
Navigating dark waters and deceptive currents.
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan. Joe, welcome back.
Joe Carrigan: I am among the living.
Dave Bittner: And also joining us once again is our N2K colleague and host of the T-Minus Space Daily podcast, Maria Varmazis. Maria.
Maria Varmazis: Hey, and welcome back, Joe.
Joe Carrigan: Thank you, Maria.
Dave Bittner: We've got some good stories to share this week, and we will be right back after this message from our show sponsor. [ Music ] All right, well, before we jump into our stories, Joe, I think we have a little bit of follow-up here. What do we got?
Joe Carrigan: Yes, Dave, WUSA 9, that's a local station here in the Baltimore -- actually, Washington area.
Dave Bittner: Yeah, they're a D.C. affiliate.
Joe Carrigan: D.C. affiliate. They have an article about an Illinois man who was arrested in a scam where he took $800,000 in gold bars from a woman in Montgomery County, Maryland.
Dave Bittner: Wow.
Joe Carrigan: He was trying to leave on a plane heading to Ireland.
Dave Bittner: Oh.
Joe Carrigan: No word on whether or not he was laden with gold but --
Maria Varmazis: Shoved in his pockets.
Dave Bittner: Right, right. What does it look like when you put that through the x-ray scanner?
Joe Carrigan: Suspicious.
Maria Varmazis: Nothing suspicious.
Dave Bittner: Gold bars, yeah.
Joe Carrigan: So yeah, he was -- he's the second guy that got arrested for this, and I don't know -- he was a mule, so I don't know if they got any money back.
Dave Bittner: I see.
Joe Carrigan: He may have already delivered the gold bars to the person to whom he was supposed to deliver it.
Dave Bittner: Yeah, interesting.
Joe Carrigan: Steve wrote in with some follow-up on our talk -- I think it was on Episode 300 where we talked about the No Numbers Project. One of our listeners sent in the sticker from the sheriff's department, local sheriff's department. He says, "Hacking Humans team, congratulations on hitting 300 episodes. I enjoy the podcast. It has given me many ideas and ways to expand the various awareness programs I have built. In Episode 300," okay, so it was 300, "there was mention of the No Numbers Project from a magnet. I wanted to find out more and get a look at the magnet." So we'll send a message back, I guess, but this is a great idea. He's been working on his own 10 security model, or 10 points for what he calls "security made easy." All right, number one, if you don't know who it's from, don't click on it. I think that's probably a good one. If you do know who it's from, but it's not normal, don't click on it. I think that's, yeah, if something seems out of place and unexpected -- those are the two things I say, if you get an email that's out of place and unexpected, you know, by "out of place," I mean, like, violate some policy or violate some normal activity, it's unusual in some way and you're not expecting it, it's probably a scam. If you're not looking for it, don't click it. This is like the Brian Krebs rules. If you didn't ask for it, don't install it.
Dave Bittner: Right.
Joe Carrigan: Right?
Maria Varmazis: Right, yup.
Joe Carrigan: Steve goes on to number four. He says, if you buy it, keep it updated. Good advice. If you're done with it, remove all your data and get rid of it. You know, Dave, before the show, you and I were talking about how I'm moving, and I have -- I came across all of my old cell phones in the course of packing up my house. All of them, Dave.
Dave Bittner: Are you a hoarder curious [phonetic] or something? You have all of your old cell phones?
Joe Carrigan: I got to tell you, Dave, after living in a house for 20 years, I have a hard time not calling myself a hoarder. Right? I mean, because when you've lived somewhere for 10 years or 20 years, you tend to amass a lot of crap that you've forgotten about.
Dave Bittner: That's true.
Maria Varmazis: Yes, that's true, yup.
Joe Carrigan: So it would have been good for you to throw it away years ago, but I've been reluctant to throw these things away because they have all my personal data on them. I would rather destroy them, so that's what I've been holding them for. I guess it's probably time for me to do that.
Maria Varmazis: Yeah, I have a bunch of old computers in my basement for the same reason. They barely boot up, but they do. It just it takes forever. I upgraded, and so I just kind of sat them in the basement gathering dust, and I can't just throw them out. Obviously, my data is on the hard drive, so I just keep kicking that can on the road.
Joe Carrigan: You can pull the hard drives out and throw the machines out. That's what I've done. I still have a pile of hard drives I have to go through.
Dave Bittner: Just drive a nail through the hard drive.
Maria Varmazis: Just get a big old magnet, physically destroy the hard drive. Could do that. Could do, yeah. I've just been lazy.
Joe Carrigan: Yeah. Well, you're going to want -- 20 years from now, Maria, when you go to move, you're going to hate yourself.
Maria Varmazis: Well, funny you say that, Joe. I'll tell you more offline.
Joe Carrigan: Okay. All right, number six is something we say here all the time, slow down and pay attention. If you're not sure, don't click on it. Number seven is, just because you're on a mobile device doesn't mean you're protected. We've talked about that a lot here. In fact, you might actually be less protected on a mobile device, particularly with the amount of real estate that's available to you on the screen. Number eight, he says use multifactor authentication anywhere it's offered. That is something we have been screaming from the rooftops, so we will naturally agree with that one. Be careful when you post to social media. You never know who's watching. You know, I'm very concerned about that. Like I said, our house is on the market and it's available to everybody. Anybody who wants to see it, they can go find it. I like that it's there because hopefully it means I'll sell my house, but I don't like that it's there because it means everybody knows, oh, look at this house. There's nobody there.
Dave Bittner: Right.
Joe Carrigan: Right?
Dave Bittner: Right.
Joe Carrigan: And number 10, use strong words -- strong passwords, not strong words, strong passwords, or better yet, a passphrase, and if you're having trouble with that, a password manager is the solution because they're much better at coming up with good passwords than you are going to be.
Dave Bittner: Yeah, yeah. No, it's a good list, a solid list, yeah, absolutely. Well, thank you, Steve, for sending that in. We do appreciate it. Let's move on to our stories here, and, Joe, since you have the mic, why don't you kick things off for us?
Joe Carrigan: I will do that. This one comes from The Wall Street Journal. It's multiple people, Andrew Ackerman, Alexander Saeedy, and AnnaMaria Andro -- I'm going to butcher this.
Maria Varmazis: Andriotis.
Joe Carrigan: Andriotis. Thank you, Maria. Sounds like a Greek name. Is it?
Maria Varmazis: It sure does.
Joe Carrigan: Okay, and that's why I have my expert in Greek last name pronunciation from Maria.
Maria Varmazis: So it's literally all I'm here for, right?
Joe Carrigan: Anyway, this article says -- the headline is "Regulators Probing Big Banks' Handling of Zelle Scams." So we've talked about Zelle scams, all these, Cash App and Venmo scams. I don't know who owns Cash App. Is that is that Block or Square? I don't know.
Dave Bittner: I'm not sure.
Joe Carrigan: Venmo is owned by PayPal, and Zelle is owned by a conglomeration of three -- or seven banks. I have other concerns about the fact that large banks have gotten together to create a payment application, other anti-competitive concerns. I'm not entirely sure --
Maria Varmazis: Oh, I'm sorry. Cash App is owned by Block, which is formerly Square, so you were right, yeah.
Joe Carrigan: Okay, so that's -- what's his name? Jack Dorsey, his organization, who used to own Twitter.
Maria Varmazis: Used to own Twitter, right? Yeah, and now Bluesky, yeah.
Joe Carrigan: Right. So anyway, regulators are investigating these banks to see what they're handling, and what they're finding out is that these banks have decreased the amount of money they've refunded in these scams over the years. One of the things in this article is, says that the -- like two years ago, they were refunding 62% of the scams -- scam funding -- you know, when somebody lost money in a scam, 62% of the time they would refund the money back. That was in 2019. In 2023, they only refunded 38% of the customers who had lost the money. So the Consumer Financial Protection Bureau is looking into this, and their director is Rohit Chopra, and he is asking some pretty hard questions of these guys. Now, what's interesting, what I think is interesting is that JP Morgan has said that they are fully aware that -- or that "The CFPB is fully aware that we already go above what the law requires and that the regulators should expect to be challenged to ensure that their actions stay within the bounds of the law." So I am all about our government staying within the bounds of the law. I'm also all about our banks taking care of their customers, you know, so this is one of those things where I'm glad to see that there's this investigation, this scrutiny here. This has come, I think, from -- there's a quote in here, or some part of the article says that Senator Richard Blumenthal, who said in a report last month that Wells Fargo and Bank of America reimbursed that 38%. He said in a letter to Rohit Chopra at the Consumer Financial Protection Bureau to investigate this, and now it looks like they are. Zelle, to their credit, says that "99.95% of our transactions are completed without fraud -- reports of fraud or scams." So, I mean, that's a good metric, I think. That's an interesting metric, if nothing else, but --
Maria Varmazis: As far as they know, anyway. I mean --
Joe Carrigan: Right, as far as they know, right, there's a chance maybe -- but even if that's twice as bad as they're reporting, right, that's still 99.9% of the transactions being valid, but that's what you'd expect on a payment app like this. This is a massive payment app. This is now the biggest app in terms of, I think, dollar value of exchanging money. It's bigger than the Block app and it's bigger than the PayPal app. It's now the biggest one, Zelle, so it doesn't surprise me that most of the transactions are valid, right? I mean, that's like saying that most of the transactions for cash are valid. It's just that.05% of the transactions are somebody getting scammed out of their cash, and the same thing's happening here. I think there is -- there needs to be more done here, and one of the things that the CFPB is saying is that these banks are kind of dragging their feet when it comes to shutting down these accounts, especially since they're known to be fraudsters and they may not be doing everything they should be doing in terms of validating these accounts.
Maria Varmazis: Yeah, okay, I could see that.
Joe Carrigan: I think this -- I hope that this comes out, you know, what I hope here is this comes out with more consumer protection. I'm not concerned about the well-being of these seven big banks, you know.
Dave Bittner: They'll be just fine.
Joe Carrigan: They'll be fine, right.
Maria Varmazis: They'll land on their feet somehow, yeah.
Joe Carrigan: Right, exactly. I'm not going to get political about my feeling on this, so I'm going to stop where I was going with this. But I'd like to see these banks operate more in the interest of their customers than necessarily in the interest of their shareholders.
Dave Bittner: Yeah, one of the things I wonder about here is, because as these scams have gotten more and more prevalent and more people are using these cash apps, and it seems to me in many cases it's hard to claw things back in these cash apps, I think about the equivalent of some kind of like gap insurance or something, you know, like, could you give the consumers either the option or just have it be a perk that goes with these sorts of things that, you know, part of your fees cover insuring you against scams. Seems to me like that would be a nice way to attract people to your platform. I have no idea what the numbers are here in terms of how much money are we actually talking about that the platform providers are losing on a daily basis. I suspect it's substantial.
Joe Carrigan: Right, banks are always interested in stopping fraud because it does, in the end, a lot of times cost them. Even if you're talking about one-third of this.05%, that's probably a very large chunk of money.
Dave Bittner: Right.
Joe Carrigan: And my experience with these apps is limited. I have Venmo, that's it.
Dave Bittner: Yeah.
Joe Carrigan: Right? I mean, I might have Cash App on my phone. I don't think I have Zelle because I don't think I'd ever use something that was run by seven large banks. I'd rather --
Maria Varmazis: It's just sort of, like, annoying, because I know in many other countries, bank-to-bank transact -- like, transfers are free, like, easily done, and yet in the U.S. we have to have these sort of third-party apps to do it for us, which -- and then, of course, they take a little slice off the top.
Joe Carrigan: Do they take a slice off the top of these things? I mean, I know with PayPal --
Maria Varmazis: It depends on how you set it up. It depends on if you want to do it like through ACH or through a credit card, but, of course, they always find a way. They got to make money somehow, right? So, I mean, yeah, ACH is always free, but I'm talking about, like, you know, a friend wants to send me some money for dinner that we split the check on, something like that. It's harder than it needs to be here. It's so much easier in a lot of other countries, and my bank just had the attitude of these issues with Zelle are too much, so we're just not going to support it. So they just don't allow Zelle, which is just like, okay, that is an option.
Joe Carrigan: That's good. You bank with a smaller local bank?
Maria Varmazis: I do. They just said, "We don't want to deal with this. We've seen too much fraud happening to our customers," or maybe even in the other direction, and they just -- they don't have the ability, understandably, they're small, they don't have the ability to deal with all this, so they would just rather just not at all, and I kind of understand it, as annoying as it can be for me, when I'm trying to get money to friends, yeah, I find other ways, like a check.
Joe Carrigan: I am perfectly fine with that solution.
Maria Varmazis: Yeah, I know. That aged me a lot.
Joe Carrigan: Yeah.
Maria Varmazis: I still use those.
Joe Carrigan: Let me write you a check.
Maria Varmazis: Honestly --
Joe Carrigan: I wrote a check last night.
Maria Varmazis: I can't use Zelle, so I got to use a check.
Joe Carrigan: Right. I also bank with a small, a smaller bank. I don't bank with a large bank. And one of my thinking on this is the concept of "too big to fail." I don't want to do my business with a bank that's too big to fail. I don't want to keep my money in a bank that's too big to fail, because if that bank does fail, I'm not getting everything back, right? But if I go with a smaller bank and it does fail, that's not a big deal from the FDIC's perspective. That's my thinking on it. I don't know if this is right or not, but --
Dave Bittner: Yeah, well, yeah, I mean, I think the general guidance is here in the U.S. to not have anything -- not have your assets in any one place exceed the amount of insurance that the FDIC provides for those kinds of things.
Joe Carrigan: I mean, but imagine a bank that's too big to fail and the FDIC can't cover the bill. Then what happens?
Dave Bittner: Well, Congress writes a big fat check.
Joe Carrigan: Right.
Dave Bittner: Because that's inherent, that this Congress --
Joe Carrigan: Dave, don't think of that as Congress writing the big fat check for it. Think of that as you, me, and Maria writing the big fat checks.
Dave Bittner: And therein lies the big -- too big to fail. I mean, that's the peril, right?
Joe Carrigan: That's the peril.
Dave Bittner: Yeah, yeah. All right, well, I mean, in terms of our listeners here, any action items?
Joe Carrigan: I say don't use Zelle.
Maria Varmazis: Done and done.
Joe Carrigan: This is not really a list -- an actionable listener thing. Maybe write your congressman and tell them that you -- or your senators, and tell them that you're fed up with this kind of stuff going on, that you have some concerns about the nonchalant attitude that these payment apps and banking apps are having.
Dave Bittner: Yeah. All right, well, we will have a link to that story in the Show Notes. Maria, how about you go next year? What do you got for us this week?
Maria Varmazis: Oh, gosh. So we had a great -- we had a bunch of really fantastic listener contributions. One of them was from Chloe, who sent a link to a thread on Bluesky, one of the many Twitter alternatives that have popped up, and we were just talking about Jack Dorsey and Bluesky, which, actually, I think he stepped back down from recently, but this is his -- this was his baby originally, and there's a thread here by Aaron Fogg with a screenshot from a website. I used to know what these are called. They're called click somethings. Hold on. Now I've forgotten, sorry. It's a picture from a website where basically people can do jobs for small amounts of money, like almost like a microtransaction for a really simple task that they can fulfill, and this is a great way for some people to supplement their income, is the theory, and there's a whole bunch of these cropping up right now to help basically be a human captcha machine to train A.I, and one of the ones -- and the one that Aaron Fogg took a screenshot of were a number of tasks, and I'll just read them to you. Number one, show us your baby or child. Help to teach A.I. by taking five photos of your baby or child, $2 per job. Record a video of your child crying. Your child has to be between 7 to 12 or 19 to 24 months old, $1 per job. Take nine pictures of a teenager's face, 13 to 17 years old, $3 per job. I don't think I need to go into too much detail about why this is absolutely horrifying.
Joe Carrigan: Yeah, I got red flags going up everywhere.
Maria Varmazis: Everywhere, yeah, action item is --
Dave Bittner: This is why I'm no longer welcome at the local daycare.
Joe Carrigan: Right.
Maria Varmazis: Hey, it's like the first two are "show us your kid," and the last one is "take a picture of any teenager's face."
Dave Bittner: Yeah, I'll just hang out in front of the middle school, no problem, and start taking pictures of teenagers. That won't go wrong.
Maria Varmazis: Three dollars a job. So action item is please don't do this. Please, please, please don't do this. But I think it's just -- I didn't know this, I mean, I didn't know this was even a thing. I didn't even know that these kinds of microtransaction-y, tiny jobs to train A.I. were a thing. I mean, you know, whenever we fill out a captcha on, pick a thing, on the Internet now, they seem to get more and more complex, but it's just amazing to me that now we're literally feeding the A.I. machine, putting children at risk in all sorts of terrible ways. So please, please don't do this, and make sure that you tell people that you know, if they're looking to supplement their income, think about the safety of those in their lives, because this this ain't it, so --
Joe Carrigan: I mean, if you look at some of the things Aaron Fogg is saying here that are absolutely correct, and they're too -- I don't want to -- I don't want to go into them, but, yeah, there are a multitude of reasons why you shouldn't do that, and some of them are very bad.
Maria Varmazis: Yes.
Dave Bittner: Well, I wonder, too, if this is even real itself. Like, is the whole ask a scam? Will you get your $2 per job? Is this one of those things where they post a job that sounds too easy -- I guess the low payoff makes me think it probably is real, because if it were a scam, they'd be paying you $20 per picture, right?
Joe Carrigan: Amazon has a service like this called "MTurk."
Maria Varmazis: Yeah, Mechanical Turk.
Joe Carrigan: It used to be called "Mechanical Turk."
Maria Varmazis: Yes, I remember, yup.
Joe Carrigan: I've used it for surveys, as a way to collect survey data, and it was pretty effective at doing that, and was -- there was a way for me to make sure that the people who had completed the survey actually did the work, so even though the survey was actually done on Qualtrics, not through the MTurk version of the survey tool.
Maria Varmazis: Yeah, I mean, I don't want to direct people to the website for the situation in question here that we're talking about. It is from a legitimate site, and the transactions that people are getting paid for are around a couple of dollars per job, so I think this is indeed real, and a lot of them are --
Joe Carrigan: I would say it's real.
Maria Varmazis: Yeah, like take a picture as you're going out shopping of like the walls at your grocery store, stuff like that, so AI can understand what grocery stores look like from the inside, I suppose. But yeah, I could just see -- I mean, I'm sort of clued into the stay-at-home-mom world because I was one for a little bit, and I see sites like this pop up in those groups all the time where it's, you know, somebody is looking to help pay for something for their kids and they're not able to leave the house. These jobs are perfect. And, you know, little, just taking a photo, it can add up, but please do not send pictures of your kids. Oh, my goodness.
Dave Bittner: Send pictures of your neighbor's kids.
Maria Varmazis: You can't pick your nose.
Dave Bittner: Just invite them over. You know, their parents don't need to know.
Joe Carrigan: Somebody here down, pretty far down the line here has a very interesting comment. Why not sell them A.I.-generated images?
Maria Varmazis: Let the ouroboros eat its own tail, right, yeah.
Dave Bittner: Yeah, I like it. I like it. That's smart, yeah. Oh, that's funny. A caper. All right, well, we will have a link to that Bluesky post. This is one of those ones where you kind of need to see the image and have it smack you in the face.
Joe Carrigan: Right.
Maria Varmazis: It is horrifying, yes. Yeah.
Dave Bittner: All right, we're going to take a quick break here before we get to my story. So we will be right back after a message from our sponsor. [ Music ] All right, we are back, and my story this week actually comes from our friend of the show, Graham Cluley.
Joe Carrigan: Not Graham.
Maria Varmazis: Hey, Graham.
Dave Bittner: He wrote for the Bitdefender blog about the FTC, the Federal Trade Commission, has been warning consumers of scammers offering to remove all negative information from credit reports. So, you know, that's funny, I was just talking about this the other day with some friends about how here in the U.S. we have this credit -- these credit agencies, right? And you have no -- you can't opt out of them.
Joe Carrigan: Right.
Dave Bittner: Right? Just by being a person, it's legal for them to slap a number on you, and there's nothing you can do about that, based on how they perceive your creditworthiness to be, and I understand there's utility to that, but it just seems to me -- like, I wonder if this were new, would they still be allowed to do it?
Joe Carrigan: Right.
Dave Bittner: You know? How much of it is allowed, because it's a legacy thing. Anyway, I digress. This story is about how the FTC has shut down a group who was advertising its services as a credit repair operation, saying that they would be able to get rid of all of the negative things on your credit report. Basically, if you have bad credit, they'll be able to fix your credit but quick, and the FTC has ordered this organization, they're called "Financial Education Services," to pay $12 million, saying that they were running a pyramid scheme that sold credit repair services going after consumers with low credit scores.
Joe Carrigan: A pyramid scheme.
Dave Bittner: So a double scam.
Maria Varmazis: It is expensive to be poor.
Joe Carrigan: Right, no, it is expensive to be poor. That's correct.
Maria Varmazis: Yup, yup.
Dave Bittner: Yeah. So basically what this company did was they would charge up front for their services and they would exaggerate the claims of what they were capable of doing, but then to add insult to injury, if let's say you went to them to get their services, they would try to make you join their pyramid scheme --
Joe Carrigan: Ah.
Dave Bittner: To sell the credit repair services to other, because, I don't know, if you have bad credit, chances are --
Joe Carrigan: You know other people who have bad credit.
Dave Bittner: Other folks who have bad credit. I guess that's how the line of thinking goes. I don't know how accurate that is or not.
Maria Varmazis: We're all enabling bad habits, okay, yeah, all right.
Dave Bittner: Right, right. So this article points out that negative information cannot be legally removed from a credit report. Mistakes can be fixed, or if there's an error on your credit report, you can get that fixed, and the FTC says that's pretty easy to do. If you can document that there's a mistake, it's not hard to do it, but negative stuff is there and is there for a reason. So, you know, the bottom line here is pay your bills on time. Do your best to mind that credit, but these companies are not going to be able to do what they say they're going to be able to do, certainly, and it's not to say that there aren't ways to help up your credit score, but the type of results that these folks evidently were promising, it's the old "if it's too good to be true, it probably is."
Joe Carrigan: Right.
Maria Varmazis: Indeed, yup.
Dave Bittner: You're not going to double your credit score overnight. It takes time.
Maria Varmazis: Yeah.
Joe Carrigan: You know, I don't know how I feel about credit scores.
Maria Varmazis: Oh, I know how I feel about credit scores.
Joe Carrigan: I've had this discussion, you know, I think a good credit score is just a measure of how good of a chump you are.
Maria Varmazis: What?
Dave Bittner: Okay.
Maria Varmazis: All right.
Joe Carrigan: So, like, you will -- because you -- if you have, like, no credit, your score actually goes down, but if you have like credit card debt where you maintain about one-third of your credit as used credit, that drives your score up.
Dave Bittner: Yes.
Joe Carrigan: So you are voluntarily paying somebody else interest. In other words, the people with the best credit scores are the people who use credit, but not too much.
Maria Varmazis: Yeah, but they can pay it off in full, though. It doesn't -- you don't have to keep a minimum.
Joe Carrigan: You can, right. You can pay it off in full, but I think that causes your credit score to go down.
Dave Bittner: It does, yes, it does.
Joe Carrigan: So in other words, you're not a chump. You don't sit there and pay interest on things. You know, you have the ability to pay it off, so you do, and that negatively impacts you.
Dave Bittner: Right, but I think the credit companies would say -- the credit reporting companies would say that what they're rating is your credit worthiness and your ability to manage the amount of credit that has been given to you, so they want to see active, responsible use of the credit lines that are given to you. If you have a bunch of credit lines and you never use them, they have no track record for how you do if you do and when you do.
Maria Varmazis: How do you deal with adversity? Tell us the worst -- what's your worst trait? Are you too good of a payee?
Joe Carrigan: How do I deal with adversity? I run up all my credit cards and disappear. That's what I do.
Maria Varmazis: What's your greatest weakness? Yeah.
Joe Carrigan: Do you guys know who Dave Ramsey is?
Maria Varmazis: Yes.
Joe Carrigan: He's a financial guy on radio and talks about, you know, his big mantra is that all debt is bad debt. There's no such thing as good debt, not even a mortgage.
Maria Varmazis: He's very conservative, like lowercase-C conservative in his advice, but he's like a pay-cash-everything guy, which is great if you can do it.
Joe Carrigan: Right, yeah, it is.
Dave Bittner: Meanwhile, back in the real world.
Joe Carrigan: I was -- I got this -- I got this -- yeah, exactly. I got this feeling one day that these FICO scores were just a measure of how big of a chump you were, and I went and looked, looked it up, see if he had anything to say about it, and sure enough, he agrees with that stance, but because he has no debt, when he goes to buy a house and he does get a mortgage, he has to go to a lender that doesn't use FICO scores, which are kind of hard to find.
Maria Varmazis: Wait.
Dave Bittner: Well, then, he has to eat his own dog food.
Maria Varmazis: Why would he need a mortgage?
Dave Bitter: Exactly, why does he need a mortgage?
Maria Varmazis: You're supposed to pay everything in cash.
Dave Bittner: Right, he doesn't need a mortgage. Hypocrite. Mr. Smarty Pants.
Maria Varmazis: Yeah, I run into his advice all the time online. I'm like, well, if I could pay everything in cash, I wouldn't be looking for financial advice, so thank you very much.
Dave Bittner: Right, right, right. Exactly.
Joe Carrigan: That's not particularly helpful.
Dave Bittner: How to get rich, right? Just simply borrow $100,000 from your parents and start a business.
Maria Varmazis: Or live somewhere where the cost of living is extraordinarily low, and hopefully you can have a job out there, too. Not my problem. Yeah.
Dave Bittner: Right, right.
Joe Carrigan: My other least favorite financial guy is Jim Cramer. I can't --
Dave Bittner: He's an entertainer.
Joe Carrigan: He's an entertainer.
Dave Bittner: That's right, got to give him that. All right, well, we will have a link to this story from our good pal Graham Cluley, and hopefully you can check that out. All right, Joe, Maria, it is time to move on to our "Catch of the Day." [ Soundbite of reeling in fishing line ] [ Music ]
Joe Carrigan: Dave, this week, our "Catch of the Day" comes from Benjamin, who writes, "Hello, Dave, Joe, and Maria. Well, it finally happened. Some smart hacker believes that they have a live one with my personal email address. Unbeknownst to them, I have your team and a 'Catch of the Day' to help read such slander live for a wonderful audience. Please feel free to put on your best voices and have a laugh here."
Dave Bittner: Okay, it says, "Hi there. I want to inform you about a very bad situation for you. However, you can benefit from it if you will act wisely. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess you already figured out where I'm getting at. It's been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the Internet. During this period, I've learned about all aspects of your private life, but one is of special significance to me. I've recorded many videos of you being intimate with highly controversial videos online, given that the questionable genre is almost always the same. I can conclude that you have a sick perversion. I doubt you'd want your friends, families and co-workers to know about it. However, I can do it in a few clicks. Every number in your contact book will suddenly receive these videos on WhatsApp, Telegram, on Skype, on email, everywhere. It's going to be a tsunami that will sweep away everything in its path, and first of all, your former life. Don't think of yourself as an innocent victim. No one knows where your perversion might lead in the future. So consider this a kind of deserved punishment to stop you. Better late than never. I'm some kind of God who sees everything. However, don't panic. As we know, God is merciful and forgiving, and so do I, but my mercy is not free. Transfer $800 to my Bitcoin address. Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all your devices, and disappear from your life. You can be sure my only benefit is only money. Otherwise, I wouldn't be writing you but destroy your life without a word in a second. I'll be notified when you open my email, and from that moment, you have exactly 48 hours to send me the money."
Joe Carrigan: Artificial time horizon.
Dave Bittner: "If cryptocurrencies are uncharted waters for you, don't worry. It's very simple. Just Google 'crypto exchange' and then it will be no harder than buying some useless stuff on Amazon. I strongly warn you against the following. Do not reply to this email. I sent it from a temp email, so I am untraceable. Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published. Don't try to reset or destroy your devices. As I mentioned above, I'm monitoring all your activity, so you either agree to my terms or the videos are published. Also, don't forget that cryptocurrencies are anonymous, so it's impossible to identify me using the provided address."
Joe Carrigan: They are not.
Dave Bittner: "Good luck, my perverted friend. I hope this is the last time we hear from each other. And some friendly advice. From now on, don't be so careless about your online security."
Joe Carrigan: Yes, that's very helpful advice. Thank you.
Maria Varmazis: Helpful extortion.
Dave Bittner: Yeah, generous extortionist.
Joe Carrigan: This is great. Maria pointed out that the spaces in this are not blank spaces. They're numbers.
Dave Bittner: So in between every word where you expect there to be a space, like the character that the space bar generates, instead, it's is a white-on-white number.
Maria Varmazis: Yeah.
Dave Bittner: So you don't see them when you're just reading it, but if you highlight it, there they all are.
Joe Carrigan: Right.
Maria Varmazis: Vindication for everyone who has a text-only email, like our old-school IT buddies who don't do any kind of HTML in their email. They're like, yup.
Joe Carrigan: Yeah, look at this. This looks like crap, it's probably a scam. By the way, I did check the Bitcoin address while we were listening to this expertly read by Dave.
Dave Bittner: Yeah.
Joe Carrigan: And nobody has sent this guy any money on either Bitcoin or Bitcoin Cash.
Maria Varmazis: Oh, good. All right, good.
Dave Bittner: Good, excellent. Yeah, I mean, I'm guessing this whole -- the thing with the numbers, though, is just to try to avoid being detected by spam filters.
Joe Carrigan: Yeah, I would guess that.
Dave Bittner: Make it seem like a string of just random characters to a computer. Interesting. All right, well, thank you, Benjamin, for sending that in. That was a fun one, and, of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans@n2k.com. [ Music ] That is "Hacking Humans" brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the Show Notes or send an email to hackinghumans@n2k.com. We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tre Hester. Our executive editor is Brandon Karpf. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]