A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner, and joining me is Joe Kerrigan. Hey, Joe.

C

Hi, Dave.

B

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria.

A

Hi, Dave. And hi, Joe.

B

We've got some good stories to share this week. We got any follow up first? Joe, what do we got?

C

We don't have any follow up. Nothing new about the chickens. They're just maintaining. But I do have an interesting thing. I almost put this in my story, and I guess I'm gonna do kind of a short story today. So may this will be. I'll do the first story, then the. Then I'll do another story later on. But anyway, this actually happened to me. I was sitting in my office doing what Dave does best, minding my own business, and my phone rings. And it's the old house phone that now rings on my cell phone, thanks to an app, okay? And I answer the phone, and I debated answering as Mabel Johnson, but I didn't do that. I just answered it. And this very gruff guy says, joe Kerrigan. I'm like, yes, this is Joe. And he goes. He then says, this is deputy so and so. I can't remember. He gave me a name. And he said, badge number. This from the Sheriff's county or. He didn't say deputy. He said sergeant. Sergeant so and so from the Carroll County Sheriff's Department. Badge number, this. So I get out my notebook, right? And I write down Carroll County Sheriff's Department. I go, let me get your name again. And he goes, he goes, you know, he tells me his name and then his badge number, and I'm like, okay, the last name again. He goes, you got it this time. I mean, you're really getting frustrated with me. I'm like, look, I'm just writing this stuff down, all right?

B

Yeah.

C

And I said, I got it. Let me read it back to you, make sure I got it right. And he's getting frustrated with me. And he goes, yeah, I'm calling about a missed jury duty. And he says, we sent this to your address. And he reads out an address that is not correct, but is a past address.

B

Okay.

C

Right. So his information is a little outdated. And he says, you missed a summons to a grand jury. Ooh And I'm like, oh, okay.

B

Grand jury.

C

That's interesting, right? Yeah. Grand jury. Grand jury summons.

A

That sounds so great.

C

I said, look, Sergeant, I'm sure that you're well aware that there are lots of scams like this that go around where people get scammed out of money. So I'm going to look up the number to the Carroll County Sheriff's Department, and I'm going to call that number. And I'm sure that when I. When I put that, you know, when I tell them I need to talk to Sergeant, so. And so they're going to transfer me right to you. Right?

B

Yeah.

C

And he immediately said, you know, this is a scam. He had a couple extra expletives.

B

Really? He owned up.

C

Yeah. He said, this is a scam. Get off my phone. And he hung up. Get off my phone. Like, I called him.

B

Well, yeah.

C

So the interesting thing about this is that I do this all the time. Right. I talk about this all the time on this show, and I think about social engineering all the time.

A

We.

C

When this guy called me, he called me from. I don't know where he was calling from, but he spoke with an American accent, and he spoke very forcefully and authoritatively. And even though I knew it was a scam, there was still that little thing in the back of my mind that I got nervous about it. The adrenaline fired off.

B

You don't want to get in trouble.

C

Right? Exactly. I still experience physiological response to this call.

B

Right.

C

It was. I mean, I knew it was a scam. I totally knew it was a scam, but because this guy was, you know, telling me he's an authority figure, and I think I actually kind of relaxed once I started asking for his name. Because if you. If you're on the phone with law enforcement and you ask for their name, they're going to let you write it down.

B

Right?

C

Right. They're not gonna get irritated with you making sure that you got the correct spelling and right badge number. And this guy did. So that was kind of relaxing. I'm like, this, this all chalks up to scam. But I powered through the I'm gonna call you back part, and it was not as easy as I thought it would be.

A

Yeah. Do you think of yourself as someone who normally responds to authority? You know what I mean? Like, you know, some people go, oh, authority. If someone tries to bring it down on me, I, I, I'm a contrarian. And I obviously go, no, f you.

B

I'm sorry. Wait, Maria. Joe. A contrarian?

C

Yeah.

A

I want to hear I, I, I'm.

B

Beating him a little bit, Dave.

A

I want to hear him say it. I want to hear him say it.

C

I tend, I tend to be very contrarian.

A

No.

C

And especially with, like, elected officials, like, I have very little patience for anything with them. But when I'm dealing with law enforcement, these are people who carry guns and can kill you and get away with it. So it's a different discussion. So the thing you have to remember about law enforcement is when you're dealing with law enforcement, they're not, you know, they're the tip of the spear of the legal system. They are not going to judge you, they are not going to prosecute you. They are not going to do any of that. That is all other people's jobs. Their job is to enforce the law and stop you if you're committing a crime. And then if you are being charged with the crime, they're also in charge of arresting you. And I'm sure there's other stuff they do as well. Yeah, but that's not the point at which I become the contrarian when I'm talking with the big tough guy with the gun. Right. That's when I just say, you know what? I'm not talking to anybody. I want to talk to my attorney. Or I say, you know what? I'm going to call you back on the sheriff's line and I'm going to ask to be transferred to you. Interestingly enough, I did actually call the Carroll County Sheriffs and I told him who I was and I said, I gave him my name, and I said, what I do with this podcast? And I said, I just got a phone call from somebody impersonating you guys with a jury duty scam. He's like, you didn't send me money, did you? I'm like, no, I didn't send him any money.

B

Retirement.

C

Send him all my bitcoin.

B

Is there like an implied bonehead at the end of that sentence? He didn't send him any money, did you, bonehead?

C

I said, no. And I gave him the phone number that he called me from.

B

Oh, that's good.

C

And the information that he, that he provided. And I said, look. He said, and he put me on hold. I think he looked me up and he said, hey, I really appreciate what you're doing. I think the podcast is great. So that's good.

A

That's good.

C

Yeah. So I let the Carroll County Sheriff's Department know this guy's going around and pursing him, and I don't even think that sheriff's Departments have sergeants.

B

Do they?

C

They have deputies and they have sheriffs.

B

Oh, I have no idea.

C

Right.

B

I have no idea. But I think one thing I'll note here is that we've heard about these scams where this exact scam where the person will be impersonating a real sheriff.

C

A real police officer. A real sheriff. Right.

B

So they'll give you a real name and a real badge number.

A

Yeah. How are you gonna check?

B

Well, but exactly.

A

Let me look up in my database. You know, but if you Google them.

B

If you go, let me just quick, look this person up with the name and sheriff, they'll pop up.

C

Right.

B

So that's what makes it so important to make that call back, to not believe that it's them.

C

Right. Because they can do that research just like you can.

B

Right.

C

They have Google as well.

B

Yeah, everybody does. All right, well, I'm glad you didn't get scammed.

C

I didn't.

B

There's no fun to deal with. No, no, not at all.

C

But I really wanted to accentuate the, you know, the fact I talk about this all the time in this show. Talk about this with other people, talk about this with my parents, my family members, my friends. But when it came down to it, there was still a physiological response.

B

Sure. Yeah.

A

Yep.

B

Yeah. I think I would experience the same.

C

Yep.

B

We're all human. Every attacker counts on one thing. Environments that trust too much. Threat Locker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with Threat Locker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. All right, well, let's get to some stories here. I'm going to start things off. Actually have two stories here because they're both kind of short. The first one comes from the folks at. Is it Maria? Do you know if it's Tech Nadu or TechNedu? Any. Any opinion there?

A

I don't.

C

It's the Technadoo. Going back to last year.

B

Is it supposed to be.

A

Is it from Tamil Nadu or is that. Where is it? I don't know.

B

Tech Nadu. I'm going to go with Nadu. N A D U. Anyway, their cybersecurity team was writing about a phishing scam that's targeting Apple pay users using both voice and email. And because they're using voice. You know what that means, Joe? It's vishing it's vishing.

C

It's a scam phone call.

A

Did you have to whisper that?

C

Yeah, I don't like saying it. If somebody missed the word, it's not an important word. Disregard it.

A

Joe's asmr.

B

He feels shame when he has to utter it out loud.

C

Yes.

A

Oh, it's by the way, it's Tech Nadu. Like as in Tamil Nadu.

B

Okay, thank you very much.

A

Yeah, just check that.

B

So what this does is they send you an email that looks to all the world like it comes from Apple and it says that there is a transaction that's been blocked and that they need you to call a support number to unblock the transaction or to check out the transaction, verify the transaction, whatever. And so you get this email that looks like it came from Apple. Looks legit. I'm looking at a picture of it here. Looks legit to me. Has the design sensibilities of Apple. And when you call now, it's no longer phishing. You're on the line with them. So it's a voice thing. And then the folks on the other line pretend to be Apple support and they're looking to get your Apple ID credentials and verification codes and financial data by impersonating Apple support staff.

A

Fun times.

B

Yeah. So this article says, be careful who these things come from. The return address on these emails don't come from an Apple domain. So that's a red flag. But they also say what we say all the time, that Apple's not going to do this. They're not gonna email you and ask, call them.

C

Right.

B

The last thing in the world a big tech company wants you to do is call them.

C

Right, Right. They want you to give them your money and go away.

B

Right.

A

Don't make me hire someone to have to talk to you.

B

Yeah, right, right, right. So this is a quickie. We'll have a link to that in the show. Notes. The real thing I wanted to highlight here. I was looking around actually for our catch of the day for today because we had someone was in the studio earlier this week who I was chatting with and they said that they particularly like scams that come out of Australia because of my spot on Australian accent that is imperceptible from the real thing.

C

That's right.

B

It's as if I actually grew up there.

C

Yes. So we tell him that. So he keeps doing it.

B

Yeah.

A

I felt a whole bunch of people just full body cringe. Right?

B

No, people just pulled into the median and drove their cars into trees. But in doing my search, I came across a Website from the Australia, the afp, the Australian Federal Police. I believe it is Fire apartment. No, it's not Fire apartment. Fire apartment. Australian firepopment. Right. No, but this is an excellent page. We'll have a link to it in the show. Notes about romance scams. And this page was just published a few days ago, but it has videos about romance scams. But it runs through a lot of the things that go with romance scams and it's just really well laid out. This is a page I would send to friends and family. Right. The information on here is excellent. It's easy to follow and really lays it all out and helps figure. Helps you figure out how to fight this sort of thing. For example, they have a section, how do romance scams work?

C

This is brilliant, by the way. I just read it. It's so concise and so beautiful, right?

B

Exactly. They say knowing the pattern makes scams easier to spot. They say while every scam is different, romance scams often follow a familiar pattern. There's contact, trust building, excuses, a crisis or opportunity, money requests. And then they disappear or repeat and they flesh out each one of those. But then they have advice for protecting yourself from this sort of thing. They say don't move the chat to another platform.

A

Yep. Never go to a second location.

B

That's right. Verify the person. Ask to video call or meet in person. Never send money or share accounts. Watch out for romance scam tactics. And they mention things like love bombing, emotional manipulation and pressure tactics. And talk to someone you trust. Talk to your friends, your family, people around you. Because as we've mentioned here many, many times, they try to isolate you, Right?

A

Yep. Or they try to find people who are already very isolated and that makes it harder. Especially the love bombing, I think. People who are already very lonely and vulnerable. How could you not love being love bombed? It feels so soothing.

B

It does.

A

Yeah, it does.

C

A couple comments I have on this. Verify the person. They say, reverse image search. Check the social media presence, contact legitimate organization or the person directly. The last part is good. But if the romance scammer is impersonating somebody, you're gonna find them in these reverse image searches and they're going to show up with the name of the person that you think they are.

B

Yeah.

A

Or if they're trying to. If they're being a brand new person that they've generated with AI, you're never going to find anything of them.

C

That's correct.

A

There's a lot of that going on now too.

C

It's a good way to eliminate somebody as A scam. But them passing this wicket does not mean it's not a scam. It's kind of an awkward way of saying this is helpful to eliminate people. But it doesn't confirm that you're dealing with this camera.

B

Yeah, no. It's a sum of many, many different signals that you should keep track of. But I guess the big picture thing here is that I was struck with how fantastic this webpage is when it comes to romance scams. So I highly recommend that everybody, if you have friends, family, loved ones, whoever you think might be subject to this sort of thing, we'll have a link in the show notes. I absolutely recommend this one get sent around. It's one of the best I've ever seen.

C

I recommend everybody scroll to the bottom of the page where they have all the different insignias or shields of all of the different police departments. And the Northern Territory police insignia has a kangaroo with a crown over its head.

B

Of course it does.

A

Noticing the important things here, Joe.

C

Beautiful. I love this. Tasmania Police. I don't know if that. That looks like a lion. That doesn't. They really missed an opportunity to go with the Tasmanian devil.

B

Well, the Australian Criminal Intelligence Commission has a kangaroo and an emu.

C

Yes.

B

Oh, that's pretty good.

C

I believe the emu must be on a lot of government documentation as part of the armistice when Australia lost the great emu war. Yeah, yeah. I found out about the great emu war when my son was doing a paper on the Great Gatsby and I started typing in the Google the great and it says, comes up as emu war. I'm like, what?

B

You were like, oh, shiny object. I know what I'm doing for the next hour.

C

Look it up.

A

Rabbit hole ahoy.

C

Right? You should look that up. It's an interesting story.

B

No, it is.

A

Yeah.

C

Australia went to war with emus and lost. Yeah.

A

Didn't they all do that with rabbits?

C

Yeah. Now they're doing it with cane toads.

B

Cane toads, yeah. But in Australia. Well, I mean, look, we all know Australia is the continent that most wants to kill you, right? And what are the cassowaries? Those the dinosaur birds?

C

Yeah, the cassowaries. Terrifying modern day terrorists.

A

South Australia police insignia. It's got the magpie, the one that will swoop and just get you. The one that will just harass the heck out of you. So I just love that.

B

That's pluck your eyes out.

C

Yeah. There's actually a bluey episode about that.

B

Oh, really, Joe?

A

Why do you know that I have.

C

Kids in my House that watch Bluey.

A

Oh, my. Because that's exactly what I was thinking. It was the Bluey episode. But I have a little kid in my house.

C

Oh, my God. I have little kids in my house all the time.

A

And I'll tell you, that's so funny.

C

Bluey is one of the best kids shows to watch because it's one of those shows that you can watch and then your kids can watch and enjoy and you can watch, and it's awesome, actually. It's pretty. It's well written, well done, well acted.

B

Yeah. Something for everyone.

C

Yes.

B

All right, well, we will have a link to this story in the show notes. As I said before, I can't recommend this highly enough. Yeah. Good job. Australians did a great job with this one. So please do check it out. All right, that's what I've got this week. Joe, what do you got for us?

C

Dave, I have a story coming from the US Department of Justice. It's a press release that came out on February 10, and it said the headline is, former bank employee found guilty of targeting elderly victims in identity theft and fraud scheme. So there is a guy who was an employee of a bank that doesn't get named. His name is Ya Kaoh.

B

Okay.

C

You Cal?

A

Yeah.

C

This person, Sal, has been found guilty on 10 counts of bank fraud, four counts of aggravated identity theft. I think that's when you steal someone's identity and do something else to them as well. I think that's what's called an aggravating factor. I don't know. You know who we should have on this show for that is Ben.

B

Ben.

C

Ben Yellen.

A

Or your lawyer question.

B

Michelle.

C

Right? Yeah. Or Michelle.

A

Yeah.

C

And one count of money laundering. And apparently from 2022 to 2023, he used his access as a quantitative analyst at a bank to spot fraud. So he was working in the bank's fraud department as a quantitative analyst to take about a million dollars from victims. About 100 victims.

B

Hmm.

C

So that's like $10,000 a victim.

B

Right.

C

So maybe he found like a hundred victims that had large bank accounts and said they won't miss. $10,000.

B

Yeah.

C

And he wired it out. What he did was he went out and he set up all these other bank accounts in their name so that he could transfer money to it using an offshore email service, and then he would put it into his own brokerage accounts from those other accounts, and he would then take that money and invest in options, which is, you know, in other words, he's trying to. Options are kind of a risky Investment. Okay. When you buy an option, you stand a very good chance of losing 100% of your investment. So you know how you can mitigate that?

B

Use other people's money.

C

Use other people's money. That's exactly right.

B

Right.

A

One strange trick.

B

Other people's money for high risk.

C

Right. High risk.

A

I'm sorry, why didn't I think of that?

C

I said $1 million. Actually $2 million. That was a big difference. So he. The people he targeted were people that ranged in age from 90 to 103 years of age. Wow. So he really targeted older people. People. I don't know. I mean, my thinking on this, they're old.

A

If you're in your 90s or more, you're old.

C

Like, these are nonagenarian centenarians. I mean, that's. That's pretty old. He's not targeting people in their 70s or 80s. He's going for people older than that.

A

They're living ancestors at that point.

C

Yeah. And I'm wondering if he's. I'm wondering why he selected this, what made that happen? And I don't know how you. I don't think there's anything you can do to defend yourself against this as a general person. I think the bank might be liable for these transfers because this was their employee committing fraudulent acts.

B

Yeah.

A

Yeah, I would hope so.

B

The thing that caught my eye reading through this article, Joe, is that he set up online banking for these people who did not have online banking.

C

Right, yeah. They don't use online banking. I don't know any 90 year olds that use online banking.

B

Exactly right. And what this reminds me of is when my father was 90, one of the things we did together was went to the bank and established an online bank account. Or I guess the better way to say it is enroll him in his bank's online services.

C

Right.

B

For the exclusive purpose of me being able to get alerts.

A

Right, yeah. Yep.

B

You know, so if somebody transferred more than X number of dollars, you could set whatever you wanted your threshold to be. I would get pinged. Right. So it was just sort of a backup kind of thing. But had we not been interested in that, my father never would have had an online account.

C

And even if you had set that up, but this guy, being an insider, he would have been able to see what those alerts were, maybe. Could be. And then he could have come in under the alerts and wired the money out.

B

Well, yes, but I think in this case, it seems like he was targeting people who had no online presence.

C

Right. Yeah.

B

Which made his work a lot easier and I guess probably made it easier to fly below the actual bank's security methods. I'd love to know how ultimately he got caught.

C

This article doesn't say how he got caught. That would be an interesting follow up. I don't know, Dave. I really don't know.

A

I want to imagine there's a world in which someone in their internal fraud investigation was going, hmm. All of a sudden these people who are really, really old all at once are signing up for online banking. That's gonna set off some sort of flag somewhere, maybe in some sort of policy. That's weird. I would love to think that that's a.

C

That could have been it.

A

Yeah.

C

There's another story on this from Fox 8 News out of Cleveland. And that story has the quote says, court records show that Sal, who was fully a remote employee of the bank and was arrested in Chicago in May of 2024. So he did not work physically at the bank. So there's nobody there sitting there looking over his shoulder. He's remote and he is defrauding the bank's customers. They were all over the region. They were not all just Ohio residents. Even though this bank was in Ohio, they had people in New York and other states as well. Anyway, they caught him. He hasn't been sentenced yet, but he's looking at a minimum of two years and a maximum of up to three. 30 years.

B

Okay.

A

And he's 36, so that's pretty much prime time of his life. Yeah.

C

By the time he gets out of here, he's only going to be like, you know, 30 years away from getting scammed like this himself.

B

Right.

A

Jesus Christ.

B

It's a special kind of evil to go after the elderly.

C

Yeah, it is.

B

It's despicable.

C

I agree 100%.

B

Yeah.

C

I hope he gets a full 30 years.

B

All right, well, we will have a link to that story in the show notes here. I'll tell you what, let's take a quick break to hear from our show sponsor. We'll be right back after this. Most environments trust far more than they should and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with Threat Locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational Pain. Its powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable, even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Maria, you're up. What do you got for us?

A

Well, I guess today's episode is the theme is Elder Abuse, which because my story is not so much a news story, it's just something for a recommendation for our listeners to read. It's an article by Nancy Rommelman published on Real Clear Investigations. And the title of it is Caring for Mom is An Education in Scams and Fraud. And so this is Nancy recounting what she is going through actively caring for her mother, who is 84 and has memory troubles and the scams and fraud that she regularly encounters as her mother's part time caregiver. And some of these are the types of scams and fraud that we talk about on the show where it, you know, involves people calling up her mother and her mother were sometimes falling for, you know, a very convincing scammer. And in other cases, it's, it's much more immediate and in person. And these are just as dark, if not darker. And I just, I read this piece with so much sympathy. And also at the end of it, I was going, what, what on earth can we do to help people like Nancy who are really trying to stave off all these people taking advantage of her mother? So I'll run through some of what this piece goes through, but really this is a piece worth reading. So I really wanna encourage our listeners to do that. So Nancy at the beginning of the story, discovers that her mom, again, who is 84, has an unpaid IRS bill stuffed in a drawer that was forgotten about. And her mother's accountant, longtime trusted accountant, says, oh, don't worry, I'll take care of it. And what this accountant, who I think has been working with Nancy's mom for decades, does is have Nancy's mom sign a blank check. And then $25,000 is gone from Nancy's mom's account that he pays to himself. And he works at a trusted prestigious accounting firm. He's known Nancy's mom for a long time. She had trusted him for decades. And there were other scams like this where basically people figured she's 84 and has memory problems. I don't think she'll notice if she loses 25k here or there. There's this. There's this paragraph that is at the beginning of the story where Nancy writes, in the six years since I've taken my mother's finances in hand, I have dealt with dozens of schemes meant to bilk the elderly, including phone scammers who promised my mother she had won a Mercedes, home health aides who inflated their hours, people forging my mother's signature, and a relative who had her sign over her car. There were other instances. There was one after Nancy's mother's husband. So I guess Nancy's father passes away. Nancy's mom is convinced to sign away $200,000 in farm equipment that their family had owned. Just please sign this. Don't worry about it. We don't have enough time to explain to you why we're asking you to sign this. It's for your own good. And there goes $200,000 worth of farm equipment to other people. So the piece really deftly weaves in statistics about that. The FBI has been tracking about how elder fraud is skyrocketing. Apparently, average losses, at least in 2024, started at $20,000 per incident, but they can go much higher, as we know. And the through line through a lot of this was. And the experts that Nancy spoke to was about how loneliness, and we've talked about this a lot, loneliness just compounds a lot of the problems. You have a toxic mix of people who are lonely and people who have memory issues, and they become, unfortunately, easy prey for people with terrible intentions. So Nancy's recommendation is something that we've often said as well, is that if you are taking care of elderly parents or think you might be sometime in the future, get involved in helping out with finances way earlier than you think you need to. Often by the time you need to jump in and start managing this, it can be a little either too late or you have a lot of larger emotional or cognitive barriers you have to deal with, like shame and embarrassment or people not wanting to tell you what's going on because they're embarrassed that maybe they've gotten taken. And they know that they have. So don't wait until decline is obvious. Don't wait until the problems are already building up. Try to get in front of it as best that, because people are really unscrupulous. And I really feel for Nancy in this piece. I really, really do. So it's a great read. I know it's not a very uplifting thing to talk about, but it is actually a really great read and I hope a lot of people read it because it shines a bright light on this problem.

B

It reminds me of some things I've dealt with in my own life. And I think most of us, as we go through life are probably gonna have one or two of these things pop up along the way. And one thing that hits me here is that sometimes, particularly when you're talking about cognitive issues, sometimes you only realize it when looking in the rearview mirror. That. Oh, that was cognitive stuff. My mother had about a three year decline before she passed. But only looking back did I think and go, oh, that was, you know, that silly thing she said to me or that odd off thing she said to me about money or, you know, okay, that was probably this. That was probably the beginning, But I didn't realize it at the time, you know, so it was easy for me to dismiss that and just say, oh, mom, you know, come on now.

A

I don't think that's being eccentric in her dotage. Yeah, right.

B

Exactly. Exactly. I mean, in this case, well, they're both gone, so I can tell stories about them.

C

Right.

B

My mother was concerned. Now, let me just set the stage here. Listeners probably already know this. My parents were together for over 70 years. Okay.

A

Amazing.

B

Wow. Wow, Right.

C

So your father's invested.

B

Yeah, they were together.

A

Sunk cost fallacy. Is that what you're getting at, Joe?

C

Well, no, no, no, I'm saying he's in.

B

That's right. No marriage is perfect. And of course theirs was not. But they did have, I think it's fair to say they had a relationship for the ages. And they were together for 70 years. Right.

A

That's amazing. And.

B

There was a point where my mother called me up because she was very upset because she was convinced that my father was giving all of their money to the waitresses at golden corral.

A

Aww.

C

Did not think that sentence was going to golden corral.

B

Now I am sure that my father. Now there's more to the story because my father in his later years went to golden corral pretty much every Saturday to the point where he pretty much had like a velvet rope at his booth.

C

So he'd go to the velvet rope ollies, and then he'd go to the velvet rope golden garage.

B

Exactly. And wait.

A

Velvet rope ollies.

B

Oh, yeah.

A

Are we talking about the discount store ollies? Yes. Okay. Just making sure. I understand.

B

Okay.

A

The guy with the teeth. Okay.

B

There was a high roller at Ollie's as well.

A

Okay. All right.

C

Got special access.

B

But they had, they had, you know, people. He dealt with the same waitresses pretty much. Every week. My father was a big tipper. He's very personable, so, you know, he had relationships with these ladies, and my mom wasn't having it.

C

Let me ask, did your mom ever wait tables?

B

No, not that I know. Yeah.

C

I tend to be a big tipper as well. You know, like, my minimum tip is 20%.

B

Yeah.

C

It goes up from there.

B

Yeah.

C

And my wife has waited tables. I've worked in the restaurant industry as well, but never. They never. Everybody had the good sense not to make me a waiter in front.

B

Direct contact with customers.

C

You just cooked the pizza, Joe.

A

Some people are back of house.

B

Keep you back.

A

Some people are front of house. Yeah.

C

You go to scullery. That's where I really actually.

A

Scullery? You were a scullery maid is what you're saying?

C

Yeah, I was a steward, I guess, is what. The guy that runs scullery. But one of the things my wife always hated was people that were like. She would endeavor to give everybody the greatest tips, and she hated it when people gave her crappy tips. Hated it. So when I give big tips, she's like, yeah, that's good.

B

Yeah, I agree. I think if you can. If you have the means and someone's provided you a good service, why not?

C

I have. I'm going to tell another story. I have a friend, actually, it's one of my daughter's friend. But I've always liked this kid. She's a great kid. I mean, kid. She's now almost 30, but when she was in college, she was working as a waitress over at one of the Rams Head places.

B

Yeah.

C

And she started noticing that she was getting bigger tips when she wore red lipstick.

B

Oh.

C

So she's like. She's actually a scientist. So she says, okay, well, maybe this is anecdotal. And so she starts tracking her tips based on whether or not she's receiving, wearing lipstick or not. And she found that she got like 20% more tips on average when she wore red lipstick.

B

Yeah. I think this is the whole business model behind Hooters.

C

Yeah. Yeah.

B

Don't you think?

C

When was the last time you saw a Hooters?

B

I think there's still one in Ocean City.

C

Oh, that makes sense.

B

Yeah. I think. I don't know.

C

I know you love that city, Dave, but I hate it.

B

I know. That's all right. Ocean City's a dump, but it's my dump.

C

Right.

B

And so I have great affection for it. Yes. I have waited tables when I was in college, and it's a hard job. It's Absolutely. A hard job. It is. All right, well, we will have a link to this story in the show notes. And Joe, Maria, it is time for our catch of the day.

C

Dave, as you mentioned earlier, our catch of the day comes from the Australian Federal Police. And this is another example of a scam.

B

That's right.

C

This one is kind of near and dear to my heart, Dave.

B

Okay, so this comes from the Australian tax office. And it's to you.

C

Right.

B

To you.

A

You.

B

Right.

A

The email address is just you.

C

The email address is literally just Y O U. That is going to bounce back and fail. You are in the BCC of this email.

B

I see.

C

Yep. That's how this works, technically.

B

And it has the seal of the Australian government. Again with the kangaroo and the emu. And it goes like this. We've been informed that you're currently in possession of cryptocurrency held in a non KYC decentralized wallet, commonly referred to as a cold wallet. Please note that all digital asset holdings are required to be declared in accordance with our compliance and reporting obligations. As of today, our records indicate that no such declaration has been made by you. You are required to disclose full details of these holdings immediately. Failure to declare this information may constitute a breach of applicable regulations and could result in further investigation and potential legal action, including prosecution. Please call us now to declare these holdings to avoid further action.

A

You got a little Brooklyn in there, Dave.

B

You know. Yeah. I was thinking also, I was drifting into Michael Caine.

A

Do not go gently into that good night.

B

No.

C

Are you talking about from the end of Dirty Rotten Scoundrels?

A

Yeah, there you go.

B

The Muppets.

C

The Muppet Christmas Carol.

A

The Muppet Christmas Carol.

B

Whatever.

C

Best Muppet movie ever.

B

Yeah. You can't go wrong with Michael Caine.

C

No, you cannot.

B

He's one of the best.

C

Yes.

B

So, yes.

A

Famously not Australian, though.

B

Just not Australian. Yep. As not I.

C

Yes.

A

I would never have known.

B

Dave, don't say I know.

C

So, as the crypto bro of the channel or of the podcast here, I have some real issues, some red flags. It would take anybody knowledgeable about crypto and they would throw this email away immediately. Okay, so there is a. They say. We have been informed that you are currently in possession of cryptocurrency held in a non KYC decentralized wallet, commonly referred to as a cold wallet. Okay, that is essentially gibberish.

B

Oh.

C

From. From a cryptocurrency standpoint, a non KYC decentralized wallet. I've never heard of what a decentralized wallet is.

A

While Joe I have some news for you. That's. That's gibberish to those of us who don't know.

C

I mean, but this is. This is just word salad.

B

Well, KYC is know your customer.

C

Know your customer, right?

B

Yeah.

C

Decentralized wallet. I've never heard of a decentralized. I've heard of decentralized exchanges, okay. Where they don't have KYC on them, but a decentralized wallet. No, you have to have the wallet. That's where you keep your private keys.

B

Okay.

C

And that's the only thing that's in your wallet. The coins, the tokens are actually out on the blockchain.

B

A cold wallet is a thing, though, right?

C

Commonly referred to as a cold wallet. And that is not what a cold wallet is. A cold wallet is a wallet that is physically isolated from the Internet. So it's like a hardware wallet that used to have hardware wallets. I think they still sell them.

A

They still sell them, Right?

C

You unplug that thing from a computer, bam, that's a cold wallet because there's no access to it.

B

The one that guy's been looking for in the landfill for the past 10.

C

Years, that was not a cold wallet because that was on his hard drive, so it was accessible.

B

Well, when he unplugged it, it became a cold wallet.

C

I guess you're right. I guess. Yeah. I think he gave up the search for that, and I feel really bad for that guy.

B

Yeah, sure. All right. Anything else in here, Joe, that stuck out to you?

C

I don't know how they would ever find out if you had a wallet that you had in your possession, like just an individual wallet. How they would ever find out that you had cryptocurrency on it.

A

Isn't that entirely the point that you're not supposed to ever have a way of someone finding out?

C

That is the point. However, there are analytics you can run once you start moving cryptocurrencies, particularly around the public blockchains like Bitcoin and Ethereum. If. If somebody can associate an action with you, they can. They can associate everything with you from. From. At least from certain addresses that I know. I don't know, but, you know, they can see where it's going and who signed the transactions to send the money out, and they can verify that. That's all public information.

B

Yeah, but my understanding is they've got some really sophisticated tools to trace this.

C

Stuff these days, but they don't know if a random Bitcoin address is owned by someone in Australia. They have no way of knowing that.

B

Okay. All right. Well, that is our catch of the day. And of course, we would love to hear from you. If there's something you'd like us to consider, you can email us. It's hackinghumans2k.com a little tip of the hat to friend of the show Hazel, for inspiring me to go try to find something Australian. Most environments trust too much and attackers know it. Threatlocker enforces default deny at execution, blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. All right. That is hacking Humans brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producers, Jennifer Ibin were mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmazes.

B

Thanks for listening.