Trevin Edgeworth, Red Team Practice Director at Bishop Fox, is discussing how change, like M&A, staff, tech, lack of clarity or even self-promotion within and around security environments presents windows of opportunity for attackers. Joe and Dave share some listener follow up, the first one comes from Erin, who writes in from Northern Ireland, shares an interesting new find about scammers now keeping up with the news. The second one comes from listener Johnathan who shared thoughts on reconsidering his view on defining Apple's non-rate-limited MFA notifications as a "vulnerability." Lastly, we have follow up from listener Anders who shares an article on AI. Joe shares a story from Amazon sellers, and how they are being plagued in scam returns. Dave brings us the story of how to save yourself and your loved ones from AI robocalls. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Theory Is All You Need: AI, Human Cognition, and Decision Making Amazon Sellers Plagued by Surge in Scam Returns How to Protect Yourself (and Your Loved Ones) From AI Scam Calls News Insights: Does X Mark a Target? with Trevin Edgeworth, Director of Red Team Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.

Dr. Robert Blumofe, CTO at Akamai, sits down to talk about the AI doomsday versus a "very bad day" scenario. Dave shares a story from The Knowledge Project Podcast, where the host talks to Adam Robinson, a multifaceted individual known for his work as an author, educator, entrepreneur, and hedge fund advisor, and he talks about what is all incorporated into the term "stupidity." Dave goes on to share that while most people may feel stupid when falling for a scam, this research suggests otherwise, and you should never feel that way for falling for any scam. Joe's story comes from Hayley Compton at BBC, and is on a Facebook scam sneaking it's way into a family's home after a couple just had their first child. Our catch of the day comes from listener Michael, who shares an email he received that caught him off guard at first. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: How Not to Be Stupid 'Facebook scammer tricked his way into our home' Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A network monitoring and filtering technique that examines both the header information and the payload of every packet traversing a network access point.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story about Apple users reporting that they are being targeted in elaborate phishing attacks that involve's a bug in Apple?s password reset feature. Joe and Dave share some listener follow up from Leo who shares some thoughts on episode 282 and the recruiter scam that was discussed. Dave shares a story from Mexico on one of the most violent criminal groups and drug cartels, Jalisco New Generation. They have been running call centers that offer to buy retirees? vacation properties and then empty the victims? bank accounts. Joe has the story of Facebook spying on users' Snapchats in a secret project. Our catch of the day comes from listener Van, who writes in to share a voicemail they received related to a tax scam. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Recent ?MFA Bombing? Attacks Targeting Apple Users A Mexican Drug Cartel?s New Target? Seniors and Their Timeshares Facebook snooped on users? Snapchat traffic in secret project, documents reveal You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A clandestine set of applications designed to give hackers access and control over a target device.

Graham Cluley joins to discuss trends he?s been seeing lately in online scams. N2K's very own Gina Johnson shares some insights on a discussion a few episode ago on why people need a prescription for oxygen in the US. Joe brings up the topic of getting and exploiting access to your infrastructure, and shares an article that deals with the rise of social engineering fraud in business email compromise. Dave shares a personal story this week, on how he got scammed from a Facebook post, sharing that it can happen to anyone. Our catch of the day comes from listener Vance, who writes in to share a scam he found via "snail mail," regarding a life insurance policy that he needs to collect on. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: The Rise of Social Engineering Fraud in Business Email Compromise How Sophisticated Social Engineering Attacks Are Targeting IT Service Desks Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A set of behaviors that precisely describes a cyber adversary attack campaign.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She shares the story on scammers posing as recruiters on LinkedIn to get you to fall for an age old phishing scam. Dave and Joe share some listener follow up, the first being from listener Alex who shared a video on scammers being forced to prove they are not robots. Listener Chloe wrote in with a question, asking about a potential scam she encountered. Joe has a story from the BBC this week regarding a love scam in the Philippines. Finally, Dave shares the story on the FCC approving a voluntary cybersecurity labeling program for wireless IoT products. Our catch of the say comes from Mark, who shares a personal story on a recruiting scam nightmare. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Heads Up, Tech Professionals: Protect Yourself From Phishing Scams Presenting as Recruiters Forcing Scammers To Prove They're Not Robots Hundreds rescued from love scam centre in the Philippines FCC adopts voluntary 'Cyber Trust Mark' labeling rule for IoT devices You can hear more from the T-Minus space daily show here. And be sure to join our live webinar: CISOs are the new Architects (of the Workforce) Join N2K?s Simone Petrella and Intuit?s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Information used by leadership to make decisions regarding the cybersecurity posture of their organization.

This week we are joined by N2K CyberWire's very own Catherine Murphy, and she is sharing her family's experiences with Lurie Children's Hospital's recent cybersecurity incident. Dave shares a story on the dangers of Googling airline customer service numbers when an issue occurs. Joe shares another story on scary scams that are costing people millions of dollars, now getting the FBI involved. Our catch of the day was found from the Washington University in St. Louis from their Scam of the Month posting, which shares another tale of a scam, this time trying to recruit for an open vacancy as a research assistant for undergraduates. The scammers pose as a Professor of Computer Science and Engineering to try and get students to sign up for this fake job posting. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: I?m begging you not to Google for airline customer service numbers Elaborate scam involves gold bars and couriers; cost a Maryland woman $2 million Scammers Use Couriers to Retrieve Cash and Precious Metals from Victims of Tech Support and Government Impersonation Scams Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE Ransomware gang claims to have made $3.4 million after attacking children?s hospital Have a Catch of the Day you'd like to share? Email it to us at [email protected].

In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theft of a person's identity for purposes of fraud.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail! Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Japan?s new ATMs automatically play anti-fraud videos to people talking on mobile phones?Video? Fraudsters in Japan use foreigners' bank accounts in cash grab ?????ATM??????AI???????? ?????????? Calendar Meeting Links Used to Spread Mac Malware IDcare You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A probability simulation technique used to understand the impact of risk and uncertainty in complex problems.

Mike Kosak, Principal Intelligence Analyst at LastPass, is discussing passkeys, threat actors, and Volt Typhoon. Joe shares a new free certification you could get if you are looking to get into the field. Joe also shares a terrifying story about how everyone can be conned, and it's not as obvious as it may seem sometimes. Dave's story is warning Costco members of a new phishing scam that attempts to steal their credit card information. Our catch of the day comes from listener Pryce who shares an email they received regarding a charge they are getting from "NortonLifeLock." Links to the stories: FREE Entry-level Cybersecurity Training + Certification Exam Put your smugness away. You are not too clever to be conned. New Costco Membership Scam Targets Members' Credit Card Information Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She brings us a scary story from a woman who never thought she'd ever be scammed. Dave and Joe shares some follow up before getting into their stories, they share a story from a listener who sent in a LinkedIn link about scammers targeting Walmart. They also share a question from listener Cynthia, who asks about bank scam covered before, and how to respond to these scams. Dave shares a story from an anonymous source this week, who writes in about the dangers of crypto scams. Joe has two stories for us this week, the first one being from a friend of his that works for a company that specializes in military contracts. This company was hiring an employee and received three emails that all were very similar to one another, sharing that this is a red flag and wanted to write in to share the dangers of this scam. The second story is a very similar story to the one covered on Andy Cohen a few episode ago, and shares how a Jefferson county couple were scammed out of hundreds of thousands of dollars. Our catch of the day comes from listener Thomas who shares a story on AI voices sounding like famous people and his experience. Links to the stories: The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger I never thought I was the kind of person to fall for a scam. Phishing scam dupes Jefferson County couple out of $137K Phishing bank scam dupes Golden couple out of $137K SCAM HELL Walmart ?gift card scammers? caught spending $15k on jewelry, big-screen TVs and lobster tails at Sam?s Club You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

From the intrusion kill-chain model, the delivery of a ?lure? via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. Smishing is a portmanteau word made of two other words, the acronym ?SMS? and the cyber coinage ?Phishing?. It?s a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term ?Smishing? arose in the late 2000s. 

Aaron Walton, Threat Intel Analyst from Expel is discussing some things to look out for in 2024. Joe and Dave share some listener follow up from Mateusz, who shares some positive news with us. Dave's story is about a romance scammer coming clean after failing to woo CBS News reporter, Erica Johnson. Joe's story is on the latest decision from the FCC, and how they voted to ban scam robocalls that use AI-generated voices. Our catch of the day comes from listener Chuck, just in time for tax season, he warns against a phishing scam he received about his taxes. Links to the stories: Romance scammer reveals how he tricks women after failing to fool Go Public reporter FCC votes to ban scam robocalls that use AI-generated voices Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in. 

This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from a listener by the name of "The Computrix," who says they need to defend Walmart. Dave share's his story about the most common phishing email themes of 2023. Joe's got the story of ransomware not being paid the same way as it used to be by companies, and share the two different angles on that. Our catch of the day comes from listener William, who writes in with a phishing scam that caught his eye. Links to the stories: Sextortion training materials found on TikTok, Instagram, Snapchat and YouTube, according to new report Most Common Phishing Email Themes of 2023 Companies aren?t paying ransoms like they used to New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying FBI: Scammers Are Sending Couriers to Collect Cash From Victims You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destination address of their target victims.

Jaeson Schultz, Technical Leader from Cisco Talos, is discussing "Spammers abuse Google Forms? quiz to deliver scams." Dave's story discusses the disturbing new trick up a scammers sleeve to get you to fall for their schemes. Joe has two stories this week, the first a warning to those who pick up scammers phone calls and what that can lead to after gaining access to your voice. Joe's second story follows a band of organized thieves and how they have been targeting high-end homes across Metro Detroit. Our catch of the day comes from listener Van, who writes in to share a fun catch from a scammer who left a voicemail. Links to the stories: Spammers abuse Google Forms? quiz to deliver scams Scammers are stealing people's faces for live video calls All it takes is one sentence for AI to clone your voice Expert says alleged recording of racist, antisemitic rant by Pikesville High principal could be fake Videos: Organized crews smash glass, use jammers to break into high-end Metro Detroit homes Have a Catch of the Day you'd like to share? Email it to us at [email protected].

From the intrusion kill-chain model, the delivery of a ?lure? via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. Smishing is a portmanteau word made of two other words, the acronym ?SMS? and the cyber coinage ?Phishing?. It?s a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term ?Smishing? arose in the late 2000s. 

Abhilash Garimella from Bolster joins to discuss a USPS phishing campaign abusing freemium dynamic DNS and SaaS providers. Dave and Joe share some follow up, one was from listener Mike who wrote in to tell us about a breach at Resend, another was regarding a previous episode on grief and the internet, and finally Joe and Dave discuss a listeners response to a previous episode regarding an SMS scam a listener wrote in about. Dave shares a story on Walmarts relaxed security methods and how scammers may be exploiting them. Joe shares a couple articles relating to the ever growing pop star Taylor Swift and how criminals are using her face to scam. Our catch of the day comes from Joe this week, and he shares an interesting looking email he received from "Apple." Links to the stories: Facebook users targeted with ?I?ll miss him so much? scam Incident report for January 10, 2024 How Walmart?s Financial Services Became a Fraud Magnet Taylor Swift, Selena Gomez deepfakes used in Le Creuset giveaway scam No, That?s Not Taylor Swift Peddling Le Creuset Cookware Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in. 

This week we are joined by the host of T-Minus, N2Ks very own Maria Varmazis brings her own story and discusses with Dave and Joe. We start off with Joe, and he brings in the story of Andy Cohen and how he fell victim to a credit card scam and shares what he had learned through the experience. Maria shares Arctic Wolf Labs' story and how they have investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks dating back to October of 2023. Lastly, Dave shares his story warning YouTube users about videos promoting cracked software that is distributing Lumma Stealer. Our catch of the day comes from listener Jon, he shares and email that had made it through his spam filter. You can hear more from the T-Minus space daily show here. Links to the stories: Exclusive: Andy Cohen fell victim to a credit card scam. Here's what he learned Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer Have a Catch of the Day you'd like to share? Email it to us at [email protected].

NDR tools provide anomaly detection and potential attack prevention by collecting telemetry across the entire intrusion kill chain on transactions across the network, between servers, hosts, and cloud-workloads, and running machine learning algorithms against this compiled and very large data set. NDR is an extension of the EDR, or endpoint detection and response idea that emerged in 2013. 

Frank Riccardi sits down to discuss how cybercriminals exploit people?s fondness for reused passwords to launch credential stuffing attacks. Dave and Joe share a bit of follow up, one from a listener named Steve who shares some push back from the 23andMe story from last week, and the other from a listener named Michael who shares a story of unpaid toll scams. Joe shares the story of a Utah exchange student and how he fell victim to a cybersecurity kidnapping, and now authorities are trying to figure out how it happened. Dave shares a scam about tragic fake posts that lead to a "win now" website, that has been flooding his Facebook feed. Our catch of the day comes from Jon who writes in to share a suspicious email that made it through the spam filter in Google. Links to the stories: After Utah exchange student cyber kidnapping, we're looking at how the scam works Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow IT as completely negative. Those unauthorized systems were nothing more than a hindrance that created more technical debt in organizations that were already swimming in it with the known and authorized systems. 

Alethe Denis from Bishop Fox is talking with Dave and Joe with her take on the 23AndMe breach. Dave and Joe share some follow up from listener Michael, who writes in to share thoughts on our catch of the day from last episode, regarding the voice mail from Spectrum. Dave shares a story on email security, and how human factors have a heavy influence on it, especially with people's vulnerability to phishing and social engineering. Joe has two stories this week, his first story is a good wrap on the holiday's and gift card scams. Joe's second story is a jump on tax season quickly approaching, and how the IRS is helping taxpayers by providing penalty relief. Our catch of the day is a good example of what not to do when phishing/scamming people, luckily the receiver was smarter than the sender. Links to the stories: How Human Elements Impact Email Security "Vanilla Gift" card issuer faces lawsuit over card-draining scam risk IRS helps taxpayers by providing penalty relief on nearly 5 million 2020 and 2021 tax returns; restart of collection notices in 2024 marks end of pandemic-related pause News Insights: 23AndMe with Alethe Denis, Security Expert - Red Team Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Matt Lewis from the NCC Group joins to discuss how cybercriminals can decode your personality through AI conversations to launch targeted attacks at you. Dave and Joe share some follow up from listener Sydney, who writes in to share her thoughts on an FCC proceeding and how it could be of greater relevance to IoT security than SBOMs and HBOMs. Dave also shares a story from a listener from last Christmas, sending a warning to holiday shoppers. Dave has two stories this week, he shares one regarding an announcement on holiday scams coming out. His other story follows Zelle finally caving in to provide some relief to scam victims. Joe's story follows new crypto-theft attacks and warns people against the new tactics. Links to the stories: 2023 Holiday Shopping Scams Zelle finally caves after years of refusing to refund scam victims Microsoft: BlueNoroff hackers plan new crypto-theft attacks Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Thanks for joining us again for another episode of a fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch some holiday classics, describe the on-screen action for you, and then they deconstruct what they saw. Grab your Christmas cookies and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: How The Grinch Stole Christmas (2000) How The Grinch Stole Christmas (Cartoon) The Greening of the Grinch (magazine)

Adam Bateman, Co-Founder & CEO at Push Security, is sharing some of the latest phishing trends his team has been observing. Dave and Joe share some listener follow up from Michael, who writes in with a new idea, calling it "eDeception." With the holiday season practically here, Joe shares a story about gift card scams, reminding everyone to be safe this holiday season. Dave's story follows a new iPhone update regarding stolen device protection in an upcoming version of iOS. Our catch of the day comes from listener Van who sent in an audio catch about Spectrum users. Links to the stories: Amid holiday shopping, thieves utilize new scam eliminating gift card balances iOS 17.3, Now in Beta, Includes New ?Stolen Device Protection? Feature Have a Catch of the Day you'd like to share? Email it to us at [email protected].

The resilience discipline of controlled stress test experimentation in continuous integration/continuous delivery environments, CI/CD environments, to uncover systemic weaknesses. CyberWire Glossary link: https://thecyberwire.com/glossary/chaos-engineering Audio reference link: Farnam Street, 2009. Richard Feynman Teaches you the Scientific Method [Website]. Farnam Street. URL https://fs.blog/mental-model-scientific-method/

Seth Blank, CTO of Valimail, joins to discuss the implications on email security on behalf of DMARC. Joe and Dave share some follow up regarding Meta, who is the parent company to Facebook and Instagram, and how they are now in a lawsuit over steering predators to children in New Mexico. Joe shares how he was almost hacked, as scammers used Peacock to lure him in. Dave's story continues with popular streaming apps being impersonated, this time with Disney+ falling victim. Joe's story follows the U.S. Attorney?s Office, the FBI, and State and Local Law Enforcement Officials sharing another "Don't click December" PSA. Our catch of the day comes from listener Mauricio, who writes in sharing a phishing email, from "PayPal," saying he has an invoice of almost $600. Links to the stories: Facebook and Instagram Steer Predators to Children, New Mexico Attorney General Alleges in Lawsuit Threat actors impersonate Disney+ with considerable guile U.S. Attorney?s Office, the FBI, and State and Local Law Enforcement Officials Release Second ?Don?t Click December? PSA Have a Catch of the Day you'd like to share? Email it to us at [email protected].

From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called ?The Cult of the Dead Cow,? or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998.

Mike Price from ZeroFox sits down to discuss what 2023 phishing trends mean for the broader industry as we quickly approach 2024. Dave and Joe share a serious write in from listener Michelle who shares her pleads for her aunt, who she believes is being catfished. Listener Marc also writes in with an email that claims to be from "Walmart," that he is quite suspicious of. Joe's story follows Meta, and how they have designed products to target and harm kids. Dave's story is on bad bots and the dangers they pose with fake businesses that are maximizing their illicit earnings. Our catch of the day comes from listener Konstantin, who shares and email received from scammers claiming to be "McAfee," trying to get payment of almost $600. Links to the stories: Meta Designed Products to Capitalize on Teen Vulnerabilities, States Allege Breaking (Bad) Bots: Bot Abuse Analysis and Other Fraud Benchmarks Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A mathematical method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true. CyberWire Glossary link: https://thecyberwire.com/glossary/zero-knowledge-proof Audio reference link: Staff, 2022. Zero Knowledge Proofs [Video]. YouTube. URL https://www.youtube.com/watch?v=5qzNe1hk0oY

Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization?s business. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people?s cell phone numbers as soon as they click on a button that reads "download here". Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further. Links to stories: Amazon finally authorized Pakistani sellers. A wave of scammers followed Army Warns of Scam Targeting New Soldiers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A social engineering scam where fraudsters spoof an email message from a trusted company officer that directs a staff member to transfer funds to an account controlled by the criminal. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Chicago P.D. Rick's clip from the movie: The Imitation Game

A U.S. law designed to improve the portability and accountability of health insurance coverage. CyberWire Glossary link: https://thecyberwire.com/glossary/hipaa Audio reference link: Dr. Dana Brems, 2021. Doctor reacts to ?HIPAA violations? [Video]. YouTube. URL https://www.youtube.com/shorts/Ksk00s8a_IU

John Wilson, Senior Fellow, Threat Research at Fortra, joins to discuss email impersonation attacks which found that nearly 99% of?these threats can be classified as business email compromise. Dave and Joe share some listener follow up from Terry, who writes in with some comments on episode 262 regarding cybersecurity jargon used. Joe's story comes from a listener this week, this individual writes in sharing the horror story he had to deal with when him and his wife ended up on a target list for scammers. Dave's story follows Elon Musk and ?Joanna Gaines, co-host of the HGTV show "Fixer Upper," and how they are selling a scam device that claims to lower your electricity bills. Our catch of the day comes from listener William, who writes in sharing an email he received from the"Tampa International Airport Police Department Florida," saying they want to release his fund with the service of DHL Courier Company. Links to the stories: Worst fake "power saver" plug yet Better Business Bureau Elon Musk Energy Saving Device: The Scam You Need to Know About Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors can?t be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until security arrives to handle the situation. Physical security leadership installs man traps to separate unrestricted areas from restricted areas, to prevent tailgating by uncleared personnel, and to impede access by unauthorized persons.

This week we are joined by Harry Maugans from Privacy Bee who sits down to discuss how our digital breadcrumbs, old and new, are coming back to haunt us. Joe and Dave discuss some follow up from listener Phil, who writes in with a question about the safety of IoT and consumer devices. Dave's story follows the ever so popular YouTube, and its implemented measures to prevent users with ad blockers from watching videos. Joe shares a personal story from a friend regarding a scam he had fallen for, where the scammer got personal information and threatened him, asking for $500. Our catch of the day comes from listener John who found a hilarious text conversation on reddit that he just had to share. Links to the stories: YouTube's ?War? on Adblockers Shows How Google Controls the Internet Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A qualitative public framework for rating the severity of security vulnerabilities in software. CyberWire Glossary link: https://thecyberwire.com/glossary/common-vulnerability-scoring-system Audio reference link: Peter Silva, 2020. What is Common Vulnerability Scoring System (CVSS) [Video]. YouTube. URL https://www.youtube.com/watch?v=rR63F_lfKf0

James Dyer and Jack Chapman of Egress join to discuss "Cybercriminals don?t take holidays: How bad actors use this two-step phishing campaign to weaponize out-of-office replies." Dave and Joe share some listener follow up from Ron, who has a suggestion about registration specific email accounts. Joe has two stories this week, one where he shares some good news on a scammer who received some justice after taking part in a $66K romance scam. His second story is on social media and how it is a breeding ground for scammers. Dave's story this week follows how Google-hosted malvertising leads to a fake keepass site that looks genuine. Our catch of the day comes from our very own editorial staff who share an interesting email they received from the infamous National Security Department. Links to the stories: N.J. man sentenced to prison for taking part in $66K romance scam Social media: a golden goose for scammers Google-hosted malvertising leads to fake Keepass site that looks genuine Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A word, phrase, or sentence formed from another by rearranging its letters. For example, cracking a columnar transposition cipher by hand involves looking for anagrams.

Thanks for joining us again for a very special and scary episode brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering, scams, and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some frightfully fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Halloween III Rick's clip from the movie: Get Out