Hacking Humans 7.18.24
Ep 298 | 7.18.24

Welcome to a new age in digital deception.

Transcript

Dave Bittner: Hello, everyone. And welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Carrigan. Hey, Joe.

Joe Carrigan: Hi, Dave.

Dave Bittner: We've got some good stories to share this week. And once again we're joined by our N2K colleague, host of the "T Minus" space daily podcast, Maria Varmazis. Maria.

Maria Varmazis: Hi. I'm here.

Dave Bittner: All right. We will be right back after this message from our show sponsor. [ Music ] All right. We are back and before we dive in to our stories this week we have some great news to share for us, for our listeners, for the podcasting community at large. Maria is joining us now every week on our show. So we went from -- yes. We went from having her only being on occasionally and then we were able to have her on every other week, but we've done some juggling around of schedules and we're thrilled to say that Maria's going to be with us here every week. So, Maria, welcome. We are happy to have you join us.

Maria Varmazis: Thank you for tolerating me. I appreciate it. I'm glad to be here.

Joe Carrigan: We do much more than tolerate you.

Dave Bittner: Yes. That's right.

Maria Varmazis: I'm honestly really delighted to be here. I love this show so I'm really glad to now be a part of it. So it's very exciting. I'm really glad to be here.

Dave Bittner: All right. Well, let's go ahead and jump in to our stories here. Maria, why don't you kick things off for us?

Maria Varmazis: All right. We're going to start with everybody's favorite pill supplement scams. Let's just -- let's just get in to it. Sponcon pill supplement scams. Always an issue. This is nothing new, but it's always getting worse so I thought I would share a new wrinkle in how it's getting worse. So for folks who may need a familiarizer pill supplement scams and sponsored content scams they sell fake health and wellness products. So low cost miracle products or treatments that promise to cure any amount of chronic diseases like arthritis, diabetes, cancer. There was a really interesting blog post that inspired my story today by our friends at Bitdefender Labs that analyzed global health related scams over three months from March to May of this year. And they uncovered some interesting and I would say also concerning trends. Basically AI, big surprise, is just hitting the gas pedal on the incredification, to put it politely, of these malicious sponsored content hosts. They are now allowing scammers to hyper target potential victims in languages and geographies that maybe were not previously available to them or in the spotlight. So a lot of these scams, no surprise, they were happening online. They were happening on Meta's platform. So pick your poison. WhatsApp. Facebook. This is your Instagram. Yeah. I write. I know. I was ready to be like, "Never." Again --

Joe Carrigan: Meta is allowing scam ads on their platform?

Maria Varmazis: I know. And I know this will also shock you, but often pages that are farming likes, you know reposting terrible AI art or videos that have been stolen from some other platform, they're getting bought and sold on the dark web. And then maybe getting rebranded and start churning this crud out. I know. I know. You're shocked. All right. So as with many spammy sponcon posts nowadays we've all seen them. I know I see them all the time. You have AI generated images, videos, and our favorites, deep fakes, to create convincing content. So like having medical professionals like Brad Pitt telling you why you need to buy this supplement. You know.

Joe Carrigan: Now hold on. Hold on. I will say this. If Brad Pitt were going to tell me something about acting, I would listen. He is in my top three actors.

Maria Varmazis: But a diabetes cure? Diabetes?

Joe Carrigan: Yeah right. I don't think -- like I'm going to listen to Wilfred Brimley before I listen to -- the late Wilfred Brimley before I listen to Brad Pitt, beautiful in shape Brad Pitt. I'm not listening -- he doesn't have diabetes.

Dave Bittner: No. No.

Maria Varmazis: Excuse you. Diabetes. No. I'm sorry. Has there been a deep fake of Wilfred Brimley is my other question. But I'll just leave that one there. But as you might -- as you might suspect, beyond Brad Pitt and other notable professionals like himself they -- these scammers are now using deep fake tech to impersonate more localized medical professionals like Dr. Heinz Luscher, Dr. Yan Sula, Dr. Fekete Andre. These are people whose names I do not know or recognize, but I am not the target audience here so I'm not supposed to. And it's notable to me that it's not just doctors that are being impersonated on this hyper local scale. Bitdefender found a boosted sponsored post impersonating a well known Romanian priest that gathered over 6,000 reactions and 900 shares. Interesting. So in all from just March to May of this year on these various platforms that we've mentioned they found over 1,000 deep fake videos of this nature promoting over 40 different kinds of fake medical supplements in Romanian, Italian, Spanish, Portuguese, German, French, Russian, Czech, Slovak, Slovene, Latvian, Lithuanian, Hungarian, Bulgarian, Polish, Greek, Croatian, and more.

Dave Bittner: Wow.

Maria Varmazis: And more.

Dave Bittner: Well done.

Maria Varmazis: Yeah. Thank you.

Joe Carrigan: Is that 100% of the romance languages? You got Italian, Romanian, Spanish, Portuguese, and French.

Maria Varmazis: You've got some extras in there that are not romance.

Joe Carrigan: Right.

Maria Varmazis: Yeah. Yeah. It's a lot. So yeah. Scammers are crafting these highly personalized and contextually accurate messages in the target's native languages with correct grammar. Sometimes even with like idioms that are correct. So that allows these scammers to evade the obvious alarm bells when scams sound off. You know, like it doesn't sound like they -- somebody wrote this who knows my language or, you know, it's in English and I don't really speak English primarily. So they can now target entirely new groups of people who may have been excluded unfairly when scams were often more largely just in English or primarily in English. So yeah. They've opened up a whole new pool of potential victims.

Joe Carrigan: Here's one place where equity might be bad. Right?

Dave Bittner: Right. I guess --

Maria Varmazis: Yeah. Go ahead.

Dave Bittner: Selfishly you could say, "Well, that makes it less likely that they're going to be coming after me."

Joe Carrigan: Oh yeah. Good point.

Maria Varmazis: It's not a force multiplier at all.

Dave Bittner: It's not a zero sum game either, I guess.

Joe Carrigan: Right. And there are going to be more of these guys so I don't know that this makes it any less likely that you're going to get hit.

Dave Bittner: Right.

Maria Varmazis: That's right.

Joe Carrigan: Over time I should say. Maybe initially.

Maria Varmazis: Yeah. And sadly these scams do operate in ways that are familiar to I'm sure all our listeners that they prey on the already quite vulnerable. So people who are medically or financially vulnerable or both. They especially target the elderly. And especially now geographies where these scams were really not prevalent before. So awareness may be quite low or it might be outdated. So in one case they found some cases of media scanned pages that these social websites will refer people to and instead of doing an obvious like hey a clone of CNN where maybe the target doesn't read pages on CNN because again not in their language they actually are cloning media websites that are local to them. So like their national or regional website. So again it's they're really hyper targeting people and they're getting really good at what they're doing. As for the messaging you see in the scams, again familiar to a lot of us. They prey on skepticism of the medical establishment. You know, these supplements are 100% natural, whatever that means. The pharmaceutical companies or doctors can't be trusted or they're hiding things from you. And it's complete with those hyper localized deep fake videos from those local experts of doctors whose names I don't recognize giving fake pseudo scientific sounding explanations about why that totally not a scam supplement is actually real. One thing I thought was very interesting about their findings among many things was unlike a lot of the English scam pages, these websites themselves are not actually looking to scrape or steal credit card or financial info because they're not actually asking for that. They often will just ask for a name and phone number. And then the potential victim gets a phone call in their language asking them for the financial info and that's where the problems really start. And potentially even worse you actually might get the supplements you've been trying to order after being up sold. And those supplements are probably extremely dangerous or at the very least very dodgy.

Joe Carrigan: The best thing you can hope for there is that nothing happens. Right? It's a placebo.

Dave Bittner: Well, and I know also a common additional scam with a lot of these supplement companies is that they sort of sneak by the fact that you're not just signing up for a shipment. You're signing up for a subscription. Right? So every three months you're on the hook for $150, you know, worth of I don't know, you know, ground up camel toes or something. Whatever.

Maria Varmazis: [Laughs] yummy.

Dave Bittner: Delicious.

Maria Varmazis: Yeah. The recurring charges are a big one that, you know, Bitdefender on their blog post was saying, "Watch out for that one." But so I mean our listeners I'm sure many of them think, "Oh. I would never fall for something like this." You know, don't buy supplements online from spammy websites it is very easy for us to say. But to me the fact that these scammers are now able to hyper target people who may not have been aware of these scams or thought they didn't apply to them is very concerning. So to me it would be maybe get the awareness out to our friends who are multilingual that scams -- there used to be sort of common thinking. I know I used to hear it. That scams wouldn't bother our little language because we're too minor for that. They only go after the big guys. There are no -- there are no -- it's so easy to do now it doesn't matter. You can cast that wide net. Or my favorite. Only Americans would fall for these scams because our healthcare is garbage. That was another one I would hear a lot. I'm too smart for that. Only -- I'm too smart for that because only Americans fall for that. So I'm sorry. People fall for this stuff all over the place.

Joe Carrigan: Absolutely.

Dave Bittner: Wow.

Maria Varmazis: Yeah. Yeah. That was my favorite. I would hear that one a lot. So tell your friends to make sure that they're only ordering from legitimate places. Make sure that they research any website they might be thinking about. Make sure it's legit. Of course be skeptical of ads that are promising quick fixes. Avoid aggressive sales tactics on any -- anybody who's trying to sell you something with a hard up sell is probably doing something dodgy. And keep an eye out for those recurring charges. So yeah. Things to keep in mind.

Dave Bittner: You know what this made me think of that I hadn't really considered before, this combination of fake imitation websites, but also deep fakes, which is that I think it would be really convincing if someone were to spin up a fake version of my local news affiliate website. You know, think about -- like I think about my parents' generation who very much relied on and still very much trust their local news anchors.

Joe Carrigan: Right.

Dave Bittner: Right. Like that is, you know -- they still that's where they get their news, their weather, their sports. That sort of thing. So if you could spin up an imitation website that my parents, for example, would think is local, and those are people I trust, I've been watching them for decades in some cases, so you combine that with some deep fakes and it'd be really convincing.

Joe Carrigan: Deep fakes of Mallory Sofastaii would be --

Dave Bittner: Right. Right. Friend of the show Mallory Sofastaii. Who works for the local --

Joe Carrigan: WMAR?

Dave Bittner: Yeah. Local news affiliate.

Maria Varmazis: There's plenty of footage to go off of to make those deep fakes. Not that you need a lot of it anyway, but and also those local websites. I don't know about yours where you live, but ours where I am they always looked really spammy anyway. At best extremely dodgy to begin with. So how can you tell if it's a fake website? The legit ones already look kind of fake anyway.

Joe Carrigan: Right.

Dave Bittner: Yeah. It's true. They're always loaded up with those spammy ads.

Joe Carrigan: They are.

Dave Bittner: Yeah.

Joe Carrigan: I was looking at one yesterday. It was terrible. Earlier this week. It doesn't matter. I was looking at one. It was awful.

Maria Varmazis: Yeah.

Dave Bittner: All right. Well, that's interesting.

Maria Varmazis: Hard to tell. Yeah.

Dave Bittner: Yeah. Good stuff. You say this is from Bitdefender?

Maria Varmazis: Bitdefender. Yes. Their research. Yep.

Dave Bittner: We'll have a link to that in the show notes. My story this week comes from the folks at NBC News actually, and this is a story about a couple of women who've been charged in romance scams that go all the way back to 2009. So yeah. Decades or I guess a decade and a half.

Joe Carrigan: They've been at this for a while.

Dave Bittner: Right. And they -- the law enforcement who arrested these two women who were working as a -- if not a team, in concert with each other. They I guess they were partnered up and doing -- trading tips and tricks and those sorts of things. They stole over $7 million from elderly men. They were arrested in Miami and New York City. One in Miami, one in New York City. Just a couple weeks ago. What struck me about this is they were not afraid to do in person meetings. So they would target their victims this article says through in person meetings, phone calls, text messages, and also an online dating platform. And then, you know, tale as old as time, they would build romantic or close personal relationships with these men, earning their trust. But then once they had that they would start spinning up these stories getting the men to send them money saying that they wanted to start a fake business or one of them even convinced one of the men that they needed an organ transplant. Yeah. So I need a new spleen. Well, how much?

Maria Varmazis: It's a very high touch scam.

Dave Bittner: I don't want one of those cheap spleens.

Maria Varmazis: Only the best spleen for you, dear.

Dave Bittner: That's right. That's right. Oh, honey. The hospital said they want to give me a cut rate spleen. Well, that's not going to work for my little lady.

Joe Carrigan: You know, you don't need a spleen to live.

Dave Bittner: That's true.

Joe Carrigan: That would be my response.

Dave Bittner: Yes.

Maria Varmazis: Then the metaphor falls apart. How did we --

Dave Bittner: Exactly. Try again.

Joe Carrigan: Scam falls apart. I meant lung. You can live with one. Live pretty well with one.

Dave Bittner: That, ladies and gentlemen, is why Joe has not been --

Joe Carrigan: That's why I -- I'm not going to fall for the spleen transplant scam

Maria Varmazis: You don't need one of those.

Dave Bittner: So these ladies -- these ladies now face charges of money laundering, wire fraud, and conspiracy. Each of the charges carry a maximum prison sentence of 20 years. The U.S attorney, Damian Williams, pointed out how they were particularly callous going after elderly individuals seeking companionship. But then using the proceeds to live in luxury. One of the ladies convinced one of these elderly men that they were in an exclusive relationship. She asked him for money for rent and living expenses which he provided. Eventually she got his credit card information after which she changed the account's password and then put -- racked up thousands of dollars of charges on the card. She got him to wire her $220,000 that she said was to start a catering business, but instead she used the money to pay off loans for her boat and luxury car. So I mean she probably served snacks on the boat. So it's kind of a catering business.

Maria Varmazis: A charcuterie board.

Dave Bittner: Right. Right. She picked it up on Wegmans on the way. But they say this one victim lost over half a million dollars to one of these ladies. One of the other ones they -- scams that they point out here was that this woman whose last name was Stanley she pretended to be a psychic and she told the victim his money was tainted with bad influences, but that she could cleanse and protect his money if he wired it to her. And eventually he got about -- or she got about a million dollars.

Joe Carrigan: That is amazing to me because you know, Dave, this is the one that -- this is -- I'm going to be the guilty guy here. That would never work on me.

Maria Varmazis: No. No.

Joe Carrigan: But just because this one wouldn't work on me doesn't mean it wouldn't work on somebody.

Dave Bittner: Yeah.

Joe Carrigan: And it did work on somebody for a million dollars.

Dave Bittner: Right. A million dollars.

Maria Varmazis: I'm in the wrong business. A million dollars?

Dave Bittner: Yeah.

Joe Carrigan: Maria, I remind you. 20 years per offense.

Dave Bittner: Well, they've got to catch you first.

Maria Varmazis: How long do I have left anyway?

Dave Bittner: Right.

Maria Varmazis: Oh, my gosh.

Dave Bittner: What's the old joke? I'd be out by now. So again this was a joint effort by the U.S attorneys and the FBI. And, you know, they're happy to get these two ladies off the street here, but you know say over $7 million over about 15 years with just 2 ladies. And that's quite a haul. Great that they're going to be brought to justice here, but you know you've got to feel for the victims here who --

Joe Carrigan: When the federal government takes you to court you're probably going to lose. The federal attorneys, you know, the Department of Justice attorneys, do not proceed if they don't think they can win the case.

Dave Bittner: You know, it's a really interesting point, Joe, because so many of the stories we talk about here law enforcement just isn't interested in following up. Either they're not equipped to do it, they don't have the -- you know, the manpower to do it. Or they just don't think there's any hope of seeing anything come of it. So it just makes me think of like to what level do you need to rise in order to get the feds, the FBI, on your trail.

Joe Carrigan: It looks like it's about $7 million.

Dave Bittner: About $7 million. Yeah.

Maria Varmazis: My question is how did these two women actually collaborate on this. Did they have like a Jira system with ticketing? Or like how do you -- I mean how does this work with these two women work -- like how -- what is their system? I'm just curious.

Dave Bittner: I don't know.

Joe Carrigan: I thought they just talked on the phone.

Dave Bittner: I was curious about that as well. And the story doesn't really go into how --

Maria Varmazis: Like how they supported each other on this. Yeah.

Dave Bittner: Right. Right. You know, I'm -- and how did they get their start? You know that -- this would make a really compelling, you know, Lifetime true story.

Maria Varmazis: Netflix.

Dave Bittner: Yeah. Right.

Maria Varmazis: I'm shopping the rights right now in my head. So that's why I'm asking.

Dave Bittner: Yeah. Yeah. I don't know, but the other thing I guess I wonder about is being that these ladies were not afraid of meeting with these men personally, how are they stringing them along? You know, to what degree? Where's their -- if any sort of physical relationship. You know, I -- there might have been lots. There might have been none. Who knows? It could be that these men were in a stage of their life where all they were looking for was companionship. But, you know, you just never know. So.

Joe Carrigan: Yeah. It -- I don't know how they collaborated. I would imagine they knew each other and they would either meet, talk on the phone, text message, those sort of things. And meeting people in person, that makes this a lot more believable. I mean because one of the things we always hear about romance scams is you never meet the person.

Dave Bittner: Right.

Joe Carrigan: Right? We hear about the -- I can't remember what the listener's name was, but the grandmother was Nana. It was trying to get somebody out of IRS jail. Remember that? And there never is anybody there. Here there is a person there and you get to see them and interact with them. That makes it much more believable.

Dave Bittner: Yeah. Yeah.

Maria Varmazis: Yeah. I imagine even for concerned family who maybe if they figured out that something was a bit off that the defense from the victim was, "Well, I've met her. I go to dinner with her all the time. She's real. You know, how can this be a scam?" Yeah.

Dave Bittner: She's coming over for Christmas this year.

Maria Varmazis: Get the table setting ready. Yeah.

Dave Bittner: Right. Right. Exactly. All I need to do is buy her a plane ticket and a room in a luxury hotel.

Maria Varmazis: Cleanse my money. Yeah.

Dave Bittner: All right. Well, that is my story. Again that comes from the folks over at NBC News and we will have a link to that story in the show notes. We're going to take a quick break here. We will be back with Joe's story right after this message from our sponsor. [ Music ] All right. We are back. Joe, it is your turn. What do you got for us this week?

Joe Carrigan: Dave, we all have heard the story of the evil twin attack. Right?

Dave Bittner: Yes.

Joe Carrigan: This is the --

Dave Bittner: Go on.

Joe Carrigan: This is the attack. It's kind of a technical attack, but it's why we say don't use public WiFi. Right? Because the public WiFi you're connecting to may not be an actual WiFi service.

Dave Bittner: Right.

Joe Carrigan: It could be a malicious WiFi service. And I've heard a number of people over the past couple of years say that this is really not all that much of a threat anymore because every single website that you connect with now is encrypted with the TLS, the transport layer security, which is like SSL improved upon with better cryptographic ciphers.

Dave Bittner: Yeah. It's the little lock emblem that comes up where the -- in the URL bar of your browser.

Joe Carrigan: Right. Well, they don't even have the little lock emblem. Now they tell you, "Hey, this site is not encrypted." Right? That's how commonplace it is.

Dave Bitter: That's right. Yeah. Yeah. Thanks for correcting me. You're right.

Joe Carrigan: Right. And so that you get warned when that doesn't happen. And I've heard people argue that this makes the evil twin -- you know, you're not going to be able to perform an evil twin attack because chances are -- well, in fact there's almost no chance that the person's going to have your certificate, your root certificate, installed on their machine which will let you decrypt their traffic. Right? Because that's really what makes things work is these root certificates. And they're up at some certificate authority. And this is a new attack that has happened. This was sent in to us by Nevile [assumed spelling]. And it has to do with the fact that you're not on a -- you're not in a coffee shop. You're on a plane.

Dave Bittner: Okay.

Joe Carrigan: And Nevile sent us an article from "Forbes" that was written by Zak Doffman. It says federal agency issues new security advice if you use airplane WiFi. And it's not talking -- there's another link in this article to the actual AFP which by the way is Australian Federal Police. And they have arrested somebody who was out of west Australia because on a plane he would turn on fake WiFi spots that looked like -- access points that looked like the plane's WiFi. Now have any of you ever tried using WiFi on a plane before?

Maria Varmazis: Oh yeah. I do it all the time.

Dave Bittner: Sure.

Joe Carrigan: It's a miserable experience. Very slow.

Dave Bittner: Okay.

Joe Carrigan: You're not watching your own videos. You're still stuck watching the videos that are probably on some media server in the back of the plane.

Dave Bittner: Yeah.

Joe Carrigan: But this man who is a 42 year old they don't name him because he is I guess innocent until proven guilty in Australia. He's going to face nine charges for these alleged cyber crime events or crime offenses. What he did was he didn't really do a man in the middle attack. What he did when you logged on to his malicious access point is he presented you a page that looked like your social media account or your email account. Or he'd say, you know, "Log in. Authenticate with whatever." And he was -- it was as if the access point was saying, "You can authenticate to this access point through Facebook or through Gmail or through Yahoo" or whatever. So you'd give up the credentials. And this guy had a bunch of credentials on his device when they arrested him. They arrested him. They investigated when flight attendants realized, "Hey, something -- there's an extra WiFi access point on this plane. Something's going on."

Dave Bittner: Good vigilant flight attendants.

Joe Carrigan: Right. Yeah. Absolutely. They then got a warrant for his home and they searched his home back in May which results in his arrest charges. They found more information. So I want to talk about this a little bit. This is an interesting way to get around the correct reasoning -- I don't know if it's correct. I still say don't use public WiFi. I think it's just risky. But the reasoning of saying that's not really a threat is sound reasoning. Right? You have to go out to get these -- you can go out -- you can still go out and get the public search. You still get the communication encrypted. Even if they are in the middle all they're seeing is encrypted traffic. And if you use a VPN then they're not even seeing the -- they have to decrypt it twice which they're not going to do. It's never going to happen. So this guy have bypassed all of that. And by adding a little bit of patience to the process when he gets off the plane now he can go out and log in to your accounts because he's captured your username and password.

Dave Bittner: Right.

Joe Carrigan: So one of the -- one of the key things I wanted to talk about here is when you are thinking about having an account taken over the worst possible account that can happen to is your email account because you protect your -- your email is the -- is your keys to the kingdom, your internet. As awful as email is, as terrible as the system -- of a system as it is for a modern world, a modern internet, it still is where you get your password reset requests sent to. So if you lose control of that you're going to lose control of a lot of other accounts. So you should protect your email, your main email that receives all these messages, exactly like you do your banking credentials. You should use multi factor authentication. And if you can do it you should use a hardware token like a FIDO alliance token. Yeah. Be mindful of that. So I don't know. I thought this was a novel attack to get people's -- to steal people's accounts. And it just exploits the fact that they're on an airplane. So maybe from an economic standpoint, you know, if these people can afford to fly a plane, they might have bank accounts worth taking over.

Dave Bittner: I'm curious, you know. If someone had multi factor authentication let's say on their email account and provided their credentials on this flight, presumably they'd be protected.

Joe Carrigan: Yeah. They would be. Even if they had the one time password codes because by the time that plane lands that code's going to expire.

Dave Bittner: Right.

Joe Carrigan: So yeah. Even having something as simple as just a text message that goes to your phone would have stopped this attack from happening.

Dave Bittner: Okay.

Maria Varmazis: Okay.

Joe Carrigan: Yep. So it's a good thing. I do want to say one side note. I want to say hats off to the Australian Federal Police on their web design.

Dave Bittner: Okay.

Joe Carrigan: They have a quick exit button in the upper right that takes you right to Google. So if you're like if you're looking at something. You're like I'm on the police web page. And somebody's coming up behind you. You can hit the quick exit button and you go to Google.

Dave Bittner: Right.

Joe Carrigan: Which is nice, I think. More sites need to have that.

Dave Bittner: Yeah. I remember back in the day, early days of the internet, the website for the car talk guys had a boss button on it. When you hit the boss button up popped a spreadsheet with all sorts of numbers on it. So if you're spending your day reading through the forums on the car talk website and your boss came up you could just hit the boss button and, you know, good times. It was a more innocent time back on the internet. All right. Well, we will have a link to that story as well. And of course we would love to hear from you if there's something you'd like us to consider for the show. You can email us. It's hackinghumans@n2k.com. All right, Joe and Maria. It is time to move on to our Catch of the Day. [ Soundbite of reeling in fishing line ] [ Music ]

Joe Carrigan: Dave found this one this week. So it's a good one. I really like this one, Dave.

Dave Bittner: It goes like this. I hope this message finds you well. Recently I was approached by an individual who paid a substantial sum to commission a hex against you. However during the casting of this hex an extraordinary event occurred that I feel compelled to share with you. As I was performing the ritual a presence emerged none other than a spirit of one of your deceased relatives. This spirit appeared with great urgency and sincerity pleading for me to undo the hex that had been set upon you. Their concern for your well being was palpable and it deeply moved me. It is because of this profound encounter that I am reaching out to you now. It is clear that there is a spiritual interference that must be addressed promptly. The hex though initiated with malicious intent has been acknowledged and petitioned against by a benevolent force.

Maria Varmazis: Bravo, sir. Bravo.

Joe Carrigan: I just imagine somebody with a chicken. Sacrificing a chicken to something.

Dave Bittner: I was doing -- trying to do my best Vincent Price there. I don't know if that came through.

Joe Carrigan: Yeah. That was the first thing I thought. I mean it wasn't Vincent Price, but it was very Vincent Price esque.

Dave Bittner: Yeah. Exactly. Yeah.

Maria Varmazis: There's only one Vincent Price.

Dave Bittner: Influenced. Right. Yes.

Maria Varmazis: So hexing as a service or de-hexing as a service or what is this exactly?

Joe Carrigan: I think he had to send $1,000 in Bitcoin to get the hex removed.

Dave Bittner: Right. Well.

Maria Varmazis: I'll put that on my honey do list.

Joe Carrigan: Right.  Another one that wouldn't work on me.

Dave Bittner: Well.

Maria Varmazis: You sure?

Joe Carrigan: Yeah. Yeah.

Maria Varmazis: A deceased relative. I don't have any of those. All mine are alive.

Dave Bittner: Yeah, but it's easy to imagine there are folks that this would scare them.

Joe Carrigan: Yeah. Oh yeah. I mean well earlier in the show we had somebody -- your story, Dave, talked about somebody who got scared that their money was contaminated with evil spirits.

Dave Bittner: Right.

Joe Carrigan: And they sent a million dollars.

Dave Bittner: Right.

Joe Carrigan: Somebody's absolutely going to fall for this.

Dave Bittner: Yeah.

Maria Varmazis: Yeah. That's true. It is true.

Dave Bittner: All right. Well, once again we would love to hear from you if there's something you'd like us to consider for our Catch of the Day. You can email us. It's hackinghumans@n2k.com. [ Music ] And that's "Hacking Humans" brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your team smarter. Learn how at n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tre Hester. Our executive editor is Brandon Karpf. Peter Kilpe is our publisher. I'm Dave Bittner.

Joe Carrigan: I'm Joe Carrigan.

Maria Varmazis: And I'm Maria Varmazis.

Dave Bittner: Thanks for listening. [ Music ]

Joe Carrigan: [Chicken clucking sound]. It was so hard for me to not do a chicken noise through Dave's reading.