A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner, and joining me is Joe Kerrigan. Hey there, Joe.

C

Hi, Dav.

B

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria.

A

Hi, Dave. And hi, Joe.

B

We've got some good stories to share this week, but first, let's jump right into our follow up. Maria.

A

Oh, boy.

B

We get letters.

A

We do.

C

We do.

A

And we have been getting letters, and boy, did we get a good one. I was just. It arrived while we were recording our last episode and it killed me. That's when it came in, but now we're gonna share it. So this is from Professor Metcalfe, and they wrote this submitted for your consideration. The next time an aquatic life form does something and we're not sure if it's a crime, perhaps we should designate it as a fish demeanor.

C

Pretty good fun.

A

Professor Perfection. Professor Mecat perfection.

B

That was pretty good.

C

It was good.

A

It was so good.

B

I like it. I like it.

A

Yes. And we got other emails as well. Do you want me to go to the next one, Dave, or.

B

Sure, sure. Why not?

A

Sure. This one comes from our listener, Bill, and they wrote. Hi, Dave. Joe and Mar. Love the podcast. I listen to many shows in the interconnected Dave Bittner universe, the unknown rival of the Marvel Comics universe. Right there.

C

Right.

A

Your previous discussions of at least cataloging your IoT devices poked me in the brain to work on my home network to do list, and, like many, have lost track of all the etoys that we have let infiltrate our network. Hard relate. One easy ish fit, which had Walmart.

B

Easy for you to say.

C

This is a tongue twister.

A

One easy ish fit fix. Someone say easy ish fish? That's not right. One easy ish fix I implemented was to power up a second home router dedicated to 2.4 GHz, configuring it with a different IP network and shutting down 2.4 on my primary. This has led to some minor inconveniences, but it hasn't broken anything. And my next step is to turn that Iot SSID into the 2.4 guest network, thereby, I think, locking the different 2.4 devices from each. It's an interesting idea. I might actually steal that idea and they concluded with take care and keep the chicken updates coming. So, Joe, over to you.

C

So, yeah, I do have an update this morning. I have confirmed beyond a shadow of a doubt that I definitely have a rooster.

B

Oh, so how does one do that, dare I ask?

C

Well, hens do not crowd.

A

How early in the morning was, was.

C

Like quarter to seven, maybe? Yeah, quarter seven. Because what's happening right now is I'm taking the water in every night because if I don't, it'll freeze. And then I'm taking it back out in the morning and I actually put like two thirds of it, like hot water and then the rest of it cold water. And that makes, makes it warm enough for the chickens to come out and drink. And then hopefully my hope is that it won't freeze before I get home. Although it has done.

B

And.

C

But you know, chickens can go a little, little while without water, but not too long. You don't want them out there all day without it. So, yeah, I want to make sure they have it for as long as they can. But I went out there this morning and it was, you know, sun was coming up and I put the, put the, the water bucket into the, into the chicken feeder or into the chicken coop, run the run. And I hear them rustling around in there. And all of a sudden I hear this rooster crow. Like, you hear a rooster crow? And I'm like, well, definitely a rooster.

B

Definitely a rooster.

C

Yeah. So his name was probably a rooster. Now he is just a rooster.

A

So did the hatchet then come out or what was the next.

C

Nope, I'm not gonna get rid of this. I put a picture. I've been telling you how beautiful this bird is. I put a picture in this script here.

A

Yes.

C

You can see how handsome this bird is. He is the white one in the foreground.

A

Indeed.

C

He is very noble looking in this picture.

B

Okay.

C

He is an Americano. The one pecking right in front of him is the female Americano. So we may actually wind up trying to make little Americano chickens, little nuggets, if you will. Little nuggets.

B

You're just gonna offer moral support, right?

C

Go, buddy.

B

Set up the circumstances. You got this, man.

C

Yeah, I just gotta isolate that chicken, that hen from the other, from the other hens because I don't want cross breeding of the other chickens. I don't want these other hens brooding. If I'm going to do this, I only want one hen to bro rude. So I don't know how that's going to work. I may not even do it. I Don't know if I have to re home the rooster. I have already found somebody who is willing to take the rooster.

B

Okay.

C

So it's good.

B

Now, are you allowed to have a rooster? Because some places you're not.

C

Technically, I don't think I am because I don't have enough land to own a rooster.

B

Okay.

C

But, you know, I'm gonna see how this goes, but.

A

Yeah. What's your acreage? Do you have to have several, like two acres or more or what's three acres or more? Three acres or more?

C

Three acres or more. I think that's what I remember hearing. I might be incorrect on that. It might be that. It just might be that. That' point where you get unlimited chickens. But, like, I can have 12 chickens on my land.

A

It's a one acre limit. I have a neighbor whose rooster I can pretty clearly hear down the road. But I. I mean, I enjoy that sound, but. Right. Not everybody does. I do understand that.

C

Right. So I'll be making some buckeyes this Christmas season and going around and giving them to my neighbors going, hey, how you doing? Yeah, I got, you know, don't. If the rooster bugs you, let me know. Oh, the rooster won't bug us. That's what I'm hoping to hear from everybody.

A

But I'm getting my best red wine ready for a nice pot of coq au vin. Just saying.

C

Nice.

B

I feel like roosters are kind of like freight trains where you enjoy the sound of it when it's off in the distance.

A

That's fair. That's fair.

C

Yes. Yeah.

B

Yeah.

C

It's nice.

B

Where I live, I can hear there's a freight train off in the distance that I can hear. When the, you know, when the wind's blowing in the right direction, I can just hear the rumble of it. And it's several miles away, and that's good.

A

As opposed to your windows are shaking and you can't sleep at night, which is bad.

C

When I was leaving here last week after recording, I heard that track. I heard a train on that. The horn of a train on that track from here. And this is farther away from the track than your home is. And we used to hear it when we lived in Colombia all the time.

B

Yeah. No, it travels.

C

Yeah. Especially in the winter.

B

My wife and I had friends who had like six kids. And we were like, wow, six kids. And they're like, yeah. Our first home backed up to train tracks. Like, okay, every morning, 5am the train came through. Well, we're both awake right now. We got six kids right so there you go.

C

I did it. I see what happened.

A

I fill in the blanks on that one. Gotcha.

B

By the way, going back to the IoT thing, just to rewind. And specifically, Iot devices that sneak their way onto your network. So I was setting up our Christmas decorations this past weekend.

A

Are they Internet enabled? Dave?

B

Well, I'm getting there.

A

Oh, okay.

C

All right.

B

Back off, Maria. So she's stepping all over my story, so I'm just really eager. You know who usually does this?

C

That's me.

B

Joe usually does this.

C

I was just about to ask for Maria beat. Me, too. That's all.

A

Don't make me. I'll slow my roll. All right. I'll slow my roll.

B

Don't make me add a fourth host. So I'm setting up our Christmas decorations, and we have a couple of inflatables. We have a giant abominable snowman.

A

Bumble the bumble.

B

Yeah, he's 12ft tall. And we have a giant inflatable menorah. And they both go on our top deck, which is on the third floor of the house, so you can see them from all over the land. And I have a remote control, an IoT remote control. It's part of my smart home system that I had assigned to these devices last year, last winter, and I had put it in the box with all of the things when I took them down this year. So when I set things up this year, I plugged in this device, plugged in all the different things that were plugged into it, powered everything up, and I'm sitting about 9 o' clock at night, and this deck is right outside of our master bedroom. And all of a sudden they all shut down. 9 o' clock on the money. My wife looks at me, and then I look at my wife, and I said, well, the automation I programmed last year is still functioning.

A

There you go.

C

Yeah.

B

So the same thing happened 6:00am everything powers up, everybody inflates, and it's all good in the world. But it reminded me how these things can linger even year after year, that automation was probably trying to reach out for this outlet all throughout the year when it wasn't there. And then it finally showed up and it was like, yay.

A

This happy reunion of bits.

B

Exactly.

A

Aw, it's kind of adorable.

B

All right, getting back to chickens real quick, Joe, our Cyberwire colleague, Gina wants to know what brand of door you have on your chicken coop. You were talking last week about your automatic doors, and she is door curious.

C

It is a makai M a y K I they it is currently unavailable on Amazon. It's. I went with the door that opens vertically and is one sheet of metal simply because once it goes down, then I think that predators are gonna have a hard time getting in there. That's really. I really wanted something secure, so I just went with something that has. Has a little geared wheel that raises it and lowers it.

B

Okay.

A

This is quite a product. Sorry, I just looked it up. This is a lot more to a door for a chicken coop than I ever would have imagined. This is. There's a whole bunch of stuff to this. This is not just a little door.

C

Yeah, I had to modify the chicken coop too.

A

There's a status panel on there. I mean, my God.

C

Yeah, this thing was like, I think I said last week, 40 bucks. I looked it up. Or 50 bucks. It's only 40 bucks for me. And they still have comparable models out there. They have one that rolls up like a little tiny garage door. I think that's a door.

A

Oh, they're.

C

Wow.

A

Okay.

B

I'm just imagining you building an underground bunker for the chickens. Little fallout shelter just in case.

C

In case the fox comes.

B

You never know. Right? Exactly. And now a word from our sponsor. Threat Locker, the powerful zero Trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources, and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. All right, let's get to our stories here. Joe, why don't you kick things off for us?

C

So my story comes from Google. Back in November, Google's general counsel, Halima Delaine Prado, released a blog post titled a dual strategy, legal action and new legislation to fight scammers. So this post refers to something that is called Lighthouse, or at least that's what Google. What Google is calling it. And this is a phishing as a Service organization and kit. And it's not really. I'm not really sure from reading the blog post if what's what if it's the organization or if it's the kit, we'll just call it the kit right now. But the Prado says that these bad guys built this kit and really the name is not important. Right. But this is one of those kits that's designed to serve up malicious SMS messages and then provide landing pages for them. So we've all heard tons of stories about the SMS messages from ez Pass. And there's other ones from the Postal service and dhl.

A

The fake ones. Yes, the fake ones, right, the fake ones, right.

C

These are all the fake ones. And what is happening here is that is that Google has found at least 7, 107 websites, website templates, rather hosted websites that feature Google's branding and sign insights that are specifically designed to trick people into believing the sites are legitimate. So it looks just like they scraped Google's sign in page and said, hey, sign in for your stuff.

B

Right.

C

The, the blog post says that Lighthouse has harmed over 1 million people in more than 120 countries, stealing somewhere between. And this is a wide range, 12.7 million and 115 million credit cards in the US alone. So I don't fault Google for the wide range here because it's really hard to gauge this. You can only look at the complaints filed and the information you have and if you interpolate that out to a larger audience, you're probably somewhere in the ballpark with this number. And yeah, statistically in statistics it's really hard to get numbers for when you don't have a good sample size. So that's why this number is so wide. This represents a five fold increase in these kind of attacks since 2020. Well, Google took these 500 or the 107 web pages that they found and they have essentially filed a lawsuit and they're suing people. Who are they suing? They don't know. I went and I scrounged around the Internet a little bit and I found the complaint, the lawsuit. And, and the lawsuit names one to 25 Does.

A

John Does.

C

Yeah, yeah, John Does. Not deer. Right. I'm just, I'm just going to just.

A

Burst down to that song right now.

B

Right?

A

Yeah, yeah, John Does.

C

Right. So that's one half of this article. The other half of this article is talking about strengthening defenses through policy. And you know, it says the post says we can only address one operation with a lawsuit. What we need is more robust policy. They talk about these three, I guess, bills that are being proposed right now and the first one definitely comes from the U.S. department of Acronyms and that is guarding unprotected aging retirees from deception, which is called guard. And this is sponsored by senators Britt from Alabama, Scott from Florida, Gillibrand from New York and Nunn from Iowa. Oh, and Fitzgerald from Wisconsin. Oh, and New Jersey. Somebody from New Jersey. Gottheimer. This stage would empower state and local or this legislation would empower state and local law enforcement, enable them to utilize Federal grant funding to investigate financial fraud and scams specifically targeting retirees. So I guess the only benefit here is that funds would flow from the federal government to the local government specifically for establishing offices helping older people when they've been scammed.

B

Right.

A

It could be very helpful though.

C

It could be. It could absolutely be very helpful.

A

I mean, that's usually the advice that people are given is go to your local police. Right. If something's happened to you. So that would be huge.

C

Yeah.

B

And.

C

Well, I won't talk about my experience with going to the local police.

A

Yeah. Your mileage may vary hugely. That's true. No doubt about that. Yep.

C

Right. The next one is called the Foreign Robocall Elimination act, which I kind of like. Sponsored by Senator Bud from North Carolina and Senator. Senator Welch from Vermont. And this legislation would establish a task force. I always have problems with the word task force. I want to say tax force. Task force focused on how best to block foreign originated illegal robocalls before they ever reach American consumers.

A

Don't we already have the answer to this? Sorry, what are we talking about it last week?

C

Stir tax or stir stir. Shaking is a good way to do it. Yeah, I think. I don't know, I haven't looked into this. But every time you get one of those suspicious calls or scams suspected, I think that's just a phone call that comes in without a stirred shaken record that doesn't have a signature, they're just allowed to ring your phone. Could be, I don't know. Like I said, I haven't looked into it again. Oh, and then here is a great acronym, one that really comes out from the U.S. department of Acronyms, SCAM compound, accountability and mobilization. The SCAM Act. So it's kind of self referential there. Sponsored by Senators Corin from Texas and Shaheen from New Hampshire.

A

New Hampshire. Yep.

C

Yeah. Right. This legislation would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds. Now, I don't know how good, how beneficial this will be because not a lot of these compounds are in the United States.

B

Yeah.

C

So it's outside of the US jurisdiction for this. So what? Help me understand this, Dave. You're more the legal guy or at least you have another podcast with a lawyer.

B

Say, where's Ben? Yelling when I need it.

C

Right?

A

Yeah, yeah.

C

You're the one that talks to Ben every week.

B

Throw the bat signal up.

C

Right? Yeah.

B

I don't know if this is, you know, is this international funding to support those efforts or. You're right.

C

Maybe that's all it is, is just funding. Yeah, but who are we funding? Yeah, that's a good question. I'd like to read this act a little bit more. So anyway, that's the story, that's the blog post. The sum of it, pretty much, it says that they're taking legal action against 25 people they can't name. 25 people or organizations they can't name and don't know who they are. And they filed this lawsuit. I think that lawsuit's probably just completely worthless.

B

Well, it's performative.

C

You're right. It's performative.

B

It allows them to put out this statement. And should these people's heads ever pop up out of their little holes in the ground. Yes, they might get nabbed or whatever.

C

Yes. I just imagine the people behind this going, oh, no, they don't know who we are. Let's keep going. We're doing pretty well.

A

Yeah.

B

Yeah. Interesting. All right, well, we will have links to those stories in the show Notes. Maria, what do you got for us this week?

A

Well, I've been doing a little bit of reflecting on Australia's new. Well, not new, but their under 16 social media ban just went into effect as of time of this recording. And I've been reading with great interest the reactions from Australia about how things are going, especially from teens, whether or not this has been effective or they find it annoying or a relief. And some of the memes I've been seeing has been really focusing on the under 16s didn't need this so much as the over 65s do. And that was. That sort of brings me to actually the crux of what I wanted to talk about today, where there's a. There's a survey that came out, I think, over the summer from Cox Mobile, along with Common Sense Media, where they surveyed the youth, the sandwich generation, which are folks I think basically like us with both children as well as parents who are older that we're helping take care of. And then also they surveyed seniors, so. And they surveyed across these three groups what their main concerns about being online in this day and age are and what their concerns of safety are. And then something I want to focus on specifically is what they found out from seniors. When they talked to the seniors in this survey. They said most of them consider themselves digitally literate and seniors in this case are over 65s and that they use their devices for shopping, banking, social media and entertainment. And 41% of seniors surveyed said they reported spending five or more hours online every day, which that gave Me pause, because I'm going, how many hours do I spend online a day outside of work, at least of the retirees that I know who are not obligated to be tethered to a desk, how many hours do I think they're spending? And honestly, five or more does track for the people that I can think of where I'm just seeing them on their phones all the time. And that then made me look. After I thought about that, I went back and looked at some of the results from the sandwich generation, specifically folks closer to my age and their concerns about their parents or their elderly in their life. And they said that in this survey, more than a third of their parents had experienced phishing, scams, malware, or data breaches in the last year. And 60% of the sandwich generation said they're worried about the risk of identity theft of their parent or elderly loved ones. So I just, that just to me, it was just an interesting. I don't know, it was very telling that while the seniors said that they felt like they were pretty good digitally literate and they're also spending an unbelievable amount of time online every day, the sandwich generation, who are presumably looking out for these folks, are going, I am seeing something a little different from what the elderly are reporting. So that definitely gave me some pause. And the survey had some takeaways for the sandwich generation in conversation with the seniors, although seniors, of course, are very welcome to listen in about what they can do to enhance safety of the over 65s online. So I thought I would just go through those because again, I think a lot of us are having these conversations this time of year in general. So just something just to brush up on. So number one for the recommendation was encouraging strong passwords. Yes, table stakes. But recommending a password app if. Password manager app if you can, but maybe help set one up. If this is something they're having trouble with, or honestly telling them to write them down in a notebook that they keep near the computer, that's okay for a senior to do that. We don't have to scare people out of doing stuff like that. At that point, if someone breaks into their house and steals their password book, they have bigger problems.

B

Right, Right.

A

It's. I know we were telling people for ages don't do that, but, you know, certain situations, it may make more sense that it's all right. Number two is to promote security software. So many seniors say they have security software installed, but they may not have automatic updates enabled and they may not know how to do that. They may need some help with that. And they may not know that that also could include their mobile devices. So if they have a desktop machine at home, they may be more up to date with that than on their phone, that kind of thing, anything like that that can help protect them is a good idea to have set up. In my own personal situation, I don't know about what you all have ever seen, but I know that my parents would often disable that, sometimes unknowingly because they found it really annoying and then forget to re enable it. So that's like.

B

Right, right. It's a really good point because when it comes to this sort of thing, you know, there's that old saying, if it ain't broke, don't fix it. That doesn't apply to soft. Yeah, because. Right, because vulnerabilities get discovered and patched.

C

So in this case broken means you're vulnerable.

B

Yeah. So I think if you're going to be visiting family over the holidays or something like that, maybe asking them if you'd like them to take a look and see if their devices are up to date, that's a good thing to be able to do.

A

Yeah, it's a pretty. And for a lot of us it's a pretty quick. I would, I guess for a lot of our listeners this would be a pretty quick and relatively easy thing to do. And this could actually save you quite a bit of grief later. So it might be worth saving yourself some trouble and just doing it now. Number three recommendation is encouraging them to enable multi factor authentication and maybe in some cases just introducing them to what it is. Those text messages you sometimes get, people don't always understand what this means. And you know, why do I need this if I have a password? These are all good conversations to have. People may be familiar with it through their banks, but they may not understand the value of enabling it for other services. So just talking to them about it can be a huge, like, it's worth the trouble, you know, it's worth doing. Make sure for your really important stuff you've got that set up. The number four thing is to review what apps and channels have accumulated on devices over time. About half of the seniors who were surveyed in the survey I was referring to earlier say that they make a habit of checking that their own devices have unsafe apps removed. They go through and kind of do a app hygiene check. That's only half. Right. So maybe we encourage the other half once in a while. Just check. Like, do you know everything that's on your phone, what it's doing. If you don't, maybe it's time to delete it.

C

Yeah, I don't know. Everything that's on my phone.

A

Fair and also same. But for me, when I was on my long flight the other week, that was a great time for me to do that. I'm like, I'm stuck here for 11 hours. I'm just gonna go through and see what's. What else am I gonna do? Read a book? Nah, I'm gonna go. Just go through my phone and see that I know what all the apps are. And I found myself deleting quite a few. The number five recommendation is to use built in safety features. So these are privacy controls. So this might be a really abstract one to explain to people about why you need to be kind of prescriptive about location sharing and not just say yes to everything. But if this is something that is definitely worth talking about with your loved ones and just make sure that if there are security features on devices that make sense for them, make sure that they're turned on again, just take a few minutes to look out over it with them and explain what they are. And number six is sort of the overarching one of what we've been saying is talk to the loved ones in your life regularly about what's going on. The senior surveyed said they one third of them, one third of them have conversations about this stuff several times a week or even daily, which is great, but the other two thirds are not. So, you know, if you're listening to this podcast, you're pretty on top of what's going on in the world and good job. But if you've got folks in your life who are not keeping in on the stuff, which is most people you know, you could help them out and just tell them, hey, did you know that there are scams that use AI to generate fake voice versions of people? You know, that might sound very convincing to try and scam you out of your money. You know, are you trusting incoming phone calls? That kind of stuff? The things that we all talk about all the time. Are you talking to other people in your life about this? So if you're not, can I just encourage you to please do so? Because that can really, really help somebody out. So that's my PSA for the other 2/3 of seniors who are not talking to folks about this stuff. They could use your help.

B

Well, if you find yourself wanting for conversation around the holiday table, you can survey your relatives and find out how they're doing with all this stuff.

C

Yeah, let's Have a riveting cybersecurity discussion.

A

It can beat this alternative, especially if it gets political. So I'm just saying it can beat the alternative. I mean, people come to me in my family because they know I'm the family nerd. So they just go, hey, Maria, what's this thing? And I'm just the same thing with my neighbors. Lately, they've all been finding out that this is what I talk about. So now I'm getting text messages or questions at the bus stop about, what is this thing? What is that thing? So I'm happy to be that person. I know not everybody is, but I'm very happy to help. So I guess send them to me. I don't know.

B

Well, I think I mentioned last week I was sitting in the dentist chair and my dentist was asking me about passwords and password managers and all that kind of stuff.

A

Yeah, yeah. And I know that my town's local senior center and our library often have tech check ins for seniors, like once a month or something where they just. They just need volunteers who are a little more tech savvy to come in. And if a senior has questions about something, they just, they just, they need to have someone they can ask. Sometimes they just have to show their phone to somebody and go, what's going on here? So if you're really interested in helping people out, like, there might be something like that around you or you could volunteer some of your time. So, yeah, yeah.

B

This is one of my main responsibilities with my father, when he was still around, the phrase was Dave, while I have you here.

A

Yeah, thank you. You're like, it's gonna be a while when you pull up a chair.

B

Right? Thanks for coming over and visiting. And while I have you here, I need you to look at the computer or the printer or whatever.

A

Five hours later.

C

Right? Exactly.

A

The struggle is real, Dave. The struggle is real.

B

Well, dad, we're buying you a new computer today. Congratulations, you're on the update. You get new computers more often than I do because it's the path of least resistance. All right, good stuff. We will have a link to that story in the show notes. I tell you what, let's take a quick break to hear from our show sponsor. We will be right back after this message. And now back to our sponsor, ThreatLocker, the powerful Zero Trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core threat locker product focused on endpoint security, designed to prevent unauthorized software from running, control how applications interact, and manage access to storage devices. Its building Blocks are Allowlisting, Ring Fencing and Network Control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class endpoint protection from Threat Locker. And we thank ThreatLocker for sponsoring hacking humans. And we are back. It is my turn. And I actually have two stories this week because they're both short. The first one is we got a new alert from the FBI and they have put out a warning about what they're calling virtual kidnapping and extortion schemes. This is an evolution of those grandparents scams, right. Where they used fraudulent proof of life photos or videos. They're saying that what they're doing now is they're scraping these from online postings, sometimes from real missing person information. So imagine how bad that you already have someone missing. These folks scrape that information and then.

C

They go after the family.

B

They go after the family, right?

C

Yeah. I am as equally appalled as Maria is on this one.

B

Yeah. So they have nothing to do with the person being missing, but they call the loved ones and they say, we've got your kid or your love, whoever, and send us money. And of course you send them the money and nothing happens.

A

So evil. That is so evil.

C

Yeah, that's a great way to describe it, Maria.

A

It's just straight up evil. That's just terrible.

B

So the FBI says that these fancy AI tools are being leveraged by the criminals to alter footage from social media and to facilitate the scheme. So they can, they can make videos, they can make photos. Of course, we've talked before about, they can make audio files of people. Sometimes they'll just have someone who's being a mimic. But these days, sometimes if you have video of a loved one that is online that they can view, it doesn't take much to be able to synthesize a version of their voice and have it say whatever. Right. So the main advice here is to have a family password.

C

Yes.

B

Right. So it's a family password that everyone knows if there's trouble and you need to verify that someone on the other end of the line or the call or whatever is the person that they say they are. You can ask them what's the family password, and if they don't know, that'll tip you off that it's probably not actually them. So.

C

Right.

B

Be warned.

C

Solid if you get the phone call and you're like. Then they're like. And you're like, what's the family? Just turn around and ask my child what the family password is. Because the first thing I do is. You think this is a game? I'm like, look, this is something very easy for you to do to verify that you have my son.

B

Right?

C

All you have to do is ask him what the family password is. He'll give it to you. And if you give me the right password, you'll have my undivided attention.

B

Right?

A

Wow, you are remarkably calm in a child kidnapping situation, Joe, I gotta tell you.

B

Well, you haven't met Joe since kids. I have. And.

C

You want to feed that boy.

B

Oh, you don't know what you got yourselves into here, fellas.

C

You know how many groceries he eats? He eats his weight in groceries every day.

A

Have fun with that, guys.

C

Right?

B

Yeah.

C

It's like the ransom of red, Chief.

B

That's it, Right? Yeah, yeah, no, I. You know, let's. I love it, Joe. Because, look, let's not waste each other's time, right?

C

Yeah.

A

Are you yanking my chain? All right, get.

C

Immediately. The first thing I think is this is a scam anyway, right? Like, whenever I answer the phone, you know, sometimes I do the Mabel Johnson voice because I'm almost convinced it's a scam. Every time. One time I did that and my dad was on the other, oh, hey, dad.

B

It's like, oh, God, my idiot son again.

C

Right? Yeah, exactly.

B

Been doing that Mabel Johnson voice since he was 13.

A

He thinks it fools people and we all just play along.

C

Yep, that's right.

B

That's right. Oh, my gosh. So my second story, this actually comes from the folks over at Billboard magazine, the music related magazine, and they were tracking scams for fans of music performers. They say that these scams cost victims more than $5.3 billion in 2025.

A

What?

B

So these folks are hijacking the Instagram accounts for major artists, including Adele, who I recognize the name of. Future. No idea.

C

I don't know who that is either.

B

Future. Maria, you're younger than us.

A

No, that doesn't mean Tyla.

B

Does Tyla mean anything to you?

A

Nope.

B

T, Y L, A. Nope.

A

Nope.

B

And even the official page for the late Michael Jackson. All right, him.

C

I know, I know. Michael Jackson.

B

Right? So they push cryptocurrency scams, and Gizmodo reported that there are also some folks posing as Johnny Depp. And they even had his voice. They convinced one fan to hand over $350,000 to Johnny Depp, by the way, I want to just inject here that just this past week I heard from a longtime friend that their mother was scammed out of about $200,000. Yikes. By a romance scam.

A

Oh my gosh. I'm so sorry.

B

Yeah. And what's even worse is that the mom still thinks it's legit.

C

Right? Yeah, that happens so often.

B

And so my friend is estranged from their mother because. Because of. Well, in part because of this. And it's just heartbreaking. Anyway, back to the story. The complaints to the FTC suggest that this fraud ring stole millions in total. And the problem here is that musicians these days are relying heavily on their social media platforms. They gotta market their tours, their albums and all that kind of stuff. And so these channels have become high risk entry points for fraud and reputation damage. And people are pretty starstruck when it comes to musical folks. I think about who would I be most starstruck to meet? And certainly half of them are probably musicians I admire a lot. And I don't tend to get starstruck, but I can think of some. You know, and it's funny, I saw Stephen Colbert talking about this recently. He was talking to Paul McCartney and he was saying how Colbert was saying how he rarely gets starstruck, but he was totally starstruck by getting to chat with Paul McCartney. And he said he thinks the reason is because Colbert doesn't know how to make beautiful music, doesn't know how to write beautiful songs that affect millions of people all over the world. And so that ability seems magical and mysterious. Right. And that leads to being more starstruck than say, someone who can do something that you know how to do. They just do it better.

A

That makes sense. I could see that. Yeah, I understand. Explanation. I am also wondering, in the case of Michael Jackson, what was the ask in that? I mean, he's not alive anymore, right?

B

Or is he?

A

Or is he? I guess Elvis is also asking for money. I mean, I guess I could think of some schemes like, you know, people going, his estate is broke because of, you know, something or other. But it's still. I mean, he's not with us anymore, so. Okay. Yeah, I really don't understand what the ask would be.

B

Yeah, yeah. So the idea here is just be mindful of these things. Warn your friends and family that musicians don't ask to get you involved in cryptocurrency schemes.

A

Generally, start with that.

C

Or you can be like me and just have a healthy contempt for celebrities.

B

Okay.

C

You know, like If Taylor. It says here. They also mentioned Taylor Swift, Sabrina Carpenter, Billie Eilish, all three of whom. I know who they are. And I'm not a big fan of Taylor Swift's music.

A

That is not a shock, Joe. You are not her target demo. No offense.

C

I'm also not a big fan of Billie Eilish's music. I don't like her.

A

Again, not the target demo, Joe.

C

But I don't like her tonal qualities. But Sabrina Carpenter, I saw her on snl. I was pretty impressed.

A

Wow. All right. Still not the target demo, but okay.

C

Right. I know, but, you know, I could. I could see someone sing and go, that's pretty good.

B

You know, what about if one of your. You know, one of your guitar gods, like, if you. Lemmy reached out to you and said.

C

Lemmy? Yeah, he's like Michael Jackson. He is also deceased.

B

Well.

A

Or is he?

B

Or is he?

C

Technically, he was a bass player, so.

B

Death has not slowed me down.

C

Right.

B

And I need your investment.

C

Slow me down say, all right, I got to put the microphone way up here.

B

Yeah, Right.

C

I love Motorhead.

B

Everybody has somebody.

A

Can I make a really out of the way suggestion? Do what I did and work for the people that you idolize in music, and you will never care about them ever again because you will see what they are like in person, up close.

B

And you'll go, yeah, that's true.

C

Yeah.

B

Never meet your heroes.

A

I did that in my 20s, and, yeah, that cured me of any idols that I had.

C

I met Metallica one time.

A

I'm sorry.

C

Yeah. I will tell you this. Jason Newsted was a really nice guy, and I haven't ever met Bob. What's his name? Robert Trejo? I can never remember what his last name is, but he was also a bass player for Suicidal Tendencies, but the rest of the band was insufferable. And that is not the first time I've heard this. Like, I have a friend of mine, I'm telling this story out of school, but he went into. He flew out to California and he went into somebody else's house. And he walks into the house and he looks at the guy sitting on the couch. He goes, oh, you're James Hetfield. And it is James Hetfield. And James Hetfield throws his head back and he goes, you said there weren't gonna be any fans here. To the hostess, right? And this guy looks at James Hetfield and goes, I'm not a fan. I just know who you are. And he won.

B

All right.

C

Touche. Yes. That was funny. You know, I Think I'd be impressed to meet. I don't know. Yeah, I might like to meet, like, Tom Ariah, the lead singer from Slayer.

B

Okay.

C

But maybe Dave Lombardo, the old drummer from Slayer, because I'm really impressed with him and his percussion stuff, and I like that. And I think he's really one of the best percussionists in rock and roll ever. Like, he's in my top three with Neil Peart and what was his name, Buddy Richard.

B

Oh.

C

So sure, I put him in that caliber of drummers, so maybe those guys.

B

Yeah.

C

But I don't think I'd be starstruck. I'd be like, hey, it's really good to meet you.

B

Okay.

C

Because I've met famous people before and I haven't been impressed.

B

Yeah.

A

All right, well, what if you met Tim Berners Lee?

C

That would be cool. Maybe I would be a little Star Trek.

B

There we go.

C

I have met Audi, Shamir, the S, and rsa.

B

Oh, yeah.

C

And he and my wife hit it off. And he is a great guy.

A

Like, you just gotta find the right kind of star, you know?

B

I met Michael Dell one time.

C

Oh, did you?

B

I didn't know it was him until after the conversation. And I was like, oh, wait a.

A

Minute, dude, you just had Adele.

B

Yeah, right. He was just introduced to me as Michael, and I'm chatting with him, having a lovely time. He walked away and I went, wait a minute.

C

Hey, wait a minute.

B

That was Michael Dell. So it's all good. All right. We'll have links to both of those stories in the show notes. Joe, Maria, it is time to move on to our catch of the day.

C

Dave, Our catch of the day comes from the Scambait subreddit. It looks to be some manner of text exchange.

B

Yes, it is. And so I was originally, I had in mind that I would do this exchange with Maria, but I actually think it'll be way better if I do it with you, Joe.

C

Okay.

A

I was gonna say that exact same thing, Dave. Thank you. Cause I read it and I was like, no, no, no. The two of you need to do this.

B

Yeah, yeah, yeah. Thank you. So I will start off. So I'm the text on the left side of the screen. You are on the right.

C

Okay.

B

So it starts off and it says, okay, my love, sweet dreams.

C

And that is from yesterday. So this morning I wake up and I go, good morning, darling. How are you?

B

Good morning, my love. Waking up today, my first thought was you. Your smile, your warmth, the way your presence makes the world feel softer and brighter. I hope this Morning wraps you in peace and reminds you of just how deeply you're cherished.

A

This fanfic is crazy.

B

May your day be as beautiful as your heart and may every moment carry a bit of the love I'm sending your way. I am grateful for you, always.

C

I'm good. Darling. That was truly beautiful.

B

Sweetheart, I'm facing an unexpected and pressing concern. Just after we finished talking earlier, the security company where I store my safe box reach out to me, announcing their sudden closure, requiring all clients to retrieve their boxes immediately. I'm deeply worried about the potential security risks and the urgency of the situation. My safe box contains invaluable assets, including my life savings, important documents, cherished family heirlooms and inheritance.

C

But they are not allowed to do that, darling. If they close it, they have to give 90 days notice and supply an alternative. What is the security company called? Darling, I didn't.

A

Darling.

C

Why didn't you use a bank like 99.999% Americans for Life savings?

A

This wasn't actually you, Joe. I'm just saying.

C

No, okay, that is exactly the tone in which I would ask that question.

B

All right, so time passes and we reconnect here. So, Joe, you start things off here. The next graphic there.

C

I'm good and had a great sleep. It's very cold this morning. And frosty.

B

I'm sorry, love. I wish I was there to cuddle with you, hold you close to myself and give you a wet kiss.

C

A wet kiss sounds so good. Darling. Any news yet?

B

I can't wait to kiss you passionately.

C

Still only the second gayest thing I've ever done.

B

And make you feel on top of the world with romance and other sweet memories.

C

Sounds wonderful. Sounds wonderful to me, my love. Is there any news yet?

B

I'm still waiting, honey. I'll let you know. How's your morning going, my beautiful queen?

C

It's going well. It's going well so far. How's yours?

B

Mine is going well, too, honey. There's only one way to happiness. And that's to cease worrying about things which are beyond the power of our will. Love means making the other happy. Even from a distance. Love is knowing you are the bud from which this happiness blossom. Your presence in my life brings wonderful smiles and loving thoughts within my heart. I bless the day we got connected because I feel a very deep connection with you. I love you today, tomorrow and forever.

C

That is truly beautiful, my love. I love you.

B

To love is to please place our happiness in the happiness of another kiss. Slowly. Love deeply, forgive quickly. When I close My eyes and think about you. I feel a warm gush of summer breeze that summer breeze.

A

Excuse me. All right. You two need some time alone.

B

That's because you're the sunshine in my life. I love you much more, darling.

C

I will make you happy and give you everything you truly deserve. My love.

B

End scene. Maria, I don't know why you don't take our love more seriously than you do. You know, Joe and I have been doing this a long time before you joined us, so naturally, we have feelings for each other. Of course.

A

I really was like, I should just log off and just let you two have your moment.

C

Obviously, a romance scam.

B

I mean, and I put victim in air quotes because they are very effectively playing along.

C

Right?

B

Yeah, but, you know, there's so many steps here that we see in a typical romance scam of just the love bombing, the problem that needs to be solved, setting the stage for that. You know, we didn't actually see the ask here, but you know it's coming, right?

C

Well, there was the ask for the money for the. For the. The vault. Right. Right in that, like, almost like a trunk box scam kind of thing going on.

B

I think so.

C

Still, old scams wrapped in the Internet. That's all it is.

B

Yeah, that's right. That's right.

A

Why didn't you use a bank, like, 99.999% of Americans?

B

That's beautiful.

A

Yep.

B

All right, well, we would love to hear from you. If there's something you'd like us to consider for our catch of the day, you can email us. It's HackingHumans 2K. We will be right back after this message from our show sponsor. Thank you to ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com. And that is hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. I still have the giggles. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by List. This episode is produced produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by the very handsome Elliot Peltzman and the irresistible Trey Hester. The beautiful Peter Kilpie is our publisher, and I am most definitely not Dave Bittner.

C

And I'm Joe Kerrigan.

A

Darling, this was the best Christmas present ever. Thank you. And I'm Maria Parmasis.

B

Thanks for listening, my friend.

A

I hurt from laughing. That's not just the bronchitis talking. This is from laughing.