Summary

Podcast Summary: Hacking Humans - "The Prince, the Pretender, and the PSA"

Introduction

In the May 1, 2025 episode of Hacking Humans, hosted by Dave Buettner and Joe Kerrigan from N2K Networks, listeners are taken on an insightful journey through the intricate world of social engineering, deception, and cybercrime. Featuring a special guest, Rob Allen from ThreatLocker, the episode delves into recent scams, high-profile cyber attacks, and the evolving tactics of cybercriminals. This summary captures the key discussions, notable quotes, and essential takeaways from the episode.

1. Scammers Impersonating Official Agencies

Discussion Overview: The episode opens with Joe Kerrigan recounting a LinkedIn interaction involving a post by cybersecurity expert Brian Krebs. The post highlighted an FBI Internet Crime Complaint Center (IC3) public service announcement warning the public about scammers impersonating FBI officials.

Key Points:

Scammers' Tactics: Scammers often target individuals already victimized by fraud, claiming to help recover lost funds. This "follow-on scam" approach increases the likelihood of additional losses.
IC3's Advisory: The IC3 emphasizes that official communications will never ask for personal information or money through insecure channels like phone, email, or social media. Instead, legitimate contact will come from official local field offices or law enforcement officers.

Notable Quotes:

Joe Kerrigan (01:20): “Nothing is sacred to these scammers.”
Rob Allen (04:30): “Fundamentally, it comes back to trust no one and nobody and nothing.”

Insights: Rob Allen underscores the importance of skepticism and caution when approached by unsolicited contacts claiming to be from official agencies. He highlights the difficulty in verifying authentic communications due to malicious ads and fake websites.

2. Annual Report on Cybercrime Losses

Discussion Overview: The hosts discuss the IC3's 2024 annual report, reflecting a 33% increase in reported cybercrime losses from 2023, totaling $16.6 billion.

Key Points:

Average Loss: The average reported loss per victim is $19,000, a significant sum that underscores the severe impact of cyber scams.
Reporting Bias: Smaller losses are likely underreported, suggesting the actual total losses could be higher.

Notable Quotes:

Dave Buettner (05:48): “Wow.”
Joe Kerrigan (06:19): “The average loss was $19,000. That is a steep average loss.”

Insights: The substantial increase in reported losses highlights the escalating threat of cybercrime and the necessity for enhanced protective measures within organizations and among individuals.

3. The MGM Cyber Attack: A Case Study in Social Engineering

Discussion Overview: Rob Allen provides an analysis of the recent cyber attack on MGM, focusing on its social engineering components.

Key Points:

Social Engineering Tactics: The attackers researched MGM employees via social networks, identified support personnel, and impersonated them to gain access.
Technical Breach: The breach involved compromising MGM’s OKTA system, resetting multi-factor authentication (MFA), and escalating access, culminating in a $100 million cyber event.

Notable Quotes:

Rob Allen (07:44): “They managed to get into the organization's OKTA system and reset MFA on certain accounts and basically just snowballed from there.”
Joe Kerrigan (09:36): “If you're going to launder money for an international crime syndicate, just understand you're just as expendable as the victim is.”

Insights: The MGM attack exemplifies how sophisticated social engineering can bypass technical defenses, emphasizing the need for robust verification processes and employee training to recognize and prevent such breaches.

4. Arrest in a Nigerian Prince Scam

Discussion Overview: Dave Buettner narrates the arrest of a 67-year-old man from Louisiana involved in a Nigerian prince scam, highlighting the unexpected profiles of perpetrators.

Key Points:

Nature of the Scam: The accused orchestrated scams claiming victims were beneficiaries of a will, requesting personal information and money transfers.
Collaboration: He worked with counterparts in Nigeria, facilitating international money laundering through wire transfers and cryptocurrency.

Notable Quotes:

Joe Kerrigan (15:55): “You might think that the person on the other phone is the person that you know because their voice sounds like them. But it may not actually be them.”
Dave Buettner (19:22): “We should have T-shirts made up that just say don't.”

Insights: The arrest serves as a reminder that cybercriminals can come from diverse backgrounds and age groups. It also highlights the global nature of such scams and the challenges in tracking and prosecuting international conspirators.

5. Catch of the Day: Law Enforcement Impersonation Scam

Discussion Overview: The hosts examine a scam message purportedly from the Department of Homeland Security, warning recipients about financial scams and urging them to change passwords.

Key Points:

Red Flags: The email contains awkward language, generic greetings, and vague instructions, which are typical indicators of phishing attempts.
Tactics: The scam attempts to establish legitimacy through official-sounding language and imagery but ultimately seeks to extract personal information or money.
Filtering Technique: By targeting individuals who may have already been scammed, the attackers increase their success rate by exploiting victims' heightened vulnerability.

Notable Quotes:

Joe Kerrigan (21:12): “What does that mean? Am I supposed to disregard or respond?”
Dave Buettner (24:10): “This is more follow-on scams. Trying to look for people who have already been victimized because they're probably easier to victimize again.”

Insights: The analysis reinforces the importance of scrutinizing unsolicited communications, even those appearing to be from reputable government agencies. Users are advised to verify such messages through official channels and avoid responding to suspicious emails.

6. Practical Protection Measures

Discussion Overview: The hosts and Rob Allen discuss practical steps individuals and organizations can take to safeguard against social engineering and similar cyber threats.

Key Points:

Verification Protocols: Always verify the identity of callers or email senders by contacting official channels directly rather than using the contact information provided in suspicious messages.
Awareness and Training: Regular training sessions for employees to recognize and respond appropriately to potential social engineering attempts.
Use of Technology: Implementing advanced security measures such as AI-based voice verification to detect fraudulent communications.

Notable Quotes:

Joe Kerrigan (11:36): “If you say, I'm gonna call you right back, what's your extension? The person on the other end should be able to answer that question without any issue.”
Rob Allen (12:31): “Just because somebody speaks beautiful fluent English or US English or whatever the case may be, wherever you happen to be, that doesn't mean that they are the good guys.”

Insights: Emphasizing the critical role of verification and skepticism in preventing cyber fraud, the discussion highlights that even seemingly convincing communications require thorough scrutiny to ensure authenticity.

Conclusion

The episode of Hacking Humans effectively sheds light on the evolving landscape of cybercrime, particularly the sophisticated use of social engineering by scammers. Through detailed case studies, expert insights, and practical advice, hosts Dave Buettner, Joe Kerrigan, and guest Rob Allen equip listeners with the knowledge to recognize and defend against these pervasive threats. The recurring theme underscores the necessity of vigilance, skepticism, and robust security protocols in combating cyber deception.

Notable Quotes Summary:

Joe Kerrigan (01:20): “Nothing is sacred to these scammers.”
Rob Allen (04:30): “Fundamentally, it comes back to trust no one and nobody and nothing.”
Dave Buettner (05:48): “Wow.”
Joe Kerrigan (06:19): “The average loss was $19,000. That is a steep average loss.”
Rob Allen (07:44): “They managed to get into the organization's OKTA system and reset MFA on certain accounts and basically just snowballed from there.”
Joe Kerrigan (09:36): “If you're going to launder money for an international crime syndicate, just understand you're just as expendable as the victim is.”
Dave Buettner (19:22): “We should have T-shirts made up that just say don't.”
Joe Kerrigan (21:12): “What does that mean? Am I supposed to disregard or respond?”
Dave Buettner (24:10): “This is more follow-on scams. Trying to look for people who have already been victimized because they're probably easier to victimize again.”

Final Thoughts: By dissecting real-world scams and offering actionable advice, Hacking Humans empowers its audience to stay ahead in the fight against cybercrime. Listeners are encouraged to remain informed, practice caution, and implement recommended security measures to protect themselves and their organizations from falling victim to these deceptive tactics.

Summary

Podcast Summary: Hacking Humans - "The Prince, the Pretender, and the PSA"

Introduction

1. Scammers Impersonating Official Agencies

Key Points:

Scammers' Tactics: Scammers often target individuals already victimized by fraud, claiming to help recover lost funds. This "follow-on scam" approach increases the likelihood of additional losses.
IC3's Advisory: The IC3 emphasizes that official communications will never ask for personal information or money through insecure channels like phone, email, or social media. Instead, legitimate contact will come from official local field offices or law enforcement officers.

Notable Quotes:

Joe Kerrigan (01:20): “Nothing is sacred to these scammers.”
Rob Allen (04:30): “Fundamentally, it comes back to trust no one and nobody and nothing.”

2. Annual Report on Cybercrime Losses

Discussion Overview: The hosts discuss the IC3's 2024 annual report, reflecting a 33% increase in reported cybercrime losses from 2023, totaling $16.6 billion.

Key Points:

Average Loss: The average reported loss per victim is $19,000, a significant sum that underscores the severe impact of cyber scams.
Reporting Bias: Smaller losses are likely underreported, suggesting the actual total losses could be higher.

Notable Quotes:

Dave Buettner (05:48): “Wow.”
Joe Kerrigan (06:19): “The average loss was $19,000. That is a steep average loss.”

Insights: The substantial increase in reported losses highlights the escalating threat of cybercrime and the necessity for enhanced protective measures within organizations and among individuals.

3. The MGM Cyber Attack: A Case Study in Social Engineering

Discussion Overview: Rob Allen provides an analysis of the recent cyber attack on MGM, focusing on its social engineering components.

Key Points:

Social Engineering Tactics: The attackers researched MGM employees via social networks, identified support personnel, and impersonated them to gain access.
Technical Breach: The breach involved compromising MGM’s OKTA system, resetting multi-factor authentication (MFA), and escalating access, culminating in a $100 million cyber event.

Notable Quotes:

Rob Allen (07:44): “They managed to get into the organization's OKTA system and reset MFA on certain accounts and basically just snowballed from there.”
Joe Kerrigan (09:36): “If you're going to launder money for an international crime syndicate, just understand you're just as expendable as the victim is.”

4. Arrest in a Nigerian Prince Scam

Discussion Overview: Dave Buettner narrates the arrest of a 67-year-old man from Louisiana involved in a Nigerian prince scam, highlighting the unexpected profiles of perpetrators.

Key Points:

Nature of the Scam: The accused orchestrated scams claiming victims were beneficiaries of a will, requesting personal information and money transfers.
Collaboration: He worked with counterparts in Nigeria, facilitating international money laundering through wire transfers and cryptocurrency.

Notable Quotes:

Joe Kerrigan (15:55): “You might think that the person on the other phone is the person that you know because their voice sounds like them. But it may not actually be them.”
Dave Buettner (19:22): “We should have T-shirts made up that just say don't.”

5. Catch of the Day: Law Enforcement Impersonation Scam

Discussion Overview: The hosts examine a scam message purportedly from the Department of Homeland Security, warning recipients about financial scams and urging them to change passwords.

Key Points:

Red Flags: The email contains awkward language, generic greetings, and vague instructions, which are typical indicators of phishing attempts.
Tactics: The scam attempts to establish legitimacy through official-sounding language and imagery but ultimately seeks to extract personal information or money.
Filtering Technique: By targeting individuals who may have already been scammed, the attackers increase their success rate by exploiting victims' heightened vulnerability.

Notable Quotes:

Joe Kerrigan (21:12): “What does that mean? Am I supposed to disregard or respond?”
Dave Buettner (24:10): “This is more follow-on scams. Trying to look for people who have already been victimized because they're probably easier to victimize again.”

6. Practical Protection Measures

Discussion Overview: The hosts and Rob Allen discuss practical steps individuals and organizations can take to safeguard against social engineering and similar cyber threats.

Key Points:

Verification Protocols: Always verify the identity of callers or email senders by contacting official channels directly rather than using the contact information provided in suspicious messages.
Awareness and Training: Regular training sessions for employees to recognize and respond appropriately to potential social engineering attempts.
Use of Technology: Implementing advanced security measures such as AI-based voice verification to detect fraudulent communications.

Notable Quotes:

Joe Kerrigan (11:36): “If you say, I'm gonna call you right back, what's your extension? The person on the other end should be able to answer that question without any issue.”
Rob Allen (12:31): “Just because somebody speaks beautiful fluent English or US English or whatever the case may be, wherever you happen to be, that doesn't mean that they are the good guys.”

Conclusion

Notable Quotes Summary:

Joe Kerrigan (01:20): “Nothing is sacred to these scammers.”
Rob Allen (04:30): “Fundamentally, it comes back to trust no one and nobody and nothing.”
Dave Buettner (05:48): “Wow.”
Joe Kerrigan (06:19): “The average loss was $19,000. That is a steep average loss.”
Rob Allen (07:44): “They managed to get into the organization's OKTA system and reset MFA on certain accounts and basically just snowballed from there.”
Joe Kerrigan (09:36): “If you're going to launder money for an international crime syndicate, just understand you're just as expendable as the victim is.”
Dave Buettner (19:22): “We should have T-shirts made up that just say don't.”
Joe Kerrigan (21:12): “What does that mean? Am I supposed to disregard or respond?”
Dave Buettner (24:10): “This is more follow-on scams. Trying to look for people who have already been victimized because they're probably easier to victimize again.”

wavePod

The prince, the pretender, and the PSA.

Powered by Wave AI

Summary

1. Scammers Impersonating Official Agencies

2. Annual Report on Cybercrime Losses

3. The MGM Cyber Attack: A Case Study in Social Engineering

4. Arrest in a Nigerian Prince Scam

5. Catch of the Day: Law Enforcement Impersonation Scam

6. Practical Protection Measures

Conclusion

Summary

1. Scammers Impersonating Official Agencies

2. Annual Report on Cybercrime Losses

3. The MGM Cyber Attack: A Case Study in Social Engineering

4. Arrest in a Nigerian Prince Scam

5. Catch of the Day: Law Enforcement Impersonation Scam

6. Practical Protection Measures

Conclusion