You get a million dollars, and you get a million dollars! - Hacking Humans

Summary5 min read

Hacking Humans: Episode Summary - "You get a million dollars, and you get a million dollars!"

Podcast Information:

Title: Hacking Humans
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cybercrime.
Episode: You get a million dollars, and you get a million dollars!
Release Date: April 10, 2025

Introduction

In this episode of Hacking Humans, Maria Varmazis and Joe Kerrigan delve into various social engineering scams affecting individuals and organizations. The discussion spans listener feedback, in-depth analysis of sophisticated scams like "pig butchering," and persistent scams targeting the elderly, such as the Publisher's Clearinghouse (PCH) fraud.

Listener Feedback & Discussions

1. Fake Gold Bar Sting Operations

Listener Input:
- Justin suggested an "easy sting operation" to verify genuine gold purchases by proposing sending painted lead bars with embedded trackers:
  
  "Give the courier gold painted lead bars and one of them has a tracker or just throw an AirTag in and see where it goes." [02:00]
Hosts' Discussion:
- Joe Kerrigan analyzed the feasibility, noting lead's density could mimic gold's weight with the addition of other materials:
  
  "I'm pretty sure lead is actually heavier than gold. So you can make a lead thing that has some other mass in the middle that is not lead..." [02:02]
- Maria Varmazis cautioned about potential issues with signal blocking due to lead's properties:
  
  "Would that cause issues if it's a, you know, a blocking agent?" [02:48]
- Joe concurred, emphasizing the need for antenna accessibility within the lead bar:
  
  "You'd have to make sure the antenna has a way to go out of the bar." [02:55]

2. E-Z Pass Scam Messages

Listener Input:
- Jim Gilchrist shared his experience receiving fraudulent E-Z Pass communications, highlighting the misuse of transponder information:
  
  "I called because I was certain that my transponder had been in place on the inside of my windshield for the trips in question." [04:12]
Hosts' Discussion:
- Joe detailed the scam's mechanics, where scammers cross-reference transponder data to threaten victims with fines unless they address alleged unpaid tolls:
  
  "The cost to run such a scam is low... so ripe for a shotgun approach." [06:11]
- Maria reflected on the arbitrary nature of these messages, noting the lack of correlation with actual toll activities:
  
  "There's absolutely no correlation. It's just shotgun approach." [08:27]

Main Story: FBI Cracks "Pig Butchering" Scam on Dating Sites

Overview of the Scam:

Definition: "Pig butchering" is a hybrid of romance and cryptocurrency scams where perpetrators build fake relationships with victims to extract large sums of money under the guise of crypto investments.
Key Details:
- Joe Kerrigan explained the scam's progression from building trust to encouraging substantial crypto investments:
  
  "They love bomb you... they try to build this false rapport." [10:00]
- Victims are lured into investing in cryptocurrencies with the promise of high returns, only to have funds disappear as scammers halt withdrawals:
  
  "Once you have the large amount of money... that's when they start, you know, they will try to get you to put as much money in there as possible." [15:00]

FBI Intervention:

The FBI's Cleveland field office traced and seized $8.2 million in cryptocurrency linked to these scams by tracking funds through three specific wallet addresses despite scammers' efforts to obfuscate transactions through tumblers and multiple blockchains.
A notable victim, a Maryland woman, lost over $3 million—a staggering amount that underscores the scam's severity:

"She is telling a story, which is good for you, too. So thank you to this woman." [12:03]

Discussion on Impact and Financial Literacy:

Maria Varmazis pondered the factors contributing to such massive financial losses, attributing it to deceptive websites, social engineering, and a lack of financial literacy:

"It's a combination of so many bad, bad elements at once." [17:02]
Joe Kerrigan emphasized the importance of personal financial management and diversification to mitigate such risks:

"Remember, if you're going to invest in crypto, that's fine, but don't do it with money you can't afford to lose." [18:56]

Additional Story: Publisher's Clearinghouse (PCH) Scams

Overview of the Scam:

In late March, four individuals were indicted for orchestrating PCH scams targeting elderly victims across the United States. These scammers falsely claimed that victims had won Sweepstakes prizes, requesting upfront payments for taxes and fees to release the supposed winnings.
Maria Varmazis reflected on the persistence and targeting strategy of PCH scams, noting their continued prevalence despite their somewhat outdated methodology:

"The fact that this scam still persists is almost explicitly, by design, targeting the elderly." [27:23]

Discussion on Awareness and Vulnerability:

Joe Kerrigan and Maria discussed the cultural disconnect, where younger generations might not recognize PCH scams, yet scammers continue to exploit the elderly who remember when PCH was a household name:

"It's self-selected to target the elderly to begin with." [27:40]
The hosts underscored the critical role of financial literacy and awareness in preventing such scams, advocating for better education and support mechanisms for vulnerable populations.

Catch of the Day: Elon Musk Scam Message

Description of the Scam:

A listener, Cultwitch13 from Reddit, received a fraudulent text claiming to be from "Elon Musk Tesla," notifying her of a $500,000 beneficiary award to help pay off debts, urging immediate response via text to a provided number:

"Hello, Good day. This is Elon Musk Tesla... Congratulations to you once again." [30:16]

Hosts' Analysis:

Joe Kerrigan analyzed the scam's mechanics, highlighting the misuse of high-profile names to lend credibility and entice victims into advanced fee fraud:

"It's really great to realize this is a scam when you've lost zero dollars." [34:04]
Maria Varmazis connected such scams to broader social engineering tactics, emphasizing the importance of skepticism and verification when approached with unsolicited financial offers.

Conclusion

This episode of Hacking Humans sheds light on the evolving landscape of social engineering scams, from sophisticated cryptocurrency frauds to persistent elderly-targeted schemes. Hosts Maria Varmazis and Joe Kerrigan emphasize the critical need for increased financial literacy, awareness, and skepticism to safeguard against these deceptive practices. By dissecting real-life examples and discussing listener experiences, the episode provides valuable insights into recognizing and preventing various types of cybercriminal exploits.

Notable Quotes:

Maria Varmazis on PCH scams targeting the elderly:

"The fact that this scam still persists is almost explicitly, by design, targeting the elderly." [27:23]
Joe Kerrigan on the importance of not investing more than one can afford to lose:

"Remember, if you're going to invest in crypto, that's fine, but don't do it with money you can't afford to lose." [18:56]
Discussion on the arbitrary nature of E-Z Pass scam messages:

"There's absolutely no correlation. It's just shotgun approach." [08:27]

Final Thoughts:

The episode underscores the multifaceted nature of modern scams and the indispensable role of education and vigilance in combating cybercrime. By sharing both listener experiences and expert analyses, Hacking Humans empowers its audience to recognize and thwart deceptive schemes effectively.

Loading summary

Transcript129 lines

[00:02]
Maria Varmazis
You're listening to the Cyberwire Network, powered by N2K. Hello, everybody, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Maria Varmazis, dusting off my Dave Bitten impression as he is out today. And with me is the one and only Joe Kerrigan.
[00:37]
Joe Kerrigan
Hello, Maria.
[00:39]
Maria Varmazis
Hello again, Joe. Okay, so first and foremost, I have Dave's permission to share this with everybody on why I'm filling in for him today. Many of our listeners are familiar with Dave's father, Bill Bittner. He has been sort of a character on our show and Dave has spoken about him many times. Sadly, Mr. Bittner passed away. So Dave is understandably, he's grieving and he's dealing with all the things that happen when your parent passes away. So our sincere condolences to Dave and I'm sure all of our listeners, our hearts are with him. So that's why I'm filling in for Dave today. Next. Sorry, I'm getting a little choked up. I'm actually going to be out next week. Not for a sad reason. I'm going to be at a conference. But yeah, I'm filling in for Dave because of his sad reason. So anyway, okay, let's move on to our listener follow up because we have a ton of listener feedback. You all have been emailing this a lot. Thank you for that, everybody. I'll start with this first item from our listener, Justin, who said you brought up an interesting point about how would the buyer of gold know that they are getting actual gold? And he wrote an easy sting operation. Seems like it would be to give the courier gold painted lead bars and one of them has a tracker or just throw an airtag in and see where it goes. Thanks for the podcast, Justin. I, I mean, I don't personally want to.
[02:00]
Joe Kerrigan
That's an excellent idea.
[02:03]
Maria Varmazis
I don't want somebody very angry showing up at my door. But if somebody wants to try that and wants to take on that risk, I'd be very curious to know where it goes.
[02:12]
Joe Kerrigan
Here's. Here's the thing. I'm pretty sure lead is actually heavier than gold. So you can make a lead thing that has some other mass in the middle that is not lead, that weighs, you know, so that the, the block weighs as much as a gold block of that volume would do. I'm convinced you can do that. So then it's just a Matter of. Of coating it in. In like maybe gold leaf or something so it looks like gold. But I think it would be pretty easy to embed a transmitter like that, like a, like a, like an air tag into it.
[02:49]
Maria Varmazis
I lead, though. Would that cause issues if it's a, you know, a blocking agent? Right.
[02:56]
Joe Kerrigan
Yeah, yeah, it's very. Yeah. You'd have to make sure the antenna has a way to go out of the. Of the bar or, you know, the L.L.
[03:03]
Maria Varmazis
Bean tote bag has the antenna in it. Something like that, Right? Something like that.
[03:10]
Joe Kerrigan
I think that's a good idea.
[03:12]
Maria Varmazis
Yeah. Why don't. If you want to try it, I would love to know what happens, but please be safe.
[03:17]
Joe Kerrigan
I'm not going to try because I don't want to smelt that much lead.
[03:20]
Maria Varmazis
Oh, that is the sole reason, right, Joseph?
[03:23]
Joe Kerrigan
Yeah, and I don't have that much lead alert, but.
[03:29]
Maria Varmazis
Well, hang on to that. We may need it.
[03:31]
Joe Kerrigan
Yes.
[03:32]
Maria Varmazis
Who knows? We also got some feedback from listener X ray Specs who said, hey, love the show, in response to the theory about scanning plates and running a Python script against data sets or similar. Not buying it. My wife and I get a couple of these emails a month and we don't own a car. Okay, so there you go. And then, Jill, why don't you do this last bit of feedback from our listener, Jim Gilchrist.
[03:55]
Joe Kerrigan
Jim says regarding Joe Carey's letter from the folks@e zpass discussed in the March 20 episode, in the dark ages before the dawn of transponderless E Z Pass, I received a similar letter to Joe's. Now, this is interesting because I don't know why. Maybe my transponder has gone bad. I still haven't taken the time to go and investigate why it's not working.
[04:15]
Maria Varmazis
I'm having the same problem, though, honestly. So, yeah, that's interesting, huh?
[04:21]
Joe Kerrigan
Because there was no tag recognition system for the tolls in place then. My letter threatened huge fines unless I paid immediately. Also, they threatened to flag renewal of his tags until he settled up.
[04:33]
Maria Varmazis
Hmm.
[04:34]
Joe Kerrigan
I'm going to read this. So I called because I was certain that my transponder had been in place on the inside of my windshield for the trips in question. The person on the other end of the call cross referenced my tags to my transponder, deduced that all tolls do, deducted all tolls due from the balance on my account, credited me with the penalty fees, and directed me to my local MVA branch, which is the Motor Vehicle Administration or the rmv. I don't know what that stands for dmv. Department of Motor Vehicles. The place where you register your car.
[05:06]
Maria Varmazis
Depends on your place where you register your car. It's different names depending on where you're at. Yeah. Yep.
[05:10]
Joe Kerrigan
But he was directed to go there to have his transponder tested. Unsurprisingly, it failed. And a few minutes later, I walked out with a new device. The EZ Pass Office is not part of a normal MVA system, so I was second in line to walk in, and the person who helped me was very helpful and friendly. No. So is he saying that when you go to the Easy Pass office, it's not the mva so they're helpful and friendly?
[05:32]
Maria Varmazis
Is that I'm a contrast, you know? Yeah. Okay, fair enough.
[05:38]
Joe Kerrigan
Because around here, if I have tag or title work, I go to the tag and the privately run tag and title company and pay the fee associated with that because just so I don't have to get abused by the people at the mva, because they're experts at it around here. Actually, to the county I've moved to, I haven't tried this MVA yet, but we'll see. We'll see what happens. I received several messages from numbers in the Philippines alleging unpaid tolls for trips in other M states like Maine and Massachusetts. Is. Is Jim a Maryland resident? Because he says.
[06:12]
Maria Varmazis
Yeah, I'm guessing he is, because up here in Mass, it's the rmv. At least it used to be the rmv. So MVA is not something I was familiar with.
[06:19]
Joe Kerrigan
So now MVA is a Maryland acronym. I don't know how. And he's definitely in using an EZ Pass, and that's the Maryland system, but I know the Easy Pass. Massachusetts, it's the Northeast, right?
[06:29]
Maria Varmazis
Yeah, yeah, yeah, It's. It's pretty much the Northeast. Yep.
[06:32]
Joe Kerrigan
Right. So anyways, he says he's received several messages from numbers in the Philippines alleging unpaid tolls for other M states like Maine and Massachusetts. I'm pretty sure there's no correlation between the messages and toll trips I've taken. The cost to run such a scam is low. That it is so low that it should be profitable with only a small response. So ripe for a shotgun approach.
[06:54]
Maria Varmazis
Agreed.
[06:56]
Joe Kerrigan
My response was to Google the country code and then use the report, spam and delete button at the end of the message. Thanks for the entertaining inform. Know there. There is a good set of evidence here that this is random, because I have now received another one as well.
[07:12]
Maria Varmazis
Oh, there you go.
[07:13]
Joe Kerrigan
And it was. It was a. On a phone. It's not associated with anything that I do personally. It's on my, the, my, my company phone. So they, they, they gave me an iPhone. I've talked about how much I, I don't like my iPhone. But it, I got a text on that that said, said, hey, you got some unpaid tolls. I'm like, nobody on this unpaid tolls, right? No, I don.
[07:36]
Maria Varmazis
Yeah, no, I'm, I find it really fascinating that a lot of people have been writing into us. Cause this is not even all the feedback that we've gotten. This is just some of it. Because I think a lot of people are getting these and I think a lot of us are having these conversations. I know I have been asking my friends because I'm one of the few people that actually lives where my cell phone area code actually is physically. So for me it's like, okay, it's gonna match. But most of my friends have moved all over the place. So up here in Mass, I've got friends who, you know, are from the West Coast, D.C. whatever. And yeah, they, I, I was just wondering when they're getting the spam, is it matching where they live or where their phone is registered? And it's usually there's, there's. And sometimes, as some of these writers have said, there's absolutely no correlation. It doesn't, it's for places they've never been. So, yeah, I think, I think people are on the right track here where it's just, it's just shotgun approach. Yeah. It's just nonsense. Yeah, yeah.
[08:28]
Joe Kerrigan
Maybe. Maybe the earlier parts were just coincidence where it seemed that they were timing up perfectly. Or the other option is there was somebody who is timing them up perfectly and had this great scam. But as soon as news got out, people were like, that's too much work. Let's just send out a bunch of spam text messages.
[08:44]
Maria Varmazis
If you are that person who is doing the too much work version, we would love to talk to you.
[08:49]
Joe Kerrigan
Right.
[08:50]
Maria Varmazis
You know, it's a much easier way to scam people.
[08:53]
Joe Kerrigan
Right.
[08:55]
Maria Varmazis
I honestly would love to be a fly on the wall for that conversation. Well, thank you for all of our listeners who have given us so much great feedback. Please keep it coming. We love hearing you and this is all great stuff. And if you're going to do a gold, gold bar sting operation, please be safe.
[09:11]
Joe Kerrigan
Right.
[09:12]
Maria Varmazis
We will be right back after this message from our show sponsor.
[09:23]
Sponsor Voice
And now a few thoughts from our sponsors at Threat Locker. The tactics used by cyber criminals are becoming more and more advanced every day. The shift From a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.
[09:50]
Maria Varmazis
Okay, so, Joe, you are up first today for our story. Regale me, please.
[09:56]
Joe Kerrigan
I will regale you with something. Regale me from Theo Berman at Newsweek. And here we go, regaling away. This. The headline of this story is FBI cracks pig butchering scam on dating sites. But it doesn't talk too much about the dating sites. What's interesting here is that the FBI has seized $8.2 million in cryptocurrency connected to what this article calls a complex international romance scam known as pig butchering. Now, we all are familiar with the term pig butchering, and if you're kind of new to the show, I will explain it to you. It is essentially the combination of a romance scam and a cryptocurrency scam. So you are on some dating site, you meet this person online. You probably will never meet them in person. They strike up a conversation. They do all the same romance scam stuff that everybody always does in a romance scam. They love bomb you. They plug you with compliments. They try to build this false rapport. And then they say, oh, by the way, I make my money being a crypto investor. And they send you a link to, you know, they show you, hey, look how much money I've made in crypto. And it could be millions. And then they will encourage you to put some money into crypto. And when you do put money into crypto, you will see reports that say your money is growing really, really fast, which then encourages you to put more money into it and more money into it. And there may even be a point at which you say, I'd like some of my money back. And they give it to you. That's usually a very small amount of money, but it's happened where I'll put in 100 bucks. And they say, hey, your 100 bucks grew to 200 bucks. Fine, give me the 200 bucks. Here's your 200 bucks. And you go, okay, well, let me try that again. I'll put that 200 bucks back in. And here's another thousand bucks. And then it just keeps growing from there.
[11:49]
Maria Varmazis
Yeah. Yep.
[11:50]
Joe Kerrigan
So people have lost tons of money in this. In fact, I have another link that will go in the show notes about a Maryland woman who lost over $3 million to a pig butchering scam.
[12:04]
Maria Varmazis
Oh, my God.
[12:05]
Joe Kerrigan
Sorry. It's a lot. WJZ is the station covering this. It's one of the Baltimore news stations and Mike Helgren has the story. We'll put a link in the show notes. They are disguising her voice in this so that you can't find her. Because unfortunately, when you come forward as someone who's been scammed, people will pile on you. They shouldn't do this, but they do. They pile on you, call you stupid. I mean, there was a poor Brad, the poor victim of the Brad Pitt scam, I think, in France, who. The stories had to get taken down. So kudos to her.
[12:42]
Maria Varmazis
Yeah, I. I was just going to say, I really. I wish that more news outlets would start doing this because even one of the first stories I did here on hacking humans, it was, I think, a piece in the cut and it. The woman, I think she said she got scammed out of like $50,000. I'm still seeing comments about that over a year later. People, you know, denigrating her and it's like, no, she did a really important service by telling us about what happened to her. Yeah. And also, victims get rescammed also, don't they, when they come forward?
[13:09]
Joe Kerrigan
They do, yeah. That's. It's sad, but that, that is what happens. Anyway, this Maryland woman also came forward. She said, I feel terrible about this. I've lost so much money. I don't know if this is her life savings or not, but $3 million, I can't imagine that not being. And she is telling a story, which. Good for you, too. So thank you to this woman. I don't know who you are, and thank you to WJZ for keeping her anonymous. That's great news. Anyway, back to the Newsweek story. What happened here is it was the Cleveland field office of the FBI and they were able to trace the funds to three cryptocurrency wallet addresses. So you can have multiple addresses, like a lot of addresses with. With one wallet. And it.
[14:04]
Maria Varmazis
It sort of like feeds into the wallet. Right. I mean, it's feeds into the wallet.
[14:07]
Joe Kerrigan
Right.
[14:08]
Maria Varmazis
You're like a big tree with its roots everywhere. Is sort of how I imagine it.
[14:11]
Joe Kerrigan
Exactly. I'm not exactly sure what the math is behind it, but you can have multiple addresses that feed into the same wallet, which is the same private keys. But these guys used just these three addresses. And that let the. The FBI develop a trace of where this money was going. Because even though these guys attempted to, you know, launder the money with. With obfuscation techniques, using things like tumblers and switching from one blockchain to another. Like they, there, it says in here they bought Ethereum and Tron and, and they use multiple defi protocols, which is distributed financing.
[14:55]
Maria Varmazis
Okay, thank you. Didn't know what that meant.
[14:58]
Joe Kerrigan
That. Yeah, it's, it's, I'm not, you know, it's like an exchange where there's nobody in charge. So, you know, I've never done anything. I, I say that I do have some crypto on here. Some of it's in a private, in a personal wallet. Some of it's on exchange. Most of it's on an exchange defi. You can go up there, you can say, I'm going to exchange this for that. And maybe you get your money. I don't know, I've never tried it. But I would assume that you get, you get some money from it. But anyway, these guys were able to, you know, the FBI was, was able to trace this based on one Cleveland based victim who was convinced to liquidate her entire retirement savings and transfer 65 or $650,000 into digital assets. And she thought it was going into an investment account. It isn't going into an investment account. It'll look like it is. There'll even be a fake webpage and they'll tell you, oh, you're doing great. But as soon as you say, hey, give me some of my money, that's when everything stops. And once you have the large amount of money, that's when they start, you know, they will try to get you to put as much money in there as possible. And once you get to the point where you started putting money in here, you could just think of it as gone, moved off the market.
[16:15]
Maria Varmazis
It's burning it, basically.
[16:16]
Joe Kerrigan
It's, yeah, it's, it's gone. So once they, once they had traced these, traced the money down, they had a good, a good idea of where it was. They used civil forfeiture laws and filed a civil forfeiture complaint in February talking about the scam and how they knew this was going on. Now this, I'm not a big fan of civil forfeiture laws because often they get abused.
[16:41]
Maria Varmazis
Yeah.
[16:41]
Joe Kerrigan
Like there are cases where people have been going to buy a car and they have $20,000 in cash and law enforcement just seizes the cash and says, you can't have that much money unless you're going to do something illegal. We're going to have a civil forfeiture here and good luck getting your money back.
[16:59]
Maria Varmazis
And yeah, it does seem like something ripe for abuse for sure.
[17:02]
Joe Kerrigan
It is. It absolutely is. But Here, this is a good intended use case where the FBI has judiciously demonstrated that this is these are scam funds, or we're reasonably certain that these are scam funds. Please seize the cryptocurrency. And they've seized $8 billion. They said they're going to out to people who have been victims of these scams. One of the things they're saying is, of course, they don't know how many victims there are. There are many victims who have been, who just will never be identified. Hopefully their losses are small.
[17:33]
Maria Varmazis
Goodness. I just. Wow. I have so many thoughts about. Every time we cover these stories, I just, I have so many thoughts that go through my head that I just, I. It's just sort of what would convince somebody to take their retirement savings out in general and move them en masse somewhere else. Makes me wonder about, like, when I go into retirement, like retirement funding websites. I'm trying not to use names here. Sometimes they don't look very credible, even though the institutions themselves are. And then I'm thinking you combine maybe a website that looks about as credible by a gut check as, you know, an established financial institutions. Plus the, the conversations I know, I hear all the time going on between like, grandparents and their grandchildren about, you know, you should get into crypto. It's a great thing. Park your money there and then just, you have not enough information. Plus things that look, I suppose, somewhat credible or at least as credible as everything else. And then it's just, just a terrible melange of awful that makes it just so easy for people to get victimized like this. I just h. And that's to say nothing of also then the social engineering that's going on to, to, you know, to make people do, do these kinds of things, it's just, it's, it's, it's a combination of so many bad, bad elements at once.
[18:56]
Joe Kerrigan
Yeah. Yeah, it is. If, if everybody took my advice, they would not get hurt on this. And my advice is, remember, if you're going to invest in crypto, that's fine, but don't do it with money you can't afford to lose. It's like gambling, essentially. It's the same advice I give when you're gambling. Yeah. And if you want to put a lot of money into crypto, that's fine, but you should never, under any circumstances, put all of your money into this. And it is, you know, even if you, even if you. That's the only source of your money. If, you know, let's say that I was smart Enough to buy bitcoin when I could have bought it for 25 cents or $4 at some point in time, I would have.
[19:33]
Maria Varmazis
Smart enough, lucky enough.
[19:35]
Joe Kerrigan
Lucky enough. Yeah. Well, I mean, I had the opportunity. I really considered it. I was like, I think I'll be happier with the four bucks. Turns out I was wrong. But.
[19:43]
Maria Varmazis
Well, I mean, yeah, I mean, I know people who did get in on that, but it's just like. But I also, in the cases of those people, they had fallen for like 20 bad financial decision type scams beforehand and. But in this case, it ended up paying off. So I'm kind of like, this is.
[19:57]
Joe Kerrigan
The one they talk about. Right? They don't talk about. Yeah, it is, you know.
[19:59]
Maria Varmazis
Yep.
[20:00]
Joe Kerrigan
Going into multi level marketing or anything anyway. Yeah, I would have, you know, by now I would have liquidated some amount of that and put that into other more traditional investments. And you know, with the, with the rate at which cryptocurrency or bitcoin in particular, the prices have been growing, I probably would have done that multiple times. Yeah. Even if, in other words, even if all my wealth came from the growth of the explosion of the value of cryptocurrency, I would have by now moved it to another plat, another investment. I would have diversified. And you should not have all your money in one type of investment.
[20:35]
Maria Varmazis
Yeah, this is, this gets into financial literacy and you know, how. What kind of risk can you, can you take on? And also just, it's a whole other conversation about finances. And I think again, it gets into that a lot of people, especially United States, are just not that financially literate. But it's, it's also very complicated, especially if you're from another country where a lot of this stuff tends to be handled by like a government. And in this case, it's sort of like you got to figure it out. And it's not easy to figure out.
[21:03]
Joe Kerrigan
In my youth, I talk about this. My father, actually I found out he still maintains his education requirements so he can hold his CPA certification. I didn't know that about it.
[21:13]
Maria Varmazis
Wow.
[21:14]
Joe Kerrigan
But yeah, I grew up in what you would consider to be a very financially literate household. My father was an accountant. My mother was a bookkeeper. We have a lot of accountants in the family. Not everybody comes from that kind of a background. So I mean, this stuff all seems like second nature to me. But I understand that the reason that is the case is because of the household I grew up in.
[21:34]
Maria Varmazis
Yeah, I come from the opposite. But it's. My parents were very Financially literate, but they were self taught completely. And I know for my extended family it was things were either handled by, you know, a pension, really it was a pension, or you bought property and basically you were a landlord and that was it. There were 401ks or anything with the stock market. None of that either existed or nobody understands how to, to manage any of that. So anything that I learned, I learned from my parents who thankfully learned about this stuff. But a lot of my family, I'm still having the conversations with them about if you have the cash to buy property, that's great. But there's this whole thing called the stock market that you might also be interested in to grow your wealth, I don't know. So I just think of those use cases where it's easy to assume that people know this stuff, but it's really not clear at all. So yeah.
[22:32]
Joe Kerrigan
Yep.
[22:33]
Maria Varmazis
All right, let's move on to my story now. And honestly I was about to ask.
[22:36]
Joe Kerrigan
What have you got?
[22:37]
Maria Varmazis
What do I got? Well, I really just have a quick story today, sort of I wanted to mention what happened in the story but then just pontificate a little bit on it because honestly it's sadly yet another Publisher's Clearinghouse or PCH scam and another whack a mole in these scams that just will not go away. In this case, in the end of March, four people were indicted on federal charges for apparently scamming millions of dollars out of several elderly folks around the United States. So the many three of the four people who have been indicted actually are based out of Jamaica, which I thought was an interesting bit of flavor there. But basically the scam occurred within the United States and they would, the force scammers would contact their elderly victims in many cases saying hey, you've won. This is, this is standard PCH scam stuff. But hey, you've won the Publisher's Clearinghouse Sweepstakes. We're going to give you the cool, fun novelty check and show up at your house with the balloons like you've seen on tv, multi million dollars coming your way. All you need to do is pay just the upfront taxes and fees before we can give you this prize. And often the scammers would even give like forged documents describing the actual sweepstakes winnings that would be coming their way and using official government seals to make it look very legitimate. And of course the money was never going to be there and the money from the victims was going, was sent to a number of a whole mess of different bank accounts that the scammers would sort of draw from. So a PCH scam is nothing at all new. I think the thing that I wanted to really just, just speak to is I think on certain parts of the Internet, I'm a very online person. PCH scams have this sort of notoriety of sort of comical, sort of like the Viagra pill, spam. Like, who is still falling for these? Like, how, how is this still successful? And my. And I'm not coming at it at that angle. I just, I understand that that angle exists. My main question is, for people under the age of, I don't know, 30, do people even know what PCH was like, what Publishers Clearinghouse is? Cause I'm old enough that I remember when they were on TV all the time.
[24:53]
Joe Kerrigan
But to me it's McMahon was their.
[24:55]
Maria Varmazis
Supporter, was their guy. Yeah. So for people who don't know and have never seen this, back in the 90s, 80s and 90s, I want to say especially it was this commercial that you would often see on TV where people with balloons, like, in a party like atmosphere would sort of seemingly roll up to some random person's house with a huge novelty check for a lot of money, basically saying, you've won this enormous amount of money. And often man who was a big celebrity at the time would be like there with his microphone interviewing some, you know, average American person looking very happy and surprised that they just won a million dollars or whatever. And it was one of those. It seems too good to be true, but apparently it was. I've never really understood how this thing worked. I guess it was just like a lottery. I'm not really sure I would get.
[25:40]
Joe Kerrigan
These things every, you know, I'd open the. Open the Publisher's Clearinghouse mailer because there'd be ads on TV going, look for the Publisher's Clearinghouse mailer. Enter the sweepstakes.
[25:49]
Maria Varmazis
Did you have to pay in. Yeah, you have to enter the sweepstakes. That's what it was. Oh, you should enter it.
[25:53]
Joe Kerrigan
Huh? You never have to pay in. Or at least you shouldn't have to. In fact, you don't even have to buy a magazine, which was what I would do. I'm not going to buy any magazines. I'm just going to send this thing back and then they'd send you another one and you'd have to fill that out and send it back. And eventually I lost interest in it. But it was the whole idea. Yeah, they were trying to get you to buy magazine subscriptions because back when I was a kid, magazines were Delivered to your door via the postal service, not online.
[26:21]
Maria Varmazis
They still can be.
[26:23]
Joe Kerrigan
I know. I actually still get National Geographic because it's got such beautiful photography in it.
[26:29]
Maria Varmazis
Yeah, yeah.
[26:29]
Joe Kerrigan
And it's easier to just pick up a magazine and read it to the kids, right?
[26:34]
Maria Varmazis
Yeah, yeah. I love them for that reason. Especially, like, I love to give my daughter a copy of Wired. Just kidding. That's for me, actually. Here, read the Atlantic. Would you like the Economist? Just kidding. She gets highlights.
[26:47]
Joe Kerrigan
Highlights. Highlights for children.
[26:49]
Maria Varmazis
Yeah, highlights for children is great. But anyway, that's, that's a whole thing. But I admittedly have not watched much network TV in a while, but I remember these commercials being a big part of the sort of cultural zeitgeist in the United States, especially in the 90s. But I want to say the last 20 years, they have faded away a lot. Like, I don't think this is so much of a thing. So to me, it's almost. The fact that this scam still persists is almost explicitly, by design, targeting the elderly. Because who, who else would really remember when this was, when this was relevant and exciting? Feel kind of sad saying that, but.
[27:23]
Joe Kerrigan
I agree with that 100%. So, I mean, you're right. It's, it's, it's something that is, it's, it's, it's self selected to target the elderly to begin with. Because, I mean, if someone called you and said, hey, you won the Publisher's Clearinghouse, you know, be like, the what, the who? Yeah, I don't understand.
[27:40]
Maria Varmazis
I've never even heard of that. Right, exactly. I mean, I have, but I can imagine people under a certain age, they only know about it in the same breath as like a Viagra pill scam. Like, why would you ever fall for this? But for people who remember when this was a big part of the deal, people would joke about, well, maybe one day Ed McMahon will show up at your house with balloons. And it was a big deal. Yeah. So it was just yet another PCH scam. Sadly, a lot of people lost money. Glad to see some more folks getting caught for doing this. Interestingly enough, the people who actually, allegedly have done this version of the scammer actually all around the 30, late 20s and early 30s. So do they even remember when it was culturally relevant? I guess is my thing, but probably not. Probably not. Yeah. Isn't that interesting? Anyway, so, yeah, yet another PCH scam. So be careful out there. And we will be right back after this message from our show sponsor.
[28:39]
Sponsor Voice
So let's return to Our sponsor, ThreatLocker ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank Threat Locker for sponsoring our show.
[29:50]
Maria Varmazis
And we are back. And now it is time for Catch of the Day. Joe.
[30:02]
Joe Kerrigan
Our Catch of the day comes from R Scams and the Reddit. This is on Reddit. R Scams and the user. I love this user's username. Cultwitch13. She sounds nice.
[30:17]
Maria Varmazis
Why are we assuming it's a she? Just kidding.
[30:19]
Joe Kerrigan
That's a good question. Because it doesn't say Cult Warlock. I don't know, does that even make sense anymore? Is that. Is that. Actually, I don't.
[30:27]
Maria Varmazis
Cult wizard, Cult Warlock. Well, it depends. Are you a sorcerer or are you a D and D rules now?
[30:34]
Joe Kerrigan
Yes, she posted this message that she got. She got. She received a text message along with four other three other people. Received this text message with her. Right. Random.
[30:45]
Maria Varmazis
Yeah.
[30:45]
Joe Kerrigan
You want to. You want to read this?
[30:47]
Maria Varmazis
Sure thing. Hello, Good day. This is Elon Musk Tesla. Did you got any messages from my manager yet? We are happy to inform you that your name have been randomly selected as a new beneficiary with a sum of $500,000 to help people pay off debts such as mortgages, medical bills and unpaid bills, as well as to support the disabled. Kindly respond back with accept to +1. Some phone number to proceed immediately. Thank you. Do not call, only text. Congratulations to you once again.
[31:24]
Joe Kerrigan
So Elon's middle name is not Musk. That's his last name.
[31:33]
Maria Varmazis
His name is Elon Tesla.
[31:35]
Joe Kerrigan
Right.
[31:35]
Maria Varmazis
When his mother's really mad though, she goes, elon Musk Tesla.
[31:41]
Joe Kerrigan
He is actually the great, great grandson of Nikolai. No, he's not. No, he's not. Car company after that. I don't think Nikolai Tesla had any kids.
[31:51]
Maria Varmazis
No, he did not. Yeah, he loved pigeons.
[31:56]
Joe Kerrigan
Like Mike Tyson.
[31:57]
Maria Varmazis
Yes. Tesla was a fascinating person. I stayed in the hotel room where he lived and died in New York.
[32:04]
Joe Kerrigan
Really?
[32:05]
Maria Varmazis
Yeah. So he lived in a hotel in New York that's very close to Penn Station. And there's like a plaque in the lobby saying, like, he lived here. But I actually, I apparently got like the room where he actually lived and died.
[32:17]
Joe Kerrigan
Yikes.
[32:18]
Maria Varmazis
Years ago. Yeah, well, you know, he was a bit of a personal hero to my father, so I knew a lot about Tesla growing up. Okay.
[32:25]
Joe Kerrigan
Okay. So here's, here's why this actually might.
[32:28]
Maria Varmazis
Work is do not call only text.
[32:33]
Joe Kerrigan
Right? I was, I was on Newsweek today and there is, I'm reading, I'm reading that pig butchering FBI story. At the bottom, there's a link to another article that says, Elon Musk says he's going to go write million dollar checks to people who vote in the Supreme Court vote election in Wisconsin. He says he's only going to give. It doesn't matter what he's going to do. It's a stunt. Who cares? It's things that, when he does things like that that can pair up nicely with scams like this. Hey, Elon Musk is going to Wisconsin to give away two $1 million checks. It's not so hard to believe that I am the lucky recipient of half that amount from such a wacky billionaire.
[33:19]
Maria Varmazis
So, yeah, I mean, honestly, it's a drop in the bucket for him. Plus he's doing the PCH scams with the giant novelty checks. Right?
[33:26]
Joe Kerrigan
Right.
[33:27]
Maria Varmazis
Yeah.
[33:28]
Joe Kerrigan
So, I mean, it's, we all see this as obviously a scam. If you, if you contact these people, you just get led into an advanced fee scam where you have to start paying fees in advance. Yeah, we got your 500. $500,000 right here. But you have to pay a wiring fee of, of a hundred bucks. Okay. Now you have to pay some taxes of another taxing fee and just fees, fees, fees. Until you either realize it's a scam or run out of money. One of the two things is going to happen. So it's really great to realize this is a scam when you've lost zero dollars. That's, that's the objective and that's why we have this show.
[34:04]
Maria Varmazis
Indeed. Thank you for that, Joe.
[34:12]
Sponsor Voice
And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their zero trust endpoint protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.
[34:41]
Maria Varmazis
And that is hacking humans Brought to you by N2K CyberWire we would love to know what you think of this podcast. Your feedback ensures that we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com we're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilby is our publisher and I'm Maria Varmazis.
[35:37]
Joe Kerrigan
And I'm Joe Kerrigan.
[35:38]
Maria Varmazis
Thank you for listening.