The text trap tightens.
[ Music ]
Dave Bittner: Hello, everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I am Dave Bittner and joining me is Joe Carrigan. Hey, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the "T-Minus Space Daily" podcast, Maria Varmazis. Hello, Maria.
Maria Varmazis: Hi, Dave. Hi, Joe.
Dave Bittner: We've got some good stories to share this week. But first let's jump right into our follow up. Joe, what do we got?
Joe Carrigan: So, Dave, we have some follow up from Chad, super listener Chad.
Dave Bittner: Oh, okay.
Joe Carrigan: He says, "Not sure if this is the prison scam you were talking about last week, but it was funny that I got this call the day after I heard the episode. Either way, thanks for the heads up. Not that I would have okayed it anyway," because he doesn't currently know anybody in prison."
Dave Bittner: Okay.
Joe Carrigan: So, --
Maria Varmazis: As far as you know, Chad.
Dave Bittner: As far as you know, right?
Joe Carrigan: The day's not over, Chad.
Dave Bittner: Right. That's right.
Joe Carrigan: There's always a chance that you may know Joe.
Dave Bittner: Yeah, right, that's right. See how today's show goes.
Joe Carrigan: Yeah. Kudos, Chad, first off, 99% of his battery with these screenshots on his phone.
Maria Varmazis: Yeah. All right, so pro tip for our listeners, don't send us something in with like the 3% red critical bar on your battery --
Joe Carrigan: Right.
Dave Bittner: We'll [inaudible 00:01:26].
Joe Carrigan: Yeah.
Maria Varmazis: Okay.
Dave Bittner: That's funny.
Joe Carrigan: I will -- I will be mean to you. Anyway, this is Chad running his Google Assist -- Assist by Google. It says, "Hi, I'm Call Assist by Google recording this call for the person you're trying to reach. Can you say what you're calling about?" And then the automated system on the other end it goes, "An offender, Dirk Smith, an inmate at the corrections reception center, have requested that your phone number be added to the allowed list for numbers to dial. In order for this offender to call you in the future, we will need your approval. Please answer the following questions." And then it says, "Ending call." And then it goes on to say, "Are you the person authorized to make" -- and then that's where the call ends.
Dave Bittner: It hung up.
Joe Carrigan: Yep. So this is actually probably not a scam, I'm going to say. Or maybe it is, I don't know. I -- like Chad, I don't know anybody in prison right now either. But I think there are systems like this. You know, I have someone I could ask about this.
Dave Bittner: Yeah.
Maria Varmazis: Could it be a misdial? Just --
Joe Carrigan: It could be a misdial. It could be a misdial.
Maria Varmazis: Yeah, what would be the scam here?
Joe Carrigan: Well, you know, they start talking to you, you know, and just start scamming you.
Maria Varmazis: Just scamming you because they talked to you. All right.
Joe Carrigan: Right. Yeah.
Maria Varmazis: Okay. Your existence has been proven, you will be scammed. Right.
Dave Bittner: Oh, well, I just looked up the phone number and it is from the Ohio Department of Rehabilitation and Correction.
Maria Varmazis: Ohh. Well, it could be faked. They could have faked it.
Dave Bittner: That's true, that's true.
Joe Carrigan: Yep. Or they could have spoofed that number.
Dave Bittner: It could be spoofed.
Maria Varmazis: Dirk Smith does sound like Fake McNamerson a little bit to me.
Joe Carrigan: Fake McNaamerson.
Dave Bittner: Dirk Smith, private eye.
Joe Carrigan: Right.
Maria Varmazis: Yeah.
Joe Carrigan: It's one of those names that you wish you had. What's your name? Dirk Smith.
Dave Bittner: Dirk Smith, Private Eye. Yeah. All right, well, there you go. Who knows?
Joe Carrigan: Yeah.
Dave Bittner: You know, if you don't know anybody in prison, probably best to say "no" to this.
Joe Carrigan: Right.
Dave Bittner: Although I guess they could also get your curiosity because you could say, "Well, wait a minute, does someone I know go to prison and" --
Joe Carrigan: Right.
Dave Bittner: -- are they -- are they burning their one phone call on me?"
Joe Carrigan: Right.
Dave Bittner: Right?
Joe Carrigan: I've got -- I've got a funny jail story about that, but not my story. This is someone I know --
Dave Bittner: Yeah.
Joe Carrigan: -- and they're still alive so I won't tell you who it was.
Dave Bittner: Okay.
Joe Carrigan: But there were a bunch of hooligans in -- in their youth and this this person, this guy, hung out with a bunch of other hooligans like himself. And they all got arrested one night for being drunk and disorderly. And they go to the -- they go to the cop station. And this is back when, you know, if -- you know, I don't know what would have happened, but it wasn't ever anything serious like this guy never disappeared for any length of time. But he -- they said, "All right, you all get one phone call." And one of their buddies goes, "I'm ordering pizza. What do you want on your" and he just starts taking orders. And the cop's like, "All right, go sit down in the jail cell for a little bit until you guys sober up."
Dave Bittner: I feel like you're not taking this seriously.
Joe Carrigan: Right.
Maria Varmazis: To be fair, though, if I was in the drunk tank, I probably would want pizza.
Joe Carrigan: Yeah, that's true.
Dave Bittner: Yeah.
Maria Varmazis: Sounds kind of nice.
Joe Carrigan: There's the "Beverly Hills Cop" episode or the first movie where Eddie's -- Eddie Murphy's in the cell and he said, "I've never seen a cell -- a prison cell with a payphone in it. I ordered pizza."
Dave Bittner: Yeah. Remind me later, I have a -- I have a drunk pizza story, but I'm not going to share it on the air.
Maria Varmazis: Ohh, listeners, too bad.
Joe Carrigan: I also have one of those, but I will not share it on the air.
Dave Bittner: Actually, I could share this on the air. There's an occasion down at the good old University of Maryland where some friends, we got together, we were actually playing strip poker and --
Joe Carrigan: Okay.
Maria Varmazis: Well, you were -- okay, I'm in. What the --
Dave Bittner: [inaudible 00:05:24] strip poker. There were -- there were a handful of guys and a handful of gals.
Joe Carrigan: Oh, okay.
Dave Bittner: Yeah, yeah.
Joe Carrigan: All right.
Dave Bittner: And so, you know, we're totally -- my -- we were totally cheating at cards to try to -- to try --
Joe Carrigan: Every guy --
Dave Bittner: To try --
Joe Carrigan: -- in that room is trying to [inaudible 00:05:38].
Dave Bittner: Yeah, we're trying to get this game to where we want it to go and --
Joe Carrigan: Right.
Dave Bittner: -- unsuccessfully, of course. So, anyway, one of the guys ends up naked and --
Maria Varmazis: In nothing but a single sock and we're not going to tell you where.
Dave Bittner: Yeah. No. But then also decides that he wants to get some pizza. So spitting distance from where we were having this game, there was a 7-Eleven. Any of you who went to the University of Maryland back in the late '80s, early '90s know exactly what I'm talking about. So --
Maria Varmazis: Oh, so this was not last week. This was --
Dave Bittner: No. No, Maria, it was not --
Maria Varmazis: Just a clarifier.
Dave Bittner: It was not last week. No, me and -- me and a couple of my Ph.D. colleagues down at the University of Maryland --
Maria Varmazis: Listen, --
Dave Bittner: -- were sitting around in a dorm room.
Joe Carrigan: I have done some [inaudible 00:06:23] --
Maria Varmazis: Crazier things have happened, Dave.
Joe Carrigan: [inaudible 00:06:25] stuff with guys that are now Ph.D.s and other kind of doctors.
Maria Varmazis: Yeah.
Dave Bittner: Anyway, so we -- we -- so this guy decides he wants to get some pizza and so we go with him. He's got -- so he's running down to the 7-Eleven. He's got a can of beer in his hand, but that's it. He's naked. So -- so we're kind of following behind him to just -- in case we have to get him out of trouble.
Joe Carrigan: No, you're following behind to laugh at this, right, to see what happens.
Dave Bittner: So he goes into the 7-Eleven and the guy behind the counter looks at him and says, "Hey, you can't come in here." And he goes, "What?" And the guy goes, "With that beer. You can't come in here with that beer."
Joe Carrigan: I thought he was going to go, "No shirt, no shoes, no service."
Maria Varmazis: Right.
Dave Bittner: So our friend puts the -- sets the beer down outside the 7-Eleven, comes in, again naked, buys his pizza, pays and off we go.
Joe Carrigan: Where was he --
Maria Varmazis: Where is the money?
Joe Carrigan: -- holding the money?
Maria Varmazis: Where is it -- where was his money?
Joe Carrigan: Great minds think alike.
Dave Bittner: Oh, that's a good question. I might of -- one of us must have paid the -- paid the bill, but I don't remember --
Maria Varmazis: I really hope so.
Dave Bittner: -- that part of the story.
Maria Varmazis: Otherwise where -- maybe --
Dave Bittner: [inaudible 00:07:30] money.
Maria Varmazis: -- could have -- yeah, could have had it in [inaudible 00:07:31].
Dave Bittner: I remember that I -- of course, I vividly remember the nudity and I vividly remember the beer and I vividly remember the guy behind the counter, but I do not remember -- you know what? It might be best not to try to remember where he pulled the money out of.
Maria Varmazis: That's [inaudible 00:07:46]. Like the guy just kind of get a pair of tweezers or tongs and just kind of like [inaudible 00:07:50] --
Dave Bittner: Who knows, who knows, who knows. [ Music ] Ah, let's dig into some stories here. Maria, you're up first. What do you got?
Maria Varmazis: You're making me follow that story?
Dave Bittner: Well, you asked.
Joe Carrigan: You've got problems you wanted to [inaudible 00:08:07].
Dave Bittner: You wanted to hear --
Maria Varmazis: And that, children, is what life was like before smartphones were everywhere. And --
Dave Bittner: Yeah, yeah.
Maria Varmazis: Seriously. All right. Well, I have the toughest act in the world to follow right now. My story comes from Consumer Reports so I will still bring it down a few degrees.
Joe Carrigan: It's a good magazine, Consumer Reports. It's a good organization.
Maria Varmazis: I'm a fan.
Dave Bittner: No nudity, but --
Joe Carrigan: Yeah.
Maria Varmazis: No nudity, no beer can or money of mysterious origin.
Dave Bittner: Right.
Joe Carrigan: Well, they do have -- don't they -- do they rate beers?
Dave Bittner: Yes, sure. Sure, Joe.
Joe Carrigan: Go ahead.
Dave Bittner: Sure.
Maria Varmazis: It's a derail.
Joe Carrigan: Go ahead, Maria.
Dave Bittner: Right.
Maria Varmazis: Well, it is October after all and that makes it National Cybersecurity Awareness Month. So the liturgical calendar, as we have talked about before, is in full swing --
Dave Bittner: Yeah.
Maria Varmazis: -- for all the things. So Consumer Report is in on that game with some of their friends at Aspen Digital and the Global Cyber Alliance. And they surveyed a couple 1,000 people about the -- their Annual Consumer Cyber Readiness Report or, rather, they surveyed those people for the Cyber Readiness Report. And they found stuff that I think will just kind of confirm what we've been talking about and suspected in that scams are not only growing, but exposing some deep inequalities and inequities in who bears the brunt of financial losses. And they -- Consumer Reports posted the whole in-depth thing, but here are some of the key takeaways. Nearly half of Americans -- and sorry for our listeners, it is a very U.S.-focused thing. I apologize. Nearly half of Americans have encountered a scam or cyberattack. I think that number is a little too low. I think it's a lot higher than half. But one in 10 who responded to this survey say they have lost money. Text message scams specifically are surging, especially for adults ages 18 to 29.
Joe Carrigan: Really?
Maria Varmazis: Yeah, that one -- this one surprised me the most of everything. That age group, younger adults, 18-to-29-year-olds. I mean, I know they're on their phones a lot, but so is everybody. Why would they be getting hit more with text messages or just noticing them more? I don't know. That's just a fascinating one. Scam losses, according to this report, are not evenly distributed. People in the lowest income households were three times more likely to lose money than those in the highest. And 37% of Black Americans who encountered a scam lost money compared to 15% of White Americans.
Dave Bittner: Huh.
Maria Varmazis: And -- yeah, all this is really interesting. In social media, this is not a surprise. It's a major vector for a lot of these scams. Eighty-four percent of users in this survey reported scammy experiences like fake friend requests. I got like four today. Or shady DMs. I got like four today.
Joe Carrigan: My wife gets those scam req -- or those friend requests all the time --
Dave Bittner: And [inaudible 00:10:45] time.
Joe Carrigan: I don't get any of them.
Dave Bittner: I probably get one a week.
Joe Carrigan: I don't get -- not me.
Dave Bittner: Yeah.
Joe Carrigan: Yeah.
Maria Varmazis: Joe, it's your -- it's your profile picture with the chickens. It scares --
Joe Carrigan: That's what it is.
Maria Varmazis: -- them off.
Joe Carrigan: Yeah.
Maria Varmazis: That's got to be what it is.
Joe Carrigan: This guy nuts.
Dave Bittner: This guy doesn't have any spare money, he's spending it all on his -- on his chickens.
Maria Varmazis: Chickens.
Joe Carrigan: Yeah.
Dave Bittner: Yeah.
Maria Varmazis: It's --
Dave Bittner: He's spending all his money on free eggs.
Joe Carrigan: Right.
Maria Varmazis: All his money on free eggs.
Joe Carrigan: Yes. And I've also got a chicken that sits on my shoulder, which is pretty awesome.
Maria Varmazis: A guard chicken.
Joe Carrigan: And that's something that neither of you have --
Dave Bittner: That's true.
Joe Carrigan: -- I'm very to have.
Maria Varmazis: That is very true. Yeah. And three out of four scam attempts that Americans have experienced began either on email, social media or text messages or through a messaging app, with 30% of those who experienced a cyberattack or scam saying that it began specifically over text message or in messaging app. And that is in comparison to 20% last year. So that is a 10% increase from last year. So nothing going in the direction I think that we would want.
Joe Carrigan: Right.
Maria Varmazis: None of this is a terrible surprise, it's just always interesting to have some numbers against it. Sample size is a few 1,000 people. So do with that as you will for those of us who are science minded about that kind of thing still. There are -- the report says there are some positive trends with slightly more people than last year. The percentage numbers are really low. Like paltry. more people using password managers or identity theft protection tracker blocker extensions on their browsers and file encryption. And I don't want to give anyone out and overly a rosy picture. Like these percentages are well under a quarter of respondents saying they use these things. I think file encryption was something like 14%. It's low. And a third of Americans say they still reuse their passwords. I suspect that number is a lot higher.
Joe Carrigan: I also suspect that [inaudible 00:12:25].
Maria Varmazis: A lot -- a lot higher.
Dave Bittner: A third of Americans admit that they still reuse --
Joe Carrigan: Right.
Dave Bittner: -- their passwords [inaudible 00:12:30].
Maria Varmazis: Realize that they use -- reuse their passwords.
Dave Bittner: Right.
Maria Varmazis: Yeah. Admit/realize. Yeah.
Dave Bittner: Yeah.
Maria Varmazis: And so it's like, okay, when you're the marketing person writing these reports, what's the key takeaway? That this is not great. Consumer Reports is saying individuals need to improve their cyber hygiene with tools and they have a whole bunch that they recommend that people can buy. I won't give them free advertising. You can look into it yourself. Consumer Reports is saying industry and government needs to step up. And I'm just thinking at the time of this reporting, the U.S. government is shut down.
Dave Bittner: Right.
Maria Varmazis: So --
Joe Carrigan: Right.
Maria Varmazis: -- maybe don't look to them right now. So it's not great. More awareness, et cetera, et cetera. Yeah, [inaudible 00:13:09].
Joe Carrigan: Funny, this -- cybersecurity is one of the things that gets broad bipartisan support, like broad. I mean like unprecedented by bipartisan support, but nothing ever happens.
Maria Varmazis: When you say "support," do you mean words or --
Joe Carrigan: Yes. I mean like --
Maria Varmazis: -- actual action?
Joe Carrigan: Like you hear -- like, right now, we're talking about the budgets because of, for example, healthcare spending. Well, that doesn't get broad bipartisan support. Like one party wants it and the other party doesn't. When you say we need to improve the cybersecurity of -- of -- for Americans, nobody goes, "No, no, no, we don't need to do that." Right? Everybody goes, "Yes, yes, we need to do that. Harrumph, harrumph, harrumph."
Dave Bittner: Right.
Joe Carrigan: And then nothing happens.
Maria Varmazis: Oh, yeah, then the rubber meets the road in terms of actual policy trying to get passed or potential laws or regulation. And then that's where things fall apart every time. So, yeah, Dave, you're in this world more than any of us. So --
Dave Bittner: Well, yeah. I mean, it's -- yeah. And the thing about the government being shut down, what also expired was CISA 2015, which is the information sharing legislation that makes it possible for companies to share threat information with the government. So with that legislation sunsetting before having the opportunity to renew, we're -- I don't think it's an exaggeration to say we're less safe.
Joe Carrigan: Yeah. Well, the government's not getting the threat information from companies now.
Dave Bittner: And organizations like CISA who are responsible for helping keep our critical infrastructure up and running, two-thirds of their staff are currently furloughed.
Maria Varmazis: Yep.
Dave Bittner: So --
Joe Carrigan: Yep.
Maria Varmazis: Yep.
Dave Bittner: Again, let's say --
Maria Varmazis: Not great.
Dave Bittner: Yeah, not great.
Maria Varmazis: Yeah, not great.
Dave Bittner: Yeah.
Maria Varmazis: Yeah, it's -- it's always alarming when, you know, things are going in the direction overall that we don't want when it comes to people's safety and how people are being impacted. And it seems less and less is actually able to be done about it on the government side. It's -- if we're just looking for industry to fix all this, I mean, we've seen industry doing what it's done so far.
Joe Carrigan: Right.
Dave Bittner: Yeah.
Maria Varmazis: It's not enough. So I guess the impact is even more on the consumer than ever, which is not great.
Dave Bittner: What do we make of some of the splits here that this research found with household income and also race, you know, people with low incomes are three times more likely to lose money? That's -- that's quite a stat.
Joe Carrigan: Yeah. I think -- I don't -- I don't know -- there is -- there's definitely socioeconomic things here at play --
Dave Bittner: Yeah.
Joe Carrigan: -- when you compare that to race. So I think those two are related.
Dave Bittner: Yeah.
Joe Carrigan: And I -- I think it's -- you know, it's not surprising to me that -- that people at the lower end of the income spectrum are more likely to lose money than people at the higher end of the income spectrum.
Dave Bittner: Yeah.
Joe Carrigan: Because, first off, when you're talking about the way these scams -- the way these scams work, they're talking about amounts of money that somebody at the higher end -- you know, they're -- they're promising amounts of money to somebody at the higher end of the income scale is just going to be like, "I don't need to waste my time with this."
Maria Varmazis: Sure.
Joe Carrigan: Where someone who's at the lower end of the income scale is going to be like, "Oh, here's an opportunity for me."
Dave Bittner: Right. Here's my chance.
Joe Carrigan: Right.
Dave Bittner: Yeah, yeah.
Maria Varmazis: Or thinking also disposable income. I have a bunch of tools on my phone that I pay for to block spam calls --
Dave Bittner: Right, right.
Maria Varmazis: -- because it should be free, but it's not.
Joe Carrigan: That's another factor as well. Yeah.
Maria Varmazis: And, you know, I have the income to do that, but, if I didn't, I would just be getting a barrage of this stuff all the time, even more so than I already do.
Dave Bittner: Yeah. I'd say probably education is a component as well. If you are more likely to have gone to college, you probably spent more time learning about things like critical thinking or skeptical thinking. So that probably tracks some as well the opportunities that people in higher income homes would have than those in lower income homes. But still, three times, that's a pretty stark number.
Joe Carrigan: Yeah.
Maria Varmazis: Yeah.
Dave Bittner: Yeah.
Maria Varmazis: Yeah. I mean, I think also systemic racism that keeps a lot of Black people out of the sciences that kind of you see how that often can shake out with if you don't -- if you don't know somebody who can advise you directly on a lot of this stuff, someone in your community that you trust, you don't have that sort of community knowledge getting out there. And that can be -- and that can affect you. So, you know, it's -- it's -- and, to me, it's -- it's an interesting way that, you know, there are these repercussions of things that seem abstract and on a day-to-day way.
Dave Bittner: Right, right. All right, interesting. Well, we will have a link to that Consumer Reports report in our show notes. Joe, you're up next. What do you got for us this week?
Joe Carrigan: This story actually came to me -- I became aware of it through a meme my son sent.
Maria Varmazis: A meme?
Joe Carrigan: Yeah. My -- it's where I get a lot of my news is from memes.
Maria Varmazis: [inaudible 00:17:55] memes. Okay.
Dave Bittner: Memes that your children sends you?
Joe Carrigan: Yes.
Dave Bittner: All right.
Joe Carrigan: It's funny. But, actually, I went --
Maria Varmazis: It's 2025, isn't it?
Joe Carrigan: I went out and I'm like, "Is this true?" And I found out this is true. And "The Drive" -- Andrew Collins over at "The Drive" has a story that we'll put a link in the show notes to. Do you guys know who Tai Lopez is?
Dave Bittner: I do not.
Maria Varmazis: No.
Joe Carrigan: You guys are lucky because I have had to go out and learn who Tai Lopez is today. So do you remember like 10 years ago when you'd go to watch YouTube videos and there would be some guy standing in front of his Lamborghini going, "You see that Lamborghini in my garage," and then he turns around and goes, "But I really like these books because knowledge is better." Do you guys remember that video?
Dave Bittner: I do not.
Joe Carrigan: Oh, you don't.
Maria Varmazis: No.
Joe Carrigan: It came up on everything I had for some reason.
Dave Bittner: Okay.
Joe Carrigan: I mean, I got sick of seeing this guy's face. Well, that's Tai Lopez.
Maria Varmazis: Okay.
Dave Bittner: Oh.
Joe Carrigan: Okay?
Dave Bittner: So something about you made the algorithm put this in front of you.
Joe Carrigan: Yeah.
Dave Bittner: Interesting.
Joe Carrigan: And I don't -- I don't know what it was. But he bought a bunch of pre-roll ads and what was he selling? He was just selling some kind of course that had monthly subscriptions and -- and he was going to tell you how to be -- how to be successful in life.
Dave Bittner: Okay. And he happened to know where across town there was a guy with a Lamborghini who left his garage door open.
Joe Carrigan: Or, you know, somebody -- yes, somebody -- we're going to get there Dave.
Dave Bittner: Okay.
Joe Carrigan: But -- so this guy has actually built up a considerable following by talking into the internet and saying, "I'm smart. I -- I know better than you, I'll tell you what to do. Here's how you live your life." And you could think of his as -- oh, who's that guy that had to run away to -- Andrew Tate, that's his name. Think of him as like a less offensive Andrew Tate -- version of Andrew Tate.
Dave Bittner: Okay.
Maria Varmazis: [inaudible 00:19:34] is in the basement, but, okay, yeah.
Joe Carrigan: Right. You know. The -- the -- you know, the -- the same kind of thing, "I can help you. I know what's going on here. Here's what you need -- here's how you need to live your life." That kind of stuff.
Dave Bittner: Okay.
Maria Varmazis: Yeah.
Joe Carrigan: So, eventually, with -- with his street cred, he went out and he started up a company. Well, the SEC just filed a civil complaint against that company and against him and against Alexander Mayer, who's the cofounder of this company. It's called Retail Economic Ventures, LLC, or REV.
Maria Varmazis: Okay.
Joe Carrigan: And they also named REV's chief operating officer, a woman named Maya Burkenroad. So here's what happened. These -- these two people, Lopez and -- and Mayer, raised $112 million from retail investors across the U.S. So that, to me, is first off impressive that they were able to cre -- this guy was able to create a presence online for himself and then say, "I'm going to start up a business and here's what I'm going to do. And I" -- and he was able to raise $112 million, okay, with like absolutely no experience or credentials. It would seem.
Dave Bittner: [inaudible 00:20:47] active YouTube presence.
Joe Carrigan: On an active YouTube presence.
Dave Bittner: Yeah.
Joe Carrigan: So what did they do? Well, here's the pitch. And it actually sounds pretty good to me. It might sound -- I mean, it sounds like a viable thing.
Dave Bittner: And that's why you're getting all those ads, Joe.
Joe Carrigan: Right. They went out and they bought distressed retail business brands and they converted them to online only stores. Now, you've heard of some of these stores. Right? I'm going to read off some of the stores they bought. Brahms, --
Dave Bittner: Yeah.
Joe Carrigan: -- Dressbarn. You guys heard of Dressbarn, right?
Maria Varmazis: Heard of it, yep.
Dave Bittner: Yeah.
Joe Carrigan: Yeah, worst name. There are places I don't go because of the name. Dressbarn was one of them. Not because they just -- but I -- like my wife, "Why would you go to a store called Dressbarn?"
Dave Bittner: Right.
Joe Carrigan: It's like, "Come on in and get your dresses, you cows." You know? I -- I always -- I always thought the name was like just a terrible business name.
Dave Bittner: Yeah.
Joe Carrigan: And like there's restaurants I won't eat -- like I won't go to the Bonefish Grill because that sounds disgusting. Bone and fish, two of the things I hate eating.
Maria Varmazis: You know what really grinds your gears, Joe?
Joe Carrigan: Right.
Maria Varmazis: It's like --
Joe Carrigan: Here's another one that you've probably heard of --
Maria Varmazis: Oh, my God.
Joe Carrigan: -- Franklin Mint.
Dave Bittner: Oh, yeah.
Joe Carrigan: Yeah.
Maria Varmazis: The Franklin Mint.
Joe Carrigan: Right. Franklin Mint now -- is now Franklin Mint Online. Linens 'N Things.
Dave Bittner: Okay.
Joe Carrigan: Modell's. Remember "Got to go to Mo's"? Pier 1. My wife used to love going to Pier 1.
Dave Bittner: Yeah, our -- all of our plates and bowls and everything are from Pier 1.
Joe Carrigan: Yeah. And the saddest of them all, Dave, RadioShack.
Dave Bittner: Oh, yeah.
Joe Carrigan: These guys bought RadioShack.
Dave Bittner: That breaks my heart.
Joe Carrigan: It does.
Dave Bittner: Ohh.
Joe Carrigan: It's now just an online presence. Also Stein Mart, which I think at some point in time I owned stock in. I might -- you know --
Maria Varmazis: I'm not familiar with that one.
Joe Carrigan: It was a southern -- like Marshalls in the south, think Marshalls in the south.
Maria Varmazis: Okay.
Joe Carrigan: If -- if my research was right, which it may not have been, who knows. That's sounds like a good stock, I'll buy it. Anyways, what this -- what this complaint that the SEC is filing is alleging is that they sold securities in the form of unsecured notes promising 25% annualized returns and they also sold equity membership units with a monthly preferential dividend of as high as 2.08%. Which, if you are reinvesting that, comes out to be about 28% return annually.
Dave Bittner: Okay.
Joe Carrigan: Right out of the gate, I'm dubious.
Dave Bittner: Yeah, those are high returns all right.
Joe Carrigan: Those are very high returns, very, very high returns.
Maria Varmazis: Okay. Yeah, I was going to say using the Rick and Morty meme, this sounds like a Ponzi scheme with extra steps.
Joe Carrigan: Oh, oh, hold on.
Maria Varmazis: Okay.
Joe Carrigan: Don't -- are you reading ahead on this one?
Maria Varmazis: No, I'm -- I'm -- I'm trying -- I'm -- I'm like this -- this smacks of Ponzi scheme to me.
Joe Carrigan: It does, doesn't it? So it -- it says like it's going to -- like it could be leading to one. Well, it does kind of -- there -- the word "Ponzi" does come up later.
Maria Varmazis: Okay.
Joe Carrigan: So the complaint also alleges they made false statements about the success and profitability of their business model, REV, and the profitability of these brands that they bought, like Modell's is -- who goes to Modell's for sporting goods stuff? I don't know anybody. Everybody goes to Dick's. Right?
Dave Bittner: Oh. Yeah, I guess so. I don't know.
Joe Carrigan: Right? Dressbarn was a good store, but with a terrible name. Franklin Mint was -- I -- I -- I don't know that Franklin Mint ever had a store, a physical store.
Dave Bittner: No.
Maria Varmazis: Wasn't it just a catalog?
Joe Carrigan: Yeah.
Dave Bittner: Yeah.
Joe Carrigan: So -- I mean, so these brands were not --
Maria Varmazis: And was Brahms the candy? Is that the -- like the -- candy guy, Brahms?
Joe Carrigan: Are you thinking Brach's?
Maria Varmazis: Brach's. What was Brahms then? I mean, I know composer, but like what was --
Joe Carrigan: I actually don't know what Brahms is.
Dave Bittner: I don't know, I don't know.
Maria Varmazis: Okay.
Joe Carrigan: I'd have to stop -- stop what I'm doing now and Google it.
Maria Varmazis: Okay. Someone's going to tell him.
Joe Carrigan: No time for that. They also allege they made invest -- false statements about the safety of these investments. And here's some of the things they did. And, Maria, here's where we're going to get into the Ponzi scheme. First, they transferred $5.9 million in investor proceeds directly between portfolio companies when they said that's not what they're going to -- going to do. Right? So, in other words, they're -- you know, maybe they put $5.9 million into RadioShack or -- and then they said, "Okay, we're going to move that money over to Stein Mart." And they said, "No, once we" -- you know, they said they weren't going to do that and they were doing it. Now, here's the good part. At least $5.9 million in returns were distributed to investors, but, in reality, they were like Ponzi -- they were Ponzi-like payments funded by other investors. So they were taking money from some investors and paying out other investors. Now, they weren't a full on Ponzi scheme because they weren't -- that wasn't the entire business model. They actually had this other business model in there. But these are Ponzi-like activities. The defendants also misappropriated $16.1 million in investor funds for Lopez and Mayer's personal use. They -- so they just took it out.
Dave Bittner: Yeah.
Joe Carrigan: Now, the SEC's complaint is online and there's -- they have a news release and a complaint that we'll -- we'll go to. I want to thank Ben Yelin for -- I sent him an email today asking him if this was civil or criminal and he said it's a civil complaint. So here's -- here's my big point with this one. This is another social media influencer who is, you know, full of hot gas, essentially. He has misled -- allegedly misled these investors and talked people out of $112 million. And maybe he had the best of intentions with his money, but that's not where it went. And it seems to me like he doesn't know how to manage a business when you're talking about moving money around and -- and promising these huge returns on things. People just [inaudible 00:26:29] him. So if you go to his YouTube page, he still has 200 -- or 2.5 million followers on his YouTube page. And he has a video on the top of the page from eight years ago where he's sitting on the granite countertop in his kitchen, the garage door is open and the lights are on in the garage. Right? While he's sitting in the kitchen filming that's just so you could see the car in the background. So you're looking like, "Hey, what's in the garage?" And this reminds me of a trick someone tried on me once. You all have the family member who's into some multilevel marketing thing. Right?
Dave Bittner: Oh, yeah.
Joe Carrigan: Everybody has that.
Dave Bittner: Right. Or -- or, if you haven't, you will.
Joe Carrigan: Yeah. Yeah.
Maria Varmazis: I have a sort of -- I -- some -- something adjacent to that, yes.
Joe Carrigan: Right.
Maria Varmazis: Yes, yeah.
Dave Bittner: Right.
Joe Carrigan: So we have someone in our family, we don't keep in touch with this person anymore, but this guy is big into one of these multilevel marketing companies. And we go down to his house, I think it was for like a Christmas or something like that, and I'm sitting at his counter and I look over and there sitting right next -- right next to where I'm sitting on the counter is a W-2, right, that he -- and -- and it has his name on it. And I pick it up, and this was back in like the mid-'90s, and the W-2 says on it that his income for last year -- or for the -- for the -- for the last year was $100,000 even. And I'm like -- I pick it up --
Maria Varmazis: That doesn't happen.
Joe Carrigan: I pick it up and I look at it --
Dave Bittner: That's oddly specific.
Joe Carrigan: Right, exactly, number one. And I pick it up and I look at it and he looks at me and goes, "Pretty good, huh? You should get -- you should get into this MLM thing." And I put it down, I go, "Yeah, it's pretty amazing."
Dave Bittner: You know, I -- I usually leave my W-2 laying around when I'm going to --
Joe Carrigan: Right.
Dave Bittner: -- have guests over.
Joe Carrigan: Exactly.
Maria Varmazis: My important tax documents just --
Joe Carrigan: Yeah.
Maria Varmazis: -- on my kitchen counter like one does.
Dave Bittner: That's right. Or, you know, medical test results --
Joe Carrigan: Right, yeah.
Dave Bittner: -- just tape those to the fridge.
Joe Carrigan: Yep.
Dave Bittner: All my private information.
Maria Varmazis: [inaudible 00:28:28] results.
Joe Carrigan: Yeah.
Maria Varmazis: Bam, right, the imagery right on the fridge.
Joe Carrigan: I actually do put those on the fridge.
Maria Varmazis: No you don't.
Joe Carrigan: It keeps me from eating.
Maria Varmazis: Ohh.
Joe Carrigan: So --
Dave Bittner: Remind me to never come over to your house for dinner.
Maria Varmazis: Check out those polyps [inaudible 00:28:41] --
Dave Bittner: Yeah, lost my -- lost my appetite.
Joe Carrigan: Yes, it's doing its job. But the point is that, first off, if you have your own business, you have to have some kind of tax software to print up these documents if you're paying yourself. I don't even know if he was paying himself with a W-2. That doesn't seem realistic. Yeah, right. He's probably. Anyway, he he printed this U with the with the tax software and just left it laying around for when people come over and they see it and they they would invariably pick it up. Hey, here's something I'm curious about. And he goes, yeah, that's pretty good, huh? That was his. This stick, this guy is the same thing. All of these influencers, whatever you see on their sites, they're fake. They're all lying to you. Everything is fake. The fake private jets, the fake weights that weigh like 15 lbs when they're when they say 40 on them, they're all fake. They're rental Lamborghinis. That's not a Lamborghini that guy owns. It's in. And maybe he does own. I don't know, but there's you can rent those things. All of this stuff is fake. Yeah. Don't buy into the influence culture. We give them way too much credibility, power. I don't know. We spend way too much time to influence. Yeah, these influencers have way too much influence and they do nothing, as a friend of mine. Said dear friend. Wise friend said the type of car someone drives does not indicate how much money they make. It merely indicates how they choose to spend their money. Correct, Because anybody can rearrange their finances in such a way to have a very nice car for whatever amount of time. I always think of the guys. I always think of Crockett and Tubbs from Miami Vice, you know, like, they live in these little, you know, cruddy little apartments, but they were driving these, you know, super nice, super nice cars. Yeah. I guess their story was that they got them from, like, police auctions or something. But still. Yeah, car is never. Good judgment of of what someone's true financial status is. I drive a Scion xB, have for past 15 years. Yeah, when I bought that car, the guy was like, we normally don't see guys like you buying Scion XB's. Do you want to buy a Lexus? Because it was a Toyota dealership and everybody says guys. Like you, you're humble brag. Is this is this because you were wearing your, your Rolex and your gold chain? No, you're not because you're Mr. T starter. Seriously, a man of great financial finances and and and good taste. And by the way, you look great. We're good tuxedo and a top hat right at the at the car dealership. That's right. That's right. With my monocle. Yeah. Mr. Peanut rolls up. How can I look? It's about to say, how can I look more like Mr. Peanut? Right With the limo driver opened the door for you to get out at the key dealer, Yes. I wasn't, you know, I was making less money than I do now, but it but it wasn't, it wasn't. As you would expect to do inflation. Sorry, old money bags Caroline Carrigan You know, podcasting is a great way to get rich fast. I don't know how they said that on the show, but it's especially if you're going to lie to people anyway. I mean, the guy saw how much you know and he said because he he knew he could get me into Alexis. I didn't want to go into. Boxes because the payment would have been like 4 times as high and I didn't want to spend $800 a month on Alexis when she could have easily afforded. I'm sure. No, I could not have afforded. But he could have done it right. Joe could have bought the Lexus with the his couch cushion change, you know? How do you think he affords all those chickens chickens? Chickens were eating me out of house and home. These things eat you so much. They're driving the Lexus. That's right. That's right. That's a good question, Joe. What is the Lexus of chickens? Ah, that's a good question. Do you really? There's the all the the one that's all black. The black chicken. Ohh, yeah. Even the eggs are black. Yes. Yeah, yeah. Batman chickens are expensive chickens. Is that right? Yes. I bet my father-in-law actually has one. I don't know if it lays the black eggs, but it isn't all. It's beautiful chicken. Obsidian chicken it is. All right, shall we move on then? I come from the chicken family, apparently. Yes, we should move on and stop making fun of me for how much money I do or do not make. Yeah, it doesn't matter. It's just what the people think. You make Joe. That's how you carry yourself. Yeah. Dressed like Mr. Peanut. That's that's but with a cowboy hat. Right. Right. Cowboy hat. Cowboy hat. Yeah, that's true. Like you're dressed like who's the owner of the. Cowboys. The Jerry Jones. Yeah, you just walk around like Jerry Jones. I'm more like Doug Dimmadome from The Fairly Odd. All right, I tell you what. Let's take a quick break here to hear from our sponsor. We'll be right back. And we are back. My story this week, uh, comes from where does it come from? It comes from researchers at Threat Fabric, which is a mobile security company. They are Dutch and they are spreading the news about a new Android banking Trojan called. That's bro. Do a TZ bro. Because bro. Of course that's bro, right? And what they're doing here is they're taking advantage of senior citizens. Evidently this first came U in Australia, but has been spreading around the world. Doesn't seem like it's in the United States. But trust me, it's only a matter of time. It'll be here. It's it's already, you know, in other English speaking nations, including the UK and what they do. As they focus on elderly people who are looking for social activities, trips or in person meetings, things like that. And they create Facebook groups and they share AI generated content which claim to organize activities for seniors and when a senior sees this. And they say, oh, this sounds good. I would like to go on a trip or I'd like to get together at my local, you know, 50 plus center or whatever. I don't think A50 Plus is a senior anymore. Dave. Yeah, I know. I know. Me neither. But the truth hurts. And you know that day, that Maria, the day is coming for you and the AARP Magazine. Goes up in the mail. I got mine at 29. What? I was so mad. I was about to turn. I was like a month away from turning 30 and it showed up and I was like, this is really mean for someone who's already feeling very self-conscious about turning 30, which was some time ago. It was serious. I was like, this is some sick joke. Wow, so I've already crossed that one. That's OK. Well, yeah, alright. Well, at least you pulled that Band-Aid off. I did. I did. So if people express willingness to participate in these sorts of events, they get contacted via Facebook Messenger or WhatsApp and they're asked to download a file from a fraudulent link. Which is downloaded Senior Group A SCOM. And they're downloading an APK file, which before the show Joe informed me is an Android package. Like Android executable package, right? Yep. And this a is malware. Once they install the malware, it allows all sorts of bad things to happen. It's an Android banking Trojan. It can record audio. It can capture photos. It can access files and photos on your phone. They can do financial fraud through remote control. But basically they have, they can key log, they have full control over your Android device, right, If you install this complete RAT remote administration tool, right, Remote access tool, yeah. It can do overlays, so it can hide what it's doing behind the scenes O it really powerful stuff. And of course, when you install this, you're giving this a permission to run free on your device, but you have to. Is it circumvent the the developer setting? Don't know. OK, don't know. So they probably have to convince you to do some kind of social engineering to get you to turn that on so that you can install third party apps. Yeah, yeah. So the researchers think this is the work of a Chinese speaking threat group.. And it it's the command and control server seem to be Chinese. And so they're just trying to spread the word about this. You know, be careful of Facebook groups. I'd say be careful of anything on Facebook. You know, I'm wondering if it's Chinese. Or perhaps North Korean, but I don't know how much Chinese N Koreans speak. Yeah, I don't know. I mean, they're, they're just saying there's a lot of Chinese language in the debugger and strings and the malware source code and things like that. Because that's why they're cautious and not attributed to a nation because right. For exactly that reason. Because if you listen to the Lazarus Heist all the way through, which is by the way, a fantastic podcast, highly recommended, they talk about. How the the Lazarus Group goes doesn't do a lot of their hacking from North Korea since there's no infrastructure. They go to China and do it and they have these facilities in China that host them and they do a lot of their hacking from China. Thing yeah, the podcast is great. I highly recommend it. Yeah, it doesn't surprise me. And and as Maria was alluding to, a lot of times you'll see the bad guys will put in some other nations language to try to throw people off the track. Yep, they'll say ohh, look at all that Russian in the code here. It must be Russians, but it's the Chinese or the North Korean. Attribution is very tricky. Iranians yeah O we'll have a link to this in the show notes. I would say one of the things worth checking out in this article is they have some screen grabs of the fake Facebook senior groups and they look legit. They're full of AI generated photos of smiling people of you know. Diverse backgrounds and origins. And so smiling old people's square dancing, yes. O it, by all accounts, it looks legit, but it's not. So it could be a good thing to share these pictures around to try to help your friends and family have a good sense for this kind of thing. So again, we'll have a link to that in the show notes. Joe Maria, it is time for our catch of the day. Gave our catch of the day, was sent in by Cameron and it's just a screenshot of a very urgent message from somebody's urgent message from Union Star Bank. Greetings from Union Star Bank Financial Group. They have urgent message which needs to be attended appropriately. Did you authorize anyone named Mrs. Mary Johnson to come to our office in 1863? King Arms Yard, London, United Kingdom, Union Star Bank Ave. in respect of your 5.5 million U.S. dollars which has been credited with us for the past months now by the federal government? To be transferred into your account. She said that you authorized her to pick up the inheritance. Your kindness has been in our custody for the past six months now. We've been waiting for you to contact us, but we don't know what is hunting you from reaching us since what? So we decided to write you to make sure you are fine and worth of the injury fund a 5.5 million. Pillars in our office in Union Star Bank which Mrs. Mary Johnson wants us to transfer to her Bank of America account. So your urgent response is needed. Before we proceed with this transfer to Missus Mary Johnson account, we want to get you back to us with the following information requested. Absolutely. If you're interested to receive your funds, send your information. Requested to start working on receiving your $5.5 million in heritance funds immediately. Thank you. Send your information needed. You're fully name, your phone number, your address, your driver's license, yours in service. Mr. Anthony Sherrett. Breathe. Was there only one period in that entire e-mail? Yeah, it's one big long run on sentence. Missus Mary Johnson. How many times does the guy say Missus Mary Johnson? I love Mary Johnson. I love some of the wording in here. It changes from inheritance to injury fund. m. There's something in there what is hunting you, hunting you, that's what is hunting you. Yeah. So seeking you obviously translated from something else and then not not run through a modern LLM to clean up and absolutely not. Yeah. So again, this is this is one of those. Old school Nigerian Prince scam type things. Hmm. But this is your the fake inheritance or the fake lottery winnings or the fake. It's the same kind of thing. But they didn't run through an LM because they want to filter out people that will look at it and go this is just. Garbage. Why would anybody send this out? Yeah, They want the people that go, hey, I might want to respond to this, you know, higher level of gullibility. Because if you believe this, you'll believe just about anything they say. True, True. True. All right, Well, thank you, Cameron, for sending that in. We do appreciate it. And of course, if there's something you'd like us to consider. For our catch of the day, you can e-mail us it's hacking Humans at n2k.com. And that is Hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tré Hester. Peter Kilpe is our publisher. I'm Dave Bittner. I'm Joe Carrigan. And I'm Maria Varmazis. Thanks for listening. CHECK / No --, single dash Break up long paras with Clean verbatim; no fillers, stutters Keep you know and like; do not fix grammar False start/partial word use one dash Unknown spkr ID = Unidentified Person Theme music = [music]; delete ads or promos Catch of the day [ Soundbite of reeling in fishing line ] The is lowercase the CyberWire No ads/promo Skip soundbites of music WIRED
