The many faces of fraud.
[ Music ]
Dave Bittner: Hello everyone and welcome to N2K Cyberwire's Hacking Human's podcast. Where each week we look behind the social engineering schemes, phishing scams, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Carrigan. Hey there Joe.
Joe Carrigan: Hi Dave.
Dave Bittner: And our N2K colleague and host of the T-Minus Space Daily podcast, Maria Varmazis. Maria.
Maria Varmazis: Glory to you and your house [laughs].
Dave Bittner: [Laughs] We've got some good stories to share this week. So I'll tell you what, let's jump right in. Actually, we've got some follow up here. Joe, you want to get us followed up [laughs]?
Joe Carrigan: Yes. Abdussobur wrote in with a letter and picture of text exchange.
Dave Bittner: Okay.
Joe Carrigan: He says, "Hello, Dave, Joe, and Maria. I hope this email finds you well. I believe there is a recent trend in pot- of potential cyberattacks. Just two days ago my wife received a random text message asking her to meet the individual somewhere. The next day, I got a similar text with a specific address."
Dave Bittner: Hmm.
Joe Carrigan: "I'm still trying to wrap my head around this. Could there have been a data breach with phone numbers and addresses stolen with zip codes? Because the address I was told to meet up, was close to my zip code."
Dave Bittner: Ooh.
Joe Carrigan: Yeah. "I'm thinking also that this might be somewhere from a digital cyber incident to a physical cyber security issue. What are your thoughts? Your all-time listener and fan of the show, Abdussobur." So, it's a -- he sent along a picture, a screen capture, that is just a message that says, "Please come to this address -- " and it's got a -- it's the -- an address you can all read [background laughter]. I'm not going to read out because I don't know what it is.
Dave Bittner: Right.
Joe Carrigan: But it's in Georgia. So -- in Marietta Georgia, like Georgia, United States. So I'm assuming that Abdussobur is here in the US. Yeah.
Dave Bittner: Can we all agree? Don't go to the address [background laughter], right? It kind of goes without saying, but I'm still going to say it.
Maria Varmazis: But I'm so curious, Joe.
Joe Carrigan: Where's your sense of adventure [laughs]?
Maria Varmazis: I'm so curious; what's there?
Joe Carrigan: I'm going to wind up in pickle jars if I go to that address. That's my --
Dave Bittner: Well --
Joe Carrigan: -- that's my -- that's my concern. That's my concern. >>
Dave Bittner: Yeah. Well, first thing I would do is --
Maria Varmazis: You don't need two kidneys Joe.
Joe Carrigan: Right.
Dave Bittner: Yeah. I would look up where that address is on Google Maps Street View [laughs].
Joe Carrigan: Right. You got like a bunch of guys on Street Views standing around with a big sack. Right [laughs]? Right? They've got black masks over their eyes --
Dave Bittner: [Laughs] right.
Joe Carrigan: -- and black and white striped shirts and berets, just sitting around [background laughter] with brass knuckles and sure. Just happened to be the day that the Street View camera --
Dave Bittner: Don't -- not today. Not going there [laughs].
Joe Carrigan: -- came by.
Dave Bittner: No. No. I convinced my son once [laughs] that the satellite view from Google Maps was real time.
Joe Carrigan: Yes! [Laughs] I've heard of people doing that.
Maria Varmazis: That's diabolical.
Joe Carrigan: I said --
Dave Bittner: Go out -- go and wave [laughs]. Right? Go and wave right? Go and wave.
Joe Carrigan: Yeah [laughs].
Dave Bittner: Yeah. I -- I saw you.
Joe Carrigan: Yeah. Oh yeah. Yeah. It's great. Great. Here, I -- I'll go. You look for me [laughs]. Right?
Dave Bittner: Yeah. It's great.
Maria Varmazis: Yeah. Well, I -- I -- I looked it up on Google Maps. Do we want to say what it is? It's nothing shady. It's just all these bargain outlets [laughs].
Joe Carrigan: Oh, really? It's an Ollies?
Dave Bittner: You said it was nothing shady.
Maria Varmazis: It's just -- I mean --
Dave Bittner: -- you tell me it's an Ollies?
Maria Varmazis: It's an -- okay. All right. I mean, you might get a really musty floor rug or something. But, you know, it's a bargain. It's --
Dave Bittner: Yeah.
Joe Carrigan: Yeah.
Maria Varmazis: Good stuff, cheap [laughs].
Dave Bittner: Good stuff cheap.
Joe Carrigan: Okay. Well, that makes it even more interesting, I think. Because there --
Maria Varmazis: So what if it's the same thing.
Joe Carrigan: -- now -- now there's a possibility it's just spam. >>
Dave Bittner: Right. It's an advertising.
Joe Carrigan: Yeah.
Dave Bittner: And this -- this lines up with, you know, Ollie's advertising. You know, remember the Christmas ad? You know, they're doing, [sings] say hello to friends you know [background laughter]. And then in the middle they go, don't forget your wallet [laughs]! Is that a big --
Joe Carrigan: This does- this doesn't align with Ollies [laughs].
Dave Bittner: Yeah.
Joe Carrigan: For folks who aren't familiar, Ollies is a deep discount store. Basically, they take over runs of things or things that are slightly defective, or things that have been --
Maria Varmazis: Water damage.
Joe Carrigan: [Laughs] Yeah. Water damage. Things that have been returned and refurbed. You can find food that is just a little bit expired [laughs]. You know, like, you can find all these things at Ollies. My favorite thing -- first -- first of all, my -- my dearly departed father was a regular visitor to Ollies.
Dave Bittner: Oh, was he?
Maria Varmazis: Oh, was he? Okay. Yeah.
Joe Carrigan: Yeah. Yeah. There's one near where he lived and he wa- in fact, [laughs] well after -- upon his passing, you know, I get all of his mail, his postal mail, and he's just like on the Ollies' VIP list, which [background laughter] --
Maria Varmazis: There's a --
Joe Carrigan: -- first of all there's an Ollies' VIP list.
Maria Varmazis: There is one [laughs]? Okay.
Dave Bittner: Yeah. Right?
Joe Carrigan: I -- I'm serious. They -- and -- and here's what I learned. Ollies has a special shopping night where only VIPs get access to the store with special discounts and so on and so forth.
Dave Bittner: I didn't know there's --
Joe Carrigan: They want first crack at the good stuff!
Dave Bittner: There's a velvet rope version of Ollies. Who knew? Premium.
Joe Carrigan: But my favorite Ollies story --
Maria Varmazis: A store that is so discount that they hand write all of their signs, like, with marker on paper.
Joe Carrigan: Yep. That's right. That's right.
Maria Varmazis: I mean, my goodness. Yeah. Okay. All right.
Joe Carrigan: So, my favorite Ollies' story is my father ha- was very proud of the new jacket that he bought that was branded with University of Maryland Athletics. Right? So it's a red kind of, you know, those kind of satin-style jackets, you know, very sh- shiny --
Dave Bittner: Yes. Yes.
Joe Carrigan: -- has a sheen to it.
Dave Bittner: Yes.
Joe Carrigan: So, he had that and just across the chest, where it's sort of, like, an arc was the word "Maryland."
Dave Bittner: Right.
Joe Carrigan: And it was the University of Maryland colors. My father was a big fan of the University of Maryland women's basketball. So he's very proud of himself. That he could wear this jacket to the games and show his Maryland pride. My brother, I believe, was the first one to point out to him that it was missing the letter Y [laughs].
Dave Bittner: Marland.
Joe Carrigan: [Laughs] It just said "Marland".
Maria Varmazis: Marland? [Laughs]
Joe Carrigan: Yeah. Yeah. And the Y would have been right where the -- the zipper or the buttons were, right up the middle. So that's why it wasn't obvious at first that the Y was missing, because you look at it and you go, well maybe the Y's just tucked under the zip up part. No. No. It was just --
Dave Bittner: No Y.
Joe Carrigan: -- just gone.
Maria Varmazis: Just use your imagination [background laughter].
Joe Carrigan: Yeah. Just great deal dad. Great deal. You really got your money's worth on that one.
Dave Bittner: Dad. University of Marland.
Joe Carrigan: He laughed.
Dave Bittner: Marland.
Joe Carrigan: He laughed. All right. So, this could be just advertising.
Dave Bittner: It could be.
Joe Carrigan: But the other thing --
Maria Varmazis: It's very bad.
Joe Carrigan: -- this reminded me of when I'd first saw it, I don't remember if you all remember, this could be a decade ago now, when the spam text messages started coming from telephone number prefixes that were close to wherever you lived?
Dave Bittner: Yes. Neighbor numbers they called them.
Joe Carrigan: Yes. There you go.
Maria Varmazis: Mm-hm.
Joe Carrigan: So you have -- you know, you have your area code and then you have your prefix, right?
Dave Bittner: Your exchange.
Joe Carrigan: Your exchange. Thank you.
Dave Bittner: Yeah.
Joe Carrigan: And so it would be from your Thank you. And so it would be from your area code and your exchange, which would trigger additional attention because what is this? Is this someone who lives near me? Is this -- it's coming from my town --
Dave Bittner: Right.
Joe Carrigan: -- but of course it wasn't. It's just, you know, some kind of automated thing where they're faking the phone number. So that's what I thought of when I first saw this that is this just something to draw the person in -- into a conversation because it's somewhere nearby where they live. [Inaudible background comment] But the whole Ollies thing.
Maria Varmazis: It's Ollies. Yeah.
Joe Carrigan: It sends -- it sends the mind reeling of the possibilities [laughs].
Dave Bittner: All my friends growing up --
Maria Varmazis: They have voted for advertising -- SMS advertising, Ollies, not -- I don't know. There's something odd.
Joe Carrigan: It's cheap. I mean, scammers use it, so it's got to be cheap, right?
Dave Bittner: Right [background laughter].
Maria Varmazis: I suppose.
Dave Bittner: Can any of us claim that this would be off brand for Ollies?
Joe Carrigan: No. I can't --
Dave Bittner: No, not really. I guess you're right. All right.
Joe Carrigan: Well, I'm not blaming Ollies for this. I'm not saying this is them.
Maria Varmazis: They didn't even say in the message who they are.
Dave Bittner: Oh, well.
Joe Carrigan: But the address -- the address isn't Ollies, and I don't know, maybe you get beat up when you go to Ollies [background laughter]?
Dave Bittner: So they meet you out front.
Joe Carrigan: They meet you out front. Yeah. Well, I -- I enjoy Ollies. I think it's a fun place to just poke around in and see, you know, what's there. Because you just never know.
Dave Bittner: Yeah.
Joe Carrigan: You just never know what you're going to find [laughs]. Misspelled college jackets [background laughter] that -- and like I said, slightly expired food, so if you -- like, if you're going to do a Boy Scout camping trip or something and you needed a case full of pop tarts --
Dave Bittner: Right.
Joe Carrigan: You know they're going to all be consumed in the next couple days --
Dave Bittner: Yep. Go get them.
Joe Carrigan: Go get them at Ollies.
Dave Bittner: Right. All right. Well, thank you Abdussobur for writing in, this is an interesting one and we do appreciate it. And of course we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans@n2k.com.
Joe Carrigan: But don't do with this guy, did Maria?
Maria Varmazis: [Laughs] Yeah. Don't -- we got an actual phish today, just right before we started recording.
Joe Carrigan: Yeah.
Maria Varmazis: Someone didn't forward us a phish, it's not a listener. We actually -- somebody attempted to phish us. So kind of made me feel a little indignant. Like, [laughs] who's doing this?
Dave Bittner: Oh.
Maria Varmazis: How dare you? But it was a fake DocuSign, a fake contract being sent to our hackinghumans emails.
Dave Bittner: Oh.
Maria Varmazis: We're on to you; don't try it.
Dave Bittner: Did it have anything to do with the show at all?
Maria Varmazis: NO. It was just generic text. You know, it was, you know --
Dave Bittner: Yeah.
Maria Varmazis: -- sign this contract, and the link was very obviously fake. I mean, I may have clicked it out of curiosity [laughs].
Dave Bittner: On your -- on your work computer.
Maria Varmazis: I'm everybody's worst nightmare.
Joe Carrigan: [Laughs] on your work computer.
Maria Varmazis: I used a personal computer, so it's okay [laughs].
Dave Bittner: Sure. Sure. I wonder -- I wonder what your husband thinks about that [background laughter]?
Maria Varmazis: I didn't actually click it; I was just joking. I did mouse over it. I was like, this definitely doesn't go to DocuSign. It didn't.
Dave Bittner: Yeah. That's terrific [music]. [ Music ] All right. Let's jump into our stories here. Joe, you have the honors this week. What do you got for us?
Joe Carrigan: Dave, my story comes from Sharon Lurie [phonetic] at the AP. And this was being reported on ABC. So that's what we're going to put the link to it.
Dave Bittner: Mm-hm.
Joe Carrigan: But the story starts with a woman named Heather Brady [phonetic], who lives in San Francisco and gets a visit from a police officer who says, are you attending West -- Arizona Western College from San Francisco? And she says, "No, I am not." Well, somebody else had applied to this Arizona Community College in her name in the effort -- the end game here is they're scamming the government out of financial aid money.
Dave Bittner: Oh.
Joe Carrigan: So what they've done is -- is they've stolen her identity and they have applied to this college for -- in her name and they have applied for financial aid in her name, and in fact, when Ms. Brady saw -- heard this, she went to her financial -- her -- her student loan servicing's website, found out that there was a $9,000 loan taken out recently. So we're going to get to why -- why it's important that it was a community college here. But it was -- she -- she of course, is not seeing any money.
Dave Bittner: Yeah.
Joe Carrigan: So the article here asserts that this is the result of the confluence of AI and online college. And I would add, and student loans.
Dave Bittner: Mm-hm.
Joe Carrigan: They have another student on here named Wayne Chave [phonetic], who started getting emails about a class he never signed up for at De Anza Community College. He had taken courses there a decade earlier, but identity thieves had attained his social security number, and they collected $1,395 of financial aid in his name.
Dave Bittner: Hm.
Joe Carrigan: Now, this class required students to submit some homework, right? That you could verify your human. But these guys doing this probably just used some LLM to generate what looks like homework and handed it in.
Dave Bittner: Right.
Joe Carrigan: Even though I'm taking classes right now, every single professor I've taken a class from recently has said, don't do that. That's academic dishonesty [background laughter].
Dave Bittner: Okay.
Joe Carrigan: Right? And it is. So the -- they -- the students have a name; these students that don't exist. Guess what the name is it's a cool name?
Dave Bittner: Go for it.
Joe Carrigan: Ghost students.
Dave Bittner: Ooh [laughs].
Joe Carrigan: Right? They even say that they have chatbots that go so far as to join the classes. And these things stick around long enough so that the financial aid gets paid to the college. And in some cases, professors discover almost no one in their class is real.
Dave Bittner: Huh.
Maria Varmazis: Wait. But -- but --
Joe Carrigan: I thought there was amazing.
Maria Varmazis: -- you have to pay tuition. I -- I'm missing something.
Joe Carrigan: Here's how this works.
Maria Varmazis: Yeah. Tell me -- tell -- I'm missing something here.
Joe Carrigan: So they're targeting -- they're targeting community colleges.
Maria Varmazis: Yeah.
Joe Carrigan: Right? So if you apply for a loan, a student loan, you go to the financial aid office you apply for student loan, and the college will admit you. And then the Department of Education will -- who -- or whoever the lender is, will send the student loan directly to the college to pay the tuition.
Dave Bittner: Right.
Joe Carrigan: Now why they're targeting community colleges --
Dave Bittner: Oh --
Joe Carrigan: -- is community colleges have very low tuitions.
Maria Varmazis: Okay.
Joe Carrigan: Less than $9,000. In fact, way less than $9,000.
Dave Bittner: Yeah.
Joe Carrigan: I have a class at a community college a couple of years ago, or actually about a year ago, it was like $1,200.
Dave Bittner: Yeah.
Joe Carrigan: So if I signed up for like three classes, that would be like $3600, and I signed up for loans in $9,000 a semester, then I'd get a check for like $5700 or something like that. And then I'd be buying cars and -- and mink coats and -- and gold bars and everything else [background laughter].
Maria Varmazis: I'm just surprised the amounts don't match. I guess this is the part where I -- I -- I just would have assumed that if I -- one was giving out a loan, one would say, show me your receipts. I will give you a loan for that amount no more -- and that's my name is naivete I suppose [laughs].
Joe Carrigan: No. That's not how student loans work. But you get -- you get a loan for a certain amount and there are some guaranteed student loans you get that are, I -- I think they -- I don't know how much they come, but you can get -- anybody can get a guaranteed student loan. They're guaranteed to get it, and it -- it does go directly to the college, but if your college is a community college, there's going to be an overage --
Dave Bittner: Hm.
Joe Carrigan: -- probably. So they're doing this now.
Dave Bittner: Okay.
Joe Carrigan: Students -- what happens here is students get locked out of classes they might need to graduate. Victims of identity theft find out they've got these loans, like Miss Brady, She said $9,000. Now -- now she has to go through the process of telling people that this is not her loan. Here's the most shocking --
Maria Varmazis: Is she a student somewhere else? Sorry. This is the part that -- that I'm confused. Like, is -- is she actually college age? Or -- do we know?
Joe Carrigan: Yeah. I don't know. It doesn't -- it doesn't mention that.
Dave Bittner: Hm.
Joe Carrigan: She might be. She might be.
Maria Varmazis: Okay. Sorry.
Joe Carrigan: She -- she does have a student loan servicer. So she probably has student loans.
Dave Bittner: Yeah. But she could be 60 is still being paying off her student loans. Right [laughs]?
Maria Varmazis: Yeah. Yeah. Yeah.
Joe Carrigan: Yes. She could be at least 56 and still paying off student loans [background laughter].
Maria Varmazis: Does --
Joe Carrigan: Ask me how I know?
Dave Bittner: Right.
Maria Varmazis: Because I was thinking, like, if these are -- if these are people who are just college age, could someone have stolen their identity as children, and this scam has been going on for years without knowing it?
Joe Carrigan: It couldn't be.
Maria Varmazis: Yeah. Okay. My gears are turning. I'm just [inaudible 00:15:33] [laughs].
Dave Bittner: So -- so I don't -- so this is all new to me. I have never -- I've been fortunate enough to have never been in the world of student loans. I suppose my day is coming with my youngest son having just graduated from high school. But --
Joe Carrigan: That's right. Where's he going to school?
Dave Bittner: Well, he's going to a community college.
Joe Carrigan: Which one?
Dave Bittner: Howard Community College.
Joe Carrigan: That is an excellent community college [background laughter]. In fact --
Dave Bittner: Thank you.
Joe Carrigan: -- that is where I took my statistics class most recently.
Dave Bittner: Yes. So, help me understand, Joe, do -- can student loans cover things like room and board?
Joe Carrigan: Yes.
Dave Bittner: Okay.
Joe Carrigan: They can cover just about anything that you're going to experience in -- >> Dave Bittner So that's where the overage could come in. Yes. Yes.
Dave Bittner: So I could -- I could apply for a student loan for $5,000 for $2500 worth of classes and say the rest is just for me to be able to eat and have a place to live.
Joe Carrigan: Correct.
Dave Bittner: Okay.
Maria Varmazis: Oh. Okay.
Dave Bittner: So there -- does that answer your question, Maria?
Maria Varmazis: It does. Because I -- I was just wondering since one does a loan go, okay, we trust you. Just take as much money as you [laughs] --
Dave Bittner: Right.
Maria Varmazis: -- I mean, in theory, I'm sure they're like, well, it's more money for us to get paid back. But --
Joe Carrigan: Yeah.
Maria Varmazis: Yeah. Okay. All right. I'm learning. I'm learning [background laughter].
Joe Carrigan: So I think $9,000 is the annual guaranteed amount that you can get. And if I'm thinking about this right, then maybe Ms. Brady got woken up during the second semester, which would make sense.
Dave Bittner: Hm.
Joe Carrigan: Anyway, two things, a couple of things. Number one -- so I think it's three things. So the Department of Education is -- had their rate of fraud through stolen identities has reached a level that imperils the federal Student Aid program.
Dave Bittner: Hm.
Joe Carrigan: So that's a pretty profound statement from the Department of Education.
Dave Bittner: Mm-hm.
Joe Carrigan: The other thing is that -- actually, I guess there's only one more thing. What can students do? You know, your identity has been stolen. There's really nothing you can do to stop people from doing this, until it -- until you get notified that this is what's happening. The one thing I'm going to tell you is don't -- don't, under any circumstances, agree to any part of any loan that you've ever been -- that has ever been fraudulently taken out in your name. And -- and my attitude for this is, you act like this is the bank's problem and not yours.
Dave Bittner: Mm-hm.
Joe Carrigan: And -- because it is.
Maria Varmazis: It is. Yes. Yeah.
Joe Carrigan: It is the banks problem. You know, if they -- if they start harassing you, you've got to pay these loans back [background laughter]. You -- you just be like, look, those aren't my loans. You guys got scammed. Right?
Dave Bittner: Right.
Joe Carrigan: And this is not my problem.
Dave Bittner: Right.
Maria Varmazis: Yeah --
Joe Carrigan: And -- and you making it my problem is grounds for a lawsuit.
Dave Bittner: Yeah.
Maria Varmazis: Yeah. Well, I mean, I feel like that can be easier said than done, though. I mean, they could send collections after you to harass you and make your life miserable.
Joe Carrigan: Yeah.
Maria Varmazis: And that's not fun to be on the receiving end.
Joe Carrigan: Depending on the state you live in, that might have that might have -- that might be actionable as well.
Maria Varmazis: Yeah. It just depends.
Joe Carrigan: Like in -- in Maryland we have the -- actually, no. That's the federal Fair Debt Collection Practices Act where you can, for every -- every creditor that contacts you incorrectly, you can take them to court and get them to pay you $500 or something like that.
Maria Varmazis: Okay. But you're 20 years old. Do you know this [laughs]? And do you have time for that?
Joe Carrigan: If you're watching this show, you know it now!
Maria Varmazis: I would hope so [background laughter]. I would hope so. I remember something like this happened to me when I was in my early 20s. It was for a tiny amount of money, but somebody had taken out some -- some account in my name that I didn't do. And collections was coming after me and I had no idea what to do because I had no idea what this was.
Dave Bittner: Mm-hm.
Maria Varmazis: And thankfully, I eventually told my parents what was going on and they told me here's what you need to do. But you know, it wa -- they really harassed the hell out of me. And it wasn't -- it wasn't something I had done. So I could see someone's ==
Joe Carrigan: Yeah. It's scary. Well, they're -- they're social engineers too.
Maria Varmazis: Yeah. At some point.
Dave Bittner: Yeah. Hmm.
Maria Varmazis: Yep.
Joe Carrigan: So --
Dave Bittner: All right. Interesting.
Joe Carrigan: Don't pay the loan. Never admit to any portion of it. >>
Dave Bittner: Yeah. Yeah.
Maria Varmazis: Yep. Yep. Yep.
Dave Bittner: All right. We will have a link to that story in the show notes. My story this week comes from the folks over at The Record, which is mostly a cybersecurity news source. It's run by the folks over at recorded future. And this is about cyber criminals who are posing as job seekers on LinkedIn and targeting recruiters.
Joe Carrigan: Hm.
Dave Bittner: But there's a specific thing that caught my eye here that -- that made me want to include this one. So let's go through this together. So, you are a recruiter, minding your own business [background laughter], right?
Joe Carrigan: Right.
Dave Bittner: Scanning LinkedIn, and you get a message from someone who wants to talk to you about an opportunity. And they say, hi, I'm Bobby Weissman, and I have attached my resume. But there's no link -- well, no active link. I actually cut and paste in our show notes here, the message that someone had received, and it says, "Thank you for considering my application. For your convenience, you can also view my full resume along with additional information about my experience and portfolio at bobbywiseman.com. I look forward to your feedback and hope to discuss my qualifications in further details and certainly Robert Weissman.
Joe Carrigan: I really want to go to bobbywiseman.com. So here's the thing.
Maria Varmazis: How did ya'll get it?
Dave Bittner: What's important about this and what caught my eye about this is that the bobbywiseman.com in the email address is not a link.
Joe Carrigan: Right.
Dave Bittner: It is -- you cannot click through. So you have to either copy and paste it out of here or just type it in manually. And that's what makes this special.
Joe Carrigan: Hm.
Maria Varmazis: Oh.
Dave Bittner: Because the email filters aren't going to catch it as being a link.
Joe Carrigan: Ah!
Dave Bittner: It is -- they're not going to try to filter that link. Because there's nothing to filter.
Joe Carrigan: Right. It's not a link [laughs] right?
Dave Bittner: So if you do type in the URL, bobbyweissman.com, you will go to a site that looks like a real site. It's hosted on trusted cloud servers, like AWS. And it looks like a personal portfolio site.
Maria Varmazis: It sure does. Yeah.
Joe Carrigan: Did you -- did you guys go in there [laughs]?
Maria Varmazis: I'm looking at it right now. I'm -- I'm looking at the source. It's totally harmless, just plain html, like re- old-school html.
Joe Carrigan: Really?
Maria Varmazis: Suspiciously so [laughs].
Joe Carrigan: Hm.
Dave Bittner: Well -- so, but all right. Let's continue on here, Maria, because there's something about that as well.
Joe Carrigan: Hm.
Dave Bittner: So, when you visit the site, the -- the perpetrators have some guardrails built in.
Joe Carrigan: Hm.
Dave Bittner: So, they will check your IP, so they're trying to weed out VPNs or security tools. They check your web browser, and if you're not on Windows, you get shown a simple harmless page. Maria?
Maria Varmazis: Which is what I'm -- Yeah. I'm on macOS and using --
Dave Bittner: There you go.
Maria Varmazis: -- the Arc browser, which is Chrome based, but still.
Joe Carrigan: I am not pointing my windows machine at this site [background laughter].
Dave Bittner: Because -- so it checks if you pass a captcha -- Maria, did you have to do a captcha?
Maria Varmazis: I did not. I just got the plain old HTML site with nothing -- nothing fancy, pretty boring, suspiciously plain.
Dave Bittner: Okay. So the captcha is there, obviously, to prove that you're a real person. And so if they gather that information, right? You're not a VPN, you're on Windows, and you verified yourself with the captcha, they will get you to download a zip file.
Joe Carrigan: Hm.
Dave Bittner: And inside the zip file is a.lnk shortcut. And if you double-click that, your computer installs some malware called "more eggs," which is a JavaScript based backdoor malware, which happens to be sold by a hacker group called the Venom Spider.
Joe Carrigan: Ooh.
Dave Bittner: That -- yeah.
Maria Varmazis: Yeah.
Joe Carrigan: Very scary.
Dave Bittner: And what happens is it starts running in the background and it's stealing passwords, and downloading other malicious code, and possibly even enabling ransomware. So, that's the trick. Once -- and of course, once that happens, you know, that's it. We -- it's been nice knowing you.
Joe Carrigan: Right.
Maria Varmazis: Mm-hm.
Dave Bittner: But what -- again, what caught my eye about this was, we always say over and over again, don't click the links.
Joe Carrigan: Right.
Maria Varmazis: [Laughs] which --
Dave Bittner: Well, there's no link.
Joe Carrigan: Yeah.
Maria Varmazis: -- which twice this episode alone I've clicked it [laughs].
Dave Bittner: Yeah. Exact- so we know what works on Maria [background laughter].
Maria Varmazis: Well, I'm just like, I know this will be bad. I'm just very curious how bad it will be. And then I just wipe my machine after [laughs].
Dave Bittner: Right. Maria buys use machines by the dozen on eBay. So she --
Maria Varmazis: [Laughs] Don't do what I do. Just do not take advice from me.
Dave Bittner: She clicks them -- she just throws them out her office window and he has done and --
Joe Carrigan: Yes. Be more like me and don't go to the website.
Dave Bittner: Right. Right [background laughter]. So, and that's the part I thought was worth sharing that they're taking advantage of all of that training and reinforcement that folks like us are giving people, saying don't click on links don't click on links. Because you don't know what is behind that link.
Maria Varmazis: Yeah.
Dave Bittner: In this case, if you copy and paste the URL or just type it in, it's still gonna take you somewhere that's going to deliver the malware to you.
Joe Carrigan: Malware to you.
Dave Bittner: So it's not like --
Maria Varmazis: Yeah. It's a hundred percent [inaudible 00:24:50] --
Dave Bittner: -- hiding the link.
Maria Varmazis: Yep.
Dave Bittner: Yeah. It's not hiding where you're going. It's the fact that where you're going is the malicious site.
Maria Varmazis: Hm.
Dave Bittner: Right?
Joe Carrigan: Right.
Maria Varmazis: Would definitely work on me, clearly [laughs].
Dave Bittner: Yeah.
Joe Carrigan: Yeah. Yeah.
Maria Varmazis: Good thing I read ahead [laughs], and I was like, okay, I should be all right. When I come on the show next week and I say, now all my machines are bricked, you'll be able to point to the moment.
Dave Bittner: Right. Right. Right.
Joe Carrigan: How are you going to be on the show of all your machines are bricked?
Maria Varmazis: I'll call in.
Joe Carrigan: Okay [laughs]. Yeah.
Maria Varmazis: With a landline.
Dave Bittner: A tin can with a piece of string.
Maria Varmazis: Yeah [laughs].
Dave Bittner: All right. Pro tip, never by a used computer from Maria.
Maria Varmazis: No. No. No.
Joe Carrigan: Right.
Maria Varmazis: Definitely not [music].
Dave Bittner: All right. We will have a link to that story in the show notes. I tell you what, let's take a quick break here to hear from our sponsor. We will be right back after this. [ Music ] And we are back. Maria, it is your turn this week. What do you got for us?
Maria Varmazis: So another suspicious link for everyone to click on, just kidding [background laughter]. I just nuked my credibility in one episode. It's amazing. All right. So the -- I have a little follow-up to a -- a story that I think we did talk about last year, about a woman in Scranton, Pennsylvania -- this sounds familiar to me -- who is an accountant and a business instructor. She was in an adjun- adjunct business professor actually, and he was convicted of money laundering last year and her sentencing just went through, I think, yesterday. So she apparently laundered over $800,000 from a number of victims. Many of them were based out of Iowa and she's based out of Pennsylvania. Again, she's an accounting professional. So these were actually clients of hers. She was convicted on eight federal charges, including bank fraud, money land- laundering, and conspiracy for a scam that ran for about half a year. And the thing that -- we might have talked about this; I'm just going to go through it because I don't -- I don't remember the details of this super well. She actually, in some way, at least the federal case says that she hacked the emails of her clients. I don't know, they don't go into details of what that exactly means, but it sounds like she basically spoofed or slightly modified emails that went to her clients' inboxes and changed salient details. So legitimate payments that were going to be going from her client to a contractor, for example, ended up getting shunted to her instead, and accounts that she controlled. So the victims thought they were paying == like there was a church that she defrauded. They thought they were paying a contractor who was doing work on their church, and instead she got that money. So there were five known victims. One was a church in Iowa. There were businesses in Colorado and Pennsylvania, a nonprofit in Washington State, and a builder in Montana. And so, that church example that she impersonated a contractor on a $7 million church renovation project, and in that case, the church wired over $466,000 to a shelf company that she had owned.
Dave Bittner: Wow.
Maria Varmazis: So, she would then launder the money that she would receive those stolen funds through multiple bank accounts, national crypto exchanges, and an individual -- we don't know who, in Florida. This person has not been named. I don't know if this person is -- has been found or prosecuted, so there's a bit of a mystery there. It's kind of interesting.
Joe Carrigan: [Laughs] it's -- it's a Mr. M Mouse [laughs] he's --
Maria Varmazis: Who -- who is this person? We don't know. Well, I guess maybe we'll find out. And even after her -- I guess the banks were sort of on to her fraud, and they would do the cat-and-mouse game of closing those accounts down; she would just open new ones [laughs]. And just keep --
Dave Bittner: Mm-hm.
Maria Varmazis: -- keep the fraud going. And the interesting, maybe, the -- the hook that a lot of news stories are -- are grabbing onto and immediately this grabbed me too, is that the woman who's just been convicted, Margot Anne Williams [phonetic], says that she was manipulated by someone who is -- she believed she was dating, a famous British actor, unnamed, we don't know who it was --
Joe Carrigan: Mm-hm. It's Hugh Grant. Had to be Hugh Grant.
Maria Varmazis: -- but she believed that she was -- had to have been, right? Notting Hill, Hugh Grant. Had to have been. So --
Joe Carrigan: I mean, who can -- who -- who couldn't fall for -- for that adorable stuttering that he does, right?
Maria Varmazis: No. My bet is that it was Rowan Atkinson, because she has a thing for Mr. Bean, so --
Joe Carrigan: Oh. Hm. Okay. Sure.
Maria Varmazis: Why not?
Joe Carrigan: I'd go that way.
Maria Varmazis: [Laughs] one could go that way too. So, yeah. We don't know who it was, but we -- you know, one could guess. And she -- apparently she made a bunch of luxury purch- purchases with the money that she made in all this fraud, and profited less than you would think, only $25,000. I'm kind of thinking that's not a lot of money for the amount that she frauded.
Joe Carrigan: Yeah.
Maria Varmazis: So, not sure this is worth it for you. But she was sentenced to 48 months in federal prison. There is no parole in federal prison, so she's going to have --
Joe Carrigan: No. There's not.
Maria Varmazis: -- to -- she has to serve that term, and she has been ordered to repay nearly $600,000. And after she is released from prison, she will serve three years of supervised release.
Dave Bittner: Wow.
Maria Varmazis: So, Hugh Grant ain't worth that.
Joe Carrigan: And she probably will lose her CPA certification too [laughs].
Maria Varmazis: Probably? Probably [background laughter]? I like how you're not really certain. But, you know --
Joe Carrigan: Well --
Maria Varmazis: Crazy times we live in. Who knows [laughs].
Joe Carrigan: No. She will lose it.
Maria Varmazis: So --
Dave Bittner: To what degree do we think that her knowledge as a CPA helped her commit these crimes?
Joe Carrigan: Oh. I would bet it helped a lot.
Dave Bittner: Yeah.
Joe Carrigan: Yeah. I -- I will also say that I kind of -- I think I might buy the fact that she's also a victim in this?
Dave Bittner: Mm-hm.
Maria Varmazis: Yeah. Yeah.
Joe Carrigan: Because she makes $25,000 out of $400,000? She might be getting romance scammed by somebody at the same time. But still, she did make a -- a deliberate effort to defraud her own client [laughs].
Dave Bittner: Right. But you could --
Maria Varmazis: Yeah.
Dave Bittner: -- make the argument that if anyone would know better, she would.
Joe Carrigan: Yes.
Dave Bittner: As a -- as a professional. Right [laughs]?
Maria Varmazis: Yeah.
Dave Bittner: A monetary professional.
Maria Varmazis: But the fact that she went in and monkeyed with the emails, that part's like, whoa. You know, it's -- that just feels like an extra step to go in there and, you know, mess with someone's email. So that's -- that was a lot of trust that she was given that she just --
Joe Carrigan: Ooh.
Dave Bittner: I guess we also don't know to what degree was she coached by whoever this romance scammer was --
Joe Carrigan: Right.
Dave Bittner: -- who might have walked her through everything.
Maria Varmazis: This individual in Florida, potentially.
Joe Carrigan: You found out -- yeah. You found out you're a -- found out that she's an accountant and you go, oh, you have clients? Oh. Clients with money.
Dave Bittner: Right.
Joe Carrigan: Oh. Yeah. I mean, because $400,000 that was just one event, right?
Maria Varmazis: Yeah. It -- it was over $800,000 in all.
Joe Carrigan: In total. And she --
Maria Varmazis: In total. Yeah.
Joe Carrigan: -- winds up with $25,000. Yeah. This --
Maria Varmazis: Yeah.
Joe Carrigan: -- Yeah. This --
Maria Varmazis: [inaudible 00:31:41] as the kids say.
Joe Carrigan: This smacks of her being scammed as well. But again, yeah. I'm not sure I have. I mean, I have -- I have the understanding for the romance scam part of it, but for the violating the -- I don't want to say oath of office, because it's not really an oath of office, but the -- the -- what is it? The code of -- not the code of conduct; there is a --
Maria Varmazis: Professional ethics?
Joe Carrigan: Professional ethics, but it's something. There's like -- the CISSP I had to learn it for the test. But, you know, if I ever get -- if I ever get accused of, or convicted of hacking anything, I can't call myself a CISSP anymore. My -- my credential would be revoked.
Dave Bittner: Huh.
Joe Carrigan: Because I violated the code of conduct.
Maria Varmazis: Right. I mean --
Joe Carrigan: And same with CPAs.
Maria Varmazis: -- does one have scruples?
Joe Carrigan: Yes.
Maria Varmazis: When -- when hacking into someone else's emails? I mean, one would hope that you would pu- maybe pump the brakes a little bit and go, hmm, yes. This is not normally a thing I should be doing. Maybe I should not.
Joe Carrigan: Yeah. Lying to customers and telling them to send -- send the money somewhere else, and then be like, oh, you guys must have gotten hacked. Oh no. Where did the money go [background laughter]? Yeah.
Dave Bittner: Hm.
Maria Varmazis: Yeah.
Dave Bittner: She's probably staring at those dreamy eyes of Rowan Atkinson and thinking to herself [background laughter] soon we will be together. Soon. We will be together [laughs]. All right. We'll have a link to that story in the show notes. Joe. Maria. It is time to move on to our Catch of the Day. [ Music ]
Joe Carrigan: Dave. Our Catch of the Day comes from someone who did not leave a name.
Dave Bittner: Okay [laughs].
Joe Carrigan: So, I'm just going to call this person Anony Mouse [background laughter]. "A long-term fan of the podcast Hackinghumans and Caveat, I know that's Ben not Joe, but anyway, I really enjoy them both."
Dave Bittner: Well, that's nice.
Joe Carrigan: Well, that's good. I like Caveat as well. And --
Dave Bittner: Yeah.
Joe Carrigan: -- we should have Ben on this show whenever we start pontivicating about law stuff [background laughter].
Maria Varmazis: That's true. Yes.
Dave Bittner: He could set us straight [laughs].
Joe Carrigan: He could say, "Shut up you idiots."
Dave Bittner: Right. Exactly. You guys -- you guys got it all wrong [background laughter] Yeah.
Joe Carrigan: Right. "I received this scam today on my mobile number that I thought you might want to get the word out regarding, or look into it for fun. It's cleverly written, but it's definitely massed produced, and has so many red flags it popped out while reading it. I've attached a screenshot, but it's also transcribed below in the case that sending it as a screenshot doesn't work." And that's a good thing, because [laughs] the -- the spam filter on my Cyberwire email did not let me open any of the attachments. And I was like --
Maria Varmazis: Oh yeah.
Joe Carrigan: I know they're just images. Apparently, Maria's spam [inaudible 00:34:17] lets her open everything [laughs].
Maria Varmazis: Everything. Everything. Good thing I have admin privileges on my machine.
Dave Bittner: Yeah [laughs].
Maria Varmazis: It's great! [Laughs].
Joe Carrigan: I don't know that's a good thing. All right. Dave, you want to read the text here?
Dave Bittner: Sure. It says, "Enforcement penalties begin on June 7. Our records indicate your traffic fine is overdue. In accordance with Regulation 15C-16.003. Failure to resolve payment by June 6, 2025, will result in 1. Violation logged in DMV records. 2. Vehicle registration suspension effective June 7. 3. 30 days suspension of driver's license. 4. Referral to toll collection, incurring an extra 35 percent fee. 5. Possible legal action and negative impact on your credit history. Settle immediately here. Resolve immediately to avoid further legal percussions. Reply 'Why' and reopen this message to click the link or copy it in your browser." And then -- we- so, that's the end of that. That's in our -- our --
Joe Carrigan: That's the end of the message, but the -- the listener has written in that says, "15C-16.003 is a Florida Admin code for record retention, and there is no such regulation for the state of Oklahoma." Which I'm guessing is where this -- where this person lives.
Dave Bittner: Yeah.
Joe Carrigan: "Maybe the scammers are from Florida?" I think the scammers just came up with some number that just --
Maria Varmazis: Some random number. Yeah.
Dave Bittner: Yeah.
Joe Carrigan: Yeah. Said, we're going to -- because how many times have you heard somebody who works for some government agency, cite some law that you've never seen.
Dave Bittner: Right?
Joe Carrigan: And you're just going -- I guess that we- that's right. That's okay.
Dave Bittner: No. That's me on Caveat with Ben.
Joe Carrigan: Right [laughs].
Dave Bittner: He's like -- he's like, "In the Supreme Court, in Jenkins vs. you know, the -- the State of Despair [background laughter]." I'm like, Okay.
Maria Varmazis: You just said a bunch of words and letters and numbers; you must be correct.
Joe Carrigan: Yeah.
Maria Varmazis: You must be correct, because I don't know what those are. >> Dave Bittner:: Right. You -- you said them with confidence, so I'm just going to go along with it.
Joe Carrigan: Yeah.
Dave Bittner: And uses Latin phrases.
Joe Carrigan: Yes. Exactly.
Dave Bittner: The Supreme Court spoke ex cathedra?
Joe Carrigan: Yeah. Austin Commotadus [phonetic]. So, I -- this, of course, is related to -- I -- I'd say adjacent to all of the toll scams that we've been seeing lately.
Dave Bittner: Yeah. It's kind of the same thing; except it's saying that you have a -- a moving violation and we're going to suspend your driver's license.
Joe Carrigan: Right.
Dave Bittner: A lot of scare in this one.
Joe Carrigan: Yeah.
Dave Bittner: You know, not -- I don't think there's anything to worry about. You just delete this message when you get it.
Joe Carrigan: Yeah. Exactly. Let me -- let me -- let me tell you, as someone who has a child who thinks that speed limits are just suggestions in a --
Dave Bittner: Right.
Joe Carrigan: -- in a town that has lots of speed cameras.
Dave Bittner: Yes.
Joe Carrigan: [Laughs] if they -- if the DMV wants you, they will send you a letter in the mail [laughs]. So -- and -- and also for our listeners, these are generated by kits.
Dave Bittner: Right.
Joe Carrigan: The -- the bad guys, they buy an online kit, and they pay a certain amount of money, and it just generates these things and spits them out, and it's just a numbers game. So, there is nothing to these at all.
Dave Bittner: All right. Well, thanks to our listener for sending this in. We do appreciate it. And of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans@n2k.com. [ Music ] [Music] and that is our show. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliot Peltzman [phonetic] and Trey Hester [phonetic]. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
