Hacking Humans 8.1.24
Ep 300 | 8.1.24

This is 300!

Transcript

Dave Bittner: Hello everyone, and welcome to N2K Cyberwire's "Hacking Humans" podcast, where each week we look behind the social engineering scams, the phishing schemes, and criminal exploits that are making headlines, and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan, hi Joe.

Joe Carrigan: Hi Dave.

Dave Bittner: And Maria Varmazis. Maria, welcome!

Maria Varmazis: Thanks! Good to be here!

Dave Bittner: We've got some good stories to share, and we will be right back, after this message from our show's sponsor. [ Music ] Alright, before we get into any follow up, we have a bit of a milestone to celebrate here this week. This is episode 300-

Maria Varmazis: Woo-hoo!

Dave Bittner: Of the "Hacking Humans" podcast [laughing].

Joe Carrigan: Very nice [laughter].

Dave Bittner: That's quite a milestone.

Joe Carrigan: It is.

Dave Bittner: It's about six years, I guess? Something like that? Right?

Joe Carrigan: Six? Almost seven, I mean, how long have we been doing this? It's a long time, Dave.

Dave Bittner: Yeah, feels longer.

Joe Carrigan: It does [laughter].

Maria Varmazis: Wow.

Dave Bittner: No, but six, six? Yeah, 300 episodes. So we-we started off when what, I was still working in Baltimore?

Joe Carrigan: Yep.

Dave Bittner: You were still working in Baltimore.

Joe Carrigan: Yeah.

Dave Bittner: Now neither of us work in Baltimore [laughter]. We're both in Columbia, now, so [laughing] that's an upgrade [laughing], lifestyle upgrade for both of us.

Joe Carrigan: It is.

Dave Bittner: But, no we've covered a lot of things, and I'm really proud, and happy, and thankful for-because obviously it's not just you and me, there's a whole team of folks behind the scenes who make this possible every week.

Joe Carrigan: Mm-hm!

Dave Bittner: And also, of course, to our sponsor, Know Before has been with us since the very beginning.

Joe Carrigan: That's right!

Dave Bittner: So we appreciate their sponsorship and participation to make it easy for us to keep doing this every week. So yay us!

Joe Carrigan: That's right!

Maria Varmazis: Congratulations!

Dave Bittner: Oh! And welcome, Maria!

Maria Varmazis: Well no, I-I cannot take any credit for 300, I'm new, I'm a newcomer, so I'm saying congratulations to you two, for keeping us going for six years, my goodness! That is a lot!

Dave Bittner: Yeah.

Joe Carrigan: Yeah.

Maria Varmazis: How are you feeling about it [laughing]?

Dave Bittner: Yeah, I mean, so far, here's to the next 300 [laughing].

Maria Varmazis: There you go!

Dave Bittner: Whew!

Joe Carrigan: I can handle another 300 times, no problem [laughter].

Dave Bittner: It is strange, you know, just when you look at that big of number, and you think about that, things in your life, that you've done that many times, it's remarkable. Of course, I'm like at 2,500 over on the Cyberwire, so--

Joe Carrigan: Right [laughter]!

Maria Varmazis: I was just wondering about that kind of math-

Joe Carrigan: All perspective. Every day though.

Dave Bittner: Yeah, how far are you guys along on T-Minus, Maria? Are you up around 200 or so?

Maria Varmazis: I think we're over that now, I think we actually already surpassed 300, I could be wrong, I think I was on vacation the day we hit 300 [laughing], I'm real dedicated, too [laughing].

Dave Bittner: When you do a daily, they rack them up quickly.

Maria Varmazis: That's right, yeah.

Dave Bittner: All right, well, again, and thanks to everyone for listening, we could not do this without all of you supporting us and making it possible for this show to be valuable to you, to be valuable for our sponsors, to put their messages in front of you, so thank you all for tuning in every week. We do appreciate it. Alright, we have some follow-up here, Joe, you want to share with us what you've got?

Joe Carrigan: Sure, the first message comes from Brie-is this the only message we haven't followed up?

Dave Bittner: We have two, I have one as well.

Joe Carrigan: Okay, all right. So Brie writes in, to say that she was really glad to see this magnet on my mom's fridge. She lives in the area, with older people, and I love that the police are keeping them safe from scams. The picture of the magnet is attached. So, it's, you know, like a magnet, like the realtors pass out, with the football and baseball schedules on it?

Dave Bittner: Refrigerator magnet. Yeah.

Joe Carrigan: Refrigerator magnet. And it's-it has a picture of a badge up top and it says "Sumpter County Sheriff's Office, No Numbers Project." So this is their-they're calling it, first off, kudos to them, they've come up with a really good name for this, the No Numbers Project.

Maria Varmazis: It's memorable, yeah.

Joe Carrigan: It's all numbers themed. No gift card numbers, no IP address numbers, no bank account or crypto account numbers, no Social Security numbers, no credit card numbers, just say no, and hang up.

Maria Varmazis: I love this.

Joe Carrigan: It's got little blurbs under each one of these things.

Maria Varmazis: I genuinely want one of these. How do I get one of these? I know people who could use this.

Dave Bittner: Well, I was thinking we should just blatantly rip this off, and make our own "Hacking Humans" refrigerator magnet [laughing]

Maria Varmazis: "Hacking Humans" merch! Let's do it [laughter]!

Joe Carrigan: I am sure that Sumpter County would have no problem with us doing that.

Dave Bittner: No. We should reach out and ask. I would love to see this be something widespread. This is great.

Joe Carrigan: Yeah.

Dave Bittner: I would love to have one of these to put on my father's refrigerator, my own-so yeah.

Joe Carrigan: I mean, you know, you think about the real estate agents that leave those schedules. Those schedule magnets just have like a little empty space at the top where they put the real estate agent's contact information.

Dave Bittner: Yeah. I could see, distributing these at the local senior center, you know, just all kinds of places, where you could get this to the folks who could most appreciate it. So thank you, Brie, for sending that in. We will try to find a place to post this, so that listeners can check it out, and see what we are talking about here. But very cool. We've got another message from a listener named Mark, who happens to be a friend of mine.

Joe Carrigan: Okay.

Dave Bittner: And Mark wrote in and said, "My 77-year-old mom's Facebook account was hacked today. She found," and he puts found in quotes, "a number for Facebook Customer Service. Called the number, and they had her download an app on her phone, and then open her banking app, while they were on the phone with her."

Joe Carrigan: Oh no!

Dave Bittner: "Luckily, my sister happened to be in the house and overheard part of the conversation, and they were able to call the bank immediately and close the account. She did not lose any money, but just by luck. She does have the hassle now of opening a new account and setting up all of her automatic payments."

Joe Carrigan: Right.

Dave Bittner: Dodged a bullet, but still a pain in the butt.

Joe Carrigan: Yeah! Let me take a wild guess as to how she found this number. Found! This number.

Dave Bittner: Right.

Joe Carrigan: She did a Google search for it.

Dave Bittner: Yeah.

Maria Varmazis: Yeah. Right.

Joe Carrigan: And then some scammer has bought the Google ad, this is me guessing [laughter], but I'll bet I'm right here.

Dave Bittner: I bet you are.

Joe Carrigan: Yeah.

Dave Bittner: Yeah. Yeah, it's a shame, but it's a good reminder, and--

Joe Carrigan: I'm glad she didn't get hurt.

Dave Bittner: No, but do you see how easy it is?

Joe Carrigan: Yeah.

Dave Bittner: Right? I mean she's just-and in response to an actual hack, right?

Joe Carrigan: Right.

Dave Bittner: Whatever, something happened to her Facebook account, and she was trying to do the right thing, and she got double-scammed.

Joe Carrigan: I've seen a lot of these happen lately. I know two people, like within the past two months, who have lost access to their Facebook accounts.

Maria Varmazis: Oh yeah, it's everywhere right now. I'm seeing it all over the place.

Dave Bittner: I've seen a lot of duplicate accounts being spun up.

Joe Carrigan: Yeah, I'm seeing that as well.

Maria Varmazis: Yeah. Yeah. Every day, I'm very grateful that my mother does not have a Facebook account. Like, I just completely sidestep all of this [laughter], but she's like the only person I know in her age cohort who doesn't.

Joe Carrigan: That's great.

Maria Varmazis: She basically goes, I don't want this hassle, I don't want to see the minion memes or whatever, and she just [laughter] opted out of that completely. But I mean, all of her relatives have a Facebook account. So I mean I got lucky, but yeah, this is a tough one.

Joe Carrigan: The Minion memes [laughter]-

Dave Bittner: Yeah, good for her.

Maria Varmazis: Yeah.

Joe Carrigan: Yeah.

Dave Bittner: Alright, well, that is our follow-up this week, and of course, we would love to hear from you if there is something you would like us to consider for the show. You can email us, it's "Hacking Humans" at N2K dot com. Alright, well let's jump into our stories here. I'm going to start things off for us. This is a story from the Washington Post, and it's titled, "Psychic and Family of Extortionists Scam Maryland Man out of $4.2 Million."

Joe Carrigan: Hm!

Dave Bittner: Yeah.

Maria Varmazis: I was wondering when you were going to cover this. I figured this was in your neck of the woods, right [laughter]?

Dave Bittner: This is in our neck of the woods. And I saw this come by in the past week or so, and I tucked it away for this show.

Maria Varmazis: Yeah.

Dave Bittner: So this is a story of a woman named Gina Russell, and this is a story of deception, manipulation, and an elaborate scheme that unraveled over the course of about a decade. Let's all go back to October 2009, when Gina Russell posed as a psychic, and she performed a reading for a 25-year-old woman named Holly Nadel from New York. And Gina Russell convinced Holly that bad things would happen to her and her family unless she handed over large sums of money.

Joe Carrigan: Okay. I've a question.

Dave Bittner: Yeah?

Joe Carrigan: Does-which, what psychic doesn't convince somebody that they're psychic?

Dave Bittner: What doesn't convince someone that they're psychic?

Joe Carrigan: Right, she's posing as a psychic, and then it says that Russell convinced Nadel that bad things-oh no she convinced, never mind, I'm sorry [laughter]- [ Overlapping Speakers ]

Dave Bittner: I thought you were hitting us with some kind of like extremely thought-provoking riddle or something.

Maria Varmazis: One of these statements is false, yeah, okay [laughter].

Joe Carrigan: Which psychic isn't really posing as a psychic, that's the way I should say it?

Dave Bittner: Right, well, I would say that all psychics are posing as psychics [laughter], but that's, that is-

Maria Varmazis: [Laughing] Nature of the job!

Dave Bittner: That is my opinion [laughter], I'm sure there are some listeners who would disagree with us, but--

Joe Carrigan: You know, I-

Maria Varmazis: I'm testing you right now, Dave.

Joe Carrigan: I'm not entirely dismissive of the idea, but, I don't think there-that anybody that you give money to is going to be successful at this.

Dave Bittner: Right.

Joe Carrigan: I told you what my retirement plan is? I'm going to open up a psychic business.

Dave Bittner: Okay.

Joe Carrigan: Just listen to people, and then, you know, use my vast life experience to see where their life is going.

Dave Bittner: Okay--

Joe Carrigan: Right? And just tell them, yes, I'm psychic. Because people will believe that. They won't listen to somebody who says, who has life experience, but they'll listen to a psychic.

Dave Bittner: Well, like they say, headlining never sees, "Psychic Wins Lottery," right [laughter]? So, let's move on with this story.

Joe Carrigan: Right.

Dave Bittner: This woman, Gina Russell, the self-described psychic, she actually married into a family, this is the Evans family. Family out of New York City, and they saw an opportunity in Gina Russell's psychic act, and they joined in on the scheme. So by 2020, so this started in 2009, she had been stringing along Holly for almost 10 years.

Joe Carrigan: Right.

Dave Bittner: And by 2020, she had persuaded Holly to take up sex work--

Joe Carrigan: Oh! Uh-oh...

Dave Bittner: When she struggled to gather money.

Maria Varmazis: Oh no...

Dave Bittner: It grew even worse when Holly got a client, she developed a relationship through her sex work, she was giving what do you call them, erotic massages, is how I believe the euphemism for it-

Joe Carrigan: Right.

Dave Bittner: She had a client, whose name was Daniel, and he was the Chief Financial Officer of a mechanical contractor in Washington, D.C. And Daniel, who was married, you know, living the normal family life, but for whatever reason found himself enamored with Holly, believed that he had fallen in love with her, he embezzled over $4.2 million dollars from his employer.

Joe Carrigan: Oh! Oof!

Dave Bittner: Because he thought that Holly was in trouble.

Maria Varmazis: Whoa--

Joe Carrigan: So it's like a romance scam by proxy?

Maria Varmazis: Yeah!

Dave Bittner: It's a romance scam, right, but it got even deeper, because the Evans family, this is the family that Gina Russell, the psychic had married into, they went down a road with Daniel of convincing him that Holly was in trouble with the mob, and that they were going to kidnap her, and bad things were going to happen to her, and that the only way that he could prevent that was by continuing this flow of money to the, I'm going to say "mobsters," they weren't actually mobsters, they're just scammers.

Joe Carrigan: Right.

Dave Bittner: But it was an elaborate scheme. They sent him pictures of his car, so that they would convince him that they knew where he was, and where he was traveling, and that he was going to be in trouble as well.

Maria Varmazis: Wow.

Dave Bittner: So it ended up with this gentleman, Daniel, he delivered $1.6 million dollars in gold bars to a Manhattan hotel room, only for one of the Evans family to retrieve the gold bars, finally, in 2017 Daniel attempted to flee. He knew he was in trouble. He had embezzled all this money from his job. He knew he was going to lose his family, and his plan was he was going to get some fake IDs for himself, and for Holly. And what happened was, he didn't go to work for a few, he stopped showing up to work, and his employer got suspicious, because he just stopped showing up to work for no reason, they started looking at the books, and found the irregularities in the books, and this prompted a police investigation, and then eventually the FBI stepped in, and this ultimately led to the arrest of the Evans family and also Gina Russell.

Maria Varmazis: Wow. They pulled on that thread, and it just completely-my goodness.

Dave Bittner: Right? According to this story, even after arrested, Gina Russell didn't stop. While she was awaiting sentencing, she convinced another woman in Los Angeles to work as a prostitute, and got nearly $200,000 from her.

Joe Carrigan: Huh!

Maria Varmazis: How manipulative is this-how do you do that?

Joe Carrigan: I mean, are there sex trafficking crimes that they could charge her with?

Dave Bittner: Yeah. Yeah, yeah, yeah. Yeah. I mean, there's-so all of the Evans family members have received sentences. Two of them got five years in prison, another one got three and a half years, one got two and a half years, one got just over a year. Gina Russell herself was just sentenced in Federal court to 10 years in prison. She was sentenced last week.

Joe Carrigan: Huh.

Dave Bittner: Her attorney said that she had a troubled upbringing, that she was forced into marriage at 16, and that she lacked a basic education. The prosecutor said no, she's a dangerous woman, and she is dedicated to exploiting others.

Joe Carrigan: Right.

Maria Varmazis: Yeah.

Dave Bittner: So, tragically, Daniel is also charged with crimes.

Joe Carrigan: Right.

Dave Bittner: Right? I mean, he is guilty of the crime, and he plead guilty, of the embezzlement of $4.2 million dollars from the company.

Joe Carrigan: Mm-hm.

Maria Varmazis: Yeah.

Dave Bittner: He hasn't been sentenced yet, because they put his process on hold, while they were sorting everything out with this Russell family.

Joe Carrigan: They probably had his cooperation as well.

Dave Bittner: I bet they did.

Maria Varmazis: I would imagine, yeah.

Dave Bittner: Yeah. The original victim, Holly, who was the original victim of the psychic scam, of course she is in trouble as well, because she was party to all of this. She deceived Daniel. So it's just a big old mess, all the way down, but you can see-in reading this story and thinking about it, it struck me the power that someone can have over you with a psychic scam.

Joe Carrigan: Right.

Dave Bittner: If they can convince you that they can actually see your future, and that the only way to get out of bad things happening to you is for you to give them money, there's no rational way to counter that. And that's what makes these so horrible. They-they literally weave a spell over someone and get them to believe that these terrible things are going to happen. And you know, my heart breaks for these people, and of course, it's just terrible the people who perform these kinds of scams on people. What do you guys think of this?

Joe Carrigan: I'm with you on that, Dave.

Maria Varmazis: Yeah.

Joe Carrigan: It is terrible, and you know, there-yeah, if you're sitting on the outside, and you're trying to argue somebody out of this position, you're not going to argue them out of it, because you know, you're just going to come off as, you know, like you and I were talking about this earlier in this, in this story, we're like, aw, come on! Psychics, really? We-all of our friends know, know how we feel about psychics.

Maria Varmazis: Right.

Joe Carrigan: And they're going to discount any advice we get, because we were skeptical of psychics.

Dave Bittner: Right. We're not believers.

Joe Carrigan: We're not believers.

Maria Varmazis: Have you ever been to a psychic, though? I'm going to be a Devil's advocate, for no real reason, just for fun. Have you ever been?

Joe Carrigan: I have been to one, once when I was a-maybe a teenager? In Ocean City, Maryland, there was a psychic.

Dave Bittner: No, I have never been to a psychic. Although I've-I have studied their scams, and I am up to date on the whole idea of cold reading-

Maria Varmazis: Yes!

Dave Bittner: Which I think most psychics do.

Maria Varmazis: They're amazing social engineers. They are just absolutely incredible to study. I went to one recently knowing what I was getting into and I didn't believe anything I was told, of course, but I just had to-I was just in awe, of how good they are at what they do. And if you-even I going in there, fully prepared, going I'm a total skeptic, I know a lot of the tricks of their trade here, even I was like wow, if I wasn't prepared with that, I could have totally seen myself wondering how on earth they made such amazing predictions and seemed to know certain things in my life, which of course, you know, because generalities are effective.

Joe Carrigan: Right.

Dave Bittner: Right.

Maria Varmazis: But it's quite amazing, so if you don't come in there armed with that skepticism, if you are already at a vulnerable point in your life, it's amazing how well they can engineer their way in.

Dave Bittner: Yeah.

Joe Carrigan: Yeah, the one lady I went to told me I would marry a woman named Cindy and said, "Do you know anybody named Cindy?" I am like, "I don't know anybody named Cindy."

Dave Bittner: Somewhere there is a woman named Cindy who is [laughter] very sad and lonely, Joe.

Maria Varmazis: Very sad. And there are a lot of [laughter] people who are vulnerable, who use psychics as sort of like a makeshift therapist. That's something else I've also heard, people who are in a lot of emotional trouble, that's their go-to, because they can't afford to find an actual professional to help them. So it's just, it's terrible the way that people get victimized. Yeah.

Joe Carrigan: Mm-hm.

Dave Bittner: And I guess, one thing I wonder about is are there psychics out there who are doing no harm, are there psychics out there who believe in their own skills, right? They believe that they actually are psychic-

Maria Varmazis: Yes. Absolutely believe that, yeah.

Dave Bittner: And in doing so, believe that they are actually helping people, and if they're charging a reasonable fee, and the person can afford it, is harm being done? I'm fuzzy on that.

Joe Carrigan: Yeah.

Maria Varmazis: Yeah-I live near Salem, Massachusetts, and there are a gazillion psychics around there, and a lot of them fully 100% believe, and not just that they are psychic, but like it's a religious calling for them, in some cases.

Dave Bittner: Right.

Maria Varmazis: And that it's their duty to do what they do. So yeah, I'm with you. It's fuzzy. It's real fuzzy, I mean, I don't believe in any of it, but yeah [laughs].

Dave Bittner: Yeah. Alright, well that is my story, and we'll have a link to that original story from the Washington Post, in the show notes. Maria, what do you have for us this week?

Maria Varmazis: I don't know if you heard about this whole CrowdStrike thing [laughter]?

Dave Bittner: Huh, I don't know-

Maria Varmazis: Anything sound familiar about the word CrowdStrike? Alright so-

Dave Bittner: I think somebody mentioned that in one of my meetings at the Cyberwire, but [laughter]--

Joe Carrigan: I have like four or five shares of their stock, and I've noticed it has decreased in value since [overlapping speakers and laughter].

Maria Varmazis: Plummeted, yeah, please refer to all recent episodes of the Cyberwire for a clue-in on what on earth I'm mentioning here, if you don't know what I'm talking about, but as what often happens after a major security incident like the [laughing] CrowdStrike outage, criminals have picked up on the vulnerability of all of us humans trying to figure out what the heck to do. So I just want to put up a quick PSA. There are some fantastic lists of URLs that were registered within the same day as the CrowdStrike outage occurring, and info psych professionals no doubt already knew about a lot of these, and they've added these to block lists. But I think as a PSA for listeners, who maybe are their family's IT department [laughs], maybe pass the word on to your family members, that there are a lot of people taking advantage of the CrowdStrike outage to scam others. And some of the URLs they are using are really, really convincing sounding. I mean, there is a humongous list. I'm not going to go through all of them, but some of them are like CrowdStrike.technology, or CrowdStrike.us.org, these are fake. These are bad. Don't go there. But it's a lot of these very convincing sounding URLs. So just a reminder to all our friends and family who maybe might have been affected by this in some way, that nobody is going to call them at home and say hey, I'm here to help you with your CrowdStrike outage, because I think some people honestly might have been really rattled by this news, and are wondering what they need to do, or how they might be affected. So just sort of like a PSA to pass on [laughs].

Dave Bittner: Yeah, absolutely.

Joe Carrigan: Right. Someone registered MicrosoftCrowdStrike.com-

Maria Varmazis: Yeah.

Joe Carrigan: That's amazing. That's on this list. OctoCrowdStrike.

Maria Varmazis: OctoCrowdStrike, that one, I thought was interesting too, yeah, CrowdStrikeVisa, blue screen of death, dot bisod, dot com.

Joe Carrigan: Right.

Maria Varmazis: Just some of these are really insidious. Some of them are funny, but I mean, I could see someone in a panic, or even not paying much attention, legitimately finding these to be like, oh yeah, it's totally what they would use. Or what is CrowdStrike dot com, there you go, another one so again, don't go to any of those [laughs]. Just FYI for everybody.

Joe Carrigan: Right.

Maria Varmazis: So that was not may actual story, that was sort of a quick PSA, because my other story is also a little on the short side, so I figured I'd give you a two for one. The Olympics are starting soon, or they have started by the time this podcast airs, so I figured why don't we talk about a truly international and global scourge, which is postal service smishing. Everybody's favorite, when you get those, hey, you've got a package in the mail, and if you thought that was something limited, suggest, oh, you know, the United States and Canada, you were very wrong. Fortinet has put out a report that there is a huge campaign going on, targeting people in India. Users of India's government-operated postal system, India Post, it's a smishing scam. So threat actors are targeting iPhone users specifically with smishing attacks, including, you know, the common claim that there is a package waiting for them at an India Post warehouse, and then the smishing message is, again, as we often see, have a URL leading to a fraudulent website, and then the messages, again, they are only to iPhones, because it uses only iMessage. So the messages are sent from an email. So you'll see people using Gmail, Hotmail, or Yahoo email addresses to send a smishing attack email of smish [laughs] to phone number, and then it's basically if you can't get iMessage, you're not going to be affected by this, but if you can, and that's a lot of us, you could be. And then the phishing site in the URL is an exact copy of the legitimate India Post website. Again, a lot of this is familiar. And through that website, can collect name, full residential address, your email ID, phone number, and in some cases, also credit card information, and they'll use that for a later campaign, so again, this might sound very familiar. What to me was very interesting about this smishing campaign was between January and July of this year, Fortinet found over 470 domain registrations in this attack, and 296 of those domains were registered via the Chinese Registrar, Beijing Lanhai Jiye Technology Co., Ltd., followed by 152 registrations through the U.S. provider, Name Silo. So if we [laughing]-Olympic Spirit, international collaboration [laughter], we've got an attack against folks in India being registered with domains registered in China and the United States, it's just amazing how, you know, crime knows no bounds. And the public reporting on this attack, the specific smishing attack, suggests that Chinese-based threat actor, known as the Smishing Triad, is behind all this. And they used to target predominantly the US, UK, EU, UAE, KSA, and most recently Pakistan, but now it looks like India is in their sights. So another little note from Fortinet about this specific issue is that if it is indeed the Smishing Triad behind this, they actually put some decent coin into setting up this scam. A couple thousand dollars, for the top level domains that they registered for the phishing URLs. They used like dot VIP and dot TOP TLDs, and that is a sign to Fortinet anyway that that is a sign that the smishing campaign is very effective. If they're willing to up-front all that cost. So-

Joe Carrigan: Right.

Maria Varmazis: Yeah, so-

Joe Carrigan: I would agree with that assessment.

Maria Varmazis: Yeah, they know the scam will give big dividends, so yeah, global collaboration in the spirit of the Olympics, to scam people out of money. So there you go [laughter]. Going for the gold [laughter].

Dave Bittner: Yeah, and I guess, I mean, the overall lesson here is as we can talk about it over and over again, is you are not going to get an inbound on something like this. You know, that you have a package that [laughs], that needs to be picked up from the postal service.

Joe Carrigan: Yeah.

Dave Bittner: They'll drop something in your mailbox.

Joe Carrigan: Right.

Dave Bittner: They have access to your mailbox.

Joe Carrigan: That's right, they do [laughter].

Maria Varmazis: What? The Post Office [laughter].

Joe Carrigan: They're the only people that are, them and you, are the only people legally allowed to put anything in your mailbox.

Dave Bittner: That's right [laughter]. Yeah, and they're pretty serious about it.

Joe Carrigan: Yes [laughter].

Dave Bittner: Postal inspectors have guns [laughter].

Joe Carrigan: Do they really?

Dave Bittner: Oh yeah.

Joe Carrigan: I didn't know that.

Dave Bittner: Oh yes, they do. They-I mean, they are, I mean, I say guns, they are deadly serious about the integrity of the mail. Like, super serious.

Maria Varmazis: That's a federal crime, right, to mess with it, yeah.

Joe Carrigan: Yeah, it is.

Dave Bittner: Yeah. No, it's, it is really serious. And my point in that is don't take it lightly, and don't screw around with the mail, you know, like they will nip that in the bud. Postal inspectors.

Maria Varmazis: Now, I wonder if that's the same in India, and other countries? Like, we're talking about the United States, but I wonder about other countries, if it's the same?

Dave Bittner: Yeah, that's true.

Joe Carrigan: That's a good question.

Dave Bittner: Yeah.

Joe Carrigan: I know that when I was a kid, in my neighborhood, everybody had a mailbox, and then directly below that, they had a plastic newspaper box.

Dave Bittner: Right.

Joe Carrigan: And the people that would come through the neighborhood and put things into any of those boxes would only put them in the newspaper boxes.

Dave Bittner: Right.

Joe Carrigan: They would not put them in the postal-in the mailbox.

Dave Bittner: Yep [music begins].

Joe Carrigan: And I think that's because if you don't use the postal service to deliver something, you're not allowed to do that.

Dave Bittner: Yeah, it's true, it's true. Don't see many of those newspaper boxes anymore.

Joe Carrigan: No, not around here anyway [laughter].

Dave Bittner: Nope. Alright, we are going to take a quick break, for a message from our sponsor, we'll be right back. [ Music ] And we are back. Joe, you are up. What do you got for us this week?

Joe Carrigan: Dave, I was just going to comment on the headline of this article and move on.

Dave Bittner: Okay.

Joe Carrigan: And I'm going to start with this article that comes from Aimee Picchi at CBS News, and the headline is, "Sextortion Scams Run By Nigerian Criminals are Targeting American Men, Meta Says,"

Dave Bittner: Okay.

Joe Carrigan: Right? And we'll put a link in the show notes, but as I read this article, and watched the video that went along with it, I just got more and more angry as I went on.

Dave Bittner: You?

Joe Carrigan: Me.

Maria Varmazis: What [laughter]?

Joe Carrigan: I know.

Maria Varmazis: Now, Aimee probably didn't write the headline, just putting that out there [laughing].

Joe Carrigan: But the headline, this is not the case of a bad headline for [overlapping speakers], okay this headline, this headline fits the story pretty well.

Maria Varmazis: Okay.

Joe Carrigan: So, I'm not faulting Aimee here, but maybe I am going to do that a little bit because I really [laughter], yeah, I am going to do that.

Maria Varmazis: Sorry Aimee.

Joe Carrigan: I think this is a terrible article, that misses so many opportunities. And I really want to call CBS News to task here, for some issues with this article, and some issues with the video that accompanied it. And number one is wow, where have you been on this issue? You're just now setting this up? This article came out yesterday in a major news outlet. The Wall Street Journal has been covering this kind of stuff for years. I can't remember the name of the two reporters they have doing that, but they've been covering it for years. And maybe CBS has been doing that as well. But this has been a newsworthy story for months, and I really haven't seen the coverage on it that I'd like to see on it. You remember back in January when Senator Josh Holly got Zuck to apologize to all the families who were there at a Senate hearing?

Dave Bittner: Yep.

Maria Varmazis: Vaguely, yeah. Yep.

Joe Carrigan: Yeah, those were families who had children who had been victimized on Meta. I don't know if they were victims of this sextortion scheme. This is a relatively new one.

Maria Varmazis: Yeah.

Joe Carrigan: But honestly, this article looks like it was written by Meta's press office, for the first like half of it. So you get a quote from Antigone Davis, who is Meta's Head of Global-Global Head of Safety. And she says, she said this in a call with reporters, which is you know, like a press teleconference.

Dave Bittner: Mm-hmm.

Joe Carrigan: Right, and the quote is, "first of all, it goes without saying that financial sextortion is a horrific crime, and can have devastating consequences. It's why we are particularly focused on it right now." I'm dubious of that claim. Right out of the gate. I think the only reason they're focused on it, is because people like us, Paul Raffiel, who Meta rescinded the job offer too, I've talked about Paul before, he is a very vocal advocate about this problem, other advocates are starting to get the word out about how bad this situation is. Finally, I will say that Meta did something here that is a step in the right direction in this story. They're talking about taking down 63,000 Instagram accounts, 200 Facebook pages, and 5,700 Facebook groups. And this is a pretty good chunk. I'm not sure, I'm not sure what the total level of this population is, but I'll bet that this proportion is significant. So, yes, this is a good thing. My primary question is, and maybe that's what it is that started CBS with this reporting, is that Meta announced they were going to-or had this press conference, to announce they'd taken this step.

Dave Bittner: Right.

Joe Carrigan: But why did this take so long for Meta to get to? They've known this is a problem.

Maria Varmazis: Yep.

Joe Carrigan: For so long.

Maria Varmazis: Yep.

Joe Carrigan: And they've finally also classified, I saw this on Paul's LinkedIn page, that Meta has now classified the Yahoo Boys as a foreign threat group. So they are going to try to block them from everything on the platforms. Now, CBS doesn't mention the biggest tragedy that has come out of this story, until much later in the article, and then they don't get the numbers right, and that is the targeting of teenaged boys, you know, kids. On this platform. These guys go after kids. They don't care that they're going after kids. Paul Raffiel has said that he has exchanged messages with these guys who say "Yeah, we don't care if we kill 100 kids." But the FBI and the CBS article quotes the FBI saying that about 20 kids have killed themselves. But that number is actually closer to 40 kids over the past two years, according to Paul Raffiel.

Maria Varmazis: My god.

Dave Bittner: Hm.

Joe Carrigan: So it's significantly worse. And then at some point in time in the video, the anchor, I can't remember who-I couldn't find out what the anchor's name was, and I'll show you in the video, but she says "How do people fall for this?" And then she quickly turns it into a "How do we protect people against this", but she still asks how do people fall for this. People fall for this because they're humans. That's what happens. I don't want to see any kind of victim blaming on this particular issue, because you're talking about them targeting young, vulnerable men, with something that young men are particularly vulnerable to. And then they are exploiting that vulnerability to get these guys to cough up cash, and some of these young men, unfortunately, have made the decision that they're going to end their lives. So I want to say this one more time, and I'll say this every time we talk about the issue. If you are a victim of these guys, if you find yourself down the road a victim of one of these sextortion scams, just stop interacting with them. There is no good that comes from giving them money, and there is no good from continuing the communication. If you give them money, they're just going to ask you for more and more money. If you continue communicating, they're just going to get in your mental space, and mess that up terribly. Just stop talking about it. If you're-and the thing I want to talk-say, is that this is not a permanent solution. You know, especially if you're under age. This is not a permanent solution. Or a permanent situation, rather. It will go away, and you will look back on it, and it will become something in your rear-view mirror very quickly. I'm not saying you're going to look back and laugh. I'm not saying that. I'm just going to be-it's something you're going to look back on and go yeah, that was terrible, but I'm glad it was so short-lived. It won't be that long-lived. It is certainly not worth ending your life over. And if you have parents who are willing to listen to you about things like this, tell them. Tell them what's going on. I am in 99.9% of the cases-your parents would rather know about this than find you dead. That's the most important thing I want to say.

Dave Bittner: Yeah.

Maria Varmazis: Of course. Yeah.

Dave Bittner: Yeah, that's just tragic.

Joe Carrigan: It is.

Dave Bittner: Getting back to the thing with Meta, I think we all have been conditioned to roll our eyes whenever we see Meta brag about anything that they're doing, because--

Joe Carrigan: Right.

Dave Bittner: The evidence points to the complete opposite. Anybody who spent any time on any of Meta's platforms sees that whatever they're doing, it's not nearly enough.

Joe Carrigan: Correct.

Maria Varmazis: And it's often in the wrong direction, it's like [laughs], yeah.

Dave Bittner: Right, every platform, other platform, pretty much does a better job than Meta does.

Joe Carrigan: Mm-hmm.

Maria Varmazis: Yep.

Dave Bittner: I saw an article, I want to say the past week or so, about some researchers who spun up a completely new account on Facebook, a couple of accounts on Facebook. I'm pretty sure it was Facebook. Completely clean, clean IP address, new device, just, there was no way to trace anything back to these accounts, because they wanted to see what happened, and it didn't take more than, oh a week or so, before the accounts started being fed just horrible content-

Maria Varmazis: Of course.

Dave Bittner: Horrible content.

Maria Varmazis: Yeah, and meanwhile-

Dave Bittner: Just Facebook's algorithm just trying to get you hooked. It's like is this going to hook you? Oh, no? Oh, how about this-

Maria Varmazis: Here is this hot plate of garbage for you, yes, do you like it?

Dave Bittner: Right.

Maria Varmazis: Yeah, we'll give you more. And then meanwhile, I know, I think everybody I know who has ever used a Meta platform, whether it's Facebook or Instagram, primarily, can think of times where you see stuff that's legitimately terrible. Either you're being impersonated, you know, by a cloned account as we've talked about, or there's an account that you see that is clearly advocating for something violent or illegal, and you report it, and then nothing happens. You get a thing from Facebook saying this is totally fine. So you're just like, what on earth is going on. There's too big to fail on one hand, and then also too big to function, that's sort of the part that I think about it, for Meta, it's like, none of this moderation, such as it is, if it even exists, makes any sense. And people are dying.

Joe Carrigan: If Facebook failed tomorrow-

Maria Varmazis: Yeah.

Joe Carrigan: If Meta failed tomorrow, everything in this country would get so much better. So everything around the world would get so much better tomorrow.

Maria Varmazis: Isn't that a shame? That that's how it's gotten. It's such a shame.

Joe Carrigan: It is [laughter].

Maria Varmazis: It's true, though, it's true. But it's such a shame.

Dave Bittner: An interesting thing, yeah, and I wonder where everyone would go. I mean, we kind of saw this when we saw this huge exit from Twitter, right? And some people went some places, other people went other places, and it's interesting. I wonder what would happen if-

Joe Carrigan: I know where I'd go, and that would be nowhere else [laughter]. You know?

Dave Bittner: I know, but you know, it's easy to say that, and I was off of Twitter, or not Twitter, I was off of Facebook for about five years. And they sucked me back in, because there were things I was actually missing out on, because that's where so much of our discourse happens now. Just practical everyday life things, about events, and people, and people getting married, and having kids, and passing away, like, I wasn't seeing about-things in my community, because I wasn't participating. But every time I get on there, I catch myself, I feel like I am stuffing my mouth full of cotton candy, you know, something completely empty of any sort of nutritional value [laughter], but it's just super sweet-

Maria Varmazis: And then your stomach hurts.

Dave Bittner: I just hate it. Yeah! Exactly! Okay, makes me want to throw up.

Joe Carrigan: Too many Minion memes.

Maria Varmazis: Too many Minion memes. My entire adult life has had Facebook. It started when I was in college. I was one of its early users. So I'm just-I have a hard time squaring the circle of how it started, and how my entire life, especially in my 20s, my social life, was very much centered on organizing things through Facebook. And now, how almost no one I know my age uses it anymore. Because it's just such garbage. But yeah, it's the same, like, I can't-you can't completely extricate yourself from it. And I really hate it.

Dave Bittner: Yeah, I do too. Alright, well we will have a link to the story from CBS News, in the show notes. So you can check that out. Joe, Maria, it is time to move on to our Catch of the Day. [ Sound Bite of Reeling In Fishing Line ] [ Music ]

Joe Carrigan: Dave, our Catch of the Day comes from an anonymous listener, who didn't leave a name, which is why they remained anonymous, but you know we haven't done a back and forth Catch of the Day in a while.

Dave Bittner: Yeah.

Joe Carrigan: And this listener saw this on Shared, and wanted to share it with us.

Dave Bittner: Okay.

Joe Carrigan: And it's somebody messing with a scammer. So why don't you play the part of the scammer, in the gray bubbles, and I'll do the person messing with them, in the other bubbles.

Dave Bittner: Alright, alright. Hey, how are you? What are you doing?

Joe Carrigan: Sorry, who is this? Not showing up in my phone.

Dave Bittner: I'm Shina Lu, talked to you at the meeting on Fashion Design, last month.

Joe Carrigan: Oh, my God, Shina! I'm so happy to hear from you. You survived the fire, then? I had heard that only a few of us made it out. Were you hurt? Shina?

Dave Bittner: Wait, I'm confused. Are you William, from Canada?

Joe Carrigan: Yes, are you Shina from the Fashion Conference? Are you okay? Not burned?

Dave Bittner: Hey, how are you, what are you doing?

Joe Carrigan: Hey, in the shower, working on a new fashion show, based on edible swimwear, you?

Dave Bittner: I appreciate your good job. I came to Germany, but now I live in New York. I have also been to Canada, and plan to go again for vacation at the end of July. Oh, I forgot to introduce myself [laughter], my name is Shina Lu. I'm 29 years old, and you?

Joe Carrigan: I'm eating a bathing suit right now. You said we met at the Fashion Conference, and you'd like to measure my inseam again? Which of Newton's Laws is your favorite? I respect your opinion in all these important details [laughter].

Maria Varmazis: [Laughing] That's great!

Dave Bittner: I don't know what you write.

Joe Carrigan: What do you mean, Shina? Don't know what? You're from New York, yes? This is William, from Canada. You loved the taste of my socks at the festival, lettuce, lettuce, lettuce, right? I'm assuming he's talking about more edible fashion stuff [laughter].

Dave Bittner: I hope so.

Maria Varmazis: [Sinister laugh] Yeah.

Joe Carrigan: This is a family show.

Dave Bittner: By the way, how old are you? I'm 29. Actually, I do for design clothes.

Joe Carrigan: I know, you mentioned that yesterday. Are you forgetting? Our friends died in the fire at that conference last week. Why wouldn't you care about them, shiny? Lettuce. Meow. Lettuce, poopy pants? By the way, I'm 22. What area of New York you from? You keep leaving me hanging. Don't you care about my feelings?

Dave Bittner: Gentle age.

Joe Carrigan: Small ball of lettuce. Did you provide the love to one who eats their own bathing suit in the shower while alone? Do you listen to DJ Meow Mix? I love the song Meow, Meow, Meow [laughter].

Maria Varmazis: Wow.

Joe Carrigan: I think that's where the scammer got done.

Maria Varmazis: Bravo to you though.

Dave Bittner: Took him a while.

Joe Carrigan: Yes [laughter].

Maria Varmazis: Gentle age.

Joe Carrigan: [Sing-song] Meow, meow, meow, meow...

Maria Varmazis: Lettuce.

Dave Bittner: [Laughs, sighs] You know, so, I think it's fun to read these, I do think that you are-yeah, I think it's risky to engage with these folks.

Joe Carrigan: It is, yeah.

Dave Bittner: Because chances are, they're better at this than you are.

Joe Carrigan: Right. And they have your information, they've reached out to you on it.

Dave Bittner: Right, they have way more experience than you do, so as fun as it is, and as funny as it is, my recommendation would be just-just hang up. Just disconnect. Don't even go there. But you know, this was fun. So thanks to our listener, for sending this in. Again, we would love to hear from you. Our email address is hackinghumans@n2k.com. [ Music ] And that is "Hacking Humans," brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast sound. Please also fill out the survey in the show notes, or send an email to hackinghumans@n2k.com. We are privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500, to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode is produced by Liz Stokes, our Executive Producer is Jennifer Eiben, we're mixed by Elliot Pelsman, and Trey Hester. Our Executive Editor is Brandon Carp. Peter Kilpe is our Publisher. I'm Dave Bittner.

Joe Carrigan: I'm Joe Carrigan.

Maria Varmazis: And I'm Maria Varmazis.

Dave Bittner: Thanks for listening. [ Music ]