Lock your doors and check your URLs.
[ Music ]
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Carrigan. Hi, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the "T-Minus Space Daily" podcast, Maria Varmazis, Maria is not here.
Joe Carrigan: Oh no.
Dave Bittner: Maria's not here. Maria has a power outage at her home where she -- where her home studio is. So she cannot join us for our regularly scheduled recording, but there's a slim chance that she may be able to jump in and join us while we are in the process. But for now --
Joe Carrigan: Provided her power comes back on.
Dave Bittner: Provided her power comes back on. That's right. Either that or we need to invest in some sort of battery backup for her or a generator or something.
Joe Carrigan: Yes.
Dave Bittner: Right.
Joe Carrigan: Propane powered generator for the whole house.
Dave Bittner: Yeah. There you go. Whole house. Yeah. What could it possibly cost?
Joe Carrigan: Thousands upon thousands of dollars.
Dave Bittner: Sure. All right. We've got some interesting stories to share this week, but first why don't we get to our follow up here?
Joe Carrigan: Well, the only --
Dave Bittner: Go ahead, Joe.
Joe Carrigan: I'm sorry. The only follow up I have is that this is our first episode of October and I'm sure that you're aware, Dave, October is cybersecurity awareness month.
Dave Bittner: Oh. You know, I didn't know that. No one has told me that, Joe. In fact a gazillion different PR people have not emailed me to remind me that October is cybersecurity awareness month and therefore is the perfect time of the year for me to put their guests on one of our shows. That has totally not come up, Joe.
Joe Carrigan: Here at the CyberWire where every month is cybersecurity awareness month. N2K the CyberWire. Sorry.
Dave Bittner: That's right.
Joe Carrigan: Right. I just want to remind everybody that and also please don't abbreviate it C-S-A-M. That is something else.
Dave Bittner: Yeah. Right. Really looking forward to all the CSAM I'm going to be enjoying this month. How about you?
Joe Carrigan: No. Dave, not me. I will not be enjoying any of that. Somebody -- somebody posted that on Linked In a couple years ago. Some -- like [inaudible 00:02:20] jokes. And this morning on my way out to the car I remembered that and I went, "Wait a minute." You know, this is like one of those things where somebody, you know, like they call Homer Simpson slow and then, "Oh, you're making fun of me." And then it's like midnight and Lenny's going, "Get out of my house." It's that kind of thing. I'm walking out to my car this morning and I go, wait a minute. I'll be those were all synthetic accounts and that was someone's idea of a joke.
Dave Bittner: I see.
Joe Carrigan: Yeah.
Dave Bittner: Yeah. You know, what do they call them? Car moments or car -- when you --
Joe Carrigan: Shower thoughts.
Dave Bittner: Where they're -- yes. They're shower thoughts, but then there's the other one which is when you think of the perfect witty response to someone when you're in your car driving home after the event.
Joe Carrigan: Oh yeah. It happens to me all the time. Oh, there it is.
Dave Bittner: Oh boy. That would have been -- that would have killed. Right? A half hour ago.
Joe Carrigan: Right.
Dave Bittner: All right. I'll tell you what. Let's jump in to our stories here this week. Joe, you want to kick things off for us?
Joe Carrigan: Sure. I actually have a story that comes off the BBC news wire. It's from bbc.com. This comes from Eleri Griffiths and it says, the headline is, "Police Issue Warning After 2.1 Million Pound Bitcoin Scam." Scam is in scare quotes there. So what has happened is the police force here are issuing a warning talking about a sophisticated scam. This is from North Wales which is part of the U.K. It's a whole other country. It's not England. You know that?
Dave Bittner: Yeah.
Joe Carrigan: I actually sat down one day and learned everything about the U.K.
Dave Bittner: Everything, Joe?
Joe Carrigan: Not everything. No.
Dave Bittner: Okay.
Joe Carrigan: But the difference between the U.K, England, Great Britain, and the British Isles.
Dave Bittner: Yeah.
Joe Carrigan: There's a YouTube video for it. Pretty enlightening. Anyway that's neither here nor there. This is -- actually it's over there. There was somebody posing as a senior U.K officer who tricked his victim in to entering -- essentially they received phrases on a fake sight for their crypto wallet using a fake story about a security breach. Now what's interesting here is that the police are saying that this is a highly targeted attack that resulted from a data breach. And I don't know which services in the background here. It doesn't -- the articles -- all the articles I've read don't really name the service. But there was a coin based breach back in August of this year. And in that breach attackers were able to get photo IDs, the photo ID picture, the details of, you know -- of everything that was on a photo ID, the last four digits of the Social Security number, email address, and a phone number. Right? Well, that is exactly enough to run one of these scams. Right? So I can pretend now that I'm somebody from your cryptocurrency exchange or someone from law enforcement saying, "Hey, your cryptocurrency exchange -- or cryptocurrency exchange has been compromised. You need to take action." And what it looks like happened here is this guy had a wallet, one of these crypto probably from the same company I mean because Coinbase does have a wallet of their own. It's a non custodial wallet so when you have a Coinbase wallet you are in charge of your crypto, not Coinbase. There's another company out there called Coinomi that has a similar thing. They have a website where you can put your stuff or you can keep your stuff on your own custodial wallet. And they convinced this guy that he needed to enter his seed phrase in to a website for security. Right? So what you're doing when you -- I'll say this again. We've said this many times. What you're doing when you enter your seed phrase is you are essentially giving the attackers access to the private keys of that wallet which allows anybody with -- anybody with those private keys is allowed to -- can now sign transactions to move the cryptocurrency out of your wallet and in to their own.
Dave Bittner: Yeah.
Joe Carrigan: Right? That's how this works.
Dave Bittner: So this is kind of the crypto version of admin access.
Joe Carrigan: Yes.
Dave Bittner: To your crypto wallet.
Joe Carrigan: The -- it is -- yeah. Cryptocurrency yes.
Dave Bittner: Okay.
Joe Carrigan: You need this. If you get this pass phrase and you enter it in to any other compatible crypto wallet you will have access to that person's wallet and you'll be able to send the cryptocurrency anywhere you want.
Dave Bittner: Okay.
Joe Carrigan: All right. So what these guys do of course is they send it to themselves. Now this is not anything new. We've seen this before.
Dave Bittner: Yeah.
Joe Carrigan: But what is new is that they've used information from a breach that doesn't seem like a lot of information. But they were able to target a guy and they were probably targeting everybody that they had in the breach in this data set. They were able to target one of the guys. They got him to respond. He complied with what they were saying because they were pressuring him. And immediately or, you know, immediately after giving the phrase lost 2.1 million pounds in cryptocurrency. I hope that he had a cold wallet somewhere else with more cryptocurrency in it. I doubt that is the case though. This sounds like he may have -- I mean he may have lost a lot of -- all of his money. I don't know. I hope -- I hope that he has more. I hope he's not completely destroyed here. But this also reminds me of I was speaking at a conference last week as we're recording this. I was at the National Association of Consumer Protection Investigators conference which was held down in Bethesda. And I was on a panel with Dr. Tony [inaudible 00:07:59].
Dave Bittner: Oh yeah.
Joe Carrigan: And so --
Dave Bittner: Your old boss.
Joe Carrigan: My old boss. Right. He was moderating.
Dave Bittner: Right.
Joe Carrigan: And we were talking about AI in the use of these scams. So it's not really related, but one of the things that Tony reminded me of, and I haven't thought of this for a while, is when we did a survey of Marylanders and their cybersecurity habits and hygiene one of the questions we asked was, "Has your information been breached and is available on the black market?" And it was alarming to me and to Tony that a lot of people did not know that their information had been breached. The response who said yes was like 40%. Right? Like definitely yes. And I think that number is almost if not at, but almost, 100%. The only reason it's not at 100% is because there are people who turned 18 today who haven't been breached yet. Right? Everybody else if you turned 18, you know, anytime in the past five years your information's out there. Somebody has it. And I think that's what people need to understand is one of the fundamental pieces of information that we need to have -- understand that would help inoculate us is if you understand anybody can call you and tell you information about yourself that you think only a certain subset of people will have, but every cyber criminal out there has it. They just have access to it. And there's a whole market out there for these data sets. And it is readily available to these bad guys if they want it. So if you can get your hands on one of these data breaches, particularly at a crypto exchange, you can just start sending things out and maybe you just want to get like username and password for the crypto exchange. That would be enough to get in to the exchange maybe if you don't have multi factor authentication enabled. Or maybe even if you do if they're still on the phone with you and they say, "Hey, we're going to text you a number for security. What is that number?" And they're in. That is also the keys to the kingdom. They can transfer money out of your account very quickly with that. So I mean I don't know -- we say this a lot, but be aware of the fact that your information is breached and it's all out there. It's all on the internet. These people know things like where you bank. They have that kind of information. They can tell you what the last four of your Social Security number is. They may even be able to tell you all of your Social Security number. The information about you exists and it can be used against you. And you don't even have to say it. It's not like a fifth amendment thing. Right?
Dave Bittner: Right.
Joe Carrigan: Anything you say can and will be used against you. This can and will be used against you and you don't even have to say it.
Dave Bittner: Yeah. I've got good news, Joe.
Joe Carrigan: I heard. I heard a snicker.
Maria Varmazis: Yes. What gave it away?
Dave Bittner: Maria, did you put another quarter in the till and so did you --
Maria Varmazis: The gerbils are running frantically on their wheel at the moment. Yeah.
Dave Bittner: That's right.
Maria Varmazis: We had no WiFi in my house for a good hour. We're having issues. Our Raspberry Pi and the Pi-hole that we've got running on our home WiFi -- and as my husband was sort of trying to fix it we got the home WiFi running and then literally within a minute all the power went out. And it's been -- and we were just thinking, you know, in Hollywood this would be a plausible explanation, something about the WiFi traveled mysteriously and just nuked all the power in our entire side of town. But we actually obviously it's completely a coincidence, but it was a very annoying and funny one.
Dave Bittner: Yeah. So the critical need sensor was in full effect there. Right? Where they all -- every -- my old college roommate who was an electrical engineering major was he convinced me that critical need sensors were a thing where any piece of electronic equipment senses when you need it most and that is when it is most likely to fail.
Maria Varmazis: It's amazing. It's amazing. Yes. That was -- that's been my day. So if I also drop out very randomly you'll know what happened. We've been having brown outs lately. I don't know why. It is just gently drizzling where I'm at which I don't know why that would cause a power outage, but --
Dave Bittner: Don't you have solar panels?
Maria Varmazis: I do, but I don't have a battery backup. So it's --
Joe Carrigan: You've got to get a battery backup.
Maria Varmazis: Well, it's expensive. I mean I'd love that, but I've got to do one thing at a time. No battery backup. So yes. I'm still grid dependent. I'm not off grid.
Dave Bittner: Okay. So if the power goes out your solar panels do not have enough juice to keep the home up and running. Is that --
Maria Varmazis: It's just it's not how they're hooked up to the house. There has to be a battery somewhere because you don't --
Dave Bittner: I see.
Maria Varmazis: Because you don't -- yeah. There -- it's a whole thing. Yeah. You can't just go "I'm now going to use solar for my roof." There has to be a battery as an intermediary. So we don't have that at the moment. So we feed to the grid and we get money for that which is great which in turn allows us to pay basically nothing most months which is nice.
Dave Bittner: Oh. Yeah.
Maria Varmazis: Yeah. Yeah. I like it a lot.
Dave Bittner: All right. Well, we're glad to have you join us and for all of the listeners who hit the stop button when they heard that Maria wasn't going to be on this week's show --
Maria Varmazis: Come back.
Dave Bittner: She's back. And for everybody who hung in there in hopes that Maria would join us, your patience paid off.
Joe Carrigan: Yes.
Dave Bittner: Here she is joining us in the middle of the show. All right. In the middle of Joe's story actually.
Maria Varmazis: Yes.
Dave Bittner: So, Joe, anything else in your story here? You want to -- what else do you have to share?
Joe Carrigan: No. That's -- that was -- that was it. I was done.
Dave Bittner: Yeah.
Joe Carrigan: It was just it's -- it's not amazing to me that this works, but I mean people need to understand that their information is available to most of these bad guys.
Dave Bittner: Right. If someone wants it bad enough --
Joe Carrigan: They can get it.
Dave Bittner: They can get it.
Joe Carrigan: And for a very small price, I'm sure.
Dave Bittner: Yeah. Absolutely. All right. Well, we will have a link to Joe's story in the show notes. I'm up next here and I actually have two stories because they're both short.
Joe Carrigan: Good.
Dave Bittner: So the first story is just a warning from our good friends at the FBI. They're warning that some adversaries have published fake versions of the cyber crime reporting portal, the IC3, the internet crime complaint center.
Joe Carrigan: These guys. Nothing is sacred to these people.
Dave Bittner: No. And it's pretty bold. Don't you think?
Joe Carrigan: Right. Yeah.
Dave Bittner: It's like, "Who should we imitate? Who should we impersonate? What bear should we poke?"
Joe Carrigan: Right.
Dave Bittner: I know. How about the FBI? So they're impersonating the IC3, internet crime complaint center. And they're getting people to report their problems and then they will reach back out to you for more information and look for your information like your name, your address, banking information, and stuff like that, and then take advantage of you.
Joe Carrigan: Right so --
Maria Varmazis: Oh my goodness.
Joe Carrigan: It's awful.
Dave Bittner: It is awful.
Joe Carrigan: It's like a new way to do a follow on scam.
Dave Bittner: Right.
Joe Carrigan: Again all you have to do is put the web page out there and then hope that somebody just fills it out and gives some information.
Dave Bittner: Right or yeah. As we've talked about, if someone does a search for FBI crime reporting the scam site could just as well come up as the real site.
Joe Carrigan: Yeah. All they have to do is buy Google ads.
Dave Bittner: Yeah. So the FBI says please be vigilant and know that IC3.gov is the actual address for the IC3 and not anything else. Ironically if you find yourself falling victim to this the FBI would like you to report it at the actual IC3.
Maria Varmazis: Sort of recursive logic going on here. Yeah.
Dave Bittner: It's IC3s all the way down.
Maria Varmazis: All the way down.
Dave Bittner: Boy. So that's a quickie there. This other one I'm curious about. I actually stumbled across this over on the Reddit scams subreddit. And this is about somebody getting hit with the old white van scam. Now I'm curious if either of you have ever been hit up for the old white van or we can call it the back of -- out of somebody's trunk scam.
Joe Carrigan: Is this where they have goods they want to sell?
Dave Bittner: Yes.
Joe Carrigan: Yeah.
Maria Varmazis: Back of the truck. Okay.
Joe Carrigan: I've not been hit up with this. But I've heard about it happening.
Dave Bittner: Yeah. The one that I remember back in the day -- so, Joe, when you and I would have been in our twenties.
Joe Carrigan: Right.
Dave Bittner: And Maria would have been in a stroller. Speakers. Stereo speakers.
Maria Varmazis: Yeah.
Dave Bittner: Right? Someone would come and say, "Hey, you know, we -- I'm doing a delivery and I got a bunch of extra speakers here that were put in the truck and my boss said I can unload them for a great deal." And --
Maria Varmazis: For your HiFi.
Dave Bittner: For your HiFi. Right. Exactly. And so that was the popular scam and of course you'd buy them and they were terrible speakers and that was that.
Joe Carrigan: Right.
Dave Bittner: The way this seems to have evolved these days is that what they're selling are projectors, like video projectors. HD projectors for your home theater.
Maria Varmazis: Yep.
Joe Carrigan: Okay.
Dave Bittner: And it's basically the same thing. Somebody comes up and says, "Hey, good news. This is your lucky day. I have these projectors. These are $8,000 projectors. And look. I even have the paperwork here to show you that this is the inventory manifest that these projectors are $8,000 a piece."
Maria Varmazis: Yeah. They are pricey.
Joe Carrigan: Wow. You've got an inventory manifest.
Dave Bittner: That's right. And so for --
Maria Varmazis: Those can't be faked.
Joe Carrigan: I can't just print that up at home.
Dave Bittner: No. The low low price of $300.
Joe Carrigan: $300?
Dave Bittner: I will sell you one of these projectors and you'll be the envy of all your friends with your home theater. My son fell for this.
Joe Carrigan: Did he?
Dave Bittner: Yes. Yes. He did. Yes. He did. I know.
Maria Varmazis: What -- and then what happened? You can't just -- you can't just dangle that.
Joe Carrigan: Hold on. Did he come home and go -- was this the son that lives with you or the other son?
Dave Bittner: My oldest son. He does not live with me. No. No. No. No. And it's -- there's --
Maria Varmazis: Anymore.
Dave Bittner: That's right.
Maria Varmazis: After this no longer.
Dave Bittner: My former son fell for this.
Maria Varmazis: I kicked him out.
Joe Carrigan: Do you know who I am? I can't have you being my son.
Dave Bittner: He's out of the will.
Joe Carrigan: Yeah.
Dave Bittner: Yeah. So look. I love both of my sons.
Joe Carrigan: Yes.
Dave Bittner: Very much. There's nothing I wouldn't do for them. And I'm not telling stories out of school here because if my oldest son were to be self critical he would say that one of the things about him, his personality, is that in order to learn life lessons he has to experience them himself.
Joe Carrigan: My son has the exact same problem. I think most boys have that problem. I think that is a boy trait.
Dave Bittner: I think it is. It leans that way.
Joe Carrigan: I look back on my life. I look back on my life and that is the only way I learned anything. And when I told my daughter all the horrible mistakes I made in life she was like, "I want no part of that." And she did none of it. My son was like, "It sounds like a good time."
Dave Bittner: That's the important difference here. So my point is you can't say to my son, "Don't do this. Nothing good will come of it."
Joe Carrigan: Yep.
Dave Bittner: He will not absorb the lesson through merely having it told to him.
Joe Carrigan: I will tell you this, Dave. He got off easy. This is a $300 educational experience.
Maria Varmazis: That's true. And what was in -- what did he end up receiving?
Dave Bittner: Oh. It was a projector. He got a projector. Now my son works in AV. You know, he's -- he does lighting design for like, you know, corporate events and things like that.
Joe Carrigan: I have a cousin who runs a company that does that.
Dave Bittner: Oh. We'll have to talk. So he programs the lighting boards and makes the lights move and, you know, all those kinds of things. So he's not a rube when it comes to the technology.
Joe Carrigan: Right.
Dave Bittner: So he got -- he took the projector home and set it up in his basement because he had dreams of having a home theater. It worked.
Joe Carrigan: Right.
Dave Bittner: For a while.
Joe Carrigan: Okay.
Maria Varmazis: Yeah. Yeah. Something defective or yeah.
Dave Bittner: Yeah. And then it's got like a -- you know, a -- I think what happened -- so these are -- these are cheap projectors from like Alibaba.
Joe Carrigan: Right.
Dave Bittner: You and I or anyone else could buy them for $50 a piece which is exactly what the person in the white van did. Right? Bought a dozen of these things, hundreds of these things. Who knows?
Joe Carrigan: A house full of them.
Dave Bittner: Yeah. And so they're 50 bucks. Sell them for 300 bucks.
Joe Carrigan: 60 more of them right now.
Dave Bittner: Profit.
Joe Carrigan: Six more of them.
Dave Bittner: Yeah. So my understanding with these cheap projectors is that there's an issue where I think like the LCD screen that the light has to go through eventually gets like saturated with infrared light or ultraviolet light or something and it browns it out. And you end up with this big hot spot in the middle of the screen. And it's -- that's just the result of a cheap crappy projector. They don't last long. It looks good out of the box. Works for about a month.
Maria Varmazis: Maybe even the first few times you use it looks great. Leave a great Amazon review. I've used it for a day and it's great.
Dave Bittner: Right. Exactly.
Maria Varmazis: Love those reviews.
Dave Bittner: Why does anyone spend big money on a projector when --
Joe Carrigan: Yep. They can have this for 50 bucks.
Dave Bittner: And I suppose you could look at them as being disposable, but anyway so he got scammed by that. But and learned his lesson.
Maria Varmazis: Yeah. Yeah. I mean when you asked about this kind of scam I didn't really know how to respond because I am definitely the kind of person who has bought bootleg things in my day many, many times on purpose. So many, many, many times on purpose.
Dave Bittner: So do you have any stories of being randomly approached by someone?
Maria Varmazis: No. I don't. That was never my MO because I knew that was always going to be a scam. That much I knew. But like if you know the places to go for bootlegs or in some cases that's the only option that you have you sort of expect to some degree that what you're getting is essentially nearly disposable, but at the same time it's very easy to get ripped off even if you know like hey this is still a bargain, but I'm still getting ripped off. As you said, like these are $50 projectors that were being sold for higher than that. I can't tell you how many times especially I think in my early twenties when I was on the tightest budget possible I would end up falling for something like this because friends of mine would go, "Hey, this is a cheap way to get, you know, clothing or a purse or something." And I can imagine especially now when budgets are especially tight for a lot of people this is going to resurge like crazy.
Joe Carrigan: Yes.
Maria Varmazis: So in some countries also bootlegs are often the only way you can get certain things. So this -- you can have a lot of fun looking at the bootleg markets in some places. I've definitely enjoyed that. You can get some fun finds. I have a lot of music that actually are all bootleg CDs that I've enjoyed getting. But you -- the music is often in kind of questionable condition. So buyer beware on that one. But, you know, if you get it for 50 cents you can't really complain. Right?
Dave Bittner: Yeah. I just finished reading the book "Apple in China" which is all about Apple in China. And --
Joe Carrigan: Makes sense.
Maria Varmazis: I love that you had to explain that.
Joe Carrigan: So in this case you actually can judge the book by its cover.
Dave Bittner: You can. Yes. Yes. And I --
Maria Varmazis: It's actually about Samsung in Africa, weirdly enough.
Dave Bittner: Weird. It's weird. Didn't mention Apple at all. I don't know. I feel as though -- but it was -- you know, this guy sold me the book out of the back of a van. So I guess I got what was coming to me.
Maria Varmazis: Can't complain.
Joe Carrigan: Jabooty? That's a real county.
Dave Bittner: Yeah. Yeah. So actually -- you know, I did actually buy a book at Ollie's once. You know Ollie's the discount?
Maria Varmazis: Oh. Ollie's.
Dave Bittner: Yeah. Yeah. So Ollie's is --
Maria Varmazis: But that's not back of the truck stuff. Right?
Dave Bittner: Well, here's the thing. I bought a book at Ollie's. It was a biography. And it was missing chapters. They just weren't in there.
Joe Carrigan: They misprint books?
Dave Bittner: Yeah. Exactly. It was a misprinted book. It just went from like chapter four to chapter six.
Joe Carrigan: You have to buy another book in the stack to get chapter five.
Maria Varmazis: Sandwich them together.
Dave Bittner: Right. And then that's not a good deal. So --
Maria Varmazis: No.
Dave Bittner: Who has time for that? Where were we? I have completely lost the thread.
Joe Carrigan: I think you were wrapping up your son getting hit with the white box -- white van story.
Dave Bittner: Yeah. Yeah. And Maria getting bootleg things.
Maria Varmazis: Oh. I bootleg many things. I'm just sticking with music as my -- the one thing I'll admit to. But there's many, many bootleg things I've purchased in my day.
Dave Bittner: Yeah. Yeah. You know, if you know that's what you're doing and you're rolling the dice and taking your chances, that's one thing. But when someone actually tries to scam you it's different.
Joe Carrigan: Yep. I'll agree 100%.
Maria Varmazis: Yeah. Yeah. Yep.
Dave Bittner: All right. Well, we will have links to both of my stories in the show notes. I tell you what. Let's take a quick break here. We will be right back after this message from our show sponsors. And we are back. Maria, you are up. What do you got for us this week?
Maria Varmazis: Well, well. It's another short story mainly because I have had no power for the past few hours. So I really wasn't able to do as much research as I would have liked. So I'm sticking with a short one that I can go on today. And this is sort of not a scam, but a news related to a scam that I'd like us to keep our eyes on. And this is that two U.S senators have sent a very sternly worded letter to the --
Joe Carrigan: That should do it. Thanks.
Maria Varmazis: That just will definitely do it. To the CEO of the dating app giant called Match Group to explain how they are fighting romance scams on their apps. So Match Group owns Tinder, Hinge, OK Cupid, and Match. So these are the biggies, the biggies of the online dating scene with maybe a few exceptions, but OK Cupid is actually how I met my husband back in the day so I'm very curious how this is going to go.
Dave Bittner: Yeah.
Maria Varmazis: And it's a bipartisan group of senators. It's Senator Hassan from north of me in New Hampshire. She's a Democrat. And Republican senator Marsha Blackburn. So interestingly this is one of those issues that actually goes across party lines. And they have asked Match Group to present how they are detecting fraud on their platforms and what user safety policies they have in place with a deadline of October 15. So we should hear more from Match Group on this. Match responded to this letter recently saying, "We were totally good. We've got fraud detection tools already in place, safety features." A thing called face check where it does identity verification. But the reason the senators are going after Match Group on this front is this is actually not the first time they've gone after them. Apparently in 2019 the FTC alleged that Match used fake profiles to push their subscription numbers up, but the DOJ dropped that case in 2020. So there's people are trying to figure out what's going on there. Match is saying that they're doing fine and, you know, this is obviously a humongous problem, but they're doing what they can. The FBI has been saying this year that $16 billion in cyber crime losses were incurred through online fraud on romance apps alone. So it's a huge problem and I'm going to be very interested to see what is reported on October 15 from the Match Group about what they're doing and if anything actually comes from this to try and put a dent in romance scams on these apps.
Dave Bittner: Yeah.
Maria Varmazis: As we've covered, this is a humongous problem and it's interesting to me that it's a bipartisan response that's happening here. So that doesn't happen very often. So.
Dave Bittner: I'm thinking back. Do you remember the -- what was it called? Ashley Madison breach?
Maria Varmazis: Oh yeah.
Joe Carrigan: Yep.
Dave Bittner: Wasn't one of the fall outs from that that --
Joe Carrigan: A lot of the female profiles were fake?
Dave Bittner: Yes. Actually like basically there were no women on the platform at all. They were --
Joe Carrigan: Right.
Dave Bittner: They were all bots.
Maria Varmazis: It was a giant catfish? No. Yeah.
Dave Bittner: It reminds me of remember the "Simpsons" bit, Joe, where they were all calling in the 900 number line to --
Joe Carrigan: Right. Are there any hot babes on this line?
Dave Bittner: Right. It's like every sorry male character on the "Simpsons" are talking to each other because there are no women on the line.
Maria Varmazis: That's just the internet.
Joe Carrigan: Yeah.
Dave Bittner: Well, that's true. But, you know, it also strikes me that because Joe and I -- I don't -- correct me if I'm wrong here, Joe, but I think I'm safe speaking on behalf of the two of us.
Joe Carrigan: Right.
Dave Bittner: Joe and I both got hitched before online dating was a thing.
Joe Carrigan: Yep.
Dave Bittner: So we never honestly had to go through that or had the pleasure of going through that.
Joe Carrigan: Right.
Dave Bittner: As the case may be.
Maria Varmazis: Both perspectives are valid.
Dave Bittner: What I'm curious, you know -- Maria, you've been married for a while so --
Maria Varmazis: Just celebrated my 12th wedding anniversary this past week in fact.
Dave Bittner: Congratulations.
Maria Varmazis: Thank you very much.
Dave Bittner: Maria, is it fair to say that when you were doing online dating to meet your future husband that it was relatively early on in the online dating world?
Maria Varmazis: It was. Yes. It was. It was totally different from the wild west situation that there is now. I have a lot of friends who are single and trying to meet someone and what they describe about online dating, even on the same platform that I used, it's just completely different. So I have no advice.
Joe Carrigan: It's a cesspool now.
Maria Varmazis: Yeah. I have no advice for people now because it's like listen when I used it it was a -- it wasn't fantastic, but it wasn't the hopeless wasteland of total despair that online dating seems to be right now.
Dave Bittner: Yeah.
Maria Varmazis: So I mean I used online dating platforms for a few years and went on some -- a number of dates until I met my husband Eric. Same situation with him. So for us it worked out really well. But yeah. As I said, I've got many friends who are in that world right now and it just sounds awful. So just awful. And many of them when we have like drinks together on a Friday night or something they tell me about the scams that they get hit up with like especially my guy friends. It's really hard for them to determine if they're actually speaking to a real person which was just really not a problem -- actually in my case 15 years ago when I was on these platforms.
Dave Bittner: Yeah.
Maria Varmazis: So yeah.
Joe Carrigan: You know, here's how I would handle this if I were single today. I was just thinking about this. What would I do here? And in my profile I would put the very first thing we're going to do is we're going to agree on a place to have a cup of coffee in the middle of the day for about 30 minutes. And then after the end of that if you want to reach out to me again feel free to reach out to me again. But nothing will happen until we sit down and have a cup of coffee.
Maria Varmazis: Joe, I don't think that method would work very well. I don't think that would work.
Dave Bittner: Why?
Maria Varmazis: That is a very high bar to clear for an online outreach. So that's usually more effort than most people want to put in when they're just getting to know somebody through online dating.
Joe Carrigan: How do you get to know somebody if you don't meet them?
Maria Varmazis: Joe, this is kind of part of the problem.
Joe Carrigan: Maybe I'm an old man in this, but I don't get it.
Maria Varmazis: You have to figure out if you want to meet that person first. It involves some talking to each other first, chatting through the app or whatever. And that's usually when people figure out "Do I actually want to meet you?" But that's where problems can happen, and that's where people can get scammed because again you don't know anymore if you're talking to a real person.
Dave Bittner: Right. Yes. Meet me at the Russian tea room. You'll know me by the cut of my clothes and the smell of my cologne.
Maria Varmazis: Yeah. I mean I had this method of basically putting extremely nerdy details in my profile that I knew only like super hardcore nerds would get. And if they didn't pick up on those cues they were definitely not the right person for me. Thankfully Eric noticed them and responded. Exactly what I was hoping for. Like I mentioned my favorite villain from a very -- not an obscure, but a somewhat obscure video game. And he knew exactly who that was. And it was like okay. Good.
Dave Bittner: So it's a keeper.
Maria Varmazis: It was yeah. Exactly. That was --
Joe Carrigan: Said [inaudible 00:32:24] handsome Jack.
Maria Varmazis: No. No. No. No. No. Nothing like that.
Dave Bittner: So were there any attempts to scamming you back then when you were on the platform that you recall? Or was it really before that was rampant?
Maria Varmazis: It really was before that. I mean I -- my husband and I met 15 years ago. So we've been married for 12. We met 15 years ago. So it was -- it was very, very much you knew you were talking to real people. There were -- that's why I'm saying like for people like me who successfully used those platforms back then it might as well have been the stone age. It was very different from what the situation is now.
Joe Carrigan: Right.
Dave Bittner: Yeah. My brother and his wife met online. And that's overwhelmingly the way it happens these days.
Joe Carrigan: Yeah. It is.
Dave Bittner: I just hope to never need to do it.
Joe Carrigan: Yeah. Me too.
Maria Varmazis: Same.
Dave Bittner: Pretty fat and happy.
Joe Carrigan: Yeah. Fat, married, and happy. That's a good description.
Maria Varmazis: It's a good place to be. It's a good place to be.
Dave Bittner: Crossing my fingers. Yeah. Yeah. Absolutely. All right. Well, we will have a link to that story in the show notes. Joe, Maria, it is time for our Catch of the Day. [ Soundbite of Reeling in Fishing Line ] [ Music ]
Joe Carrigan: Dave, our Catch of the Day comes from the scam bait reddit subreddit. Subreddit. There we go. And I don't know if I should read the title because that might spoil it. Actually no. It's just called sister died. Why? Who should play the scammer in this one?
Dave Bittner: I think Maria can be the scammer.
Joe Carrigan: And, Dave, do you want to be the --
Dave Bittner: I'll be the person receiving the -- yeah. The inbound.
Joe Carrigan: And I expect -- I expect good acting and histrionics from both of you.
Dave Bittner: Pressure.
Maria Varmazis: Okay. So I'm the scammer. Am I green text or black text?
Dave Bittner and Joe Carrigan: Black text.
Maria Varmazis: I'm black text. Okay. Hi. How are you?
Dave Bittner: My sister just died.
Maria Varmazis: I don't remember you have a sister.
Dave Bittner: Who is this?
Maria Varmazis: I hope you are kidding when you say that. You really didn't save my number? It's Emma.
Dave Bittner: That's my sister's name. I miss her so much.
Maria Varmazis: Really?
Dave Bittner: Yes. So how do you know me?
Maria Varmazis: I'm sorry. I must have saved the wrong number. I was trying to reach Ms. Helen. I hope I didn't bother you. Forgive my carelessness.
Dave Bittner: No problem. Have a nice day.
Maria Varmazis: Thank you for your understanding and kindness and politeness to me. I'm glad to meet someone polite as you. If you come to Los Angeles, please let me know. I will buy you a cup of coffee to show my kindness and politeness.
Dave Bittner: My sister was allergic to coffee. That's how she died.
Maria Varmazis: By the way, you don't have a sister. You know how I know that? If you did you wouldn't keep killing her over and over with your words just to get rid of me.
Dave Bittner: No. I don't have a sister anymore. She died.
Maria Varmazis: Don't do that next time. Have a good day.
Dave Bittner: Okay. You too.
Joe Carrigan: This is effective at getting rid of the scammer.
Dave Bittner: Yeah.
Joe Carrigan: He's gone.
Maria Varmazis: You wouldn't keep killing her over and over with your words.
Dave Bittner: I'm surprised the scammer engaged that way. The scammer broke the fourth wall. You know, the --
Joe Carrigan: Yeah. I know you don't have a sister. Not anymore. Yeah. Right.
Maria Varmazis: She's gone now.
Joe Carrigan: The scammer -- the scammer, like you say, broke -- I like what you said there. I'm not going to top that. That's pretty good.
Maria Varmazis: My sister was allergic to coffee. That's how she died.
Joe Carrigan: If I die, that's -- if I was allergic to coffee, that's how I'd die too.
Maria Varmazis: With a smile on your face.
Joe Carrigan: Right. I got a French press for my office recently.
Dave Bittner: Yeah.
Joe Carrigan: It's fantastic. I love French press coffee.
Dave Bittner: I don't. As both of you know, I don't drink coffee. Never have. Just can't -- can't get there with it. And every few years I get seduced by the smell and I think, you know, how bad could it be? And so I try it and then I'm reminded of how bad it can be.
Maria Varmazis: Thankfully there are other caffeine delivery platforms.
Dave Bittner: I prefer my caffeine delivered cold. So but I, you know -- [inaudible 00:36:38] Right. Exactly. Hats off to those of you who enjoy coffee. I'm very happy for you. I just I'm not one of those folks.
Maria Varmazis: So stop sending him coffee as gifts, everybody. Send it to me instead.
Joe Carrigan: No. Keep sending it to him. He'll give it to me.
Dave Bittner: You know what? The problem though is that for those of us who enjoy our caffeine delivered cold when we go to events, breakfast events --
Maria Varmazis: They never have it for you.
Dave Bittner: No. Sodas are lunch and dinner beverages as far as these event planners are concerned. And I -- frankly I don't like it.
Maria Varmazis: It really grinds your gears.
Dave Bittner: Grinds my gears. Why should I be deprived? Or, even worse, why should I have to go find a vending machine in the hotel and pay $8 for a can of diet Mountain Dew when everybody else is getting free coffee at the event? Dagnabbit.
Joe Carrigan: Sounds like a --
Maria Varmazis: Put that in the rider next time with the green M&Ms.
Dave Bittner: Oh. That's a good idea.
Joe Carrigan: Yeah. Put it in a rider.
Dave Bittner: Right. These are Mr. Bittner's requirements.
Joe Carrigan: You will provide him one diet Mountain Dew.
Maria Varmazis: And it will be cold. It will be there at call time at 6 AM.
Dave Bittner: Right. I need the Mountain Dew Zero actually.
Joe Carrigan: Mountain Dew Zero.
Dave Bittner: All right. I tell you what. Let's take a quick break here. We'll be right back after this. [ Music ] And we are back. And once again want to remind everybody that we would love to hear from you if there's something you'd like us to consider for the show. You can email us. It's hackinghumans@n2k.com. And that is "Hacking Humans" brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tre Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
