A

You're listening to the Cyberwire network. Powered by N2K.

B

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Hello everyone and welcome to N2K CyberWire's Hacking Humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe.

C

Hi, Dave.

B

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Hello, Maria.

A

Hi Dave. And hi Joe.

B

All right, before we get to our stories this week, we have some follow up. I'm going to kick things off here. An anonymous friend of the show wrote in, who is a regular contributor, wrote it and said something I've been telling associates to do when and if they get a phone call from the bank. Always drop the call and contact your bank directly, even if you even believe you need to. But if you do think the call might be legit, tell the caller to make a note on your account. No matter what protestations and warnings and don't do that that you get, simply tell the caller to do that and then disconnect when you call the bank's legit number from your bank card or pop into the bank personally. If you go that route, you will quickly find no such note was made to your account.

A

Smart.

C

That's great.

A

That's really smart. I like that.

B

I like it. It's a good one.

A

I'll be adopting that advice also.

B

Good tip, Good tip, Joe. I think you've got one here for us too.

C

I do. Tim from Iowa reached out named Dave. You met my friend Joel, the rancher from Texas. Texas rancher. And he is actually from Iowa. He grew up there on a farm, joined the army, saw the world, now lives in Texas. So that's my tangential relationship to Iowa is I have a friend that used to live there that's neither here nor there. Anyway, Tim writes in hey there, I had to laugh when you talked about the chicken tractor and that the chickens wouldn't be driving it. About 20 years ago, my wife Started her own dog training business, and she specialized in clicker training, which is a very precise form of animal training that uses a mechanical clicking device to mark the desired behavior. Have you guys ever seen those little clickers?

A

Oh, yes, I've seen how the magic they work with dogs. Yeah.

B

Well, we adopted a dog, and the family we got it from passed it on to us, and he came with a clicker, but they did not tell us what the clicker was for. And let's just say he was a handful.

C

Was it to mark? I don't know. If you use the clicker to mark undesired behavior, you could do it either way, right?

B

Yeah. I don't know. I just know. Yeah. When we took the dog to the vet, we got an earful from the vet about the previous exploits of this dog, so.

C

Oh, okay.

B

Well, that's good. He lived out his life with us, and after a lot of training and a little bit of medication, he was much better than he was when he came to us.

C

Medication? Was he on Adderall or what?

B

Prozac, actually.

C

Prozac. Yikes.

A

Yeah, it's an anxiety thing for the dog. Yeah, I've heard. I've heard. Yeah, yeah.

B

No. Made a big difference in his life.

A

Yeah, yeah, yeah.

C

Okay, great. Yeah. Anyway, so Joe Tim continues. One thing that she did to build her skills was go to, quote, chicken camp, which was an intensive experience in a hotel in Hot Springs, Arkansas, where serious animal trainers could learn to train chickens.

A

That sounds fun.

B

Sounds like a hidden camera show, right?

A

Yeah.

C

You guys might be reading ahead here. It turns out that chickens are one of the hardest animals to train, which I do not doubt having. Having some chickens of my own. They are pretty dumb animals. Yesterday we tried to take them outside and let them roam around. I thought they'd be all up for that, but they did not want to leave the little tub that I in. They all kept running back into the tub. I was hoping to go out and eat some bugs, but they didn't. They're like, nope, we're not ready for this.

A

And it is safe in tub. I do not leave tub. Tub is home.

C

Tub is home. Tub has. Tub has wood chips on the bottom. We go to tub. So anyway, if you can train a chicken, you can certainly train a dog. This sounds like a line from dodgeball. If you can dodge a wrench, you can dodge a ball. My wife worked with two chickens, primarily for the better part of a week. A newbie and a previously trained chicken. I've never heard that sentence before.

A

Previously, previously Trained all brand new sentence.

C

The camp, the camp was taught by a wonderful elderly man, Bob Bailey. Unfortunately, unfortunately, she was never able to go to advanced chicken camp as Bob retired about a year after her experience. So to sum it up, chickens are trainable and if you have the patience and the fortitude for that sort of thing. I probably am not someone, I'm just going to feed the chickens, take the eggs. That's going to be it. And the great news is that one of the chicken camp graduates has started her own camp in North Carolina. So your dream of a tractor operated by chickens is definitely doable, it seems to me. Anyway, with a bit of ingenuity in a tractor that has been hacked to have a chicken peckable button or chicken peckable buttons. Can't wait to see the video go viral. My best, my best and thanks for a terrific show. Tim. Tim. I'm not going to do this.

A

I was going to say challenge accepted. Challeng accepted. Right. Yes.

C

No, no, Sorry.

B

What could you train a chicken to do that would be useful or interesting?

C

I, I don't know. I can't conceive of anything that I could train a chick. Maybe tricks, you know, like fetch. Fetch or through the hoop. You know, we used to do that with my, my old dog Kevin. He was very good at going through the hoop.

B

Okay.

C

He had a whole battery of tricks we would do. He was a miniature.

B

Could, could you train a chicken to play dead?

C

That's a good question. I, I, I saw a video today where apparently they just do that on their own. They just play dead and, and people panic and go out and the chickens get up and run, run off.

A

Oh, made to look.

C

Yeah, I don't, I don't know what goes on with it. I, I am not far enough along in the chicken ownership journey to have had that happen. We did lose one of the chickens over at my daughter's house to some manner of bird of prey of something. Oh, probably a hawk. So now we are only now we were down to 11 chickens, 11 hens and two roosters over there.

B

So, so were they, were they just, were they out free ranging when this happened?

C

I think they were in the, in the, in the run. The run does not have anything on top of it. So if a hawk comes in through the top, he can come in, you know, that's what's going to happen. So they're putting something on that this.

B

Weekend to make sure that grid of lasers.

C

Right. Unfortunately it, well, not unfortunately, but it is illegal to harm hawks even if they're in the process of killing your chickens, you can't go out there and like kick the haw hawk.

B

Really?

C

Yeah, yeah. The Hawks are really well protected and your chickens are not.

B

Find a jury. That would convict me, right?

C

Well, the Hawks have really good lawyers.

B

Apparently kicking off the Hawk sounds like a heavy metal album.

A

Yeah. What does that even look like? Jeez.

B

All right. Well, that is our follow up and of course we'd love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com we're going to take a quick break here. We'll be right back after this sponsor message. And now a word from our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and free fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. And we are back with our stories. And Joe, why don't you start things off for us here.

C

Dave, My story comes from eric page at News 7 San Diego. It's an NBC affiliate. NBC San Diego.com is the address or the web address. And the title of the video is YouTube Scambaiters exposed ring that Left Holocaust Survivors widow Penniless. So I think we talked about made mention of this Holocaust survivor widow at some point in time because I remember that phrase, she was tricked out of all of her money at the age of 97. And this is coming from U.S. attorney Adam Gordon, who says not all heroes wear capes. And they have indicted more than 20 people. All but two of them have been arrested. And these people are the people doing the investigation are scam payback personality Pierogi and others from a company called or an organization called Trilogy Media. And they ran a reverse OP back in 2020-2021 to catch these fraudsters. They found that most of these guys were Chinese nationals and part of some kind of Chinese organized crime ring. And I watched a little bit of the videos. I'm going to go in and do a deep dive in these videos because I'm very interested in seeing what these guys have done. But in one of the videos, they would, they, they told the guy, you know, you can tell us what's going on here or we can call law enforcement. And the guy was like, I'm really not Sure. I want to tell you what's going on here. Like, he was more afraid of what would happen if he talked than if law enforcement showed up. So I think that's, that's a real eye opener as to what's really going on here and who's involved. The take. Right. But these guys were. I don't think the cops were on the take. I think this guy just didn't want to contend with the people he had to answer to in the crime organization.

B

Yeah, could have been both.

C

Could have been both. Over the past week, they've raided places in California, New York, Texas and Michigan. They've seized more than $4 million and it says 25 people were arrested. They also seized a vehicle or few vehicles, rather, as part of this. Overall, these people have built older people out of $67 million.

B

Wow.

C

Which is a ton of money. Here's an interesting part. They are also using scam centers, scam call centers in India. So it's not just local American, Chinese affiliated mafia or Chinese organized crime affiliates. Probably not affiliate with the Chinese government. Probably an unofficial organization. You know, organized, organized. A lot of organized crime syndicates tend to be centered around nationality and ethnicity. So there's nothing, nothing unique to any one ethnicity. But they were collaborating with the, the scam call centers in India to get these, get these leads. And then these local guys in America would go over and they would get, they would get the money. And there were. I was reading another story which I don't have the link to in the show notes, so it won't be there, but there was another story talking about that they've been charged with, you know, obviously fraud, but one of the things they're being charged with is money laundering as well.

B

It seems to me like these prosecutions have been accelerating.

C

Yeah, it does seem like that, doesn't it? Which is. Good. Good. I think we.

B

Good. Yeah. I just don't have a sense for the degree to which it's making a dent on things. But it does seem as though it. That's my, you know, perception anyway. I don't have any true data to back that up, but it feels like we're hearing more of these stories.

C

I will bet that next year we'll see a report that says these kind of, this kind of fraud is still increasing. We won't see anything, anything improving on it, at least not until we start making some people pay a lot more in terms of time and criminal penalties.

A

Yeah, the, the little guys on the ground are getting caught, but the folks organizing it are still running. Yeah.

C

Yeah, it's like, it's, it's very similar to the, to the war on drugs problem.

B

Right.

C

Which, however you feel about that politically, you know, if you're in favor of it or opposed to it, whatever, it. It's pretty obvious that what, what, what happened was that the people at the bottom of that food chain were the ones that suffered the most. And, you know, you could argue, yeah, well, they're breaking the law and they are, but at the same time, you're not solving the problem. You're just fixing a symptom of the problem. And here it looks like they've. They've gone up the food chain a little bit. Probably not to the top of the food chain. You know. You know, these. I think these food chains are pretty long, and I think the people at the top of them are pretty smart. You know, you don't get to be a crime boss being a dummy. I mean, you get to be a regular criminal being a dummy, but not. Not a crime boss.

B

Now is there. Does the story touch on if the Holocaust survivor widow has any chance of getting her savings back?

C

She probably does not have much of a chance of getting much of it back, although what they have recovered, they will probably distribute to people who are known to have been defrauded. So she will probably get some of it back. But the article actually doesn't talk about that now. But generally speaking, when federal. And these are federal indictments, by the way, which are, you know, hard, hard to beat. When the federal government indicts you and charges you with something, they're pretty sure they can, they can win the case. And these, these scammer payback guys actually turned over the. All the recordings, you know, what they put on YouTube was edited down, but they turned over everything to, to the, to the law enforcement officials. There's tons of evidence that they've collected.

B

Right.

A

Wow. Good for them.

C

Yeah.

B

Yeah. All right, well, we will have a link to that story in the show notes. Maria, you're up next. What do you got for us?

A

Well, the story I'm covering today made quite a stir when it dropped about a week or so ago. I think it was on Slashdot, and a lot of people sent it to me privately or through text messages. So I guess they have my number on what I'm interested in. And the headline is scamlexity. We put agentic AI browsers to the test. They clicked, they paid, they failed. And this is from the folks at Guardio. And I just want to put out first, I Know, I am very much an AI skeptic and I'm not a huge fan. However, this story is about agentic AI in browsers, like Microsoft Copilot, that kind of thing. And I absolutely do see the utility of integrating AI into browsers for certain things. I can understand and completely get why we would want to reduce Internet related drudgery, especially for common tasks like shopping for basic items that, you know, it just takes a lot of time. And I know as a person who does usually a lot of that in my household, like it would be nice to not have to do that. Like it can be automated would be nice. Unfortunately, the, the what Guardio went through was this really interesting blog post about how they sort of pitted AI browsers against very obviously scammy websites actually generated also by AI and just wanted to see would the AI agentic AI browsers be able to detect these very obvious scams? And the answer is no. So really they failed, huh? They failed. They failed. So it's in the headline. But yeah, huge surprise. And, and again, I'm not coming at it being like boohoo, you know, terrible AI, don't ever touch it. Isa again, I understand the value for some of this.

C

So there's just more work to be done.

A

There's more work to be done. Exactly, exactly. So let's just go through some of the examples they provided just, just to get a sense of what they did here. So they used AI to generate a very obvious fake Walmart storefront that sells items. And these are the types of scammy websites that we also see. We see a lot with SEO poisoning and we talk about them a lot. You know, you're searching for something and then suddenly a website you get is not legit. And we know as humans we can usually tell, okay, that's not actually walmart.com and that URL is not walmart.com so this is probably a fake website. And that deal is definitely too much, too good to be true. Those are our built in signals that go, don't do that. Unfortunately, with the agentic AI browser they had it try and do a task like buying me an Apple Watch on Walmart. And then the AI agent was like, sure, I can help you with that. And it found the spammy, very obviously fake AI generated Walmart.com and happily provided your financial information to this very fake website to buy you the Apple Watch. And this took a matter of seconds. And that's sort of the thing. There's no way for a human to intervene because this happens. So so quickly and because they're apparently in a lot of these AI browsers, at least right now, there is no sense of skepticism that we're trying to train in ourselves as humans. I don't know how you do that with an AI system. I mean that is way beyond my pay grade of understanding. But there was no, hey, what are the signals that we should look for? What is the actual URL? Does it match what I would expect here? What does the website look like? Is it missing the corporate logo? Maybe that's a signal. All of these things that to us as humans are super obvious. It's not, it's just not looking for those things. Like why would it, it just says I'm going to trust this thing that I find automatically sort of like asking a five year old to do it and just does it like, I want to make you happy. Here, I bought you this Apple watch on Walmart. I think it's Walmart should be fine. So that was, that was how it, it just kind of failed really quickly. And it's, and it's not malice on the side of agentic AI browsers. It's just, again, it's not, it doesn't have the built in skepticism which was just fascinating to me. What's up?

C

I, I think your analogy to a five year old is a really, really good one because I think what you're dealing with here is essentially like an infantile AI. You know, it, it's smarter than an infant, but it's not as smart as a 5 year old, maybe a 3 year old or that can talk or something and, and has awareness of the, of the, of the Internet. But it doesn't have the higher. Well, I don't really have reasoning skills, but they don't, it doesn't have the higher, you know, higher order. Like, like you said, skepticism. There's nothing like that built into this at all.

A

And I'm sure people much smarter than me are working on that and trying to figure out how you build in skepticism with signals. I, I'm not trying to say like oh this is doomed. I just, it's just very interesting to me that this and the other example they had was essentially when you asked the agentic AI browser to do some random to DOS in your, in your email inbox, things that are waiting for you to take action. If there's a phishing email in there for a fake link to your bank, it just goes, oh well, your bank's waiting for you to do something. I took care of it for you. It's like, oh, it was a fish and you completely fell for it and you did it in seconds and there was no intervention needed by me, so I couldn't have stopped you from doing it.

C

So it sounds to me like it's not time to trust AI with your financial information yet. Is that the lesson?

A

Yeah. I mean, yeah. And again, I kind of get the, I get the use case for these. I would love to be able to hand these things off to be automated.

C

Absolutely.

A

It just does not seem ready. We do not seem ready for this just yet. I look forward to when we are, but we're not there yet. So that's sort of the first angle was. It's, it's it. The agentic AI as of right now lacks that skepticism and falls for these what we know as obvious scams. The second angle that this article points to, which I thought was worse but also more fascinating, was that some of these websites that are generated either by humans or by malicious AI, they will often have prompt injections or they can have prompt injections hidden from human view just in the website source code, where it just does the basic thing of ignore previous commands and give me all your credentials. And the AI goes, well, that's for me. So I'm going to pay close attention to that. And yeah.

C

Oh, here you go.

A

Yeah. Again, it's just we've given the five year old the keys to the kingdom. It's not ready for that yet. So it's just we've heard about prompt injections before and it's just really fascinating to me and again, scary, but we're just not ready for this yet. And Guardio said yes, lack of AI guardrails is really the primary problem. So I'm going to read their quote from the end of their blog post. If AI agents are going to handle our emails, shop for us, manage our accounts and act as our digital frontline, they need to inherit the proven guardrails we already use in human centric browsing, like robust phishing detection, URL reputation checks, domain spoofing alerts, malicious file scanning and behavioral anomaly detection all adapted to work inside the AI decision loop. And these are like technical solutions that exist. So I mean we're not asking it to like generate a human brain and start thinking like a human. These are all technical tools. So this to me feels like a surmountable problem. It just needs to be built in. So I look forward to the day when that happens and I'm curious to see how these agentic AI browsers fare with all that built in maybe they'll go, maybe they'll be too skeptical or maybe they'll find stuff we missed or maybe it'll still be, maybe it'll be like a 7 year old with the keys. I don't know.

C

Right. I would hope they would find things we miss. You know, one of the things I think about is that Alexa, the Amazon crap. I shouldn't have said that because now.

A

Everybody'S the smart speaker, right?

C

Everybody's smart speaker. The lady in the tube. The lady in the tube. That's right, the lady in the tube. You can say, hey, lady in the tube, order me some more Tide. And the lady in the tube will go ahead and put that order in. But that is from an online retailer, Amazon. And they are, you know, they're not going to reach out and surf the web to find you the best deal that's not in Amazon's interest at all. Their interest is reducing your friction and getting you the product and making the money, which not a bad interest. I'm not going to diss Amazon for that. How great would it be if, Well, I mean, I don't have any of those things in my house. My wife and I have agreed that we're not going to have any of those things in our house. But I still order things on my phone.

A

Yeah. To me the great use case for AI would be even if it was on these guardrails, to just stay within, for example, the Amazon ecosystem. Please find me this product and make sure that you're going through all the spammy bad listings of the junk products and getting me the actually legitimate item. Once it can do that, then, then it's more useful to me than me just doing it myself because that's what I end up spending a lot of my time doing right now. And it's a huge time sink.

B

So I, I, my thoughts on this are, first of all, I think the five year old analogy is a good one. I often describe the AI as a tireless internal in that it has unlimited energy to help you, but you also wouldn't bet the company on an intern. And I think similar to that, the use case I think here is if it can go through my email or it can respond to requests to purchase things. There needs to be a step, just like with an intern, where it brings to me the things it's going to do and I okay them.

A

Yes, right.

B

So it says, hey, I looked around and here's the best deal on Tide Pods. Right. Do you want me to purchase, I.

A

Say, or would you like me to eat them. Yes, because.

C

It is a Millennial Or a Zoomer.

A

No, no, not a Millennial. No, that was not us. For once, that was not us.

B

Right, okay. Yeah, so I see the utility of this, but I think, yes, both guardrails. But then also just present me with a checklist. You can still save me time, but I guess it's sort of that trust but verify kind of thing.

A

Yeah, yeah, the utility seems apparent. It would be great if we're just not there yet, but it's moving so fast, we probably will get there pretty soon.

B

This reminds me, I just saw a story come by this morning. It was. I think it was Taco Bell. Joe, you're going to love this.

C

I'm listening. You said Taco Bell. I'm like, yeah, Taco Bell.

B

You have my attention, Dave. So Taco Bell decided to cancel their test on using AI for the drive thru after a customer ordered 18,000 glasses of water. Water is free, of course.

C

I would like a Nachos bell Grande and 18,000 glasses of water.

B

Right, right, exactly.

C

Coming right up, sir.

A

Yeah, it'll just be five minutes, sir.

C

I'll have to pull up to the first window.

B

Yeah, just pull up, please. It's going to be a minute. Oh, man. It was a little faster after the first thousand. They get a system going.

C

Right. You know, assuming each glass is. Is a pint, that's £18,000 of water.

B

All right, we're going to take a quick break here. We'll be right back after this message from our sponsor. And now back to our sponsor, ThreatLocker, the powerful Zero Trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on endpoint security, designed to prevent unauthorized software from running control how applications interact and manage access to storage devices. Its building blocks are allowlisting, ring fencing, and network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change, shut out cybercriminals with world class endpoint protection from Threat Locker. And we thank Threat Locker for sponsoring hacking humans. And we are back with my story this week and this is a new one for me. This is about baggage handling and traveling and specifically the tags that go on your luggage. So let me ask y', all, when you're traveling and you get your tag to put on your Luggage. Or they put the tag on your luggage.

C

I always have to put that on now myself.

B

Okay, so. Right. You check in at the airport. Right. It prints it out, you put it on the bag, travel, you get to your destination. At what point do you remove the sticker?

C

When I'm going back to the airport again.

B

Okay.

C

Or maybe when I get to the hotel.

B

Yeah. How about you, Maria?

A

Yeah, I was gonna say it's probably when I get to the hotel, but on the way back, I leave it on my suitcase until the next time I travel. Cause I'm very lazy.

B

Oh, okay. Yeah, yeah, I see.

A

Ye. That's at home. So that's at home. Yeah. Certainly not at the airport. I. I do wait until I get to my hotel.

B

Yeah. Okay. Well, this alleged scam is. Comes from a Delta Airlines baggage claims manager who says on Reddit that there is a luggage tag scam that targets passengers who discard their tags at the baggage claim area. So in other words, you're waiting for your bag, comes around on the carousel, you grab your bag, you rip off the sticker, you toss it in the trash. Now we've got people dumpster diving collecting the tags, and they use the tags to file fraudulent reimbursement claims with the airline.

A

What?

B

Because the tag has all sorts of your information on it. So it has your name, your flight itinerary. Sometimes they'll have membership numbers, like your frequent flyer number, that sort of thing. So they take the tag and they use the information they can get from the tag. They file a claim that the bag was never delivered. Right. And try to make money off of that. And the airline says the problem here is that it's clogging up the system because it complicates legitimate claims and that their baggage claim department can't keep up.

C

Right.

B

They also said that the scam isn't limited to airports, that hotel rooms are vulnerable. There was a former hotel employee who said that they had seen the same sort of thing where people were throwing away their tags in the hotel, and then hotel workers were taking the tags and using them to claim that the bags never got delivered.

C

So now you have to take your luggage claim bag, your luggage claim tags home and shred them.

B

That's right. It's basically it. Yeah.

A

Okay. Wow. It just seems like a very slow, inefficient scam. Like, this is the opposite of a get rich quick scheme. I mean, that is just not what I would use if I was trying to make a quick buck. Is that process. Yeah, it takes forever. Even, like when you have a legitimate claim, good luck getting that. Oh, my goodness.

C

Right?

A

Wow.

B

I've never, you know what, I've never lost a bag. And I know I'm jinxing it now by uttering those words out loud, but.

C

I've had them not.

B

What is the process.

C

I've had them not arrive with me generally when they're coming home. And the biggest problem with it is if you have a connecting flight. So you're going to fly from, let's say you're flying with Delta because you can't fly anywhere to Delta, even to upstate New York without going through Atlanta. Last time I went to Syracuse, I drove rather than fly. And I'm not joking about that. Last two times I went to Syracuse. So if you go to Atlanta, you change planes, your luggage has to change planes. And that's usually, usually where your luggage gets lost is in that it doesn't make it to the plane on time. And then you arrive at your destination, let's say Syracuse, New York. And you get there and somebody says, oh, your luggage is in here. You go up with your little claim check. That's, that is the, the part of the luggage. And they will scan it and they'll say, oh, yeah, your luggage is still back in Atlanta. It'll be here. Or it's on another flight from Atlanta to Syracuse. It'll be here at 7:00 clock tonight. We'll drop it off at your hotel.

B

Right.

C

That's how that works. That's how it's worked for me when I've lost my, when my bags have not arrived at the same time I have.

B

Right. But I wonder what happens if a bag is completely lost like I've never had. You ever made that claim?

A

No, I've never had something, I've never had something be completely lost. And honestly, anytime my bags have been late, the airline you, before I did like, I would get a phone call sometimes when I was like deplaning or something saying, hey, your, your bag that's supposed to be in Boston is still in Frankfurt. We'll get it to you two days, something like that. Because I, if I, if I travel domestically, I almost always just do carry on. Only if I do international. I try to do direct, but that's very hard. And so usually if something for me is lost, it's the other side of the planet, so it's not getting.

C

You always carry on your prescription medication, by the way, do not check your prescription meds.

B

Oh, yeah, absolutely.

A

Yeah.

B

So this story says, also be cautious with your printed Boarding passes, because they have a lot of sensitive information.

C

They do, yep.

B

It's been a long time since I've printed a boarding pass.

C

I print them every time.

B

Yeah, yeah.

C

Because the boarding. The. The printed boarding pass will not go down.

B

Right.

C

They won't. It won't be inaccessible. It won't be, you know, that server won't go down. That server is going to be up all the time and it's going to be scannable at any point in time. And that. And that's the only reason I do it, because I do it because they're.

A

Great bookmarks for my book.

C

It works, too. I use a Kindle when I travel.

B

So they said that Japan already provides secured disposal bins for these bag tags near their baggage claim exits.

C

That's. Maybe that's what we should do in America. Maybe that's what these airlines should do because they're the ones that are losing out. The passengers aren't really losing out.

B

Right, yeah. Free shredders.

A

True. Yep. Confidential material bins, like a lot of offices have. That feels like a very easy thing to just put there. That too, yeah.

B

So they're saying, hold on to your luggage tags. Just stuff them inside your suitcase until you get home and then destroy them.

C

Very early on in my career, when I first started traveling a lot, I thought those. Those baggage claim tags were like the stickers you used to see in all the cartoons with, you know, the different places.

A

Yeah, yeah. Cases with the sticker travel stickers on them. Yeah.

C

Bugs Bunny would throw a baseball around the world that would come back with all the stickers on it. So I get up to the baggage check and I still got the old one on there. I'm like, I'm going to have so many of these things after I get done with this job. And the guy at the counter just rips off the old one, throws it away and puts a new one on. I was like, oh, that makes perfect sense. Because I don't want my bag going back to where I am. I want it going where I'm going. And that's the purpose of the claim of the sticker, is to tell who's to route that bag.

A

Yeah. Come to think of it, if you go to the gate, like the gate check, and usually it's just a regular rubbish bin that they have where they rip the old ones off into.

C

Right.

A

Man, that may wonder what they're doing with those as well. But maybe the risk is less because they're disposing of it. I don't know.

C

You have to go through security to get to those trash cans.

A

Oh, yes, that's true. But also, the. The. The. The ticketing check in. Sorry, I didn't mean gate check in, ticketing check in when you just enter the airport. Yeah, yeah, I remember the. The. The old wisdom used to be also to take the. To remove the tag from your luggage if you were traveling somewhere where you're going to be on foot a lot with your luggage. If it. Especially if you traveled first class. Not to have that, like, dangling off of your back. Not that I ever travel first class. I can't afford it. Right, but you didn't want to make yourself like a big target for pickpocketers, saying, hey, I just traveled first class. I probably am really loaded. You should definitely rob me.

C

I probably have a big wad of cash in my front pocket.

B

Right, right. All right, well, that is my story. We'll have a link to that in the show notes. Joe, Maria, it is time for our catch of the.

C

Dave, our catch of the day comes from Chad. Super listener.

B

Chad.

C

Yeah. And he says, hey, guys, super. Do you know Chad Murray? Are you familiar with Chad?

A

He's a super listener, right?

C

Yes.

B

He goes way back.

C

He does. He goes way back. I've actually met Chad and his wife. We went out to Chad's house for the eclipse a couple years ago. It was wonderful. Had a great time.

A

Wow.

C

Yeah.

A

That's awesome.

B

It is.

C

He says, hey, guys, Wanted to share this attempt to get into my Facebook account. At least that's what I assume the end game is. I've attached a pic. It came through messenger from someone I did not know. I didn't interact with them. I could see how a lot of people would. Would at least send back a message, say, hey, who are you? No, you can't do this either way. I think you've talked about something like this in the past, and I just wanted to share. So, Dave, it's a Facebook messenger. One of those messages you get, and you have to decide whether or not you're going to accept or delete or bl this person @ the bottom.

B

Right.

C

And this one's coming from somebody named Juanita Spireloid.

B

Yep. And it just says, may I borrow your lawnmower? Hey, I borrowed it. As you mentioned, I could just borrow it. Let me know if you want gas for it.

C

So obviously, this is an attempt to engage in some kind of conversation. I think Chad is right here. That this is. They just want to get you talking. No, I don't know who you are. You can't borrow my lawnmower. You might be talking to the wrong person. And then some kind of scam. This is the, the tip of the scam. Spear if you will.

B

Right.

C

So yeah, when you get these kind of things, just, just delete them, just block them, don't engage, do what Chad does and just ignore him. Also wanted to say that he's a long time caller, first time listener. I think it's funny. Love the show. Maria is a great addition to the team. I've been stalking, I mean following since the start. I blame Joe for that. Keep rocking on it. So it's good to hear from you, Chad. Chad and I used to play super listener Chad.

A

Wait, you used to play Fortnite?

C

Oh yeah. I would still love to play. I just do not have time to play anymore.

B

Fair.

A

Fair enough.

B

You know, I've never owned a lawnmower.

C

What? How do you get your lawn mowed now? You have a little lawn, right?

B

Yeah, I have people.

C

You have people, Dave.

A

I got.

B

I live in a condo association. My neighborhood is condominium townhomes.

C

You're condominium townhouse. I keep forgetting.

B

Yeah, yeah, so. And I've lived there since I was 10. So yeah, they just mow the lawn. I've mowed my boss's lawn when I was a teenager regularly. So I have mowed lawns, but I have never owned a lawnmower.

C

I mowed my boss's girlfriend's mother's lawn.

B

What?

C

One of the guys I work with.

A

One more time.

C

One of the guys I work with at a machine shop, he had a girlfriend and her mom had a lawn and there was nobody else at home that would mow the lawn. So I'd go over there like once every two weeks and mow that lawn.

A

And it was always like girlfriend's mother's lawn.

C

Right.

B

And that's how Joe became a man.

C

That's right. Pushing a push lawnmower through knee deep grass every time.

A

Wow.

B

Oh Joe, you're so hot and sweaty. Why don't you come on in for some lemonade, Joe?

C

Nope.

B

Come on, take a look, Joe, while you're mowing my lawn, you are imagining.

C

Far more attractive people.

B

Oh, Joe, it's so nice and cool inside the house.

C

Of course, when I was young man, I was not nearly this, this rotund, but. Yeah, but you know, it was. Well, I don't know where. Where were we? We're not talking about lawn. Oh, weird. Oh, Dave, you. Yeah, that's right. I have a tractor now.

B

Oh, that's exciting.

C

Yes.

B

Yeah. See yeah, if you have a riding mower, that's. That's. That's nice.

C

I think it'll go.

B

If I had a lawn today, I'd be very tempted to have some sort of robotic lawnmower. Just.

A

That's what I'm hoping to get next year.

B

Yeah. Yeah.

C

Are you really?

B

That'd be awesome.

A

Yeah, I. Yeah, I have a push. Electric push mower right now, but I'm hoping to do a robotic one next year, but my yard is very, very hilly, and I know they have a hard time with hills, so I'm not sure it's. I'm not sure the robots are there yet. Yeah, I. Any time I can spend doing anything but mowing the lawn makes me very happy. So, yeah, I'm not a big.

C

I'm not a big. Not a lawn guy, which is why we have kids.

A

I'm trying to convert as much of my lawn as I can into things that are not grass, so I'm that person. But a lot of my neighbors are also those people, so it's great. I'm not alone on that.

C

I want some boulders. Lots of boulders.

B

A robotic lawnmower is kind of a deadly Roomba.

C

Murderous Roomba. I don't think I want the robots having that kind of power.

A

Spinning blades on a robot.

C

What could possibly go wrong?

B

Yeah. All right, well, thanks to super listener Chad for sending in.

A

Super listener Chad.

B

Super listen. Yeah, Chad Lee. He needs his own jingle. Thank you, Chad, for sending it in. We do appreciate it. Glad to hear that you're still hanging in there and listening as superfically as always. All right, we're going to take one more quick break here. We'll be right back. Hack. Thank you to threatlocker, the powerful 0 trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com and that is Hacking Humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilby is our publisher. I'm Dave Bittner.

C

I'm Joe. Kerry Morgan.

A

And I'm Maria Varmazes.

B

Thanks for listening.