Hacking Humans

By CyberWire Inc.

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 652
Reviews: 1

Chris Libera
 Sep 11, 2020
Very well made and informative.

Description

Deception, influence, and social engineering in the world of cyber crime.

Episode Date
What are our devices doing to our compassion?
2802
Guest Dr. Charles Chaffin, author of the book "Numb: How the Information Age Dulls Our Senses and How We Can Get them Back," joins Dave this week, we have some listener follow up from John with a tip on ATM security, Dave's got a two-fer this week including a useful site called www.shouldiclick.org and a Twitter report on multi-factor authentication thanks Rachel Tobac for calling our attention to it, Joe's story is from Microsoft on trends in tech support scams, and our Catch of the Day is from a listener on Twitter called @DoNoEvilMan about a payout from the Federal Reserve via the FBI. Links to stories: Should I click or not? Twitter Account Security report Tech support scams adapt and persist in 2021, per new Microsoft research Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 29, 2021
secure access service edge (SASE) (noun) [Word Notes]
475
A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, an SD-WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks.
Jul 27, 2021
It's ok to be trusting, just be careful.
2532
Guest Gil Friedrich from Avanan joins Dave to talk about how bad actors are infiltrating organizations using collaboration apps, we have two pieces of listener follow up from Michael and Tobias, Joe has a story about fake information, Dave's story is about message spam on LinkedIn, and our Catch of the Day is from a listener named Lucio with a questionable Reddit communication. Links to stories: Propaganda as a Social Engineering Tool Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 22, 2021
red teaming (noun) [Word Notes]
356
 The practice of emulating known adversary behavior against an organization's actual defensive posture.
Jul 20, 2021
Threat actors changing ransomware tactics.
2441
Guest Kurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Houston area, Joe's story is about a real estate rental scam and a scammer who likes to talk about his work, and our Catch of the Day is from a listener named Craig with an email about an unprofessional colleague and a questionable attachment. Links to stories: A ‘dark-side coupon group’ scammed stores out of millions, police say. ‘They were just going through the ink.’ Housing scams abundant in Jackson. This scammer is proud of it Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 15, 2021
next generation firewall (noun) [Word Notes]
417
A layer seven security orchestration platform deployed at the boundary between internal workloads slash data storage and untrusted sources that blocks incoming and outgoing network traffic with rules that tie applications to the authenticated user and provides most of the traditional security stack functions in one device or software application. 
Jul 13, 2021
Introducing 8th Layer Insights: Deceptionology 101: Introduction to the Dark Arts
3687
Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale. This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses. Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19 George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Notes & Resources: CSO Online article on Social Engineering OODA Loop Understanding Framing Effects More examples of Framing Effects Harvard Business Review article on the Principles of Persuasion A blog series I did on Deception (Part 1), (Part 2). PsychologyToday article on Social Engineering Recommended Books (Amazon affiliate links): The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Social Engineering: The Science of Human Hacking by Chris Hadnagy Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney Music and Sound Effects by Blue Dot Sessions & Storyblocks. Artwork by Chris Machowski.
Jul 11, 2021
Collaboration, data portability, and employee mobility fuel insider risk.
2472
Guest Joe Payne of Code 42 joins Dave to discuss insider risks Joe has a story about Frank Abagnale who's conned everyone one way or another, Dave's story is about a real estate scam conning a single mother of her life savings, and our Catch of the Day is from listener Michael with an "Extremely Urgent Attention Required" email. Links to stories: Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work Real estate scam robs Florida mom of $63K in life savings Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 08, 2021
fast flux (noun) [Word Notes]
403
A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet.
Jul 06, 2021
An inside view on North Korean cybercrime.
2135
The CyberWire's UK correspondent Carole Theriault returns to share an interview with Geoff White, reporter from the BBC and co-host of the Lazarus Heist podcast, Joe has some listener follow-up from Mike looking for advice on certifications for getting into cybersecurity, Dave's story is from Brian Krebs about catching an ATM shimmer gang, Joe's got a piece from MalwareBytes Labs about phishing for Bitcoin recovery codes, and our Catch of the Day is from listener Rohit with a pretty genuine-looking snail mail scam. Links to stories: How Cyber Sleuths Cracked an ATM Shimmer Gang Bitcoin scammers phish for wallet recovery codes on Twitter Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 01, 2021
encryption (noun) [Word Notes]
377
The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.
Jun 29, 2021
Bad password hygiene jeopardizes streaming services.
2414
Guest Matthew Gracey-McMinn joins us from Netacea to speak with Dave about security issues with streaming services, Joe shares some follow-up from listener Jason about a bracelet sale mentioned a few episodes ago, Joe's story is from UMBC about AI-generated fake news reports, Dave's got a story about a replacement scam for a hardware wallet used for storing cryptocurrency, and our Catch of the Day comes from a listener called R about a vishing scam for DirectTV. Links to stories: Study shows AI-generated fake reports fool experts Criminals are mailing altered Ledger devices to steal cryptocurrency Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 24, 2021
keylogger (noun) [Word Notes]
300
Software or hardware that records the computer keys pressed by a user. 
Jun 22, 2021
Answering a job ad from a ransomware gang.
2242
Guest Mantas Sasnauskas from CyberNews joins Dave to talk about how he and his colleagues applied for a job with a ransomware gang, Joe and Dave reply to a listener named Christopher about certifications, Dave's story is about credential stuffing with payroll companies for $800,000,Joe shares a story about lewd phishing lures sent to people's email accounts, and our Catch of the Day is from from a listener named Stof who says, he “received this call just now, never heard one this convincing, nearly got me too!" Links to stories: How to hack into 5500 accounts… just using “credential stuffing” Lewd Phishing Lures Aimed at Business Explode Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 17, 2021
non-fungible tokens (NFT) (noun) [Word Notes]
304
Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.
Jun 15, 2021
Pandemic taxes: later due dates afford more time for scams.
2369
Guest Robert Capps of NuData Security joins Dave to discuss what businesses can do to bolster their protection against tax fraud, Joe and Dave have some follow-up from 2 episodes ago when they discussed a BazarLoader scam: Wired has a recent article with a twist about a totally fake streaming site called BravoMovies, Joe shares a story from a listener Jason about a friend of his who was targeted by a scammer on Facebook Marketplace, Dave's story is about scammers demanding ransom from families who report missing persons on social media, and our Catch of the Day is from Reddit on a Tron cryptocurrency scam. Links to stories: The Bizarro Streaming Site That Hackers Built From Scratch  Scammers Target Families Who Post Missing Persons on Social Media COTD post on Reddit: Crypto scammer doesn't understand compound interest and gives me a rate that would give me all of the crypto after 9 hours. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 10, 2021
multi-factor authentication (noun) [Word Notes]
331
The use of two or more verification methods to gain access to an account.
Jun 08, 2021
The fight in the dog.
2343
Guests Jan Kallberg and Col Stephen Hamilton of Army Cyber Institute at West Point join Dave to talk about cognitive force protection, Joe and Dave have some follow-up from a listener named Obada about Apple only allowing 2FA through SMS, Dave shares a story about Google's plan to require MFA for all users, Joe's story is about a couple who had their Fidelity retirement account defrauded to the tune of $40,000, and our Catch of the Day is from a listener named Doal about becoming named the beneficiary of a similarly-named deceased person. Links to stories: Google to make multi-factor authentication its default mode ‘Sleeping Giant:' Thieves Target Retirement Accounts How to protect troops from an assault in the cognitive domain Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 03, 2021
machine learning (noun) [Word Notes]
346
A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.
Jun 01, 2021
Hacking people vs. hacking technologies to get into companies.
2363
Guest Tim Sadler from Tessian on how oversharing on social media and in OOO messages can open the door for hackers, Joe shares a story about vishing emails from "Amazon" that had spam confidence levels of 1, Dave's story is about an elaborate BazarLoader campaign counting on a lot of human interaction, and our Catch of the Day is from a listener named Scott about a phishing fax, that's right, we said fax. Links to stories: Hello, Is It Me You’re Phishing For: Amazon Vishing Attacks BazarCall Method: Call Centers Help Spread BazarLoader Malware Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 27, 2021
intelligence (noun) [Word Notes]
326
The process of turning raw information into intelligence products that leaders use to make decisions with.
May 25, 2021
Whaling attacks are more targeted than phishing or spearphishing.
2039
Guest Kev Breen from Immersive Labs joins Dave to talk about how to address whaling attacks, Dave shares a discussion he had with. a colleague about password managers and elderly parents and Joe weighs in, Dave's story is about a smishing Trojan impersonating a Chrome app, Joe has a story about URL redirection making more effective phishing attacks, and our Catch of the Day is from a listener named Vaughn about a snail mail fraud scheme that references a website. Links to stories: Beware of this smishing trojan impersonating the Chrome app Exploiting common URL redirection methods to create effective phishing attacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 20, 2021
Introducing 8th Layer Insights [Trailer]
199
Coming May 25, 2021. Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more.
May 19, 2021
SaaS (noun) [Word Notes]
334
A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.
May 18, 2021
How to best fight fake news.
2363
Guest Helen Lee Bouygues of the Reboot Foundation joins Dave to talk about social media’s effect within the misinformation ecosystem and how users can best fight fake news, Dave and Joe share some follow-up from listener Jonathan on two-factor authentication, Joe's story is about an employee in Scotland sued for making payments based on phishing emails, Dave has a story about fake order confirmation phishing messages prompting us to call rather than click, our Catch of the Day comes from a listener named Wyatt who received a phishing email from some fellow jackpot winners. Links to stories: Why You Should Use a Physical Key to Sign Into Your Accounts Publishing company defrauded of over £193,000 fail to appeal decision that ex-employee was not liable for damages Company sues worker who fell for email scam BazarBackdoor phishing campaign eschews links and files to avoid raising red flags Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 13, 2021
decryption (noun) [Word Notes]
418
A process of converting encrypted data into something that a human or computer can understand.
May 11, 2021
Digital identities are at the core of recent breaches.
2358
Our UK correspondent Carole Theriault returns to share her interview with Julie Smith from the Security Alliance and Kelvin Coleman from National Cyber Security Alliance about Identity Management Day, Dave's story is about how Pixar uses colors to hack our moods and minds to see colors we've never seen before, Joe has a story about ways malicious actors can break into accounts with multi-factor authentication enabled, our Catch of the Day comes from a listener named Brett who works in a PC repair shop and "HackerDont'comebacker" software. Links to stories: How Pixar Uses Hyper-Colors to Hack Your Brain How Social Engineering Tactics Can Crack Multi-factor Authentication Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 06, 2021
brute-force attack (noun) [Word Notes]
362
A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.
May 04, 2021
Anyone can be a target of romance scams.
2164
Guest Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams, Joe and Dave share some listener follow-up, Joe's got a story about emails sent to British awards organizers asking them to transfer prize money to a PayPal account, Dave's story is about a Rolling Stones tribute band targeted in a bogus check racket, and our Catch of the Day comes from a listener named Konstantin about a fake tax refund. Links to stories: $40,000 Swindle Puts Spotlight on Literary Prize Scams Scammers can’t get no satisfaction Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 29, 2021
denial-of-service attack (noun) [Word Notes]
367
A cyber attack designed to impair or eliminate access to online services or data.
Apr 27, 2021
Make systems to mitigate the mistakes.
2548
Guest Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity, Joe shares some follow-up from a listener named Alex about the Alexa phone call Joe mentioned a few episodes back, Dave shares a note from listener Brandon about finding similar DNS names (check out https://dnstwister.report/), Dave's story is about dark patterns to get you to do something on a website, Joe shares a story phishing emails and defenses against them, and our Catch of the Day comes from a listener named Big Mike about an old time radio podcast he heard recently with great examples of social engineering. Links to stories: Dark patterns, the tricks websites use to make you say yes, explained Why do phishing attacks work? Blame the humans, not the technology Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 22, 2021
cold boot attack (noun) [Word Notes]
389
A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal sensitive data. 
Apr 20, 2021
Being aware can go a long way to prevent attacks.
2132
Guest Herb Stapleton, the FBI’s cyber division sector chief, joins Dave to talk about the FBI's Internet Crime Complaint Center (IC3) annual report and its findings, Joe's story is about an ongoing IRS impersonation scam targeting educational organizations, Dave shares a story from the BBC about people using their pets names as passwords (tell us that hasn't crossed your mind or your keyboard before), and our Catch of the Day comes from the Land Down Under via Gareth and Kingsley. COTD note: Just to be clear their jurisdiction is a single party consent jurisdiction. Links to stories: IRS warns university students and staff of impersonation email scam Pets' names used as passwords by millions, study finds Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 15, 2021
cloud computing (noun) [Word Notes]
346
On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.
Apr 13, 2021
Finding targets of opportunity.
2410
Guest Peter Warmka, founder of the Counterintelligence Institute, joins Dave to talk about how insider targets are chosen and assessed, Joe shares a weird phone call he received, Dave's story from a Twitter use named Jake on flower shop scams, Joe has a story about student loan forgiveness scams, and our Catch of the Day comes from a listener named Andrew about a pricey software subscription renewal scam. Links to stories: Twitter thread with flower shop scams from Australia 3 Ways to Spot Student Loan Scams Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 08, 2021
APT (noun) [Word Notes]
382
An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations.
Apr 06, 2021
The pandemic is slowing, time to travel?
2090
Guest Fleming Shi of Barracuda joins Dave to talk about about travel-related phishing attacks now that vaccines are more readily available, Dave and Joe share listener advice about preventative email blocking, Joe shares a story about romance scams by someone that includes fake W2s and other documents in the process, Dave's got a story about a phone scammer posing as McDonald's CEO, and our Catch of the Day is from a listener named Tarik with an email about his reported death. Tarik awards this email the Unlikely Phishing Hook of the Year Award presented by the Institute of Questionable Intentions. Links to stories: Irvine man accused of $1 million romance scam Phone scammer pretending to be McDonald's CEO nearly cons Pennsylvania restaurant out of thousands: report Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 01, 2021
backdoor (noun) [Word Notes]
324
An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.
Mar 30, 2021
Technology is not designed for older users.
2237
Guest Ming Yang of Orchard joins Dave to talk about ways to help your parents with technology (aka providing tech support for our parents). Dave shares the FBI's advisory warning of an expected increase in the use of deepfakes for social engineering attacks, Joe's got a story about phantom debts, and our Catch of the Day is from a listener named Anthony about an email from federalcrimeofinvestigation@gmail.com. Hmmm...seems legit. Links to stories: Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations Beware Scammers Trying to Collect Phantom Debts Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 25, 2021
watering hole attack (noun) {Word Notes]
300
From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.
Mar 23, 2021
Ideally, look for someone open to deception.
2365
Guest professional magician Brandon Williams talks with Joe about the art of deception. we have some follow-up on a watering hole attack we discussed a few episodes back, Joe's story is about the Attorney General of Vermont's top scams of 2020 report (no surprise #1 was SSN phishing), Dave's got a story about the level of sophistication of cybercriminals (hint: not all are that sophisticated), and our Catch of the Day is from a listener named Jo about a well-written request for donation. Links to stories: Top 10 scams of 2020 released by attorney general Not all cybercriminals are sophisticated Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 18, 2021
network telescope (noun) [Word Notes]
288
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.
Mar 16, 2021
Insider threats and security concerns for APIs.
2302
Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up from a listener closing on their home, Dave's story is about a new wave of scams saying they are from the Social Security Administration, Joe's got Deepfakes of Tom Cruise (thanks to Rachel Tobac for this one), and our Catch of the Day is from a listener named John's son and a job interview scam he experienced. Links to stories: US government warns of Social Security scams using fake federal IDs Here’s How Worried You Should Be About Those Tom Cruise Deepfakes Deepfake videos of Tom Cruise show the technology's threat to society is very real Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 11, 2021
SOC Triad (noun) [Word Notes]
291
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.
Mar 09, 2021
Fraud activity within secure messaging apps in plain sight.
2495
Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener named John about a letter he received in the mail from "TD Trust Bank" about an inheritance opportunity. Links to stories: New Phishing Attack Identified: Malformed URL Prefixes “ScamClub” gang outed for exploiting iPhone browser bug to spew ads Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 04, 2021
supply chain attacks (noun) [Word Notes]
298
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.
Mar 02, 2021
How likely are online users to reveal private information?
1994
Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Zoom zero day component, and our Catch of the Day is a compelling phishing email a listener named Michael recently received. Links to stories: Nigerian man sentenced 10 years for $11 million phishing scam Watch out for sextortion email scams Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 25, 2021
taint analysis (noun) [Word Notes]
230
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.
Feb 23, 2021
Including your passwords in your final arrangements.
2472
Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some listener feedback from Jonathan about replacing outdated equipment (aka an old phone), Joe's story is about ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations, Dave's story has a holiday theme: emails pretending to confirm orders from lingerie and flower shops that are actually spreading malware, and our Catch of the Day is from a listener named Kristian and it's a "legitimate deal" from Colonel Gaddafi's daughter. Links to stories: New campaign targeting security researchers Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 18, 2021
ATM skimming (noun) [Word Notes]
267
The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.
Feb 16, 2021
In the disinformation and misinformation crosshairs.
2246
Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks about data breaches that have increased 50% year over year since 2018, and our Catch of the Day is from a listener named John his wife saw on Facebook who translated it from Lithuanian. Links to stories: Count Yourself in For a Vaccine Phish Deep Analysis of More than 60,000 Breach Reports Over Three Years Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 11, 2021
APT side hustle (noun) [Word Notes]
299
A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.
Feb 09, 2021
Understanding human behavior is a key to security.
2371
Guest Nico Popp of Forcepoint joins Dave to discuss why understanding human behavior is a major key to security, Dave & Joe discuss some listener follow-up about a Craigslist posting, Joe's story is about a scam website that is promising refunds to consumers all over the world, Dave shares a story about scam calls coming from call centers in India, and our Catch of the Day is from a listener about an email from former first lady Melania Trump. Links to stories: FTC warns of scam website that promises refund for victims of online scams Scam “US Trading Commission” website is not the FTC Who's Making All Those Scam Calls? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 04, 2021
endpoint (noun) [Word Notes}
335
A device connected to a network that accepts communications from other endpoints like laptops, mobile devices, IoT equipment, routers, switches, and any tool on the security stack.
Feb 02, 2021
Covid has shifted the way we deal with money and increased fraud.
2472
Guest Eric Solis of MOVO Cash talks with Dave about the increase of fraud attacks on consumers and businesses by not having a body of regulations for digital payments, Dave's story is about his recent pillow purchase prompting him to do online reviews for an extra bonus, Joe shares some details from Verizon's Cyber-Espionage report, and our Catch of the Day is a letter from a listener named Jim who had a bad eBay transaction. Links to stories: Amazon is trying to crack down on fraudulent reviews. They’re thriving in Facebook groups. Breach of Trust: How Cyber-Espionage Thrives On Human Nature Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 28, 2021
unified extensible firmware interface (UEFI) (noun) [Word Notes]
326
An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer’s firmware and the computer’s operating system.
Jan 26, 2021
Targeted phishing campaigns and lottery scams abound.
2053
Guest Arjun Sambamoorthy of Armorblox talks with Dave about five targeted phishing campaigns that weaponize various Google services during their attack flow, Joe's story is about the MegaMillions jackpot that is approaching epic proportions and attracting the attention of scammers, Dave's story comes from a listener over on the Grumpy Old Geeks podcast about a Venmo incident, and our Catch of the Day comes from Joe's son who received an email from the FBI. Links to stories: Advisory: Beware of Scams as Jackpot Grows Lottery Scams: Some scammers falsely use Mega Millions name Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 21, 2021
Daemon (noun) [Word Notes]
259
An operating system program running in the background designed to perform a specific task when certain conditions or events occur.
Jan 19, 2021
As B2C interactions shift online, call centers become new fraud vector.
2368
Guest Umesh Sachdev of Uniphore talks with Dave about how call centers are becoming the new fraud vector, Dave's story involves an email that has a Trump scandal .jar file attached that's really a RAT, Joe has a story about hackers spoofing a victim's phone number making emergency calls where the police respond to the victim's home with force, he also talks about credential stuffing for swatting a video doorbell, and our Catch of the Day comes from a listener Christian who received an email with a lazy trunk box scam. Links to stories: Hackers Using Fake Trump's Scandal Video to Spread QNode Malware FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 14, 2021
greyware (noun) [Word Notes]
288
Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.
Jan 12, 2021
Combating growing online financial fraud.
2180
Dave switches gears and shares a story from the National Law Review with a social engineering spin to it about a theft exclusion in a title company's errors and omissions policy, Joe shares a story from Facebook taking action against hacking groups, The Catch of the Day comes Joe himself with a connection request he received on LinkedIn, and later in the show, Dave's conversation with Carey O’Connor Kolaja from AU10TIX on fraud in the financial services and payment industry, and how organizations are using emerging technical solutions to help combat it. Links to stories: Engineering Coverage for Social Engineering Schemes in Light of New Jersey Federal Court Opinion Finding No Errors and Omissions Coverage for Email Scam Taking Action Against Hackers in Bangladesh and Vietnam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 07, 2021
Unix (noun) [Word Notes]
285
A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.
Jan 05, 2021
fuzzing (noun) [Word Notes]
285
An automatic software bug and vulnerability discovery technique that input's invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.
Jan 05, 2021
Encore: Don't go looking for morality here. [Hacking Humans]
2331
Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco. Links to stories: Revealed: fake 'traders' allegedly prey on victims in global investment scam Coronavirus: Scammers follow the headlines Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 31, 2020
deep packet inspection (DPI) (noun) [Word Notes]
304
A network monitoring and filtering technique that examines both the header information and the payload of every packet traversing a network access point.
Dec 29, 2020
Encore: Separating fools from money. [Hacking Humans]
1802
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 24, 2020
tactics, techniques and procedures (TTPs) (noun) [Word Notes]
298
A set of behaviors that precisely describes a cyber adversary attack campaign.
Dec 22, 2020
rootkit (noun) [Word Notes]
387
A clandestine set of applications designed to give hackers access and control over a target device.
Dec 22, 2020
Phishing lures that may be in your inbox soon, and how to deal "left of bang."
2224
Joe talks about phishing lures with holiday packages, current events, and things he expects to see in your inbox soon, Dave's shares a blog post on how to troll a Nigerian prince, The Catch of the Day comes from a listener named Christian who received an email from an ill churchgoer that tests US knowledge of geography, and later in the show, Carole Theriault returns with a conversation with Rebecca McKeown, an independent Chartered Psychologist, with experience researching and evaluating learning and development across the Ministry of Defence. She is studying the psychology of cyber response. Links to stories: How to Troll a Nigerian Prince Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 17, 2020
identity theft (noun) [Word Notes]
210
In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theft of a person's identity for purposes of fraud.
Dec 15, 2020
The landscape has shifted for holiday shopping to online.
1987
Joe provides some listener feedback on allowing site notifications, Dave shares good news in his story about taking down money mules, Joe's got not as good news about a phishing campaign targeting the COVID-19 vaccine cold chain, The Catch of the Day comes from a listener named Virginia who received a phishing email impersonating a bank, and later in the show, Dave's conversation with Neal Dennis from Cyware on the cybersecurity concerns and pitfalls customers need to look out for and why ecommerce has become a goldmine for hackers. Links to stories: U.S. Law Enforcement Takes Action Against Approximately 2,300 Money Mules In Global Crackdown On Money Laundering IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 10, 2020
cyber threat intelligence (CTI) (noun) [Word Notes]
332
Information used by leadership to make decisions regarding the cybersecurity posture of their organization.
Dec 08, 2020
Virtual Private Network (VPN) (noun) [Word Notes}
355
A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.
Dec 08, 2020
Going behind the scenes and preventing social engineering in financial institutions.
2339
Joe has a story about fake websites with advanced profiling tools and malicious software by OceanLotus, Dave's story is about sites that ask if it's ok to send you notifications, The Catch of the Day comes from a listener named William who received a phishing email from the boss, and later in the show, Dave's conversation with Mike Slaugh from USAA on his predictions for 2021 and best practices for organizations to protect themselves and consumers, including creating better means of identity verification. Links to stories: OceanLotus: Extending Cyber Espionage Operations Through Fake Websites Be Very Sparing in Allowing Site Notifications Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 03, 2020
Network Time Protocol (NTP) attack (noun) [Word Notes]
367
A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destination address of their target victims.
Dec 01, 2020
smishing (SMS phishing) (noun) [Word Notes]
247
From the intrusion kill-chain model, the delivery of a “lure” via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. Smishing is a portmanteau word made of two other words, the acronym “SMS” and the cyber coinage “Phishing“. It’s a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term “Smishing” arose in the late 2000s. 
Dec 01, 2020
Encore: Wearing a mask in the Oval Office and the art of deception.
2613
Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA intelligence officer and former Chief of Disguise. Link to story: Twitter Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 26, 2020
port mirroring (noun) [Word Notes]
247
A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in. 
Nov 24, 2020
The public's expectations are changing.
2443
Dave has a story about the security risks of your outbound email, Joe's story is about a fake company, Ecapitalloans, using fake BBB affiliation, The Catch of the Day comes from a listener named Max with a new work phone with curious activity from previous number owner, and later in the show, Dave's conversation with Bill Coletti, crisis communications and reputation management expert at Kith, and author of the book Critical Moments: A New Mindset for Reputation Management.  Links to stories: The 2020 Outbound Email Data Breach Report Finds growing email volumes and stressed employees are causing rising breach risk BBB Warning: Ecapitalloans steals personal information and money from loan applicants Ecapitalloans.co Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 19, 2020
shadow IT (noun) {Word Notes]
264
Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow IT as completely negative. Those unauthorized systems were nothing more than a hindrance that created more technical debt in organizations that were already swimming in it with the known and authorized systems. 
Nov 17, 2020
Network Detection and Response (NDR) (noun) [Word Notes]
349
NDR tools provide anomaly detection and potential attack prevention by collecting telemetry across the entire intrusion kill chain on transactions across the network, between servers, hosts, and cloud-workloads, and running machine learning algorithms against this compiled and very large data set. NDR is an extension of the EDR, or endpoint detection and response idea that emerged in 2013. 
Nov 17, 2020
Ransomware: Statistically, it's likely to happen to anybody.
2180
Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election, The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show, we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry.  Links to stories: Spike in Emotet activity could mean big payday for ransomware gangs Sneaky Office 365 phishing inverts images to evade detection Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 12, 2020
remote access Trojan or RAT (noun) [Word Notes}
252
From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called “The Cult of the Dead Cow,” or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998.
Nov 10, 2020
Too good to be true.
2176
Dave has a story about a fake Facebook copyright violation scam trying to trick you out of your TFA to get into your account, Joe story about the largest elder fraud scam in US history, The Catch of the Day is about a scam using a Google code for verification and includes Hacking Humans in the response, and later in the show, Dave's conversation with Mallory Sofastaii from WMAR Baltimore returns with her reporting on a fake website luring victims through social media ads. .  Links to stories and Catch of the Day: Facebook “copyright violation” tries to get past 2FA – don’t fall for it! Feds Bust Massive Magazine-Subscription Scam Targeting Older Consumers Feds in Minnesota charge 60 in $335M magazine fraud that defrauded seniors nationwide Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 05, 2020
business email compromise or BEC (noun) [Word Notes]
197
A social engineering scam where fraudsters spoof an email message from a trusted company officer that directs a staff member to transfer funds to an account controlled by the criminal. 
Nov 03, 2020
David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition]
1440
On this Special Edition, our extended conversation with author and New York Times national security correspondent David E. Sanger. The Perfect Weapon explores the rise of cyber conflict as the primary way nations now compete with and sabotage one another. ‌
Nov 01, 2020
The Malware Mash!
185
Oct 30, 2020
New consequences, extortion and cyber insurance.
2423
Joe has a story about a woman who called a fake customer service number and got scammed, Dave's story talks about how phishing kits are not that. hard to find, just check YouTube, The Catch of the Day is an opportunity for a listener remove their name from the BLACKLIST, and later in the show, Dave's conversation with John Pescatore from SANS on Thinking Through the Unthinkable: Should You Pay Off a Ransomware Demand.  Links to stories and Catch of the Day: Local Doctor Scammed After Calling Fake Customer Service Number Phishing kits as far as the eye can see Sawyer Dickey: " Your name is in the US.BLACKLIST which makes it impossible for you to send money" Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 29, 2020
anagram (noun) [Word Notes]
184
A word, phrase, or sentence formed from another by rearranging its letters. For example, cracking a columnar transposition cipher by hand involves looking for anagrams.
Oct 27, 2020
What is true and important versus what is the spin.
2137
Dave's story is about some cybercriminal gangs that have stolen $22 million from users of the Electrum wallet app, Joe's story talks about a business email compromise scam cost a US company $15 million, The Catch of the Day is a gift card scam that includes references to National Treasure movie, and later in the show, Dave's conversation with Bill Harrod, Federal CTO of MobileIron on election disinformation campaigns.  Links to stories and Catch of the Day: Bitcoin wallet update trick has netted criminals more than $22 million The anatomy of a $15 million cyber heist on a US company Uno reverses, 50000 credits worth of nitrous oxide, Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 22, 2020
rogue access point (noun) [Word Notes]
217
1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2. A wireless access point, sometimes called an Evil Twin, installed by a cyber adversary in or near an office or data center environment designed to bypass security controls, gain access, and/or surveil the network traffic of the victim’s network. Both kinds, the employee installed and the adversary installed rogue access points, increase the attack surface of the organization. The employee installed device, because of its electronic footprint range, might make it easier for hackers and mischief makers outside of the organization’s network to bypass the corporate security controls and gain access without permission. The adversary installed device is designed specifically to bypass the security controls of the target network.
Oct 20, 2020
Use a Dance Dance Revolution floor lock for your data centers.
2168
Starting with some listener follow-up on password managers, Joe's story has an angel investor bilking people out of due diligence fees, Dave's story comes from Graham Cluley on a malware campaign talking about details on Donald Trump's COVID-19 status, The Catch of the Day is an animal vaccine phishing scam, and later in the show, we’ve got a special treat for you: David Spark from the The CISO/Security Vendor Relationship Series podcast joins us to play the Best Worst Idea game.  Links to stories: Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 15, 2020
darknet (noun) [Word Notes]
257
A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy designed the original Darknet by developing The Onion Router network, or TOR, back in the 1990s. Roger Dingledine and Nick Mathewson deployed the first alpha implementation in 2002 with some initial funding by the Electronic Frontier Foundation (EFF.) The TOR Project became a non-profit in 2006 and is funded by the U.S, Sweden, different NGOs, and individual sponsors.
Oct 13, 2020
Don't click any button...even the 'No' button.
2526
Dave's story is about how some adware took a turn for the worse (and how his dad has fallen adware in the past), Joe's story talks about how someone is trying to phish AT&T employees and others, The Catch of the Day is an OfferUp scam on an rtx 3080 (you gamers know what that is), and later in the show, Dave's conversation with Caleb Barlow from Cynergistek reacting to the recent story of the tragic death of a woman due to hospital ransomware. Links to stories: Linkury adware caught distributing full-blown malware Phishing Page Targets AT&T’s Employee Multi-Factor Authentication Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 08, 2020
phishing (verb) [Word Notes]
227
From the intrusion kill chain model, the delivery of a “lure” to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. According to Knowbe4, the word “phishing” first appeared in a Usenet newsgroup called AOHell in 1996 and some of the very first phishing attacks used AOL Instant Messenger to deliver fake messages purportedly from AOL employees in the early 2000s. The word is part of l33tspeak that started in the early days of the internet (1980s) as a shorthand to let readers know the author was part of the hacker community. In this case, the letters “ph” replace the letter “f” in the word fishing, as in “I fish, with an ‘f,’ for bass in the lake.” In hacking, “I Phish, with a ‘ph,’ for login credentials from key employees at my target’s organization.
Oct 06, 2020
Cookies make for some tasty phishing lure.
2163
In addition to his regular story Dave shares a situation where his mom almost took the bait, Dave's story is about an SMS phishing (smishing) Apple scam in UK (ps, there's never a free iPhone & Joe is still not an Apple fan), Joe's story talks about why you don't trust anything political on a social network, The Catch of the Day is from a Reddit user invited to join the Illuminati game, and later in the show, Dave's conversation with Alex Mosher from MobileIron on MobileIron's Phishing with Cookies Campaign. Links to stories and Catch of the Day: SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it! Chinese propaganda network on Facebook used AI-generated faces Catch of the Day on Reddit Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 01, 2020
credential stealing (verb) [Word Notes]
199
From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common way hackers steal credentials is with some version of a phishing attack.
Sep 29, 2020
It's human nature.
2021
Dave and Joe have some follow-up from a listener on OG accounts, Joe's story talks about a new phishing campaign inspired by Twitter from earlier this summer, Dave shares a story about using security awareness training as phishing lures, The Catch of the Day is a SunTrust phishing scam, and later in the show, Dave's conversation with Tim Sadler from Tessian on the Psychology of Human Error report. Links to stories and Catch of the Day: New Twitter phishing scam inspired from Twitter’s latest security response This security awareness training email is actually a phishing scam Catch of the Day on Twitter Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 24, 2020
The Bombe (noun) [Word Notes]
225
An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. The first bombe–named Victory and designed by Alan Turning and Gordon Welchman– started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before the German commanders in the field knew. Historians speculate that the effort at Bletchley Park shortened the war by years and estimate the number of lives saved to be between 14 and 21 million.
Sep 22, 2020
Your information is already on the Dark Web.
2160
Dave and Joe have some follow-up on mobile banking apps, Dave talks about the website bitcoinabuse.com, Joe's story Brian Krebs did on old Gmail emails and people using them either errantly or maliciously to create accounts, The Catch of the Day is about a Netflix-themed campaign that's currently running, and later in the show, Dave's conversation with Shai Cohen from TransUnion on identity fraud at center of many digital COVID-19 scams. Links to stories: Bitcoin Abuse Database The Joys of Owning an ‘OG’ Email Account Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 17, 2020
cross-site scripting (noun) [Word Notes]
196
From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victim’s computer and the victim’s browser runs the code.
Sep 15, 2020
The story is what gets people in.
2059
Joe shares a story on the ability to make a scam work through storytelling skills, Dave's story is about a guy duping a convenience store clerk into taking over her shift and later robbing the place, The Catch of the Day is about an email from a fake landlord, and later in the show, Dave's conversation with Mallory Sofastaii a reporter and anchor at WMAR2 on Impostor uses Maryland man's identity to steal unemployment insurance benefits. Links to stories and Catch of the Day: The Age-Old Secrets of Modern Scams Twitter: @findmyscammer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 10, 2020
penetration test (noun) [Word Notes]
218
The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as “penetrations.” By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses in various government systems.
Sep 08, 2020
It's evolving rapidly and getting more furious by the minute.
2227
Dave & Joe have a tip as some follow-up on cloning social media accounts, Dave's story is about turning the tables on hackers in the UK, Joe talks about Kaspersky's Spam and phishing report, The Catch of the Day is is from a listener, Bob, who received an email from Eddy looking for the love of a woman (but, Bob is not a woman), and later in the show, Dave's conversation with Max Heinemeyer from Darktrace on threats that he and his team have tracked throughout the onset and spread of COVID.  Links to stories: Boomer outsmarts hackers: “Kiss your cash goodbye” Spam and phishing in Q2 2020 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 03, 2020
social engineering (noun) [Word Notes]
220
The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.
Sep 01, 2020
Take a deep breath.
2177
Joe's story is about the effectiveness of social media account cloning, Dave talks about toll fraud, The Catch of the Day is a Bitcoin scam with some scam baiting on the side, and later in the show, Dave's conversation with Ben Rothke from Tapad on Medium piece: A conversation with an iTunes card scammer. Links to stories: Attack of the Instagram clones A Game of Phones: Fighting Phone Phreaks in the 21st Century Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 27, 2020
man trap (noun) [Word Notes]
252
A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors can’t be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until security arrives to handle the situation. Physical security leadership installs man traps to separate unrestricted areas from restricted areas, to prevent tailgating by uncleared personnel, and to impede access by unauthorized persons.
Aug 25, 2020
Many times it is less sophisticated than we think.
2422
Dave's story is about robocalls to a telephony honeypot, Joe talks about postcards impersonating HIPAA communications (you have one? please let Joe know), The Catch of the Day is an email that our editor, Tom, received from the FBI about his COVID-19 death,, and later in the show, Dave's conversation with Rachel Tobac from SocialProof with her insights on the Twitter hack. Links to stories: A simple telephony honeypot received 1.5 million robocalls across 11 months Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 20, 2020
Zero-day (adjective) [Word Notes]
207
A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the moment the race starts, on day zero, between network defenders who are trying to fix the flaw before hackers leverage it to cause damage. It is a race because on day zero, there is no known fix to the issue.
Aug 18, 2020
Flying under the radar.
1776
Dave's story is about a forgotten scam, Joe talks about the recent Twitter hack, The Catch of the Day is a pretty standard phishing email for you to be on the lookout for, and later in the show, Dave's conversation with Carolyn Crandall from Attivo Networks on why human-controlled ransomware, Ransomware 2.0, is so threatening to today’s remote businesses. Links to stories: Question Quiz - The Forgotten Scam The Teenager Allegedly Behind the Twitter Hack and How He Did It Catch of the Day: Fake email notice for business owners on Bluehost. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 13, 2020
NMAP (noun) [Word Notes]
203
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades.
Aug 11, 2020
Ignore the actor, focus on the behavior.
2022
Dave shares an horrific cyberstalking story from the local area, Joe's story is about a phishing campaign impersonating voicemail alerts, The Catch of the Day is an HR front for a check floating scam, and later in the show, Dave's conversation with Johnathan Hunt of GitLab on his perspective of dealing with bad actors: ignore them. Links to stories: Anne Arundel man sentenced for ‘cyberstalking’ ex-girlfriend by hacking her accounts and getting her arrested New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials Catch of the Day: I was just super bored. But now I have something to do. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 06, 2020
Be the custodian of your own digital identity.
2035
Dave talks about a deepfake recording impersonating a CEO, Joe's story is about a new phishing campaign, The Catch of the Day is a very persistent cash app scammer, and later in the show, Dave's conversation with Bruce Esposito from One Identity on digital identities and what they could mean for privacy. Links to stories: Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt New phishing campaign abuses a trio of enterprise cloud services Catch of the Day: Monica played dumb with a cash app scammer for 3 days.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 30, 2020
Never think of security as a destination.
2168
Dave talks about gift card scams associated with YouTube live streams, Joe's story is about a scam impersonating Canadian hospital staff, The Catch of the Day is phish impersonating a small game developer going after podcasters, and later in the show, Dave's conversation with Richard Torres from Syntax on phishing attacks increasing 350% during COVID-19. Links to stories: PSN / XBOX / STEAM CODES GIVEAWAY | V BUCKS GIVEAWAY Scam impersonating hospital staff, phishing for personal information: VCH Catch of the Day: Cellar Door Games impersonation Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 23, 2020
A little dose of skepticism.
2066
We have some listener follow-up sharing dnstwister.report site, Dave has a story of consent phishing, Joe talks about calendar invite phishing, The Catch of the Day is a lazy money multiplying scam, and later in the show, Dave's conversation with Don MacLennan from Barracuda Networks on brand impersonation. Links to stories: Microsoft warns of Office 365 phishing via malicious OAuth apps Abnormal Attack Stories: Calendar Invite Phishing Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 16, 2020
Send me money so I know you are real.
2274
We have some follow-up, and this time, Joe was not right, Dave's story is about poison-selling scam, Joe about an impersonation site, The Catch of the Day claims to be notice of a United Nations payment, and later in the show, Dave's conversation with Satnam Narang from Tenable on the increase of scams on Venmo, PayPal and Cash App on giveaways due to the opportunity provided by the economic fallout of COVID-19. Links to stories: How to Passcode-Lock Any App on Your Phone Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com Catch of the Day: 7 Spam Email Examples that Will Make You LOL Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 09, 2020
Because they deserve the money!
2164
Dave's story shows Macs are not immune, Joe talks about a dark place in his soul (aka survey scams), some listener follow-up saying Joe was right!, The Catch of the Day an advanced fee scam from the US government, and later in the show, Dave's conversation with Aviv Grafi from Votiro on a multistage attack using a zero day exploit to deliver a trojan relating to COVID-19 Stay at Home orders. Links to stories: New Shlayer Mac malware spreads via poisoned search engine results Anatomy of a survey scam – how innocent questions can rip you off Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 02, 2020
Close in your pajamas.
2178
Joe shares a different spin on ransom attacks, Dave has a story on phone number reuse, The Catch of the Day is a notice from British Gas (accent included), and later in the show, Dave's conversation with Stan Holland from Atlantic Bay Mortgage on their experience adapting to COVID-19. Links to stories: Extortionists threaten to destroy sites in fake ransom attacks How I Accidentally Hijacked Someone's WhatsApp Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 25, 2020
It can happen to anybody.
2642
Dave shares a story of an attempt on his father's Verizon account, Joe has the story of an Amazon gift card phishing attempt, The Catch of the Day is a funny phishing email, and later in the show, Joe checks in with Kurtis Minder from GroupSense. They dig a little deeper into some of the topics Kurtis discussed in his previous appearance on our show.  Link to story: Multifactor Authentication Hacking is Getting Real Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 18, 2020
Taking a selfie with your ID.
2327
Joe talks about HROs (High Reliability Organizations), Dave has a scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanjay Gupta from Mitek on how cybercriminals are capitalizing on the recently-deceased and creating synthetic identities. Link to stories: The Unaddressed Gap in Cybersecurity: Human Performance People who turned to Upwork to find freelance gigs say they've lost thousands of dollars to scams Catch of the Day: Person Tests Scammer’s Patience By Pretending To Be Not The Sharpest Tool In The Shed Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 11, 2020
Seniors and millennials more alike than people think.
2146
Dave has a ransomware story from inside a virtual machine, Joe talks phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital habits of seniors and millennials and the latest scams. Link to stories: The ransomware that attacks you from inside a virtual machine Phishing in a Bucket: Utilizing Google Firebase Storage Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 04, 2020
HH Extra - Happy 100 shows!
505
We'd like to thank you, our dear listeners, for sticking with us and our podcast through thick and thin, bad accents and even worse ones, with this - a collection of some of our favorite Catch of the Day segments. From Australia to Brazil, Italy to the Oval Office, they're all here.  Here's to another 100 episodes. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 28, 2020
Wearing a mask in the Oval Office.
2583
Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA intelligence officer and former Chief of Disguise. Link to story: Twitter Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 28, 2020
How scammers fill the gap.
2176
Dave has a story on a possible Disney-styled phishing email, Joe has the skinny on a circular pyramid scheme, some listener follow-up, The Catch of the Day is a YouTube verification badge for you, and later in the show our interview with Neill Feather from SiteLock. He joins us to explain how scammers fill the gap when popular retail items are sold out. Link to story: New phishing/scam email attempt Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 21, 2020
Every day you're a firefighter.
2237
Dave and Joe have a follow up for a listener, Joe has two stories on different levels of effort of phishing schemes, The Catch of the Day is looking for a sugar baby, and later in the show our interview with Marcus Carey, enterprise architect at ReliaQuest. He’s the author of the book Tribe of Hackers, and he wonders if we are living in a cybersecurity groundhog day. Links to stories: Anatomy of a Well-Crafted UPS, FedEX, and DHL Phishing Email During COVID-19 Phishers target investment brokers, aim for Office, SharePoint login credentials Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 14, 2020
Exploiting our distractions. 
2148
Dave has the story of PR firms selling lies online, Joe has the story of a sophisticated Business Email Compromise attack, The Catch of the Day advises you to update your account information IMMEDIATELY, and later in the show our interview with Dave Baggett, CEO and Founder of INKY. This will be a discussion of fake stimulus payment phishing scam recently found by INKY. Links to stories: Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online IR Case: The Florentine Banker Group Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 07, 2020
Passwords are the easiest things to steal.
2620
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.  Links to stories: Following the money in a massive “sextortion” spam scheme When in Doubt: Hang Up, Look Up, & Call Back The Catch of the Day Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 30, 2020
Wallet inspector.
2114
Dave warns of fake QR code websites stealing Bitcoin, Joe has the return of classic cons, the Catch of the Day forgets one crucial element, and later in the show, our interview with Kurtis Minder. He’s with a company called Groupsense and they’ve been commemorating the 20th anniversary of the Dark Web. Links to stories: Network of fake QR code generators will steal your Bitcoin Paris Gold Ring Scam The Simpsons - Wallet Inspector Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 23, 2020
They're getting smart, but we're getting smarter.
1651
Joe has the story of a cold-calling conman, Dave has a story of vindication for seniors who lost money in phone scams, the Catch of the Day has Joe doing his research, and later in the show my conversation with Dustin Warren from SpyCloud. His team has been monitoring criminal forums during the COVID-19 pandemic, and he’s here to share what they’ve been seeing. Links to stories: Coronavirus conman barges in on 83-year-old woman Western Union Paying $153M In Compensation To Seniors Who Lost Money In Phone Scams Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 16, 2020
Even famous people get scammed.
2139
Dave has the story of a Walking Dead actress raising money for a scammer, Joe has an article warning of Government websites giving bad security advice, the Catch of the Day tries to put the fear of God in it's victim, and later in the show Carole Theriault returns with an interview with a couple of researchers from a firm called Lookout, who analyzed a phishing scam with over four thousand victims. Links to stories: Lehigh Valley cancer scammer ensnares ‘Walking Dead’ actress US Government Sites Give Bad Security Advice It’s Way Too Easy to Get a .gov Domain Name The Catch of the Day: https://twitter.com/thedave2006/status/1223736469568851969 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 09, 2020
Shedding light on the human element.
1975
Joe has the story of a very exposing scam, Dave has the scoop on a rare BadUSB attack, The Catch of the Day is a 'lame scammer who needs to get a life' and later in the show our conversation with Tom Miller from ClearForce on continuous discovery in the workplace, and the human side of protecting your business. Links to stories: ‘What kind of breast check-up would need my face?’: Woman falls victim to Facebook Messenger scam Rare BadUSB attack detected in the wild against US hospitality provider Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 02, 2020
Paging Dr. Dochterman.
2535
Dave shares an example of modern-day snake oil, Joe brings us his favorite old-time scams, the Catch of the Day is straight from Dr. Dochterman - you really can't make this stuff up - and later in the show Joe speaks with Scott Knauss - a security consultant who was targeted by scammers. Links to stories: Coronavirus Scam Alert: Beware Fake Fox News Articles Promising A CBD Oil Cure Slowing the Scammers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 26, 2020
Disinformation vs. misinformation.
1851
Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming her grandson was in a car accident, the Catch of the Day's dying wish is to give you money to build an orphanage, and later in the show Carole Theriault returns and speaks with Samuel C. Woolley from University of Texas at Austin on disinformation campaigns. Links to stories: the Botometer The Catch of the Day: Been going back and forth with these a-holes for a few weeks now. More pictures in comments. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 19, 2020
Winking emoji.
1956
Joe shares the story of a phishing website posing as the Singapore Police site, Dave shares a harmful, simple little message, the Catch of the Day drags her scammer through the mud and asks if he wants his casserole dish back. Later in the show our conversation with Gretel Egan from Proofpoint on their 2020 State of the Phish report. Links to stories: SPF warns of phishing website posing as police site Nemty Ransomware Actively Distributed via 'Love Letter' Spam 2020 State of the Phish Report The Catch of the Day: “My Wife Spent Three Days Trolling A Scammer” Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 12, 2020
Don't go looking for morality here.
2286
Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco. Links to stories: Revealed: fake 'traders' allegedly prey on victims in global investment scam Coronavirus: Scammers follow the headlines Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 05, 2020
The art of cheating.
2065
Joe shares some insights into the art of cheating travelers, Dave has a story of a woman facing drug charges trying to kidnap another woman's baby, an update on last week's bizarre phone scam, The Catch of the Day features otters, sexy ham, frustrated scammers and... you're just going to need to listen. Later in the show, our interview with Tim Sadler from Tessian on human element of cybersecurity and phishing schemes. Links to stories: The art of cheating travelers at dhabas Woman who posed as baby photographer charged after drugging a mother and planning to steal her child, prosecutors say The Catch of the Day Inside a scam call center Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 27, 2020
Hi, I'm trying to steal your money.
1855
Dave shares the most bizarrely honest phone scam of all time, Joe has a pretend PayPal phishing scam, the Catch of the Day finally lets Dave show us his best Blanche Devereaux, and later in the show Christopher Hadnagy from Social Engineer LLC returns with an update on the trends he’s been tracking. Links to stories: Active PayPal Phishing Scam Targets SSNs, Passport Photos Current PayPal phishing campaign or "give me all your personal information" Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 20, 2020
Fake news and misplaced trust.
2054
Joe shares a collection of romance scams from the great plains, Dave has a report which uncovered a root system of fake news, the catch of the day comes straight from... Warren Buffett? Later in the show Carole Theriault speaks with Lisa Forte from Red Goat on how her experiences working with the police have informed her perspective on the human factors in cyber security. Links to stories: Don't Get CatPhished This Valentine's Day By a Scammer These Fake Local News Sites Have Confused People For Years. We Found Out Who Created Them. Researchers propose detecting deepfakes with surprising new tool: Mice Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 13, 2020
I wouldn't want my computer to be disappointed.
1801
Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is the founder of security content publisher of Popcorn Training – a South African company that promotes Cyber Security awareness by using story-based techniques. Our conversation centers on the state of cyber security in Africa. Links to stories: DOJ sues US telecom providers for connecting Indian robocall scammers The aforementioned DOJ complaint Uncle Sam compensates you for data leaks (yeah, right) Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 06, 2020
They had no idea.
1867
Dave shares a particularly exposing sextortion scam. Joe has a story of a million-dollar scam that targeted college students in Miami just trying to pay their tuition. The catch of the day comes straight from The U.S. President. Later in the show, part two of Carole Theriault's interview with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam. Links to stories: Fresh New Nest Video Extortion Scam Plays Out Like a Spy Game WeChat and stolen credit cards: How scammers victimized Miami Chinese college students Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 30, 2020
Flipping the script.
1876
Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their attacker. Later in the show Carole Theriault speaks with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam. Links to stories: Fresh Apple #Phishing found The catch of the day Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 23, 2020
Life in the (second) age of pirates.
1946
Dave has an account from a man who was almost scammed by an impersonation of his own close friend. Joe has the story of a sophisticated phishing scheme involving Microsoft Office 365. The catch of the day goes all the way back to the age of pirates. Carole Theriault interviews Andrew Brandt from Sophos regarding their 2020 threat report. Links to stories: Tricky Phish Angles for Persistence, Not Passwords SophosLabs 2020 Threat Report  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 16, 2020
Ransomware is a reality.
1782
Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.  Links to stories: 7 types of virus – a short glossary of contemporary cyberbadness Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 09, 2020
Leading by example and positive reenforcement.
1797
Dave has a warning from a galaxy far, far away. Joe has a report of a scam attempt on a listener who fancies fancy pens. The catch of the day features a Tinder dating app bot scam. Our guest is Dennis Dillman from Barracuda Networks, sharing his thoughts on employee training. Links to stories: https://www.bleepingcomputer.com/news/security/fake-star-wars-streaming-sites-steal-fans-credit-cards/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 02, 2020
Telling The Truth In A Dishonest Way - Rebroadcast
1815
Today's episode is a re-broadcast of an episode from August 2018.  Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements. Links to stories mentioned in this week's show: https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919 https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 26, 2019
Managing access and insider threats.
1923
Joe's wife has been getting suspicious shipping notices. Dave describes a phone scam where crooks intercept phone calls. The catch of the day turns the tables on a would-be scammer. Carole Theriault speaks with Peter Draper from Gurucul about their 2020 Insider Threat Report. Links to stories: https://www.ctvnews.ca/canada/police-warn-of-new-phone-scam-where-criminals-intercept-your-calls-1.4706758 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 19, 2019
If you didn't ask for it don't install it.
1718
Dave describes a gas-pump hidden camera scam. Joe shares the story of a fraudulent Microsoft Windows Update notice. The catch of the day involves a scammer making use of an online celebrity's profile picture. Our guest is Karl Sigler from Trustwave with tips for staying safe online through the holidays.  Links to stories: https://krebsonsecurity.com/2019/11/hidden-cam-above-bluetooth-pump-skimmer/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 12, 2019
I really wanted that shed.
1844
Joe shares the story of a woman losing her life savings to a scammer claiming to be from the FBI. Dave describes the $139 shed scam. The catch of the day is another threat of revealing compromising photos. Carole Theriault speaks with Chris Bush from ObserveIT about security threats from employee burnout. Links to stories: https://www.wsj.com/articles/robocall-scams-exist-because-they-workone-womans-story-shows-how-11574351204 https://youtu.be/zFQUCCbodHc Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 05, 2019
Security has to be friendly.
1667
Dave wonders about Juice Jacking warnings. Joe shares findings from Agari's latest email fraud and identity deception report. The catch of the day promises romance in exchange for airline tickets. Our guests are David Spark and Allan Alford, cohosts of the Defense in Depth podcast.  Links to stories: https://www.goodmorningamerica.com/travel/story/travelers-beware-juice-jacking-public-charging-stations-safely-67004765 https://www.agari.com/cyber-intelligence-research/e-books/q4-2019-report.pdf https://cisoseries.com/introducing-defense-in-depth-podcast/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 21, 2019
Skepticism is the first step.
1876
Joe shares stories of typo-squatting. Dave reminds warns us against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer. Carole Theriault returns with an interview with Chris Olson from The Media Trust on how targeted advertising can enable election interference. Links from this week's stories: https://www.securityweek.com/err-human-squat-criminal https://info.phishlabs.com/blog/dont-respond-suspicious-emails Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 14, 2019
When you are the target, objectivity is gone.
1780
Joe shares a report on who's more susceptible for scams. Dave shares a story from a listener who what hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to scam someone selling a motorcycle. Our guest is Maria Konnikova, an award-winning author, journalist, and international champion poker player. Her latest book is The Biggest Bluff. Links to stories: https://www.washingtonpost.com/business/2019/10/28/this-might-surprise-you-seniors-are-not-more-susceptible-scams-younger-adults-are/ https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2018-2019-report-federal-trade-commission/p144401_protecting_older_consumers_2019_1.pdf https://twentytwowords.com/man-gets-revenge-on-craigslist-scammer-in-the-most-satisfying-way-imaginable/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 07, 2019
The Malware Mash!
186
Happy Halloween from Joe, Dave, and everyone at the CyberWire!
Oct 31, 2019
Don't dismiss the fraudsters.
2001
Dave describes a credential gathering scam targeting users of the Stripe online payment system. Joe responds to an email message from his boss, and learns a valuable lesson. Our catch of the day follows someone as they string along a text messaging scammer. Carole Theriault returns with an interview with J Bennett of Signifyd, an AI firm fighting romance scams. Links to stories: https://cofense.com/credential-phish-masks-scam-page-url-thwart-vigilant-users/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 31, 2019
The ability to fundamentally deceive someone.
1800
Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of doing so. The catch of the day requests help in an investment scam (but lacks punctuation). Our guest is Henry Ajder from Deeptrace Labs on their research on Deep Fakes.  Links to stories: https://www.walesonline.co.uk/news/wales-news/swansea-mum-scammed-out-1000-17065476 https://backgroundchecks.org/justdeleteme/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 24, 2019
The fallacy of futility.
1689
Dave describes a ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the illuminati. Ray [REDACTED] returns with followup from his prior visit, along with new information to share. Links to stories: https://13wham.com/news/local/feds-in-rochester-to-detail-multi-million-dollar-ponzi-scheme https://nakedsecurity.sophos.com/2019/10/09/deepfakes-have-doubled-overwhelmingly-targeting-women/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 17, 2019
Don't trust ransomware to tell you its real name.
1796
Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware.  Links from today's stories -  https://waterfordwhispersnews.com/2019/09/25/hot-woman-in-your-area-marries-nigerian-prince-whos-email-you-ignored/ https://www.thesun.co.uk/tech/10052181/student-limerick-online-scammer-charity/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 10, 2019
The ultimate hacking tool.
1872
Joe reviews highlights from a Proofpoint report on the human aspects of cyber attacks. Dave describes the FTC's cases against online dating site Match.com. The catch of the day comes straight from Her Majesty the Queen. Carole Theriault returns with an interview with Corin Imai, Senior Security advisor at DomainTools, about phishing attacks they’ve been tracking in the UK. Links to stories: https://www.helpnetsecurity.com/2019/09/10/cyberattacks-human-interaction/ https://techcrunch.com/2019/09/26/dating-app-maker-match-sued-by-ftc-for-fraud/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 03, 2019
The usefulness of single sign on.
1728
Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Facebook's Mark Zuckerberg. Our guest is Yaser Masoudnia from LastPass who addresses listener questions about Single Sign On. Links to stories: https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks http://www.pressandguide.com/news/police_fire/email-scam-trying-to-convince-dearborn-residents-crime-is-up/article_249b1f2c-cb34-11e9-a5b0-cf725769167a.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 26, 2019
Algorithms controlling truth in our society.
1799
Special guest host Graham Cluley joins Dave while Joe takes a short break. Dave shares the success of the FBI's reWired campaign which has apprehended alleged scammers around the world. Graham describes a website hoping to spare users the hardship of multifactor authentication. The catch of the day involves a generous soccer star. Our guest is Matt Price from ZeroFOX with insights on Deep Fake technology. Links to today's stories: https://www.fbi.gov/news/stories/operation-rewired-bec-takedown-091019 https://dontduo.com/ https://www.smashingsecurity.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Sep 19, 2019
An ethical hacker can be a teacher.
1999
A listener updates us on "notice of arrest" policies. Dave notes increased instances of Google Calendar spam. Joe shares a claim that AI voice mimicry was used to dupe a company out of nearly a quarter million dollars. (Dave is skeptical.) The catch of the day accuses the target of naughty behavior. Carole Theriault interviews ethical hacker Zoe Rose. Links to stories: https://www.popsci.com/google-calendar-spam-what-to-do/ https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 12, 2019
Think before you post.
1774
Follow-up from down under. Joe shares the story of a Mom scammed out of Gaelic Football League tickets. Dave describes a bounty hunter hoaxing suicide threats to get location information from mobile providers. The catch of the day requires a response from the grave. Our guest is Ben Yelin, senior law and policy analyst from the University of Maryland Center for Health and Homeland Security. He digs in to a particular Facebook scam that refuses to die. Links to stories: https://m.independent.ie/irish-news/news/im-just-broken-up-mother-devastated-as-shes-scammed-out-of-money-while-trying-to-buy-allireland-final-tickets-38446401.html https://www.thedailybeast.com/feds-say-bounty-hunter-matthew-marre-used-suicide-hoax-to-con-verizon-t-mobile-out-of-customer-data Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 05, 2019
Securing your SMS.
1800
Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves South African kickbacks. Our guest is researcher/technologist Ray [REDACTED], who shares his expertise on scammers targeting SMS. Links to stories: https://nakedsecurity.sophos.com/2019/08/20/scammers-use-bogus-search-results-to-fool-voice-assistants/ https://www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 29, 2019
Backups backups backups.
1681
Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project. Links from today's stories: https://www.bleepingcomputer.com/news/security/beware-of-emails-asking-you-to-confirm-your-unsubscribe-request/ https://www.fastcompany.com/90387855/we-keep-falling-for-phishing-emails-and-google-just-revealed-why https://id-ransomware.malwarehunterteam.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 22, 2019
Swamping search results for reputation management.
2095
Dave shares the story of a small community hospital dealing with a ransomware attack. Joe reviews the different types of extortion emails. The catch of the day is an inheritance scam from Canada. Carole Theriault interviews Craig Silverman from Buzzfeed about online reputation management companies. Links to stories: https://www.azcentral.com/story/news/local/arizona/2019/07/30/how-4-technicians-saved-arizona-hospital-hacker-ransomware-wickenburg-community-hospital/1842572001/ https://www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 15, 2019
Positive pretexting on the rise.
1786
Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian Dave Holmes had to scammers pretending to be from the IRS. Rachel Tobac from Social Proof Security returns with voting security information and the latest scams she's been tracking. Links to today's stories: https://www.crn.com.au/news/it-suppliers-forced-to-close-after-procurement-scam-528609 https://cheezburger.com/719877/troll-comedian-gets-a-scam-call-and-decides-to-play-along https://www.vampirecaveman.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 08, 2019
Images are the language of the brain.
1775
Dave outlines a church donation scam. Joe shares reporting from Ars Technica on romance scams coming out of Africa. The catch of the day is courtesy of London comedian James Veitch Our guest is Garry Berman from Cyberman Security who's developed a cyber security comic book series to help raise awareness. Links to this week's stories: https://www.churchlawandtax.com/blog/2018/june/what-to-know-about-new-donation-scam.html https://arstechnica.com/information-technology/2019/07/im-not-100-with-anybody-ars-dissects-a-nigerian-twitter-catfish-scam/ https://www.boredpanda.com/funny-phishing-scam-emails-dot-con-james-veitch/ https://www.cyberheroescomics.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 01, 2019
Looking after Dad.
1802
Joe shares a story on the market economy of phishing. Dave explains how gamers are being taken advantage of on popular chat app Discord. The catch of the day included a little bit of showbiz razzle-dazzle. Our anonymous guest this week shares his efforts to keep his father from falling for online scams. Links to stories: https://blogs.akamai.com/sitr/2019/06/phishing-factories-and-economies.html https://twitter.com/Splatter_Shah/status/1143556723266994176 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 25, 2019
The skills gap disconnect.
1997
Dave shares a listener story of scammers calling drug stores to try to gather customer rewards points. Joe describes federal contractors being scammed out of over $10 million of hardware, some of it classified communications equipment. The catch of the day starts with a bank email scam and ends with a Rick roll. Carole Theriault speaks with Michael Madon, head of security at Mimecast about the cyber security skills gap. Links to stories -  https://qz.com/1661537/us-defense-contractor-falls-for-3-million-email-scam/ https://www.newshub.co.nz/home/entertainment/2018/01/man-sets-up-rick-astley-hotline-to-rescue-people-from-annoying-salespeople.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Jul 18, 2019
Know and spot the patterns.
1975
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.  Links to this week's stories -  https://www.nbcnews.com/news/us-news/after-alaska-teen-s-murder-cybersecurity-experts-warn-catfishing-predators-n1019536 https://medium.com/shanghaiist/chinese-shoe-company-tricks-people-into-swiping-instagram-ad-with-fake-strand-of-hair-54d8a2d8ec1d https://www.419eater.com/html/user_subs/godfather/godfather.htm https://altitudenetworks.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 11, 2019
Encore — Separating fools from money.
1786
We're taking a break for the Independence Day holiday in the US, so enjoy this episode from the early days of our show. Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.  Thanks to our show sponsor KnowBe4.
Jul 04, 2019
Be wary of all emails.
2077
Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor who was scammed out of her life savings. The Catch of the Day warns recipients not to trust the FBI. Carole Theriault interviews Akamai's Larry Cashdollar about scammers using Google Translate to obfuscate web sites. Links to this week's stories: https://www.apnews.com/bc2f19097a4c4fffaa00de6770b8a60d https://thispersondoesnotexist.com/ https://www.nbcboston.com/on-air/as-seen-on/Woman-Scammed-Into-Giving-Away-Life-Savings_NECN-511108952.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 27, 2019
The knowledge / intention behavior gap.
1798
Joe shares the story of an elaborate check fraud scam involving HR impersonators. Dave reads an email from a listener who got phished by his own company, and has questions about authorization app vs. hardware keys. Our catch of the day involves an orphan looking to share her inheritance. Dave interviews author Perry Carpenter, who's new book is Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors. Links to stories: https://twitter.com/sigalow/status/1138918411394781185?s=12 https://www.yubico.com/2019/01/yubico-launches-the-security-key-nfc-and-a-private-preview-of-the-yubikey-for-lightning-at-ces-2019/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 20, 2019
Just because I trusted you yesterday doesn't mean I trust you today.
1799
Dave describes researchers spotting scammers on dating sites using AI. Joe shares a phishing scheme that asks users to manage undelivered mail. The catch of the day involves cute puppies and Mogwai meat. Dave interview Avi Solomon, director of information technology for Rumberger, Kirk and Caldwell, an Orlando, Florida litigation firm. Links to today's stories: https://www.bbc.com/news/technology-48472811 https://arxiv.org/pdf/1905.12593.pdf https://www.bleepingcomputer.com/news/security/new-phishing-scam-asks-you-to-manage-your-undelivered-email/ https://www.419eater.com/html/tommy_mark.htm Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 13, 2019
The best way to break in is to walk through the front door.
1797
Joe describes one of history's great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and is the hacker named "Alien" in Jeremy Smith's book, "Breaking and Entering." She has her own book coming out this summer, "Data Breaches: Crisis and Opportunity."   Links to this week's stories: http://mentalfloss.com/article/12809/smooth-operator-how-victor-lustig-sold-eiffel-tower https://community.ebay.com/t5/Archive-Shipping-Returns/Seller-Scam-UPS-Tracking-Shows-Delivered/td-p/26206551 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 06, 2019
Be willing to admit you don't know everything.
2024
Dave reviews Google's recent security report on basic account hygiene. Joe describes passive social engineering, including USB charging stations at airports. The catch of the day exposes a trunk box scam involving ill-gotten war profits. Carole Theriault speaks with the head of a group that call themselves Scam Survivors. Links to stories: https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/#4116498a5955 https://scamsurvivors.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 30, 2019
People aren't perfectly rational.
1786
A listener writes in with the results of his phishing attempt on his wife. Joe describes research from F-Secure on the most dangerous email attachment types. Dave shares the story of scammers impersonating local hospitals to scare a response from their victims. Our catch of the day involves a LinkedIn scam impersonating a fighter pilot. Joe interviews Elissa Redmiles, an incoming assistant professor of computer science at Princeton University. She studies behavioral modeling to understand why people behave the way they do online. Links to stories from today's show: https://labsblog.f-secure.com/2019/05/08/spam-trends-top-attachments-and-campaigns/ https://www.nbc15.com/content/news/Text-message-scam-impersonates-local-hospitals-509615981.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 23, 2019
Live at KB4CON 2019.
2743
It's a special edition of the Hacking Humans show recorded live at the KB4CON conference in Orlando, FL. Join Joe, Dave and their special guests Stu Sjouwerman, KnowBe4's CEO, and Kevin Mitnick, world-famous hacker and KnowBe4's chief hacking officer, as they discuss malicious scams making the rounds and how to protect yourself and your organization against them.  Dave describes a late-night phone call scam, Joe explains a Social Security scheme, Stu shares deadly catch of the day, and Kevin shares stories from his own hacking experience, and takes questions from the audience. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 16, 2019
A data-driven approach to trust.
1790
Joe describes a church scammed out of millions of dollars. Dave shares good news about a group of scammers being apprehended and arrested. The catch of the day involves a Vietnamese investment offer that's almost too good to pass up on. Dave speaks with Dr. Richard Ford from Forcepoint about the models of trust. Links to stories in today's show: https://www.grahamcluley.com/hackers-steal-1-75-million-from-catholic-church-in-ohio/ https://www.justice.gov/usao-sdny/pr/nine-defendants-arrested-new-york-florida-and-texas-multimillion-dollar-wire-fraud Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 09, 2019
Twitter bots amplifying divisive messages.
1661
Followup from listeners on Google search result scams. Dave describes the city of Ottawa sending $100K to a fraudster. Joe shares results from the FBI's Internet Crime Report. The catch of the day involves a dating site and an offer to be someone's "sugar daddy." Our guest is Andy Patel from F-Secure, describing how Twitter bots are amplifying divisive messages. Links to storys: https://www.cbc.ca/news/canada/ottawa/city-treasurer-sent-100k-to-fraudster-1.5088744 https://threatpost.com/fbi-bec-scam-losses-double/144038/ https://www.ic3.gov/media/annualreport/2018_IC3Report.pdf https://labsblog.f-secure.com/2019/04/03/discovering-hidden-twitter-amplification/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
May 02, 2019
Let's play, "Covered by cyber insurance — true or false?"
2069
Dave and Joe answer a listener question about a mysterious Netflix account. Dave describes a service for Airbnb scammers. Joe explains a particularly "nasty" Instagram scam. Carole Theriault interviews cyber insurance expert Martin Overton from OMG Cyber.  Links to stories: https://www.bleepingcomputer.com/news/security/the-nasty-list-phishing-scam-is-sweeping-through-instagram/  https://krebsonsecurity.com/2019/04/land-lordz-service-powers-airbnb-scams/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 25, 2019
I have been practicing honesty and truthfulness my whole life.
1819
Followup from an Australian listener. Dave shares a Paypal scam leveraging Google ads. Joe describes TechCrunch reporting on a spam service that was left out in the open. The catch of the day promises a lifetime supply of gold. Dave interviews Asaf Cidon from Barracuda Networks  https://techcrunch.com/2019/04/02/inside-a-spam-operation/ https://www.barracuda.com/spear-phishing-report  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 18, 2019
Scammers have no ethics whatsoever.
1784
Joe describes a study of people's perceptions when presented with a magic trick. Dave shares the story of fake boyfriend app. Our catch of the day involves the promise of millions from a bank in Africa. Dave interviews Chris Parker from WhatIsMyIPaddress.com. Links to stories: http://nautil.us/issue/70/variables/a-magician-explains-why-we-see-whats-not-there https://youtu.be/vJG698U2Mvo https://www.pedestrian.tv/tech/fake-boyfriend-app/ https://whatismyipaddress.com/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 11, 2019
Girl Scouts empowering cyber security leaders.
1935
Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of the day highlights a Facebook scammer promising a prize-winning windfall. Carole Theriault returns with a story about special badges Girls Scouts can earn for cyber security.  Links to stories: https://marketing.trustid.com/acton/attachment/32513/f-0039/1/-/-/-/-/TRUSTID_2018_State_of_Call_Center_Authentication_Survey.pdf https://www.bleepingcomputer.com/news/security/fake-cdc-emails-warning-of-flu-pandemic-push-ransomware/ http://blog.girlscouts.org/2018/07/girl-scouts-introduces-30-new-badges-to.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Apr 04, 2019
Pick a persona to match the goal.
1759
Followup on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catch of the day is an offer of criminal partnering with the CIA. Our guest is Jeremy N. Smith, author of the book Breaking and Entering - the extraordinary story of a hacker called Alien. Links from today's stories: https://urlscan.io/ https://www.theregister.co.uk/2019/03/21/facebook_google_scam/ https://blog.rapid7.com/2019/03/19/buy-one-device-get-data-free-private-information-remains-on-donated-devices/ https://www.amazon.com/dp/B0789KP775 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 28, 2019
Kids are a great target.
2084
A listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest is Frances Dewing, the CEO and co-founder of Rubica. They recently published a report on how crooks are accessing parents’ mobile devices via apps their kids load.   Links to stories mentioned in today's show: https://screenshot.guru/ https://www.aarp.org/money/scams-fraud/info-2019/phone-scams-peak-time.html https://www.digitalnewsasia.com/insights/how-lose-money-credential-stocking-stuffers https://rubica.com/wp-content/uploads/2019/02/Rubica-Report-Cyber-Crime-Privacy-Risks-in-Free-Mobile-Kids-Apps.pdf Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 21, 2019
When we rush we make bad decisions.
1696
Joe tracks the surprising number of malicious links hosted on legit websites and why it's dangerous. Dave describes an extortion scheme targeting podcasters. Our catch of the day involves a lonely Russian woman promoting a dating site. Dave interviews Gary Noesner, author of Stalling for Time: My Life as an FBI Hostage Negotiator. Links to stories mentioned in today's show: https://www-cdn.webroot.com/9315/5113/6179/2019_Webroot_Threat_Report_US_Online.pdf https://rebelbasemedia.io/podcast-review-extortion/ https://www.amazon.com/Stalling-Time-Life-Hostage-Negotiator/dp/1400067251 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Mar 14, 2019
Don't assume younger people get it.
1655
Followup on last week's TLD discussion. Dave shares a sextortion scam with a tragic ending. Joe highlights conveyance scams that rely on certain days of the week. Our catch of the day features a wealthy Londoner hoping to pass on her fortune. Guest Dale Zabriskie from Proofpoint has results from their State of the Phish report. Links to stories: https://www.dailymail.co.uk/news/article-6744421/Army-veteran-PTSD-committed-suicide-targeted-prison-inmates-sextortion-scam.html https://www.todaysconveyancer.co.uk/main-news/law-firms-wising-up-conveyancing-scams/ https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/45597.pdf Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Mar 07, 2019
Delivering yourself to a kidnapper.
1787
Joe describes fraudsters taking advantage of top-level domain name confusion. Dave explains how a Google Nest security system shipped with an undocumented microphones. Our catch of the day involves a postcard missed package campaign. Our guest is Matt Devost from OODA LLC describing their work protecting high-net-worth individuals. Links to today's stories: https://rebootcamp.militarytimes.com/news/your-air-force/2019/02/13/watch-out-for-fake-dod-websites-like-this/ https://nakedsecurity.sophos.com/2019/02/21/sorry-we-didnt-mean-to-keep-that-secret-microphone-a-secret-says-google/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 28, 2019
Stop and think before you click that link.
1667
We've got followup from a listener on cognitive dissonance and behavioral science. Dave shares a listener story about a University Dean's List scam. Joe shares statistics from a government agency phishing test. Our catch of the day involves funds from the FBI, the IMF, and yes, Nigeria. Dave interviews Crane Hassold from Agari with phishing trends they've been tracking, plus his experiences as a former FBI agent. Links to stories in today's show: https://fcw.com/articles/2019/02/11/cyber-phishing-oig-fhfa.aspx Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Feb 21, 2019
The trauma is multifactored.
1800
On this Valentines Day edition of Hacking Humans, Joe and Dave examine romance scams, including the sad tale of woman bilked out of hundreds of thousands of dollars. There's a silly, non-murdering catch of the day, and Dave interviews Max Kilger from UTSA on the six motivations of bad actors. Links to today's stories: https://www.bbb.org/article/news-releases/17057-online-romance-scams-a-bbb-study-on-how-scammers-use-impersonation-blackmail-and-trickery-to-steal-from-unsuspecting-daters https://www.aarp.org/money/scams-fraud/info-2015/online-dating-scam.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 14, 2019
Make it seem like the real answer is impossible to know.
1752
Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day involves a clumsy claim of physical harm. Dave interviews author Dave Levitan about his book Not a Scientist: How politicians mistake, misrepresent and utterly mangle science. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Feb 07, 2019
The excitement of tricking someone wears off quickly.
1796
We've got followup on bank scams and ransomware. Joe describes a highly sophisticated multinational business scam. Dave shares a story about private school parents falling for a Bitcoin discount scam. Our guest is Jordan Harbinger, host of The Jordan Harbinger Show, with insights on influence and social engineering.  Links to this week's stories: https://www.cpomagazine.com/cyber-security/cyber-fraud-by-chinese-hackers-makes-headlines-in-india/ https://www.bbc.com/news/uk-england-tyne-46920810 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 31, 2019
Opening your eyes to the reality in which we live.
1927
Dave reviews tips on protecting yourself from ransomware. Joe describes a clever way to trick people into enabling macros. An attempt at celebrity friendship is our catch of the day. Carole Theriault returns and speaks with Dr. Jessica Barker from Cygenta about effective training techniques. Links to stories mentioned: https://www.csoonline.com/article/3331981/ransomware/how-to-protect-backups-from-ransomware.html https://myonlinesecurity.co.uk/agent-tesla-reborn-via-fake-order/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Jan 24, 2019
Prisoners have nothing but time.
1801
Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our guest is Sam Small from ZeroFox. Links to stories: https://hubpages.com/politics/The-Games-That-Inmates-Play https://ogletree.com/shared-content/content/blog/2018/january/diverting-employees-payroll-direct-deposits-the-latest-wave-of-phishing-scams https://www.kansas.com/news/local/crime/article223873805.html Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 17, 2019
Trained humans are your strongest link.
2047
Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown. Links to today's stories: https://www.wxyz.com/news/michigan-energy-company-warns-of-increase-in-imposters-trying-to-enter-homes https://inews.co.uk/inews-lifestyle/money/lost-19960-life-savings-phone-scam-natwest Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jan 10, 2019
At some point you're probably going to have to do some running.
1879
Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown.   Links to stories mentioned in this week's show: https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/ https://www.cygenta.co.uk/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
Jan 03, 2019
Truth emerges from the clash of ideas.
1796
We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations. From our EV certs follow-up: https://www.troyhunt.com/extended-validation-certificates-are-dead/ https://casecurity.org/2018/12/06/ca-security-council-casc-2019-predictions-the-good-the-bad-and-the-ugly/ Bomb threat catch of the day: https://www.zdnet.com/article/extortion-emails-carrying-bomb-threats-cause-panic-across-the-us/ Sean Brooks interview: Report: http://cltc.berkeley.edu/defendingpvos/ Clinic: http://cltc.berkeley.edu/citizen-clinic/  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 20, 2018
A pesky problem that doesn't go away.
1433
Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Guest Chris Bailey from Entrust Datacard teaches us how to detect lookalike sites online and better protect ourselves from fraud. Links to today's stories: https://www.agari.com/insights/whitepapers/london-blue-report/ https://www.zscaler.com/blogs/research/cyber-monday-biggest-day-cyberattacks-not-long-shot Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 13, 2018
Bringing trust to a trustless world.
1795
Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot. Bank account transfer scam: https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Dec 06, 2018
Be very aware of your desire to be right.
2034
Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases. Links: Wikipedia page on URLs - https://en.wikipedia.org/wiki/URL Tips to prevent skimming -  https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/  Ben Yagoda's article from the Atlantic - https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 29, 2018
CEOs can be the weakest link.
2122
Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.  
Nov 15, 2018
Human sources are essential.
1781
Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Nov 08, 2018
Scams are fraud and fraud is crime.
1797
We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Nov 01, 2018
Fear, flattery, greed and timing.
1795
We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering.  Links to stories in this episode: https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 25, 2018
Waste my time and I'll waste yours back.
1767
Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 18, 2018
Information is the life blood of social engineering.
1776
Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 11, 2018
Easier to trick than to hack.
2097
Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Oct 04, 2018
Kidnappers, robots and deep fakes.
1650
Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust. Links to stories mentioned in this week's show: https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 27, 2018
Stringing along a scammer.
1731
Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase. Links to stories mentioned in this week's show: https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 20, 2018
Influence versus manipulation.
1790
Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security.  Links to stories mentioned in this week's show: https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/ https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 13, 2018
Real estate transactions in the crosshairs.
1764
Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking. Links to stories mentioned in this week's show: http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Sep 06, 2018
Red teaming starts with research.
1741
Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White. Links to stories mentioned in this week's show: https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/ https://srlabs.de/bites/usb-peripherals-turn/ https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 30, 2018
Telling the truth in a dishonest way.
1796
Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements. Links to stories mentioned in this week's show: https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919 https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 23, 2018
Sometimes less is more.
1788
Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities. Links to stories mentioned in this week's show: https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 16, 2018
Focus, technology, and training fight phishing.
1714
Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization. Links to stories mentioned in this week's show: https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/ https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/ http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Aug 09, 2018
Luring unsuspecting money mules.
1751
Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules. Links: https://securelist.com/giftcard-generators/86522/ https://jollyrogertelephone.com/   Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Aug 02, 2018
Nothing up my sleeve.
1790
Dave shares a story of deception right out of Hollywood. https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932 Joe proposes changing the financial incentives for scammers. A porn-shaming catch of the day courtesy of Johannes Ulrich. An interview with atomic physicist and close-up magician Adam West. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 
Jul 26, 2018
Think like an attacker.
1732
Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 19, 2018
Presidential prank, pensioner pilfered.
1798
Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 12, 2018
Phone scams, phantom employees and sitting Ducks.
1791
Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jul 05, 2018
Separating fools from money.
1757
Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.  Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Jun 28, 2018
Playing on kindness.
1336
Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.
Jun 21, 2018
Gaming pro athletes online.
1799
Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail.  Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams. 
Jun 14, 2018
A flood of misinformation and fake news.
1791
In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents.  Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them. 
Jun 07, 2018
Social Engineering works because we're human.
1775
In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them.  Author Christopher Hadnagy discusses his book The Art of Human Hacking. 
May 30, 2018