Hacking Humans

By the CyberWire

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast


Description

Each week the CyberWire’s Hacking Humans Podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences.

Episode Date
Bringing trust to a trustless world.
29:56

Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot.

Bank account transfer scam:
https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/


Thanks to our sponsors at KnowBe4.

Dec 06, 2018
Be very aware of your desire to be right.
33:55

Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases.

Links:

Wikipedia page on URLs -
https://en.wikipedia.org/wiki/URL

Tips to prevent skimming - 
https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/ 

Ben Yagoda's article from the Atlantic -
https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/

Thanks to our sponsors at KnowBe4.

Nov 29, 2018
CEOs can be the weakest link.
35:23

Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner. 

Thanks to our show sponsor KnowBe4.

 

Nov 15, 2018
Human sources are essential.
29:42

Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources.

Thanks to our show sponsor KnowBe4.

 

Nov 08, 2018
Scams are fraud and fraud is crime.
29:58

We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK.

Thanks to our show sponsor KnowBe4.

Nov 01, 2018
Fear, flattery, greed and timing.
29:56

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering. 

Links to stories in this episode:

https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html

https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac

Thanks to our show sponsor KnowBe4.

Oct 25, 2018
Waste my time and I'll waste yours back.
29:28

Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time.

Thanks to our show sponsor KnowBe4.

Oct 18, 2018
Information is the life blood of social engineering.
29:37

Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering.

Thanks to our show sponsor KnowBe4.

Oct 11, 2018
Easier to trick than to hack
34:58

Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings. 


Thanks to our show sponsor KnowBe4.

Oct 04, 2018
Kidnappers, robots and deep fakes.
27:31

Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust.

Links to stories mentioned in this week's show:
https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots
 

Thanks to our show sponsor KnowBe4.

Sep 27, 2018
Stringing along a scammer.
28:52

Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase.

Links to stories mentioned in this week's show:
https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736
 

Thanks to our show sponsor KnowBe4.

Sep 20, 2018
Influence versus manipulation.
29:51

Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security. 

Links to stories mentioned in this week's show:
https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/

https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/
 

Thanks to our show sponsor KnowBe4.

Sep 13, 2018
Real estate transactions in the crosshairs.
29:25

Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking.

Links to stories mentioned in this week's show:
http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html

https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/
 

Thanks to our show sponsor KnowBe4.

Sep 06, 2018
Red teaming starts with research.
29:02

Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White.

Links to stories mentioned in this week's show:
https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/

https://srlabs.de/bites/usb-peripherals-turn/

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

 

Thanks to our show sponsor KnowBe4.

Aug 30, 2018
Telling the truth in a dishonest way.
29:57

Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements.

Links to stories mentioned in this week's show:
https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919

https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/

 

Thanks to our show sponsor KnowBe4.

 

Aug 23, 2018
Sometimes less is more.
29:48

Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities.

Links to stories mentioned in this week's show:
https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam

https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/

 

Thanks to our show sponsor KnowBe4.

Aug 16, 2018
Focus, technology, and training fight phishing.
28:35

Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization.

Links to stories mentioned in this week's show:

https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/

https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/

http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf

Thanks to our show sponsor KnowBe4.

 

Aug 09, 2018
Luring unsuspecting money mules.
29:12

Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules.

Links:
https://securelist.com/giftcard-generators/86522/

https://jollyrogertelephone.com/

 

Thanks to our show sponsor KnowBe4.

 

Aug 02, 2018
Nothing up my sleeve.
29:51

Dave shares a story of deception right out of Hollywood.

https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932

Joe proposes changing the financial incentives for scammers.

A porn-shaming catch of the day courtesy of Johannes Ulrich.

An interview with atomic physicist and close-up magician Adam West.

Thanks to our show sponsor KnowBe4.

 

Jul 26, 2018
Think like an attacker.
28:53

Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security.

Thanks to our show sponsor KnowBe4.

Jul 19, 2018
Presidential prank, pensioner pilfered.
29:59

Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview. 

Thanks to our show sponsor KnowBe4.

Jul 12, 2018
Phone scams, phantom employees and sitting Ducks.
29:52

Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin.

Thanks to our show sponsor KnowBe4.

Jul 05, 2018
Separating fools from money.
29:18

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. 

Thanks to our show sponsor KnowBe4.

Jun 28, 2018
Playing on kindness.
22:17

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

Thanks to our show sponsor KnowBe4.

Jun 21, 2018
Gaming pro athletes online.
30:00

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. 
Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams. 

Thanks to our show sponsor KnowBe4.

Jun 14, 2018
A flood of misinformation and fake news.
29:52

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. 
Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them. 

Thanks to our show sponsor KnowBe4.

Jun 07, 2018
Social Engineering works because we're human.
29:36

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them. 

Author Christopher Hadnagy discusses his book The Art of Human Hacking. 

Thanks to our show sponsor KnowBe4.

 

May 30, 2018