The “t” that tricked.

Dave Buettner

You're listening to the Cyberwire Network, powered by N2K.

Joe Kerrigan

Hello everyone and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hi, Joe.

Maria Varmazes

Hi Dav.

Joe Kerrigan

And our N2K colleague and host of the T minus Space Daily podcast, Maria Ramazes.

Dave Buettner

Maria, how are you gentlemen?

Joe Kerrigan

Doing well, thank you. We've got some good stories to share this week. Also joining us later in the show is Nati Tal, head of Guardiolabs. We're discussing the growing danger of homograph attacks and we will be right back after this message from our show sponsor.

Nati Tal

And now a few thoughts from our sponsors. At ThreatLocker, the tactics used by cyber criminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.

Joe Kerrigan

All right, we are back and we have some follow up here. I'll take this one, Joe. This is from a listener named Robert who writes in and says, greetings from the Great White north, which I assume means Canada.

Maria Varmazes

Canada.

Dave Buettner

Hi Canada. Hi friends.

Joe Kerrigan

Robert writes in and says, I was listening to Joe's comments about credit cards and payments at drive thrus and restaurants. All I have to say is when will your country catch up to the rest of the world when it comes to things financial?

Dave Buettner

Don't hold your breath.

Joe Kerrigan

Robert, I am so with you here. I am so with you. He says, how long did it take your country to adopt chips in credit and debit cards after the rest of the world adopted them? Absolutely true.

Maria Varmazes

It was a long time.

Joe Kerrigan

He says, every drive thru I use, the machine comes out of the window on the end of a stick. We catch our debit or credit card for the payment. The attendant never gets to touch my card. In restaurants at the end of the meal, the server asks, do you need the machine? The machine is brought to you at the table. Your card is never taken away.

Maria Varmazes

Yeah, I've seen this in a number of restaurants actually where they have these devices on the table that you of course, cause it's America, why miss the opportunity to sell something? But you can also get this thing to play games for your kid for like a dollar for the meal or whatever. But these things also are the point of sale system for the Restaurant.

Joe Kerrigan

Right. Well, and more and more I see the waiters and waitresses themselves carrying the thing with them.

Unknown

Yeah.

Dave Buettner

Having a little bit. Yeah, I've seen that term a lot more too.

Maria Varmazes

Right.

Joe Kerrigan

I think that's really growing in popularity. I think customers like it. I think it makes everything faster.

Maria Varmazes

It does. I don't have to wait for the waiter to come back with my credit card, which is one of the longest waits in dining out.

Joe Kerrigan

But I think, especially as folks like when you want individual checks for your meal, that device can just go from one person to the other.

Maria Varmazes

Right.

Joe Kerrigan

You know, they don't. Yeah.

Dave Buettner

Oh, yeah, that's true. Yes. Splitting the bill is a lot easier, which I know waiters hate servers. They hate it. So.

Joe Kerrigan

Yeah.

Dave Buettner

Yeah, that makes it a lot easier. Yeah. Don't the stores have to buy that? Isn't that part of the reason this has taken so long is they have to front that investment?

Maria Varmazes

Actually, I'll tell you, A big driver in the delay for chip and PIN or just using a chip was gas stations. Gas stations had already spent huge amounts of money on infrastructure for pay at the pump, but didn't have a chip in it. So they had to replace all that infrastructure with chip technology.

Dave Buettner

Oh, geez.

Maria Varmazes

And that's one of the big drivers behind the delay.

Dave Buettner

And that's why they decided to put those ads there. That blast at us every time we're at the gas station now. It's great.

Maria Varmazes

Here's Pro tip on the right hand side, second button down is mute.

Dave Buettner

Oh, yeah, the worn out button is the one I use.

Joe Kerrigan

Right, right, right.

Dave Buettner

That's how you know.

Joe Kerrigan

Robert had some other comments about. I guess I had spoken about carrying cash and Robert agreed. He says, I feel better knowing I have a backup plan and there are times when I don't want my purchase tracked by our financial overlords and I pay in cash.

Maria Varmazes

I get it.

Joe Kerrigan

Yeah. Thank you, Robert, for writing in. We agree that as usual, being Americans, we think we have it the best when we actually have it the worst. Usa. Usa. How's your healthcare up there in Canada? What's it like? All right, so that is our follow up. Why don't we go into our stories here. Joe, you have the honors this week. You wanna start things off?

Maria Varmazes

I do. And yes, the first one I have comes out of Jackson, Tennessee. And these are two stories I have that are about the same thing. And we'll put links to both these stories in the show notes. But the headline of the first story is China's Xi Hails Thailand's strong action against scam centers. And what is happening here is President Xi of China and the Thai prime minister. Her name is, I'm just gonna say her last name, Sina Wartra. And I don't think I'm butchering that too badly. But prime minister Shinawarta has been working at resolving the problem of these scam centers that are happening along the Thailand Myanmar border. What's happening, we've talked about this in the past where people are tricked into coming to Thailand or Myanmar and when they get there, they're told, hey, come in here, we have this great job for you. But once they get there, they're just essentially kidnapped and put to work as slave laborers making outbound calls to their home countries to try to scam their countrymen out of. Out of, you know, money.

Joe Kerrigan

Right.

Maria Varmazes

It's billion dollar industry. Well, apparently the prime minister of Thailand has shut down a number of these places. And China is saying this is really great because China doesn't want the Chinese people getting scammed. But as the pair met China, 61 people rescued from scam centers in Myanmar were returned to Thailand. Defense secretary, one of their defense secretaries said the Thailand Defense Secretary About 34 of these people were Chinese. The rest of these people come from Indonesia, Ethiopia and other countries in Africa. So it doesn't matter where you come from. They're probably just going to put you back scamming people in that country. So I would imagine that the Ethiopian people who were kidnapped and abducted and put to work here were probably calling back into Ethiopia, scamming Ethiopians because when you do that you have somebody who speaks the language.

Joe Kerrigan

Right?

Maria Varmazes

Right. They know the culture. They get it. So the other story comes from cnn from Katja Olarn. Katja Olarne. And one of the ways this is going down is that Thailand is cutting power to these scam sites or these locations, these buildings. So in power grids, there's no such thing as like a totally localized power grid, especially when you have smaller countries, smaller regions and things like that. So Thailand apparently controls the electric supply to where these centers are. And as of Wednesday afternoon, at least one of the scam compounds was still operating. But it didn't look like the other ones were still working. Still working because Thailand just shut the power off.

Joe Kerrigan

Right. They cut off their Internet too, I believe. Yeah, it's interesting.

Dave Buettner

That's one way to.

Maria Varmazes

Here's something that's interesting about this article is that this article says that these scam factories, many of which are run by Chinese crime syndicates, have proliferated in Myanmar, which is actually in the state of a civil war right now. So it makes sense that you go to a country that has bigger things to worry about and start setting up organized crime operations there. Yeah, then. But, you know, my question about that is, what's China's influence there? Is there any. Anything they can do about these. These Chinese crime syndicates? Are these Chinese crime syndicates more of global operations? Probably more global operations just run by Chinese nationals. And there may not be much that China can do about it.

Joe Kerrigan

Yeah. Who knows what the internal status of things is? To what degree do folks look the other way or tolerate or, you know, who knows?

Dave Buettner

Get a kickback.

Joe Kerrigan

Yeah, get a kickback.

Maria Varmazes

Get a kickback. That's 100% a real possibility.

Joe Kerrigan

One of the. We covered this on the cyber wire, and one of the statistics that caught my eye was that they were saying that there's. They believe there's upwards of 100,000 people who've been abducted to run these scams.

Maria Varmazes

That's a lot of people.

Joe Kerrigan

Yeah, it's a lot of people.

Maria Varmazes

And that's.

Joe Kerrigan

These are. These are villages.

Maria Varmazes

Right. You know, these are villages full of people. And we had a story couple maybe a year ago about a Vietnamese guy who managed to get out of one of these places and by swimming across a river.

Joe Kerrigan

Yeah.

Maria Varmazes

And then found somebody that was fortunate. He was fortunate enough to find, like, a farmer or somebody that, you know, nearby, was able to communicate with and was able to get out of there and lead. Lead police back to the. Back to the location. And one of the other things that shocked us again as Americans about this was that the entire control over all these people was maintained with one gun and like, 47 bullets or something like that. Right. It wasn't a lot by. Well, by American standards.

Joe Kerrigan

Right.

Dave Buettner

How many bullets do you need? I mean, all of them. Yeah. I mean, I don't know. Every. When we talk about these stories, I. I often wonder if there's a stronger word than scam that one could use, because it just doesn't.

Maria Varmazes

Slavery.

Dave Buettner

This is slavery. Yeah, exactly.

Joe Kerrigan

That.

Dave Buettner

Because it's just scam just makes it seem like it's. Oh, you know, it's a, you know, a con man doing a thing. But, yeah, it's slavery.

Maria Varmazes

I mean, this is. This is slavery. This is one of the most reprehensible things one person can do to another.

Dave Buettner

Yeah.

Joe Kerrigan

All right. Well, I mean, on the one hand, it's good that we're seeing some movement here and we've got international cooperation and recognition. To try to shut these things down. But when you compare the numbers that we have dozens of people being repatriated.

Maria Varmazes

Versus hundred thousand people still missing, yeah.

Joe Kerrigan

There'S a lot of work left to be done, but it's good to see that there's efforts there. All right, we will have links to that story in the show. Notes. Maria, what do you have for us this week?

Dave Buettner

Well, there's some interesting stories going around in the corporate sphere that have been popping up on LinkedIn that are AI related that I just find, like, car crash, fascinating, just knowing that this is happening. So there's this story that's been going viral in the last few days that is viral on LinkedIn. So for whatever that's worth, by a gentleman named David, who is the CTO of a company called Vidlock Security Lab. So their whole thing is they're basically a cyber security company thinking about cyber security in code all the time. But also I looked at David's LinkedIn and he's also a cyber security guy. Like, that's his background. So just keep in mind that this is a company that is very public about the fact that they're thinking about security all the time. So David was doing a technical interview with a candidate to work at his company. And like a lot of these technical interviews, we've talked about this in the past. This is a. Usually starts remote, a video conference, like a Google Meet chat. And David noticed pretty early on, I guess, in the call that the candidate he was talking to, his face and neck looked really weird. Like the person was answering his questions, I suppose competently. But something was off. Like his spidey sense was going off. And thankfully he took a video of what was going on. Because this is one of those things where you really need to see the video because it really does speak for itself. But I'll do my best to convey essentially, this person he's talking to, the face looks like a normal, like a European guy's face, but there's like a chunk of his neck that looks like it's been taken out by the background of the wall behind him.

Joe Kerrigan

So.

Dave Buettner

So there's some weird video artifacting going on. So that's a pretty good indication that something's not right here. But David wrote up, yeah, go ahead.

Maria Varmazes

I could see this being dismissed as this guy just has a virtual background and his head keeps popping in and out of that background. It kind of looks like that.

Dave Buettner

Yeah, it does, it does. And like, that is definitely a real possibility. The plausible deniability of, like, you know, We've all seen these wonky virtual backgrounds. You know, I'm not always sitting on the bridge of the Starship Enterprise. I know it's hard to believe, but sometimes it betrays that I'm actually in my office.

Maria Varmazes

Is that your virtual background, Maria?

Dave Buettner

I would like you to think that it is. Yes.

Joe Kerrigan

It's wonderful.

Dave Buettner

Sure. Enterprise D. Of course, of course. So David wrote in this really nice and short post on LinkedIn, this happened to him just two days ago from the day of our recording. He wrote, number one, the candidate, all of his answers were clearly from ChatGPT. He wrote, I could smell the GPT4 bullet point style responses a mile away. And that point number two, he was clearly using software to change his appearance. So not a virtual background, it was actually his face. And the way that he asked the guy to prove that he was who he appeared to be, he simply asked him, can you just wave your hand in front of your face first?

Joe Kerrigan

Me?

Dave Buettner

Like just, just move your hand. Which would normally, if you're using some sort of video filter, that would disrupt the filter. And the guy repeatedly just wouldn't do it. Like, he looks like he's pretending to not understand the question, or he waved the hand sort of to the side of his face, but not in front of his face. And the thing that I love the most is, well, I hate and love, really. David wrote that this was actually the second time in two months that he has encountered this exact situation while trying to hire somebody.

Joe Kerrigan

Wow.

Dave Buettner

Which is just nuts because again, he's a cybersecurity guy hiring for a cybersecurity company. So you would think people trying to fool somebody with, you know, an AI video filter would maybe choose an easier target. But maybe people just become so emboldened they're like, yeah, I'm going to do it now.

Maria Varmazes

I heard a similar story about this about a year ago from somebody I know. They said they had an interview candidate on a zoom meeting and this person was, whenever they asked a question, he would, oh, hold on, let me think about that for a second, hold on.

Dave Buettner

And then type, type, type, type.

Maria Varmazes

Right. He would just read the question off of the ChatGPT response and it was obvious he was doing this.

Dave Buettner

Yeah.

Maria Varmazes

And the funny thing was the guy I was talking to was like, this was for an entry level position. He didn't need to answer these questions the way he did, the way chatgpt did. He just needed to come close with an answer out of his own head. And I would have hired him.

Dave Buettner

Well, there, there's The Even before ChatGPT was a thing, there was the old version of keep your phone line open and then your friends would sit on Google Docs and sort of type the answer in collaboratively. So if you could buy a few seconds of time, like all your friends would do. I'm not saying I did this or knew anyone who did this.

Maria Varmazes

Right.

Dave Buettner

It used to be a thing. It's probably still a thing. But there, there was one comment on David's post that had me thinking about this also, and they said that essentially you could have a whole group of people applying for these remote jobs using the same AI mask and essentially you could all have these people pretending to be the same fake guy interchangeably. So sorry, that just sort of stopped me in my tracks. Like, yes, I could see that being absolutely possible.

Joe Kerrigan

This reminds me, in the 90s, I want to say the mid-90s, there was a very forgettable film, Sci fi horror film.

Maria Varmazes

That's probably one of my favorites. I'll bet.

Joe Kerrigan

The Punkmasters.

Maria Varmazes

That was Kiefer Sutherland. Or no, Donald Sutherland.

Joe Kerrigan

Donald Sutherland.

Dave Buettner

Donald Sutherland. There you go.

Maria Varmazes

It was a good movie.

Joe Kerrigan

Sure.

Dave Buettner

May he rest in peace. Yes.

Joe Kerrigan

But one of the plot points was there were these aliens and they would attach themselves to the humans. They were kind of like stingray shaped and they would attach themselves to the back of your shoulders and the back of your neck. They'd kind of into your spine from the back. So what this reminded me of, there's a scene in the movie where there's like this general, an army general who's reporting in via video. And he's saying, you know, everything's good here. The aliens haven't, you know, they've been unsuccessful. And the people that he's talking to says, you know, General, we're going to have to ask you to turn around so that we can see your back. So we can see, you know, the back of your neck. And the signal cuts out because of course he's. He's been. He's actually been taken by the aliens.

Dave Buettner

So, yeah, wave your hand in front of your face. Yes, exactly. Just wave that hand in front of the face. I'm sure you both have encountered the sort of whack a mole of identity verification measures that are going on for anything video nowadays for financial reasons or hr. I mean, it just seems like for these scammers, getting past the HR screen is a given now and people are going all the way through to the interviews. If not beyond that, it's just, it's wild. So I suppose everybody needs to have an on day, on site day for an interviewee to just make sure that that person actually exists.

Maria Varmazes

Right.

Dave Buettner

Because yeah, clearly it's getting too easy for people to fake it now.

Joe Kerrigan

Mm. Wow. It's fascinating. All right, well we will have a link to that story in the show notes. Before we get to our next story, let's take a quick break to hear a message from our sponsor.

Nati Tal

So let's return to our sponsor. ThreatLocker ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company, using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.

Joe Kerrigan

And we are back. Instead of a story this week, I have a special treat for all of us, actually. Joe joined me on a conversation that I had recently with Nati Tal. He is the head head of Guardiolabs, which is a cybersecurity company. And they recently did some research about the growing danger of homograph attacks, which is a type of attack we've talked about here before. But they're seeing some escalations of this and some combinations with other attacks. So here's our conversation with Natital. So today we are talking about some research that you all recently did and this is kind of centering on this idea of homograph attacks. Can we start off with some high level stuff here? Can you give us a little of the story of what brought this to your attention?

Unknown

Well, homograph attacks have been with us for four years already. Specifically in the recent weeks, we've seen those attacks come back to us in a new, I don't know, a new theme or so, using also the deception of homograph and different kinds of characters used in domain names to look like other domains, but also abusing sponsored search results on Google all at the same Time, which makes it quite powerful for the scammers, of course.

Joe Kerrigan

Well, for folks who aren't familiar with what a homograph attack actually is. Can you describe that for us?

Unknown

Let's do that with an example. So, for example, if you get an email or an SMS with a message from a service you usually use, like your email account or your bank, or even some kind of government, let's say IRS or some kind of other division, you need to go to their site and do some important issues like, I don't know, check your bank account, do some tax reports. You are usually getting those messages in emails or SMSs and you have a link inside of them. You click on the link and you go to your account or to the website where you can do whatever you need to do. In most cases, of course, those emails and SMS are legit and you go to the right site. But if you look carefully in the domain name itself, sometimes it looks like the site you're looking for. Let's say bankofamerica.com, it looks like bank of America. But if you look closely, and sometimes you can't even notice with your eyes, you actually need to test this string in your computer. Some of the letters are not exactly those you are used to use. For example, the letter A can be typed in as the A in the American or US language, but it can also be acrylic or some, some kind of other sign that looks like A, but it's not exactly. And because domain names today are not only using English letters, but they can use any kind of letter on all types of coding and languages and so on, those scanners can sometimes use those switches, moving from the regular A to something that looks like an A, register a new domain that looks almost exactly like the real one, and use this domain for scamming.

Joe Kerrigan

And how is this tying into using the Google Ad services as well? Are they kind of doubling up on their techniques here?

Unknown

Yeah, well, first of all, they're using the. You know, you look at the domain and it looks legit. But if you also get this domain or link to this service by searching for it on Google, you double up on the reputation of this result because you are so used to just click on the address bar and type in bank of America again, just an example, and you get the first result, which is probably bank of America, just click on it and move on with what you need to do with the bank. But if you get the search result, which is sponsored, meaning someone paid for Google or for any kind of other company with this kind of service to get to the top of the list and you are using a domain that looks like bank of America. This is like flawless. You can fool everybody, including us with 20 years of security experience. It doesn't matter if the first result is bank of America and the domain is bank of America. For the human eye, it's flawless. You just click on it and get fooled all around.

Joe Kerrigan

Well, my co host Joe Kerrigan is here in the studio with me. And Joe, this is something we talk about all the time, but it seems as though frequently they have taken this to perfection.

Maria Varmazes

Right? Like if you.

Unknown

If.

Maria Varmazes

Well, I mean I just did some experimental Googling around, if you will, and looked, looked up something that eventually I'm going to need a service for. And when my Google results come back, the very first 1, 2, 3 results are for are sponsored, which means somebody is paid to have this put in. Then there is a businesses section and then beyond that there is what looks like regular search results. And then all the way down at the bottom again there's another 1, 2, 3 sponsored results, which means that this page has like 6 sponsored results, which is 6 opportunities for a malicious actor to purchase one of these ads and put it into my search results using a domain with one of these homographs in it that, that you really can't tell is a, is essentially a bogus link.

Joe Kerrigan

So Nati, what's to be done here? I mean this is a case where you literally can't believe your eyes, right?

Unknown

Exactly. And again, there are many ways to fool us. And it starts with domains that look alike or subdomains that using like a subdomain like Amazon.com.fake.com Again those kinds of sites are so easy to create and in some cases they are even using link shorteners like Bitly or even abusing link shorteners of reputable services like Twitter X or LinkedIn. So you don't even see the actual domain, you just see a short link which is quite common also for, you know, for Ben 9 services and you click on it and you get to a spam page. So pornographics or any kinds of domain manipulations are so common and you just can't escape those. And again, when you search for something mostly and again it's like, it's like a simple tip, just don't click on sponsored results because again, if there is a sponsored result, it means someone wanted it to be there. Again, not all are scanners, of course. And if you look for some kind of service, you will probably get a sponsored result which is relevant for you. But make sure you are familiar with this website and you know what you're going to get when you will click on that link. So if you can dismiss sponsored results, just do that first of all. And second of all, there's no escaping from that. You really need some kind of a security layer that is behind your eyes or even sometimes your common knowledge or instinct. And I'm saying that as a security expert with 20 years of of experience, it doesn't matter. I also get fooled by those kinds of scams if they are quite good and unfortunately they are just getting better and better in their work. So you need some kind of an unbiased security layer in the form of any kind of an extension for your browser that checks everything that you are browsing to on an application for your phone. Everywhere you use the Internet you need some kind of extra protection. I wonder, this is what we do here at Guardio after all.

Joe Kerrigan

Yeah. Are there any browser plugins that specifically look for these alternate characters that could pop up and say hey, someone's using a non English lookalike for some letters in this URL. Are you sure you want to go here? Has anyone to your knowledge created such a thing?

Unknown

So I'm a bit biased, but this is exactly what we are doing here at Guardio.

Joe Kerrigan

Well, how convenient.

Unknown

So Guardio is exactly again not only looking for specific abuses of domain names, but also looking on the content of the web page and how you and all million of other users got to this page and realizing which of those pages is really legit, which is trying to scam you. SMS messages, emails, even instant messages you get from unknown numbers. The scammers will just use any form of communication to reach you and sometimes even just grab on your own intent. Like with Google search, you are searching for something. Let's say, you know the latest buzzword is Deep Seq, right? Everybody's talking about it and looking forward and trying this new service. And scammers are also realizing that okay, Deep Seq is a good keyword to grab on on sponsored results or create domains that look like Deep Seq. And every time there is a new buzz, scammers are on it immediately, right away. And again, you need to check the website itself, you need to check how you get to this website. And again, you need some kind of protection, unbiased protection. Because the more those cameras get more creative and using the latest technology like AI or generative AI, it will be harder and harder to realize you're being scammed.

Maria Varmazes

I was thinking about A browser integrated password manager. Dave and I have talked about this before. You might not be able to tell that you're not@bankofamerica.com but if you have one of those browser integrated password managers, it'll know, hey, that's not the right site. Because this is. Because it's not encumbered by the actual graphic, it's looking at the binary text underneath. And that doesn't match. So it won't enter the password for your banking site into that site.

Unknown

Right.

Maria Varmazes

But I don't know if that's like rock solid, better than nothing.

Unknown

Again, it's not bulletproof. And after all we are talking about people and like your title says, hacking humans. This is exactly it. Because if the tactics, most of the tactics by scammers are trying to make you scared about something that is happening and be an hurry up and enter to your site or website and check that everything is okay. And because they are using this kind of tactics, you will sometimes won't even notice that your password manager, for your example, is not autocompleting your password in.

Maria Varmazes

This website and you might just force it.

Unknown

Exactly. And because of all those tactics and because they're using that on scale scale, they are attacking with instantly millions of people with the same scenario. Even if 1% of those millions of people will get fooled. Just think about how much money and it's so sad to be scammed like that. And so many people and all they did was just send one SMS to a million accounts because then nothing and so much money get lost in this scam.

Joe Kerrigan

Nati, would you say it's fair to say that you just simply should not click through any sponsored ads or content that come up on your browser anymore?

Unknown

Well, of course, if you cannot do that, it would be better. But again, if we say that, so are we sure that other links are okay? So maybe we want to click on them as well and so on. So it's a bit problematic to say don't click anything, just don't use the Internet. You will be safe.

Joe Kerrigan

Right? Right. Never leave your house.

Maria Varmazes

Right?

Unknown

Yeah, exactly. We need some kind of certainty when we are using the Internet. We need some kind of someone that is looking around our back and making sure everything is okay. And also, after all, if we put ourselves on the other side for a second, the entire economy of the Internet is based on advertising. At the end of it, it's free because we are the product. And we can just say, okay, no more advertising, no more sponsored results. We will have no Internet. At the end of It So we need to live with the risks, but we need to be more aware of those. And again, using other kinds of tools and security layers, there are many kinds. Not only browser extensions, not only applications. There are many kinds of security layers that even the common people need today. Not only companies and corporates that are using those amazing products by cyber security companies all around the world. The common people need those kinds of security tactics as well.

Joe Kerrigan

Right? Yeah. Never think that you don't have something of value that someone wants. Well, Nati, thank you so much for taking the time for us. We appreciate you joining us and sharing your expertise.

Unknown

Thank you. Thank you. It was nice talking. And again, awareness, this is the most important part of it.

Joe Kerrigan

All right. Interesting stuff. And thank you to Natital for joining us. He and his colleagues there at Guardio are doing some interesting things. And Joe, thank you for joining me and helping me out with that interview.

Maria Varmazes

Well, I'm happy to do it, Dave.

Joe Kerrigan

Yeah. All right. Well, it is time to move on to our catch of the day.

Maria Varmazes

Dave. Our catch of the day comes from Kenneth, who sent this in. It's very typical. It's an invoicing scam. But it's got some interesting aspects for Kenneth, uniquely that we're going to talk about later. The subject is unexpected payment attempt with an order number from. It says it's coming from order verification sent using Zoho Books.

Joe Kerrigan

Hmm. Okay. It goes like this. We've noticed an unexpected payment attempt on your PayPal account. A charge of $699.99 for 0.00789 Bitcoin from an unknown IP address in Texas. To safeguard your account, we have temporarily put this transaction on hold. What you need to know. This payment does not match your usual activity and we need your confirmation. If you did not authorize this transaction, it is critical to take immediate action. Need assistance. Our resolution center is available 24 7. There's a 800 number.

Maria Varmazes

That's actually.

Joe Kerrigan

Dave, not an 800 number.

Dave Buettner

No, it is not.

Maria Varmazes

Which we'll get to in a minute.

Joe Kerrigan

Okay. All right. And then it lists some details about the actual transaction. Says your next steps with again, that phone number to call. It says if you did recognize this purchase, no further action is required. The transaction will be processed as usual. And then it says, stay secure. We will never ask you for your password, PIN or financial details via email. Always double check unexpected messages before taking action. Important. This is an automated notification. Replies are not monitored. If anything feels off, contact us right away. Protecting you is our priority. Best regards PayPal security team.

Maria Varmazes

This is not the PayPal security team. Protecting you is not their priority. Scamming you is.

Dave Buettner

Spoiler alert. Yes.

Joe Kerrigan

Okay.

Maria Varmazes

If you call these guys, they're going to do all that software stuff that they install a bunch of stuff on your computer, and you're going to. They're going to take all your money. That's what's going to happen. Yeah. Typical scam. But what's interesting is Kenneth, he wrote. I think this one is interesting. I'm currently in Hawaii, and they used a Hawaii area code for the number to call.

Joe Kerrigan

Huh.

Maria Varmazes

Which is why that's the 808 number. I was like, 808, where is that? Hawaii. And then I read the email from Kenneth. Oh, this is interesting. He says it leads to the bigger question. How are they learning this? Or is it random? I don't think it's random. I don't think it's random. Kenneth says he actively interferes with tracking, but he knows it still occurs. There must be some tie between these attackers and data brokers. Even though I use a data broker deletion service, he says he didn't look at the PDF. I. I think Kenneth is onto something here. I think there is something going on behind the scenes. I don't know if they're just buying data from a data broker to make their phishing attempts better, and they're using the legitimate. They're posing as legitimate customers to buy data brokers. Here's the question, though. The bigger question is what part of data brokering is legitimate?

Joe Kerrigan

There's so much data brokering.

Maria Varmazes

Right.

Joe Kerrigan

I mean, it's absurd how much they're. Even if you opt out of everything.

Maria Varmazes

Right.

Joe Kerrigan

They are still tracking you, tracking all kinds of stuff.

Maria Varmazes

Yeah, but it's not pii, Dave. It just uniquely identifies you and ties you to your habits.

Joe Kerrigan

That's right.

Dave Buettner

That's what keeps marketing departments working around the world. Sadly, they love this stuff.

Maria Varmazes

Yeah, I think he's onto something. Maybe they're buying the data. Maybe somebody. Somebody has breached a data broker and they're just exfiltrating the data. I don't think it's like a data broker being nefarious here. I don't think that's the case. I think they're just using a data broker for their intended purposes, but just misusing them.

Joe Kerrigan

The other thing that strikes me about this is you were saying. Cause I said, here's an 800 number, and you corrected me and said it's not an 800 number. Right, but like the whole existence of 800 numbers is obsolete. Right? I mean, there's no such thing as long distance anymore.

Maria Varmazes

Right.

Joe Kerrigan

So you don't need to have a toll free number that's a relic from landlines.

Maria Varmazes

Yes.

Joe Kerrigan

I would hazard to say a lot of younger kids probably don't even know how an 800 number works. Maybe they've heard of it, but they've never used one.

Dave Buettner

Yeah, I think to those of us who remember it, it sort of is the unofficial. This is a business phone number. But I've been seeing them going away across the board. Anyway. I'm getting a lot of phone messages that are, you know, to a direct area code. I don't almost ever see an 800 or 866 or anything like that anymore.

Maria Varmazes

I don't see it either.

Joe Kerrigan

No, I don't either. I just. I'd never thought to think about it. But I guess that's just something that's fading away into the mists of time.

Maria Varmazes

Like so much of our childhood.

Joe Kerrigan

That's right. That's right.

Maria Varmazes

One final note here from Kenneth. Thanks for the informative and entertaining show. Every week. Keep Maria. I find her better than most of the interviews.

Joe Kerrigan

Well, there you go, Maria. Thanks. All right, you can come back next week. All right.

Dave Buettner

Since he says so. Thanks, Kenneth. Stick around.

Joe Kerrigan

You were really on the edge there. But Kenneth put us over the top. So you can come back. You can come back this week. Why don't we make a new rule every week? If someone writes in and says to keep Maria, then she can come back the next week. Otherwise, what do you think about that?

Maria Varmazes

Otherwise Maria will probably still be on the show next week.

Joe Kerrigan

Yeah, I count on it.

Maria Varmazes

Last week I was sitting here, I knew Maria was going to be. Oh, how was the space conference, Maria? I wanted to ask you about that.

Dave Buettner

It was great. Very, very, very rewarding and exhausting. But Dave, you know, doing these events, it's tiring.

Maria Varmazes

Dave and I have a question. Are astronauts cooler than we are?

Dave Buettner

Yes. No hesitation.

Maria Varmazes

Yes. That was my guess last week.

Joe Kerrigan

Yeah.

Dave Buettner

Yes. They're even cooler than you can possibly imagine.

Joe Kerrigan

Yeah. I just think the advantage Maria now has at cocktail parties because she can just say, well, you know, last week I was chatting with an astronaut and Yep, yep.

Dave Buettner

I have a running count of the number that I've met and interviewed and it's like well over a dozen now. It's like, yeah. Are you kidding me? Great.

Joe Kerrigan

That's very cool.

Maria Varmazes

You ever met Mike Collins?

Dave Buettner

I have not, no. Yeah.

Maria Varmazes

Apollo 11.

Dave Buettner

Yeah. Is he still alive?

Maria Varmazes

I think so. I don't know.

Joe Kerrigan

I thought Buzz was the last one.

Maria Varmazes

No, Buzz passed away.

Dave Buettner

No, no. Buzz is very much alive.

Maria Varmazes

I'm sorry.

Joe Kerrigan

I saw Buzz on a TV commercial last week. I'm sorry.

Maria Varmazes

I think of Neil Armstrong. Neil Armstrong passed away.

Dave Buettner

Yeah.

Joe Kerrigan

Neil's gone.

Dave Buettner

Neil died. Yeah.

Joe Kerrigan

I was gonna say Michael Congest as ever.

Maria Varmazes

Yeah.

Dave Buettner

He's in his 90s now. I met Charlie Buso.

Maria Varmazes

You saw somebody in the face who said that he didn't land on the moon.

Joe Kerrigan

Yes, he did.

Dave Buettner

Yes.

Maria Varmazes

My hero.

Joe Kerrigan

Yeah. My response was, if you're gonna come at somebody who landed on the moon, you know, count on the fact that that person is more of a badass than you are.

Dave Buettner

That is a fact, right? That is a fact.

Nati Tal

And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.

Joe Kerrigan

All right, we are sidetracked here, so I'm going to get us back on track and thank Everybody for listening. That is Hacking Humans, brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. Were mixed by Elliot Peltzman and Trey Hester. Peter Kilby is our publisher. I'm Dave Buettner.

Maria Varmazes

I'm Joe Kerrigan.

Dave Buettner

And I'm Maria Varmazes.

Joe Kerrigan

Thanks for listening.