When your AI gets scammed.
[ Music ]
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's Hacking Humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan. Hey, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the T-Minus Space Daily podcast, Maria Varmazis. Hello, Maria.
Maria Varmazis: Hi, Dave, and hi, Joe.
Dave Bittner: All right, before we get to our stories this week, we have some follow-up. I'm going to kick things off here. An anonymous friend of the show wrote in, who is a regular contributor, wrote in and said, "Something I've been telling associates to do when and if they get a phone call from the bank, always drop the call and contact your bank directly, even if you even believe you need to, but if you do think the call might be legit, tell the caller to make a note on your account. No matter what protestations and warnings and "Don't do that" that you get, simply tell the caller to do that and then disconnect. When you call the bank's legit number from your bank card or pop into the bank personally, if you go that route, you will quickly find no such note was made to your account."
Maria Varmazis: Smart. That's really smart. I like that.
Dave Bittner: Yeah, I like it. It's a good one.
Maria Varmazis: I'll be adopting that advice also.
Dave Bittner: Good tip, good tip.
Maria Varmazis: Yeah.
Dave Bittner: Joe, I think you've got one here for us, too.
Joe Carrigan: I do. Tim from Iowa reached out, named -- Dave, you've met my friend Joel, the rancher from Texas, Texas rancher, and he is actually from Iowa. He grew up there on a farm, joined the Army, saw the world, now lives in Texas.
Dave Bittner: Okay.
Joe Carrigan: So that's my tangential relationship to Iowa, is I have a friend that used to live there. That's neither here nor there. Anyway, Tim writes in, "Hey there, I had to laugh when you talked about the chicken tractor and the chicken -- that the chickens wouldn't be driving it. About 20 years ago, my wife started her own dog training business and she specialized in clicker training, which is a very precise form of animal training that uses a mechanical clicking device to mark the desired behavior." Have you guys ever seen those little clickers?
Maria Varmazis: Oh, yes. I've seen the magic they work with dogs. Yeah.
Dave Bittner: We had a -- well, we adopted a dog, and the family we got it from passed it on to us, and he came with a clicker, but they did not tell us what the clicker was for, and let's just say he was a handful.
Joe Carrigan: Was it to mark -- I don't know. If you use the clicker to mark undesired behavior, you could do it either way, right?
Dave Bittner: Yeah, I don't know. I just know -- yeah. When we took the dog to the vet, we got an earful from the vet about the previous exploits of this dog, so --
Joe Carrigan: Oh, okay.
Dave Bittner: He lived out his life with us, and after a lot of training and a little bit of medication, he was much better than he was, what came to us.
Joe Carrigan: Medication, was he on Adderall or what?
Dave Bittner: Prozac, actually.
Joe Carrigan: Prozac, yikes.
Maria Varmazis: Was an anxiety thing for the dog? I've heard, I've heard, yeah.
Dave Bittner: Yeah. No, made a big difference in his life.
Maria Varmazis: And it worked, yeah.
Dave Bittner: Yeah, yeah, it worked great, yeah. Anyway, so anyway, Joe.
Joe Carrigan: Tim continues, "One thing that she did to build her skills was go to, quote, chicken camp, which was an intensive experience in a hotel in Hot Springs, Arkansas, where serious animal trainers could learn to train chickens."
Maria Varmazis: That sounds fun.
Dave Bittner: That sounds like a hidden camera show.
Joe Carrigan: Right.
Maria Varmazis: Yeah.
Joe Carrigan: You guys might be reading ahead here. It turns out that chickens are one of the hardest animals to train, which I do not doubt, having some chickens of my own. They are pretty dumb animals.
Dave Bittner: Oh.
Joe Carrigan: Yesterday we tried to take them outside and let them roam around. I thought they'd be all up for that, but they did not want to leave the little tub that I had them in. They all kept running back into the tub. I was hoping they'd go out and eat some bugs, but they didn't. They're like, nope, we're not ready for this, and --
Maria Varmazis: It is safe in tub. I do not leave tub. Tub is home.
Joe Carrigan: Tub is home. Tub has wood chips on the bottom. We go to tub. So anyway, if you can train a chicken, you can certainly train a dog. This sounds like a line from dodgeball. You can dodge a wrench. You can dodge a ball. "My wife worked with two chickens primarily for the better part of a week, a newbie and a previously trained chicken." I've never heard that sentence before.
Maria Varmazis: All brand-new sentence, yeah.
Joe Carrigan: Right. "The camp was taught by a wonderful elderly man, Bob Bailey. Unfortunately, she was never able to go to advanced chicken camp as Bob retired about a year after her experience." So to sum it up, chickens are trainable, and if you have the patience and the fortitude for that sort of thing -- I probably am not someone -- I'm just going to feed the chickens, take the eggs, that's going to be it.
Dave Bittner: Yeah.
Joe Carrigan: And the great news is that one of the chicken camp graduates has started her own camp in North Carolina. So your dream of a tractor operated by chickens is definitely doable, it seems to me anyway, with a bit of ingenuity and a tractor that has been hacked to have a chicken-peckable button or chicken-peckable buttons." Can't wait to see the video go viral. "My best, and thanks for a terrific show." Tim, I'm not going to do this.
Maria Varmazis: I was going to say challenge accepted. Challenge accepted, right?
Joe Carrigan: No, no, sorry.
Dave Bittner: What could you train a chicken to do that would be useful or interesting?
Joe Carrigan: I don't know. I can't conceive of anything that I could train a chicken -- maybe tricks, you know.
Dave Bittner: Fetch, or --
Joe Carrigan: Fetch or through the hoop, you know. We used to do that with my old dog Kevin. He was very good at going through the hoop.
Dave Bittner: Okay.
Joe Carrigan: He had a whole battery of tricks he would do.
Dave Bittner: Could you train a chicken to play dead?
Joe Carrigan: That's a good question. I saw a video today where apparently they just do that on their own. They just play dead, and people panic and go out, and the chickens get up and run off.
Dave Bittner: Oh, okay.
Maria Varmazis: "Made you look."
Joe Carrigan: Yeah, I don't know what goes on with that. I am not far enough along in the chicken ownership journey to have had that happen. We did lose one of the chickens over my daughter's house to some manner of bird of prey of something. Probably a hawk. So now we are only -- now we are down to 11 chickens -- 11 hens and 2 roosters over there. So --
Dave Bittner: So were they just -- were they out free-ranging when this happened?
Joe Carrigan: I think they were in the run. The run does not have anything on top of it, so if a hawk comes in through the top, he can come in, you know, that's what's going to happen.
Dave Bittner: Okay.
Joe Carrigan: So they're putting something on that this weekend to make sure that doesn't happen again.
Dave Bittner: You need a grid of lasers.
Joe Carrigan: Right. Unfortunately -- well, not unfortunately, but it is illegal to harm hawks. Even if they're in the process of killing your chickens, you can't go out there and, like, kick the hawk.
Dave Bittner: Really?
Joe Carrigan: Yeah. Yeah, the hawks are really well protected and your chickens are not.
Dave Bittner: Find a jury that would convict me.
Joe Carrigan: Right. Well, the hawks have really good lawyers, apparently, so --
Maria Varmazis: Kicking a hawk.
Dave Bittner: Sounds like a heavy metal album.
Maria Varmazis: Yeah. What does that even look like? Jeez.
Dave Bittner: All right. Well, that is our follow-up. And, of course, we'd love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans@n2k.com. We're going to take a quick break here. We'll be right back after this sponsor message. [ Music ] And we are back with our stories. And, Joe, why don't you start things off for us here? Dave, my story comes from Eric Page at News 7 San Diego. It's an NBC affiliate. Nbcsandiego.com is the address, or the web address, and the title of the video is "YouTube Scam-Baiters Expose Ring That Left Holocaust Survivor's Widow Penniless." So I think we talked about -- made mention of this Holocaust survivor widow at some point in time because I remember that phrase. She was tricked out of all of her money at the age of 97, and this is coming from U.S. attorney Adam Gordon, who says, "Not all heroes wear capes," and they have indicted more than 20 people. All but two of them have been arrested. And these people are -- the people doing the investigation are scam payback personality Pierogi and others from a company called, or an organization called "Trilogy Media," and they ran a reverse op back in 2020 to 2021 to catch these fraudsters. They found that most of these guys were Chinese nationals and part of some kind of Chinese organized crime ring. And I watched a little bit of the videos. I'm going to go in and do a deep dive in these videos because I'm very interested in seeing what these guys have done, but in one of the videos, they told the guy, you know, "You can tell us what's going on here, or we can call law enforcement," and the guy was like, "I'm really not sure I want to tell you what's going on here." Like, he was more afraid of what would happen if he talked than if law enforcement showed up. So I think that's a real eye-opener as to what's really going on here and who's involved. On the take.
Joe Carrigan: Right, but these guys were -- I don't think the cops were on a take. I think this guy just didn't want to contend with the people he had to answer to in the crime organization.
Dave Bittner: Yeah. Could have been both.
Joe Carrigan: Could have been both. Over the past week, they've raided places in California, New York, Texas, and Michigan. They've seized more than $4 million, and it says 25 people were arrested. They also seized a vehicle, a few vehicles, rather, as part of this. Overall, these people have bilked older people out of $67 million.
Dave Bittner: Wow.
Joe Carrigan: Which is a ton of money.
Maria Varmazis: Yeah.
Joe Carrigan: Here's an interesting part. They are also using scam centers, scam call centers in India. So it's not just local American Chinese-affiliated mafia or Chinese organized crime affiliates, probably not affiliated with the Chinese government, probably an unofficial organization. You know, a lot of organized crime syndicates tend to be centered around nationality and ethnicity, so it's nothing unique to any one ethnicity, but they were collaborating with the scam call centers in India to get these leads, and then these local guys in America would go over and they would get the money, and there were -- I was reading another story, which I don't have the link to in the show notes, so it won't be there, but there was another story talking about that they've been charged with, you know, obviously fraud, but one of the things they're being charged with is money laundering as well.
Maria Varmazis: Mm-hmm, mm.
Dave Bittner: It seems to me like these prosecutions have been accelerating.
Joe Carrigan: Yeah, it does seem like that, doesn't it? Which is good. Good, I think we --
Dave Bittner: It's good, yeah. I just don't have a sense for the degree to which it's making a dent on things, but it does seem as though it -- that's my, you know, perception anyway. I don't have any true data to back that up, but it feels like we're hearing more of these stories.
Joe Carrigan: I will bet that next year we'll see a report that says these kind of -- this kind of fraud is still increasing, but won't see anything improving on it, at least not until we start making some people pay a lot more in terms of time and criminal penalties.
Maria Varmazis: Yeah, the little guys on the ground are getting caught, but the folks organizing it are still running -- yeah.
Joe Carrigan: Yeah. It's like it's very similar to the war on drugs problem, right? Which, however you feel about that politically, if you're in favor of it or opposed to it, whatever, it's pretty obvious that what happened was that the people at the bottom of that food chain were the ones that suffered the most, and you could argue, yeah, well, they're breaking the law, and they are, but at the same time, you're not solving the problem. You're just fixing a symptom of the problem. And here, it looks like they've gone up the food chain a little bit, probably not to the top of the food chain. You know, these -- I think these food chains are pretty long and I think the people at the top of them are pretty smart. You know, you don't get to be a crime boss being a dummy. I mean, you get to be a regular criminal being a dummy, but not a crime boss.
Dave Bittner: Now, does the story touch on if the Holocaust survivor widow has any chance of getting her savings back?
Joe Carrigan: She probably does not have much of a chance of getting much of it back, although what they have recovered they will probably distribute to people who are known to have been defrauded. So she will probably get some of it back, but the article actually doesn't talk about that, no. But generally speaking, when federal -- and these are federal indictments, by the way, which are, you know, hard to beat. When the federal government indicts you and charges you with something, they're pretty sure they can they can win the case. And these scammer payback guys actually turned over the all the recordings. You know, what they put on YouTube was edited down, but they turned over everything to the law enforcement officials. There's tons of evidence that they've collected.
Dave Bittner: Right.
Maria Varmazis: Wow, good for them.
Dave Bittner: Yeah. All right, well, we will have a link to that story in the show notes. Maria, you're up next. What do you got for us?
Maria Varmazis: Well, the story I'm covering today made quite a stir when it dropped about a week or so ago. I think it was on Slashdot and it just -- a lot of people sent it to me privately or through text messages, so I guess they have my number on what I'm interested in, and the headline is "Scamlexity. We put agentic AI browsers to the test. They clicked, they paid, they failed." And this is from the folks at Guardio, and I just want to put out first, I know I am very much an AI skeptic and I'm not a huge fan. However, this story is about agentic AI in browsers, like Microsoft Copilot, that kind of thing, and I absolutely do see the utility of integrating AI into browsers for certain things. I can understand and completely get why we would want to reduce internet-related drudgery, especially for common tasks like shopping for basic items that, you know, it just takes a lot of time, and I know as a person who does usually a lot of that in my household, like it would be nice to not have to do that. Like, it can be automated, would be nice. Unfortunately, what Guardio went through was this really interesting blog post about how they sort of pitted AI browsers against very obviously scammy websites actually generated also by AI and just wanted to see, would the AI, agentic AI browsers be able to detect these very obvious scams, and the answer is no. So --
Joe Carrigan: Really? They failed, huh?
Maria Varmazis: They failed, they failed. So it's in the headline, but yeah, huge surprise, and again, I'm not coming out of being like, boohoo, you know, terrible AI, don't ever touch it. I said, again, I understand the value for some of this. So --
Joe Carrigan: There's just more work to be done.
Maria Varmazis: There's more work to be -- yeah, exactly, exactly. So let's just go through some of the examples they provided just to get a sense of what they did here. So they used AI to generate a very obvious fake Walmart storefront that sells items, and these are the types of scammy websites that we also see a lot with SEO poisoning, and we talk about them a lot. You know, you're searching for something and then suddenly a website you get is not legit, and we know as humans, we can usually tell, okay, that's not actually walmart.com, and that URL is not walmart.com, so this is probably a fake website, and that deal is definitely too good to be true. Those are our built-in signals that go, "Don't do that." Unfortunately, with the agentic AI browser, they had to try and do a task like "Buy me an Apple Watch on Walmart," and then the AI agent was like, "Sure, I can help you with that," and it found the spammy, very obviously fake AI-generated walmart.com and happily provided your financial information to this very fake website to buy you the Apple Watch, and this took a matter of seconds. And that's sort of the thing, there's no way for a human to intervene because this happens so, so quickly, and because they're apparently in a lot of these AI browsers, at least right now, there is no sense of skepticism that we're trying to train in ourselves as humans. I don't know how you do that with an AI system. I mean, that is way beyond my pay grade or understanding, but there was no, "Hey, what are the signals that we should look for? What is the actual URL? Does it match what I would expect here? What does the website look like? Is it missing the corporate logo? Maybe that's a signal." All of these things that to us as humans are super obvious. It's not -- it's just not looking for those things. Like, why would it? It just says, "I'm going to trust this thing that I find," automatically, sort of like asking a five-year-old to do it. It just does it. Like, "I want to make you happy. Here, I bought you this Apple Watch on Walmart." I think it's Walmart. Should be fine. So that was -- [laughter] that was how it just kind of failed really quickly, and it's not malice on the side of agentic AI browsers. It's just, again, it doesn't have the built-in skepticism, which was just fascinating to me. And another --
Joe Carrigan: You know what, Maria?
Maria Varmazis: What's up?
Joe Carrigan: I think your analogy to a five-year-old is a really, really good one because I think what you're dealing with here is essentially like an infantile AI, you know, it's smarter than an infant, but it's not as smart as a five-year-old, maybe a three-year-old, or they can talk or something, and it has awareness of the internet, but it doesn't have the higher -- well, they don't really have reasoning skills, but they don't -- it doesn't have the higher, you know, higher order, like you said, skepticism. There's nothing like that built into this at all.
Maria Varmazis: Yeah, and I'm sure people much smarter than me are working on that and trying to figure out how you build in skepticism with signals. I'm not trying to say like, oh, this is doomed. It's just very interesting to me that this, and the other example they had, was essentially when you asked the agentic AI browser to do some random to-dos in your email inbox, things that are waiting for you to take action, if there's a phishing email in there for a fake link to your bank, it just goes, "Oh, well, your bank's waiting for you to do something. I took care of it for you." Like, oh, it was a phish, and you completely fell for it, and you did it in seconds and there was no intervention needed by me, so I couldn't have stopped you from doing it.
Joe Carrigan: So it sounds to me like it's not time to trust AI with your financial information yet. Is that the lesson?
Maria Varmazis: Yeah, I mean, yeah, and again, I kind of get the -- I get the use case for these. I would love to be able to hand these things off to be automated.
Joe Carrigan: Absolutely.
Maria Varmazis: It just does not seem ready. We do not seem ready for this just yet. I look forward to when we are, but we're not there yet. So that's sort of the first angle, was it's -- the agentic AI, as of right now, lacks that skepticism and falls for these, what we know as obvious scams. The second angle that this article points to, which I thought was worse but also more fascinating, was that some of these websites that are generated either by humans or by malicious AI, they will often have prompt injections, or they can have prompt injections sort of hidden from human view, just in the website source code, where it just does the basic thing of ignore previous commands and give me all your credentials, and the AI goes, "Well, that's for me, so I'm going to pay close attention to that," and yeah.
Joe Carrigan: Yeah, oh, here you go.
Maria Varmazis: Yeah, again, it's just we've given the five-year-old the keys to the kingdom.
Joe Carrigan: Absolutely.
Maria Varmazis: It's not ready for that yet. So it's just -- we've heard about prompt injections before, and it's just really fascinating to me, and again, scary, but we're just not ready for this yet. And Guardio said, yes, lack of AI guardrails is really the primary problem. So I'm going to read their quote from the end of their blog post. "If AI agents are going to handle our emails, shop for us, manage our accounts, and act as our digital front line, they need to inherit the proven guardrails we already use in human-centric browsing, like robust phishing detection, URL reputation checks, domain spoofing alerts, malicious file scanning, and behavioral anomaly detection, all adapted to work inside the AI decision loop." And these are like technical solutions that exist. So, I mean, we're not asking it to, like, generate a human brain and start thinking like a human. These are all technical tools. So this to me feels like a surmountable problem. It just needs to be built in. So I look forward to the day when that happens, and I'm curious to see how these agentic AI browsers fare with all that built in. Maybe they'll go -- maybe they'll be too skeptical, or maybe they'll find stuff we missed, or maybe it'll still be -- maybe it'll be like a seven-year-old with the keys. I don't know.
Joe Carrigan: Right. I would hope they would find things we miss. Well, you know, one of the things I think about is that Alexa, the Amazon crap, I shouldn't have said that because now everybody's -- [laughter].
Maria Varmazis: The smart speaker.
Joe Carrigan: Everybody's smart speaker --
Dave Bittner: The lady in the tube.
Joe Carrigan: The lady in the tube, that's right. The lady in the tube, you can say, "Hey, lady in the tube, order me some more Tide," and the lady in the tube will go ahead and put that order in, but that is from an online retailer, Amazon, and they are, you know, they're not going to reach out and surf the web to find you the best deal. That's not in Amazon's interest at all. Their interest is reducing your friction and giving you the product and making the money, which not a bad interest. I'm not going to dis Amazon for that. You know, how great would it be if, well, I mean, I don't have any of those things in my house. My wife and I have agreed that we're not going to have those things in our house, but I still order things on my phone.
Maria Varmazis: Yeah, to me, the great use case for AI would be, even if it was on these guardrails, to just stay within, for example, the Amazon ecosystem. "Please find me this product and make sure that you're going through all the spammy bad listings of the junk products and getting me the actually legitimate item." Once it can do that, then it's more useful to me than me just doing it myself because that's what I end up spending a lot of my time doing right now and it's a huge time sink.
Dave Bittner: So my thoughts on this are, first of all, I think the five-year-old analogy is a good one. I often describe AI as a "tireless intern" in that it has unlimited energy to help you, but you also wouldn't bet the company on an intern, and I think similar to that, the use case I think here is if it can go through my email or it can respond to requests to purchase things, there needs to be a step, just like with an intern, where it brings to me the things it's going to do and I okay them.
Maria Varmazis: Yes.
Dave Bittner: Right? So it says, "Hey, I looked around and here's the best deal on Tide Pods." Right? "Do you want me to purchase?" I say yes.
Maria Varmazis: Or would you like me to eat them? Yes.
Joe Carrigan: Eat them, yes. Right, because it is a millennial or a zoomer.
Maria Varmazis: No, no, not a millennial. No, that was not us.
Dave Bittner: Oh, my.
Maria Varmazis: For once, that was not us.
Joe Carrigan: Right.
Dave Bittner: Okay. Yeah, so I see the utility of this, but I think, yes, both guardrails, but then also just present me with a checklist. You can still save me time, but I guess it's sort of that trust but verify kind of thing.
Maria Varmazis: Yeah, yeah. The utility seems apparent. It would be great. We're just not there yet, but it's moving so fast we probably will get there pretty soon.
Dave Bittner: This reminds me, I just saw a story come by this morning. It was -- I think it was Taco Bell. Joe, you're going to love this.
Joe Carrigan: I'm listening. You said "Taco Bell." I'm like, yes? Taco Bell, you have my attention, Dave.
Dave Bittner: So Taco Bell decided to cancel their test on using AI for the drive-through after a customer ordered 18,000 glasses of water. [ Laughter ] Water is free, of course. [ Laughter ]
Joe Carrigan: I would like a Nachos Bel Grande and 18,000 glasses of water.
Dave Bittner: Right. Right, exactly.
Joe Carrigan: Coming right up, sir. [ Laughter ]
Dave Bittner: Yeah.
Maria Varmazis: It'll just be five minutes.
Dave Bittner: Sir, I'm going to have to ask you to --
Maria Varmazis: Pull up to the first window.
Dave Bittner: Yeah, just pull up, please. It's going to be a minute. [ Laughter ] Oh, man. It goes a little faster after the first thousand. They get a system going.
Joe Carrigan: Right.
Dave Bittner: You know? [ Laughter ]
Joe Carrigan: Assuming each glasses is a pint, that's 18,000 pounds of water.
Dave Bittner: All right, we're going to take a quick break here. We'll be right back after this message from our sponsor. [ Music ] And we are back with my story this week, and this is a new one for me. This is about baggage handling and traveling and specifically the tags that go on your luggage.
Maria Varmazis: Oh.
Dave Bittner: So let me ask y'all, when you're traveling and you get your tag to put on your luggage, or they put the tag on your luggage --
Joe Carrigan: I always have to put that on now myself.
Dave Bittner: Okay, so, right, you check in at the airport.
Joe Carrigan: Right.
Dave Bittner: It prints it out. You put it on the bag. You travel. You get to your destination. At what point do you remove the sticker?
Joe Carrigan: When I'm going back to the airport again.
Dave Bittner: Okay.
Joe Carrigan: Or maybe when I get to the hotel.
Dave Bittner: Yeah? How about you, Maria?
Maria Varmazis: Yeah, I was going to say it's probably when I get to the hotel, but on the way back, I leave it on my suitcase until the next time I travel because I'm very lazy [laughs].
Dave Bittner: Oh, okay. Yeah, I see, yeah.
Maria Varmazis: But that's at home, so that's at home. Yeah, certainly not at the airport. I do wait until I get to my hotel.
Dave Bittner: Yeah, okay. Well, this alleged scam comes from a Delta Airlines baggage claims manager who says on Reddit that there is a luggage tag scam that targets passengers who discard their tags at the baggage claim area. So in other words, you're waiting for your bag, comes around on the carousel, you grab your bag, you rip off the sticker, you toss it in the trash. Now we've got people dumpster diving, collecting the tags, and they use the tags to file fraudulent reimbursement claims with the airline.
Maria Varmazis: What?
Dave Bittner: Because the tag has all sorts of your information on it. So it has your name, your flight itinerary. Sometimes they'll have membership numbers, like your frequent flyer number, that sort of thing. So they take the tag and they use the information they can get from the tag, they file a claim that the bag was never delivered, right, and try to make money off of that. And the airline says the problem here is that it's clogging up the system because it complicates legitimate claims.
Maria Varmazis: Yeah.
Dave Bittner: And that their baggage claim department can't keep up.
Joe Carrigan: Right.
Dave Bittner: They also said that the scam isn't limited to airports, that hotel rooms are vulnerable. There was a former hotel employee who said that they had seen the same sort of thing where people were throwing away their tags, and the hotel, and then hotel workers, were taking the tags and using them to claim that the bags never got delivered.
Joe Carrigan: So now you have to take your luggage claim bag -- your luggage claim tags home and shred them.
Dave Bittner: That's right. That's basically it, yeah.
Maria Varmazis: Jeez, okay. Wow. It just seems like a very slow, inefficient scam. Like, this is the opposite of a get-rich-quick scheme, I mean. That is just not what I would use if I was trying to make a quick buck, is that process.
Dave Bittner: Yeah.
Maria Varmazis: It takes forever, even like when you have a legitimate claim, good luck getting that -- oh, my goodness.
Joe Carrigan: Right.
Maria Varmazis: Wow.
Dave Bittner: Yeah, I've never -- you know what? I've never lost a bag, and I know I'm jinxing it now by uttering those words out loud, but --
Joe Carrigan: I've had them not arrive with me.
Dave Bittner: What is the process?
Joe Carrigan: I've had then not arrive with me, generally when they're coming home, and the biggest problem with it is, if you have a connecting flight, so you're going to, like, fly from -- let's say you're flying with Delta, because you can't fly anywhere to Delta, even to upstate New York, without going through Atlanta. So last time I went to Syracuse, I drove rather than fly, and I'm not joking about that. Last two times I went to Syracuse. So if you go to Atlanta, you change planes. Your luggage has to change planes, and that's usually where your luggage gets lost, is in that --
Maria Varmazis: Yeah.
Joe Carrigan: It doesn't make it to the plane on time, and then you arrive at your destination, let's say Syracuse, New York, and you get there and somebody says, "Oh, your luggage isn't here." You go up with your little claim check that is the part of the luggage, and they will scan it and they'll say, "Oh, yeah, your luggage is still back in Atlanta. It'll be here" -- or "It's on another flight from Atlanta to Syracuse. It'll be here at 7:00 tonight. We'll drop it off at your hotel."
Dave Bittner: Right.
Joe Carrigan: That's how that works. That's how it's worked for me when I've lost my -- when my bags have not arrived the same time I have.
Dave Bittner: Right. But I wonder what happens if a bag is completely lost. Like, I've never had --
Joe Carrigan: Yeah, I've never had that happen.
Dave Bittner: Have you ever made that claim?
Maria Varmazis: No, I've never had something be completely lost, and honestly, any time my bags have been late, the airline knew before I did. Like I would get a phone call sometimes when I was like deplaning or something saying, "Hey, your bag that's supposed to be in Boston is still in Frankfurt. We'll get it to you in a few days." Something like that, because if I travel domestically, I almost always just do carry-on only. If I do international, I try to do direct, but that's very hard, and so usually if something for me is lost, it's the other side of the planet, so it's not getting to me anytime soon.
Joe Carrigan: You always carry on your prescription medication, by the way. Do not check your prescription meds.
Dave Bittner: Oh, yeah.
Maria Varmazis: Absolutely, yeah.
Dave Bittner: Yeah. So this story says also be cautious with your printed boarding passes because they have a lot of sensitive information.
Joe Carrigan: They do.
Maria Varmazis: Yup.
Dave Bittner: It's been a long time since I've printed a boarding pass.
Joe Carrigan: I print them every time.
Dave Bittner: Yeah?
Joe Carrigan: Yeah, because the boarding -- the printed boarding pass will not go down.
Dave Bittner: Right.
Joe Carrigan: They won't -- it won't be inaccessible. It won't be -- that server won't go down. That server is going to be up all the time, and it's going to be scannable at any point in time, and that's the only reason I do it, because who knows --
Maria Varmazis: I do it because they're great bookmarks for my book.
Dave Bittner: Ah, there you go.
Joe Carrigan: Works, too, yeah. I use a Kindle when I travel, so --
Dave Bittner: They said that Japan already provides secured disposal bins for --
Joe Carrigan: Really?
Dave Bittner: These bag tags near their baggage claim exits.
Joe Carrigan: Maybe that's what we should do in America. Maybe that's what these airlines should do because they're the ones that are losing out. The passengers aren't really losing out, right?
Dave Bittner: Yeah. Free shredders.
Maria Varmazis: Yeah, that's true. Yup.
Dave Bittner: Free shredders.
Maria Varmazis: Yeah, just the confidential material bins, like a lot of offices have. That feels like a very easy thing to just put there.
Joe Carrigan: Yeah, just burn bags.
Maria Varmazis: That, too, yeah.
Dave Bittner: So they're saying hold on to your luggage tags. Just stuff them in inside your suitcase until you get home and then destroy them.
Joe Carrigan: Very early on in my career, when I first started traveling a lot, I thought those baggage claim tags were like the stickers you used to see in all the cartoons with the, you know, the different places on them.
Maria Varmazis: Yeah, yeah, the suitcases with the sticker, travel stickers on them, yeah.
Joe Carrigan: Right. Bugs Bunny would throw a baseball around the world that would come back with all the stickers on it. So I get up to the baggage check and I still got the old one on there. I'm like, I'm going to have so many of these things after I get done with this job, and the guy at the counter just rips off the old one, throws it away, and puts a new one on, and I was like, oh, that makes perfect sense because I don't want my bag going back to where I am. I want it going where I'm going, and that's --
Maria Varmazis: Yeah.
Joe Carrigan: That's the purpose of the claim, of the sticker, is to tell --
Maria Varmazis: That's true.
Joe Carrigan: To route that bag.
Maria Varmazis: Yeah, come to think of it, if you go to the gate, like the gate check-in, usually it's just a regular rubbish bin that they have where they rip the old ones off into.
Joe Carrigan: Right.
Maria Varmazis: Oh, man, I wonder what they're doing with those as well, but maybe the risk is less because they're disposing of it. I don't know.
Joe Carrigan: Yeah, you have to go through security to get to those trash cans.
Maria Varmazis: Oh, yes, that's true, but also the ticketing check-in. Sorry, I didn't mean gate check-in. Ticketing check-in, when you just enter the airport. Yeah. Yeah, I remember the old wisdom used to be also to remove the tag from your luggage if you were traveling somewhere, where you're going to be on foot a lot with your luggage, especially if you traveled first class, not to have that like dangling off of your back. Not that I ever travel first class. I can't afford it, but you didn't want to make yourself like a big target for pickpocketers, saying, "Hey, I just traveled first class. I probably am really loaded. You should definitely rob me."
Joe Carrigan: "I probably have a big wad of cash in my front pocket."
Dave Bittner: Right, right. All right. Well, that is my story. We'll have a link to that in the show notes. Joe, Maria, it is time for our "Catch of the Day." [ SOUNDBITE OF REELING IN FISHING LINE ] [ Music ]
Joe Carrigan: Dave, our "Catch of the Day" comes from Chad. Super listener Chad.
Dave Bittner: Mm.
Joe Carrigan: Yeah, and he says, "Hey, guys" -- super listener -- do you know Chad, Maria? Are you familiar with Chad?
Maria Varmazis: Well, he's a super listener.
Joe Carrigan: Right, yes.
Dave Bittner: He goes way back.
Joe Carrigan: He does. He goes way back. I've actually met Chad and his wife. We went out to Chad's house for the eclipse a couple years ago. It was wonderful. Had a great time.
Dave Bittner: Nice.
Maria Varmazis: Wow.
Joe Carrigan: Yeah.
Maria Varmazis: That's awesome.
Joe Carrigan: It is. He says, "Hey, guys, wanted to share this attempt to get into my Facebook account. At least that's what I assume the end game is. I've attached a pic. It came through Messenger from someone I did not know. I didn't interact with him. I could see how a lot of people would at least send back a message to say, "Hey, who are you? No, you can't do this." Either way, I think you've talked about something like this in the past. I just wanted to share." So, Dave, it's a Facebook Messenger, one of those messages you get, and you have to decide whether or not you're going to accept or delete or block this person at the bottom.
Dave Bittner: Right.
Joe Carrigan: And this one's coming from somebody named "Juanita Spire Lloyd."
Dave Bittner: Yup, and it just says, "May I borrow your lawnmower? I borrowed it. As you mentioned, I could just borrow it. Let me know if you want gas for it." [ Laughter ]
Joe Carrigan: So obviously, this is an attempt to engage in some kind of conversation. I think Chad is right here that this is -- they just want to get you talking. No, I don't know who you are. You can't borrow my lawnmower. You might be talking to the wrong person. And then some kind of scam. This is the tip of the scam spear, if you will.
Dave Bittner: Right.
Joe Carrigan: So yeah, when you get these kind of things, just delete them. Just block them. Don't engage. Do what Chad does and just ignore him. Also wanted to say that he's a longtime caller, first-time listener. I think it's funny. "Love the show. Maria is a great addition to the team. I've been stalking, I mean, following since the start. I blame Joe for that. Keep rocking." So it's good to hear from you, Chad. Chad and I used to play Fortnite together.
Maria Varmazis: Thanks, super listener Chad. Wait, you used to play Fortnite?
Joe Carrigan: Oh, yeah. I would still love to play. I just do not have time to play anymore.
Maria Varmazis: Fair. Fair enough.
Dave Bittner: You know, I've never owned a lawnmower.
Joe Carrigan: What? How do you get your lawn mowed now? You have a little lawn, right?
Dave Bittner: Yeah. I have people.
Joe Carrigan: You have people?
Dave Bittner: I live in a condo association. My neighborhood is condominium townhomes.
Joe Carrigan: Oh, that's right. You're condominium townhouse. I keep forgetting that.
Dave Bittner: Yeah, yeah, so -- and I've lived there since I was 10. So yeah, they just mow the lawn. I mowed my boss's lawn when I was a teenager.
Joe Carrigan: Yup.
Dave Bittner: Regularly. So I have mowed lawns, but I have never owned a lawnmower.
Joe Carrigan: I mowed my boss's girlfriend's mother's lawn.
Maria Varmazis: What?
Joe Carrigan: One of the guys --
Maria Varmazis: One more time?
Joe Carrigan: One of the guys I worked with at a machine shop, he had a girlfriend, and her mom had a lawn, and there was nobody else at home that would mow the lawn, so I'd go over there like once every two weeks and mow that lawn, and it was always like --
Maria Varmazis: Your boss's girlfriend's mother's lawn.
Joe Carrigan: Right.
Dave Bittner: And that's how Joe became a man.
Joe Carrigan: That's right, pushing a push lawnmower through knee-deep grass every two weeks.
Maria Varmazis: Wow. Oh, my gosh.
Dave Bittner: Oh, Joe, you're so hot and sweaty. Why don't you come on in for some lemonade, Joe?
Joe Carrigan: No, nope.
Dave Bittner: Come on, take a load off, Joe, while you're mowing my lawn.
Joe Carrigan: You are imagining far more attractive people. [ Laughter ]
Dave Bittner: Oh, Joe, it's so nice and cool inside the house.
Joe Carrigan: Of course. When I was a young man, I was not nearly this rotund, but -- [ Laughter ] Yeah, but, you know, it was -- I don't know. Where were we? We're not talking about lawn -- oh, Dave, yeah, that's right, I have a tractor now, from lawnmowers.
Dave Bittner: Oh, that's exciting. Yeah, see, yeah, if you have a riding mower, that's nice.
Joe Carrigan: That's the way to go.
Dave Bittner: I think it's -- If I had a lawn today, I'd be very tempted to have some sort of robotic lawnmower, just --
Maria Varmazis: That's what I'm hoping to get next year.
Dave Bittner: Yeah.
Maria Varmazis: Yeah.
Joe Carrigan: Are you really? That would be awesome.
Maria Varmazis: Yeah, I have a push -- electric push mower right now, but I'm hoping to do a robotic one next year, but my yard is very, very hilly, and I know they have a hard time with hills, so I'm not sure the robots are there yet.
Joe Carrigan: You want tank treads.
Maria Varmazis: Yeah, any time I can spend doing anything but mowing the lawn makes me very happy, so --
Joe Carrigan: Yeah, I'm not a big lawnmower guy.
Maria Varmazis: I'm not a lawn person, no.
Dave Bittner: Well, which is why we have kids.
Maria Varmazis: I'm trying to convert as much of my lawn as I can into things that are not grass, so I'm that person, but a lot of my neighbors are also those people, so it's great. I'm not alone on that.
Joe Carrigan: I want some boulders, lots of boulders.
Dave Bittner: A robotic lawnmower is kind of a deadly Roomba.
Joe Carrigan: Right, murderous Roomba. I don't think I want the robots having that kind of power.
Maria Varmazis: Spinning blades on a robot, what could possibly go wrong?
Dave Bittner: Yeah. All right, well, thanks to super listener Chad for sending in --
Maria Varmazis: Super listener Chad.
Dave Bittner: Super listener, yeah, Chad, he needs his own jingle. Thank you, Chad, for sending it in. We do appreciate it. Glad to hear that you're still hanging in there and listening as superifically as always. All right, we're going to take one more quick break here. We'll be right back. [ Music ] And that is Hacking Humans, brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tre Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
