Crypto chameleons and star fraud.
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is my co-host, Joe Carrigan. Hey, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And my other co-host, my N2K colleague and host of the T-Minus Daily Space podcast, Maria Varmazis. Hello, Maria.
Maria Varmazis: Hello, Dave. Hello, Joe. Hello, gentlemen.
Dave Bittner: We've got some good stories to share this week, and we will be right back after this message from our sponsor. All right, I don't see any follow up in our rundown today, so we will jump right into our stories here. Joe, you have the honors. What do you got for us?
Joe Carrigan: I have two stories because they're both kind of short.
Dave Bittner: OK.
Joe Carrigan: But the first one is about some suspected jury duty scammers who have been arrested in Sarasota, Florida. But they managed to get 12 grand out of somebody. So here's the interesting part of this. There are two of them. One is named Anthony Sanders and the other one is Marlita Andrews. And they work together to victimize this woman out of $12,000. They called her on the phone, Anthony Sanders did. Called her on the phone, said, "You owe money for missing jury duty." Now, everybody who listens to this show hopefully knows that if you miss jury duty, they're not going to call you and demand money.
Dave Bittner: Right.
Joe Carrigan: I don't know what the penalties are, but it's not that. It's not as --
Maria Varmazis: At least in the United States, that is true.
Joe Carrigan: Right. That's correct. I don't know how that works outside but --
Maria Varmazis: In other countries. Yeah.
Joe Carrigan: Yeah, this guy was able to spoof the sheriff's office phone number and knew the name of the sheriff. The interesting thing about this is while he was doing this, Anthony Sanders, he was in prison.
Maria Varmazis: What?
Joe Carrigan: He was on the phone in prison scamming somebody out of $12,000. And Andrews is the person that was out using the cryptocurrency. So they talked this woman into going to a- they said, "You got to go to pay your fine at the bond place." But they just sent her to a cryptocurrency ATM where she pumped in 12 grand and then transferred $12,000 to Andrew's crypto wallet. That money was immediately dispersed. So I don't think that this woman is going to get her $12,000 back. It's probably gone.
Dave Bittner: Wow.
Joe Carrigan: But it's interesting, this guy was running it out of prison and his girlfriend, Marlita Andrews, was working with him on the outside as, I guess, as the legs of the operation, right, moving things around.
Dave Bittner: I guess we should note that they've been indicted and arrested. So these are all allegations so far.
Joe Carrigan: Correct. These are all allegations so far.
Dave Bittner: That's right.
Joe Carrigan: That's right.
Dave Bittner: But yeah, you know, the things people sneak into prison, right?
Joe Carrigan: Yeah.
Dave Bittner: Like, I think people would --
Joe Carrigan: And how?
Dave Bittner: Years ago, you know, people would talk about the war on drugs. And one of my responses was, you know, how are we going to keep drugs out of people's hands when we can't keep drugs out of prisons?
Joe Carrigan: Right.
Dave Bittner: Right? Like there's- I guess where there's a will, there's a way when there's a market.
Joe Carrigan: Yeah.
Dave Bittner: I heard somebody, you know, I've been doing amateur radio lately, and I heard someone tell a story recently that they heard a couple of young women whispering to each other on a radio frequency recently. And he was wondering, like, "What's, you know, why are they whispering?" They're just having conversation whispering. And through the use of directional antennas, he figured out that they were both in the local women's prison and they were whispering to each other because they weren't supposed to have the radios. It was nighttime. They- Somehow they'd gotten in walkie-talkies or something. And so this person keyed up and said --
Maria Varmazis: Love that.
Joe Carrigan: -- "You know, ladies, you never know who can hear what you're talking about."
Maria Varmazis: As loudly as possible, right?
Dave Bittner: Right, right, exactly. And they both, you know, so they never heard from him again.
Joe Carrigan: That's funny.
Dave Bittner: Yeah, yeah.
Joe Carrigan: So good that these folks were caught, assuming that they, of course, did this, and they are innocent until proven guilty.
Dave Bittner: Yeah.
Joe Carrigan: The next story comes from LinkedIn, and this poster is Franco Aguilera. And Franco is telling a story. We're going to put a link in the show notes. He's- I'll just kind of start summarizing this here. He says, a few days ago, a user on LinkedIn reached out to him and said, "Hey, I like your stuff." "Let's do a job interview, and I want to see your technical chops here. They- You know, your stuff looks good on paper, but I want to see if you can do it, so let's have an interview." So the guy signs up with this interview, and he- the person who wants to interview him says, "Go download this repository from GitHub." And he does that, and he starts running it. And --
Dave Bittner: Well, Joe, let me interrupt you real quick because we should --
Joe Carrigan: Sure.
Dave Bittner: For folks who aren't in this world, we should explain that --
Joe Carrigan: Yes.
Dave Bittner: -- this is a pretty routine thing. Can you explain what code challenges are for somebody seeking this kind of employment?
Joe Carrigan: All right, so if you're a software engineer or software developer, you may get tasked as part of your job interview process with coming up- with developing some kind of software that answers a question. Usually it's an academic or a pedantic question, or maybe it's a business question. And you may also be tasked with updating some code base somewhere, or you may have to implement something that already exists in- like using a library.
Dave Bittner: Right.
Joe Carrigan: So, GitHub is a code repository place where all this code is stored and- well, not all of it, but it's one of the places where it's stored.
Maria Varmazis: A lot of it, yeah.
Joe Carrigan: Yeah, a lot of it. You can- Anybody can open up a GitHub account and start storing- start creating repositories, keep them private, make them public. Microsoft bought GitHub, so understand that if you're going to use the service. I mean, I don't know how common it is in the software engineering world. I mean, I haven't done a software engineering job interview in years.
Dave Bittner: Yeah.
Joe Carrigan: So, we used to do the whiteboard exercises where, you know, somebody would say, "How would you solve this problem?" And then we'd have to draw it out on a whiteboard.
Dave Bittner: Right.
Joe Carrigan: Maybe write some pseudocode or maybe write some code. But this new thing is, you get on like some kind of Zoom or Google Meet or Teams and you share your screen and they watch you do the development process. But what happened with this guy is he said- they said, "I need you to go out and download this client server package and fire up the server and then we're going to try to interact with it." Well, in this server package, there was a line that prevented the server from running. And he checked that line and he found this obfuscated file. He's got pictures of all these things in here too. So, I mean, hearing me talk about it is kind of good, but seeing the pictures might make it more clear. And then he found that the script was going out and collecting information and sending it to an IP on the internet somewhere. So in the back end --
Maria Varmazis: This is not normal, right?
Joe Carrigan: No.
Maria Varmazis: Like, we should never expect this to be happening. OK.
Joe Carrigan: That is correct. So on the back end, this thing was going around and what he thinks it was doing was looking for crypto keys, crypto wallet keys, and it was specifically looking for those kind of things on his computer. And he said, this is on him for not doing a code review beforehand or for just firing up a VM and doing the code exercise in a VM where there would be no- nothing of any value to lose, essentially.
Dave Bittner: Right. VM is virtual machine.
Joe Carrigan: Virtual machine, correct.
Dave Bittner: Yeah.
Joe Carrigan: So you can set up a virtual machine that looks and acts like a real machine. Use that as your machine. If you have- VMware has a low cost version that you can buy that you can use yourself. There's also a VirtualBox where you can just spin them up. And VirtualBox is free, but it is an Oracle product. And then there's other Linux implementations that you can use. So, if you recall, a couple- about a year ago, maybe two years ago, it had to be like a year and a half ago or something like that. I was talking about a friend of mine who is a software engineer and he got tricked into running what he thought was a game because somebody had taken over one of his friend's Discord accounts.
Dave Bittner: Yeah, I remember that.
Joe Carrigan: And sent him a- Sent him essentially a piece of malware that just went through and stole all the information, then tried to blackmail him. Now he didn't send any money, he just changed all his passwords while he delayed the guy. But it was very scary to have that happen, and I'm sure this was very scary for Franco as well. Franco Aguilera.
Dave Bittner: Right.
Joe Carrigan: So, yeah, when you're doing a code interview, if you're a software engineer, if they're going to ask you to download and run something, maybe do that in the VM, I think.
Dave Bittner: Right.
Maria Varmazis: It's not a bad idea.
Joe Carrigan: Yeah, I don't think that's something you just do. I don't think you just trust these people.
Dave Bittner: No. And I think that's a big part of, or a big point of what's going on here is that you're somebody- when you're somebody who's looking for a job --
Joe Carrigan: Right.
Dave Bittner: -- the balance of power is uneven.
Joe Carrigan: Yes, it is.
Dave Bittner: And you want to please these people. So chances are you're going to do what they ask without putting up any kind of stink because you don't want to be seen as being difficult. And that gives them the advantage of saying, "Well, we just want you to install this on your computer and -- "
Joe Carrigan: Yep, 100%. There is definitely a power dynamic in play here. I mean, it may not work on guys our age, Dave. You know, somebody says, "Hey, I'm going to do a job interview. I want you to run this program." I'm like, "There is no way I'm installing that on my computer."
Maria Varmazis: Yeah, I was just thinking about that power dynamic. The more of a gray beard you are, I doubt they're going to have you running anything. But if you're more entry level, then you really don't have much of a pushback on that.
Joe Carrigan: Exactly.
Maria Varmazis: I'm married to a software developer, so I'm just thinking about what he's been through with his career. So, yeah, I could totally see someone more junior having to do this.
Joe Carrigan: Well, how gray is his beard right now?
Maria Varmazis: What was that?
Joe Carrigan: How gray is his beard?
Maria Varmazis: It's quite gray. I actually noticed the other day he's actually been fully inducted into the graybeard.
Joe Carrigan: Very good.
Maria Varmazis: I'm quite proud.
Joe Carrigan: So has he adopted the angry curmudgeonly old attitude- old man attitude yet?
Maria Varmazis: Oh, yeah. I married him with that.
Joe Carrigan: OK. OK.
Maria Varmazis: He said it from the get-go.
Dave Bittner: Got you. Not a bug, but a feature.
Joe Carrigan: Not a bug.
Maria Varmazis: That's true.
Dave Bittner: That's great. All right, well, we will have a link to both of these stories in the show notes. I'm going to go next here. My story comes from the folks at KrebsOnSecurity. This is Brian Krebs, well-known, I guess you'd call him an investigative reporter when it comes to cybersecurity things.
Joe Carrigan: Yep.
Dave Bittner: And he has a post here. It's first of the New Year. It's titled "A Day in the Life of a Prolific Voice Phishing Crew." And this is a very interesting kind of long read, a bit of a deep dive into an organization who does exactly what he describes here, voice phishing.
Joe Carrigan: You know, I want to stop right there and say, thank you, Brian, for not using the term vishing.
Maria Varmazis: My goodness, I was just thinking that. I was just thinking that, Joe.
Joe Carrigan: Voice phishing is such a better descriptor of what it is. It tells you everything you need to know. It's good jargon.
Maria Varmazis: Same wavelength, Joe.
Joe Carrigan: That is good jargon.
Maria Varmazis: I was just thinking that.
Dave Bittner: You don't like vishing, you don't like smishing.
Joe Carrigan: I don't. I don't like either of those terms.
Maria Varmazis: No. I'm with you 100%, man. It's like, oh, God. Yep.
Dave Bittner: Yeah, I agree. I agree.
Maria Varmazis: Sorry.
Dave Bittner: So imagine this. You're- As you know, I like to say, you're sitting home, you're minding your own business. You get a call or an email from either Apple or Google, and they're sending you notifications on your phone, maybe on your computer. And as far as you can tell, everything looks legit. And that is the mechanism by which these scammers are going after people and stealing money and data and that sort of thing. And part of the scam is that they're using real services from Apple and Google to trick you into thinking everything is OK.
Joe Carrigan: Right.
Dave Bittner: And this article has a couple examples of folks who got hit here. There's a gentleman named Tony who's a cryptocurrency investor. He lost $4.7 million in a phishing attack.
Joe Carrigan: Yikes. Wow.
Dave Bittner: Can I just say, it must be nice to have $4.7 million to lose.
Joe Carrigan: Well, I mean, it depends how much of his personal assets was that.
Dave Bittner: Right, right, right.
Maria Varmazis: Was it all on paper or was it real? Yeah.
Dave Bittner: I mean, yeah, yeah, obviously --
Maria Varmazis: All in crypto.
Dave Bittner: -- I'm being flippant here.
Joe Carrigan: Yes, yes. I mean, if he's worth 400 million, OK, yeah, that's --
Dave Bittner: Well, actually, we'll get to that with our second victim.
Joe Carrigan: OK.
Dave Bittner: So he got what looked like a recovery prompt from Google, which is where, you know, they say somebody's trying to break into your account or you're trying to recover your account.
Joe Carrigan: Right.
Dave Bittner: You've forgotten your password. And then he got a fake email from google.com and the bad guys used that to take him to a fake website that looked like a Google login. And then they stole his login details, they drained his crypto accounts. And this was all by pretending to be Google. Victim number two is a gentleman. Perhaps you've heard of named Mark Cuban.
Joe Carrigan: OK.
Maria Varmazis: Yeah, that guy.
Dave Bittner: Famous billionaire Mark Cuban. He was only hit for $43,000 for a scam, which is, you know, the money in his couch cushions, probably.
Maria Varmazis: Yeah. He didn't even noticed. Geez.
Dave Bittner: Right, right. But evidently, he was on the set of Shark Tank and he got a phone call from somebody pretending to be Google. And he --
Maria Varmazis: It happens to everybody.
Dave Bittner: Right. But think about that, right? He's on the set of a television show, so he's distracted. You know, he doesn't want to be the guy interrupting the show probably.
Joe Carrigan: Right.
Dave Bittner: And somebody's asking him for something, and he gave them the one-time code that the scammer sent him on his phone. Right? So when you try to do an account recovery, Apple or Google or, you know, lots of these places, they'll send you a one-time code, and they'll say, "We're sending this code. Please put in this code. This is how we know it's you." Well, if you share that one-time code, that's kind of the ball game.
Joe Carrigan: Right.
Dave Bittner: And that's what Mark Cuban ended up doing. And that's how they got into his email and they stole $43,000 in cryptocurrency. Now, to me, Mark dodged a bullet here because --
Joe Carrigan: Yeah, absolutely.
Dave Bittner: What you could do if you got into Mark Cuban's email?
Joe Carrigan: Yeah, yeah. These guys --
Maria Varmazis: Oh, man, but the bragging rights, though, even if it's only 43k, you have to be Mark Cuban.
Dave Bittner: Right.
Joe Carrigan: If I'm one of these guys, I'm not telling anybody where I got $43,000, because if I say I got it from Mark Cuban, they're going to be like, "You only got $43,000?"
Maria Varmazis: Fair. All right.
Joe Carrigan: I mean --
Maria Varmazis: Yes, you could look at it that way.
Dave Bittner: That's true. That's true.
Joe Carrigan: Yeah. I mean, still, that is a remarkably big loss for a scam. Somebody is having a very good day at whatever scam organization this is.
Dave Bittner: Yeah. So this article talks about the groups who do this. One of them is called CryptoChameleon. And basically, they do this as a service. They rent out the phishing kits.
Joe Carrigan: That's exactly what I'm thinking.
Dave Bittner: To what?
Maria Varmazis: Are we on the same brain?
Joe Carrigan: Yup.
Dave Bittner: Karma, karma, karma, karma, karma CryptoChameleon? Is that what you guys are thinking?
Joe Carrigan: Crypto, crypto, crypto.
Maria Varmazis: Yup.
Dave Bittner: I did not go there. Crypto, crypto, crypto, crypto, CryptoChameleon.
Joe Carrigan: I heard Maria singing it, I'm just like, yep.
Dave Bittner: I did not go there, but now I will not be able to get it out of my mind. So these folks rent out their phishing kits, very businesslike. And what's interesting, there are different folks who take on different responsibilities. So they have the callers who are the ones who talk to the victims. There are the operators who manage the tools, and then there's the drainers who are the ones who steal the money. I wonder like what the pecking order is, you know? Do you see ultimately- Like, what's the most important, hardest job to get? What do you graduate to if you make your way through this chain?
Joe Carrigan: Yeah.
Dave Bittner: Or are some people just naturally attracted to different things?
Joe Carrigan: I don't know. Maybe it's like an Ocean's Eleven kind of thing where you have all the different crew members, right?
Dave Bittner: Exactly, exactly. The article does go through the various steps that they take when doing this. You know, first, they identify the target. That's pretty straightforward. But they use some tools that they call "autodoxers", which are tools that can basically go through big data breaches and identify people who are interesting, like we need to have assets, you know, those sorts of things, high value targets. And then they have the initial contact, which is either a phishing email, a phone call, or some kind of notification. And this is where, in this story, they're impersonating Google or Apple Support. And then they go through the building trust process. They call the victim and they pretend to be a support agent. They'll say, "Hi, this is Mike from Apple," or, "This is- I'm from Google Account Recovery." And they reference the notifications that the victim has already received, which reinforces that illusion of legitimacy.
Joe Carrigan: Right.
Dave Bittner: And then they guide the victim through steps to resolve the issue. They'll- In this particular case, the scammers were spoofing Apple's actual support line.
Joe Carrigan: Yeah.
Dave Bittner: So the call you got coming into your phone, if you looked it up or with a caller ID, it would say it's from Apple. And if you looked it up to verify, it would say, "Yeah, that's Apple."
Joe Carrigan: Apple. That's it.
Dave Bittner: Right. So obviously, you know, there's social engineering. They- All these things we've talked about, they convince you to log into a fake login page. Usually, they'll tell you to that- "We need you to log in in order to secure your account." Right? So you're doing the safe thing and then you enter your username, your password, and maybe your two-factor authentication. And that's basically it. Then they've got access to your accounts. They log in as you. They very often will search for things like cryptocurrency accounts. And if you have that, they'll drain your wallet. Some of them will look to have persistence on your device. So even after they've gotten the initial stuff that they've grabbed, they'll install software that allows them to stay in there and be able to poke around at their own convenience. So that's something you have to worry about. And then once they're done with you, they're off and on their way. So, interesting story. It digs into a lot of the depth of how these groups operate, the various positions that people have, and some good ways to try to protect yourself against it. So we will have a link to that in the show notes. Anything in particular that grabs your attention? Maria, let me start with you.
Maria Varmazis: I mean, it's just always amazing to me how sophisticated these operations are. It's fascinating. I'm always fascinated to hear about it, even though I'm also scared that I'm going to be next.
Joe Carrigan: Yeah, yeah. Right.
Maria Varmazis: I mean, it's what I think. I have these conversations with my mom a lot. She may be listening to the show, which would be nice. Maybe she should. She's always like, "Oh, you're so on top of this stuff. You know about these things." And I tell her, I'm actually- I get more scared the more I learn about these things.
Joe Carrigan: Right.
Dave Bittner: Right.
Maria Varmazis: Because, I mean, very, very smart people, in just a moment of being rushed or weakness or whatever you want to call it, they fall victim to these things. And it's like, today them, tomorrow me. It's- So I don't know, I'm trying not to lose hope here about what it means for all of us. But it is really remarkable how my old mental model of this being just some lone troublemaker or something is so, so outdated. And it's just incredible to hear. Yeah, Ocean's Eleven really is that. Now I'm thinking that's you, Joe. Thanks again. That's in my head now.
Joe Carrigan: Right.
Dave Bittner: It's big business.
Joe Carrigan: It is.
Maria Varmazis: Yeah, goodness.
Dave Bittner: Yeah. Apple and Google both warn and reiterate that they will never ask you for your password or call you unsolicited. So be mindful of that. But it's hard.
Joe Carrigan: Yeah, never trust the inbound call and never give those codes out. [Background Music] Those codes are for you and you alone. If you see those codes coming up, that means someone's trying to break into your account.
Dave Bittner: Right.
Joe Carrigan: And that's how you should think of it.
Dave Bittner: Right. Those codes never need to be shared via the spoken word.
Joe Carrigan: Right.
Dave Bittner: Right? That will never happen. All right, well, we will have a link to that story in the show notes. Before we get to Maria's story, why don't we take a quick break to hear a message from our sponsor? And we are back. Maria, what do you have for us this week?
Maria Varmazis: Well, I- First, let me start with a question, gentlemen. Do either of you have your phone notifications on for apps that are not, you know, phone and messages?
Dave Bittner: Yes.
Joe Carrigan: Yeah, I have a couple of them that have that.
Dave Bittner: I have a dialed-in.
Maria Varmazis: Yeah.
Joe Carrigan: Right. Me too.
Dave Bittner: Yeah.
Maria Varmazis: So you don't have it blanket off, or you don't have everything pinging you all the time?
Dave Bittner: No, no.
Joe Carrigan: Correct.
Dave Bittner: If I had everything on, I would have already thrown my phone through a plate glass window.
Joe Carrigan: A hundred percent guarantee.
Maria Varmazis: But you do have a few apps that ping you that are not just --
Joe Carrigan: Yes.
Maria Varmazis: -- messages and phone. OK.
Dave Bittner: Yeah, yeah.
Joe Carrigan: Correct. Like Southwest on my phone.
Maria Varmazis: OK. So when you're flying.
Joe Carrigan: It will send it for some reason. Yeah. And that's- The problem with that is when I'm flying, that's when I want the alerts. But right now, I'm getting the alerts because they're having some kind of fare sale. I'm not going anywhere. I don't need to know that. So I might just disable the alerts for that.
Maria Varmazis: Just turn them off.
Dave Bittner: Yeah.
Maria Varmazis: Yeah. I have all of my alerts off, unless it's phone or messages. And then I'm very careful about enabling them if I'm traveling, but that's it. I'm really cold turkey otherwise. But I think we are the exception for this kind of thing, given that Apple, with one of its latest iOS updates, rolled out, AI-generated summaries of notifications. This is clearly a need that a lot of people have with the flood of notifications you get from messages and apps of all sorts of things. So what Apple is thinking AI can be helpful with is that instead of you all or us all having to read the pile of notifications coming in as they come in, why not just have AI summarize it for you and tell you the gist of what's going on.
Joe Carrigan: Right, right.
Maria Varmazis: So- yeah, which is- Sounds like a nice useful thing. And it's also baked in is the idea that if there's something that's really high priority in the giant pile of notifications, you know, you've got Facebook pinging you and Southwest pinging you and email and all that stuff, it'll tell you, this one specific thing in the pile of it is actually something you need to address right now. So all of that sounds like technology maybe making life better, but I think you can probably anticipate where this is going.
Joe Carrigan: I think I can.
Maria Varmazis: You probably can. You may also remember back in December, this feature is not brand new. It's been out for a month or two now, I think, if not a little longer. There were some headlines about the BBC complaining to Apple that Apple's AI-generated summaries of news headlines were wildly inaccurate in some darkly hilarious ways. One example was saying that the UnitedHealthcare CEO shooter, Luigi Mangione, had shot himself. Not true. He has not done that. And also New York Times had a similar gripe where a summary push to users said that Israeli Prime Minister Benjamin Netanyahu had been arrested. Also that didn't happen. So even though these are in phone generated summaries, presumably it's the same AI doing all this generation of these massively distributed headlines. So a lot of people are getting these inaccurate summaries. So there were also some fun versions of these summaries going out. I remember reading, I want to say on, maybe on Bluesky, maybe on Twitter, I don't know. I have since disabled my Twitter account. There were some really funny stories about people finding out that they had been broken up with through AI-generated summaries, which are pretty great.
Dave Bittner: I remember that.
Maria Varmazis: Like, girlfriend expresses displeasure with you and breaks up with you. I mean, that's just horrific.
Dave Bittner: Right. Has moved all of her stuff out of your house.
Maria Varmazis: Congratulations, you're finding out, this is how you're learning about this.
Joe Carrigan: Would you like to look for a new roommate?
Maria Varmazis: AI can help you with that. It's so great. So that's more, you know, that's about the feature and its warts and all that kind of stuff. But here's the security angle that I think is of interest for us. Bluesky posters, that's where I'm at now, by the way. Also, they are noticing that these AI-generated summaries are, oh, so helpfully flagging priority items that are not necessarily priority. They're taking all of those notifications at face value, AI is. So, those final notice, invoice, scam emails, Apple AI goes, "Hey, I'm being helpful here. Oh, gosh, this message is marked urgent. You'd better act right away. It's a security issue. Oh, my gosh." And then, "Oh, that USPS parcel. Oh, my. Oh, no. You'd better confirm your details at this specific link to get it released." So --
Joe Carrigan: Right.
Maria Varmazis: It's really lovely that AI is now sanitizing all of those cues that we have learned to look for that would normally tell us to slow down and go, and this is probably a scam. And now AI is just surfacing it to you without any of those cues at all, saying, "Just take action right now. This is priority." Isn't that welcoming?
Joe Carrigan: And it's coming from this trusted source?
Maria Varmazis: Yeah, it's coming directly from your operating system. You're not even having to go to messages anymore. It's just right there, right in front of you. This is priority. So, yay. Apparently you can, if you have Apple Intelligence on your iDevice, you can actually disable it for now. I don't know how long they'll let people do that, but if you can do it, if you have it, I would personally recommend that you disable it right now because it sounds like this feature is really not well-baked. So I think it needs some more time before it is something that people can responsibly trust. I don't have it, so I have not been able to kick the tires, but frankly, if I did, I would not be using it.
Dave Bittner: Well, I do have it.
Maria Varmazis: I would turn it off, Dave.
Joe Carrigan: Of course you do.
Dave Bittner: Because I am running the beta of iOS.
Maria Varmazis: Oh, there you go.
Dave Bittner: So I am on the sharp bleeding edge of it all.
Maria Varmazis: Are you finding it useful in the- overall, or is it too buggy?
Dave Bittner: I find it useful overall in that it allows me at a glance to have, like you said at the outset, to have the gist of what's going on. So what it attempts to do, like for messages, for example, is take all of a message, no matter how long it is, and condense it down to the sentence that just describes it. So that, again, you, you know, you glance down at your phone, that's what you see is this AI summary. And then you decide if you hit the, you know, tap on the summary, it takes you to the actual message. So it's not like the AI version becomes the message.
Maria Varmazis: Right, right.
Dave Bittner: The summaries are just there to try to save you some time and combine multiple things. I have yet to see one that is off the mark or ridiculous or deceptive, but I'm sure it's only a matter of time. One of the things I've seen in the criticisms of these is that people are suggesting to Apple that they do a better job of flagging these things as being AI generated. So, like put some- put an Apple logo next to it or something like that so that it's crystal clear that you're not reading the original message.
Maria Varmazis: The actual thing. Yeah.
Dave Bittner: Yeah, yeah, that this has been true.
Maria Varmazis: I wonder if that would happen in this case, I'm sorry, if that would help in this case, if you said, "Oh, hey, this is a USPS delivery notification, but this is just an AI-generated notification of that notification."
Dave Bittner: Right. Yeah.
Maria Varmazis: Maybe it would help. I don't know. I still stand by, I would not use it personally for- if I was recommending this to my mom, I would say turn it off personally. It sounds like a headache, but Dave, I know, I trust you that you could discern, but some folks might go, "I don't want the headache." So I would probably disable it.
Dave Bittner: Yeah. I guess I'm at the point with it where I'm still curious about it. I'm still trying it out. It has not yet betrayed me in any way. So I'm tiptoeing around it and --
Joe Carrigan: Yeah, right.
Dave Bittner: But I'm bracing myself for that. I mean, like I said, it's only a matter of time, so we'll see. I could absolutely live without it. It's not like there's some empty hole in my life that's been filled by having my text messages concisely summarized.
Joe Carrigan: Summarized.
Dave Bittner: Yeah. I mean --
Maria Varmazis: If there was, Dave, I'd be really --
Dave Bittner: Right. Right. Leaning against a window where it's raining outside, wishing to myself, if only I hadn't summarized text of messages.
Joe Carrigan: If only there's 168- 60 characters were shorter.
Dave Bittner: Right. Yeah, I don't have time to read these text messages.
Joe Carrigan: Of course, now, we all have very long text. I'm sure my wife would love to have something that summarize my text messages to her --
Dave Bittner: Right.
Joe Carrigan: -- because they can be longwinded.
Maria Varmazis: Are you an essayist on text messages, or --
Joe Carrigan: I am, yeah. Yeah.
Maria Varmazis: Oh, no.
Dave Bittner: Now, Joe, when you send a text message, do you use voice to text?
Joe Carrigan: Absolutely.
Dave Bittner: I see.
Maria Varmazis: Oh, you're one of those people. OK. All right. Now a lot of things make sense.
Dave Bittner: I see.
Maria Varmazis: OK. All right.
Joe Carrigan: Yup.
Dave Bittner: Well, I mean, maybe you could use- You know what you need to do, Joe? Let me help you out here, my friend.
Joe Carrigan: OK.
Dave Bittner: So maybe --
Joe Carrigan: I'd love to hear it.
Dave Bittner: You could do this manually. So what you need to do is, because I know you, you enjoy using some of the LLMs --
Joe Carrigan: Yes.
Dave Bittner: -- from time to time. ChatGPT is the world, right?
Joe Carrigan: I have ChatGPT subscription. Yeah.
Dave Bittner: So let me suggest you dictate your message into ChatGPT --
Joe Carrigan: And say --
Dave Bittner: -- and then say, --
Joe Carrigan: -- make that as concise as possible.
Dave Bittner: -- please summarize this for my wife and see what it does.
Maria Varmazis: Saving marriages one day at a time. Love this.
Dave Bittner: Right, right. Well, but I mean, think about it. You could have a preset that said, you know, I want this to be as affectionate and warm and kind as possible. Although, I mean, they'll probably blow your cover, right?
Joe Carrigan: Right.
Dave Bittner: Because if all of a sudden your text messages started saying, "Hello to my lovely, beautiful wife from your adoring husband."
Joe Carrigan: "I hope this text message finds you well."
Dave Bittner: You're right. Right, exactly.
Maria Varmazis: You must do the needful.
Dave Bittner: Oh, love of my life, my sweet babboo.
Joe Carrigan: My sweet babboo.
Dave Bittner: Oh, my goodness. All right, well, we will have a link to Maria's story here in our show notes and again, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans@n2k.com. All right, it is time to move on to our Catch of the Day. [ Music ]
Joe Carrigan: Dave, our catch of the day comes from Keefe.
Dave Bittner: I'm going to say Keefe.
Joe Carrigan: Keefe?
Dave Bittner: Just Keefe, yeah.
Joe Carrigan: Keefe? OK.
Maria Varmazis: Keefe. Oh, yeah.
Joe Carrigan: It is a transcript of a voicemail and it's pretty good.
Dave Bittner: OK. All right, I will read it.
Joe Carrigan: Yes.
Dave Bittner: It says Walmart account for an amount of $919.45. To cancel your order or to connect with one of our customers support representative, please press 1. Hey, this is Amelia from Walmart, a pre-authorized purchase of PlayStation 5 with special edition and PULSE 3D headset is being ordered from your Walmart account for an amount of $919.45. To cancel your order or to connect with one of our customer support representatives, please press 1. Hey, this is Amelia from Walmart, a pre-authorized purchase of a PlayStation 5 with special edition and PULSE 3D headset is being ordered from your Walmart account for an amount of $919.45. To cancel your order or to connect with one of our customer support representatives, please press 1. Hey, this is Amelia from Walmart. It goes on.
Maria Varmazis: Can I get an AI summary of this, please?
Dave Bittner: Yeah, is that right?
Joe Carrigan: It's Amelia from Walmart.
Maria Varmazis: All right, I take back what I said.
Dave Bittner: That's a good question. I'm going to do that. Let's see.
Joe Carrigan: You're going to actually copy this and- well, this is a picture so we can't copy it.
Dave Bittner: Oh, wait. ChatGPT will take a picture.
Joe Carrigan: OK.
Dave Bittner: All right, so I'm going to say summarize this message for my lovely wife. There we go. All right, it's chugging away. Here's a summary for your wife. This message claims to be from Walmart saying there's a pre-authorized purchase of $919.45 for a PlayStation 5 and accessories on your Walmart account. It urges you to press 1 to cancel the order or to speak to a representative. This is likely a phishing or scam call trying to trick you into sharing personal or financial information.
Maria Varmazis: All right.
Dave Bittner: If you didn't make this purchase, do not engage. Check your account directly through Walmart's official website or app. OK, so ChatGPT for the win.
Joe Carrigan: Very good, ChatGPT.
Maria Varmazis: All right, for the win, I'll give them that.
Joe Carrigan: I am impressed.
Dave Bittner: There you go.
Maria Varmazis: I'll give them it. Yep.
Dave Bittner: Wow. That far exceeded my expectations. Have either of you ever received one of these endlessly looping messages on your phone?
Joe Carrigan: No, I've never gotten the endlessly looping one, but I have gotten the fake Amazon call.
Dave Bittner: OK.
Joe Carrigan: And I pressed 1 to get, then somebody came on the line and I immediately said, "So, I just want to know how this scam works. What happens next?" And the guy just unleashed a string of profanity at me that I really didn't deserve. I mean, I probably deserve it, but not from this guy.
Dave Bittner: Right.
Joe Carrigan: Right. So I just listened to it and kind of got a laugh out of it and then hung up.
Dave Bittner: Yeah.
Joe Carrigan: I said, "I don't think you're from Amazon because Amazon is not this mean to me."
Dave Bittner: Right. Yeah, I have gotten these before and I suppose it's just some kind of technology that's randomly calling people with the intention of getting on their voicemail and there's just some device that's looping this over and over and over again. So, you know, it's designed to have the call last a certain amount of time and then just hang up. But got a low tech who's been getting --
Maria Varmazis: Just a cassette tape in some dusty basement.
Dave Bittner: Yeah, exactly. Exactly. There's an old reel-to-reel old 8-track just looping.
Maria Varmazis: That's what I imagine.
Joe Carrigan: An 8-track cart.
Dave Bittner: Yeah, just looping, looping, looping.
Maria Varmazis: It's right next to the hold music that somebody's still playing. It's just --
Dave Bittner: Yeah.
Joe Carrigan: I have- My wife and I have been on hold with a company trying to get our gas canister outside of our new house serviced.
Dave Bittner: Yeah.
Joe Carrigan: And I have become more and more convinced with every company I wait on hold, that music is designed to get you to hang up. [Background music] It's designed to make you go, "This just isn't worth it." And you just hang up.
Dave Bittner: Yeah, yeah, I think there's something to that. I mean, that's a conspiracy theory I can get behind.
Joe Carrigan: Yeah.
Dave Bittner: All right. Well, that is our Catch of the Day. Our thanks to Keefe for sending that in. And if you have something you'd like us to consider, you can email us at hackinghumans@n2k.com. That is our show brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliot Peltzman and Tre Hester. Our executive editor is Brandon Karpf. Peter Kilby is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
