Lost iPhone, found trouble.
[ Music ]
Dave Bittner: Hello everyone, and welcome to N2K CyberWire's "Hacking Humans" podcast, where each week, we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines, and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan. Hey there, Joe.
Joe Carrigan: Hi Dave.
Dave Bittner: And our N2K colleague, and host of the "T-Minus Space Daily" podcast, Maria Varmazis. Maria!
Maria Varmazis: Hi Dave! And hi Joe!
Dave Bittner: We've got some good stories to share this week, but before that, let's jump right into our follow-up. Joe, what have we got?
Joe Carrigan: Dave, we have a couple of pieces of news on the Myanmar scammers. We'll put some links to both of these stories in the show notes. I didn't want to do a whole story on them, because it's more of what we've been talking about. China has sentenced another seven people to death for their role in the Myanmar scan centers-scam centers.
Dave Bittner: Yeah.
Joe Carrigan: Now, two of them have gotten what they call a two-year reprieve.
Dave Bittner: Hm!
Joe Carrigan: Which means that they will probably have their sentence commuted to life in prison.
Dave Bittner: Okay.
Joe Carrigan: And the last time I said something-last time we were talking about this, I said something that wasn't correct, but that's usually what that means, is um, yeah, the-they get their sentences commuted. The other thing is, there is another article about this in the New York Times, about a man named She [stuttering] Zhijiang. She Zhijiang, that's it. I'm going to say that [laughter]. He is a Chinese-born businessman who ran these scam centers, according to China and the U.S., and he has been arrested in Bangkok, and is getting extradited to China.
Dave Bittner: Hm!
Joe Carrigan: So they are really, over there, are trying to clean that up, it seems.
Dave Bittner: Yeah.
Maria Varmazis: China and the United States worked together on this?
Joe Carrigan: Yeah. Well China and the United States say that She Zhijiang is the-runs the scam centers. That's what they say. I don't know if they work together on that, but they both said that's the case.
Dave Bittner: Okay, interesting.
Joe Carrigan: Yep. I have a question for you. I saw something this morning about the Mandela effect, and I'm fascinated by this Mandela effect [laughter] thing.
Dave Bittner: Yes.
Joe Carrigan: But--
Maria Varmazis: Is it new to you, or is it just a new one?
Joe Carrigan: Well this is a new one. No, I'm not-I'm going to argue about something later if we get to it, but if I say to you Yosemite Sam, Dave, what saying of Yosemite Sam comes to mind?
Dave Bittner: Uh, Yosemite Sam, uh--
Joe Carrigan: Bugs Bunny-
Dave Bittner: I mean I can picture him.
Joe Carrigan: Yep.
Dave Bittner: And I picture him like firing his guns in the air.
Joe Carrigan: Yep.
Dave Bittner: And doesn't he, he says something about Bugs Bunny, like that mangy rabbit?
Joe Carrigan: Right, yeah.
Dave Bittner: Yeah, yeah.
Joe Carrigan: Right, that's-that's what I remember. Maria, do you have a uh, anything?
Maria Varmazis: Uh, I don't have a phrase of his, I have the same visual of him, like really short dude, giant hat-
Dave Bittner: Yeah.
Maria Varmazis: The guns, going pew-pew-pew [laughter].
Dave Bittner: Right.
Joe Carrigan: Right.
Maria Varmazis: And quite the temper, and a huge mustache, right?
Dave Bittner: Yeah.
Joe Carrigan: Yes. Apparently there is this Mandela effect thing where everybody is remembering him going "What in tarnation?"
Dave Bittner: Oh!
Joe Carrigan: But I never recall him saying that.
Dave Bittner: Okay.
Joe Carrigan: This is a Mandela effect that has not impacted me.
Maria Varmazis: [Laughing]
Joe Carrigan: Right? So, I remember him saying "Alright you stupid idiot galoot, I'm sorry," you know that's when Bugs Bunny is about to crash one of the planes into the ground, and Yosemite Sam is on the plane [laughter].
Maria Varmazis: I'm amazed that you remember it in that detail [laughter], yeah, that's like-I don't remember any of that. That detailed, okay?
Joe Carrigan: I think the tarnation was-there was one cartoon that was a guy that was kind of like a carbon copy of Yosemite Sam, who was a Texas oil billionaire-
Dave Bittner: Hm!
Joe Carrigan: I think he may have said it, I have to go back and watch that. It was a pretty good episode.
Dave Bittner: Mm-hm.
Joe Carrigan: It's the one where [laughing] he stuffs all his, stuffs all the dynamite down Bugs Bunny's hole, and then Bugs Bunny tricks him into lighting his lighter [laughter], and you can imagine where that goes.
Dave Bittner: Yeah.
Joe Carrigan: But you know, the thing that I do, I do absolutely 100% remember this, is the cornucopia on the Fruit of the Loom logo-
Maria Varmazis: Yep, yeah, which apparently didn't exist, and I don't know how that's possible.
Joe Carrigan: No, I think that's wrong. I think that is 100% incorrect, I think that we are being lied to, and [laughter] I'll tell you why.
Maria Varmazis: The truth is out there.
Joe Carrigan: I'll tell you why I believe that, because I was thinking about this today and I go back to a conversation I had like in 1989, 1990, with a guy I knew in college, his name is Joe-it still is, Joe Kibbelbeck, Joe and I were having a conversation and we-and he, we liked using big, fancy words, and he says "It's like a cornucopia," of something, and I said, "Yeah, like that thing on the Fruit of the Loom logo!" And he said "yes!" in the 90s, we said that. We're in the 80s and 90s, and we said that-
Maria Varmazis: How do you remember his joke?!
Joe Carrigan: I remember the first time that we talked about cornucopias.
Maria Varmazis: Are you a reliable narrator of these events, genuinely? How on earth do you remember that?
Joe Carrigan: I am going to reach out to Joe, we're still friends [laughter] on Facebook, and I'm going to see if he remembers this-
Maria Varmazis: [Beep] I don't remember stuff from last week, and he's like-[laughter], like how do you remember that?
Dave Bittner: This is how Joe's brain works [laughter].
Joe Carrigan: Yeah, I don't remember stuff from last week either [laughter continues].
Dave Bittner: No, no, no [laughter], believe me.
Maria Varmazis: Oh my god [laughing].
Dave Bittner: I don't want to be living inside that head [laughter].
Joe Carrigan: Because somebody else said cornucopia, and like yeah, you know, like the horn of plenty, like on the Fruit of the Loom logo-
Dave Bittner: Yeah.
Joe Carrigan: -- was the conversation.
Dave Bittner: No, the one that gets me is the Berenstain Bears.
Maria Varmazis: Yep, that's the same for me.
Joe Carrigan: The Bernstein-yeah, actually that one does not get me, because my mother rigorously corrected me every time I said Bernstein Bears, or something, and "no! It's Berenstain Bears!" She would pound that into my head. So that one, I get where other people have it, but I don't have that one either.
Dave Bittner: Okay.
Joe Carrigan: But the Fruit of the Loom cornucopia did exist and you can't convince me that it didn't.
Dave Bittner: I'm with you [laughter]. Do you think Yosemite Sam might be being confused with Foghorn Leghorn?
Maria Varmazis: Yes!
Dave Bittner: Because they are very similar.
Joe Carrigan: They're similar characters, Foghorn Leghorn, um, maybe not Foghorn Leghorn, I'm thinking it's other characters that are more similar, and human-like, like Yosemite Sam.
Dave Bittner: Yeah.
Joe Carrigan: And when I say human, I mean they're all animated, and I understand that, but not actually [laughter] humans.
Dave Bittner: It's something you could-well and Mel Blanc voiced all of those.
Maria Varmazis: That's what I was just going to say is like it's all by Mel Blanc, so it's the same [laughter].
Joe Carrigan: Yeah, so I mean, if you watch the Texas-it's called Oily Hare-spelled H-A-R-E, and I just remembered it off the top of my head, because I could see [laughter]-
Maria Varmazis: [Laughter] I remember-oh my god! I know you're not Googling this right now, I know you genuinely are recalling.
Joe Carrigan: No! I'm not-
Dave Bittner: No, no, no-
Maria Varmazis: No, I know you genuinely are recalling.
Dave Bittner: No, no, it's all in there [laughter], it's all in there.
Joe Carrigan: But you watch that, it's like, instead of being a red-headed guy, it's a-he's got black hair, and he's got a sidekick named Maverick, and he rides around in spurs, very funny-
Maria Varmazis: What?! [Laughing]
Joe Carrigan: It's one of my favorite cartoons when I was a kid.
Dave Bittner: Clearly [laughter]. My favorite Yosemite Sam gag was the one where he rigged up the piano that would explode [laughter], when you [laughter continues]-and Bugs Bunny [Joe starts singing] kept playing something wrong [Joe continues singing]-
Joe Carrigan: Oh, tarnation! Dave Bittner: Oh, see, there, right there [laughter]. And he goes "no, no, no, you dumb bunny, that's not it, try it again." I could quote the cartoons here.
Dave Bittner: Can we move on?
Joe Carrigan: Yes [all laughing]. We have some listener follow-up, I think?
Dave Bittner: I think-I think uh [laughter] I think we know what your next podcast should be, Joe [laughter].
Maria Varmazis: Joe recites in photographic detail every Loony Tunes character and cartoon show, ever. Amazing.
Dave Bittner: That's great.
Maria Varmazis: I just pasted this in here, because I don't know if we want to cover it, but I thought it was really fascinating. This was some interesting listener follow-up from listener named John.
Dave Bittner: Alright.
Maria Varmazis: I figure, Dave, if you want to go for it I think this, I thought this was really interesting.
Dave Bittner: Sure, this person writes in and says, "I regularly listen to both the CyberWire Daily and "Hacking Humans" and look forward to hearing your show each week." Well thank you very much! They say, "This is not really a Catch of the Day, but an incident that happened to one of our employees, using a technique that I had not encountered before.
Joe Carrigan: Hm!
Dave Bittner: Our employee, we will call him Dave-
Maria Varmazis: Sorry, Dave [laughs].
Dave Bittner: Works in sales [laughs], so his number is out there, and he is somewhat accustomed to receiving unsolicited calls. Someone called him via FaceTime while he was sitting in his car, and started speaking in a foreign language. They hung up after approximately a minute and a half. However, during that time, they managed to take a picture of Dave through FaceTime.
Maria Varmazis: Hm!
Dave Bittner: Okay, about 15 minutes later, Dave received a text, with an AI-modified picture that was created to look like Dave was pleasuring himself in his car, which he obviously wasn't. So he was also instructed to send the scammer $5,000 via PayPal, or the scammer would share the image with his family and friends. Add realism, they shared a list of family and friends, which were all people that Dave knew. However, this was just the list that shows up if you look for Dave on sites like True People Search.
Joe Carrigan: Mm-hm.
Dave Bittner: They also tried going after Dave's stepmother, who has the same last name, which maybe how they got to him. When Dave-you know, I really resent using the name Dave here [all laugh], just saying. I just-I mean, we're going to call him Dave-
Maria Varmazis: It wasn't you!
Dave Bittner: We could have called him Bob, or, Frank, or-
Joe Carrigan: You could change the name to Bob, Dave.
Dave Bittner: How about Joe? Would Joe be okay?
Joe Carrigan: No [overlapping speakers and laughter]-
Dave Bittner: Not Joe either [laughter], Joe's no good? Alright. When Bob did not immediately pay, the scammer posted the image in our Works Facebook messages, which were immediately taken down. They've also threatened to post the images on the website of the local Chamber of Commerce where Dave works [laughing], or Bob works, sorry, Bob has submitted a police report as well as a complaint with the ICCC, okay, that's good. While this is a targeted attack, it is not hard to do, with someone that is public, or even semi-public, like Bob. It is a frightening combination of sextortion and AI image generation that can happen to anyone whose contact information and work details are accessible on the internet, which is a lot of people. Not aware of any real defenses against this, other than possibly don't turn your camera on for unknown FaceTime callers, if that's possible. Just thought you'd be interested in this, and wanted to get the information out there. Thanks for a great show, and all you do to keep us informed. Well! This is terrifying!
Joe Carrigan: Yeah! Absolutely--
Maria Varmazis: Yeah! I saw that email come in, thank you John for sending this in. It is absolutely terrifying, and yeah, sales folks, they answer the phone for anybody, because it could be money-
Dave Bittner: Right!
Joe Carrigan: Right!
Dave Bittner: It's the big one! This is the big one!
Maria Varmazis: It's literally the job [laughter], so it is horrifying, and yeah, as soon as he was walking us through this, I'm going yep, all of that sounds really plausible to me, so, well well!
Dave Bittner: So here's the thing- You call someone, so in this case, they got the person in their car, so they have the actual background of their car-
Joe Carrigan: Right.
Dave Bittner: That I presume they used with the AI image.
Joe Carrigan: Mm-hm.
Dave Bittner: You know, stripping the person of their clothing and making them look like they were up to what they were up to. Yeah, that's really-that's dastardly!
Maria Varmazis: Yeah, sure is. And then, adding in the names of people that he knows through any of the open source databases, and public information, frankly, that you can find in two seconds with a search. That-it's so simple to do, which is horrifying. So ugh, yeah, absolutely gross.
Dave Bittner: I mean I guess you can answer a FaceTime without turning your camera on. You can do that, but you have to be mindful to do that, so that's one thing you can do.
Maria Varmazis: Yeah, but a lot of people like to have that face-to-face, especially if they're trying to close a deal, I suppose, so yeah, wow. Just awful.
Dave Bittner: Yeah, that is awful. [Music begins] Alright, well, thanks for sending that in. We do appreciate it, and of course if there is anything that you, our listener, would like to send to us, we would love for you to do so. Our email address is Hackinghumans@N2K.com. [ Music ] Alright, let's get to some stories here, and Joe, why don't you kick things off for us?
Joe Carrigan: Alright, so before we get started, this is an AI story, Dave.
Dave Bittner: Yeah.
Joe Carrigan: So I'm going to use a term in this story called agentic AI, or agentic capabilities, and all that means is this some kind of AI model out there has some kind of autonomous capability. It can act with you know, with instructions, but it can carry those instructions out once you give it the instructions. It's-think of it like a really advanced computer program, right? So there is a company out there called Anthropic that makes an AI product called Claude, which does coding and other kinds of things, and a lot of IT-related stuff. And Anthropic has released a report, this is in-recently, as of yesterday-but I guess by the time this drops it will be like a week ago. So in mid-September of this year, they detected that somebody was using suspicious activity on Claude AI, and they were using it, they say here that they're using it to an unprecedented degree to execute cyber attacks, themselves.
Dave Bittner: Mm-hm.
Joe Carrigan: Now, in this article, they outline how this works, but one of the things they say is that at one point, these actors had to convince Claude, the model, which is extensively trained to avoid harmful behaviors, to engage in the attack. So they did this by jail-breaking it, effectively tricking it into ignoring its guardrails, and what they did was, they had two things, they broke down their attacks into small, seemingly not harmful attacks, but small pieces of work, because really, a lot of these tools are out there for legitimate use. And that's the other thing they did, they lied to Claude, and said yeah, we're an employee of a legitimate cyber-security firm, and we're doing some assessments here. So help me out with this.
Dave Bittner: Right.
Joe Carrigan: They have a very nice diagram in this, in the report, or in the article, that we'll put a link to. You can go and get the whole report if you would like, but basically it is a human operator, who is first telling the agents to go out and do some reconnaissance, and then once the human operator gets the reconnaissance back, they're telling the agent, okay, go out and do a vulnerability scan on these findings, from the reconnaissance. So they're scanning the network, you know, the targeted networks, for vulnerabilities. And then they're going to try to exploit these vulnerabilities, and the last phase is, they're going to try to move laterally throughout the network and get in. Anthropic is saying this organization, or this actor, attacked like 30 separate companies and government agencies, but only got into "a small number of them."
Dave Bittner: Hm.
Joe Carrigan: So this is an interesting, it's an interesting story, and you know, the article is much more, much more detailed. And of course, the report is even-painfully detailed [laughter]. But there has been some discussion on this, like Dan Goodin over at RS Technical, we've covered a lot of Dan's articles here on this show.
Maria Varmazis: Mm-hmm.
Joe Carrigan: He has an article, it's-oh, what's the title of this article? It's called "Researchers Question Anthropic Claim to AI-Assisted Attack," the AI-assisted attack was 90% autonomous. And what [laughs], one great quote in this, I'm going to clean it up, because I know, we're a family show, right [laughter]? Uh, Dan Tentler, who is the Executive Founder of the FOBOS Group says, "I continue to refuse to believe that attackers somehow, are somehow able to get these models to jump through hoops when nobody else can."
Maria Varmazis: Mm-hmm.
Joe Carrigan: His question is, and I'm quoting here again "why do the models give these attackers what they want, 90% of the time, and the rest of us have to deal with butt-kissing stonewall and acid trips," and by that, I guess he means [laughter] hallucinations.
Dave Bittner: Yeah.
Maria Varmazis: Yeah.
Joe Carrigan: So you know, I was using ChatGPT, having just a casual conversation with it about university mottos, and that thing was hallucinating like crazy. Or confabulating is probably a better term.
Dave Bittner: Mm-hmm.
Joe Carrigan: But, so I mean, I think this is a good question that Dan Tentler is asking here, is how are these guys getting it to do what they want it to do, especially if a security researcher has a problem saying hey, I'm going to run a legitimate, I'm a, you know, you know who I am, I am a security researcher, I want to do a network scan of this target, and the AI goes, "I'm sorry, I can't allow that."
Maria Varmazis: Mm-hm!
Dave Bittner: Right.
Joe Carrigan: Sounding like Hal from [laughter]-by the way, Dave, that's another reference you and I have never used on this show, but when you were gone, we made the Dave's not here reference-
Dave Bittner: Yeah.
Joe Carrigan: And uh-
Maria Varmazis: I got so many emails about that after, thanks Joe-
Joe Carrigan: Did you [laughing]?
Maria Varmazis: Everybody was like, yeah, I don't know about this one-I didn't, I'm sorry [laughter].
Dave Bittner: Oh, really? You didn't know about that?
Maria Varmazis: I've been educated now. I've been educated, please stop emailing me about it, thank you [laughter].
Dave Bittner: Right. For a long time, in the early days of the MacIntosh computer, when it was unique that the Mac could have pre-recorded little audio clips, as system alerts, when my-I replaced the error sound on my Mac, and it would say "I'm sorry, Dave, I'm afraid I can't do that."
Maria Varmazis: Oh, that's great [laughter]. Yeah, yeah.
Joe Carrigan: Another good point that Dan Goodin makes in this article is that many researchers compare advances in AI from AI in the cyber attacks, to other tools that have been around for years, like Metasploit, or the Social Engineering Toolkit-
Maria Varmazis: Mm-hmm.
Joe Carrigan: And he says these tools are no doubt useful, but they didn't meaningfully increase the attacker's capability severity of the attacks they produced.
Maria Varmazis: Hey, you have to know what you're doing with those tools.
Joe Carrigan: Right.
Maria Varmazis: I mean, a lot of-
Joe Carrigan: Absolutely.
Maria Varmazis: I used to work at Revvin' Seven, so Metasploit was super in my lane okay [laughing] we would get a lot of, you know, people like "I want to hack! I want to download Metasploit, I'm going to start hacking!" And if you don't know what you're doing, it's not going to be like the Easy button for hacking, which is what a lot of people think.
Joe Carrigan: Yeah, I've toyed around with it, and it's got some cool out-of-the-box stuff, but if you really want to do something neat, you've got to develop in it. I mean it's-
Maria Varmazis: Yeah, you've got to know what you're doing.
Joe Carrigan: It's a development task.
Maria Varmazis: Yep.
Dave Bittner: Hm.
Joe Carrigan: Another reason that Dan Goodin is saying these attacks aren't impressive is that this attack targeted 30 organizations, major, including corporations and government agencies, and only a "small number of the attacks succeeded." Goodin's point is that raises questions, even assuming limited human interaction. What good is the success rate, or what good is this when the success rate is so low? And I have an answer to that, and that is, if you think-I mean, they're actually naming an APT that is in this article they're calling GTG1002, which is a Chinese-affiliated group.
Dave Bittner: Mm-hmm.
Joe Carrigan: I know attribution is notoriously hard, so I'm not on board with naming whoever it was, and of course, I only know what I've read in these reports, but my thinking on this is I don't think that's a valid criticism of this, because if you think of the success rate of like phishing emails, just to get credentials, they're small. They're really small, but they work.
Maria Varmazis: Yeah.
Joe Carrigan: And they're effective.
Dave Bittner: Mm-hm.
Maria Varmazis: Yeah, scale. Yeah.
Joe Carrigan: Exactly, what this AI is doing, what Anthropic is saying here is that somebody used their AI, Claude AI, to essentially scale an attack.
Maria Varmazis: Mm-hm.
Joe Carrigan: And I think that's the implication here. Is that yeah, I mean, you still have to be a good, you know, a good malicious actor. You have to be good at what you do in order to make this work, but if you are good at what you do, now you can automate that.
Dave Bittner: Mm-hm.
Maria Varmazis: Yep.
Joe Carrigan: Additionally, I don't think that-one of the interesting things is why would you use Claude AI? Why not build your own AI? And host it somewhere, where you could have it with no guardrails on it, and it could be an evil AI, and say hey, yeah, let's go after these guys, let me see what I can do. The other thing, my other thinking on this, is that this is a noisy attack. I think this attack would be noisy. But it would raise a lot of ruckus on the target organizations, unless these guys have given specific instructions to be stealthy and you'd have to know how these tools work in order to do it, like tell the agentic AI "I want you to use these switches," if you will. The command options, to when you do these scans, when you do these vulnerability exploits, and things like that.
Dave Bittner: Hm.
Joe Carrigan: So it's an interesting back and forth between Anthropic and other researchers, so it, I mean, take it for what it's worth. I just think it points to the ability to scale these kinds of attacks, which is not insignificant.
Dave Bittner: Yeah, I would also just add that when you read the back and forth on this, it is important to remember that we are in the midst of a hype cycle.
Joe Carrigan: Yeah.
Maria Varmazis: Yes.
Dave Bittner: So this may be the understatement of the year [laughter].
Joe Carrigan: Right.
Dave Bittner: So it is in Anthropic's interest to hype this as much as possible, and draw attention to this.
Joe Carrigan: Mm-hm.
Dave Bittner: And there are plenty of people out there who would be happy to sell you the solution to this, that which is AI-enabled, so-
Joe Carrigan: Of course.
Dave Bittner: And at the same time, there are folks on the other side who are so tired of the hype that they just want to shoot down everything. And so we've got these two extremes hurling things over the fence at each other, and so I think it's just good to keep that in mind, as you read this stuff, that this is just a lot of breathless shouting that is par for the course these days.
Joe Carrigan: Right.
Dave Bittner: So you've kind of got to keep that in mind.
Joe Carrigan: Yeah, well let me give you my, for once, calm and [laughter] reasonable take on this, and that is what I just said, is that yeah, this may not be any great shakes in terms of increasing someone's skill, but if they're skilled, now they can really scale.
Dave Bittner: Yeah. Yeah. Absolutely.
Maria Varmazis: I want to add a little, tiny footnote, because I used to work with Dan, briefly, Dan Tentler is also known probably a little better by a lot of folks as Vis, that's his username, and he uses it a lot across the internet, and he did a lot of research, presented it at Defcon some years ago, about Show Dan devices that were open, and easily scannable through Show Dan, so he-I trust his voice a lot, and he's very-I really trust his perspective on this, so when he speaks, I listen. So [laughs].
Dave Bittner: Okay that's good.
Joe Carrigan: Good.
Dave Bittner: Alright, terrific. Well we will have links to that story in the show notes. My story comes from the folks over at Bleeping Computer, and they are talking about a situation with iPhones, and I'm curious, before we dig into this, I'm wondering, have either of you ever lost your mobile device.
Joe Carrigan: Dave [laughs], last week I left it here in your office [laughter].
Dave Bittner: Oh, that's true.
Maria Varmazis: [Laughing] Swing and a miss.
Dave Bittner: So for you, it's a rhetorical question. So, it's a fresh wound [laughter].
Joe Carrigan: You know.
Dave Bittner: Well, let me extend that, lost it and not gotten it back.
Maria Varmazis: No, I have not.
Joe Carrigan: No.
Dave Bittner: Me neither.
Maria Varmazis: I mean, it happens to people, though.
Dave Bittner: I left my phone in a restroom of a Las Vegas casino, once. Walked out to the pool-
Maria Varmazis: And that's when your troubles began [laughter].
Dave Bittner: Yeah, exactly.
Joe Carrigan: Record scratch! Switch frame--
Maria Varmazis: You might be wondering how I got here [laughter].
Dave Bittner: So you know, I did the thing where I patted my pockets, and noticed my phone was missing and went [yelling] and turned around, and ran back inside, went into the restroom, and lucky for me, the phone was still there, but yeah, that was probably the closest call I've had. But people lose their phones all the time, and so this story is about a scam that's taking advantage of Apple's own lost device process, to try to steal your Apple ID credentials.
Maria Varmazis: Oh!
Dave Bittner: This is coming from the Swiss National Cybersecurity Center. And so here's what happens. So, you lose your iPhone, or it's stolen. And you use the find my app, which is an app in iOS, where you can mark your phone as being lost, and you can also post a custom lock screen message. So in other words, if I lose my phone, I can go on my computer, and tag my phone as being lost, so that, for example, if someone brings it to an Apple store for service, it will come up as being a lost phone, but also if someone just unlocks the phone, it will say "This phone belongs to Dave, please call him here." Right? So that's good functionality for a lost phone. So, what happens is, the attackers use that contact information and they send targeted phishing texts to the person who lost the phone and the messages pretend to come from Apple's team, from the Find My team, they claim the device has been located, and they often say it was found abroad. And they reference specific details, like the iPhone model, the storage size, or the color. Which can all be, you know, directly read from the device if you're holding the phone in your hand, this is your blue iPhone, you know?
Joe Carrigan: Right, and a serial number or model number on the back and you can look that up, and it will tell you all the tech specs on the inside of it.
Dave Bittner: Exactly, exactly. So, they have a link in their text message they send you that appears to go to Apple's Find My site, but instead, of course, goes to a phishing page that imitates the real log-in screen, so then victims enter their Apple ID and password, and Bob's your uncle, boom, they have your credentials.
Joe Carrigan: I imagine these guys sitting there going, like we haven't made this guy's life suck enough. Right [laughter], I mean, we took his phone from him [laughter], let's take his Apple ID too, yeah, that's a great idea!
Maria Varmazis: There go all your photos [laughter]. Hope you didn't need those, of your baby, or whatever!
Joe Carrigan: Right.
Dave Bittner: Yeah, so this allows them to unlock the phone, if they have your credentials, which then also makes it easier, once they-if they have the phone unlocked, they could resell it, they can wipe it, as Joe suggested, they can get into all of your banking apps, and all sorts of things. So they're turning this good functionality into something that is bad-
Joe Carrigan: I see, so they're actually, because I'm not like an avid Apple user. In fact, Find My is not on, as I learned last week, on my iPhone.
Dave Bittner: [Laughing] Still?
Joe Carrigan: Still, yeah, I don't even know if I can-it's not my iPhone, I don't have any control over what goes on with it, and-
Dave Bittner: I see.
Joe Carrigan: I have to call the IT department, and go hey, can I turn that on, and they might go no, don't turn that on, don't ever activate that. You know, if you lose it, we'll just get you a new one.
Dave Bittner: Exactly, we'll burst into flames.
Joe Carrigan: Right, yeah, that would be a great feature [laughter], you know? Just have a little C4 in the phone, and when somebody snatches it out of your hand, you have another button in your pocket, you just press that, and it explodes.
Dave Bittner: No-don't need C4, you just got a lithium ion battery in there, just [laughter]-
Joe Carrigan: Run a spike through the lithium ion battery-
Dave Bittner: A little solenoid powered fun pack.
Joe Carrigan: Yeah.
Dave Bittner: Pops the battery, and smoke, all the smoke comes out.
Joe Carrigan: Yeah, yeah, that's a great idea [overlapping speakers].
Dave Bittner: Sure [laughing] oh yeah, that's good.
Joe Carrigan: So, my question, we got derailed again, surprise, surprise [laughter]. My question is, they're actually using this to actually get access to the phone so they can go ahead and wipe it, and resell it, I'm guessing?
Dave Bittner: Yes, that is one of the things they're trying to do, and then also they will sell your credentials.
Joe Carrigan: Yes. It's a fire sale.
Dave Bittner: Yeah. So, Apple will not send you text SMS or iMessages about your lost phone, is part of what they're saying here as well.
Maria Varmazis: But Apple will text you for other stuff, so that's what makes it a little confusing to me, as a plain-old end-user. Anytime I buy anything from the Apple store, I always get text messages and such.
Dave Bittner: Yeah, that's true.
Maria Varmazis: So, I feel like that's a little confusing.
Dave Bittner: Yeah.
Joe Carrigan: Yeah, I just got a new phone recently, because I had the old Pixel 6, with the cracked screen, and the-you know, everything just falling apart on it [laughter], it didn't charge anymore. I mean, I held onto that phone as long as I could. So I had to finally break down and drop-fortunately Google had a sale, so I bought the Pixel 10. And I didn't, you know, I paid a lot, but I mean, I think I had $200 off. Anyway, I digress. They sent me a lot of text messages about shipment and things like that.
Dave Bittner: Yeah.
Joe Carrigan: Because I signed up for them. And then when I get on my new phone, there's a-there's a text message. An SMS message from Gemini, Google's AI product. Hey, you want to talk to me? No, I like talking to ChatGPT, thanks [laughter].
Dave Bittner: You don't want to feel like you're being unfaithful?
Joe Carrigan: Right, yeah [laughter].
Dave Bittner: To ChatGPT [laughter].
Maria Varmazis: Having an emotional affair with your LLM-
Joe Carrigan: I don't want her to get mad at me.
Dave Bittner: That's right. Who knows what they're talking about behind the scenes.
Joe Carrigan: Yeah, absolutely.
Dave Bittner: So, Joe! Heard you got a new friend. What? How did you know that? Oh, somebody-a little bird told me.
Joe Carrigan: Right, it's on the AI memo.
Maria Varmazis: Jimmy and I have been chatting [laughter].
Joe Carrigan: Right.
Dave Bittner: That's right, you should be ashamed of yourself.
Joe Carrigan: Yeah right. I'm going to make some pictures of you [laughing].
Dave Bittner: Yeah, exactly.
Maria Varmazis: Two timer [laughter].
Dave Bittner: Yeah, here's a picture of you in your car [laughter].
Joe Carrigan: Great.
Dave Bittner: You know, we had that story from a while back, where the AI were trying to blackmail employees. Remember that one?
Joe Carrigan: Vaguely.
Dave Bittner: The employees were threatening to shut down the AI, so the AI was threatening to black mail them, saying yeah-yeah.
Joe Carrigan: Right because it had read the emails [laughter].
Dave Bittner: Yeah, yeah, so welcome to our future.
Joe Carrigan: Yes.
Dave Bittner: Alright, we'll have a link to this story in the show notes, let's take a quick break. We will be right back after this message. [ Music ] And we are back! Maria! You're up. What you got for us?
Maria Varmazis: I have a little self-follow-up [laughter] first. So my husband, Eric, listens to this show religiously. He has a wood shop in our basement, so I hear my own voice coming through the speakers as he's listening.
Dave Bittner: That's disconcerting.
Maria Varmazis: It's like I'm cooking dinner, and I hear myself coming from downstairs. And us three, talking to each other.
Joe Carrigan: Okay, good.
Maria Varmazis: So he just listened to the episode where we were talking about IoT devices.
Joe Carrigan: Hold on, just a minute-
Maria Varmazis: Mm-hm?
Joe Carrigan: Maria! I'm in your basement [all laughing]-
Maria Varmazis: Oh, Jesus [laughter], thanks for that. Thanks for that.
Dave Bittner: Maria, your husband's great! What a nice guy! Hey, when's dinner going to be ready [laughter]?
Maria Varmazis: Give me about half an hour, alright?
Dave Bittner: Okay!
Maria Varmazis: [Laughing] So he was listening to the episode where we're talking about IoT devices, and I was trying to recall how many I had, and he is in real-time texting me from the basement, because we're lazy [laughter]-
Dave Bittner: Who needs an intercom?
Maria Varmazis: And he just-he goes, "I think we have 19," and then a few minutes later, 20, and then a few minutes later 22, it just keeps climbing [laughter] and I got sick of getting these text messages, I went downstairs, and I said did you think of this, this and this? And so we got to 26.
Joe Carrigan: Wow.
Dave Bittner: Wow.
Maria Varmazis: And the number keeps climbing [laughing] so I think 26 might be our number for now. I just thought that was a very funny add-on to that story, that we still don't really have any idea how many we have [laughter].
Dave Bittner: Wow. Okay.
Maria Varmazis: Because I have devices that he doesn't know about, doing things that like-have nothing to do with him, so he's like, oh, that's a thing? Oh yeah, yep, okay. Anyway, so that was that [laughter]. Moving on from that story, I wanted to make sure we had a chance, as we are in November at the time of this recording, to sound the holiday scams liturgical calendar [jingle bells ringing]-
Electronic Voice: Warning! If it seems too good to be true, it is. Your packages have been delivered, deck 5.
Maria Varmazis: Woop, woop, you like need some jingle bells or something [distant electronic voice continues] with the-I'm sure our audio team can make up something interesting for that. So, I'm sure Dave, you've, your email inbox has been full of all the tiches-
Dave Bittner: Oh yeah.
Maria Varmazis: End of year, holiday season scams, and we've gotten a bunch. So I figured I would take one that I found particularly compelling, because it specifically focuses on mobile shopping, which being an older person, I like to shop on an real computer. Many younger people like to shop on their phone. I'm just like, that's not real to me, if it's on the phone, but many people disagree.
Dave Bittner: I think there are people in our audience who are thinking, Maria, I like to shop in a mall [laughter].
Joe Carrigan: Right [laughter].
Maria Varmazis: I remember doing that! A long time ago!
Joe Carrigan: Stop at the malls anymore-and now it's all like, clothing stores. And I'm like, I have clothes. I want something cool.
Maria Varmazis: A physical store, how quaint.
Dave Bittner: Yeah.
Joe Carrigan: Yeah.
Maria Varmazis: [Laughing] So the mobile shopping report from Zimperium, they took a look at the 2024, so last year's, holiday shopping season to see what we can learn from it, to prepare for the season that is nigh, which is the holiday season coming up now. And to define that, we mean Black Friday, which is the day after U.S. Thanksgiving through early January, as the Prime holiday scamming season, not just for shoppers. Well, shoppers aren't usually scamming. It's usually the cyber criminals who are scamming the shoppers [laughter]. Alright, so for this specific report, that again focuses on mobile shopping, in the report Zimperium said they're categorizing things in three major threat vectors. One, just need to prepare myself to say this out loud [laughing]. They're calling it "mishing," [groans and laughter], yep, and that's-
Dave Bittner: Mishing?
Maria Varmazis: Yeah, and that is their-yeah, that's their re-brand of another word that I love saying out loud, which is smishing [laughing].
Joe Carrigan: It's like that old Hamm's-Mash's Hamm's commercial? What's the other S for? We dropped that for the salt.
Dave Bittner: Right, we throw that away.
Joe Carrigan: Right [sighs].
Maria Varmazis: So yeah, they dropped it for the salt. That's exactly it. It's mishing now [groaning] yeah. Who asked for this?
Dave Bittner: What? I don't even understand that.
Joe Carrigan: It's mobile phishing, Dave.
Dave Bittner: Ugh.
Maria Varmazis: As opposed to using just SMS, because I suppose some of it is also using WhatsApp, and iMessage, so SMS is really not as accurate. That would be my guess.
Joe Carrigan: Right.
Maria Varmazis: But, did we need this rebrand?
Joe Carrigan: No. We need a rebrand that makes sense, like scam texts, scam messaging, that would be good enough.
Dave Bittner: Yeah.
Maria Varmazis: Mm, well, don't quit your day job, Joe [laughter] okay? So that was, that word that I'm not going to repeat again, oh, actually I'll have to won't I-okay mishing, that was attack vector 1. Malware, makes sense, that's the second one. And the third one was ad vulnerability and exploit risk. So I'll dive into that. So for mishing [laughing], I really hate that world. They tracked the four major spikes for text-based, again, WhatsApp, iMessage, SMS, phishing campaigns, and they tend to spike around four major shipping deadlines and major retail events, because users are expecting messages around then. So during the 2024 holiday season, mishing websites, so again, these are websites that are imitating real retailer websites, for phishing purposes. They increased four times, compared to their monthly average, and the four spikes in these kinds of websites being created in 2024, the first one was for the Fall Amazon Prime event in November. The second one was Black Friday, which again is the day after U.S. Thanksgiving. Then, their third spike, which I thought was really funny was a few days before Christmas, which to me was sort of the "oh crap" button [laughter] for the holidays, and it's like, and I didn't buy anything, so all the last-minute shopping that people are trying to get done. And then the fourth one was really interesting, and actually the biggest spike of them all which was a little after the new year, and Zimperium said that's because it's in time for people shopping for epiphany, becuase in some cultures, you don't give gifts until epiphany day, which is January 6, if I remember correctly-
Dave Bittner: Huh-
Maria Varmazis: But I think it may also be people who are trying to do a little opportunistic shopping for the next year, because that's often when deals are dropping, it's like hey, Christmas is over, the New Years is over. Now, we're trying to clear out our inventory, so do some shopping.
Joe Carrigan: Hold on, I have-this, I'm on board with this Epiphany gifts [laughter].
Maria Varmazis: Okay, so may I introduce you to the orthodox church [laughter] in my culture, okay [laughs]-
Joe Carrigan: No, I'm going to stay Catholic [laughter].
Maria Varmazis: In a lot of the old world, Joe, Epiphany Day is the day that the gifts are given. So it's not just the Orthodox church, but-
Joe Carrigan: What bugs me about this time of year is all the nativity sets come out, and there's always three wise men, and in the nativity set, and I'm like the three wise men were not at the Nativity, they were at the Epiphany.
Maria Varmazis: Alright, so the next podcast, you're going to do is Joe's Liturgical Rants [laughter]-
Dave Bittner: Right [laughing] we've got Joe talks, Joe talks religion-
Maria Varmazis: Loony Tunes and Liturgy [laughter].
Dave Bittner: Right, we need Joe talks politics [laughter].
Joe Carrigan: Nobody will listen to that one.
Dave Bittner: I'm just thinking of all the third rails--
Joe Carrigan: Joe talks cartoons--
Maria Varmazis: [Laughing] Politics, religion, Loony Tunes.
Dave Bittner: Joe's advice on how to pick up women [all laughing], just, you know--
Maria Varmazis: Use your lower back [laughter], right?
Dave Bittner: That's right, bend at the knee--
Joe Carrigan: Nobody, nobody should take advice from me. That's one that I-I have no idea what to do. I mean, my son and I talk about it, and I'm like, I don't even know what to tell you. Sorry, it's a completely different world.
Dave Bittner: One day mom just showed up, and she never left [laughter].
Maria Varmazis: Like a barn cat [laughter].
Dave Bittner: Yeah, and here you are. Yeah. Right.
Joe Carrigan: A beautiful barn cat.
Dave Bittner: Very good.
Maria Varmazis: Nice recovery, I like that. Alright, so, alright, we're going to get back to this [laughter].
Joe Carrigan: Okay, sorry, I derailed this again.
Maria Varmazis: You know, in DNB, when a campaign is really bad, and it gets derailed, you say it's fully of monkeys, today is just full of monkeys [laughter]. Just absolutely monkey-filled. Alright, so the most targeted brands for phishing in 2024 will surprise probably no one, that about half of the phishing sites for mobile phishing, mishing, phishing, whatever-half of them were Amazon related. Rack of Ten Group was 20 percent of those sites, eBay, Allegro, Mercado, Libre, are other brands. I don't know what these are, but I'm not that tuned into brands, but I'm sure they are major brands. And interestingly, and this is a bit of a thread through this report was that attackers are kind of branching out from targeting brands, because I think maybe people are getting a little wise and/or brands are coming down on attackers maybe? And they're going after more and more payment processors, delivery and courier services, like, you know, DHL, the fake DHL, USPS, UPS, FedEx attacks, we see them all the time. And also digital wallets. Like contactless payment apps. And I'll get to this in a minute, but I couldn't name you more than maybe two of those apps, and there are a gazillion, scientifically speaking [laughter], so I wouldn't know if one was real or not, to be quite honest with you. So that gets me to the second vector, fake retail apps that they mentioned earlier. They see a surge in them over the holiday season, big surprise. They said over 120,000 fake mobile apps were reported in 2025 so far, with 65 percent of those impersonating retailer financial brands, so still that is the bulk of things. But not entirely. So brands that they've seen impersonated-eBay, Amazon, Rakuten, Allie Express, SHEIN, and Best Buy. The usual suspects there. But the payment apps, like I just mentioned. Digital wallets and contactless payment apps, that is a much-that is a hugely-growing sector, and those are getting increasingly targeted. Because again, I'm going to list you some of the ones that were targeted, and they found in this report. Tell me if you recognize more than half of these, okay? PayPal, Wise, Zelle, Venmo, Chime, Cash App, Pay-Tem, G-Cash, Bradesco Wallet, Satis Pay, Revolute, Manzo [laughs]-
Joe Carrigan: I recognize four of those.
Dave Bittner: Yeah.
Maria Varmazis: Yeah, I wouldn't know that half of those were even real. So, I mean, maybe it's because those are in regions that I don't live in? Maybe those are well known, because we're talking global brands.
Dave Bittner: Right.
Maria Varmazis: But I genuinely couldn't tell you if some of those are real. They are-[laughing] these are real, being impersonated. But I'm just thinking, you know, if there is a fake payment app on an app store that gets through the walled garden, would people really be able to recognize it was fake, given there seem to be so many and they're proliferating all the time.
Dave Bittner: Right.
Maria Varmazis: So the goal of fake retail apps or payment apps, or digital wallet apps like these, that are targeting these, rather, it's malware, so they're doing what you might expect-stealing credentials. Intercepting one-time passwords, so those codes that everybody loves. Exploiting screen overlays, so trying to redirect your attention and do something on-nefarious, elsewhere. And then also exploiting accessibility features. I seem to remember ages ago keyboards were a third-party-- keyboards were a favorite for stuff like that, now accessibility features seem to be another way that malware is exploiting people's phones. Very interesting. And then the third vector in this report is a little more for our friends who are either in software development, or enterprise-level security. So this is not for the consumer, but things that are exploiting app-level and ecosystem vulnerabilities. So every retailer now has an app. Good luck buying anything just on a website [laughs], you have to download their app. So everyone is trying to get these apps out the door as quickly as possible, and I think things are getting missed. And the reports analysis-a lot of top shopping apps both on Android and iOS ecosystems are showing recurring weaknesses, such as insecure software development kids being used, dynamic code loading, exposed services, hard-coded keys and weak signatures. Some of these sound familiar to I'm sure many of our listeners. I don't know what all of them mean [laughs], but this-again, these are more for people who are making the apps. The point that this report is trying to make is that an app with such vulnerabilities like these can introduce a supply chain risk, which if you are in an enterprise environment, or managing an enterprise environment, data can be collected from an employee's phone and then potentially also credentials could be part of that information. And then a trusted app could become a malware dropper, and then dot-dot-dot, exploitation at the enterprise level. Not so great. So again, that's not for the average user, necessarily. But that's for people who are either developing software or managing enterprise-level security. So, zooming out for a second. The key message about mobile security for all of us is to be careful, especially this time of year, because the attackers love this time of year. So texts about your package, click to confirm delivery, special offer, click now, those are very, very, very likely not legit. That free gift card thing ain't real [laughter], that's another-we see that all the time. Another pro tip is to don't be like Maria, do not be like me, do not click links [laughter]. Do not, do not tap go, do not collect $200. When you get that text message and there's a link in there, resist the urge to [laughing] click it. Instead, go to the official website, assuming that you can get to it, or the official app, again, assuming that you can get to it.
Joe Carrigan: Right.
Maria Varmazis: And check from there. And yeah, make sure your apps are from official stores, don't download directly from random websites. Go through the official app store.
Joe Carrigan: Yeah, I can't think of any good reason for somebody who is not developing applications to permit that other markets or app stores are allowed to load apps.
Maria Varmazis: Yeah [laughing] sometimes-
Joe Carrigan: Can't think of a good reason for it.
Maria Varmazis: Sometimes there are reasons for getting things for free that one should probably be paying for, um-
Joe Carrigan: Okay, that's probably malware.
Maria Varmazis: Yes, yes! But that is the risk that one might be willing to take, if one is trying to save one's money.
Joe Carrigan: Okay [laughter].
Maria Varmazis: Not saying I've done this, but maybe I have [laughing], when you are getting, but yes, you should really not do that, and you should go through the official store [laughs], the official iOS and Google app stores, and when you're looking for shopping apps, or wallet, or payment apps, you need to make sure you check for updates. Please keep updates on. If you can do that. Only install the app if the publisher is verified. Please be careful of look-alike apps, because they do proliferate, as we just mentioned. Check the download counts. That's one that I often do as well. If it only has like four downloads-mm, maybe stay away from that one.
Joe Carrigan: Right.
Maria Varmazis: And sometimes someone gets poned, and they actually post a review going "this app is fake," that's always nice, so read those.
Joe Carrigan: Yeah [laughter]. Look at the one star review, nobody ever pays for one-star reviews.
Maria Varmazis: No, that's right, they've got too many five-star reviews, that's another thing.
Joe Carrigan: Right.
Maria Varmazis: And enterprise is, you all know what you're doing, so I'm not going to be here giving you advice, but just something to keep in mind is that we are entering the season where a lot of your employees' devices are more likely to be poned, so maybe beef up those defenses for BYOD policies. So yeah, vigilance! Vigilance is the word for this time of year, so ho-ho-ho, enjoy, be careful.
Joe Carrigan: [Laughing] Ho-ho-ho!
Dave Bittner: Ho-ho-ho.
Maria Varmazis: Ho-ho-ho! Yes.
Dave Bittner: Don't get poned!
Maria Varmazis: [Sing-song voice] Ho-ho-ho, don't get poned, do-do-do-do [laughter], yep.
Dave Bittner: Alright, very good, we will have a link to that story in the show notes. Joe, Maria, [music begins] it is time for our Catch of the Day. [ Soundbite of Reeling in Fishing Line ] [ Music ]
Joe Carrigan: Dave, our Catch of the Day comes from the Phishing Sub-Reddit. Spelled properly here, but I want to point out, this is a screen shot from a cell phone. This person has 68% of their battery left, they-[laughter] somehow they're on a 4G network [laughter], I pay them-and they also have a waiting Telegram and WhatsApp message. Probably from the same scammer.
Dave Bittner: [Laughing] Okay! Maria, how about, do you do an Irish accent?
Maria Varmazis: I uh-[laughter], do I do an Irish-I don't think I've ever attempted to do one, I live in the Boston-
Joe Carrigan: Yeah, Maria, do ya?
Maria Varmazis: I live in the Boston area, that will get me beaten, if I try [laughter]. Um-
Dave Bittner: Alright, well, just do-do what you see fit.
Joe Carrigan: I will give you permission, if you'd like to use the Irish accent.
Maria Varmazis: I don't think I could do it just to be completely honest with you, so I don't want to offend [laughing] I think I would do a terrible job. Alright. May the peace of God be with you and your family. I know it will be a great surprise reading from me today, but I consider this a divine intervention, as a pastor explained to my understanding. My name is Mrs. Deborah Grant, a widow from the United States of America, married in Turkey, and I am writing to you from my sick bed, because I have been fighting cancer, and the doctor said I only have a few weeks left. I want to entrust my money, USD 8.5 million, to your care, for charity purposes to help the less privileged. As my late husband's relatives want me dead [laughter]-
Dave Bittner: Oh my god!
Maria Varmazis: -- so they will claim all my late husband and I worked for.
Dave Bittner: That took a turn.
Maria Varmazis: Right [laughter], once you receive it, I will tell you more about myself and what you need to do with the money. Please write to me as soon as you get this message. My health is pretty bad, and my doctor said I will be moved to the Intensive Care Unit anytime soon. Have a blessed day, and please pray for me. God bless you. Yours, Mrs. Deborah Grant. Email Deborah [laughter] at Gmail dot com-
Joe Carrigan: Lots of God sprinkled throughout this.
Dave Bittner: Yeah.
Maria Varmazis: You know if I ever became a drag queen, I think Mrs. Deborah Grant would become my drag name [laughter], Mrs. Deborah Grant.
Dave Bittner: Mine would be Foghorn Leghorn [laughter].
Maria Varmazis: I say, I say, I say.
Dave Bittner: I say [laughter], go away boy, you're bothering me [laughter].
Joe Carrigan: Right. That's not how you tie down a pumpkin [laughter].
Maria Varmazis: My late husband's relatives want me dead!
Dave Bittner: My sidekick, Chicken Hawk [laughter]. My-that's what I'd do, I would be a drag queen, but I'd have a ventriloquist's dummy that was Chicken Hawk [laughter]. So yeah, lots of stuff in here. So we've got the-one thing I want to note on this, it seems to me like this has been run through an alleged language model for grammar, because it's quite good overall. Right? It's-it's not as glaring as we've become accustomed to these things.
Joe Carrigan: There's a few things in here that are kind of not like up to par in terms of English syntax, like I consider this a divine information, as a pastor explained to my understanding.
Dave Bittner: Yeah, that's true.
Joe Carrigan: That's kind of awkward.
Dave Bittner: Yeah.
Joe Carrigan: It may just be run through a translator that's been made better with LLM, but you're right the grammar and the punctuation is spot on.
Maria Varmazis: Yeah, there's only one missing period, and it's-why does she feel, to mention that she got married in Turkey? I just-why? Why are we-[laughs], it's so odd, I don't know.
Dave Bittner: Well I'm guessing she's thinking, she wants you to believe she's American, so you have that in common, but she's trapped overseas, so you have sympathy for her. She's going to die there, because the rest of her family wants her dead [laughs], that's so-I don't know.
Joe Carrigan: Also, another thing is when you're dying from Cancer, you don't go to the ICU, you go to Hospice.
Maria Varmazis: Correct.
Joe Carrigan: You don't go to the Intensive Care Unit.
Maria Varmazis: No.
Dave Bittner: Right. Right.
Maria Varmazis: Mm, we could poke so many holes in this. I wonder if it's a scam?
Dave Bittner: Yeah [laughs].
Joe Carrigan: Oh, it's a scam! Guaranteed.
Dave Bittner: Yeah, and there's a call to action, please write to me as soon as you get this message.
Joe Carrigan: Right.
Dave Bittner: You know, so there's urgency.
Joe Carrigan: The 8.5 million dollars going to the less fortunate.
Dave Bittner: Right, she doesn't have time.
Joe Carrigan: I'm sure everybody who reads this, and goes hey, I'm less fortunate than 8.5 million dollars.
Dave Bittner: [Laughing] That's right. I'll give 7.5 million to the kids, and I'll keep a million for myself.
Joe Carrigan: Yeah.
Maria Varmazis: No, she only gave you 3 million, I don't know what happened to the rest.
Joe Carrigan: Right.
Dave Bittner: Alright, well, that is our Catch of the Day, and of course, we would love to hear from you if there's something you would like us to consider for the show, you can email us, it's Hackinghumans@N2K.com. [ Music ] And that is our show, brought to you by N2K CyberWire, we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes, or send an email to Hackinghumans@N2K.com. This episode is produced by Liz Stokes. Our Executive Producer is Jennifer Eiben. We're mixed by Elliot Pelsman, and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: I'm Joe Carrigan.
Maria Varmazis: And I'm Maria Varmazis.
Dave Bittner: Thanks for listening. [ Music ]
