Hacking Humans 12.23.21
Ep 177 | 12.23.21

Even if a cause moves you, do your due diligence.


Amaya Hadnagy: You need to always be aware. You think that sometimes, you know, charities are the one thing you can trust. But always make sure that even if you feel emotionally moved by a cause that you actually check your sources and do your research.

Dave Bittner: Hello, everyone. And welcome to the CyberWire's "Hacking Humans" podcast, where each week, we look behind the social engineering scams, the phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner from the CyberWire, and joining me is Joe Carrigan from the Johns Hopkins University Information Security Institute. Hello, Joe. 

Joe Carrigan: Hi, Dave. 

Dave Bittner: Got some good stories to share this week. And later in the show, my conversation with Amaya Hadnagy. She performs media support for Social-Engineer LLC, and she joins us with information about charity scams. 

Dave Bittner: All right, Joe. Let's jump into some stories this week. I have something a little different for us. I don't actually have a media story, but this is a story from my personal life (laughter). 

Joe Carrigan: Ah. Those are the best kinds of stories, Dave. 

Dave Bittner: Yes. So as you and I have discussed here on the show many times, my parents are getting up there in years. 

Joe Carrigan: Yes. 

Dave Bittner: They are in the category that I think it's safe to say is elderly. 

Joe Carrigan: OK. 

Dave Bittner: And as such, they don't really get out and about as much as they used to. And so recently, my father reached out to me and asked if I could run a little errand for him and go over to their safe deposit box at their bank. 

Joe Carrigan: Right. 

Dave Bittner: So I was happy to do that. And I am on the - you know, the signing list for their safe deposit box. So I go over there, and I take care of the things that he needed me to do there, swapping some things in, taking some things out and then that sort of thing. 

Joe Carrigan: Getting hold of your father's vast trove of German bearer bonds. 

Dave Bittner: (Laughter) That's right. Exactly. 


Joe Carrigan: His sack full of diamonds. 

Joe Carrigan: Right. 

Dave Bittner: (Laughter) Right. (Laughter) So I took care of the business there. And the folks at the bank were very nice. And, you know, they've had a long relationship with my parents and know them well. And - but while I was there, I reached out to the woman who was helping me, and I said, you know, I'm on all of my parents' accounts, but I'm concerned about them potentially being scammed. Is there some way that I could be put on some sort of system to get alerts... 

Joe Carrigan: Right. 

Dave Bittner: ...If certain things happen with their accounts? And she said, absolutely. 

Joe Carrigan: Really? 

Dave Bittner: Have a seat. Let's take care of that right now. So we sat down. And it was as easy as me installing this bank's mobile app on my phone, creating my own account on their app... 

Joe Carrigan: Right. 

Dave Bittner: ...And then just setting various alerts for - to be triggered by things that could happen with the account. So, for example, if a certain amount of money were moved out of the account, I can have an amount that triggers an alert. 

Joe Carrigan: Right. 

Dave Bittner: If, you know, more than $1,000 was moved out of this account, I'll get an alert. 

Joe Carrigan: Right. 

Dave Bittner: If the account balance goes below a certain point, I could get an alert on that. 

Joe Carrigan: Right. 

Dave Bittner: So all sorts of different things that I could be alerted on. What's nice is my alerting is different than any alerting my parents would get because it's my individual account that has a view into this particular bank account. 

Joe Carrigan: And when you say account, when you say your individual account, you're talking about the computer account, the login account. 

Dave Bittner: Correct. 

Joe Carrigan: You don't mean the bank account. 

Dave Bittner: Correct, yeah. 

Joe Carrigan: Right. 

Dave Bittner: Yeah, so I have - for the mobile app, I have my own account... 

Joe Carrigan: Right. 

Dave Bittner: ...That's connected to me and completely - and the bank account itself is a separate thing. 

Joe Carrigan: Right. 

Dave Bittner: So it's actually quite nice. I was thinking because, you know, for example, if someone got my parents' credentials and tried to monkey around with that, that would not affect my account necessarily, right? I could still get alerts. And whoever got access to my parent's account, login account... 

Joe Carrigan: Right. 

Dave Bittner: ...Would not be able to set my preferences for the alerts... 

Joe Carrigan: Right. 

Dave Bittner: ...Wouldn't be able to change them, wouldn't be able to alter them. 

Joe Carrigan: That's correct. 

Dave Bittner: So I have to say it was a nice interaction, helped put me at ease. I was glad I asked... 

Joe Carrigan: Right. 

Dave Bittner: ...Right? And so I thought to myself, well, this would be a good thing to share with all of our listeners - that if you are on your parents' accounts, reach out to that bank and see what kind of view you can have into that and if you can have some alerts set up to make sure that if anything happens, that at least you're kept in the loop on it. 

Joe Carrigan: Yeah. Yeah, that's a great idea. 

Dave Bittner: Yeah, yeah. 

Joe Carrigan: And good thinking, Dave, on asking. 

Dave Bittner: Well, thank you (laughter). It was easy to do and, you know, delightful. Also, you know, just good to kind of get to know the people at the bank one on one so that if something does happen to my parents, you know, just so that I'm a familiar face now. 

Joe Carrigan: Right, right. 

Dave Bittner: So as - because I suspect, as I said, as my folks are not able to to get out and about as much as they used to, I suspect I'll be doing more of this sort of thing for them. So to have that familiarity with the folks at the bank is a good thing. 

Dave Bittner: And, you know, I have to admit I am of the generation that never actually goes in a bank. Like, I would prefer to do all my banking online or at the ATM. 

Joe Carrigan: At the ATM or online, yeah. 

Dave Bittner: Yeah. Like, I don't - what do I need to talk to those people for (laughter)? 

Joe Carrigan: I don't like social interaction. 


Dave Bittner: Right, right. But in this case, I'm happy to go old-school with it. 

Joe Carrigan: Right. 

Dave Bittner: So... 

Joe Carrigan: There are definitely benefits for doing that. 

Dave Bittner: Yeah, yeah. Absolutely. So just kind of advice out there, something to keep in mind. If you're in a similar situation to mine, next time you're at the bank, just reach out. Ask them if this is something that's possible. 

Joe Carrigan: Yeah, it's a great thing to ask. 

Dave Bittner: All right, Joe, you have a story for us this week. What do you got? 

Joe Carrigan: Dave, my story comes to us courtesy of a listener named Alice (ph), who sent us a link to a New York Times article by Jeffrey Gettleman, Kate Conger and Suhasini Raj. Interesting. There's no Oxford comma in this byline, by the way, New York Times. 

Dave Bittner: OK. 

Joe Carrigan: This is a story about somebody scamming female Indian broadcasters, news anchors, if you will. And they have targeted multiple anchors. Many of them didn't get fully scammed, but one woman named Nidhi Razdan, who was formerly of NDTV, did get fully scammed by this scam. 

Joe Carrigan: So Ms. Razdan was a news anchor for this channel, NDTV, which is a big news organization in India. And in 2019, she was fired from the job because of - I think because of the COVID pandemic. But she was without a job. 

Dave Bittner: OK. 

Joe Carrigan: And she had been harassed, as most news people and media people are, constantly by people who, you know, disagreed with her. Of course, that's no different here in the U.S. either, right? 

Dave Bittner: Yeah. That sort of comes with the job. 

Joe Carrigan: Comes with the job, exactly. But in 2019, she said she was physically exhausted, mentally exhausted, just done with it. And she said to herself, if I don't try something new now, I never will. Right? And that is the exact point in time that these scammers got lucky and sent an email to her or reached out to her. 

Joe Carrigan: So the first point of contact or first contact to Ms. Razdan in this scam was an email from a student calling herself Melissa Reeve, who was inviting her to a Harvard media seminar. Harvard's a big university here in the U.S., very prestigious. 

Dave Bittner: May have heard of it before. 

Joe Carrigan: Yeah. 

Dave Bittner: Yeah. 

Joe Carrigan: Yeah. Pretty good school. 

Dave Bittner: I mean, it's no Hopkins. 

Joe Carrigan: It's no Hopkins. That's right. 

Dave Bittner: (Laughter). 

Joe Carrigan: But then she was introduced to another student, who goes by the name of Tauseef Ahmad, who was also - that personality was also used in the scamming of - the attempted scamming of other news anchors. And he said there may be jobs in the journalism department, like adjunct professors or associate professor positions. And Ms. Razdan says she let her hopes get up about this. She said she thought it might be an opening to a whole new world. 

Joe Carrigan: The next thing she knows, she's interviewing on a phone call with somebody calling themselves Bharat Anand, who is actually the real vice provost of Harvard. Right? So they have Harvard information, and these people are posing as Harvard officials. Vice provost is pretty high up... 

Dave Bittner: OK. 

Joe Carrigan: ...In the academic hierarchy. 

Dave Bittner: So you could go to Harvard's website and look this person up. 

Joe Carrigan: Yup, and he's there. 

Dave Bittner: And he's there. OK. 

Joe Carrigan: Yup. 

Dave Bittner: Yup. 

Joe Carrigan: So it sounds real. But it wasn't a video call. She said she should've insisted on a video call. But then the scammers took bolder steps to impersonate Harvard. They actually set up a domain with GoDaddy called harvardcareers.com (ph). Now, note that's not an edu domain, right? 

Dave Bittner: Oh, right. 

Joe Carrigan: It's a dot-com domain. And then they set up anonymous DNS, right? So when you register a DNS, you can say, nope, shield my information; don't show it to everybody 'cause a lot of times it has a home address on it. 

Joe Carrigan: They actually went so far as to send letters requesting recommendations from people. And one of Ms. Razdan's former bosses, Prannoy Roy, who was the founder of NDTV, is quoted in this article as having said, there was a lovely Harvard shield; I didn't have the slightest doubt, when they sent him a letter requesting a recommendation. 

Joe Carrigan: They went through all kinds of stuff. They stole documents off of Harvard's website, which are readily available. And they eventually issued Ms. Razdan a job offer and collected all kinds of personal information from her. 

Joe Carrigan: The heartbreaking end of this story - Ms. Razdan had gone through the process of telling everybody she was getting a job at Harvard, was very excited about it. She was actually on calls and, like, getting set up for classes that constantly got pushed back and canceled due to COVID. This was in early - or first semester of 2020. Lots of calls with the dean that never happened because they would always be canceled at the last minute. 

Joe Carrigan: And then at one point in time, she gets a heartbreaking email from an associate dean at Harvard that says, there is no record of, nor any knowledge of your name on any appointment, essentially. So she had - she has even signed contracts with these fraudsters. 

Joe Carrigan: Now, here is the weird part of this. It doesn't look like they've done anything with this information, that these guys are just out there scamming her and a bunch of other people. If you look in this article on The New York Times' website, there's like five or six other journalists who were targeted by this. And they're not doing anything. It looks like this is just a massive trolling effort. Still, it's devastating for Ms. Razdan. 

Dave Bittner: Yeah. 

Joe Carrigan: I can't - you know, I can't fathom what kind of person does this to another person. 

Dave Bittner: Well, what's the endgame here? What are - you know, are they - were they ultimately looking to steal her identity? 

Joe Carrigan: They haven't done anything like that. According to this New York Times article, they haven't done anything like that yet, and this happened about a year ago. So I don't know what the endgame is here. It's weird. 

Dave Bittner: Yeah. 

Joe Carrigan: It's weird. It does look like it's politically motivated, though. 

Dave Bittner: Oh. I see. 

Joe Carrigan: But there is no further endgame. 

Dave Bittner: Wow. So I guess the lesson to be learned here is that if you're out job hunting... 

Joe Carrigan: Right. 

Dave Bittner: ...Do your extra due diligence. 

Joe Carrigan: Yeah. I mean, Ms. Razdan is the victim here. So I'm not blaming the victim, but there are some things that you can do to protect yourself. There were some red flags that some of these other people who had attempts to get scammed noticed and didn't fall for. These guys just caught Ms. Razdan at the exact right time. 

Joe Carrigan: And that's how these scammers work. Even the ones that are targeting you specifically, they work based on, essentially, probability that, you know, that one day they're going to hit the right person at just the right time and hopefully embarrass that person. 

Dave Bittner: Yeah. 

Joe Carrigan: I think that was the goal here. But fortunately, Ms. Razdan comes forward and lays the entire scam out, which is great. That's very courageous, hard to do. It's got to be hard to do because you have been scammed. And like we've said a million times before on this show, it's very embarrassing when you get scammed. 

Dave Bittner: Sure. 

Joe Carrigan: To come out and tell everybody exactly what happened and how you fell for the scam takes a lot of courage. 

Dave Bittner: Yeah. 

Joe Carrigan: And I am thankful that Ms. Razdan has done that and... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Put her name in this article. There are people in this article who did not put their names forward. They're quoted as anonymous. And Ms. Razdan is not one of them. 

Dave Bittner: Yeah. Well, I certainly wish her well. 

Joe Carrigan: Yeah. Me too. 

Dave Bittner: It's a shame to go through something like that. What a roller coaster. 

Joe Carrigan: Yeah. 

Dave Bittner: Yeah. 

Joe Carrigan: Absolutely terrible. 

Dave Bittner: All right, well, we will have a link to that story in the show notes, for sure. 

Dave Bittner: Joe, it is time to move on to our Catch of the Day. 


Joe Carrigan: Dave, our Catch of the Day comes from a listener named Chris (ph), who writes, hey, guys. I'm not a cyber guru like all of you, but I work in supply chain. I'm also a Marine Corps veteran and bank at Navy Federal. This one almost got me. The URL is so close, I immediately let my fellow vets know. I'd love to get my hands on these guys. 

Dave Bittner: (Laughter) And he did not... 

Joe Carrigan: He doesn't say guys (laughter). 

Dave Bittner: No. He uses a word more suitable to a veteran of the Marine Corps. 

Joe Carrigan: Right. 

Dave Bittner: Yeah. 


Joe Carrigan: I understand. 

Dave Bittner: Yes. Well, thank you, Chris. No funny voices to be done with this. But this is a screen capture that he sent us. And this is a login screen, and it has the Navy Federal logo. It says, welcome to digital banking, has a sign-in field there. But if you look at the URL, it says signin.navyfedleral.net. So... 

Joe Carrigan: I looked at that the first time, Dave. I had to look at that three times in order to pick up on the error there. 

Dave Bittner: Right, right. And so if you think about the word Navy Federal, if you slide in a little L next to that D in the middle of Federal, that L just being a little vertical line just sort of blends in with the D. 

Joe Carrigan: Right. 

Dave Bittner: And it's easy to overlook. In fact, I think your brain fills in the gaps and just reads it right. 

Joe Carrigan: Yeah, Navy Federal should try to seize this domain. 

Dave Bittner: Yup. Yup, absolutely. So, Chris, good for you for catching this. And heads-up to everybody else to be mindful of these. 

Dave Bittner: I will remind our listeners, as we do quite often, that this is the kind of thing that a password manager will help prevent... 

Joe Carrigan: Right, exactly. 

Dave Bittner: ...Because a password manager will not let you log in to the wrong site. 

Joe Carrigan: Navy Fedleral. 

Dave Bittner: Yeah. It'll flag this and say... 

Joe Carrigan: Right. 

Dave Bittner: ...Hold on there, cowboy. This is not who you think it is. 

Joe Carrigan: That's right. 

Dave Bittner: So something to consider there. But we do appreciate you writing in, Chris, and sharing this with us. 

Dave Bittner: That is our Catch of the Day. We would love to hear from you. If you have a Catch of the Day you'd like us to read on the air, you can send it to us at hackinghumans@thecyberwire.com. 

Dave Bittner: All right, Joe, I recently had the pleasure of speaking with Amaya Hadnagy. She performs media support for the Social-Engineer LLC organization. We have had Christopher Hadnagy on our show before. And Amaya joins us with some information that she recently published about charity scams. Here's my conversation with Amaya Hadnagy. 

Amaya Hadnagy: Yeah. Well, the FTC has a definition where charity fraud can be described as using deception to receive money from people who believe they're used for charities. But really, it just boils down to anyone who is donating to a charity that is not truthful in where their money is going. Usually, that means the money is just benefiting a singular person for a use that people are not consenting to. 

Dave Bittner: Now, as you and I are recording this, we're coming up towards the end of the year and the holiday season. I mean, this strikes me that this would be a time of year when we really need to be on extra lookout for these sorts of frauds. 

Amaya Hadnagy: Oh, for sure. Yeah. I've noticed that a lot of scams in general, not just charity scams but definitely charity scams as well, have gone up for holidays. They go up for holidays. And any time there's a disaster or a lot of, you know, news about something bad happening, charity scams definitely go up during that time. 

Dave Bittner: Can you give us some examples of some of the charity fraud scams that you all have been tracking? 

Amaya Hadnagy: Yeah, the biggest ones that we see right now are definitely for COVID. There's a site called DomainTools, and it flagged more than 100,000 sites that had COVID-19-related domains as high risk for fraud. And that was at the beginning of the year, so it's probably way higher than that now. 

Dave Bittner: One of the things that you point out in the article that you all posted was that people need to be on the lookout for scams that make use of crowdfunding platforms. That's one I wasn't so familiar with. Can you explain to us what happens there? 

Amaya Hadnagy: A lot of crowdfunding platforms, anyone can upload, right? So you don't need a lot of proof that what you're saying is truthful or that you actually need that money for that purpose. This was also mentioned in the article that was written back in 2017. There was this homeless veteran who gave his money to a woman on the side of the road. She had no gas. And it was this really wholesome story about how this woman was moved by how this homeless veteran gave her money so she could get home safely. And so when she got home, her boyfriend and her posted a story on GoFundMe to raise money for the homeless man. But it turns out that the over $400,000 was fraud. It was not going to the homeless man. 

Amaya Hadnagy: They were even featured on "Good Morning America." They were on the news. They were viral on social media. And they raised all this money just from GoFundMe. And they had pleaded guilty to wire fraud, money laundering and a bunch of other stuff. So that whole campaign was a scam. So I'm not really sure how much other scams are happening out there, but that's just one, and it was a pretty big one. 

Dave Bittner: And I guess a reminder that, you know, even - I mean, this was featured on "Good Morning America," as you said. So a reminder that even though it may seem as though some of these things are on the up and up or even that they've been vetted, that's not always the case. 

Amaya Hadnagy: Yeah, which makes it even more scary because you think, oh, if it's on the news or, you know, it's being published and it's viral, it must have some semblance of truth to it. But unfortunately, that's not always the case. 

Dave Bittner: One of the things that your article points out here are ways to protect yourself and your family from charity fraud. You list some red flags and then some tips as well. Can we go through those together? 

Amaya Hadnagy: Yeah. So a red flag - this one is a little hard because a lot of charities nowadays are still pretty adamant about pressuring you to donate, but a red flag is pressuring to donate immediately. And if they give you, like, a sense of urgency - like, we need to get your money as fast as possible; we need your money now - that's a red flag because a legitimate charity is not going to pressure you that much and should just welcome however much you're willing to give. 

Amaya Hadnagy: Another one is only accepting payment by gift cards, cash, wire transfer. These are not legitimate ways to pay for any donations for a legitimate charity. Even if it's not like a charity, most scammers will try to get money through gift cards or wire transfer because it can be really difficult or even impossible to trace back to them. And it's just - if you really think about it, no legitimate charity is going to be asking for gift cards. 

Dave Bittner: Well, in terms of, you know, seeking out reputable organizations, you know, it is that time of year when I think people are thinking about being charitable and even the - perhaps the tax benefits towards the end of the year to donating to worthy causes. What are some of the ways that people can make sure that when they do that, that they're going to be giving to legitimate organizations? 

Amaya Hadnagy: Yeah. So always be aware of organizations that have, like, really similar names to ones that you know are legitimate. So, like, if they have really similar or copycat names, that's something to look out for. 

Amaya Hadnagy: So you should always do your research. The FTC suggests searching for a charity's name and then just look up, like, complaints and scam, and, like, look up the ratings, and see how other people have rated giving to that charity. 

Amaya Hadnagy: Make sure that when you do give to a charity, you don't give out any personal or financial information. Most charities are not going to ask for your Social Security number or your date of birth or any bank account numbers. So just make sure you look out for that. 

Amaya Hadnagy: Don't click on or open links from people you don't know. That's just the No. 1 rule when it comes to any scams, not just charity scams. You know, don't click on links you don't know. There is a website called Charity Navigator, and so you can put any charity name or even just look at suggestions, and it can tell you the reputation of a charity before you donate at all. 

Dave Bittner: What are some of the sort of take-homes? What do you hope that people who've read this article take away from it? 

Amaya Hadnagy: Definitely that you need to always be aware. You think that sometimes, you know, charities are the one thing you can trust, but that's definitely not it. Always check your sources for anything. Do your own research. You know, empathy, just emotions in general can really move people to act without fully thinking through, even if those emotions weren't there in the first place. So always make sure that even if you feel emotionally moved by a cause that you actually check your sources and do your research because that can lead to sending money to something that is not true at all, which can really be more harmful than we realize. 

Dave Bittner: All right, Joe, what do you think? 

Joe Carrigan: COVID is still big. I'm kind of surprised at how big of a scam it is. 

Dave Bittner: COVID is still here (laughter). 

Joe Carrigan: Right, it is still here. 

Dave Bittner: Every day, there's new stories about it. So it's still front and center, I guess. 

Joe Carrigan: Yeah, top of mind. 

Dave Bittner: Yeah. 

Joe Carrigan: So these bad guys are never going to stop using whatever is top of mind. And don't worry. Once COVID does go away, they'll move on to something else. 

Dave Bittner: Right. 

Joe Carrigan: They'll find something else... 

Dave Bittner: (Laughter). 

Joe Carrigan: ...Something else to do. 

Dave Bittner: It's always something new. 

Joe Carrigan: Right. They're not going to walk away from this huge pile of money that they're scamming people out of - for example, Dave, the natural disasters in Kentucky that you were talking about that you mentioned in this. 

Dave Bittner: Yeah, yeah. 

Joe Carrigan: Very recent - crowdfunding sites make this pretty much trivial to scam people out of money. And Amaya brings up the story of the homeless vet. Do you remember that story? 

Dave Bittner: Yeah. 

Joe Carrigan: That story was all fake. There is one part of that story that warms my heart. You know what it is? It's the five-year prison sentence that the one guy got. 

Dave Bittner: (Laughter). 

Joe Carrigan: And the other two are awaiting prison sentences, as well. 

Dave Bittner: (Laughter) OK, right. 

Joe Carrigan: That's a happy ending for me, right? 

Dave Bittner: (Laughter) OK. Fair enough. 

Joe Carrigan: I'm hoping that they didn't scam any one individual out of a large amount of money, but they got away with, like, $400,000. Or they scammed people out of - they didn't get away with anything. They're all going to prison. 

Dave Bittner: Yeah. 

Joe Carrigan: Amaya has some really good recommendations here on the red flags front. No. 1, the high pressure - high-pressure sales. I don't know about you, Dave, but high-pressure people just shut me down. Whenever somebody starts giving me the high - any high-pressure things, I think that's, like, an internal thing for me just to stop dealing with that person. 

Dave Bittner: Yeah. 

Joe Carrigan: I don't like it. 

Dave Bittner: I'm the same way. I walk away. 

Joe Carrigan: Right. But some people are susceptible to that. And if you're susceptible to that, just walk away. You know, when you're dealing with a car salesperson - right? - and they go, I don't know - a used car in particular. 

Dave Bittner: (Laughter). 

Joe Carrigan: Somebody was in here looking at it earlier today. 

Dave Bittner: Right. 

Joe Carrigan: My response is, well, sell it to them. 

Dave Bittner: Right. 

Joe Carrigan: (Laughter) Right? That's what I say. 

Dave Bittner: Yeah. 

Joe Carrigan: And I walk away. They almost always follow you, by the way, when that happens. 

Dave Bittner: Yes, yes. 

Joe Carrigan: (Laughter). The other red flag is suspicious forms of payment. Legitimate charities generally don't take gift cards as payment... 

Dave Bittner: Right. 

Joe Carrigan: ...Right? 

Dave Bittner: (Laughter) They will take gift cards as donations. 

Joe Carrigan: Right. 

Dave Bittner: But not, you know, like, if - for example, if your local food shelter or homeless shelter... 

Joe Carrigan: Right. 

Dave Bittner: ...Things like that. 

Joe Carrigan: Exactly. 

Dave Bittner: Yeah. But no, they're not generally going to ask for gift cards as payment (laughter). 

Joe Carrigan: Particularly not over the phone. 

Dave Bittner: Right, right. 

Joe Carrigan: And what they do with these grocery gift cards for shelters is they go and they buy food is what they do. If you're going to give to one of those organizations that does take gift cards for those purposes, make sure it's your local organization that you know about... 

Dave Bittner: Yeah. 

Joe Carrigan: ...Which leads leads me to my next point and Amaya's next point about charitynavigator.org, which she mentions is a good site. The BBB also has give.org, which is another good site. Both of these are good ways to avoid scams. 

Joe Carrigan: And never under any circumstances give financial information to a charity. Charities - what they need is money. They do not need your banking information, right? 

Dave Bittner: Right, right, right. 

Joe Carrigan: So don't give that to them. 

Dave Bittner: Right, right. Absolutely. Yeah, I mean, sad to say, you know, 'tis the season for giving... 

Joe Carrigan: Yeah. 

Dave Bittner: ...But also, the scammers take advantage of that and try to get in there and take their part. So our thanks to Amaya Hadnagy for joining us and sharing this valuable information. We do appreciate it. 

Dave Bittner: All right. That is our show. We want to thank all of you for listening. Of course, we want to thank the Johns Hopkins University Information Security Institute for their participation. You can learn more at isi.jhu.edu. 

Dave Bittner: The "Hacking Humans" podcast is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our senior producer is Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. 

Joe Carrigan: And I'm Joe Carrigan. 

Dave Bittner: Thanks for listening.