A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner, and joining me is Joe Kerrigan. Hey, Joe.

C

Hi, Dave.

B

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Hello, Maria.

A

Hi, Dave. Hi, Joe.

B

We've got some good stories to share this week, but first, let's jump right into our follow up. Joe, what do we got?

C

So, Dave, we have some follow up from Chad. Super listener, Chad.

B

Okay.

C

He says, not sure if this is the prison scam you were talking about last week, but it was funny that I got this call the day after I heard the episode. Either way, thanks for the heads up. Not that I would have okayed it anyway because he doesn't currently know anybody in prison.

B

Okay.

A

So as far as you know Chad.

C

As far as you know.

B

Right. Day's not over, Chad.

C

That's right. There's always a chance that you may know Joe. Yeah, right.

B

That's right. See how today's show goes?

C

Yeah. Kudos to chad. First off, 99% of his battery with these screenshots on his phone.

A

All right, so pro tip for our listeners, don't send us something in with like the 3% red critical bar on your battery. It will annoy Joe. Yeah, okay.

C

I will be mean to you. Anyway, this is Chad running his Google Assist. Assist by Google. It says, hi, I'm call assist by Google, recording this call for the person you're trying to reach. Can you say what you're calling about? And then the automated system on the other end goes. An offender, Dirk Smith, an inmate at the Corrections Reception center, have requested that your phone number be added to the allowed list for numbers to dial. In order for this offender to call you in the future, we will need your approval. Please answer the following questions. And then it says ending call. And then it goes on to say, are you the person authorized to make. And then that's where the call ends.

B

It hung up.

C

Yep. So this is actually probably not a scam, I'm going to say. Or maybe it is. I don't know, like Chad. I don't know anybody in prison right now either, but I think there are systems like this. I have someone I could ask about this.

B

Yeah.

A

Could it be a misdial? Just.

C

It could be a misdial. It could be a misdial.

A

Yeah. What would be the scam here?

C

They start talking to you, you know, and just start scamming you.

A

Just scamming you because they talk to you. All right?

C

Yeah.

A

Okay. Your existence has been proven. You will be scammed.

B

Well, I just looked up the phone number, and it is from the Ohio Department of Rehabilitation and Correction.

A

Oh, well, it could be faked. They could have faked it.

B

That's true. That's true.

C

Yep. But they could have spoofed that number.

B

Could be spoofed.

A

Derek Smith does sound like fake McNamerson a little bit to me.

B

Derek Smith, Private eye.

C

Right. Yeah. Names that you wish you had. What's your name? Dirk Smith.

B

Dirk Smith, private eye. Yeah. All right. Well, there you go. Who knows?

C

Yeah.

B

Good luck, Dirk. You know, if you don't know anybody in prison, probably best to. To say no to this, right? Although I guess it could also get you curiosity because you could say, well, wait a minute. Is. Does someone I know go to prison? And are they. Are they burning their one phone call on me?

C

Right?

B

Right.

C

I got. I got a funny jail story about that, but not. Not my story. This is someone I know, and they're still alive, so I won't tell you who it was, but there were a bunch of hooligans in. In. In their youth, and this. This person, this guy hung out with a bunch of other hooligans like himself, and they all got arrested one night for being drunk and disorderly. And they go to the. They go to the cop station. And this is back when, you know, if. You know, if. I don't know what would have happened. But it wasn't ever anything serious. Like, this guy never disappeared for any length of time. But they said, all right, you all get one phone call, and one of their buddies goes, I'm ordering pizza. What do you want? Me Just starts taking orders, and the cops like, all right, go sit down in the jail cell for a little bit till you guys sober up.

B

You feel like you're not taking this seriously, Right.

A

To be fair, though, if I was in the drunk tank, I probably would want pizza.

B

Yeah, that's true.

C

Yeah.

A

Sounds kind of nice.

C

There's the Beverly Hills Cop episode or the first movie where Eddie Murphy's in the cell, and he said, I've never seen a prison cell with a payphone in it. I ordered pizza.

B

Yeah. Remind me later. I have a drunk pizza story, but I'm not gonna share it on the air.

A

Oh, listeners.

C

Too bad. I also have one of those. But I will not share it on the air.

B

Actually, I could share this on the air. This is an occasion down at the good old University of Maryland where some friends, we got together. We were actually playing strip poker.

C

Okay.

A

You were? Okay.

C

Yeah.

A

All right. I'm in.

B

There were a handful of guys and a handful of gals.

C

Oh, okay. Yeah.

B

Yeah. All right. And so, you know, we're totally. My. We're totally cheating at cards.

C

Every guy in that room is trying to cheat.

B

Yeah, we're trying to get this game to where we want it to go. Unsuccessfully, of course. So anyway, one of the guys ends.

A

Up naked and nothing but a single sock. And we're not going to tell you where.

B

Yeah. But then also decides that he wants to get some pizza. So, spitting distance from where we were having this game, There was a 7 11. Any of you who went to the University of Maryland back in the late 80s, early 90s know exactly what I'm talking about. So.

A

Oh, so this was not last week.

B

This was. No, no, Maria, it was not. It was not last week. No.

C

Me.

B

Me and a couple of my PhD colleagues down at University of Maryland sitting around in a dorm room, done some.

A

Incredibly crazier things that have happened with.

C

Guys that are now PhDs and other kinds of doctors. Yeah.

B

Anyway, so we. This guy Dec decides he wants to get some pizza, and so we go with him. So he's running down to the 7:11. He's got a can of beer in his hand, but that's it. He's naked. So we're kind of following behind him to Just in case we have to get him out of trouble.

C

You're following behind to laugh at this, right? To see what happens.

B

So he goes into the 7 11, and the guy behind the counter looks at him and says, hey, you can't come in here. And he goes, what? And the guy goes, with that beer? You can't come in here with that beer.

C

I thought he was gonna go, no shirt, no shoes, no service.

A

Right.

B

So our friend puts the. Sets the beer down outside the 7:11, comes in again, naked, buys his pizza, pays, and off we go.

C

Where was he holding money?

A

Where was his money?

C

Great minds think alike.

B

Oh, that's a good question. One of us must have paid the bill. But I don't think. I really hope so otherwise. Where? I remember that. I vividly remember the nudity, and I vividly remember the beer, and I vividly remember the guy behind the counter, but I do not remember. You know what? Might be best not to try to remember where he pulled the money out.

A

Of that's like, does the guy just kind of get a pair of tweezers or tongs and just kind of like who knows?

B

Who knows? And now a word from our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. Let's dig into some stories here. Maria, you're up first. What do you got?

A

You're making me follow that story.

C

You got a phone you want to see 11 visit?

A

And that children knows what life was like before smartphones were everywhere. Seriously? All right, well, I have the toughest act in the world to follow right now. My story comes from Consumer Reports, so I'll bring it down a few degrees.

C

It's a good magazine, Consumer Reports.

B

It's a good organization. No nudity, but no nudity.

A

No beer can or money of mysterious origin.

C

Well, they do have, don't they? Do they rate beers?

B

Yes, sure, go ahead.

C

Sure.

A

It's a derail.

B

Go ahead, Marie.

A

Well, it is October after all, and that makes it National Cybersecurity Awareness Month month. So the liturgical calendar, as we have talked about before, is in full swing for all the things. So Consumer Report is in on that game with some of their friends at Aspen Digital and the Global Cyber alliance. And they surveyed a couple thousand people about the their annual consumer Cyber Readiness Report, or rather they surveyed those people for the Cyber Readiness Report. And they found stuff that I think will just kind of confirm what we've been talking about and suspected in that scams are not only growing, but exposing some deep inequalities and inequities and who bears the brunt of financial losses. And Consumer Reports posted the whole in depth thing. But here are some of the key takeaways. Nearly half of Americans, and sorry for our listeners, this is a very US focused thing. I apologize. Nearly half of Americans have encountered a scam or cyber attack. I think that number is a little too low. I think it's a lot higher than half. But one in 10 who responded to this survey say they have lost money. Hmm. Text message scams specifically are surging, especially for adults ages 18 to 29. Yeah, that one. This one surprised me the most of everything that age group, younger adults, 18 to 29 year olds. I mean, I Know they're on their phones a lot, but so is everybody. Why would they be getting hit more with text messages or just noticing them more? I don't know. That's just a fascinating one. Scam losses, according to this report are not evenly distributed. People in the lowest income households were three times more likely to lose money than those in the highest. And 37% of black Americans who encountered a scam lost money compared to 15% of white Americans.

B

Huh.

A

And yeah, that all this is really interesting. And social media, this is not a surprise, is a major vector for a lot of these scams. 84% of users in this survey reported scammy experiences. Like fake friend requests. I got like four today. Or shady DMs. I got like four today.

C

My wife gets those scam requests or those friend requests all the time and I don't get any of them.

B

I probably get one a week I don't get. Not me.

A

Yeah, Joe, it's your profile picture with the chickens. It scares them off. It's gotta be what it is.

B

This guy doesn't have any spare money. He's spending it all on his chickens.

C

Chickens. That's Eric.

B

He's spending all his money on free eggs.

C

Right?

A

All his money on free eggs.

C

But I also get a chicken that sits on my shoulder, which is pretty awesome. Neither of you have. I'm very happy.

A

Very true. Yeah. And three out of four scam attempts that Americans have experienced began either on email, social media or text messages or through a Messaging app. With 30% of those who experienced a cyber attack or scam saying that it began specifically over text message or a messaging app. And that is in comparison to 20% last year. So that is a 10% increase from last year. So nothing going in the direction I think that we would want. None of this is a terrible surprise. It's just always interesting to have some numbers against it. Sample size is a few thousand people, so do with that as you will. For those of us who are science minded about that kind of thing. Still, there are. The report says there are some positive trends with slightly more people than last year. The percentage numbers are really low. Like paltry more people using password managers or identity theft protection tracker blocker extensions on their browsers and file encryption. And I don't want to give anyone an overly rosy picture like these. Percentages are well under a quarter of respondents saying they use these things. I think file encryption was something like 14%. It's low. And a third of Americans say they still reuse their passwords. I Suspect that number's a lot higher.

C

I also expect that number's higher.

A

A lot higher.

B

A third of Americans admit that they.

A

Still use realize or passwords. Yeah, Admit slash, realize. Yeah. And. And so it's like, okay, when. When you're the marketing person writing these reports, what's the key takeaway? That this is not great. Consumer Reports is saying individuals need to improve their cyber hygiene with tools. And they have a whole bunch that they recommend that people can buy. I won't give them free advertising. You can look into it yourself. Consumer Reports is saying industry and government needs to step up. And I'm just thinking, as of time of this recording, the US Government is shut down.

C

Right.

A

So maybe don't look to them right now. So it's not great. More awareness, et cetera, et cetera. Yeah.

C

Funny, this. Cybersecurity is one of the things that gets broad bipartisan support. Like, broad. I mean, like unprecedented bipartisan support. But nothing ever happens.

A

When you say support, do you mean words or actual actions like you hear?

C

Like right now we're talking about the budgets because of, for example, healthcare spending. Well, that doesn't get broad bipartisan support. Like, one party wants it, the other party doesn't. When you say we need to improve the cybersecurity for Americans, nobody goes, no, no, no, we don't need to do that.

B

Right?

C

Everybody goes, yes, yes, yes. We need to do the harrumph, harrumph, harrumph. And then nothing happens.

A

Well, yeah, then the rubber meets the road in terms of actual policy get passed or potential laws or regulation, and then that's where things fall apart every time. So, yeah, Dave, you're in this world more than any of us.

B

Well, yeah. I mean, yeah. And the thing about the government being shut down, what Also expired was CISA 2015, which is the information sharing legislation that makes it possible for companies to share threat information with the government. So with that legislation sunsetting before having the opportunity to renew, I don't think it's an exaggeration to say we're less safe.

C

Yeah, well, the government's not getting the threat information from companies now and organizations.

B

Like CISA who are responsible for helping keep our critical infrastructure up and running. Two thirds of their staff are currently furloughed.

A

Yep.

B

So.

C

Yep.

B

Again, less safe.

C

Yeah, not great.

A

Not great. Yeah, it's. It's always alarming when, you know, things are going in the direction overall that we don't want when it comes to people's safety and how people are being impacted. And it Seems less and less is actually able to be done about it. On the government side. It's. If we're just looking for industry to fix all this, I mean, we've seen industry doing what it's done so far.

C

Right.

A

It's not enough. So I guess the impact is even more on the consumer than ever, which is not great.

B

What do we make of some of the splits here that this research found with household income and also race? People with low incomes are three times more likely to lose money. That's quite a stat.

C

Yeah, I think, I don't know. There's definitely socioeconomic things here at play when you compare that to race. So I think those two are related.

B

Yeah.

A

And.

C

I think it's, you know, it's not surprising to me that people at the lower end of the income spectrum are more likely to lose money than people at the higher end of the income spectrum.

B

Yeah.

C

Because first off, when you're talking about the way these scams, the way these scams work, they're talking about amounts of money that somebody at the higher end, you know, they're promising amounts of money to somebody at the higher end of the income scale is just me. Like, I don't need to waste my time with this. Where someone who's at the lower end of the income scale is going to be like, oh, here's an opportunity for me.

B

Right. Here's my chance.

C

Right.

B

Yeah.

C

Yeah.

A

Well, thinking also disposable income. I have a bunch of tools on my phone that I pay for to block spam calls.

C

Right.

A

Because it should be free, but it's not.

C

That's another factor as well.

B

Yeah.

A

And you know, I have the income to do that, but if I didn't, I would just be getting a barrage of this stuff all the time, even more so than I already do.

B

Yeah. I'd say probably education is a component as well. If you are more likely to have gone to college, you probably spent more time learning about things like critical thinking or skeptical thinking. So that probably tracks some as well the opportunities that people in higher income homes would have than those in lower income homes. But still, three times, that's a pretty stark number. Yeah.

A

Yeah. I mean, I think also systemic racism that keeps a lot of black people out of the sciences. That kind of. You see how that often can shake out with, if you don't know somebody who can advise you directly on a lot of this stuff, someone in your community that you trust, you don't have that sort of community knowledge getting out there that can be, that can Affect you. So, you know, to me, it's an interesting way that, you know, there are these repercussions of things that seem abstract on a day to day way.

B

Right, right. All right, interesting. Well, we will have a link to that Consumer Reports report in our show notes. Joe, you're up next. What do you got for us this week?

C

This story actually came to me. I became aware of it through a meme my son sent.

A

A meme.

C

Yeah, it's where I get a lot of my news is from memes.

A

Through the memes. Okay.

B

The memes that your children send you.

C

Yes.

B

All right.

C

So funny.

A

But actually I went, 20, 25, isn't it?

C

I went out and I'm like, is this true? And I found out this is true. And the Drive, Andrew Collins over at the drive has a story that we'll put a link in the show notes to do. Do you guys know who Tai Lopez is?

B

I do not, no.

C

You guys are lucky because I've had to go out and learn who Tai Lopez is today. So do you remember like 10 years ago when you'd go to watch YouTube videos and there'd be some guy standing in front of his Lamborghini going, you see the Lamborghini in my garage? And then he turns around and goes, but I really like these because knowledge is better. Do you guys remember that video?

B

I do not.

C

Oh, you don't? Came up on everything I had for some reason.

B

Okay.

C

I mean, I got sick of seeing this guy's face. Well, that's Tai Lopez.

A

Okay.

B

Okay, so something about you made the algorithm put this in front of you.

C

Yeah. And I don't, I don't know what it was, but he bought a bunch of pre roll ads. And what was he selling? He was just selling some kind of course that had monthly subscriptions. And. And he was going to tell you how to be, how to be successful in life.

B

Okay. And he happened to know where across town there was a guy with a Lamborghini who left his garage door open.

C

Or you know, somebody. Yeah, somebody. We're going to get there, Dave.

B

Okay.

C

But so this guy has actually built up a considerable following by talking into the Internet and saying, I'm smart, I know better than you. I'll tell you what to do. Here's how you live your life. And you can think of him as who's that guy that had to run away to. Andrew Tate. That's his name. Think of him as like a less offensive answer. Andrew Tate. Version of Andrew Tate.

B

Okay.

A

In the basement, but okay. Yeah.

C

Right. You know, the, The. You know, the same kind of thing. I. I can help you. I know what's going on here. Here's what you need. Here's how you need to live your life. That kind of stuff.

B

Okay.

C

Yeah. So eventually with. With his street cred, he went out and he started up a company. Well, the SEC just filed a civil complaint against that company and against him and against Alexander Mayer, who's the co founder of this company. It's called retail Economic Ventures, LLC, or REV. They also named REV's Chief Operating Officer a woman named Maya Birkenroad. So here's what happened. These two people, Lopez and mayor, raised $112 million from retail investors across the US so that, to me is first off, impressive that they were able to. This guy was able to create a presence online for himself and then say, I'm going to start up a business and here's what I'm going to do. And he was able to raise $112 million. Okay. With, like, absolutely no experience or credentials, it would seem.

B

But an active YouTube presence.

C

But an active YouTube presence. So what did they do? Well, here's the pitch. It actually sounds pretty good to me. It might sound. I mean, it sounds like a viable thing.

B

And that's why you're getting all those ads, Joe.

C

Right. They went out and they bought distressed retail business brands and they converted them to online only stores. Now, you've heard of some of these stores. All right, I'm going to read off some of the stores. They bought Brahms Dress Barn. You guys heard Dress Barn, right?

A

Heard of it, yeah.

C

Yeah. Worst name. There are places I don't go because of the name. Dress Barn was one of them. Not because they just. But I like my wife. Why would you go to a store called Dress Barn? He's like, come on in and get your dresses, you cows. You know, I always thought the name was, like, just a terrible business name.

B

Yeah.

C

And like, there's restaurants I won't eat. Like, I won't go to the Bonefish Grill, because that sounds disgusting. Bone and fish, two of the things I hate eating.

A

You know what really grinds your gears, Jerry?

C

Here's another one that you've probably heard of. Oh, my God. Franklin Mint.

B

Oh, yeah, yeah.

A

The Franklin Mint.

C

Right? Franklin Mint now is now Franklin Mint Online. Linens and things.

B

Okay.

C

Models, remember, gotta go to Moe's, Pier 1. My wife used to love going to Pier 1.

B

Yeah. All of our plates and bowls and everything are from Pier 1. Yeah.

C

And the saddest of Them all, Dave. Radio Shack. Yeah, these guys bought Radio Shack.

B

That breaks my heart.

C

It does. Oh, it's now just an online presence. Also Stein Mart, which I think at some point in time, I own stock in.

A

I might, you know, not familiar with that one.

C

It was a Southern. Like Marshalls in the South, I think. Marshalls in the South.

A

Okay.

C

If. If my research was right, which it may not have been, who knows? That sounds like a stock. I'll buy it anyways. What this. What this complaint that the SEC is filing is alleging is that they sold securities in the form of unsecured notes promising 25% annualized returns, and they also sold equity membership units with a monthly preferential dividend of as high as 2.08%, which, if you are reinvesting, that comes out to be about 28% return annually.

A

Okay.

C

Right out of the gate. I'm dubious.

B

Yeah. Those are high returns.

C

Those are very high returns. Very, very high returns.

A

Okay. Yeah. I was going to say, using the Rick and Morty meme, this sounds like a Ponzi scheme with extra steps.

C

Oh, oh, hold on.

A

Okay.

C

Are you reading ahead on this one?

A

No, I'm trying. I'm like, this. This smacks a Ponzi scheme to me.

C

It does, doesn't it? So it says like. It's like it could be leading to one. Well, it does kind. The word Ponzi does come up later. So. The complaint also alleges they made false statements about the success and profitability of their business model, Rev. And the profitability of these brands that they bought. Like, models is. Who goes to Models for sporting goods stuff? I don't know anybody. Everybody goes to Dick's, right?

B

Oh, yeah. I guess so. I don't know.

C

Right. Dress Barn was a good store, but with a terrible name. Franklin Mint. Was. I. I don't know. That Franklin Mint ever had a store, A physical store?

B

No.

A

Wasn't just a catalog. Yeah.

C

So, I mean, so these brands.

A

Brahms, the candy. Is that the, like, the candy guy? Brahms.

C

Are you thinking Brock's?

A

Brock's. What was Brahms then? I mean, I know composer, but, like, what was.

C

I actually don't know.

B

Brahms is.

C

I'd have to stop. Stop what I'm doing now and Google it, okay?

A

Someone's going to have no time for that.

C

They also alleged they made false statements about the safety of these investments. And here's some of the things they did. And, Marie, here's where we're gonna get in the Ponzi scheme. First, they transferred $5.9 million in investor proceeds directly between portfolio companies. When they said that's not what they're gonna going to do. Right. So in other words, they're, you know, Maybe they put $5.9 million into Radio Shack and then they said, okay, we're gonna move that money over to Stein Martin. And they said no, once we, you know, they said they weren't going to do that and they were doing it. Now here's the good part. At least $5.9 million in returns were distributed to investors. But in reality they were like Ponzi. They were Ponzi like payments funded by other investors. So they were taking money from some investors and paying out other investors. Now they weren't full on Ponzi scheme because they weren't. That wasn't the entire business model. They actually had this other business model in there. But these are Ponzi like activities. The defendants also misappropriated $16.1 million in investor funds for Lopez and Mayer's personal use. So they just took it out.

B

Yeah.

C

Now the SEC's complaint is online. They have a news release and a complaint that we'll go to. I want to thank Ben Yellen for. I sent him an email today asking him if this was civil or criminal. He said it's a civil complaint. So here's my big point with this one. This is another social media influencer who is, you know, full of hot gas. Essentially. He has misled, allegedly misled these investors and talked people out of $112 million. And maybe he had the best of intentions with his money, but that's not where it went. And it seems to me like he doesn't know how to manage a business. When you're talking about moving money around and promising these huge returns on things, people just believe him. So if you go to his YouTube page, he still has 200 or 2.5 million followers on his YouTube page. And he has a video on the top of the page from eight years ago where he's sitting on the granite countertop in his kitchen. The garage door is open and the lights are on in the garage.

A

Right.

C

While he's sitting in the kitchen filming. That's just so you can see the car in the background. So you're looking like, hey, what's in the garage? And this reminds me of a trick someone tried on me once. You all have the family member who's into some multi level marketing thing, right? Oh, yeah, everybody has that.

B

Or if you haven't, you will.

A

Yeah, yeah, I have a sort of something adjacent to that. Yes. Yes. Yeah.

C

So we have someone in our family. We don't keep in touch with this person anymore, but this guy, big into one of these multi level marketing companies. And we go down to his house. I think it was for like a Christmas or something like that. And I'm sitting at his counter, and I look over and there, sitting right next, right next to where I'm sitting on the counter is a W2, right. That he. And it has his name on it. And I pick it up. And this was back in like the mid-90s. And the W2 says on it that his income for last year or for the. For the. For the last year was $100,000 even. And I'm like, I pick it up, I look at him. Right? Exactly. Number one, I pick it up, I look at it and. And he looks at me and goes, pretty good, huh? You should get. You should get into this MLM thing. And I put it down, I go, yeah, that's pretty amazing.

B

You know, I usually leave my W2 laying around when I'm gonna have guests over.

C

Exactly.

A

My important tax documents just on my.

B

Kitchen counter like one does, you know, medical test results. I just tack those to the fridge. Yep.

A

All my primary colonoscopy results. Bam. Right? The imagery, right on the fridge.

C

I actually do put those in the fridge.

A

No, you don't.

C

Keeps me from eating. So remind me to never come over.

B

To your house for dinner.

A

Check out those polyps.

B

Lost my appetite.

C

Yes, it's doing its job. But the point is that first off, if you have your own business, you have to have some kind of tax software to print up these documents if you're paying yourself. I don't even know if he was paying himself with a W2. That doesn't seem realistic. Yeah, right. He's probably. Anyway, he printed this up with the tax software and just left it laying around for when people come over and they see it. And they would invariably pick it up, hey, here's something I'm curious about. And he'd go, yeah, it's pretty. Pretty good, huh? That was his. His shtick. This guy is the same thing. All of these influencers, whatever you see on their sites, they're fake. They're all lying to you. Everything is fake. The fake private jets, the fake weights that weigh like 15 pounds when they're. When they say 40 on them, they're all fake. The rental Lamborghinis, that's not a Lamborghini that guy owns. It's in he. And maybe he does own, I don't know. But there's. You can rent those things. All of this stuff is fake.

B

Yeah.

C

Don't buy into the influence culture. We give them way too much credibility, power. I don't know. We spend way too much time to influence. Yeah. These influencers have way too much influence, and they do nothing.

B

As a friend of mine said, dear friend, wise friend said, the type of car someone drives does not indicate how much money they make. It merely indicates how they choose to spend their money.

C

Correct.

B

Because anybody can rearrange their finances in such a way to have a very nice car for whatever amount of time. I always think of the guys. I always think of Crockett and Tubbs from Miami Vice, you know, like, live in these little, you know, cruddy little apartments. But they were driving these, you know, super nice. Super nice cars. I guess their story was that they got them from, like, police auctions or something. But still. Yeah. Car is never a good judgment of what someone's true financial status is.

C

I drive a Scion XB. Have for the past 15 years.

B

Yeah.

C

When I bought that car, the guy was like, we normally don't see guys like you buying Scion xbs. Do you want to buy a Lexus? Because it was a Toyota dealership.

A

It's a bit of a humble brag, Joe.

B

Guys like you.

A

A little humble brag from Joe.

B

Is this because you were wearing your Rolex and your gold chain?

C

No, I was not.

B

Your Mr. T starter set.

A

You're obviously a man of.

C

When I financed it.

A

Finances and good taste. And by the way, you look great.

B

Wearing a tuxedo and a top hat at the car dealership. Indubitably.

C

I made. Right. Yeah, that's right. With my monocle.

B

Yeah.

A

Mr. Peanut rolls up.

C

How can I look. I was about to say, how can I look more like Mr. Peanut when.

B

The limo driver opened the door for you to get out at the key dealer.

A

Yes.

C

I wasn't. You know, I was making less money than I do now. But it wasn't. It wasn't as you would expect, due to inflation. Sorry.

B

Old money bags. Carolyn Kerrigan.

A

You know, podcasting is a great way to get rich fast. I don't know if I said that.

B

On the show, but it's.

C

Especially if you're willing to lie to people.

B

Yeah.

C

Anyway, I mean, the guy saw how much, and he said because he knew he could get me into Alexis, I didn't want to go into Alexis because the payment would have been like, four times as high, and I didn't want to spend $800 a month on Alexis.

A

When I could have easily afforded. I'm sure.

C

No, I could not have afforded it.

A

But he could have done it, all right.

B

Joe could have bought the Lexus with the his couch cushion change, you know. How do you think he affords all those chickens?

C

Chickens are eating me out of house and home.

A

These things eat so much they're driving the Lexus is what I'm hearing.

B

That's right. Lexus chickens. That's a good question, Joe. What is the lexis of chickens?

C

Oh, that's a good question.

A

Do you really?

C

The one that's all black? The black chicken.

B

Oh, even the eggs are black.

C

Yes.

A

Yeah, Batman chickens.

C

Those are expensive chickens.

B

Is that right?

C

Yes. I'll bet my father in law actually has one. I don't know if it lays the black eggs, but it is an all. It's beautiful chicken.

A

An obsidian chicken.

B

It is all right. Shall we move on then?

C

I come from a chicken family, apparently. Yes, we should move on and stop making fun of me for how much money I do or do not make.

B

Yes, it doesn't matter. It's just what the people think you make, Joe. It's how you carry yourself.

A

Yeah, dressed like Mr. Peanut, but with a cowboy hat.

B

Right, right.

C

Cowboy hat.

B

Cowboy hat. Yeah, that's true. Like you dress like. Who's the owner of the Cowboys? The Jerry Jones. Yeah, you just walk around like Jerry Jones.

C

I'm more like Doug dimidone from the Fairly Odd Parents.

B

All right, I tell you what, let's take a quick break here to hear from our sponsor. We'll be right back. And now back to our sponsor, ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on Endpoint security designed to prevent unauthorized software from running control how applications interact and manage access to storage devices. Its building blocks are allowlisting, ring fencing and network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change, shut out cybercriminals with world class Endpoint protection from Threat Locker. And we thank ThreatLocker for sponsoring hacking Humans. And we are back. My story this week comes from. Where does it come from? It comes from researchers at Threat Fabric, which is a mobile security company. They are Dutch and they are spreading the news about a new Android Banking Trojan called datsbro D, A T, Z, B, R O. Because dats bro. Of course dats bro.

C

Right.

B

And what they're doing here is they're taking advantage of senior citizens. Evidently this first came up in Australia, but has been spreading around the world. Doesn't seem like it's in the United States, but trust me, it's only a matter of time.

C

It'll be here.

B

It's already in other English speaking nations, including the uk. And what they do is they focus on elderly people who are looking for social activities, trips or in person meetings, things like that. And they create Facebook groups and they share AI generated content which claim to organize activities for seniors. And when a senior sees this and they say, oh, this sounds good, I would like to go on a trip or I'd like to get together at my local 50 plus center or whatever.

C

I don't think a 50 plus is a senior anymore. Dave.

B

Yeah, I know you. I know. Me neither. But the truth hurts. And you know that day that Maria, the day is coming for you when the AARP magazine shows up in the mail.

A

I got mine at 29.

C

What?

A

I was so mad. I was about to turn. I was like a month away from turning 30 and it showed up and I was like, this is really mean for someone who's already feeling very self conscious about turning 30, which was some time ago.

C

Hilarious.

A

This is some sick joke.

B

Wow.

A

So I've already crossed that one.

B

Okay, well, all right. Well, at least you pulled that band aid off.

A

I did, I did.

B

So if people express willingness to participate in these sorts of events, they get contacted via Facebook messenger or WhatsApp and they're asked to download a file from a fraudulent link, which is download.seniorgroupapps.com and they're downloading an APK file, which before the show Joe informed me is an Android package. Like an Android executable package, right?

C

Yep.

B

And this app is malware. Once they install the malware, it allows all sorts of bad things to happen. It's an Android banking trojan. It can record audio, it can capture photos, it can access files and photos on your phone. They can do financial fraud through remote control. So basically they can keylog they have full control over your Android device if.

C

You install this complete RAT remote administration tool. Remote access tool.

B

Yeah. It can do overlays, so it can hide what it's doing behind the scenes. So really powerful stuff. And of course, when you install this, you're giving this app permission to run free on your device, but you have to.

C

Does it Circumvent the developer setting.

B

Don't know.

C

Okay.

B

Don't know.

C

So they probably have to convince you, do some kind of social engineering to get you to turn that on so that you can install third party apps.

B

Yeah, yeah. So the researchers think this is the work of a Chinese speaking threat group and the command and control servers seem to be Chinese and so they're just trying to spread the word about this. Be careful of Facebook groups. I'd say be careful of anything on Facebook, period.

C

I'm wondering if it's Chinese or perhaps North Korean, but I don't know how much Chinese North Koreans speak.

B

Yeah, I don't know. I mean, they're just saying there's a lot of Chinese language in the debugger and strings in the malware source code and things like that.

A

That's why they're cautious to not attribute it to a nation, because it's for exactly that reason.

C

Because if you listen to the Lazarus heist all the way through, which is, by the way, a fantastic podcast, highly recommend it, they talk about how the Lazarus group goes, doesn't do a lot of their hacking from North Korea since there's no infrastructure, they go to China and do it and they have these facilities in China that host them and they do a lot of their hacking from China.

B

Yeah.

C

Fascinating. The podcast is great. I highly recommend it.

B

Yeah, it doesn't surprise me. And as Maria was alluding to, a lot of times, you'll see the bad guys will put in some other nation's language to try to throw people off the track.

C

Yep, yep.

B

So they'll say, oh, look at all that Russian in the code here. It must be Russians, but it's the Chinese or the North Korean.

A

Attribution is very tricky.

B

It is the Iranians. Yeah. So we'll have a link to this in the show notes. I would say one of the things worth checking out in this article is they have some screen grabs of the fake Facebook senior groups and they look legit. They're full of AI generated photos of smiling people of, you know, diverse backgrounds and origins. And so smiling old people square dancing. Yes. So by all accounts it looks legit, but it's not. So it could be a good thing to share these pictures around to try to help your friends and family have a good sense for this kind of thing. So again, we'll have a link to that in the show notes. Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day was sent in by Cameron and it's just a Screenshot of a very urgent message from somebody.

B

Urgent message from Union Star Bank. Greetings from Union Starbank Financial Group. I have urgent message which needs to be attended appropriately. Did you authorize anyone named Mrs. Mary Johnson to come to our office in 1863 King Arms Yard, London, United Kingdom Union Starbank Avenue in respect of your US$5.5 million which has been credited with us for the past months now by the federal government to be transferred into your account. She said that you authorize her to pick up the inheritance. Your kindness has been in our custody for the past six months now and we've been waiting for you to contact us. But we don't know what is hunting you from reaching us since what? So we decided to write you to make sure you are fine and worth of the injury fund of $5.5 million in our office in Union Star bank which Mrs. Mary Johnson wants us to transfer to her bank of America account. So your urgent response is needed before we proceed with this transfer to Mrs. Mary Johnson account. We want to get you back to us with the following information requested. Absolutely. If you are interested to receive your funds, send your information requested to start working on receiving your $5.5 million inheritance funds immediately. Thank you. Send your information needed your fully name, your phone number, your address, your driver's license. Yours in service, Mr. Anthony Sherritt.

A

Breathe.

C

Was there only one period in that entire email?

B

Yeah, it's one big long run on sentence.

A

Mrs. Mary Johnson.

C

How many times does the guy say Mrs. Mary Johnson?

A

I love Mary Johnson.

C

I love some of the wording in here. It changes from inheritance to injury fund. There's something in there.

A

What is hunting you?

C

Hunting you. That's what it is.

B

What is hunting you? Yeah, seeking you obviously translated from something else and then not run through a modern LLM to clean up and absolutely not.

C

So again, this is one of those old school Nigerian print scam type things. But this is the fake inheritance or the fake lottery winnings or the fake. It's the same kind of thing. But they didn't run it through an LLM because they want to filter out people that will look at it and go, this is just garbage. Why would anybody send this out? They want the people that go, hey, I might want to respond to this higher level of gullibility because if you believe this, you'll believe just about anything they say.

B

True, true, true. All right, well, thank you Cameron for sending that in. We do appreciate it. And of course, if there's something you'd like us to consider for our catch of the day. You can email us. It's hackinghumans2k.com thank you to ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com.

C

And.

B

That is Hacking Humans brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmazes.

B

Thanks for listening.