on, guys, right?

B

I can't imagine this being fun. I mean, well, maybe it's just because.

A

The money's fun, but. Yeah, take up knitting or something. Come on.

B

I've, I've tried crocheting and I hated every second of it.

A

May I interest you in knitting?

B

Maybe. I'll, I'll, I'll hear it. I'm more interested in weaving. I actually bought a loom, so weaving.

A

Is a great deal of fun also. How are your chickens, Joe? How are they doing?

B

Chickens are doing great. They're getting big, but they're still not ready to go outside yet. I was just. Actually, my wife was just down here in the basement, and she's like, you know, this. Were talking about how this room is still a mess even after our move almost a year ago now. And she's like, once you get out of here, you won't be leaving this room. Once this room is cleaned up, you won't leave it. I'm like, but my chickens will still be outside. And she said, you'll probably bring them down here. And I said, maybe.

A

Do, do chickens overwinter in basements?

B

No, they do not. They over, they overwinter in coops. And they. Yeah, the, the thing about chickens is they really don't care about where they poop. They don't care. It's, it's, it's not their concern. So they don't we, I, I don't plan on bringing them in the house. Ever.

A

That's smart.

B

Yeah, yeah.

A

No one wants.

B

Like most birds.

A

Yes, like most birds. I was just thinking that like most birds. Well, thank you for that very important chicken update, Joe. And also your stories were excellent. So thank you for that. I think we did Dave proud. And on that note, let's take a little ad break now.

C

And now back to our sponsor, ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on endpoint security, designed to prevent unauthorized software from running, control how applications interact and manage access to storage devices. Its building blocks are allowlisting, ring fencing, and network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class endpoint protection from ThreatLocker. And we thank ThreatLocker for sponsoring hacking humans.

A

Okay, and we are back. And now it's my turn to disappoint Dave. I mean, make him Dave proud. So I also have two stories, except my first one's not really a story as much as it's a. I want you listeners to go to this link and then share this link. And I'm not trying to fish or scam anybody. It's a Reuters story and it's called Scammed into Scamming. And it's here's. I'm just going to read the subhead. Across Southeast Asia, a multi billion dollar fraud industry has emerged, staffed in part by victims of trafficking in lawless regions of the Myanmar Thai border. Compounds run by Chinese criminal gangs contain thousands of people forced to scam strangers online or face brutal punishment. Thailand has become a key transit hub for trafficking victims. Reuters found. Okay, this for listeners of our show, that is not new, but this story is told in sort of an illustrative style. It's very, very compelling. It's, it goes into a really harrowing detail about some victims of human trafficking and what they've experienced in these call centers, which again, we've covered on this show how horrible this is. So if this is something that you want to learn more about, I really encourage you to go to this link. We'll have it in the show. Notes. Again, it's a writer's story called Scammed into Scamming And I really encourage you also to share it with people because the way it's told, it's very easy to. To follow, it's very compelling. And I think a lot more people need to be aware of what is going on. These scams are horrible. You know, they trick people out of a lot of money. We cover that. But also the people who are being trafficked and kidnapped, it's a. It's a horrific crime. So, yeah, I have.

B

I actually have a. An issue with the term, term human trafficking here because. Because human trafficking could be. We think of it as a. Sometimes we think of it as a crime with victims, and sometimes we think of it as a service. Right. Like I need to get into this country illegally. And there's. There's a whole industry around, around that. In the United States, the people that.

A

Do it are called a lot of the world.

B

Yeah, yeah, right. Called coyotes. And sometimes these people are not victims. Right. Sometimes they're. They're actually customers a lot of times. But they're taking a huge risk. And a lot of times we're victimized along the way. I'm not saying that this is always a cakewalk. That's not what I'm saying. But what's going on here is not human trafficking. This is just slavery.

A

That's what we call it. Slavery. Yes. People are being kidnapped and enslaved. I mean, that's just. You're right on that. That is exactly what is happening. And I think listeners of our show know that very well. And very good points, Joe. And I want to make sure that if there's some advocacy listeners would like to do, and I don't. Broadcasting this out to your community. So people know. I don't think people understand just the scale of what's going on, and this story tells it very, very well. So just I wanted to put a shout out to this story in our episode because I think it's just really worth taking a look at.

B

Yeah, it's very important topic.

A

It really truly is. And the more I learn about it, the more horrified I get.

B

And it's just awful.

A

It really is. Just awful. All right, so for my second story, this is something that I was reading about in Wired recently, and it's about cybercriminals have a weird new way to target you with scam texts. And it's a story by Matt Burgess. Yes, like, we needed that. But it's sort of one of those what's old is new. Again, because this is a story about SMS blasters. Joe, I bet you've heard of these, the backpack sized things where people walk around basically blasting text messages through like little tiny antenna. This is not a totally new phenomenon.

B

I've not heard of this, but I've seen like jammers like that.

A

Sort of akin to that. I mean, not the same. It's in that family. I think if you've ever been to Def Con or any kind of hacker conference, you'll see people with things like this on their back sometimes not necessarily doing this. You'll see people with antenna in backpacks doing fun stuff. This is a specific, I don't know. Again, I don't think this is necessarily new, but it's sort of new to us right now. So SMS blasters, just so everybody can understand what this is, they're little devices. Again they're often backpack sized that impersonate a cell phone tower. So they simulate a cell site. So criminals will then drive around in a van or just carry them in a crowd in a city especially. And then phones in range of this SMS blaster will then be forced to connect to that fake tower in their backpack. So what will happen is the blaster will capture phones on a fake 4G signal. A lot of phones nowadays are on at least 4G, if not 5G. And then the Blaster will force the phones to downgrade to 2G signal, which is a much older version.

B

Right.

A

Well, I'm trying to remember when we were all on 2G, this was basically phone and text only. I don't think it was. Even if data existed, it was miniscule.

B

Yeah, I'm not a phone guy, but I do know that that 2G had absolutely no security.

A

Zero security, zip. Yes, that's right. And then basically while those phones are being forced to go into 2G, the blaster will blast out a ton of malicious SMS messages with links. So it still does depend on the recipient of these spam messages to actually take an action and click the link and get phished. However, the blasters are essentially taking advantage of the fact that phones have a built in hierarchy of essentially if 5G is not available, you can downgrade to 4 and et cetera, et cetera, et cetera. And most of our phones have the ability to connect to 2G if that's all that's available. And the blaster people using the blasters know that. So they're going, well, if we can force you to connect to 2G, your phones are basically going to have to connect to it and then we can just do whatever we want. And the interesting thing to me about this technology is that cycle of capture the phones on 4G, downgrade them to 2G, blast the scam, text out and then let the phones go. Happens in a matter of seconds, like 10 seconds at most. So all that time your phone's probably in your pocket. You don't even realize what has happened. You're not necessarily staring at your screen and going, oh, that's weird. Why am I Suddenly on a 2G network right now? You won't even know.

B

Yeah, you just start getting tons of texts.

A

Yeah, yeah, exactly. So the reason Wired was looking into this and the reason why this has been happening more and more is, I guess, a weird silver lining to all the spam messages we've all been getting in the last years. Mobile carriers are getting better about recognizing these and they're actually doing better at filtering those out from the source and blocking scam texts before we receive them. Hooray. So now criminals are going, well, we got to get around that. And instead of trying to blast things out on a macro, macro scale, let's go really old school, get boots on the ground and blast these scam messages in areas where we can hit a lot of people at once. So these SMS blasters do operate outside of normal carrier controls, so the filters that the carriers are deploying do not apply. So this is a great way for them to completely circumvent all that control. Again, at the sort of top level.

B

Right, because they're in control of the communication to the phone.

A

Correct. It's like almost a grassroots thing, interestingly enough. But of course it's being used for terrible reasons in this case. And then. So this is not one of those capabilities that we should keep an eye on because maybe one day it'll get deployed, is actually happening. So unlike I'm trying to think of, like, what's the one USB jacking, which is a threat that everybody loves to talk about, but a lot of security researchers are like, this has actually never happened. SMS blasting is a thing that is happening. So, for example, there are some reported capabilities of messages sent to all phones in a 1,000 meter radius. So 1 kilometer radius, right? Am I doing that correct?

B

Yeah, that's 1 kilometer radius, but that is an area of 3.14 square kilometers.

A

There you go. But 3.14. Interesting. Yes. Almost like PI is involved there.

B

PI is involved there.

A

There was one incident reported in Bangkok, Thailand that reportedly blasted over 10,000 SMSs in an hour. Sorry, not 10,000, a hundred thousand. I can read 100,000 SMS in an hour. This SMS Blaster use has been detected in Asia, Europe and South America so far. And then one quote from the article that I wanted to pull out was law enforcement officials in London say they have so far seized seven SMS blasters. And in June of this year, 2025, a student from China was sentenced to jail for more than a year after being caught using one of these devices. So, yeah, so as I mentioned at the top of this story, the, the messages themselves do rely on ye olde phishing techniques. So these are scam messages with scam links in there being pushed to the user. You need to. In order to be scammed, you have to click and be compromised. So that attack chain still is sort of the way it's always been. So it does require the user to essentially fall for the scam. So if you get a scam message and you go, that's obviously a scam and delete it, great, you're good. So that is sort of the best way to protect yourself is notice that it's a scam text. Don't fall.

B

Right, of course, right.

A

I mean it's like obvious. Obvious note is obvious. But if you're not sure of what this is, you know, definitely don't enter any personal data anywhere, as we've mentioned many times, go to the source. If some somebody's purporting to be from a company saying, hey, you owe us money or you know, there was some sort of issue with your account, don't go through the link that you've been texted, go directly to the company site or call a verified number, not one that you necessarily Google. Be careful. And one note that Wired put in their article that had me a little bit iffy was you can actually disable 2G access on your phone if your device and carrier allow it. Many Androids will let you do this. IPhones have Apple's lockdown mode that technically will allow you to limit legacy connections like 2G. But there are downsides to that. So if you're in an area where cell phone connectivity is poor, sometimes the only way you can Connect is through 2G, so you may not want to actually disable that. It's going to be up to you, sort of your living situation. I personally like being able to connect to 2G sometimes when it's the only option I've got. So you'll see. But keeping your device updated will also help. And if you do get an SMS that you see is suspicious, always report it to your carrier if you can, or if there are national reporting hotlines, do so as well.

B

So while you're talking, Maria, I whip out my Android phone, my Google Pixel 6, which needs to be replaced. It's getting into life soon.

A

Yeah, walk us through it.

B

So what happens is you go to settings and then you can look for the advanced protection setting. And it is, you can either turn it off or on. And it's a, it looks like it does seven different things, one of which is, prevents you from connecting to 2G networks. But it also has like app protection and device safety that is like theft detection, lock offline device lock and inactivity Reboot restarts device if it remains locked for three days.

A

Is it easy to deploy? Is it just a little toggle to say, disable 2G?

B

It is just a toggle, but it implements everything. It doesn't just disable 2G. And there's no modularity to this. You're getting all of it or none of it.

A

Okay, because I was thinking if it was a matter of saying just turn off the ability to connect to 2G, I would probably keep that on all the time. Unless I'm somewhere really rural where I'm going. I have no cell phone connection out here. Let me see if I can at least get a 2G signal.

B

Oh, interesting. So it also as protects against scam calls and texts as a thing. And that's interesting because this morning on default, I don't know, this morning I looked over and I saw a, a phone call coming in that said scam, probable scam or something like that. And I, I answered it and it was some woman saying, hey, I, I'm looking at your file and we've got, we've got all your credit card information here and we see, we, I see that you can save a lot of money by going with a debt consolidation loan. I said, you're looking at my file. She goes, yeah. I said, what's my name?

A

And she was, I don't know, tell me your name.

B

And she was like, it's all, it's all encrypted and kept safe and secure and only an account executive. Okay, so what's my name? Yeah, I mean that should be a simple thing. It shouldn't. That part shouldn't be encrypted. And then eventually she hung up.

A

That's so funny. Wow. Well, this is one of those things, this SMS blaster situation, something to be aware of. I don't think people need to be losing sleep over it, but certainly just always treat links and SMS in text messages as suspicious. I think that's just always good standard operating procedure. We always encourage that. And if disabling 2G makes sense for you, that's something that you may want to consider as well. And hopefully we will get better in terms of law enforcement and also carriers at detecting this kind of thing and being able to shut it down. But it may be an escalating cat and mouse game with this kind of capability. So something we'll keep an eye on.

B

Yep.

A

Yeah. All right, so those are my stories. Let's move on over now to the catch of the day.

B

Maria. Our catch of the day is a post from R Scams on Reddit. The scam starts off with, it's a letter from a US Law firm, but no real information is given.

A

Or rather a physical letter that's been mailed.

B

Someone's home piece of mail.

A

Okay.

B

Has been sent to this person. This person has posted a picture of it in the Reddit interface. I don't know what you call it in the chat. It's not a chat, it's a post in a post. Yeah, I'm not a big Reddit guy. I have an account, but that's about it.

A

All right. Shall I read it then?

B

Yes, you should read this.

A

Okay. So it's on very official letterhead I should notice. And the letterhead says it's from Goldberg and Cohen Legal Group. And I'll just read the text. Case number GC 1990 70. I can say numbers. Case number GC 19972. Amount owed $1,634.16. This notice is to formally inform you that Goldberg and Cohen Legal Group now represents a client in relation to your delinquent account. You have ignored previous attempts to resolve this matter by prior collection agencies retained by our client. You are hereby notified that a recommendation to file a lawsuit to collect this debt to may be the next step, resulting in a judgment entered against you. Notice of impending legal action. Due to the significant delinquency of your loan, we are compelled to initiate immediate legal action to recover the outstanding debt. If restitution is not made, this action may result in further legal consequences. Consequences of a judgment. A judgment is a grave matter with serious repercussions, including but not limited to wage garnishment, court order required for a spouse or domestic partner. Levy on bank accounts or safe deposit boxes, liens on real or personal property, suspension of licenses, real estate, contractor or drivers under certain conditions. The total claim may encompass the principal amount, accumulated interest, court fees, and legal costs. We reserve the right to subpoena financial institutions, employers and other entities listed on the initial application of their testimony should this case advance to court. Sorry, some of the text is cut off. Required action to prevent further legal proceedings. You must contact our office within 10 days of receiving this letter. Ignoring this notice will be interpreted as a refusal to settle the debt, prompting immediate litigation. We trust you will treat this matter with the urgency it demands. Sincerely, Carlton J. Edwards, Legal Administrator.

B

Right.

A

Try to make it sound scary because it looks scary.

B

Yeah, it does look scary. This is frightening. This actually has a date on it of September 12, 2025. And we're recording this a little more than a week later or a little less than a week later. So, I mean, this is very recent. There are. Somebody points out in the comments here that, yep, this is a scam. We've seen this before, including using this exact law firm, this exact fake law firm. What's interesting is that the address that shows up is like a 14 story office building. And there's no, there's no suite number on, on the Goldberg and Cohen Legal group thing. I, and I don't know of a law firm that takes up 14 stories of a building that participates in this kind of law. There is a Goldberg or is it a Cohen group? I, I, look, I looked it up there. It's a. But it's a family law. It's just, and it's just one lawyer in the office.

A

Yeah, there'. There is no Goldberg and Cohen Legal Group. This does not exist. A cursory Google will reveal that pretty quickly. It's amazing, right?

B

The guy who responded to it goes on to say that if you have any collections under the Fair Debt Collections act, the communication has to say who you owe the debt to. So that's a dead giveaway. There's no, there's no, there's no name here. If the debt is owed to the client, then the name of that client, whatever entity it is, has to be listed here. It can be a person, you know, somebody can be suing you for or having a lawyer contact you for money you owe them over some agreement. It can be a company, it can be a bank, it can be anything. But it has to be listed, whoever it is. So, yeah, this is all fake and bs. You know, I think, I think what I would do here is, you know, report it to law enforcement if you get this and maybe give them the phone numbers, that's that. And they can make a phone call or they can, they can take some action in from their end, but otherwise, yeah, just ignore these things.

A

Yeah, it is. I want to repeat this is a very scary official looking letter like this would scare me if I got this in the mail. Yep. So, I mean, it does not look like it's on cheap letterhead. It's. It's not even printed in black ink. It's printed in navy ink, which to me makes me go, ooh, somebody put some money into this.

B

Right.

A

I mean, this is a little American Psycho of me, but even the paper looks nice. So it's. It's this. I could absolutely see this filling people because this would have given me a bit of a fright.

B

It took a little while for me to get the American Psycho reference, but I got showed up the cardstock.

A

It's really nice. Yeah. I can't quote the movie, but yeah.

B

Right. The funny thing is also in here, the case, they try to put a case up top and it's like, regarding Goldberg and Cohen versus and then the guy has scratched his name out. But I'm. I'm guessing it's just Goldberg and Cohen versus whoever. You know, this is a form letter that if this was sent to me, it'd be Goldberg and Cohen versus Joe Kerrigan.

A

Yeah.

B

I'd be like, that's a boxing match I'll take on any day. I get to beat up a couple of lawyers. All right, let's go.

A

Fun times. Yeah. Carlton J. Edwards.

B

Although if I got into the ring with Ben Yellen, I think he'd probably kick my butt.

A

I would put money on that. Sorry, Joe. It's true. Well, thank you for that, Joe. This is a really good catch of the day, so hopefully people will be aware and not get freaked out if they get something like this in the mail. It is indeed a scam. Okay, let's take a quick break before we close out foreign.

C

Thank you to Threatlocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com.

A

And that is hacking humans. Brought to you by N2K CyberWire. We always would love to know what you think of our podcast. Your feedback ensures that we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, and of course, we always hope that you do, please share a rating and review in your podcast app. You can also fill out the survey in our show notes or send an email to hackinghumans2k.com we're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement enforcement agencies. N2K helps space and cybersecurity professionals grow, learn and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We are mixed by Elliot Peltzman and Tre Hester. Peter Kielpe is our publisher. And I'm Maria Varmazis.

B

And I'm Joe Kerrigan.

A

And we miss Dave Bittner. Thanks for listening.