This scam is now in session.

Dave Buettner

You're listening to the Cyberwire Network, powered by N2K.

Joe Kerrigan

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner, and joining me is Joe Kerrigan. Hey, Joe. Hi.

Maria Varmazes

Hi, Dave.

Joe Kerrigan

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria.

Dave Buettner

Hi, Dave. And. Hi, Joe.

Joe Kerrigan

We've got some good stories to share this week. Joe, you want to start things off for us?

Maria Varmazes

Yes. I will start things off with one of my least favorite companies with an app that I don't use. It's the WhatsApp all WhatsApp all the time part of the show Meta has come out with a news release, and the title of this News release is WhatsApp New WhatsApp tools and tips to Beat Messaging Scams. Okay, so the folks over at Facebook are taking some heat, I think, from, you know, not only this show. Cause you know how influential we are, of course. Oh, yeah?

Dave Buettner

Yep.

Maria Varmazes

But, you know, globally, they're taking some heat against scammers. And they are claiming that since January of this year, in the first half of this year, they have banned over 6.8 million accounts that are linked to scam centers, some of them operating out of Cambodia. To tie back into the story that Maria was covering last week, that these sources are. Or these. The source of these scam operations are coming out of these scam centers where people are not exactly volunteers.

Joe Kerrigan

Right.

Maria Varmazes

Put it frankly, they're slaves, which immoral, illegal. I don't know that there's any country that permits that anymore. But this article goes on to talk about how scammers operate, which is kind of helpful. These scam centers typically run many scams campaigns at once, from cryptocurrency investment to pyramid schemes. You know, we haven't had a good pyramid scheme story in a long time.

Dave Buettner

Yeah, yeah, it's true. Let's get on that. Somebody do something about that.

Joe Kerrigan

They gotta be out there.

Maria Varmazes

It also says that they're working with other people, to others, to protect people. And they have a link to an article in here from OpenAI, and I'm gonna talk more about that article in a second here about. Because they've been working with OpenAI because OpenAI knows that they're used in these scams. So they've been collaborating with Open. Meta has been collaborating with OpenAI to identify accounts that are pushing the output from known OpenAI scams.

Joe Kerrigan

Okay.

Maria Varmazes

And that's one of the ways they're using to shut these accounts down.

Joe Kerrigan

And OpenAI are the makers of ChatGPT, correct? Yep.

Maria Varmazes

They have a video in here. I have, I was, I was scrolling down this article and I was like, hey, that's Rachel Toback. I know her. I don't think we've ever met in person, but she's been on this show a number of times. So I know who Rachel is. And there's a two and a half minute video which I unfortunately today have not had time to watch. But anytime Rachel Tobek is talking about an online scam, everybody should listen. She is, I refer to her as the queen of social engineering and defense of that dark art. She is really good at the, I guess, penetration testing, you know, the social engineering penetration testing.

Joe Kerrigan

Yeah.

Maria Varmazes

And gives really great advice on how to, how to protect yourself. So the article then goes on to talk about their new anti scam tools. And I'm going to read this. Group messaging. They have two topics, group messaging and individual messaging. It's very hard to say group messaging without messing that up. We're launching a new safety overview that will show to you when someone who is not in your contacts adds you To a new WhatsApp group you may not recognize. It will include key information about the group and tips to stay safe. From there, you can exit the group without ever having to look at the chat. And if you think you might recognize the group after seeing the safety overview, you can choose to see the chat for more context. Regardless, notifications from the group will be silenced until you mark that you want to stay. Which means that you kind of have to opt into a group, I think, okay, maybe, but my concern about this is this is just something that people are going to click through. They're going to say, oh, here's a new group that somebody invited me to.

Joe Kerrigan

Right.

Maria Varmazes

Well, let me see what it says. Okay, I want to stand in here and see what's going on. If the pitch, the initial pitch is good enough. Oh yeah, I want to be part of this.

Joe Kerrigan

Yeah.

Maria Varmazes

Individual messaging. Additionally, scammers may attempt to first initiate contacts with you elsewhere on the Internet before asking to message on a private messenger service like WhatsApp. To protect against this traffic. We continue to test new approaches to alerting people to pause before engaging. For example, we're exploring ways to caution you that when you start a chat with someone not in your contacts by showing you additional context about who you're messaging. So you can take make an informed decision.

Dave Buettner

Speed bumps are always a good idea.

Maria Varmazes

The typical pause, question and verify steps that we always talk about here. Slow down. Right? We say slow down. Yeah, ask questions. Don't be afraid to ask questions and verify through a third channel. So really, if I can be critical here of Meta for a second, please. It's not much, it's not much that you're doing. And I want to contrast this with the report that they cite in here for from ChatGPT. So if you go to this ChatGPT link that's linked in the article from Meta, there is a PDF, it's a PDF link. So if you see that in the show notes, that's valid. And they have case studies of these different actors. It's like seven case studies, seven or eight case studies in here. I haven't gone through the whole thing, but deceptive employment scheme IT workers. And then the summary is threat actors using AI and other technologies in an attempt to evolve and scale their deceptive hiring attempts. They think, although they can't really attribute things, attributions, notoriously difficult. They say this is consistent with people from North Korea trying to get into tech jobs. Again, another story we talked about last week with the woman who was sentenced to eight and a half years. But they also have like tools, techniques and procedures for these groups. So OpenAI is watching what users are putting in, seeing that these guys are automating the generation of believable resumes. And they're going, oh no, we're done here. Right. So they have another one in here, covert IO operation Sneer View, which I like the name of that, but they think this is likely China generating social media content and internal, internal reviews. And then they go through some of the stuff that they put on Facebook. It's just them putting these fake media posts to create division on different platforms. And the last one I'm going to talk about here, I've got to spend a lot more time going into this report because it's really well written, is Philippines oriented, they're generating bulk volumes of social media comments about domestic policies. So OpenAI is watching what's getting put into its model. They're finding that people are exploiting their model and they're banning people for doing that. Meta is saying, okay, well thanks to OpenAI, we know who some of these people might be. So we're blocking or banning 6.8 million accounts, but I don't know how big of a solution that is. I imagine that's a sizable chunk of the accounts, but it sounds to me like that's just the result of an automated process that this is and good enough for Meta to implement something that stops these accounts. I mean, that's 6.8 million accounts that never got used. Actually, the meta report says these were banned before they even got operationalized. Which. Good, you're out in front of it. But the main crux of the Meta of what Meta's doing is they are informing people, hey, be careful. There's bad guys out there. Now, to be fair, ChatGPT is not a social media platform. Right. You're not gonna. I don't interact. Dave, you and I both have ChatGPT accounts. Maria, do you have a ChatGPT account?

Dave Buettner

A free one. I don't, I don't pay for it, but I do, I do use it a little.

Maria Varmazes

Right. So I mean, I can't chat to Dave on, on that account, so I can't really interact with Dave. It's just me and the wall.

Dave Buettner

Or can you with a facsimile.

Joe Kerrigan

It's a new challeng.

Maria Varmazes

Right now I want you to pretend to be Dave Bittner and.

Joe Kerrigan

Right.

Maria Varmazes

And Dave is going to tell me that I'm going to be one of.

Dave Buettner

Those friend ever falling in love with AI things accidentally. He's kidding.

Maria Varmazes

Oh, I love you, AI. Dave. Dave. I just made Dave uncomfortable. Very uncomfortable.

Dave Buettner

He did not like that. Sorry, Dave.

Maria Varmazes

Anyway, so I guess a good move from Meta. I would like to see more like what ChatGPT is doing. I mean, they're noticing that people are, operate, are, are producing things at scale and they're going, that's probably a scam.

Dave Buettner

Yeah.

Maria Varmazes

And then they're banning those accounts. I would like to see Meta doing something more than that then, you know, maybe the problem with this is a lot of this stuff is end to end encrypted. So you really can't. They really can't have cognizance of that stuff.

Joe Kerrigan

Yeah. I just feel like Meta has no moral high ground with anything.

Maria Varmazes

Right.

Joe Kerrigan

You know, like their North Star is doing what's in their best interest, in my opinion. And I think we've seen ample evidence to support that. And so, you know, great. You know, they're doing something against scammers, but has anybody noticed any measurable difference in the number of scams that you see on Facebook or any of their platforms? I don't.

Maria Varmazes

The scams you and I were talking about last week.

Joe Kerrigan

Yeah.

Maria Varmazes

Just flooding Marketplace with fake ads or just flooding these sponsored links with those fake YETI things. That should be really Easy to detect, you'd think. Yeah.

Dave Buettner

Yeah.

Joe Kerrigan

Right.

Dave Buettner

I mean, how does Craigslist do it? I mean, they've been around since time immemorial, and they've sort of figured this out. Right, right.

Joe Kerrigan

That's a great point. Yeah. Yeah.

Dave Buettner

Cause maybe they have ethics. I don't know.

Maria Varmazes

Maybe. Maybe. Yeah. Cause they care.

Joe Kerrigan

Right.

Dave Buettner

Yeah. It might just be it. Yeah.

Joe Kerrigan

I don't know. Yeah. And I guess Craigslist has a different profit motive than Facebook does, and. Well, just different philosophical motive than Facebook does. Right. Craigslist is happy being Craigslist and has no desire for world domination the way Facebook seems to. They're happy being a handful of people making a good profit, earning a good living and doing what they do. And that's it. You know, they're.

Dave Buettner

Yep. Like the artisans of the Internet. They're very good at what they do, and they just stay there. Yeah.

Joe Kerrigan

Right.

Dave Buettner

You kind of respect it now. It's nice.

Joe Kerrigan

Exactly. Exactly.

Maria Varmazes

You're one of the old guard, if you will.

Joe Kerrigan

Yeah.

Maria Varmazes

Hey, I'm just. Put up a website and. And it's going to, you know, do this, and we're going to do that.

Joe Kerrigan

Well, yeah.

Maria Varmazes

And we're not going to try to be all things to everyone.

Joe Kerrigan

And yet I still hear lots of folks using Facebook Marketplace, so it certainly has its audience. It's getting used a lot. But I just don't know how you jump around all those scams.

Maria Varmazes

Yeah, it's tough.

Joe Kerrigan

Yeah. I don't know.

Maria Varmazes

We just bought a freezer from Facebook Marketplace.

Joe Kerrigan

Oh, yeah.

Maria Varmazes

Yeah.

Joe Kerrigan

Or did you?

Maria Varmazes

No, we did.

Dave Buettner

Do you actually really. Do you have it?

Maria Varmazes

We do. We actually wound up being from somebody who was in my neighborhood growing up, which was odd. That was completely random.

Joe Kerrigan

Okay, that's nice. Yeah.

Dave Buettner

That's interesting. So you had some social proof that this person was legit. In theory, Yep. Yeah.

Joe Kerrigan

Okay. Have you plugged said freezer in?

Maria Varmazes

I have not.

Dave Buettner

It doesn't work.

Maria Varmazes

But I know who this guy is. I know where his mom lives.

Dave Buettner

Oh, boy.

Maria Varmazes

That's.

Joe Kerrigan

Yeah. That's nice. Suddenly, this guy.

Dave Buettner

How do we replicate this at scale?

Joe Kerrigan

Joe? Knocking on his. Knocking on her front door. You probably don't remember me.

Maria Varmazes

Oh, she remembers me.

Joe Kerrigan

Little Joe Kerrigan from down the street.

Maria Varmazes

Yeah, you were that jackass that lived down the street. That's. That's who I am to her. And she's not wrong. I'm not saying she's wrong.

Joe Kerrigan

And now a word from our sponsor, Threatlocker, the powerful zero trust enterprise solution that stops ransomware in Its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. My topic this week is pharma fraud, which is, as you might imagine, frauds having to do with pharmacies. This actually comes from the folks over at Avast who's a cybersecurity company. They make products that can help protect your computer and so forth.

Maria Varmazes

I think they still make a free antivirus, don't they?

Joe Kerrigan

Wouldn't surprise me. Yeah, certainly. I don't know about free, but it's certainly in their stable of offerings.

Dave Buettner

Definitely in the av. Old guard. Yes, speaking of old guard.

Joe Kerrigan

Yeah, exactly. Yeah, they're one of the original name, the ogs of antivirus.

Dave Buettner

The OGS of av. There you are.

Joe Kerrigan

There you go. Yeah. So before we dig in here, I'm curious, have either of you ever used an online pharmacy?

Maria Varmazes

I use one that my insurance company provides.

Joe Kerrigan

Okay.

Maria Varmazes

But I mean, I don't know that that's an online pharmacy as much as it is my insurance company going, hey, I'm cutting out the middleman, right. And they're saying to me, for some medications, you gotta use us for this.

Joe Kerrigan

Okay, yeah, that makes sense, right? How about you, Maria?

Dave Buettner

Oh, yeah, I try not to. I know the dangers of online pharmacies, but for certain things that I am trying to manage, it is extraordinarily hard to do it through my GP and much, much easier to go through an online pharmacy and use their telehealth and all that kind of thing. So.

Joe Kerrigan

Oh, okay.

Dave Buettner

Yeah, great. They're also dime a dozen in the Boston area because of our sort of us being sort of a medical hub. So there's, there's a lot of them being advertised around here and they seem to pop up like whack a mole and then they go away and it's just amazing. But yeah, hopefully they're legit.

Joe Kerrigan

Well, yeah, I mean, so for me personally, the only time I've ever dealt with one was I got Covid one time. I guess the most recent time I got Covid. I'm trying to think. I think I've only had Covid twice. But the most recent time I had it, I wanted to get myself some Paxlovid and the quickest way to make that happen was to.

Maria Varmazes

Sounds like a Russian ballerina, doesn't it?

Joe Kerrigan

Paxlovid, yes.

Dave Buettner

Ivana, you're thinking of a pavlova.

Maria Varmazes

Pavlova 10.

Joe Kerrigan

And the Russian judge gives 10 perfect 10 for Paxlovid. So the quickest way for me to get that. And when you have Covid getting Paxlovid into your system, like, time is of the essence. So it was through Amazon. So I used Amazon's online doctor thing. You know, you go into Amazon and you say, I want paxlovid. And it says, okay, here's how you do it. And you talk to a doctor, and they prescribe you the Paxlovid. And then in this case, they called it into my local pharmacy. But I think if you want to, Amazon will just ship you the drug as well. So, anyway, we've all had different experiences with online pharmacies. This article points out that there are a lot of reasons why people might seek out a pharmacy online. One is convenience, like what I was describing. You want something quick. You know, if it's in the middle of the night and you're sick, it's not always easy to get a doctor on the line to prescribe something for you. But a lot of these pharmacies are available 24 7. And another big one is discretion. You know, you want to get something prescribed to you, and maybe that's a tough conversation with your general practitioner, or maybe you're concerned about your work finding out about it, or, you know, something like that. So you want to get some medicine, but you want to do it in a way that's kind of on the qt.

Maria Varmazes

Right.

Joe Kerrigan

This article points out that pharma fraud is rampant. In fact, they say that over 95% of online pharmacies are operating illegally.

Maria Varmazes

Hmm.

Joe Kerrigan

Yeah. Avast says they blocked nearly a million user attempts to access these scam sites in the first half of this year alone.

Maria Varmazes

Okay, so they're.

Dave Buettner

What's happening is scale is massive.

Maria Varmazes

I mean, like, Amazon's not a scam, right?

Joe Kerrigan

No.

Maria Varmazes

Well, there's. There's one out there from that Mark Cuban. I found out about this. Mark Cuban has one.

Joe Kerrigan

Oh, yeah.

Maria Varmazes

Cost plus drugs.

Joe Kerrigan

Yeah.

Dave Buettner

Oh, yeah.

Maria Varmazes

Cost generic drugs.

Joe Kerrigan

Yeah, yeah.

Maria Varmazes

Which is amazing.

Joe Kerrigan

Yeah, it's great.

Maria Varmazes

This is what billionaires should do with their money.

Dave Buettner

By the way, full disclosure, I am a customer. That is, he has saved me a boatload of money.

Maria Varmazes

Right.

Dave Buettner

Yep.

Joe Kerrigan

Yeah.

Maria Varmazes

So good on Mark Cuban for doing that. But. So these are. These are the ones you get ads for, like the ones that come into my Yahoo email.

Joe Kerrigan

Right, right, right. Exactly. So they. These are criminal networks, usually. And in this case, the Folks that avast in this article, they were saying that they, they found a single criminal network that was running over 5,000 pharmacy domains.

Maria Varmazes

We're going to do it at scale.

Joe Kerrigan

Well, they do cast that net sometimes they hijack legitimate medical websites. So they will break into a legit website behind the scenes to try to harvest your credit card or something like that. They manipulate search engine results. And one of the red flags is they accept crypto.

Dave Buettner

Oh, boy. Yeah. All right, so there's a number of.

Joe Kerrigan

Categories that they specialize in here. I think probably the one that first comes to mind for most of us is the sexual health category. And that's your Viagras, your Cialis, those sorts of things. And on the generics of those, and I think, you know, those are. Talk about OG stuff. I mean, that's the OG spam, right? I mean, you know, Viagra ads that it's, it's a.

Maria Varmazes

That's what always used to come. Yeah, that's right.

Joe Kerrigan

Yeah.

Dave Buettner

It's so, it's like cute when I get one in my spam folder now. It's like, oh, you're still doing this. It's so nice.

Joe Kerrigan

Look at you. You made it through. Wow.

Dave Buettner

All these years later, here you are, right?

Maria Varmazes

Still lurking about.

Joe Kerrigan

Yeah, but they work. But the real hotness these days are weight loss, thanks to Ozempic.

Maria Varmazes

Yeah, there's something that might work on me.

Joe Kerrigan

Well, exactly. And I think this combines a couple of things because people see that these weight loss drugs like Ozempic work and they do legitimately work, it seems. But you can understand somebody be feeling funny about going and asking their doctor about it and being afraid that their doctor is just going to say, well, why don't you exercise more and eat less? Right? But I wanted to go, do I want it the easy way? I just want to take a shot.

Maria Varmazes

Why don't you give me some good advice?

Joe Kerrigan

Right? I don't want to change my lifestyle at all. I just want to be thin.

Maria Varmazes

Right.

Joe Kerrigan

And, but also they're expensive. You know, things like Ozempic are not cheap. So if one of these online fake pharmacies offers an equivalent to that that is in air quotes, affordable, you can understand how people could get drawn into that. A couple other categories are things for like hormones and fertility drugs. So again, somebody who is trying to. A couple who's trying to conceive or a person who's trying to conceive. Or you could also imagine someone who's trying to.

Dave Buettner

Trying not to conceive.

Maria Varmazes

Trying not to conceive.

Joe Kerrigan

Right, exactly. Trying not to conceive. Or perhaps someone who's trying to transition and is trying to get hormones for something like that. And then antibiotics, general meds, things like that. But then also category is misinformation. Things like, remember Ivermectin for Covid?

Dave Buettner

Oh, yeah, that's making the rounds for a new thing now.

Joe Kerrigan

Oh, is it?

Dave Buettner

Yeah, I've been seeing Ivermectin being hawked for another thing that it won't help with. Oh, dang it. I can't remember off the top of my head, but it's like amazing again, right? It's not for that, but okay.

Joe Kerrigan

Yeah. So they look at the playbook here. You know, there's spam emails with all kinds of fake credentials. Lots of ads on adult websites or fringe websites, what I label the usual suspects, blogs that pose as health advice, but are really just there to funnel traffic to these fake pharmacies. So again, that's taking advantage of search engine optimization. So if you search for Ozempic weight loss drug, you might land on one of these blogs that has information that I'm going to guess is generated by ChatGPT.

Maria Varmazes

Right, right.

Joe Kerrigan

But in the end, it probably says, and for my readers, my trusted readers, you get 10% off at, you know, pharmacybros.com pharmacy bros.

Dave Buettner

If you click through right now, if that's not real. It probably is real. Yeah.

Joe Kerrigan

Fake review sites with glowing testimonials. And then also they use things like domain hijacking. They say the sites all look real, but when it comes time to pay, sometimes you'll see some red flags like crypto payments, dodgy payment processors. Here's one we haven't talked about in a while, Joe. The try a different card prompt.

Maria Varmazes

Ah, right, right. So they steal multiple credit card numbers.

Joe Kerrigan

Right. So you give them a legit card, so they get that information and they come back to you and they say, oh, I'm so sorry, for some reason, that card didn't work. Let's try a different one. So now they have two of your credit cards. And then of course, they'll ask for sensitive information. Your birthday, prescriptions, Social Security number, medical records, all that kind of stuff.

Maria Varmazes

All ways to steal your identity.

Joe Kerrigan

Yeah, yeah. But beyond that, I mean, some of these sites will send you stuff, but it's not always the stuff that you thought you were going to get. So beyond the ones that are just purely a money scam, where they're just stealing your money, stealing your credit card, some of them will send you something, but it doesn't mean it's the drug that you think you're buying because there's counterfeit drugs easily available.

Maria Varmazes

It's just consumer.

Dave Buettner

And not just sugar pills either. They'll actually send you something that will do something to your body.

Joe Kerrigan

Yeah, right, right, exactly. This article says some of them could have heavy metals in them or they've even seen tranquilizers, heavy metals, so that you feel like something's happening. So it's a real mess. They said some of the red flags here, if you see these things on a medical website, things like no prescription required or prices that are too good to be true, not having a listed pharmacist, of course, grammar errors, suspicious logos. If you can pay with crypto or gift cards, that's a red flag. And then time pressures. If they say limited time only or we're almost out of that drug that you're looking for, that's a red flag as well. So they say to stay safe, stick to verified pharmacies, require a valid prescription, ask to speak with a licensed pharmacist, and of course, avoid crypto or sketchy payment methods. The FDA also has a tool on their website that can point you to safe pharmacies. They have. It's called the Be Safe Rx tool.

Maria Varmazes

Oh, cool.

Joe Kerrigan

Yeah. So if you're in.

Dave Buettner

That's interesting.

Joe Kerrigan

Yeah. If you have any questions, you can look it up on the FDA's site to see if it's legit or not. So that's nice.

Dave Buettner

Yeah, that's interesting. I'm sure there are other equivalents in other countries as well.

Joe Kerrigan

Right, Right. There's another website called Safe Pharmacy, which evidently tries to help sort this sort of thing out either. But it seems like the odds are against you because according to avast, again, over 90% of the online pharmacies out there are not legit.

Maria Varmazes

Right.

Joe Kerrigan

Those are not good odds.

Maria Varmazes

Rather, I would say start with the FDA site. Yeah, that would be my advice.

Joe Kerrigan

Yeah. For some reason, my pharmacy really, really wants to ship me my medicines. They don't want me coming to the store anymore.

Maria Varmazes

No, I don't want to go there either.

Dave Buettner

Yeah, same. I'd rather them ship to me. Yeah, Yeah. I don't want to go in store.

Maria Varmazes

I want to stand in line and have. Have only to get to the front, only to have somebody else go. Are you sure you dropped it off, gave it to me.

Dave Buettner

Come back in 20 minutes. Even though you called it in already? Yeah. No. Yeah. It's frustrating all around. I'm just. I was just thinking this. We are in yet again, another perfect storm for scams on this one because.

Maria Varmazes

Right.

Dave Buettner

And in many countries we've got a doctor shortage post Covid. So just getting to see a doctor, if you have one, it takes a lot longer and they're overworked and just, just crazy busy. And then in the U.S. especially right now, politically, contraception hormones for transitioning is very fraught for many people in many states. And there's a lot of pressure on people to get those things right. I mean, so you've got those, those two items alone. And then of course you have, as you mentioned, Dave, like the shame of some of these conditions that people feel. And that is just, all of that's just ripe for a scammer to just, especially with millions of them. Oh my gosh. Yeah. And not only people can't always slow down and go, I'll see if this takes a month. But that's okay if I gotta take a month or two to through my gp because some people don't have that much time.

Joe Kerrigan

All right, we'll have a link to that story from the folks at Avast. We'll have that in the show notes, of course. Course. I tell you what, let's take a quick break here to hear from our sponsor. We will be right back after this message. And now back to our sponsor. Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on endpoint security, designed to prevent unauthorized software from running, control how applications interact and manage access to storage devices. Its building blocks are Allow Listing, Ring Fencing and Network Control. Allow Listing is a deny by default software that makes Application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change, shut out cybercriminals with world class Endpoint protection from Threat Locker. And we thank ThreatLocker for sponsoring hacking Humans. And we are back. Maria, what do you have for us this week?

Dave Buettner

I an old chestnut that kind of made me chuckle. We were talking about the OG pill scams and I saw an alert come up from the FTC today that I was like reading it and I'm going, this looks really familiar. And it is because they posted a blog post recently that was almost a carbon copy of what they posted this time last year because the scam has just come right on back and, and it's jury duty scams of all the stupid things. They're back.

Maria Varmazes

Well, we'll put that on the liturgical calendar. We do.

Dave Buettner

I don't know what it is about this time of year, but the ftc, I double checked the post they put up this year and last, and they're like, here it is again. We're just basically going to give you the exact same information. Don't do these things. And then I found a recent news story about, thankfully, somebody who didn't fall victim to a jury duty scam, but almost did. And I just wanted to, for folks who don't know what this is or not totally familiar. I figured, let's just go through it.

Joe Kerrigan

Sure.

Dave Buettner

So the gentleman in this example, his name is Kirkland Collier. Thank you, sir. From Baton Rouge. And he got a voicemail. So it started with a phone call. He got a voicemail claiming to be from a sheriff's deputy. And they were calling him to say that, hey, dude, you missed jury duty. You know, we sent you that little postcard in the mail, and I guess you threw it out. And Mr. Collier, being an upstanding American citizen, said, well, I don't want to miss jury duty. I'm going to do the right thing and call the police back on the phone number that they told me to call. And he was informed by the supposed police officer that he needed to pay a fee for missing jury duty or he was going to face criminal charges. And I'm sure in some part of his mind he was going, that sounds right, because you can be fined if you don't show up for jury duty. They do kind of put that on the card saying, you have to do this. You can't skip out.

Maria Varmazes

Right.

Dave Buettner

So he listened to the person who told them, hey, you owe us money for missing your jury duty, so you need to withdraw $3,500 in cash and delivers.

Maria Varmazes

A little bit excessive for Mrs. Jury.

Dave Buettner

A little excessive for jury duty for, like, somebody's parking ticket violation, but whatever. And he was instructed to deliver it to a location. And when he showed up to that location, he said, wait a second, this is a gas station. What would a police officer be doing telling me to hand them cash at a gas station? So thankfully, Mr. Collier, in the nick of time, realized. And he said, this is the quote from the story. I said, man, I don't believe a single thing you're saying. I'm going to the police right now. So, yes, he realized in the nick of time that this was a scam. And he went to the actual police and not the people that had called him to report what was going on. So he did not lose that money. Well done, sir. He went to the, he went to the news in Baton Rouge, Louisiana to tell people like, hey, this scam is going around. And the FTC on their blog post that also went up recently were saying that there are this again, this whole chestnut has come back. And in some cases the scammers will say yeah, please meet us at this location or send us cash. Other times they ask for payment in bitcoin. There's that old tell or they'll tell. Victims need to tell victims that they need to go to this thing called a government kiosk, which I don't even know what that would be.

Maria Varmazes

It's a cardboard box with government kiosk painted on the side of it in the hole, cutting the side.

Dave Buettner

I'm imagining like put money for peanuts, the government is in or something like that. I don't know. I don't know what that would be. So yeah, that's not a thing in America. Maybe in other countries it might be, but it's not a thing in America anyway. And there are, there are some. Well, not yet, who knows, there's. There are other versions of this jury duty scam where sometimes they, they direct the person to go to a website and after receiving this fake call. And of course the website looks legit with all the scary looking judicial seals and legalese on it and the URL may even seem legit. Ish. And all you got to do to figure out how much money you owe is put in your birthday and Social Security number to look info.

Joe Kerrigan

There you go.

Maria Varmazes

I was thinking about something very similar when, when Dave was talking about the try another credit card thing. I was thinking about somebody I read somewhere said, I'm going to put up a credit card checking site where you enter your name, your credit card number and the CV code on the back and check. If I tell you, I tell you that it's fine, you go about your day.

Dave Buettner

What a handy service, Joe. We should all just rush over right now and avail ourselves of that. It's great. I'm sure nothing can go wrong. Yeah, right. So. And yeah, enter your birthday and Social Security number on this website and then they'll say, oh you, yeah, you owe us thousands of dollars and now here's how you can pay us those thousands of dollars. So yeah, please don't do any of these things. This is very much a scam. And the part that as, as I mentioned earlier, it is in the United States legitimate, that one can in theory be fined for missing jury duty. But the fine is like at most $100. And I, I, I think almost never does anyone ever get fined. And if a fine is actually coming your way, it's going to come through the good old fashioned U.S. postal Service, never by phone or by website. So yes, the courts are not advanced enough yet in our country to ask for crypto. So they're not going to ask for it that way.

Maria Varmazes

Yeah.

Dave Buettner

And you will not get arrested. No cop's going to arrest you. So yes, it's funny because Mr. Collier, at the beginning of this story, like he called the guy back, which is like an interesting thing. Like he's like, you know, don't call me, I'll call you. But the, you know, the number he called was the scammer. Uh, but thankfully all is well in his case that, you know, he figured it out before it was too late and good for him. So if you do get a call the ftc, specifically, if you get a jury duty scam call, to be clear, the FTC wants you to report it to them. So report fraud.ftc.gov so they are tracking this. So yeah, just thought that was interesting and just really funny also that it was almost the same exact blog post from last year because there it is.

Joe Kerrigan

I have a couple, couple questions here. I wonder, if he had gone through with the meeting at the gas station, would the person that he handed the money over to, would that person had been in any way, shape or form dressed like a police officer or like a police officer?

Dave Buettner

Can you imagine?

Joe Kerrigan

Right.

Dave Buettner

Cause that place, uniform from Amazon, just like a Halloween costume. Yeah, maybe that would be funny. Or no, I'm off duty right now, but I'll get it to the station.

Maria Varmazes

Right.

Joe Kerrigan

Like a toy story, Lone Ranger badge clip to their shirt pocket, you know?

Dave Buettner

Yeah. With like the orange tipped pistol.

Joe Kerrigan

Right.

Maria Varmazes

Would have been a good thing to do here is to say, hey, I'm at the gas, call 911, go. I'm at the gas station right now. I'm about to give somebody who told me that they're a cop $3,500 for missing jury duty. Just say that all I just realized, I just realized this is a scam. But I'm going to go in there and that guy's going to be there. It'd be an opportunity to catch somebody.

Joe Kerrigan

Right.

Maria Varmazes

Do you want to do that, see what they say?

Joe Kerrigan

Yeah.

Maria Varmazes

Probably say no.

Dave Buettner

I imagine they've got better things to do.

Maria Varmazes

Yeah.

Dave Buettner

But just interesting. I'm at a, I'm at a Gas station right now and I'm about to hand some person $3,500. Do you want to do something about that? I'm just imagining that.

Joe Kerrigan

Stop me before I'm scammed again.

Maria Varmazes

Right.

Dave Buettner

It's an interesting idea.

Joe Kerrigan

Oh, my. Yeah. Yeah. I don't know the whole thing with jury duty. Like, I. My sense is that they bring in so many people that if one or two don't show up, they're just. They just. That's cool, you know, Not a big deal. They have plenty of people.

Dave Buettner

Yeah. And you can often. I know it does. It varies from state to state, I think. Right. But usually you can defer quite a bit. But yeah. I've never heard of someone being fined even though they do threaten it.

Joe Kerrigan

Right.

Dave Buettner

I think it's just not worth their time.

Maria Varmazes

I'm gonna talk about something around me in my personal sphere, like four or five people have been called for jury duty in the past two months. Two or three months. And I don't understand what's going on because I almost never hear about anybody getting called for jury duty. But like, my son in law got called and got seated on a trial. It was a civil case, but it was over in a day, which was nice. But one of the guys I do some work with, he was out for like two weeks.

Dave Buettner

Yeah. Grand jury, if you're called for grand jury, you're out for months. Happened to someone I worked with in the middle of getting ready for a product. Ga. It was the worst timing.

Joe Kerrigan

Yeah. I've never sat on one. Usually, you know, when I tell them I work in the media, they're like, thank you. Or I've only gone in, I've only. I've been summoned several times or I've received the jury summons. But here, where we live, you can call in and see if they're gonna need you to actually come into the courthouse.

Maria Varmazes

Right.

Joe Kerrigan

Only one time have I actually had to go in and that was just for one day. And didn't, you know, didn't end up getting seated on jury and that was that. I've been lucky so far. So. Yeah.

Dave Buettner

Yeah. When I was a. I was a stay at home mom with my daughter. So years ago, and I got summoned after deferring for years and years and they were like, can you serve on the. On the jury? I'm going, well, I'm just a stay at home mom with nothing else to do. The worst thing I could have possibly said because they instantly sat me. It was really stupid. I should not have said. They were like, well, Right. Here you are.

Joe Kerrigan

Right.

Dave Buettner

And frankly, I was really glad for the break. So. Yeah, that's right.

Joe Kerrigan

Yeah. What you do is you say, I am really excited to be seated on this jury because of my amazing ability to instantly tell whether someone is guilty or not. All right, that is, again, we'll have a link to that story in our show notes, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com Joe and Maria. It's time to move on to our catch of the day.

Maria Varmazes

Dave. Our catch of the day comes from Adam, who I hope was smarter than I was last week with this service turn off notice. You want to go ahead and read this? This is from.

Joe Kerrigan

Sure. It's from payment declined. And it says, payment attempt failure while renewing your subscription for SiriusXM. Your sxm subscription has expired today. Dear customer, we failed to renew your SXM membership. We tried to renew your subscription at the end of each billing cycle, but your monthly payment has failed. We therefore had to cancel your subscription. Obviously, we would love to see you again. If you wish to renew your subscription, click on the link below. In case of ignorance, your services will be completely suspended within 24 hours according to the terms defined in our contracts.

Maria Varmazes

Case of ignorance.

Joe Kerrigan

In case of ignorance. I feel like I'd love to have a sign somewhere that says, in case of ignorance, break glass.

Maria Varmazes

Right.

Joe Kerrigan

And actually. And then have the glass shatter and just little shards of the sign left, you know, in case of ignorance. I wonder what. I wonder what they meant for that to say.

Maria Varmazes

If you ignore the. I think it's. If you ignore this message.

Joe Kerrigan

If you ignore this message. Yes, that's what it is.

Dave Buettner

In case of your ignorance.

Maria Varmazes

Right, Ignorance.

Joe Kerrigan

Right, right.

Dave Buettner

An interesting way of putting that. Interesting.

Maria Varmazes

Yeah, it is.

Joe Kerrigan

Yeah.

Maria Varmazes

Hopefully Adam didn't. Didn't go, I better update my payment information.

Dave Buettner

Oh, I'll give him my social while I'm at it. Just so they can check.

Maria Varmazes

Yeah.

Joe Kerrigan

Either of you guys ever use one of these satellite radio services?

Maria Varmazes

I did. I did a long time ago when it first came out. I was one of the early adopters of it. I used Sirius.

Joe Kerrigan

Yeah.

Maria Varmazes

And it was good. It was pretty good. But the. I think the premium music services are better.

Joe Kerrigan

Yeah, I had the free demo on my car. You know, they give you a couple months to try to get you hooked up, which was great. Again, it was fun. It's nice. I enjoyed it. But there really was no benefit over what I have on my phone, Right. And my car has. What is it? CarPlay. So I just use that.

Dave Buettner

Yeah, my music tastes are too weird and niche. There's no way satellite radio is going to have what I want. So it's like, yeah, I'm good. Thank you.

Joe Kerrigan

See, for me, I just put on yacht rock and I just.

Maria Varmazes

Are you serious?

Joe Kerrigan

I said that for Joe's sake. I just cruise around listening to Christopher Cross and Steely Dan, Donald and Steely Dan, and just sailing takes me away.

Dave Buettner

It's five o' clock somewhere, Steely Dan.

Maria Varmazes

I can actually listen to. But yacht rock, the thing about yacht rock, that I. That I. It's. It's all the music you know by people. You can't. You have no idea who wrote the song or who performs a song.

Joe Kerrigan

That's fair.

Dave Buettner

That's fair.

Joe Kerrigan

Yeah.

Maria Varmazes

Like, who is this? I don't know.

Joe Kerrigan

All right, well, that is our catch of the day. And again, we would love to hear from you. If there's something you'd like us to consider, please email us. It's hackinghumans2k.com thank you. To ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com and that is Hacking Humans. Brought to you by N2K CyberWire. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show. Notes. Please do check it out. This episode is produced by Liz Stokes. Our executive producer is Jennifer Iban. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bitner.

Maria Varmazes

I'm Joe Kerrigan.

Dave Buettner

And I'm Maria Varmazes.

Joe Kerrigan

Thanks for listening.