Social engineering served sunny-side up.
[ Music ]
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I am Dave Bittner and joining me is Joe Carrigan. Hey, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the "T-Minus Space Daily" podcast, Maria Varmazis. Hello, Maria.
Maria Varmazis: Hi, Dave and hi, Joe.
Dave Bittner: All right, before we dig into our stories here, we have a little bit of a follow up here. What do we got, Joe?
Joe Carrigan: We have a - we have a message from a Ph.D. I'm assuming this person may have a Ph.D. I don't know. They sent a -
Dave Bittner: It could be [inaudible 00:00:45] Harvey Daniel.
Maria Varmazis: A pretty huge deal.
Dave Bittner: Yeah.
Maria Varmazis: A pretty huge deal.
Dave Bittner: Harvey [inaudible 00:00:50] a pretty huge deal. I like that. Yeah.
Maria Varmazis: Yeah.
Joe Carrigan: A pretty huge deal. That's a good one as well. Is - the question is, "Is this what Joe looks like? Is AI listening and building articles tailored towards me or am I an AI or just a fan?" And he sends a link to an article from The Onion. Dumbest friend just bought 20 chickens. Moron also spent a couple grand on a chicken coop.
Dave Bittner: Yeah.
Joe Carrigan: Yeah. Now - yeah. I will tell you, I have already seen this article and taken a screenshot of it and sent it to my entire family. They all laughed.
Maria Varmazis: Of course.
Joe Carrigan: We are probably buying the world's most expensive eggs ever, but we do get to have chickens. And the picture is of a guy holding two chickens in a flannel shirt and a baseball hat. I - he has - he has a full beard. I have now gone completely clean shaven. However temporary that may be. I may grow a beard back. I don't know. I'm not -
Maria Varmazis: But, otherwise, it's a spitting image of you.
Joe Carrigan: Yeah, it's pretty close.
Maria Varmazis: Is that what you're saying?
Joe Carrigan: That was pretty close. I do look like this guy. I'm kind of built like this guy. I wear a cowboy hat usually when I'm out in the yard just because it keeps the sun off everything. It's great. And it says under here, "Your most dim-witted friend with some of - some of the chickens that will consume hundreds of hours of his life." Yeah.
Dave Bittner: I mean, it's not so much a food source as it is a hobby.
Joe Carrigan: Right, yeah.
Dave Bittner: Right?
Joe Carrigan: That's right? My new hobby is farming, Dave. My hobby is now -
Maria Varmazis: [inaudible 00:02:12] that also feeds you as opposed to just the other way around.
Joe Carrigan: Full-time jobs, that's right, Maria. It's - I do have to feed them, but they also feed me.
Dave Bittner: Knowing yourself, how much time do you think it's going to take before you are completely sick of eggs?
Joe Carrigan: I don't know. I really like eggs. And I'm not one of those guys that gets sick of a food. I can eat a food over and over and over again.
Dave Bittner: Okay. Well, let's mark this moment as the one where -
Joe Carrigan: Right.
Dave Bittner: - Joe said he really likes eggs.
Joe Carrigan: Right.
Dave Bittner: And we'll check in.
Joe Carrigan: My doctor may have something else to say about it once my cholesterol -
Maria Varmazis: Yeah.
Joe Carrigan: - shoots through the roof. We'll see.
Dave Bittner: Okay.
Maria Varmazis: We will see.
Dave Bittner: Fair enough.
Joe Carrigan: But that's a great article. Thank you for sending that in Ph.D. I - yeah, that's right.
Dave Bittner: Yeah. All right. We've got another piece of follow up here from a listener named Peter who writes in and says, "Hi, Dave, Joe and Maria. I'm a big fan of your show. I've been listening for years." Has some very nice things to say to us. He said, "I wanted to follow up in your recent episode about YETI product scams." Ah-ha. "I live in Belgium and have seen this exact scam, though with different products, high-quality backpacks from a large sporting goods retailer, but also other products and stores are being used. The scam profiles on Facebook use the same tactics. They're obviously fake, share a sad story about a fired employee and offer a fake employee discount on the backpacks. All of them are sponsored messages. I've reported many of these to Meta. And, while they usually get a pass, I did get one report that was successful which felt like a huge win."
Joe Carrigan: Right?
Maria Varmazis: Woo-hoo.
Dave Bittner: [inaudible 00:03:39] funny how Meta lulls you into feeling like anything is a huge win -
Joe Carrigan: Right.
Dave Bittner: - when you're -
Joe Carrigan: It's -
Dave Bittner: - [inaudible 00:03:45].
Maria Varmazis: [inaudible 00:03:45] the least [inaudible 00:03:46].
Joe Carrigan: Right. The least they can do.
Dave Bittner: Yeah.
Maria Varmazis: Yeah.
Joe Carrigan: If you spend enough time screaming into the void, that one voice coming back going, "Hey, I hear you" is so rewarding.
Dave Bittner: So Peter says, "I have some additional details about what happens next that I think you and your listeners would find interesting."
Joe Carrigan: Ah, I would find them [inaudible 00:04:03] -
Dave Bittner: I'm all ears.
Joe Carrigan: Yeah.
Dave Bittner: He says, "You are right that these scams collect personal information, but they also offer you the chance to win a high-value product. You always win, of course, and are asked to pay a small fee of just a -
Maria Varmazis: That's nice.
Dave Bittner: - few euros to get the item.
Joe Carrigan: Ooh.
Dave Bittner: This is where the real scam begins. Oh, this is where the real scam begins.
Maria Varmazis: Dun, dun, dun. Okay.
Joe Carrigan: The other were just precursor scams.
Dave Bittner: Yeah. Appetizer scams.
Joe Carrigan: Right.
Dave Bittner: "In Belgium, a recently introduced new type of debit card called Debit Mastercard allows for periodic subscription payments. By agreeing to pay the small fee, people are also unknowingly signing up for a recurring subscription of 60 to 80 euros per week."
Joe Carrigan: Wow.
Dave Bittner: Wow, [inaudible 00:04:47] -
Joe Carrigan: Whoa.
Dave Bittner: Yeah. "While the fine print might technically disclose this, it's highly unethical and designed to trick victims into losing far more than they signed up for. We see this type of scams popping up constantly with a lot of variants, but always with the same outcome for the victims. I'm not sure if this specific payment scheme works the same way in the U.S., but it's a new angle to this scam that your audience should be aware of. Thanks again for all the great work you do. From Peter." Well, Peter, thank you for sending this in. I certainly have seen these subscription scams.
Joe Carrigan: Yep.
Dave Bittner: I have seen them lots of different places. The thing that comes to mind at first are, what do you call them, infomercials. Right?
Joe Carrigan: The Ron Popeil infomercials?
Dave Bittner: Well, there's all kinds of infomercials out there, but I have seen some of them that say, you know, "Come and buy our super deluxe" whatever it is, "and, while you're on the phone, our representatives will tell you about an opportunity to subscribe to" such and such and such and such. Now, in that case, they're telling you about that, but I can bet you that they're strongarming you about it.
Joe Carrigan: Yeah.
Dave Bittner: But we've seen other ones. Remember there was one probably, I don't know, within the last year or so. Remember, Joe, I told you that I was attracted to an ad for digital watch faces.
Joe Carrigan: Yes, yes. Digital watch faces subscription.
Maria Varmazis: Yeah, I remember that.
Dave Bittner: Yeah.
Maria Varmazis: Yep.
Dave Bittner: So same sort of thing. They get you this way. You know, it's free to start and then it's like $30 a week or something just -
Joe Carrigan: Crazy.
Dave Bittner: Yeah. And I think - my guess is the business model here is that they just figure on getting you for one or two billing cycles.
Joe Carrigan: Right.
Dave Bittner: And that's all they need -
Joe Carrigan: Yeah.
Dave Bittner: [inaudible 00:06:28] profit.
Joe Carrigan: That's a successful scam.
Dave Bittner: Despicable.
Joe Carrigan: Yes, despicable.
Dave Bittner: That's -
Joe Carrigan: Thanks, Daffy. That is -
Dave Bittner: Despicable.
Maria Varmazis: Despicable.
Dave Bittner: Despicable. No, it's despicable. It is despicable. All right. Well, our thanks to Peter for sending this in. We do appreciate you taking the time. And, of course, we would love to hear from you. If there's something you would like us to consider for the show, please do email us. It's hackinghumans@n2k.com. We're going to take a quick break here to hear from our sponsor. We'll be right back with this week's stories. [ Music ] All right. We are back. And I am going to kick off our stories this week. This one caught my eye for reasons that I think will be evident, -
Joe Carrigan: Okay.
Dave Bittner: - as I go through it. This is from the folks at Infosecurity Magazine and it says, "Experts warn of celebrity podcast scams.
Joe Carrigan: Are people impersonating us, Dave?
Dave Bittner: Celebrity podcast -
Maria Varmazis: A celebrity podcaster?
Dave Bittner: They want celebrity podcasters.
Joe Carrigan: Oh, not podcasting celebrities. Sorry.
Maria Varmazis: Right. So not - oh, okay. Oh, -
Dave Bittner: Well, -
Maria Varmazis: Adjacent, but not the same. Right, we got it.
Dave Bittner: I don't know that we - yeah, I don't know that any of us qualify for any - for either of those categorizations.
Joe Carrigan: Well, I think - Dave, I think I've talked about my belief of only having six lists of celebrities from A to F.
Dave Bittner: Yeah.
Joe Carrigan: And you are at least D, possibly C, level list celebrity [inaudible 00:07:55].
Dave Bittner: Oh, that's so sweet of you, Joe.
Maria Varmazis: Wow.
Joe Carrigan: Well, everybody - everybody in the world is at least an F list celebrity.
Dave Bittner: Oh, I see.
Joe Carrigan: So -
Maria Varmazis: At least an F.
Dave Bittner: At least an F. Right.
Joe Carrigan: And I use six because it's the same thing as Six Degrees of Kevin Bacon.
Dave Bittner: Yeah.
Joe Carrigan: Right? So -
Maria Varmazis: Sure.
Joe Carrigan: - you would say Kevin Bacon's an A lister. Right?
Dave Bittner: I would.
Joe Carrigan: Right? You can probably get to Kevin Bacon quicker than anybody else on this podcast.
Dave Bittner: Yeah, it's true.
Joe Carrigan: You may not have to go six. And the way I define [inaudible 00:08:22] -
Dave Bittner: Well, the problem is - well, it's not the problem, the fact of the matter is I grew up with Edward Norton.
Joe Carrigan: Ah, yes.
Dave Bittner: So that shortcuts me to just about everyone in Hollywood.
Joe Carrigan: That's right. He used to hang out at my house when I lived in Columbia.
Maria Varmazis: Is that right?
Joe Carrigan: Yeah. My neighbors told me that they'd see Ed Norton sitting on the backyard - in the back - in the back of my house drinking beer with the guys that lived there.
Dave Bittner: Oh, yeah, okay.
Maria Varmazis: Well, there you go.
Dave Bittner: All right. So celebrity podcast scams. So let me ask the two of you. Have you ever been offered money to appear as a guest on a podcast? Joe?
Joe Carrigan: As a guest? No.
Dave Bittner: Okay. Maria?
Maria Varmazis: Oh, I certainly have, yes.
Dave Bittner: Yeah.
Maria Varmazis: Not a lot, but it was money. Yes.
Dave Bittner: Yeah. My general approach to being offered money to appear on someone's podcast is I ask them to make a donation to my favorite charity. I just figure that I'm already being paid by my day job -
Joe Carrigan: Right.
Dave Bittner: - to be a podcaster so I'm kind of covered there. And, you know, it's extra work. Why not just have it go somewhere where it can do some good? However, what this scam is about is fraudsters are posing as managers of a fake celebrity podcast and they offer people $2,000 to appear as a guest.
Joe Carrigan: Okay.
Dave Bittner: So they're targeting fairly high-profile people, business people mostly, and they reach out and they say - and, of course, they get buttered up, they get an email that praises them, tells them, you know, how impressed everyone is with how they've done in business and their life and -
Maria Varmazis: And everybody wants to be on a podcast. Right? Everybody.
Dave Bittner: Yeah. Well, -
Maria Varmazis: Who doesn't? Who doesn't want this, Dave, [inaudible 00:10:09]?
Dave Bittner: I know.
Joe Carrigan: Everybody that wants to be on a podcast is on a podcast.
Dave Bittner: There you go. Yeah, that's right.
Maria Varmazis: At this point, yes.
Dave Bittner: I was going to say it seems like more in the past than the present, but anyway. So if the - if the victim agrees to being on the podcast, of course, they have to go through a technical check. So they're asked to join a call to test their webcam and their audio. But what's really going on here is the attrack - the attackers are trying to get them to install remote access software.
Joe Carrigan: I see.
Dave Bittner: So they're say, you know, in order -
Joe Carrigan: Ooh.
Dave Bittner: - to use our exclusive system, we're going to have to install this driver onto your computer. Now, we use a system for recording podcasts. Right?
Joe Carrigan: Yep.
Dave Bittner: We're using it right now.
Joe Carrigan: Yes, we are.
Maria Varmazis: Yes, yes -
Dave Bittner: It's called -
Maria Varmazis: - indeed.
Dave Bittner: It's called Riverside. But most of the - in fact, I can't think of any of the dedicated podcast recording platforms that require you to install anything. They're all browser based now. So -
Joe Carrigan: Right.
Dave Bittner: So they get you to install something on your machine and then they steal the things that they steal once they have access to your machine, your social media logins, they look for your other accounts, credentials, things like that, which is kind of a twist on the classic tech support scam, but they're going after business leaders and specialists. And, of course, these people's information and presumably having access to their PC could be more valuable than just a run-of-the-mill person.
Joe Carrigan: That's right. This is more like almost like a spear phishing attack of the - of the - of the tech support scam.
Dave Bittner: Right, right. And then, once they're on the computer, they then pivot to try to get into corporate systems and things like that. So it can spread from this one initial outreach.
Joe Carrigan: Yeah. If you took this call at work, that would be - that could be devastating to your company.
Dave Bittner: Right, right.
Maria Varmazis: Oh, good point. Yep, absolutely.
Dave Bittner: Yeah. So the advice for businesses is, of course, be skeptical of generic emails. verify a sender address. They say real podcast don't use Gmail.
Joe Carrigan: Oh, hold on now.
Dave Bittner: That's mostly true.
Maria Varmazis: Wait [inaudible 00:12:26].
Joe Carrigan: When I had my own personal podcast, that was a Gmail address.
Dave Bittner: Yeah, they say real podcasts though, Joe. So -
Joe Carrigan: It was real enough [inaudible 00:12:34] -
Maria Varmazis: We have a few of us in [inaudible 00:12:34] -
Joe Carrigan: Dave Bittner was on it once.
Dave Bittner: That's true. I was on it more than once.
Joe Carrigan: Were you at more [inaudible 00:12:38] - yes, that's right, you did -
Dave Bittner: Yeah.
Joe Carrigan: - a - you did - you sent me a sound bite once.
Dave Bittner: That's right.
Joe Carrigan: Yeah.
Dave Bittner: That's right. A bit, if you will.
Joe Carrigan: A bit, yes.
Dave Bittner: Beware of unsolicited money offers. Never allow strangers remote access to your device. I would say that, in this case, you don't know that that's what they're doing.
Joe Carrigan: Correct, right.
Dave Bittner: But, still, I'd say be cautious of anybody installing anything on your device, -
Joe Carrigan: Yeah.
Dave Bittner: - even a browser plugin, anything like that.
Joe Carrigan: Yeah. And one of the - one of the big problems with this is if they're using custom malware that they've built here, they may - it may not show up in the virus scanner.
Dave Bittner: Right. Right.
Joe Carrigan: True.
Maria Varmazis: Yep.
Dave Bittner: Yeah.
Maria Varmazis: Yep.
Dave Bittner: Yeah. So you can see why that caught my eye and I wanted to share it, but, yeah, it's a good one to look out for. So we'll have a link to that in the show notes. That is my story this week. Joe, you're up. What do you have for us?
Joe Carrigan: I have an interesting story that I actually got while I was at work. This is from the gurus over at the IT Guru and there's a company called - the headline is "Workday Discloses Data Breach Following CRM-Targeted Social Media" or "Social Engineering Attack." So what is Workday? I don't know if you guys are familiar with Workday, but they are a leading provider of human resources and financial management software. And here is how I became aware of them and why I think other people should become aware of them. About a little over a year ago, I was in a job search mode.
Dave Bittner: Mm-hmm.
Joe Carrigan: So I went out and I found - well, you know, would - I would start applying to these positions. And every time I would go to the company's website to submit my application for the job, I would go to a Workday front end. It would - and it always looked the same. And I don't know if it's because the front end is not that customizable or these companies just don't care about that or can you remove the word "Workday" from the front end? I don't know.
Dave Bittner: I see. So it was labeled as being Workday.
Joe Carrigan: Right. It was labeled, but it also had their branding on it, but you could clearly see that it was Workday.
Dave Bittner: Okay.
Joe Carrigan: And -
Dave Bittner: All right.
Joe Carrigan: - it always looked the same when you went in.
Dave Bittner: Okay.
Joe Carrigan: Absolutely very uniform. Which kind of made it good, right, in that I knew what I was dealing with when I was applying to the - to any of these companies. But, you know, I - neither here or there. It's just the front end of a lot of these HR processes.
Dave Bittner: Okay.
Joe Carrigan: So that's how they collect resumes now is with Workday. So Workday has confirmed that it fell victim to a data breach stemming from a social engineering attack targeting a third-party CRM, which is a customer relationship management system.
Dave Bittner: Uh-huh.
Maria Varmazis: Yeah, yep.
Joe Carrigan: So it's important to note that Workday says, and I'll just quote the article, "The breach did not impact its customer tenants or the secure data therein; instead, the compromised system contained primarily 'commonly available business contact information,' including names, address - email addresses and phone numbers." So it looks like all they did was breach Workday's CRM -
Dave Bittner: Yeah.
Joe Carrigan: - system. So the - this article says it's probably a Salesforce system because Salesforce is like the world's -
Dave Bittner: Yeah.
Maria Varmazis: [inaudible 00:15:51] baby.
Joe Carrigan: - like if you -
Maria Varmazis: Yeah.
Joe Carrigan: - have a CRM system, it's probably Salesforce.
Dave Bittner: Yeah.
Joe Carrigan: Right?
Dave Bittner: Most likely.
Joe Carrigan: Yeah. So they - what they said was that Workday became the target of a coordinated social engineering attack where they reached out to Workday employees via SMS phone calls - or phone calls impersonating internal HR IT personnel. And then these attackers tricked employees into granting access or revealing enough personal details allowing them to infiltrate and get access to this CRM.
Dave Bittner: Mm-hmm.
Joe Carrigan: Which they then - which they did via malicious OAuth applications. Now OAuth is open authorization, which is - allows you as an account holder to give some other application access to your account details. It's not like the single sign-on thing which is where you - the single sign-on provider gives the - gives the client here a token and says, "Yes, I've validated, this is - this is Dave or Maria."
Dave Bittner: Mm-hmm.
Joe Carrigan: Right? So there's a really interesting quote in here from Dray Agha, who is a senior manager from - of security operations at Huntress. And he says, "This incident underscores three non-negotiable deficiencies: Eliminate OAuth blind spots and enforce strict allow-listing for third-party application integrations and review connections at regular intervals; Adopt phishing-resistant MFA hardware tokens as essential because MFA fatigue still remains trivial." So that's really two things. User enrollment in execution of malware is very effective. So, once again, what we're seeing here is the fatigue aspect of wearing people down with these other - these other means of multifactor authentication. One of the great things about the hardware-based tokens and whether that's like a YubiKey or something else similar that uses the FIDO Alliance's protocol or some other hardware-based token. There are multiple other tokens. There's - like the government has a common access card, it's the same kind of thing or it's called colloquially the CAC because that's a acronym. These things are not subject to this fatigue because it's a physical device that you have and it's certificate based and it's a challenge-response kind of - kind of structure as opposed to "I am going to send you a text message and you're going to enter the code" or "you're going to go to your other app and you're going to click Allow."
Dave Bittner: Mm-hmm.
Joe Carrigan: Those things can quickly overwhelm a user. Additionally, with the codes, you can socially engineer those out of people, even the ones that are cryptographically sound, like the RSA [inaudible 00:18:56] -
Maria Varmazis: RSA tokens. Yep.
Joe Carrigan: Right?
Maria Varmazis: Yep.
Joe Carrigan: You can just say, "Okay, I need you to read those numbers to me." So, really, I think - I think it's time, you know, maybe - I mean, I don't know. I - it's been time for a while, but I think we really need to move beyond these other methods of multifactor and just go with these hardware-based certificate multifactor authentications.
Dave Bittner: Yeah. We covered this I want to say years ago in the - in the pre-Maria era.
Joe Carrigan: Right.
Dave Bittner: The dark times of our podcast that - remember there was that story about Google.
Joe Carrigan: Yes.
Dave Bittner: There was an internal story about Google. And, basically, anything that they applied a hardware token to was 99.99% secure.
Joe Carrigan: Yeah, they -
Dave Bittner: Like it just didn't get popped.
Joe Carrigan: They haven't had - when we read the article - as of the time we read that article, they had not had a security incident on anything secured with a Google Titan -
Dave Bittner: Right.
Joe Carrigan: - because that's their hardware key solution. And I think that uses FIDO.
Dave Bittner: It does, yeah.
Joe Carrigan: So it's the same thing as a YubiKey. You can use it everywhere you can use a YubiKey I think.
Dave Bittner: Yeah.
Joe Carrigan: So it's - yeah. And it works. You know, it keeps - it keeps - there's no way that you can make somebody put that in there. There - the only time you ever need it is when you're trying to authenticate.
Dave Bittner: Right. Now, I will say, because we use some hardware tokens here for various things at work, and it is occasionally a pain in the butt.
Joe Carrigan: Yeah.
Maria Varmazis: Yeah. I mean, if it's so great, and it is, and it's -
Dave Bittner: Yeah.
Maria Varmazis: - sort of like when I talk to people - or 10 years ago, especially about Password Manager, it's like, "Well, if it's so great, why isn't everyone doing it?" Well, -
Dave Bittner: Yeah.
Maria Varmazis: - the friction, there is friction there.
Joe Carrigan: There is and it's [inaudible 00:20:46] -
Maria Varmazis: And I'm not trying to say this is a bad idea because there's friction. It's just how can one reduce the friction because it does sound like a fantastic idea.
Dave Bittner: Yeah.
Maria Varmazis: Yeah. So -
Dave Bittner: I think passkeys are supposed to be the happy medium between these two things. And I think they could be, but there's - they seem to be getting off to a sluggish start of installation, you know, or adoption I guess is a better word for it.
Joe Carrigan: Yeah.
Dave Bittner: But I just try to remind myself every time that something calls for a hardware key and it's at the worst possible moment, like I'm at home sitting on my couch, right, -
Joe Carrigan: Right.
Dave Bittner: And it says, -
Maria Varmazis: Yep.
Dave Bittner: - "We need" - and I'm like, "Okay, I've got to get off the" -
Maria Varmazis: Yeah, where is -
Dave Bittner: - "couch."
Maria Varmazis: - that thing?
Dave Bittner: Right.
Maria Varmazis: Yeah.
Dave Bittner: There you go, got to go find my keys. Got to get the [inaudible 00:21:32] -
Maria Varmazis: Did I leave it in the car?
Dave Bittner: Right.
Maria Varmazis: Is it in my work bag?
Dave Bittner: Right.
Maria Varmazis: Yeah.
Dave Bittner: Will it - will my phone successfully scan? You know, like all those things. And I just remind myself and say, "All right, this is for safety. There's - this is good. You know, this is - this is better than the alternative. So just take a deep breath and" -
Joe Carrigan: Yeah.
Dave Bittner: - "do it."
Joe Carrigan: I use my YubiKey to secure my Password Manager, -
Dave Bittner: Yeah, yeah.
Joe Carrigan: - which is KeePassXC, I believe. It's the.NET version of KeePass. Probably shouldn't use the actual keypass, but use the - if you're on Windows, you can use KeePassXC. It's better. And what that does is it allows me to keep my - or it makes me comfortable enough, I'll say that because I'm really already allowed to do this, but it lets me - it makes me comfortable enough where I can keep my password database up in the cloud so that I can have it wherever I need to have it -
Dave Bittner: Mm-hmm.
Joe Carrigan: - because even if somebody breaks in and get - and they know my - the password for my password manager, they can't get into that database without my physical key.
Dave Bittner: Yeah.
Joe Carrigan: And, yeah, it's a pain when I leave it on - because it's always attached to my backpack via a lanyard and it's a pain when I leave that backpack upstairs and have to go get it because, you know, I always go downstairs and go, "Well, time to go do something - oh, I've got to log into this site. Oh, I need my backpack."
Dave Bittner: Yeah. Well, not to mention you need a dolly to move your backpack.
Joe Carrigan: I don't, no. Anybody else does, yeah.
Maria Varmazis: How's your back, Joe?
Joe Carrigan: Back's great. Ever since I started wearing a backpack, it really increased [inaudible 00:23:02] -
Dave Bittner: Maria, what's the name of Thor's hammer?
Maria Varmazis: Oh, the Mjon - the Mjolnir.
Dave Bittner: Yeah, yeah.
Maria Varmazis: Is that what it is?
Joe Carrigan: Yeah.
Maria Varmazis: Yeah.
Dave Bittner: That's basically Joe's backpack.
Joe Carrigan: That's right.
Dave Bittner: He's the only one who can pick it up. It's -
Maria Varmazis: Jeez.
Dave Bittner: It's full of solid gold bars.
Joe Carrigan: Right.
Dave Bittner: Which -
Maria Varmazis: From Costco that I have learned that Costco -
Dave Bittner: Right.
Maria Varmazis: - sells thanks to this show.
Dave Bittner: Right.
Joe Carrigan: Yeah.
Dave Bittner: Yeah. All right. Well, we will have a link to Joe's story in the show notes. I tell you what, let's take a quick break before we get to Maria's story. We'll be right back after this. [ Music ] And we are back. Maria, what do you have for us this week?
Maria Varmazis: I have just two sort of quick ones for my - my one story is actually two.
Dave Bittner: Okay.
Maria Varmazis: Right before we started recording today, like half an hour or a little bit before, I got a spam text that normally I would just hit, you know, "Delete" and junk it. But I - there was something about it that I just wanted to surface because I haven't seen this before, and maybe you both have, but it just was a little noteworthy to me. It was yet another "we tried to deliver a package to your house and you need to go to this spammy URL and we're going to phish you when you do that." And the URL it had, in this case, was fedex.com@spamurl.spam, spam, spam, spam. I have - I have not seen a spam URL actually try to obscure itself within the legitimate one like that using the @ symbol, which that -
Joe Carrigan: I have. We have talked -
Maria Varmazis: Have you seen that?
Joe Carrigan: - about this before.
Maria Varmazis: Okay.
Joe Carrigan: I have actually never seen this in the wild, I've only ever heard about it. But what is happening here is the very first HTTP protocol had specifications that would let you put a username and a password before the URL. So you could put username and I think it was a colon and then a password at the domain you wanted to go to and it would log you in.
Dave Bittner: Oh, yeah.
Joe Carrigan: So -
Dave Bittner: I've forgotten about that.
Joe Carrigan: Yeah. So what's - what this is is - and, if you just put a username, it will prompt you - the system is what should prompt you for a password.
Dave Bittner: Yeah.
Joe Carrigan: So what this is is this is looking like www.fedex.com is the username as far as the URL is concerned, but, to the average user, they - nobody even knows about this.
Dave Bittner: Right.
Joe Carrigan: Nobody -
Maria Varmazis: Yeah.
Joe Carrigan: - thinks about this because nobody has -
Maria Varmazis: No.
Joe Carrigan: - used HTTP, Hypertext Transfer Protocol, to do this ever. I've never seen this done. But I did know that if you put an at symbol -
Maria Varmazis: Oh, didn't FTP do this agent - like doesn't - isn't [inaudible 00:25:30] -
Joe Carrigan: Yeah.
Dave Bittner: Yeah.
Joe Carrigan: Yeah. There you go.
Maria Varmazis: Oh, my God, that is an old part of my brain I have not thought about. Right. Yes.
Dave Bittner: Clear out the cobwebs.
Maria Varmazis: Oh, my goodness.
Joe Carrigan: SSH still does it. So -
Maria Varmazis: The cobwebs, yes. I was like, -
Dave Bittner: Right.
Maria Varmazis: - "Wait a second. I have seen this before." All right.
Joe Carrigan: Right. So if -
Maria Varmazis: Wow.
Joe Carrigan: If you do SSH space your username at the server you want to go to, it logs you in as the username. Otherwise, it -
Maria Varmazis: Oh, my goodness.
Joe Carrigan: - just asks you for the password. Otherwise, it will prompt you for username and password. So that's what this is. You're looking at the username portion of the URL, which is generally disregarded. It - I don't even know that web servers actually plan for this in the protocol, but I think it's still there.
Dave Bittner: Yeah, that - yeah, exactly. That's what I was going to say. I think it's just a - it's a zombie protocol. Right? It's -
Joe Carrigan: The zombie part of the protocol.
Dave Bittner: Yeah. Right, right. Yes, yes. That's a better way to put it. It's just fallen out of use, but probably, you know, things that are deprecated often stay in there.
Joe Carrigan: Yeah.
Dave Bittner: So -
Joe Carrigan: I'm actually very excited -
Dave Bittner: Long forgotten.
Joe Carrigan: - about this, Maria. It's really like, [inaudible 00:26:32], "Oh, cool, here it is. I've only ever heard about this."
Maria Varmazis: It's vintage and it's been brought back. And, look, there it is.
Joe Carrigan: Yeah.
Dave Bittner: Isn't that interesting?
Maria Varmazis: And what I loved in the spam text was that they had very explicit instructions, "Just reply with Y, then close and reopen the message to make the link work. If that doesn't do it, copy the link and paste it straight into Safari." I was like, "Oh, very specific instructions to get [inaudible 00:26:54]." I just thought that was kind of adorable before I hit Junk and deleted it. But, just noteworthy. I - yeah, the @ made me go, "Oh, that's interesting." But, yeah, as you mentioned it, that those cobwebs cleared and, yeah, -
Joe Carrigan: Yeah.
Maria Varmazis: - it's been - it has been ages, my goodness. Okay. Well, there -
Dave Bittner: Yeah.
Maria Varmazis: - that was my little show and tell for today for [inaudible 00:27:12] -
Dave Bittner: Joe with the history lesson.
Joe Carrigan: Yeah.
Maria Varmazis: Yeah. Well, [inaudible 00:27:14] -
Joe Carrigan: That's how old I am.
Maria Varmazis: - today.
Joe Carrigan: And it's time for me to give you the internet history lesson.
Maria Varmazis: The other item I wanted to raise was, for me, kids going back to school right now is top of mind because my kid is currently watching TV downstairs because school starts for her in a few days. So we're getting ready for that season in my household. And, with the inevitable start of school in North America, Northern Hemisphere area, we - there is this slew of pictures of adorable kids, often on their front step or in some notable landmark, holding up a chalkboard saying, "I - my name is this, my teacher is that, I am this many years old and I like blank, blank and blank." And I would venture most listeners to this show know that that is a very bad idea for very many, many, many reasons. However, this is still a trend that is going on. And The Independent has an article sort of about this - sort of about the sharenting thing with an interesting angle. And it's not just the "don't do that" because that message has been out there for a while, like "don't post these pictures" and, clearly, people are ignoring that advice.
Joe Carrigan: Right.
Maria Varmazis: There is sort of a halfway method that a lot of people, including celebrities, have been trying to I guess toe the line on trying to protect their kids' privacy a bit while not completely disappearing from internet social life. And that is by posting their family photos, but putting a cute sticker or emoji over their kids' faces. And this article by Katie Rosseinsky on The Independent asked some cybersecurity and privacy experts, "Does that actually do anything?" And I wanted to give sort of a thumbs up callout to Lisa Ventura, who I I'm a big fan of, and she did not pile on with the thing that I often hear, which is, "Oh, AI can remove the sticker" and she's going, "That's kind of an overblown threat. That's not really a thing as much as you would think." It's more that using the emoji sticker over the kid's face may give the poster or the parent, in this case, a false sense of security and they may get complacent about the other details that are in the photos that they're sharing that actually give away a lot more information. So I just wanted to just highlight what Lisa said because I just thought it was a fantastic quote. I'm just going to read what she said. "'There's a lot of scaremongering about AI being able to magically reconstruct faces from emoji-covered photos,' as well as various digital tools that claim to be able to get rid of this layer. For the most part, though, when the image gets saved, the original will be overwritten; you can't see behind it. So the main issue isn't the threat of peeling away the emoji, but the fact that 'most parents aren't just posting one carefully emoji-protected photo. They're sharing multiple images over time and the combined data from all those posts creates a much bigger privacy concern than any single image.'" And then the writer goes on to say, "If popping some cartoonified masks onto their face makes you more laissez-faire about what you're posting about your kids, it could actually be counterproductive." So I thought that was a really nice nuanced take on what is often just like "don't do the sharing your photos online thing," because that is what I do, but I recognize most people don't want to do that. So it's just a nice reminder I think for people that it is putting a privacy screen over your kid's face if you're going to share those pictures is nice, but think about the other things in the photos that you're sharing. And, especially with AI, it's really easy to glean a lot of details very quickly about kids' personal lives by people who have very ill intentions. So be very careful out there. And, you know, as I say, I always am a fan of don't post your kids online at all, but I recognize that that's not what most people want to do. That's kind of a -
Joe Carrigan: Yeah.
Maria Varmazis: - hardline way of operating. So there are - there - just be - don't be complacent in the ways that matter.
Dave Bittner: Joe, what do you think of this?
Joe Carrigan: I agree with what's being said here, especially about the image. Because, when you talk about layers in an image, what you post on Facebook or Instagram or wherever is not a layered image. It's generally like a port - a PNG or a JPEG. So, yeah, AI is not going to be able to peel that away. If you take that out of the image, the underlying image is gone. But -
Maria Varmazis: But.
Joe Carrigan: - yeah, when you - when you - yeah, when you post a picture of that on there, think about - just think about the information that's there. First off, what your house looks like. Right? Is there GPS -
Maria Varmazis: Yeah.
Joe Carrigan: - location information in the metadata of the picture?
Maria Varmazis: There often is.
Joe Carrigan: And I know that -
Maria Varmazis: Yeah.
Joe Carrigan: - Facebook strips that out or I think they do, but you never know. And, more importantly, what's Facebook doing with it? What's Meta doing with that information?
Maria Varmazis: Yeah.
Joe Carrigan: Right? They're tracking you. What about if you put up a picture of your house that has your house number on it? I mean, yeah, you didn't post a picture of your street, but only so many house numbers - only so many streets have house numbers that are the same as yours. So it definitely limits the - limits the domain of the problem, if you will.
Maria Varmazis: A sports teams that your kid is playing on.
Joe Carrigan: Yep.
Maria Varmazis: yeah. Like things that they're interested in, the school that they attend. And my other thing is other children who did not consent to be in this photo -
Joe Carrigan: Right.
Maria Varmazis: - especially. So, yeah, there's a lot of information that can sort of inadvertently get in there. I know people - I know that the best practice for a lot of celebrities is you don't post same day pictures for sure. You definitely do a delay post. And this is something I remember in my Sophos years many years ago that we were sort of told as well was, you know, wait a few weeks when you come back from vacation to post those vacation pictures.
Joe Carrigan: Absolutely.
Maria Varmazis: And so it's one of those things like, you know, delay a little bit, but also, yeah, be super careful about what's in the background of those photos. So - yeah.
Dave Bittner: Can I chime in and -
Joe Carrigan: Yeah.
Dave Bittner: - be the plop in the punch bowl?
Maria Varmazis: Yeah, go for it.
Joe Carrigan: Gross. But, yes, I - but funny [inaudible 00:33:05] -
Dave Bittner: I don't like this. I think my - I think this is a solution in search of a problem.
Joe Carrigan: Really?
Dave Bittner: Yeah.
Maria Varmazis: In what way?
Dave Bittner: How many kids in your neighborhood are being snatched off the street every day?
Joe Carrigan: Oh, that's a good point.
Maria Varmazis: I'm not worried about being snatched off the street. That is the least of my concern.
Dave Bittner: Well, what are you worried about?
Maria Varmazis: Unsavory things being done with - by people who really are - I don't want to get really disgusting, but like -
Dave Bittner: How would they do that? They'd have to snatch your kid off the street. Right? You know?
Joe Carrigan: What she's saying -
Maria Varmazis: No.
Joe Carrigan: - is they could use -
Maria Varmazis: Images.
Joe Carrigan: - yeah, use the images to train a model to make - to make other images.
Dave Bittner: Ohhh, okay.
Maria Varmazis: Yeah.
Dave Bittner: Never thought of that.
Maria Varmazis: Yeah, that's - I am not - I am not worried about my kid being snatched off the street. I recognize that is a really overblown -
Joe Carrigan: Yeah, that's -
Maria Varmazis: - fear. That's not a thing I'm worried about. There are - there are people with different threat models, of course, who, you know, there are custody battles or estranged family members or people with - who are, you know, disgruntled folks in their lives where, you know, their child's safety may be, you know, potentially a thing that they're concerned about more than the -
Joe Carrigan: Right.
Maria Varmazis: - average person.
Joe Carrigan: Yeah. You've got to know your own -
Maria Varmazis: But, yeah, -
Joe Carrigan: - risk model.
Maria Varmazis: Yeah, yeah. But - and my thing is also you may not always know that that you're at that risk is -
Dave Bittner: Yeah.
Maria Varmazis: - that's my paranoia coming out. But, yeah, I'm not worried about - I'm not worried about like the '80s milk carton "have you seen this kid" situation.
Joe Carrigan: Right.
Maria Varmazis: It's more a lot of unsavory people doing things very easily on the internet with easily scraped images.
Joe Carrigan: Yep.
Maria Varmazis: And some people go, "Well, I don't know about it so I don't care." And that does not jive for me. But, yeah, -
Joe Carrigan: Yeah. And -
Maria Varmazis: - every - yeah.
Joe Carrigan: Well, I mean - I mean - you know what? I'm going to keep this scenario in my head. I'm not going to share it. But I - there are reasons I do care about that. But, -
Maria Varmazis: Yes.
Joe Carrigan: - you know, and it's - and - anyway -
Dave Bittner: I guess what I'm saying is my belief is that the worries about these sorts of things tend to be overblown.
Joe Carrigan: Yeah, I get that.
Dave Bittner: The odds of any of this happening to any of us, in my mind, versus the benefits of sharing a picture of my kids with my parents, I - you know, I - that - I mean, that's the calculation I've made and I have to live with that. But I don't - I don't know, it just seems like, you know, it's a - it's very much a "Save the children" kind of thing, but -
Joe Carrigan: They're wholesome, like "please, think of the children."
Dave Bittner: Right. But like it's a horrible idea and a horrible thing to think about, but I don't - I'm not convinced that most of it is grounded in reality.
Joe Carrigan: I will counter that with this point. And that is that there have been articles that we've read I think on - do we have it here, maybe - I can - it's been a long time. But when you upload your - when you upload your pictures of your kids to Facebook or to - well, particularly to Facebook at the time of the article I read, that, you know, they're tracking that. They know what your kids look like. They have facial recognition models for your kids.
Maria Varmazis: Right.
Joe Carrigan: So there is a real privacy angle here that maybe I don't want my kids getting targeted by Facebook while I am the custodian of them -
Dave Bittner: Yeah.
Joe Carrigan: - or my - you know, in my case now, my grandkids, Dave.
Maria Varmazis: I think of it this way. It could be completely overblown. For me, there is no benefit of putting these images online so I would rather not take the risk. That's the - that's a judgment that my husband and I have made for our kids.
Joe Carrigan: Yeah, I think that's -
Dave Bittner: Yeah.
Joe Carrigan: - that's an excellent point. What is the benefit?
Maria Varmazis: It's just like there's - I don't see a benefit. I - I am really old school, I send my family photos through the mail. I'm just like, "Listen, you want pictures of my kid, I will send them to you." And it helps that a lot of my family's not online anyway. But I just - like I don't want it going through a third party. They don't need a picture of my daughter. It's just none of their business.
Joe Carrigan: Right.
Maria Varmazis: I recognize my situation is not everybody else's. But I'm just like it's not worth the risk, I don't want to worry about this. So it's just easier if I just go, "I'm not doing this to her." When she's old enough to make that decision about how she wants to be online, I want her to make that choice. That's just sort of how I think.
Dave Bittner: That's the thing, though. And I don't - I don't - I can't - yeah, yeah, yeah. And I am coming - I'm asking you this question - I need you to believe that I'm asking you this question in good faith -
Joe Carrigan: Well, I believe you.
Dave Bittner: - because it just came to -
Maria Varmazis: Yeah. And I do believe it. Yeah.
Dave Bittner: It just came to me which is, "Do you think" - you said, "I don't want to worry about this?" Do you think you worry about this more than I do?"
Maria Varmazis: I have absolutely no idea. I have no way of knowing that, Dave. How would I know that?
Dave Bittner: But like - but do you see - you understand the point of my question is that in the actions that you're taking, you're worrying about this. I'm not worried - I'm not worrying about it.
Maria Varmazis: I'm not worried about it either because I don't put my kid online.
Dave Bittner: But you're worried about it - but the action of not putting your kid online means you're worrying about it. Right?
Maria Varmazis: But it doesn't take any work for me to not post something. It's like it's literally I just - I am not participating in a thing.
Dave Bittner: Right. Okay.
Maria Varmazis: So I'm like, "Okay." But I recognize that -
Dave Bittner: What about like at school, I mean, or a birthday party or stuff like that? I mean, that's - do any of us believe that Facebook doesn't know what our kids look like?
Maria Varmazis: At this point, I'm sure -
Joe Carrigan: Yeah.
Maria Varmazis: - Facebook does. But I know in the social circles that I'm in people don't post pictures. Like when people are taking pictures of their kids, they - I don't even ask, they just go, "I'm not posting this anywhere. I'm just keeping this for myself."
Dave Bittner: Yeah.
Joe Carrigan: Yeah, but -
Maria Varmazis: That's sort of like the way it's done. So -
Joe Carrigan: Then either Apple or Google have a copy of your picture.
Maria Varmazis: I know. It's not an absolute thing.
Joe Carrigan: You're right.
Maria Varmazis: It's not an absolute thing. But it's not Meta and I'm not the one posting it and it's not public and that, to me, -
Dave Bittner: Yeah.
Maria Varmazis: - is enough.
Dave Bittner: All right.
Maria Varmazis: So -
Dave Bittner: Well, I respect all of that and I appreciate you.
Maria Varmazis: Yeah. I'm in the minority on this, Dave.
Dave Bittner: I - no, I appreciate you entertaining my questions in a respectful way. I -
Maria Varmazis: Oh, I - believe me, I've heard it from my in-laws, my family, I've heard it all.
Dave Bittner: Yeah.
Maria Varmazis: And I know I'm in the minority on this and that's okay.
Dave Bittner: Right.
Maria Varmazis: But it's just - there - I think there is an interesting thing to be said about just being careful about what we post in general. Like as people - many people use Facebook to keep in touch with their family all over the world and that's great. And just - I just - I just think it's always worth being careful about we post. That's all.
Dave Bittner: Yeah, for sure. All right. Well, we will have a link to that story in the show notes. Joe, Maria, it is time for our Catch of the Day. [ Soundbite of reeling in fishing line ] [ Music ]
Joe Carrigan: Dave, our Catch of the Day comes from you.
Dave Bittner: Yes, it does.
Joe Carrigan: And, much like Maria, this came to me this morning -
Maria Varmazis: Woo-hoo!
Joe Carrigan: - sitting here doing what I love to do best, which is mind my own business. And -
Dave Bittner: Right, minding your own business.
Maria Varmazis: It's like they know we're recording this show.
Joe Carrigan: Yeah, that's right.
Maria Varmazis: And they send it in.
Dave Bittner: [inaudible 00:39:48] thinking to myself, "Oh, my gosh, what are we going to use for the Catch of the Day?" And then ding.
Joe Carrigan: Ooh, I'll take this one.
Dave Bittner: Here we go. So this was a text message that came in on my phone and it says, "Good morning. I am Gina, a customer service representative from YouTube. Your resume has been recommended by multiple online recruitment platforms."
Joe Carrigan: Uh-huh.
Dave Bittner: "High-paying" -
Maria Varmazis: Wow.
Dave Bittner: - "position, YouTube optimization specialist, flexible working hours, remote work, daily salary between $80 and $600, no experience required, free training provided. Monthly salary, $6 to $10,000, plus daily salary and immediate payment, long-term" -
Maria Varmazis: What?
Dave Bittner: - "position, part-time or full-time options available."
Joe Carrigan: That got the bases covered.
Dave Bittner: "Help increase the visibility and viewership of YouTube user videos. Company benefits. Four-day paid probation period. After the probation period, you can sign a formal labor contract with the company. Enjoy statutory paid holidays, medical insurance and education subsidies. The longer you work, the more welfare policies you will enjoy."
Joe Carrigan: What?
Maria Varmazis: Wow.
Joe Carrigan: There's the tell. Right?
Dave Bittner: Right. "For more information, please send a message to this number." And then there is a phone number.
Joe Carrigan: Huh.
Maria Varmazis: It sounds a little too good to be true, Dave. Hmm.
Dave Bittner: I - yeah. You think?
Joe Carrigan: The - I think that this is just scamming you into four days of being paid to click farm essentially.
Dave Bittner: Yeah.
Joe Carrigan: So, -
Maria Varmazis: Yeah, likely.
Joe Carrigan: Like you're going to - they're going to say, "Okay, you go out and watch these videos. We're going to pay you 600 - or, you know, $100" -
Maria Varmazis: Eighty.
Joe Carrigan: - "an hour." $80, right.
Dave Bittner: It's a lovely [inaudible 00:41:29].
Joe Carrigan: Well, -
Maria Varmazis: Yeah, I like how they included 80. It's like, "Okay, that's a very" -
Joe Carrigan: Right.
Maria Varmazis: - "specific number there."
Dave Bittner: Daily salary. Yeah.
Joe Carrigan: Yeah. Because you're still on probation, we won't pay you until after the probationary period. But, in four days, -
Maria Varmazis: Yeah.
Joe Carrigan: - we'll give you anywhere between, what, $3,200 - or $320 and whatever 600 times 4 - $2,400.
Dave Bittner: Yeah. Yeah. So what is it worth for four days of labor of clicking on YouTube videos to boost - to goose -
Joe Carrigan: They probably make like five bucks.
Dave Bittner: Yeah.
Joe Carrigan: And -
Dave Bittner: Interesting.
Joe Carrigan: - they get you to do that for free because you never get the money.
Dave Bittner: Right, right. What I love is that my resume has been recommended by multiple online recruitment platforms.
Joe Carrigan: Right, right.
Dave Bittner: I'm out there -
Maria Varmazis: What an honor.
Dave Bittner: Yeah. I'm out there, I am a well-known YouTube visibility booster.
Joe Carrigan: You know, there was - can I talk about this a little bit? I might - I'm going to go way off topic here.
Dave Bittner: Okay.
Joe Carrigan: But -
Maria Varmazis: All right.
Joe Carrigan: - there - do you guys know who Maddox is? He has a website called The Greatest Page in the Universe.
Dave Bittner: No.
Joe Carrigan: He's been on the internet for a very long time. He - and then he had a podcast and then he had a YouTube channel. And his web page was pretty popular. And somebody said, "Hey, could you review this product on your YouTube podcast?" And he's like, "Well, what do you" - you know, "We really like your - we really like your content." And, if you ever read his content, it's not content that any business would ever want to associate [inaudible 00:42:55] -
Dave Bittner: Oh, I see.
Joe Carrigan: Right?
Dave Bittner: Right, right.
Joe Carrigan: It's really snarky, angry, funny. It's humor, it's humorous.
Dave Bittner: Yeah.
Joe Carrigan: But it's -
Dave Bittner: Not safe for work.
Joe Carrigan: - not safe for work. Right.
Dave Bittner: Right.
Joe Carrigan: Yeah. Don't pull it up at work.
Dave Bittner: Okay.
Joe Carrigan: You look at it at home. And, you know, maybe you like -
Maria Varmazis: Should have said that first.
Joe Carrigan: You might not - yeah, now somebody's not [inaudible 00:43:12], "Damn it, Joe." So he got this thing and he wrote back and said, "What do you like about my work? What specifically?" And they were like, "Oh, everything. It's great." And he's like, "Sure, I'll review your product." And they send him a bridal veil. And he did a video review of the bridal veil.
Maria Varmazis: Got married, A+.
Joe Carrigan: Right. And he rated it and he said, "This" - he said - it was very profane and he said, "This thing's a total piece of crap. I wouldn't recommend anybody buy it." And then he sent - he sent the link to the - the link to the video to the person that was asking to do it and he goes, "Hey, I reviewed your product. Here's the video."
Dave Bittner: Oh, my.
Joe Carrigan: And they said - they wrote back and said, "Thank you very much. We'll take you off of our CRM."
Dave Bittner: Yeah, be careful what you ask for.
Joe Carrigan: Right. Yeah.
Dave Bittner: Yeah.
Joe Carrigan: That video is worth it.
Dave Bittner: Right.
Joe Carrigan: It's a pretty good video.
Dave Bittner: Yeah. So, needless to say, this text message went right in my spam folder and got reported as junk. And, hopefully, I shall not hear from them again.
Joe Carrigan: Yeah.
Dave Bittner: All right. That is our Catch of the Day. We would love to hear from you. Our email address is hackinghumans@n2k.com. We're going to take a quick break. We'll be right back. [ Music ] And that is "Hacking Humans," brought to you by N2K CyberWire. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show notes. Please take a moment and check it out. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpy is our publisher. I'm Dave Bittner. I'm Joe Carrigan. And I'm Maria Varmazis. Thanks for listening. A quick reminder that N2K strategic workforce intelligence optimizes the value of your biggest investment - your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tré Hester. Peter Kilpe is our publisher. I am Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
