Hacking Humans 6.6.24
Ep 293 | 6.6.24

Spotting social engineering in the shadows.

Transcript

Joe Carrigan: These calls don't have people yelling at them or threatening them like we've heard from many others before. This is smooth operation all the way through. That's what the people are used to.

Dave Bittner: Hello everyone, and welcome to N2K CyberWire's Hacking Humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan from the Johns Hopkins University Information Security Institute. Hey there, Joe.

Joe Carrigan: Hi, Dave.

Dave Bittner: We got some good stories to share this week and later in the show my conversation with Dr. Chris Pierson. He's CEO at BlackCloak. We're talking about some of the social engineering attacks that his team is tracking. We will be right back after this message from our show's sponsor. [ Music ] All right, Joe, before we get to our own stories here, quick bit of follow-up you have for us?

Joe Carrigan: Yeah. Dave, back in Episode 291, we had Dr. Jessica Barker on and Perry Carpenter as well. And I got a LinkedIn message from somebody I've connected with, Laya. And she was good enough to write in to say that I called Jessica Jennifer in our discussion segment after the interview.

Dave Bittner: Okay.

Joe Carrigan: And I wanted to apologize to Dr. Barker. I hate when I mess up people's names. I really do. Especially when those people are kind enough to come on our show as guests.

Dave Bittner: Yeah.

Joe Carrigan: So, I'm sorry, Jessica. There was- I think we used the word Jennifer earlier in the uni- in the episode. And I think I got it stuck in my head somehow.

Dave Bittner: Well, John, I think that's really good of you to do and I'm sure-

Joe Carrigan: Jim is how people get my name wrong, Dave. People call me Jim all the time.

Dave Bittner: Is that right?

Joe Carrigan: Yeah.

Dave Bittner: Okay.

Joe Carrigan: That's the number one misnomer I get.

Dave Bittner: Yeah. Huh. That's interesting. I don't- there's- I don't get, there's not a whole lot I get for Dave.

Joe Carrigan: There's not a lot of D names.

Dave Bittner: No, not so much. Nope. Dave, Don, Dan, but no, it's Dave. All right. Well, thank you Laya for writing in and setting Joe straight.

Joe Carrigan: Yes.

Dave Bittner: We appreciate it. And apologies to Dr. Jessica Barker. I'm sure she didn't think twice about it, but --

Joe Carrigan: Laya was most gracious by the way. She was not being a jerk. She was being very nice.

Dave Bittner: All right, well, let's move on and talk about our stories here. Joe, why don't you start things off for us.

Joe Carrigan: Dave, my story actually comes from a blog post by Microsoft. And this is from their Threat Intelligence blog.

Dave Bittner: Okay.

Joe Carrigan: And they've been tracking since April of this year, Microsoft Threat Intelligence has been tracking a campaign from Storm-1811. Another one of those cool names for those bad guys.

Dave Bittner: Sure.

Joe Carrigan: Storm-1811 is- they're a nation-state affiliated group that does mostly financial crimes.

Dave Bittner: Okay.

Joe Carrigan: So- but it starts with the old phony phone call.

Dave Bittner: Okay.

Joe Carrigan: And Microsoft does a really good job of calling it a fake phone call and then putting in parentheses, vishing, Dave in this post. Because [multiple speakers] Right? From vishing.

Dave Bittner: Right. Right.

Joe Carrigan: It doesn't make sense. But what's happening is they're telling people once they get them on the phone to open up something called Quick Assist. Now, you are not a Microsoft user.

Dave Bittner: Not so much. No.

Joe Carrigan: Right. Are you familiar with Quick Assist?

Dave Bittner: No.

Joe Carrigan: I was completely unfamiliar with it until today.

Dave Bittner: Okay. So it's one of those buried features, or something if you need it, maybe you'll know about it, but otherwise it's just there?

Joe Carrigan: Exactly. Like if you're an administrator or you provide phone support for somebody. Basically, it is- it comes embedded with most Windows systems. I don't know when it got put in, but I know it comes with Windows 11 because that's what's on my system and my wife's system. And I tried it out. And it's pretty effective. It's essentially a remote desktop kind of thing. So like- so what happens is you get a- you start it up- and you can actually start it up by pressing Control, window key, Q, and the application will just launch. And then if you're going to provide assistance, you actually have to be logged into Microsoft's office- you have to use your Microsoft account to log in. But if you're going to receive assistance, you don't. And it works really well. The user, the end user has to provide permission to share the screen and then to share control. But the person making the call or giving the code away can request those things, and the user will see a popup. So what's happening is, they're calling in, they're telling people they're from tech support, and then they're delivering all kinds of malware. So here's how they make it work and make it seem more believable.

Dave Bittner: Okay.

Joe Carrigan: Before they even call the victims, these guys start an email bombing attack. Where they go out and they sign up the target for all kinds of different products.

Dave Bittner: Oh.

Joe Carrigan: All of these require email confirmation. So they already know the person's email address and their phone number. So that's what they have to have. So the user starts getting tons of these emails. Now, this part of the attack is benign. It's not really bad, but it's annoying. So what happens next is they call the person impersonating tech support. And they say, hey, we noticed that there's some fraud going on with your account. Have you seen a ton of emails in your inbox? Right. And if this person is like me, and they never check their inbox, maybe they go and check it and they say, hey, there is a bunch of stuff in here. And the guy on the phone goes, that's what I thought. Good thing we noticed. Let me help you. Please press Control plus Windows plus Q and that opens up Quick Assist. Now enter this code and click submit. Okay. Now allow the screen sharing. Okay. Now reque- I'm going to request control. And once that person has given control of the computer, the attacker takes over and starts using the computer as if it were his own. He's literally inside.

Dave Bittner: Right.

Joe Carrigan: Right? Now, at any point in time, you can terminate this connection. There's a button, a big button on here that says you can terminate it.

Dave Bittner: Okay.

Joe Carrigan: So one of the things that Microsoft is working on here is, they're going to put a warning into Quick Assist that says, did someone call you saying they're from tech support? Hang up the phone and do not allow them to use this service. Do not enter any codes they give you.

Dave Bittner: Okay.

Joe Carrigan: So, but that hasn't happened yet. So- because Microsoft has a software development process and a fixing process. They're actually making improvements to the software. We had a listener write in a couple of months ago about an open source application that does something very similar, that on their website, before you download this- the software, it says, hey, did somebody call you? You're probably being scammed, hang up the phone and don't install this software.

Dave Bittner: Oh, right, right, right, right.

Joe Carrigan: Which is great. So Microsoft has a few recommendations, which include blocking or uninstalling Quick Assist, and other remote monitoring management tools. Educate users about protecting themselves from tech support scams. Only allow any of these helper applications to connect to your device if you initiated the interaction by contacting Microsoft Support or your IT staff directly. This is for the individual user. That would be part of the training for the education for the users if you're in a corporation. They have a bullet point here that says, if you suspect the person connecting to your device is conducting malicious activity, disconnect from the session immediately and report it to your local authorities and any relative or relevant IT members within your organization. And users who have been affected by a tech support scam can go fill out a, I'm sure a very helpful form from Microsoft.

Dave Bittner: [brief laughter] Right. It's called the horses left the barn form.

Joe Carrigan: Right. Yeah. Not only that, but I don't think anything happens.

Dave Bittner: [brief laughter] Right.

Joe Carrigan: It just goes into their database.

Dave Bittner: Yeah.

Joe Carrigan: They have other things in here that like turn on cloud, cloud-delivered protection, and Microsoft Defender. These are more organizationally-focused enabled network protection and tamper protection features that prevent attackers from stopping security services. Because that's one of the first things they're going to do. Because one of the things these guys are going to do is they're going to put all kinds of different malware on your computer. And the end-game is actually they're going to install a ransomware. So watch out for these guys. Remember, don't trust the inbound phone call. You know, tech support never calls you. That has literally never happened in my life. Tech support has never noticed something is going wrong and said, hey, I'm going to go help Joe. Not how this works.

Dave Bittner: Yeah. I remember one time tech support- well, tech support/security came into my office. This was at a previous position I was in, and I'd only been there like a couple weeks at this organization. And the tech support guy he says, hey, we need to look at your computer. We think you've been on tour and me being me, I said, been on tour where?

Joe Carrigan: Right.

Dave Bittner: Where did I go? I've been here. I haven't been on any tours or, you know, I haven't been booked on any musical tours or anything. No, of course. They were talking about the Tor browser, right. So I was like, okay, you know, I basically, you know, put my hands up in the air, rolled my chair back and said, gentlemen, have at it. And they sat down and, you know, got into the terminal and did some poking around, and they were like, oh, okay. Our mistake. You're good. And they left. And I was like, ah, okay.

Joe Carrigan: I actually had- did have security call me one time because I downloaded a- from McAfee. McAfee made available a essentially a false positive virus. It was a very small text file that hashed to a particular value that was in their system as to throw a flag. So this is how you could test their product to make sure it was working without actually putting a virus on your computer.

Dave Bittner: I see.

Joe Carrigan: And I downloaded that.

Dave Bittner: You got busted.

Joe Carrigan: I did. [ Laughter ]

Dave Bittner: Right.

Joe Carrigan: I got a- hey, what is this file? Oh, that's just a test file for the antivirus. Well, it's throwing up all kinds of alert. Can you delete that? Like, I don't want to. He says, I don't want to start an incident report here. Okay. I'll delete it.

Dave Bittner: Right. [brief laughter].

Joe Carrigan: That was back in the '90s, Dave. Yeah. Back in the- when everything was a wild web.

Dave Bittner: Did you actually delete it or --

Joe Carrigan: I did. Oh, yeah.

Dave Bittner: -- did you try to find a way to hide it? Like did you put in a zip file or something?

Joe Carrigan: Yeah. Keep moving it around the computer to see how good the antivirus is.

Dave Bittner: Right.

Joe Carrigan: Right.

Dave Bittner: Right.

Joe Carrigan: Use it for its intended purposes. That's what it was. It was a test file to see exactly- to- you were supposed to do exactly that with it. But I just put it on a network drive and left it there [brief laughter].

Dave Bittner: Great.

Joe Carrigan: Got a phone call later that day.

Dave Bittner: You're that employee that --

Joe Carrigan: I am, that employee.

Dave Bittner: -- security folks love to- yeah. Someone who wants to take matters into their own hands.

Joe Carrigan: I- back in those days, I did. Now I don't do that. Now. I just say, what's the security policy here? What's my- how's my laptop working?

Dave Bittner: Right. What do I have to do to keep my job? [ Laughter ]

Joe Carrigan: That's what it is.

Dave Bittner: What are the parameters?

Joe Carrigan: Yeah. Dave, we always waxed poetic about the old days, right? The good old days.

Dave Bittner: Sure.

Joe Carrigan: And the amount of stuff- the shenanigans that went on before anybody started doing network monitoring was- there was a lot of shenanigans.

Dave Bittner: It was epic. Oh yeah, absolutely. Oh yeah. We were all there. We all- we remember, you know? Oh, yeah. Yeah.

Joe Carrigan: Played a lot of Doom and Half-life.

Dave Bittner: Yeah. Yeah. Exactly. Exactly. No, we had employees who would stay after hours just because, you know, the office had a great internet connection. And so that was a great place to play game.

Joe Carrigan: That's what we did.

Dave Bittner: And, you know, the high-powered computers we gave them to do 3D rendering also were really good at playing games. So we were like, is it okay if we stay after to play games? I was like, absolutely. Absolutely.

Joe Carrigan: Yeah. We played at lunch.

Dave Bittner: It's a benefit.

Joe Carrigan: We weren't billing the customer for playing games. I want to be clear about that. We weren't doing that. We were either staying after or playing at lunch.

Dave Bittner: Yeah. Yeah. All right. Well, it's interesting, the thing that catches my eye about this story is the thing about the email bombing thing. To plant something that they can point to, to lend legitimacy to what they're doing.

Joe Carrigan: Right. Yeah. That's an interesting take, I think.

Dave Bittner: Yeah, absolutely. I wonder how much, like- if you had effective spam filtering, would you even notice? Right? I don't know.

Joe Carrigan: No, there's nothing in my inbox. Sorry. You got the wrong guy.

Dave Bittner: No, but they probably have a- they probably said, oh, well, do a search for such and such and oh, okay. Well, that- that's a problem.

Joe Carrigan: Yeah.

Dave Bittner: You know, that sort of thing. Yeah. Interesting. All right. Well, we will have a link to that story in the show notes. My story this week, Joe, let me ask for- let me just start off here by asking you a question. Do you have a piano?

Joe Carrigan: Not anymore.

Dave Bittner: Not any- okay. So you- did you grow up in a house that had a piano?

Joe Carrigan: No.

Dave Bittner: Okay.

Joe Carrigan: But I did have a piano in my house until my daughter moved out and got her own house. And then we moved it over to her house.

Dave Bittner: She took the piano with her?

Joe Carrigan: Well, actually her- yeah, her husband and me and my son and or- yeah, three of us --

Dave Bittner: You are amateur piano movers?

Joe Carrigan: Amateur piano- it was like a Three Stooges episode, Dave. We almo- one of us almost got killed. When we- when the house got moved out, we said, we're going to let the movers handle that one. It was like an extra a hundred bucks.

Dave Bittner: Yeah. Okay. There is a famous Laurel and Hardy cartoon where they have to haul a piano up an incredibly long set of stairs which is --

Joe Carrigan: I've seen that.

Dave Bittner: And that set of stairs is still there. If you're out in LA you can go visit the set of stairs where they hauled the piano up the stairs, I'm told. Well, the piano that you had, was it an upright or a grand piano?

Joe Carrigan: It was an upright, it was a spinet, which is a very small piano.

Dave Bittner: But still heavy.

Joe Carrigan: It's- yeah. Still almost lethal.

Dave Bittner: Okay. Well, I am fortunate enough to have a baby grand piano.

Joe Carrigan: Oh, are you?

Dave Bittner: I am.

Joe Carrigan: Do you play?

Dave Bittner: I play a little.

Joe Carrigan: Okay.

Dave Bittner: Here, let me just play something for you here real quick. [ Music ] Yeah. Just, you know --

Joe Carrigan: Just a little bit.

Dave Bittner: Just casual, you know. I am a little rusty.

Joe Carrigan: Okay. Crack your knuckles once.

Dave Bittner: Yeah. But I was lucky enough to get this baby grand piano through my father who was a career realtor. And so he was selling someone a house, someone- he had a customer who was downsizing. They were moving out of a big house into a smaller house. And they said to my father, do you know anybody who might be looking for a baby grand piano? And my father said, whoa. I'm sure my son who loves pianos, because I do love pianos, Joe. I have a real I don't know, call it a romantic affection for pianos. I just think they're wonderful.

Joe Carrigan: They are. I'm with you on that. I love a piano.

Dave Bittner: I was lucky enough to be a music major for some time when I was in college. And one of the great things was many of the classrooms had full-size concert Steinway pianos in them. And there's just nothing like sitting down in front of a full-size piano and the wall of sound that comes out of a imposing instrument like that. That really caught my fancy.

Joe Carrigan: My college didn't have that. We all just had- they had rooms with uprights in them.

Dave Bittner: Yeah. We had that too. We had that too. So anyway, I say all that to say that the way I got this piano was my father said, well, sure, my son, I'm sure he'd love to have the piano. How much would you like for it? And the person said, oh, we just wanted to find a new home for it. We'll give it away for free. And so I got a free grand piano, and all I had to do was pay to have it moved. Okay? And that was a couple hundred bucks. Hired some piano movers, they went to their house, wrapped it up, put it in a truck, brought it to my house, brought it in, set it up, couple weeks later, had it tuned. Still have it today.

Joe Carrigan: You got to let it rest.

Dave Bittner: You got to let it rest. It has to get acclimated to its new environment. The temperature and humidity and all that kind of stuff. So I say that to say that there are occasions when people will reach out and say, I have a piano that I'm looking to find a new home for. Do you know anybody? And this is actually happening more and more because fewer and fewer people play piano. Fewer and fewer people have room for a grand piano in their home. And there's this whole generation of, you know, the baby boomers who grew up with pianos and they're looking to get rid of their pianos.

Joe Carrigan: I mean, I have an Akai MIDI keyboard that connects to my computer and a digital audio workstation where I can play things. But I don't have a piano.

Dave Bittner: This is also why if you go into any retirement home, chances are they have a really nice Steinway piano sitting in the lobby.

Joe Carrigan: Really?

Dave Bittner: Yeah. Because somebody moved into the retirement home, right?

Joe Carrigan: And they brought the piano with them.

Dave Bittner: They brought the piano with them, right? So --

Joe Carrigan: Good.

Dave Bittner: Because they got nowhere else to put the piano.

Joe Carrigan: Right. We'll put it here in the lobby.

Dave Bittner: It's not going to fit in their condo in the retirement home. So they put it in the lobby, and then there'll be one in the dining room and there'll be one in the theater. Like, there- there's just all these really nice hot pianos. If you're a piano person like me, you go to these places and you're like, oh, my God, somebody gave them this beautiful Steinway piano. And anyway, I've made this story much too long. And this is all to say that researchers at Proofpoint have been tracking a campaign that began back in January of this year that has sent out over 125,000 emails, mainly to university students and faculty here in the United States and also Canada.

Joe Carrigan: Every couple of years I hear on the radio that some university around us- I think the last one I heard was for Catholic down in DC.

Dave Bittner: Yeah.

Joe Carrigan: Maybe Maryland has done it, but they're liquidating their pianos. Because they get new pianos every couple of years.

Dave Bittner: Right. That's true. Yeah. They do turn them over. You know, they get- they take a beating with the students. So they turn them over. And so yes. That is a way that you can get a good deal on a --

Joe Carrigan: Used piano.

Dave Bittner: -- very used piano. Yeah. So what's happening is they are sending out an email that appears to come from someone in authority at the university or the college.

Joe Carrigan: Okay.

Dave Bittner: And they have a sample of one here. And it pretends to come from one of the professors of communication and media in the College of Fine Arts. And it just- it's very sort of matter-of-fact. In this case, it says, one of our staff, Mr. Derek Adams, is downsizing and looking to give away his late dad's piano to a loving home. The piano is a 2014 Yamaha baby grand, like new. You can write to him and indicate your interest on his private email. And then they list the email and it says, to arrange an inspection and delivery with a moving company, please write Derek Adams via your private email for a swift response. So, you know, there's nothing out of the ordinary about something like that.

Joe Carrigan: Yeah. Except that they're trying to move it to the private email.

Dave Bittner: Right. Right. That caught my eye as well.

Joe Carrigan: But- Yeah. But that's only because we're steeped in this, Dave.

Dave Bittner: Right.

Joe Carrigan: And we know that's a platform change, and that's bad. If somebody were to send this out, 90% of people would be like, oh, okay. I'll write Derek.

Dave Bittner: I would be all over this.

Joe Carrigan: No Derek.

Dave Bittner: Right. If I- when I was a student, or, you know, before I had my own piano, if something like this came to me, I would jump on this. And you know, a 2014 Yamaha baby grand, that's a nice piano.

Joe Carrigan: Yamaha makes a nice piano, dude.

Dave Bittner: They make a nice piano.

Joe Carrigan: Yeah, they do.

Dave Bittner: Yes. There's an old saying among piano lovers that the great thing about Steinways is that every one of them is different. And the great thing about Yamahas is that every one of them is the same.

Joe Carrigan: Right.

Dave Bittner: Right?

Joe Carrigan: And the Yamahas are beautiful too.

Dave Bittner: They are beautiful.

Joe Carrigan: They're well-made.

Dave Bittner: And they're- they sound great. Yeah. And they're just- they're super reliable and low maintenance. So a piano like this is probably worth somewhere between $9,000 and $15,000, something like that.

Joe Carrigan: Sure.

Dave Bittner: So this is a big deal. But if you respond, you'll get a message back from the shipping company that tells you all about, you know, how to get this piano, has the size of the piano, the cost of the piano. And it, again, it all seems very above board. And depending on how quickly you want the piano delivered to you, they will charge you between about $600 and $1,000. And they ask for payment via Zelle, or a Cash App, or a PayPal transfer, or, you know, some kind of online type of thing. They're not looking for you to show up or to pay cash on delivery, right?

Joe Carrigan: Yeah. Because that means they have to send somebody.

Dave Bittner: Right. And they purport to be coming from an organization called American Van Lines Movers Services. Sounds legit.

Joe Carrigan: Is that- that's a real van line. They're --

Dave Bittner: I think American Van Lines is --

Joe Carrigan: They're blue with circles in the logo.

Dave Bittner: I think that's right. I think that's right. So they're pretending to be them as well. But of course there's no piano, Joe.

Joe Carrigan: Right.

Dave Bittner: If you pay these folks for moving- by the way, let me just back up here. I mean, if you ask, they will send you pictures of the piano.

Joe Carrigan: Sure.

Dave Bittner: Right? If you ask to come see the piano in person, which I would do just to make sure the piano is playable --

Joe Carrigan: Right. That would be my thing. I want- what happens when you say I want to see the piano?

Dave Bittner: Right. Well, then they suddenly go away.

Joe Carrigan: Ah, okay.

Dave Bittner: And let's keep in mind, there's- they've sent out over 125,000 of these of emails about this. Right. This is a big campaign. So they don't have to have a very high hit rate to make a lot of money.

Joe Carrigan: Yeah. Sending out 125,000 emails is very cheap.

Dave Bittner: Yeah.

Joe Carrigan: Is there any indication as to how much money they've made?

Dave Bittner: I don't see that in the article here. But- oh, I'm sorry. You know what? I am- it is- it does say that in here. They- so one of the things in Proofpoint's research is they found that all of this link to a single Bitcoin wallet, and that wallet has over $900,000 in it.

Joe Carrigan: Really?

Dave Bittner: Yeah.

Joe Carrigan: Okay. So that's a pretty high success rate.

Dave Bittner: Right. Now, we don't know if this Bitcoin wallet is being used for other scams--

Joe Carrigan: Other things, right? Yeah.

Dave Bittner: -- it's possible. But any Bitcoin wallet with $900,000 in it is nothing to sneeze at.

Joe Carrigan: No, $900,000 is $900,000.

Dave Bittner: Right? So Proofpoint is pretty sure that this is a scam coming out of Nigeria.

Joe Carrigan: Okay.

Dave Bittner: They've traced it back to a Nigerian IP address. So I guess the bottom line here is heads up. This is a very convincing-looking scam, particularly if you are a- someone who's associated with a university like, oh, I don't know you, Joe.

Joe Carrigan: Yeah. Right. Maybe the Peabody Institute is about to get rid of some of Professor Dolby's old equipment.

Dave Bittner: That's right. And they also say that they seem to be targeting healthcare and food service providers. I don't- I'm not sure what that's about, but it- to me, it makes sense that they'd be targeting university students and faculty, you know, I suppose you have a certain level of education which might lead to a certain level of home that they'd live in, which means that they'd be someone who would have room for a baby grand, right? You're not putting a baby grand in your studio apartment. Unless you're a piano major.

Joe Carrigan: Right. Yeah.

Dave Bittner: Right?

Joe Carrigan: What's interesting about this is that if I was going to get a free piano, I would be okay waiting 10 days, right?

Dave Bittner: Okay.

Joe Carrigan: So the cost that I would be out there would be 600 bucks. But there are two other options for five-day and two-day delivery. And I think I'd just be like, no, 10 days is fine. Give me time to make room for it and all that. And I'll bet that's what, probably 95% of the people who fell for this scam elected.

Dave Bittner: Sure.

Joe Carrigan: So it's not a big money loss, right? It's not going to rise to the level of something where somebody has lost hundreds of thousands of dollars or millions of dollars. It's going to go unnoticed.

Dave Bittner: And also a 10-day delay is plenty of time for these --

Joe Carrigan: Plenty of time to move that money around.

Dave Bittner: -- scammers to get out of dodge. And I was- I suspect that they're probably sending you updates along the way.

Joe Carrigan: I wouldn't imagine they have that automated.

Dave Bittner: Good news. The piano is packed up and here's a picture of it in our truck, you know.

Joe Carrigan: It'll be there tomorrow at two.

Dave Bittner: Right. Right. Be ready. Standby. Oh, bad news. The truck had a flat. You know, it's --

Joe Carrigan: Well, that- I think once tomorrow at two shows up, that's when all the communication stops.

Dave Bittner: Right. So buyer beware. I have to say, this kind of breaks my heart as a lover of pianos, and I sort of empathize that how I would feel if I fell- like this one would hit me hard, Joe. If I was excited that there was a Yamaha baby grand in my future --

Joe Carrigan: Yeah.

Dave Bittner: And --

Joe Carrigan: This is- you know, how we often say, this is one of the things that might work on you. And not only that, but you would be emotionally vested and disappointed. And it wouldn't be so bad that you fell for the scam. What would really hurt the most is that there is no piano.

Dave Bittner: Right. I think I would also be embarrassed-

Joe Carrigan: Of course.

Dave Bittner: -- that I lost the money, so I wouldn't- although, you know what? I would probably tell everybody I knew about this great piano that was on the way. So I'd have to own a- I would- you know what I'd have to do? I'd have to go out and buy myself a Yamaha baby grand piano just to --

Joe Carrigan: That's the solution.

Dave Bittner: There's my free piano right there in the corner. Where's my wife? Oh, she moved out. Because I spent $10,000 on a grand piano that neither of us really needed, but just to save face. Yeah. Yeah. You know, I had a piano teacher who had two grand pianos in his house. Yeah. Because he was a piano teacher, and his wife was a jazz pianist and- or I'm sorry, a jazz vocalist. And so in his home, he had two concert grand pianos, a white one, and a black one, and they were kind of tucked up together. You know how the pianos have the curve in them?

Joe Carrigan: Yep.

Dave Bittner: So they were tucked up together, facing each other.

Joe Carrigan: There were a couple of sisters that used to play piano like that and performing, I can't remember what their names were, but they were- in my- where I went to college, apparently, there was a professor, a physics professor. He has since passed, but he had a pipe organ in his house.

Dave Bittner: Oh, yeah?

Joe Carrigan: And he would play that over the mountains.

Dave Bittner: I've seen that. I've seen that. Yep. Yep.

Joe Carrigan: I'd love that.

Dave Bittner: [multiple speakers] his next door neighbor, you know. Oh, Bob over there thinks he's the phantom of the opera.

Joe Carrigan: Right.

Dave Bittner: Right.

Joe Carrigan: Well, good. Here comes Johann Sebastian Bach again.

Dave Bittner: Right. You got to practice at two in the morning, Bob? Come on. Yeah. I think- there are no headphones that plug into that pipe organ. [ Laughter ] All right. Well, we will have a link to this story in the show notes. And, you know, buyer beware.

Joe Carrigan: Right. Dave, I can tell you're very sad about this. This one really does affect you.

Dave Bittner: It does. I am very- I do love a piano. I just can't help it. It's one of those things I have great affection for, big old analog grand pianos. It's just something I love about it. Nothing like it.

Joe Carrigan: I'm like that with pachinko machines and pinball machines and things like that.

Dave Bittner: I see. And everybody has their thing. Everybody has their thing. All right. Well, those are our stories. It is time to move on to our catch of the day. [ Music ]

Joe Carrigan: Dave, our catch of the day comes from Chuck, who writes, Dave and Joe, these all ended up in my junk mail, but I'll bet on some platforms they're getting through. I am either the luckiest man on earth, or these are all scams. Well, guess where my money is. Chuck. Look at all these lookalike domains. They all came within a 24-hour block of time. I hope your listeners are savvy enough to see through these obvious phishing emails. Dave, I have forwarded the email that Chuck sent along to you.

Dave Bittner: Yep.

Joe Carrigan: And Dave, I think it might be sufficient for you to just go through and just read the subjects of these different emails.

Dave Bittner: Okay. Let's see. Final notice, you are our February winner iPad Pro. Final notice. You are our February winner 36 piece Tupperware set. Final notice, you are our February winner, Carote 11-piece pots and pans set. Second attempt. You are our February winner, Bose wireless headphones, Shell gas station gift card, shipment pending, Samsung S24 Ultra. Second attempt, you are our February winner Ryobi 156-piece mechanic tool set.

Joe Carrigan: Ah, there's the one that would work on me, Dave

Dave Bittner: JetBlue Airlines notice, you are our February winner. Open immediately. Final notice, Free Grand piano. [ Laughter ] Oh, well, see, they got me again.

Joe Carrigan: Yes. Yeah, they're all different. They- you know, they're all kind of different. They're all marginally different. Like the one that says you have a Ryobi 156-piece mechanic tool set. We have a surprise for Lowe's users. Start your day with our best rewards. Get started. Don't click on the link. Don't click on the link, Joe. That's the thing that would tempt me the most, is the Ryobi tool set. Because I need a new cordless drill, Dave.

Dave Bittner: There you go.

Joe Carrigan: The only drill I have right now is my very old craftsman quarter horsepower corded drill. Very reliable. Pain to use because you have to always find the outlet.

Dave Bittner: Yeah. Do you know who invented the portable cordless drill, Joe?

Joe Carrigan: The portable cordless- is this going to be something like Jerry Lewis or?

Dave Bittner: No, no, it's just- it's a couple of local fellows to you and I.

Joe Carrigan: Oh, really?

Dave Bittner: Yep.

Joe Carrigan: Are they, oh, Black and or Decker?

Dave Bittner: Black and Decker. Yeah. They invented the electric portable drill. That was their claim to fame.

Joe Carrigan: And they're right up the street there in Baltimore, Hunt Valley or something like that.

Dave Bittner: Yeah, it used to be anyway. I mean, they're, you know, they've been bought up and traded and homogenized.

Joe Carrigan: They are now part of happy Global Hyper Mega --

Dave Bittner: Right. Exactly. Exactly. But, you know, still have some of their tools. There you go. All right. Well, we would love to hear from you. If there's something you'd like us to consider for our catch of the day, you can send it to us at hackinghumans@n2k.com or write it on the side of a box of a Ryobi cordless drill and send it courtesy of Joe Kerrigan N2K care of DataTribe, Fulton, Maryland.

Joe Carrigan: There better be a drill in there.

Dave Bittner: That's right. Coming up next, Dr. Chris Pierson, CEO at BlackCloak, he's talking about some of the social engineering attacks he and his colleagues have been tracking. [ Music ] All right, Joe, we are back. And always great to have Dr. Chris Pierson on the show. He is the CEO of an organization called BlackCloak. And their claim to fame is looking out for high-net-worth individuals, but also folks who are at high levels in organizations. So if you're the CEO of a big company or the CFO of a big company, the types of people that you and I always talk about having targets on their back. BlackCloak takes care of those folks. Because they have very specific needs that mere mortals like you and I don't have to look out for.

Joe Carrigan: No, no- nobody ever calls me asking me to move millions of dollars out of Hopkins funds.

Dave Bittner: Right, exactly.

Joe Carrigan: I don't even have a, one of those credit cards that we use. I have to ask somebody to- I had to ask somebody the other day to buy me a little tiny memory card.

Dave Bittner: Right. All right, well, here's my conversation with Dr. Chris Pierson. Chris, you and I crossed paths a bit randomly probably about a week or so ago. And you pulled me aside and you said, you know, Dave, I listen to Hacking Humans and some of the stuff you guys talk about there is the kind of stuff we at BlackCloak deal with every day. And I said, well, come on the show, come back on the show and you know, just bring us up to date. I mean, it- it'd be great to check in and get a sense for the kinds of things that you all are seeing being right in the middle of all this.

Chris Pierson: Yeah. I mean, what- what's interesting is that we're seeing some of the old tried and true scams and fraud tactics being applied not just to the everyday common Joe, but to folks that have means, folks that have money, folks that have influence and power, and they're being run through the gambit. And it could also be that it's those folks that are highly targeted, but it's their significant other. Yes. The corporate executive and their personal life knows that, you know, they're not going to go from a alert of cryptocurrency to all of a sudden they're on the phone next with the Federal Trade Commission to on their phone next with the IRS and they're giving up all sorts of data, but the significant other that's not working, they don't know that. They haven't had the training. And so these targets are rife. It's literally, what we're seeing is both on the corporate side, executives and their significant other, husband, wife, spouse, significant other being targeted in their personal life because they know they're people of means. The about us leadership page just says it. It's like these people lead a big successful company. They probably have money, and we're not seeing a, oh, let's get them for $1,000, $10,000, even $100,000. Like, we're seeing this at $300,000 to $3 million each and every week. Separately, on the, high-net worth site, like family offices, venture capital firms. Oh, my gosh, venture capital firms. I even talk about that for a second. But I mean, we're actually seeing those being targeted. We just put out a press release, our threat intelligence team, maybe about four weeks ago, put out a press release saying, we're seeing the explicit targeting of venture capital firms and the actual venture capitalists themselves who have actually backed wallets like a Coinbase as well as other things in the crypto area and crypto marketplace. And they're like, they're being targeted for scams of the wallet for scams in crypto because they know that once you steal the asset, it has gone forever. And people say, well, who would've thunk of that? Well, the cyber criminals. Right? Nation states that cyber criminals targeting those especially.

Dave Bittner: Can you give us a sense for who is doing this? I mean, are- the folks who are going after the high-net-worth individuals, would you consider this to be a more elite group of scammers?

Chris Pierson: So a few different things. Number one, the same scammers just paying attention more to publicly available lists, philanthropic activities, family office lists, people that are exiting businesses. So we are seeing that and have it be a breakout of those groups, number one. Number two, totally separate group of folks. The cadence is different. How they talk is different. It's sort of like, you know, customer success for, you know, One800, maybe the airplane makes it there or not.com, where you pay for the seat belts and all the rest of stuff. Versus you know, versus the, hey, you're on the first class lounge of the, you know, whatever British Airways flight. You know, it's like two entirely similar functions, but very, very different people behind the phone lines. And we're seeing the same thing. Two very, very different scammers and threat groups behind the phone lines. And one is a longer play, one is a more dedicated attack surface and threat intelligence service coming back in on the research ahead of time. And so they're targeting more effectively, more swiftly and as a result, little bit slower, but they're getting 50 grand, 500 grand, they're getting more money, bigger returns. And so we're seeing both, yes, some of the low and slow stuff, but we're seeing dedicated threat actors there. And a lot of them are actually right, super-duper closely tied to nation states. They're using it to get around what the anti-money laundering sanctions and the other embargoes that we have in place.

Dave Bittner: Well, can you walk us through what something would look like here? I mean, I'm- I guess I'm particularly intrigued by when you talk about these high dollar amounts that somebody could be taken for hundreds of thousands of dollars even into the millions, how do they go about doing that?

Chris Pierson: So a few different things. If you're going to hear and see all the same things that you've heard before, but they're very, very specific. So let's just do business email compromise, right? Real estate transaction. You've talked about this a number of times, except in this case, the real estate agent that's been targeted and the email server that they have control there, or the lawyer, they're waiting until that, hey, it's the penthouse in New York City and that $10 million and hey, we have to get that into escrow, that comes across. Same tactics, they're targeting different real estate firms, different types of lawyers. It's actually easier in the higher end because they have smaller practices. They don't have all the institutional support you would usually have at a, you know, larger, more well developed firm. And it's the same thing, right? Get into email, hey, no, it's not, you know, account number 1234 at, you know, Acme Bank. Instead, we're going over to Charlie Bank and it's account number 5678. The problem is that the escrow amount isn't, Dave, isn't, Dave our escrow amount, right?

Dave Bittner: Right, right. Still the biggest check I've ever written in my life, but, yeah.

Chris Pierson: We're talking about an escrow amount of hey, you know, 3 million, 5 million, 10 million in terms of different things there. Sometimes it's just what the amount is needed for taxes and tax coverage. Because sometimes these deals are actually like all cash deals, but changing the details at the last moment in time. What's even cooler about this population is that from a scam perspective, sometimes it's not the individual in the know the actual person who's buying the place that's actually doing involved in the transaction. It's their chief of staff, it's their number two. They all have helpers that are in high net worth place. So it's easier for them to actually get swindled because it's like, a yes. Okay. And then that person says, hey, we have to go in and take care of the wire. And they send it off to, once again, somebody else who is in the family or the family office making that. So similar tactics, different attack targets, different mechanisms on how to get there and run really, really cool. So that's one example. The other one was, and you talked about it a few weeks ago, the putting $75,000 in a shoebox duct-taping it, giving it to the car who drove down the street, right? That scam happened in November. And the person that's a victim is extraordinarily brave and really helpful that she actually has- is talking about it, has taken a step forward. But that whole role of how do you switch someone from, there's a threat to where CIA agents to something is going on with your bank. We want to make sure you have cash, grab the cash. We've been seeing those being successfully run since September. And they're all of those amounts, but in terms of like, you know, some of the things we saw in our clientele is that each bank account they had, they wanted $50,000 from each bank account. Literally, we're talking about $250,000. And in those scams that we've seen, some of them have actually been a person from the FDIC is going to show up at your front door, a blue windbreaker. And you may say, well, the FDIC wouldn't do that. We all know, but same scam, some precipitating issue that causes your brain to go from the left side rational thinking into that right fight or flight impulsiveness got to act quick- quickly, and all the rest. And we see the scammers actually targeting those quick hits before that upper echelon area. So it's like that same scam just done a little bit differently. And finally, big one we see a lot of is the tech support scam. Folks that are looking for the One800 number for every- everyone uses an HP printer, an Epson printer, whatever it is. Everyone use the same thing. The Amazon phone number, the Apple phone, all the rest of these phone numbers out there, whether you have $10 million, $100 million dollars or $10,000 or $10 in the bank, you do the same thing. You Google it, you look for it, or you get some type of incoming popup and you're like, oh, my gosh, I got to act. As soon as they have you on there, right? The most interesting thing though is in terms of these, right? They're there, they have the screen support on, they're actually watching you pay the 4,999 or the 49995, but then they see your bill and it's like, okay, hey, but they actually, something went wrong. We need to do something else. And they're going for the $10,000, for the $20,000, for the $50,000, for that one support phone call. And they're able to get in and kind of get their hooks in people's machines. But it's still similar tech support scam, just modified differently. You might say, in some cases a literal higher echelon of attacker, a threat attacker, because of the scripts that they're doing and how smoothly the transactions are happening. These calls don't have people yelling at them or threatening them like we've heard from many others before. This is smooth operation all the way through. It's what the people are used to.

Dave Bittner: I mean, it's, it's just kind of like I don't know if I go out and I, and look into buy a car, right? And I go down to the, you know, no name used car dealership down on the corner, you know, that's being run out of a, you know, a portable trailer, you know, I- I'm going to expect a certain kind of service and all that kind of thing. But as I make my way up the automotive food chain, you know, to a Ford or a Toyota and then a Lexus, and then ultimately a Mercedes or dare I dream a, you know, a Rolls Royce or something like that, I'm going to expect a different level of service. But I could also imagine that that salesperson, the successful salesperson may have worked their way up that food chain, you know, learned in the lower echelons. Do you suspect that that's something that happens here? That the truly skilled folks- I guess what I'm asking is you- do the call centers have internal tiering for their own folks to come at this?

Chris Pierson: I think in some cases they do, but I think more so it's, they're happening in some cases with those groups, they're happening on the higher threat value, the higher jackpot, so to speak, in terms of what they're able to do. And it's like, oh, hey, we have this person who seems like they might be someone who is less technologically sophisticated. Someone who says, oh, they're a widower or something. Or, oh, someone who says whatever and we can get a bigger take on it. But we do know for sure, based off the threat intelligence we've seen on the data broker side and the deep web, dark web side, those groups of audiences that have been in and around philanthropic activities, public charities, donations, exit. Exit lists are huge. They are being targeted. And so it may be the higher echelon within those groups that are actually doing the targeting. But it's fundamental math is instead of going ahead and trying to hit a hundred people for $1,000, why not hit one person for $100,000? And you know, you try 10 of them a week you're going to spend a little bit more time on the con, you're going to spend a little bit more time on the scam. But also those people, they don't really have the experience or the- they haven't seen as many of these unless they've been educated in it, both from the corporate perspective or heard of something there. I have a feeling it's just context shifting and saying what worked here will work there. It's almost like remember the movie was Wolf of Wall Street and the scene it's like he's starting out at the big- he is starting out at the big firm, but then the everything tanks that one day and he goes to a penny stock place and it's at the penny stock place that he tries this you know, higher end sales tac- tactic of well sell the penny stock. And the way he goes about it, the way he goes about it in terms of selling is a super high end and everyone else in that kind of call center is doing a low end job. But then they're like, wow, why don't we just do what he's doing? Because that sounds like that is going to reach success.

Dave Bittner: Right.

Chris Pierson: I almost feel like it's a little bit of that. You know, yes, direct targeting, but also a little bit of the, oh wow, this is actually a new interesting avenue.

Dave Bittner: So there's quick evolution and iteration, I guess within these places. If something works, then it can take off like wildfire.

Chris Pierson: Oh, the AB testing on these things is amazing. Absolutely amazing. Some of the fastest business iteration, we saw the about a year ago, literally a year ago, we saw the alert of, hey, something is going on with your account and we need to go secure it to, hey, we can help bring you to the bank. And then the bank said, well, we can help you on this, this, we need more information. They grabbed their date of birth account numbers and stuff like that. And then they're like, oh, you have identity theft and we know because we also run an identity theft center. And they're like, okay, yeah. And then they passed you over to the FTC. Was that scam? That's actually the same type of similar scam as the right into the female journalist experience, right? Of the scam then went into the CIA, then went into the bank, then went into the, it's- right? They're just improving the nuances of their call sheets, so to speak, with what works, what gets people excited or in a state where they can't think rationally. It's- there's a good book out there called the Chimpanzee Paradox where it's like, it's left brain, right brain thinking as soon as you head down that right path, unless you can either get someone to help you who is not involved and say, hey, that doesn't sound right, or slow down time, you can't win because your mind's already rolling in that pathway.

Dave Bittner: I'm curious, you know, I guess it's fair to say that much of the work that you and your colleagues there at BlackCloak do, you're working with high-net-worth people. And this is a funny question to ask, but like, are they different from you and me? Or do they --

Chris Pierson: Well, Dave.

Dave Bittner: What I- well, I mean, and I- take the question in the spirit in which I'm asking it, which is to what degree do, because of their station in life, do they have a false sense of security? Do they feel insulated or is it the opposite where they feel like they have more to lose?

Chris Pierson: It's an interesting question. I think COVID did change a lot of things here in this area. So first of all, corporate executives, board c-suite, executive leadership team in their personal lives, they're also "high net worth" individuals. I think for the actual individuals themselves, like getting in that education is essential because it helps stop things. But they do lead very, very different lives. They have handlers at work and they have handlers quite honestly, in their personal lives as well. And so they do lead very, very vastly different lives. And they're not involved in the, let's just call it the internal operations of their home as much as someone else who's not in that position. You know, the CFO for Acme retail giant store, their ti- home time is precious. They're going to spend it, you know, entertaining with the family, with the- not doing finances or legal stuff or trusting estate work and all the rest. And so as a result, most everything is someone else will take care of it. I'm not as involved. And that's where some of the fraud and scam potentials are. Because they have multiple different constituencies involved. On the pure high net worth, ultra-high net worth, celebrity, sports star, rockstar, politician side, it also is very, very similar. They have third parties that they actually use for their wealth management platforms, finances, and all the rest that sometimes can add extra layers of complexity. They also can be good lookouts for this isn't normal, that the person sending $10 million to a foreign bank as part of the pen- as a part of their penthouse purchase. They would only deal with US banks like this- that doesn't sound reasonable. Let's go ahead and stop it. But these folks have folks- these individuals both, executives and high net worth, ultra-high-net-worth individuals, they actually have people that pay their bills, do full bill pay, do all their taxes, run their homes, run all of those things as different legal entities, some of whom are part of their own family offices, some own philanthropic organizations. So yeah, it's actually, Dave, I'm sorry to say it's- it is really actually different from our lives. And as a result of the increased demands that they have professionally and the complications there in their personal lives, there are many more people that are involved. And as a result, it makes them a really attractive target. Maybe even easier to find a weak spot in the armor than a straight person who is, you know, kind of the straight family who is saying, look, I control my checking account. I control my savings account. I know where the checkbook is, I know what the dollar amount is on the app and all the rest and therefore, I know when something is wrong and I can spot it immediately. The folks potentially in the BlackCloak area, you know, they sometimes are a little bit removed, some of them. [ Music ]

Dave Bittner: Joe, what do you think?

Joe Carrigan: It's- this was particularly interesting to me, Dave. I like to look at how these bad guys think, and one of the things that they do is they know their targets. They say, hey, the CEO may be trained to protect the company, but we can target their spouse. They may not be so aware and are probably not getting the training, right? Maybe it's time for companies to say, you know what? We're also going to require that your family take this training as well. It might not be a bad idea.

Dave Bittner: I just think it's so despicable that they're going after kids.

Joe Carrigan: Yeah. Yeah. That is awful. I- I'm with you on that. That is just- we like to think that kids are out of bounds. And here in America, we even, you know, like even in politics, we think that, right? And I can think of no more deeply divided and actually disgusting field than politics. And even there, there are standards where the kids are out bounds and these guys are lower than that.

Dave Bittner: Right.

Joe Carrigan: So yeah, they're going after the CEO's kids and the, you know, the officer's kids and maybe even higher management VPs and things like that. Attacks on family offices have the potential for huge gains, right? Because you're probably not going to wind up attacking the actual people that are in the family, the wealth holders, you're going to wind up attacking their managers.

Dave Bittner: Right.

Joe Carrigan: Who are people they hire to be like accountants and handle the taxes and things like that. Just the day-to-day operations. It's interesting that venture capitalists are getting scammed based on the things they've supported in the past, like crypto wallets.

Dave Bittner: Yeah. Yeah. That doesn't surprise me, but I think it is interesting. No, and it speaks to that sort of digital trail that you leave behind of your past business dealings. You know, the VCs all like to brag about things that they've done.

Joe Carrigan: You look at the venture capitalist LinkedIn page and he'll have everything he's ever done on there.

Dave Bittner: Right.

Joe Carrigan: Right. Interesting that there are two groups of people, the same old scammers who are paying attention to the news. They know when somebody sold a company. I have an uncle that sold a company and he got a good deal of money for it. I remember when he did that. And then there are the people who go for the longer play, and they're generally better at their job, but they're going to wind up getting more money. So be on the lookout for those guys. Interesting is some of these are tied to nation states. I can bet there's one nation state in particular that likes doing this.

Dave Bittner: Right.

Joe Carrigan: And they're using some of the tactics to attack smaller, more boutique firms that can't afford to have the big security budgets that larger firms have. And these are firms that generally cater to these high-net-worth individuals. So if you can find a firm that has a small group of very wealthy clients, that firm probably makes a lot of money.

Dave Bittner: Yeah.

Joe Carrigan: So if you're a bad guy, you can target them. And probably steal a lot of money.

Dave Bittner: Financial advisor, or something like that.

Joe Carrigan: Yeah, exactly. Again, we hear how these scams short-circuit people's thinking, doesn't matter who you are, don't think that you're invulnerable to this. This is happening to everybody that gets hit by these things. They get the crap scared out of them, and then they're just like, I've got to do something to handle it. They got the fight or flight mechanism kicked in, their amygdala is doing the thinking, not their frontal cortex.

Dave Bittner: Yeah.

Joe Carrigan: And that's bad. It's really good for these scammers, really bad for you. And like I'd like to say, that's great when you're out in the woods and there's a bear. It's wonderful.

Dave Bittner: Right.

Joe Carrigan: Right. But it's not great when you're on the phone with somebody that's trying to tell you they're from the IRS and that you're going to go to jail. That- it's- that's when it fails or when it stops working so well. We also hear about the tech support scam happening to these people. Same kind of scam going on. There was an- you guys had an interesting discussion around the AB testing and how quickly it happens. I like how Chris describes this as some of the fastest business iteration. And it happens with these scammers, right? They're iterating quickly through these ways to do things and they know what works. And they get you into that state of mind where you comply with them and they just start taking the money or having you send them the money.

Dave Bittner: Yeah. Yeah. And you know, you just think about the volume of work that they're doing. If you're someone working in a call center and you're spending all day, every day trying to scam people out of their money, you're going to figure out pretty quick what works. And I mean, I'm sure at this point the organization gives you a winning playbook to start, but then you're going to find whatever works for your own particular skills. All right. Well, our thanks to Chris Pierson for joining us. Again, he is the CEO at BlackCloak. And we always enjoy talking with him. Always time well spent. [ Music ] And that's Hacking Humans, brought to you by N2K CyberWire. Our thanks to the Johns Hopkins University Information Security Institute for their participation. You can learn more at isi.jhu.edu. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review on your podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at n2k.com. This episode was produced by Liz Stokes. Our executive producer is Jennifer Ivan. We're mixed by Elliott Peltzman and Trey Hester. Our executive editor is Brandon Karpf. Peter Kilpe is our publisher. I'm Dave Bittner.

Joe Kerrigan: And I'm Joe Carrigan.

Dave Bittner: Thanks for listening. [ Music ]