Scammers are recruiting.
[ Music ]
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Carrigan. Hi, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the "T-Minus Space Daily" podcast, Maria Varmazis. Maria.
Maria Varmazis: Hi, Dave. Hi, Joe.
Dave Bittner: I got a little bit of follow up here for us. One of our listeners sent this in. Listener. I believe it's McCall [assumed spelling] is how you pronounce this person's name. It's not an English name. So apologies to McCall if I get it wrong.
Joe Carrigan: Right.
Dave Bittner: But they sent us the kind note that says scam warning. There's a new scam targeting conferences. They scrape the website and then email you as if you are in charge of hotel bookings asking you to book through them. They act as if they are agents for the organizers while in truth the organizers know nothing about it. Don't fall for it. I almost did if it hadn't been for the dear professor red flag, and if in doubt ask others if it's legit. Who knows? You could be left without anywhere to stay while the scammers pocket all the money.
Joe Carrigan: Indeed. Yeah. That's -- that's pretty good -- pretty good scam. How do they find out if you're going to go to the conference? Maybe they scrape the list of publications or presentations first.
Dave Bittner: Yeah. I'm thinking I mean you could just --
Maria Varmazis: Speaker list. Right?
Dave Bittner: Right. Go after the speakers. Some of these conferences have dozens of speakers. So hit them up. Get them to log in to a fake site with travel information and profit.
Joe Carrigan: Yeah. That's a new one. That's an easy way to make a bunch of money.
Dave Bittner: Yeah. Yeah. So --
Maria Varmazis: Dastardly.
Joe Carrigan: A tip.
Dave Bittner: So beware. Beware. All right. Well, thanks for sending that in. And again we'd love to hear from you if there's something you would like us to share on the show. You can email us. It's hackinghumans@n2k.com. We'll be right back with our stories after this quick break. All right. We are back and I'm going to kick things off for us here and as you both know we have a regular listener to the show who prefers to remain anonymous, but I know who they are.
Joe Carrigan: I don't. They're so anonymous --
Maria Varmazis: I don't either.
Joe Carrigan: Maria and I don't know who they are.
Dave Bittner: Well, I'm happy to share behind the scenes, but they have requested -- they requested anonymity as far as the show goes.
Joe Carrigan: Don't tell Joe who I am.
Dave Bittner: This person is a former federal law enforcement officer, someone who spent many years investigating scams and fraud. And this person has been digging in to the psychology of scams in his retirement and what he sent along recently was just too good to not pass along. So they call it the scammer psychological kill chain. And according -- yeah. Right?
Joe Carrigan: Yeah.
Dave Bittner: According to him scammers don't just improvise. They operate with a precision that looks a lot like military doctrine, but instead of seizing territory they're capturing trust. So I'm going to do my best to unpack it here for you. There's -- there's two parts to this. So the first part with this kill chain stage zero is reconnaissance and this is before the victim even knows there's a threat. The scammer's laying the groundwork, setting up the fake websites, the spoof numbers, and writing the scripts that they're going to use when they're talking to people. And everything is designed so that that first contact feels safe and familiar and legit. Next up is stage one which is the initial contact. This could be a text, an email, a call, which is crafted to break through your attention just long enough to plant a seed. Stage two is the pretext. This is the story. Maybe there's a banking issue, a tax problem, or a romantic encounter. This is designed to hook your emotions before the victim has time to think critically. Stage three is trust building. This is where the scammer becomes a confidant or a mentor or a partner and the victim's skepticism fades as they feel understood. Right? Building that rapport. Step four is foothold establishment. This is where the scammer starts giving procedures. Stay online. Install this app. Follow this bank protocol. And each step along the way deepens the compliance from the victim. And stage five is escalation. This is where the commitments grow larger. The choices narrow. And the victim feels trapped in to going along. Stage six is execution. That's when the scammer gets the money, the data, or whatever they're after all while keeping the victim inside the control bubble. And stage seven is aftermath control. This is sometimes where the scammers disappear. Sometimes they'll linger, grooming the victim for another round. And, you know, see what comes next. So before I dig in to the second part of what our listener sent us let's start here. Do these multiple stages make sense to the two of you?
Joe Carrigan: They do. I'm going to start with stage zero. This is -- and this is very much like any other kind of attack. Reconnaissance phase. And it is the phase over which none of us have any control. Right? This is the part where the bad actor, doesn't matter what kind of attack it is, they're out there just doing their homework. And I think it's really important to realize that by the time you get contacted in like stage one, the initial contact, they've already done a lot of legwork. So that legwork helps them seem legitimate. It helps it seem realistic. It helps it seem reasonable. So I think we all need to be mindful of this all the time about what kind of information is out there about us and how it's available just online. You know. Like I've said many times, Linked In is a great open source intelligence tool for finding things out.
Dave Bittner: Yeah.
Joe Carrigan: So as are just about every other social media platform.
Dave Bittner: Yeah. Maria, what do you think?
Maria Varmazis: Yeah. It's brilliant as you're walking through the kill chain. I was thinking of some recent examples I was reading about earlier this week and just following the kill chain step by step and how well it lines up. I'm familiar with the kill chain when we talk about it in more of like cybersecurity contexts, but this works brilliantly also and certainly it's not exclusive to cybersecurity. So it works really well. And yeah. It's that asymmetry of when you come in to the situation without even knowing it as Joe was saying you're in a way almost outgunned from the beginning. So you really have to try and -- it's very difficult. And it's -- should engender some sympathy. Well, I would hope a lot more sympathy in all of us when we hear about people who become victims. It would be nice because yeah we -- as you said, Joe, from stage zero they know a lot more about you. You don't know who's calling you and of course you say, "Don't answer that call" or just hang up immediately, but many people do take those calls and they don't realize how much is known about them already when that call starts. So very asymmetrical. Yeah.
Dave Bittner: So our listener didn't just outline the problem. He also shared what he calls the global immutable counter rules. These are the defensive maneuvers. He's definitely betraying himself as on old fed. Right?
Joe Carrigan: Right.
Maria Varmazis: What's the acronym? GICR? GICRs?
Dave Bittner: Yeah. The kicker. Kicker. He says never trust incoming calls or texts. Never click links. Never pay with gift cards, crypto, or wire transfers. Never let someone take remote control of your phone or computer. And if anyone tells you to keep this private or stay on the line, that is your cue to hang up. Caller ID lies. Logos can be faked. And urgency, that's the scammer's sharpest weapon. And he mapped out what he calls the scam levels. Level one are the quick hits. These are like the smishing texts, the QR code traps, or fake anti virus renewals. Level two is structured authority. This would be a fake IRS agent or bogus bank fraud or fake tech support. Level three is romance scams or pig butchering or the long cons that build emotional bonds. Level four is what he calls synthetic reality. This is entire fake trading dashboards, AI driven group chats, or deep fake video that tries to prove legitimacy. And level five which is the top level, that's the closed world. That's where victors live inside the scammer controlled ecosystem where everything reinforces the fraud. And this is the -- when people are in this level the family and the banks become the enemy while the scammer's world feels like the only safe place left. So he says a key point is that scams don't neatly progress from level one to level five. They start wherever the scammer wants. A robocall is level one, a fake crypto dashboard level four, a big full blown pig butchering goes straight to level five. So they say that the lesson here is chilling, but empowering, that scams are evolving mixing psychology, technology, and manipulation. But once you know the kill chain and once you follow the counter rules you can spot the levels. That makes you a lot harder to trap. And again he says anything that happens that implies any level of urgency, that's probably the biggest red flag there is.
Maria Varmazis: Yeah.
Dave Bittner: So again -- but before we move on here let's revisit here again these five levels of the scam levels. Let me start with you, Maria, this time. What do you make of this?
Maria Varmazis: It's I was thinking level four that's the synthetic reality one. That is getting so much easier to do now with AI and we talk about it a lot on the show because as you were describing it I was thinking not that long ago that would have been a really high effort scam. Now it seems it's super trivial to do. So that makes me wonder about the level five very encompassing, almost cult like, situation. Not that I have an answer to that because if I knew how to break people out of cults I would be on a different show [laughs]. But it's just it's just alarming that, you know, level one, two, and three are we almost consider those like table stakes at this point. Level four is becoming much more commonplace. I'm really worried. I'm not trying to freak people out, but I'm just going this actually kind of scares me right now thinking about it in this way. Yeah.
Dave Bittner: Joe, how about you?
Joe Carrigan: I like this whole structure and I'm wondering if this person is pursuing a PhD somewhere close by.
Maria Varmazis: Put this on a poster somewhere. Seriously. This is good stuff.
Joe Carrigan: This looks like a -- almost like a -- there's an institution nearby us called Capital Technology University.
Dave Bittner: Okay.
Joe Carrigan: That has a PhD in cyber psychology. I think this would be an excellent part of your research if you were there and in that program.
Dave Bittner: Right. Well, maybe we can give them an honorary PhD from Hacking Humans University.
Joe Carrigan: Sure. We can start that up and give away honorary degrees to everybody.
Maria Varmazis: Are we qualified?
Joe Carrigan: Yes. To dole out honorary PhDs? Absolutely.
Dave Bittner: Sure. Who isn't?
Joe Carrigan: Right.
Dave Bittner: The coveted -- yeah. Just put that on your Linked In. Put it on your resume. It'll open doors for you. Oh. I see here you have the coveted Hacking Humans PhD.
Joe Carrigan: Right.
Maria Varmazis: Printed on a napkin.
Dave Bittner: Right. Right. That old, yeah, soggy napkin. It's kind of like with a clever thing the PhD actually stands for, you know.
Joe Carrigan: [inaudible 00:12:20] deep.
Dave Bittner: Right. Right. All right. Well, that is my story this week. We do not have a link to that since again this came from one of our dear listeners and I do appreciate him sending this in. He's a regular contributor and I have to say I have learned a lot from the things he's shared with me over the years from his on the ground experience, you know, in the federal law enforcement workforce. He's shared a lot of insights that helped give me a better deeper understanding of the way things actually are out there. And so I'm very grateful for him taking the time and this goes right along with all that. All right. Maria, you're up next. What do you got for us this week?
Maria Varmazis: Another look at job scams because why not. I know a lot of people who are unemployed or fun employed at the moment and it's just top of mind for me for a lot of my friends who are trying to regain employment at the moment. So there's actually two stories that I'm combining for today. So we'll have links to both of these, but the first was a data point from McAfee that "Newsweek" just published saying that job scams in the United States have jumped up 1,000% give or take because of the current labor market situation in the states which is not super great. So these -- they qualify job scams as something that we've talked about a lot which is not just the garbage ones by email that we can spot a mile away, but the WhatsApp ones, the ones that come in by text. Those have all just exploded. We've noticed them on the show. Our listeners certainly have written in with a lot of examples and the numbers seem to back that up that 1,000% is quite a lot. And I wanted to tie in also a recent example about a woman who has seen a bunch of these job scams come her way as she's been looking for a job. She is from Pasadena, Maryland. So this story comes in from WMAR Baltimore. And this woman Lisa was looking for -- yes.
Joe Carrigan: It's Mallory Sofastaii day. It's a Mallory Sofastaii story.
Dave Bittner: So now in the days -- this is going to sound good. The days BM, before Maria.
Maria Varmazis: Oh, please don't call it that. Well, now it's going to be called that, isn't it?
Joe Carrigan: How about we just call it BV, before Varmazis?
Maria Varmazis: Varmazis? Before Varmazis?
Dave Bittner: Yeah. Before Varmazis Mallory Sofastaii --
Joe Carrigan: Yeah.
Dave Bittner: Mallory Sofastaii has been a regular contributor to our show. She's a regular guest. She's kind of the -- she's a consumer reporter at WMAR, but also one of their anchors. So what a lovely coincidence that you came across one of her stories.
Maria Varmazis: It's totally in our wheelhouse. I read that so that is a -- well, go figure. Well, thank you, Mallory. Full attribution to you for this wonderful story. And it really does align very well with not just the "Newsweek" and McAfee number, but again we've been noticing it a lot here. So Mallory spoke to this woman Lisa Owens who was a server for a long time and she fell out of work because of an injury. So she's been looking for remote work that she could do from home since she can't stand and be ambulatory for quite some time while she recovers. And she says that she's been getting a ton of spammy job offers that she didn't realize were spam at the beginning. So we'll walk through a little bit of what she's been encountering. So she would get a lot of messages about looking for remote work where the jobs that she was applying for were filled, but oh we'll pass your information on to someone that I know. We'll refer you for an alternative opportunity. And they just so happen to have an opening. And one job in that vein that she was offered overnighted her a $2,864 check. Literally just, "We're giving you this job and here's some money. Thank you for being an executive assistant for us, a personal assistant. This is just money we're giving you up front." No surprise to all of us that that was a fake check, but she didn't know at first. She didn't realize that this was actually a scam. She just figured she sort of won the lottery essentially with like a really generous job. How wonderful that they sent me money up front. You know, that's always nice, isn't it? Thankfully when she sent it to a check cashing service they realized that it was fake so she didn't get roped in to the whole check cashing scam that we've talked about a whole lot of time and get stuck on the hook for money that, you know, was not hers. And that's good. That's great. She sort of got a little lucky there, but yeah. And then another job that she got tagged for while again applying for online jobs was for being a property manager assistant where the job was to repost real rental listings on Craig's List and Facebook and then change the details. And this for the Facebook postings especially would be using her own Facebook account to do this. So right. So they would ask --
Joe Carrigan: We need you as legwork for another scam.
Dave Bittner: Your virtual [inaudible 00:17:06].
Joe Carrigan: Right.
Maria Varmazis: Exactly. Exactly. Yep. Yeah. So they asked her to repost again real listings, but then say "The security deposit is actually $1,000 higher than the original one and also the contact info points to us and not the original listing." So just enough to make the listing look legit if you looked it up. You'd be like it looks kind of correct. And she was worried about people contacting her. You know, it's my Facebook account that I'm using to post these. Aren't people going to get mad and yell at me? And they said don't worry about it. Just send them to us. Just give them our phone number. Yeah. [inaudible 00:17:37] don't worry about it.
Joe Carrigan: You shouldn't either.
Dave Bittner: Yeah. Yeah. Somebody will show up at your house.
Maria Varmazis: No. I'm sure it's just silly fun. Nobody angry is going to show up. Yeah. Exactly. So yeah. She was doing the legwork. She was the mule. And again she had a legitimate Facebook account. So that made it look super legit. Isn't that nice for the scammers? And she caught on thankfully pretty quickly with that one. But she says at least she's gotten at least four scammy job offers in just a matter of weeks and that actually when talking to Mallory I think she said she got one just that morning. So the job offers just keep coming her way as someone looking for remote work. So yeah. It was just amazing to see how much BS -- talking about BMV. We were talking about BS in this case just kept flying in her direction. And she legitimately does need remote work so it's just a lot for her to have to sift through. So it's just a fair warning and just be cautious everybody who may be in a similar situation. These job scams are getting more sophisticated. There's a lot of them right now. And there's more and more. As we said, 1,000% increase. A lot of these scammers as Dave and Joe you mentioned they're looking for in betweens. Money mules. So a lot of these job offers may have you do something quasi legitish, but you're helping to run fraud so then you can be implicated in fraud so that's really -- become an accomplice. That's bad. That's wicked bad. So wicked wicked bad.
Joe Carrigan: Maria's Boston is coming out.
Maria Varmazis: It's wicked bad, kids. You don't want to do it. So yeah. The too good to be true offers definitely look at them askance. You want to always verify with the company directly. Don't trust unsolicited messages. And I wanted to follow up on that one. Remember last time I talked about the Spotify job offer I got to be a vice president there?
Joe Carrigan: Yes. Are you a vice president now?
Maria Varmazis: I am not. No. No. No.
Dave Bittner: How's the on boarding going, Maria?
Maria Varmazis: I got the exact same email two days ago, but this time it was to be a vice president at Disney. You're welcome, everybody. So.
Dave Bittner: That's the happiest place on Earth.
Joe Carrigan: Yeah. That might work on Dave.
Maria Varmazis: That's right. I was like Dave will be delighted to hear that Disney wants me to be a vice president.
Dave Bittner: Sure.
Maria Varmazis: So yeah. Don't trust it. And third party check cashing services I think in her case might have done her kind of a solid, but I wouldn't trust them in general. You want to use your own bank and wait for funds to clear before you try to do anything with that money because it could be a fake check.
Joe Carrigan: Absolutely correct.
Dave Bittner: You know, that little tiny component of it fascinates me because if you think about -- and I'm -- I make -- I'm -- I'm theorizing here. Because I don't want to say I'm talking out of my ass, but I'm [laughs] --
Joe Carrigan: Speculating, Dave. Speculating.
Dave Bittner: I'm making an informed hypothesis.
Joe Carrigan: Speculate why.
Dave Bittner: That would a check cashing place who I would presume sees the worst of the worst when it comes to bad checks, right, so would they actually be a better defense, a higher fence or a deeper moat, against something like this than your regular bank branch?
Joe Carrigan: I think that's an excellent point, Dave. I think that's 100% an excellent point. And first off if you get the money, if you get the cash out of there --
Dave Bittner: Right.
Joe Carrigan: Then I don't know. I don't know how check cashing places work in terms of -- in terms of like tracking you. But you're not out any money. And the check cashing place is. The check cashing place is going to have the most defenses in their repertoire because that's their business model.
Dave Bittner: Right.
Joe Carrigan: Right? Yeah. I think that's an excellent point.
Maria Varmazis: Well, I mean the thing -- I would imagine it's just not -- it's not worth the trouble for them. And they would probably make some money if the check bounces. Right? That would be probably in their interest. Wouldn't they make some money from that?
Dave Bittner: The check cashing place?
Maria Varmazis: Yeah, if it's a bad check.
Dave Bittner: Maybe because they take a fee. Well, do they take a fee or a percentage?
Maria Varmazis: That I don't -- I think it may depend.
Joe Carrigan: Yeah. I haven't used one of those places in decades.
Maria Varmazis: Yeah. It's been a little bit.
Joe Carrigan: I think one time I used one they were like they wanted a fee, like a 20% fee. And I was like, "No."
Maria Varmazis: Yeah. Yeah. I think and some of them the mom and pops are going to be different from a -- the bigger chains. Anyway so the -- I imagine for them though it may have been in the past they might not have done much about it because they make money, but nowadays, Dave, to your point they're seeing a lot of these. It may not be worth the trouble. Now they might be going, "Actually hang on a second." Because this is a lot of burn and churn for them. So that could be interesting. But I don't know if I would really want to trust them and their safeguards personally just given what they do. So I don't know.
Dave Bittner: No. No. No. Actually the best thing is to avoid this altogether. But it's just a curious thing to ponder, you know. Does a check cashing place have more robust checks and balances than a regular bank branch? At this point I don't know. You would hope that both would have the maximum amount, but there's also the balance that a bank branch would have of not causing undue friction that's not worth it. Right?
Maria Varmazis: That's true. I'm just thinking about the time I was sent a fake check a couple years ago. And I was trying to figure out what to do with the fake check. Obviously I was not going to deposit it, but I wanted to report it to the issuing bank and there was just no way for me to really do that. And when I finally tracked somebody down they didn't seem to care. So it's just yeah. I don't know. Sort of an anecdote there.
Joe Carrigan: We don't care because when we get it we're just going to send it back to your bank and it's going to bounce. That's all. We trust the process because it doesn't impact us if you get ripped off for a bunch of money.
Dave Bittner: Yeah. Interesting. All right. Well, interesting stories, and we will have links to those in the show notes. Tell you what. Let's take a quick break here. We'll be right back with Joe's story. And we are back. Joe, you're up. What do you got for us this week?
Joe Carrigan: Dave, at the end of my story there is an M. Night Shyamalanesque twist.
Dave Bittner: Oh. That's quite the teaser.
Joe Carrigan: But first let's talk about 4X trading.
Dave Bittner: Okay.
Joe Carrigan: Nothing? Okay. So 4X trading.
Maria Varmazis: Let's talk about it.
Dave Bittner: Okay.
Joe Carrigan: I'm not all that familiar with 4X trading. I know this. Foreign. It's foreign exchange trading.
Dave Bittner: Oh.
Joe Carrigan: And because I don't know what it is I don't participate in it. So --
Dave Bittner: Sounds like a good plan, Joe.
Joe Carrigan: Right.
Dave Bittner: Solid. Solid plan, Joe.
Maria Varmazis: Where's your sense of adventure, Joe? Come on.
Joe Carrigan: I invest in things I understand like mutual funds, ETFs, individual stocks, money markets, options, and just a touch of crypto. But not much crypto. But I know that foreign exchange or 4Xs are buying and selling currencies and hoping to profit as currencies move in value relative to one another. And to me because there's all these different trading pairs of valid currencies it seems to me like -- it seems to me like a Cartesian product. It's just too big for me to get my head around.
Dave Bittner: Okay.
Joe Carrigan: So I don't have any desire to participate in this, but I did look up. We'll put a link in the show notes, an Investipedia page. It tells you all about 4X. But one thing I see frequently when people talk about 4X is that some people claim they're making a lot of money in this. So when someone says to me that they want to invest in the stock market, but they don't understand how to invest in the stock market, and like I said I do invest in -- I say -- I give the same advice that Warren Buffett is often cited. I say, "Just go out and buy an S&P 500 mutual fund." That puts you in the stock market. It diversifies your portfolio. It manages -- it self manages for the largest companies in the world on the stock exchange. Just put it in there and if that's all you can do that's great.
Dave Bittner: The CyberWire legal team would like to remind you that this is not official advice on investing.
Joe Carrigan: That's right.
Dave Bittner: Before you invest please check with your financial advisor.
Joe Carrigan: Check with your financial advisor.
Dave Bittner: The last thing you want to do with your money is follow Joe's advice.
Joe Carrigan: Right. As soon as I tell somebody to invest in something that stock tanks. So yeah. So take that with a grain of salt or just don't do what I tell you. But the great thing about a mutual fund is somebody else manages it. Right? So you invest your money and they manage your money and it's very appealing to a lot of people. And actually I'll tell you that's where the vast majority of my money is is in mutual funds.
Dave Bittner: I think for a lot of people that's true.
Joe Carrigan: Absolutely. So there are these two guys, Jason Rodriguez and Edwin Carrigan, who said, "You know what? We could give people the opportunity to invest in foreign exchanges, 4X, do 4X trading, with our own investment fund."
Dave Bittner: Okay.
Joe Carrigan: So they did this and now 20 people are out about $4 million.
Dave Bittner: Oh no.
Joe Carrigan: That's not the twist though. The twist is this is going where you don't think it was. And Rodriguez -- it doesn't say anything about Carrigan, about where he's going, but Rodriguez is going to federal [inaudible 00:26:59] prison for three years.
Dave Bittner: Oh my.
Joe Carrigan: After this.
Dave Bittner: Okay.
Joe Carrigan: And here's how this all went down. These two guys founded a trading fund. Rodriguez has pled guilty to crimes like wire fraud and other crimes that are in this article. I can't remember off the top of my head what they are, but in 2020 they founded a trading fund called the Technical Trading Team LLC. And Rodriguez became the company's chief operating officer and the sole trading authority over the vast majority of $5 million that they raised.
Dave Bittner: Okay.
Joe Carrigan: So there's a prosecutor who is the states -- U.S -- United States attorney for the eastern division of New York. Joseph Nocella who he's quoted in here has received that - Rodriguez has received just punishment for defrauding over 20 investors out of millions of dollars of hard earned money. The defendant violated the client's trust placed in him by falsely promising them a safe investment opportunity. So let's look at the false promises he made. First off he promises 18 to 24% return on your investment a year. Now that's really, really, really high.
Dave Bittner: Yeah.
Joe Carrigan: Okay? Now the S&P 500 which is like the benchmark averages like 10%. Somewhere around there. I don't -- it might average less when you calculate inflation in. But these returns would be like everybody's like, "Oh. I would love to get those kind of returns." Who wouldn't?
Dave Bittner: Sign me up.
Joe Carrigan: Yeah. And this is something that might get my attention because I don't know enough about 4X and I hear a lot of people make a lot of money on it. Plus this seems plausible to me if you're dealing in fast trading and 24 hour markets which is what 4X is. But still I'd be cautious. I probably wouldn't do this because I really don't understand what's going on here. They promised investors. You know the promise they made. They promised investors they were making safe investments. No. They disregarded numerous safeguards that they promised investors were in place to protect the investments.
Dave Bittner: Okay.
Joe Carrigan: They also promised investors that they had a loss reserve account of funds that would not be traded and could be used to repay investors in the event of market losses, almost like self insuring it.
Dave Bittner: Right.
Joe Carrigan: There was no self insurance fund for this. It just simply didn't exist. There was no loss reserve fund. I, you know -- every time you go to invest in something like any kind of fund, any kind of mutual fund or individual stock, you have to sign a waiver that says, "I understand I could lose some or all of my money."
Dave Bittner: Right.
Joe Carrigan: Right? These guys are not making you do that. They're trying to make you feel safe. And you should understand that. With mutual funds and with stocks you could lose some or all of your money.
Dave Bittner: Yeah.
Joe Carrigan: It's a real possibility. It's not a highly likely possibility, but it's a real one.
Dave Bittner: Enough that it's a red flag if someone tells you there's no way you're going to lose your money.
Joe Carrigan: You're perfectly safe.
Maria Varmazis: It should be. It should be a red flag. Yes. Yes.
Joe Carrigan: Right. Right. They promised the -- they promised investors that the team would never expose them to more than one -- would never expose more than 1% of the team investors funds to the market at any given time. And they just ignored that safeguard as well. So here is where I would start having a question. Let me ask you this question. You're -- here's what I would say. You're going to get me 18 to 24% return on my investment by only putting in 1% of what I'm giving you? Well, why don't I just give you that 1% and put that at risk?
Dave Bittner: Yeah.
Joe Carrigan: Why do you need the rest? Why do you need the other 99% of my money? Why can't I keep that if you're only going to put 1% of it at risk? This -- that claim doesn't make any sense to me.
Dave Bittner: Yeah.
Joe Carrigan: And that should have been a red flag. But then they promised investors --
Maria Varmazis: But if you're bad at math you wouldn't know that. Seriously. A lot of people are just like numbers eh, and they just don't really -- they don't really understand. Yeah. Yeah.
Joe Carrigan: Yeah. I mean I -- that's something that would have just stood out to me like a sore thumb. I would have had many questions about that and probably would have walked away from the deal if I was considering it at that point in time. I like to think that anyway. The final promise here is they promised investors the team would not hold trading positions through an open -- overnight. So 4X exchanges are 24 hours like I've already said. Rodriguez ignored this rule on multiple occasions including one time holding a trade from February of 2021 to April of 2022 which is a long time to hold a foreign exchange -- a 4X trade I think. These things happen like in hours and minutes. The result was a catastrophic loss of over $150,000 in losses which according to the prosecutors represented about 12.61% of the fund's value. Now $150,000 is not 12% of $5 million. So already, a little back of the napkin math here, by 2021 or 2022 this 5 million or $4 million is now down to $1.1 million. They've already lost millions of dollars.
Dave Bittner: Okay.
Joe Carrigan: Right? So --
Dave Bittner: And by lost we mean spent.
Joe Carrigan: Probably actually this is probably actually trading losses. Let's assume that it's trading losses.
Dave Bittner: I'm just thinking they're probably driving pretty nice cars.
Joe Carrigan: It could be that too.
Maria Varmazis: Yeah. Yeah.
Joe Carrigan: It could be that too. So what do you do when you have a bunch of people who you owe money to and you've promised money to and returns? And this is where the twist comes in. You take this legitimate investment opportunity, legitimate in air quotes I mean because there's a lot of fraud that's already happened here, and you go with the king of all frauds and you convert it in to a Ponzi scheme. Remember how I was complaining we haven't had a good Ponzi scheme or pyramid scheme in a while?
Dave Bittner: Yeah. So it wasn't already one?
Joe Carrigan: No. It was not already one.
Dave Bittner: Okay.
Joe Carrigan: It was not a Ponzi scheme, but they converted it in to a Ponzi scheme and started using the money from new investors to pay the old investors the money they owed them.
Dave Bittner: Right.
Joe Carrigan: Right? I can't -- I don't know how you make the leap from going like, "Wow. We really screwed this up." To, "How can we make this worse? I know. Ponzi scheme."
Dave Bittner: [Laughs] but I could see their desperation. Right?
Joe Carrigan: Yeah. Absolutely.
Dave Bittner: And they don't want to admit failure.
Joe Carrigan: Right.
Dave Bittner: And they're good at raising money.
Joe Carrigan: Right because they've already run their mouth and put -- you know, said, "We've got this big reserve fund" that doesn't exist. "So you're not going to lose your money. We guarantee that." So they know they're going to have to pay it back somehow.
Dave Bittner: And they're probably thinking -- they think highly enough of themselves that they're thinking this downturn is only temporary and in no time we will be actually making the money that we promised everyone.
Joe Carrigan: It could be that that was their thought process.
Dave Bittner: We just need to buy ourselves some time.
Joe Carrigan: Right. Or yeah. I think that's what it was, buying themselves time. Now my thinking is that they were like, "We have hosed this so bad somebody's going to call the cops. How do we -- how do we at least delay that from happening?" Ponzi scheme. So Rodriguez's attorney, a man by the name of Benjamin Yaster.
Dave Bittner: Okay.
Joe Carrigan: You thought I was going to say Benjamin Yelin. I wasn't. It was from a company called Federal Defenders. Maintained that the business was not started as a scam and that his client did not intend to fail, but should not have resorted to fraud to escape admitting defeat. He should not have. Here's a quote. "He should not have crossed the line, crossed that moral and legal line, to save his floundering company." He said. Jason realizes this now and he knows that his conviction in this case was a result of pride and hubris. So maybe you're right, Dave. Maybe it was the hubris that, you know -- we can get this back on track if we just get some money in here and pay off the old investors.
Dave Bittner: Yeah. I've seen that countless times. Somebody, you know, they just want to buy themselves some more time so they do something illegal to try to bridge the gap. Isn't that what John Delorean did with -- when he was like selling cocaine to try to keep the cash flow going for the Delorean --
Maria Varmazis: It feels very on brand for the Delorean though.
Joe Carrigan: I don't remember what he was doing. All I remember was that he was -- he was not convicted on that charge.
Dave Bittner: Yeah. Yeah.
Joe Carrigan: He got off.
Dave Bittner: It was alleged.
Joe Carrigan: It was all alleged.
Dave Bittner: He's dead now. So he's not going to come after me.
Joe Carrigan: Right.
Maria Varmazis: In a car that doesn't run. Just kidding.
Dave Bittner: That's right. Exactly. As long as I go faster than 88 miles an hour he'll never catch up with me.
Joe Carrigan: You need 1.21 gigawatts.
Dave Bittner: That's right. That's right. So what's the M. Night Shyamalanesque twist at the end there?
Joe Carrigan: Oh. That's when they turned it in to a Ponzi scheme.
Dave Bittner: I see.
Joe Carrigan: That was the twist.
Dave Bittner: Got it. Got it. Got it. Did not see it coming. All right. We will have a link to that story in the show notes. Joe, Maria, it is time for our Catch of the Day. [ Soundbite of Reeling in Fishing Line ] [ Music ]
Joe Carrigan: Dave, our Catch of the Day comes from Shannon who sent in a text message that she received. It is -- I've gotten these text messages where there's like 100 little head bubbles up top.
Dave Bittner: Oh yes. Yes.
Joe Carrigan: It's a scam. But --
Maria Varmazis: Yeah.
Joe Carrigan: This one is new. We haven't seen this one yet.
Dave Bittner: I'm getting more and more of these and --
Joe Carrigan: Yeah. Me too.
Dave Bittner: And --
Maria Varmazis: Yeah. I haven't gotten this one yet, but it can be a matter of days.
Dave Bittner: Okay. It says "Amazon recall notice. The product you purchased in August 2025 is being recalled due to safety and quality concerns. Your affected order number is duh, duh, duh. Please stop using this product immediately and contact us to receive a full refund. Your safety is our highest priority. We sincerely apologize for any inconvenience this may cause and thank you for your understanding. Sincerely Amazon safety team."
Joe Carrigan: So my favorite part is they don't tell you what product it is. And in fact Shannon writes us a little bit letter -- a little bit of a letter. She says, "So I've not seen this scam text before and I honestly almost clicked on it. I thought oh my god it's been recalled. Then I thought in my head about the things I'd ordered on Amazon in August." Dave, what did you order on Amazon in August?
Dave Bittner: That's a good question. What did I order on Amazon in August? I ordered --
Joe Carrigan: A lot of stuff.
Dave Bittner: Yeah. That's true.
Joe Carrigan: Right.
Dave Bittner: Well, you know, that's -- yeah. Okay. I see where you're going here, Joe. That is actually a really good point in that we have so many things on auto renew at this point for Amazon --
Joe Carrigan: Yeah. I got my K cups come on auto renew.
Dave Bittner: Yeah.
Joe Carrigan: Hey, I bought a chicken coop in -- we haven't talked about my chickens. So I've got to inject that. I bought a chicken coop on Amazon.
Maria Varmazis: See this wouldn't work on me because I don't use Amazon anymore.
Joe Carrigan: So you're [inaudible 00:37:53] one.
Maria Varmazis: Well, I'm not the only one, but yeah. It's I used to buy a lot on Amazon. And I will say I've gotten actual recall notices and they do email you and they tell you what the product is.
Joe Carrigan: Yes.
Maria Varmazis: And when I had -- when my daughter was a baby there was at least one item that I was using that was safety recalled, and you bet I needed to know what that was.
Joe Carrigan: Yeah. Baby things, that's terrifying.
Maria Varmazis: Yep. It sure was.
Dave Bittner: It is, Maria. The product you ordered, baby's first guillotine, has been recalled [laughs].
Maria Varmazis: How did you know? How did you know?
Dave Bittner: Possible safety concerns.
Joe Carrigan: [inaudible 00:38:26] rolling around your house.
Maria Varmazis: Yeah. It was like her pack and play or something which was kind of in use a lot. So yeah. That was pretty urgent.
Dave Bittner: Sure.
Joe Carrigan: We -- we're back in the pack and play part of the life cycle in my family. My youngest grandchild is still in a pack and play.
Dave Bittner: Okay.
Joe Carrigan: On a regular basis. And he is he likes sleeping in it. Anyway Shannon goes on to say -- let me talk about my grand kids and my chickens.
Maria Varmazis: Getting the wallet out. Let me see the pictures, Joe.
Joe Carrigan: She goes on to say, "What did I buy in August? Sunscreen? Big spray?" I don't know what big spray is.
Maria Varmazis: Bug spray.
Joe Carrigan: Oh. Bug spray. Okay. Bug spray. New towels. New beach towels. Lotion. Shampoo and conditioner. Rechargeable flashlights. Wilderness first aid kit. All of these different things as she was planning on going on a hike in the north woods of Minnesota. So that's probably more information than we need, but these are all things that went through her head. And this, Shannon, is exactly what this text message is designed to do. It's designed -- that information is missing so that you start thinking of everything you ordered just like we were talking about and you go, "Oh my god." She says, Shannon says, she can see this scam working on a lot of people because of the urgency and the perceived safety concerns. I agree 100%.
Maria Varmazis: That's like the fortune teller trick. Oh, I'm detecting somebody's trying to reach you, a male from your life. Oh, is it Danny? You know, like just you volunteer that. Oh, yeah. It's totally that.
Joe Carrigan: That's good because I hate Danny. Tell him to shut up.
Dave Bittner: I only showed up at Danny's funeral to make sure they put him deep in the ground.
Joe Carrigan: Right? Danny says you know who killed him [inaudible 00:40:08]. I would love to mess with fortune tellers. I would also, like I've said many times before, when I'm in retirement I'm going to just start a psychic business and just, you know, come out and just talk to people and ask them questions, enough questions until they sus things out on their own. You know, kind of like a -- like just an old guy therapist, but masquerading as a psychic.
Dave Bittner: I see.
Maria Varmazis: You should start a podcast, Joe.
Dave Bittner: A [inaudible 00:40:33] scam. Joe's call in psychic show.
Joe Carrigan: Right.
Dave Bittner: Yeah. Just live stream it.
Maria Varmazis: I would listen to that with bells on. Are you kidding? That would be amazing [laughs].
Joe Carrigan: Dave, get with Peter Kilpe. See if he wants to.
Dave Bittner: Yeah because when I think about empathetic listening --
Joe Carrigan: Right. You think of me.
Dave Bittner: Yeah.
Joe Carrigan: Yeah.
Dave Bittner: That's -- sure.
Maria Varmazis: Smack upside the head.
Joe Carrigan: That's what the psychic is going to be. What are you, stupid? What's wrong with you?
Dave Bittner: I can't believe you are this dumb to fall for this.
Maria Varmazis: Maybe we need a little more of that in our world right now, Joe. I don't know.
Joe Carrigan: Yeah.
Dave Bittner: All right. Before we go on let me explain the math.
Joe Carrigan: Right.
Dave Bittner: All right. Let me get us out of here [laughs]. We are going to take a quick break. We'll be right back. [ Music ] And that is "Hacking Humans" brought to you by N2K CyberWire. We would love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tre Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
