Trust no link, my darling.
Dave Bittner: Hello, everyone. And welcome to N2K CyberWire's "Hacking Humans" podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Carrigan. Hey there, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the "T-Minus Space Daily" podcast, Maria Varmazis. Maria.
Maria Varmazis: Hi, Dave. And hi, Joe.
Dave Bittner: We've got some good stories to share this week, but first let's jump right in to our follow up. Maria, we get letters.
Maria Varmazis: We do. We do. And we have been getting letters, and boy did we get a good one that I was just -- it arrived while we were recording our last episode. It killed me that that's when it came in. But now we're going to share it. So this is from Professor Metcalf and they wrote this. "Submitted for your consideration. The next time an aquatic life form does something and we're not sure if it's a crime perhaps we should designate it as a fishdemeanor." Perfect. It's perfection, Profession Metcalf. Perfection.
Dave Bittner: That is pretty good.
Maria Varmazis: Was good. It was so good.
Dave Bittner: Yeah. I like it. I like it.
Maria Varmazis: Yes. And we got other emails as well. Do you want me to go to the next one, Dave, or --
Dave Bittner: Sure. Sure. Why not?
Maria Varmazis: Okay. Sure. This one comes from our listener Bill and they wrote, "Hi Dave, Joe, and Maria. Love the podcast. I listen to many shows in the interconnected Dave Bittner universe." The unknown rival of the Marvel comics universe right there.
Joe Carrigan: Right.
Maria Varmazis: "Your previous discussions of at least cataloging your IOT devices poked me in the brain to work on my home network to do list. And like many I've lost track of all the e-toys that we have let infiltrate our network." Hard relate. "One easyish -- " I'm going to try one more time.
Dave Bittner: Easy for you to say.
Maria Varmazis: Yeah.
Joe Carrigan: This is a tongue twister.
Maria Varmazis: "One easyish fix -- " Someone said easyish fish. That's not -- yeah. "One easyish fix I implemented was to power up a second home router dedicated to 2.4 gigahertz configuring it with a different IP network and shutting down 2.4 on my primary. This has led to some minor inconveniences, but it hasn't broken anything and my next step is to turn that IOT SSID in to the 2.4 guest network thereby I think locking the different 2.4 devices from each." It's an interesting idea. I might actually steal that idea. And they concluded with "Take care and keep the chicken updates coming." So, Joe, over to you.
Joe Carrigan: So yeah. I do have an update. I this morning I have confirmed beyond a shadow of a doubt that I definitely have a rooster.
Dave Bittner: Oh.
Joe Carrigan: So --
Dave Bittner: How does one do that, dare I ask?
Joe Carrigan: Well, hens do not crow.
Maria Varmazis: How early in the morning was it?
Joe Carrigan: It was like quarter to seven maybe. Yeah. Quarter to seven. Because what's happening right now is I'm taking the water in every night because if I don't it will freeze. And then I'm taking it back out in the morning and I actually put like two-thirds of it like hot water and then the rest of it cold water. And that makes it warm enough for the chickens to come out and drink and then hopefully my hope is that it won't freeze before I get home, although it has done that. And but, you know, chickens can go a little while without water, but not too long. You don't want them out there all day without it. So I want to make sure they have it for as long as they can. But I went out there this morning and it was, you know -- the sun was coming up. And I put the water bucket in to the chicken feeder or in to the chicken coop. Run. The run. And I hear them rustling around in there and all of a sudden I hear this rooster crow like you hear a rooster crow. I'm like --
Maria Varmazis: Well.
Joe Carrigan: Definitely a rooster.
Dave Bittner: Definitely a rooster.
Joe Carrigan: Yeah. So his name was probably a rooster. Now he is just a rooster.
Maria Varmazis: So did the hatchet them come out? Or what was the -- okay.
Joe Carrigan: No. No. No. I'm not going to get rid of this. I put a picture. I've been telling you how beautiful this bird is. I put a picture in the script here.
Maria Varmazis: Yes.
Joe Carrigan: You can see how handsome this bird is. He is the white one in the foreground.
Maria Varmazis: Indeed. Yes.
Joe Carrigan: And he is very noble looking in this picture.
Dave Bittner: Okay.
Joe Carrigan: He is an Americano. The one pecking right in front of him is the female Americano. So we may actually wind up trying to make little Americano chickens.
Maria Varmazis: Little nuggets, if you will.
Joe Carrigan: Little nuggets. Right.
Dave Bittner: [inaudible 00:04:28] going to offer moral support.
Joe Carrigan: Right.
Dave Bittner: The circumstances. You got this, man.
Joe Carrigan: I've just got to isolate that chicken, that hen, from the other hens because I don't want -- I don't want cross breeding of the other chickens. I don't want these other hens brooding. If I'm going to do this I only want one hen to brood. So I don't know how that's going to work. I may not even do it. I don't know. If I have to rehome the rooster I have already found somebody who is willing to take the rooster.
Dave Bittner: Okay.
Joe Carrigan: So it's good.
Dave Bittner: Now are you allowed to have a rooster? Because some places you're not.
Joe Carrigan: Technically I don't think I am because I don't have enough land to own a rooster.
Dave Bittner: Okay.
Joe Carrigan: But, you know, I'm going to see how this goes.
Maria Varmazis: Yeah. What's your acreage? Do you have to have several, like two acres or more, or what's --
Joe Carrigan: Three acres or more.
Maria Varmazis: Three acres or more? Wow.
Joe Carrigan: Three acres or more I think. That's what I remember hearing. I might be incorrect on that. It might be that it just might be that that's the point where you get unlimited chickens, but like I can have 12 chicken on my land.
Maria Varmazis: See where I'm at it's a one acre limit. I have a neighbor whose rooster I can pretty clearly hear down the road, but I mean I enjoy that sound, but not everybody does. I do understand that.
Joe Carrigan: Right. So I'll be making some buckeyes this Christmas season and going around and giving them to my neighbors going, "Hey. How you doing? Yeah. I got -- you know, don't -- if the rooster bugs you, let me know." "Oh. The rooster won't bug us." That's what I'm hoping to hear from everybody.
Maria Varmazis: I'm getting my best red wine ready for a nice pot of coq au vin. Just saying.
Joe Carrigan: Nice.
Dave Bittner: I feel like roosters are kind of like freight trains where you enjoy the sound of it when it's off in the distance.
Joe Carrigan: Right.
Maria Varmazis: That's fair.
Joe Carrigan: Yes.
Maria Varmazis: Yeah. Yeah.
Joe Carrigan: Nice.
Dave Carrigan: Where I live I can hear there's a freight train off in the distance that I can hear when the, you know -- when the wind's blowing in the right direction. I can just hear the rumble of it. And it's several miles away, and that's good.
Maria Varmazis: As opposed to your windows are shaking and you can't sleep at night which is bad.
Joe Carrigan: When I was leaving here last week after recording I heard that track. I heard a train on that, the horn of a train on that track.
Dave Bittner: Yeah.
Joe Carrigan: From here.
Dave Bittner: Yeah.
Joe Carrigan: And this is farther away from the track than your home is. And we used to hear it when we lived in Colombia all the time.
Dave Bittner: Yeah. No. It travels.
Joe Carrigan: Yeah, especially in the winter.
Dave Bittner: Had -- my wife and I had friends who had like six kids and we were like, "Wow. Six kids." And they're like, "Yeah. Our first home backed up to train tracks." Like okay. Every morning 5 AM the train came through. Well, we're both awake.
Joe Carrigan: Right.
Dave Bittner: Now we've got six kids.
Joe Carrigan: Right.
Dave Bittner: [Laughs] so there you go.
Joe Carrigan: I get it. I see what happened there.
Maria Varmazis: Okay. Fill in the blanks on that one. Got you.
Dave Bittner: By the way, going back to the IOT thing just to rewind.
Maria Varmazis: Yep.
Dave Bittner: And specifically IOT devices that sneak their way on to your network. So I was setting up our Christmas decorations this past weekend.
Maria Varmazis: Are they internet enabled, Dave?
Dave Bittner: Well, I'm getting there.
Maria Varmazis: Oh. Okay.
Dave Bittner: Back off, Maria. So I'm getting there. Stepping all over my story. So your --
Maria Varmazis: I was really eager. Okay?
Dave Bittner: You know who usually does this?
Joe Carrigan: That's me.
Dave Bittner: Joe usually does this.
Joe Carrigan: I was just about to ask Maria.
Dave Bittner: Don't make me.
Maria Varmazis: I'll slow my roll. All right? I'll slow my roll.
Dave Bittner: Don't make me add a fourth host. So I'm setting up our Christmas decorations and we have a couple of inflatables. We have a giant abominable snowman, bumble.
Maria Varmazis: The bumble. Yeah.
Dave Bittner: He's 12 feet tall. And we have a giant inflatable menorah and they both go on our top deck which is on the third floor of the house so you can see them from all over the land. And I have a remote control, an IOT remote control, that's part of my smart home system that I had assigned to these devices last year, last winter. And I had put it in the box with all of the things when I took them down this year. So when I set things up this year I plugged in this device, plugged in the -- you know, all the different things that were plugged in to it. You know, powered everything up. And I'm sitting about 9 o'clock at night and this deck is right outside of our master bedroom. And all of a sudden they all shut down 9 o'clock on the money. On -- my wife looks at me and I look at my wife and I said, "Well, the automation I programmed last year is still functioning."
Maria Varmazis: There you go.
Dave Bittner: So the same thing happened at 6 AM. Everything powers up. Everybody inflates and all good in the world. So. But it's -- it reminded me how these things can linger even year after year, you know. That automation was probably trying to reach out for this outlet all throughout the year when it wasn't there, and then it finally showed up. And it was like "Yay."
Maria Varmazis: This happy reunion of bits.
Dave Bittner: Yeah. Exactly. Exactly.
Maria Varmazis: That's kind of adorable.
Dave Bittner: All right. Getting back to chickens real quick, Joe, our CyberWire colleague Gina wants to know what brand of door you have on your chicken coop. You were talking last week about your automatic doors, and she is door curious. So.
Joe Carrigan: I have it is a Mayki, M-A-Y-K-I. They -- it is currently unavailable on Amazon. It's I went with the door that opens vertically and is one sheet of metal simply because once it goes down then I think that predators are going to have a hard time getting in there. So that's really -- I really wanted something secure. So I just went with something that has a little gear wheel that raises it and lowers it.
Dave Bittner: Okay.
Maria Varmazis: This is quite a -- sorry. I just looked it up. This is a lot more to a door for a chicken coop than I ever would have imagined. This is there's a whole bunch of stuff to this. This is not just a little door.
Joe Carrigan: Yeah. I had to modify the chicken coop too.
Maria Varmazis: There's a -- there's a status panel on there. I mean my god.
Joe Carrigan: Yeah. This thing was I think I said last week 40 bucks. I looked it up. Or 50 bucks. It's only 40 bucks for me. And they still have comparable models out there. They have one that rolls up like a little tiny garage door. I think that's adorable.
Maria Varmazis: Oh. Wow. Okay.
Dave Bittner: I'm just imagining you building an underground bunker for the chickens, little fallout shelter just in case.
Joe Carrigan: In case a fox comes.
Dave Bittner: You never know. Right. All right. Let's get to our stories here. Joe, why don't you kick things off for us?
Joe Carrigan: So my story comes from Google. Back in November Google's general counsel, Halimah DeLaine Prado, released a blog post titled "A Dual Strategy: Legal Action and New Legislation to Fight Scammers." So this post refers to something that is called lighthouse, and at least that's what Google is calling it. And this is a phishing as a service organization and kit. And it's not really -- I'm not really sure from reading the blog post if what's what, if it's the organization of if it's a kit. We'll just call it the kit right now. But the -- Prado says that these bad guys built this kit and really the name is not important. Right? But this is one of those kits that's designed to serve up malicious SMS messages and then provide landing pages for them. So we've all heard tons of stories about the SMS messages from Easy Pass and there's other ones from the postal service, and DHL.
Maria Varmazis: The fake ones. Yes. The fake ones.
Joe Carrigan: Right. The fake ones. Right. These are all the fake ones. And what is happening here is that -- is that Google has found at least 7 -- 107 websites, website templates rather, hosted websites, that feature Google's branding and sign ins that are specifically designed to trick people in to believing the sites are legitimate. So it looks just like they scraped Google's sign in page and said, "Hey, sign in for your stuff."
Dave Bittner: Right.
Joe Carrigan: The blog post says that lighthouse has harmed over 1 million people in more than 120 countries, stealing somewhere between, and this is a wide range, 12.7 million and 115 million credit cards in the U.S alone. So I don't fault Google for the wide range here because it's really hard to gauge this. You can only look at the complaints filed and the information you have, and if you interpolate that out to a larger audience you're probably somewhere in the ballpark with this number. And yeah. You statistically -- In statistics it's really hard to get numbers for when you don't have a good sample size. So that's why this number is so wide. This represents a five fold increase in these kind of attacks since 2020. Well, Google took these 500 -- or the 107 web pages that they found. And they have essentially filed a lawsuit and they're suing people. Who are they suing? They don't know.
Dave Bittner: Okay.
Maria Varmazis: Yeah. Okay.
Joe Carrigan: I went and I scrounged around the internet a little bit and I found the complaint, you know the lawsuit, and the lawsuit names 1 to 25 Does.
Maria Varmazis: John Does. Yeah.
Joe Carrigan: Yeah. John Does. Not deer. Right?
Maria Varmazis: [inaudible 00:14:02] that song right now. Yeah. Yeah. John Does.
Joe Carrigan: So that's one half of this article. The other half of this article is talking about strengthening defenses through policy and, you know, it says, the post says, we can only address one operation with a lawsuit. What we need is more robust policy. They talk about these three I guess bills that are being proposed right now. And the first one definitely comes from the U.S department of acronyms. And that is guarding unprotected aging retirees from deception which is called GUARD. This is sponsored by senators Britt from Alabama, Scott from Florida, Gillibrand from New York, and Nunn from Iowa. Oh, and Fitzgerald from Wisconsin. Oh. And New Jersey, somebody from New Jersey, Gottheimer. This stage would empower state and local -- or this legislation would empower state and local law enforcement, enable them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. So I guess the only one -- the only benefit here is that funds would flow from the federal government to the local government specifically for establishing offices helping older people when they've been scammed.
Dave Bittner: Right.
Maria Varmazis: Would be very helpful though. I mean --
Joe Carrigan: It could be. It could absolutely be very helpful.
Maria Varmazis: That's usually the advice that people are given is go to your local police. Right? If something's happened to you. So that would be huge.
Joe Carrigan: Yeah. And well I won't talk about my experience with going to the local police.
Maria Varmazis: Your mileage may vary hugely. That's true. No doubt about that. Yep.
Joe Carrigan: Right. The next one is called the Foreign Robocall Elimination Act which I kind of like sponsored by Senator Budd from North Carolina and Senator Welsh from Vermont. And this legislation would establish a task force. I always have problems with the word task force. I want to say tax force. Task force focused on how best to block foreign originated illegal robocalls before they ever reach American consumers.
Maria Varmazis: Don't we already have the answer to this? Sorry.
Joe Carrigan: Yes. We talked about it last week. Store tax or stir shaken is a good way to do it.
Maria Varmazis: Yeah.
Joe Carrigan: I think I don't know. I haven't looked in to this, but every time you get one of those suspicious calls or scam suspected I think that's just a phone call that comes in without a stirred shaken record. It doesn't have a signature. It's just allowed to ring your phone.
Dave Bittner: Could be.
Joe Carrigan: I don't know. Like I said, I haven't looked in to it again. Oh. And then here is a great acronym, one that really comes out from the U.S department of acronyms. Scam compound accountability and mobilization. The SCAM Act. So it's kind of self referential there. Sponsored by senators Cormyn from Texas and Shaheen from New Hampshire. Right. This legislation would develop a national strategy to counter scam compounds, enhance sanctions, and support survivors of human trafficking within these compounds. Now I don't know how good -- how beneficial this will be because not a lot of these compounds are in the United States.
Dave Bittner: Yeah.
Joe Carrigan: So it's outside of the U.S jurisdiction for this. So what -- help me understand this, Dave. You're more the legal guy or at least you have another podcast with a lawyer.
Dave Bittner: Say where's Ben Yelin when I need him. Yeah.
Maria Varmazis: Yeah.
Joe Carrigan: You're the one that talks to Ben every week.
Dave Bittner: Throw the bat signal up.
Joe Carrigan: Right.
Dave Bittner: Yeah. I don't know if this is, you know -- this is international funding to support those efforts or maybe right.
Joe Carrigan: Maybe that's all it is is just funding, but who are we funding? That's a good question. I'd like to read this act a little bit more. So anyway that's the story. That's the blog post, the sum of it pretty much. It says that they're taking -- they're taking legal action against 25 people they can't name, 25 people or organizations they can't name and don't know who they are. And they filed this lawsuit. I think that lawsuit's probably just completely worthless.
Dave Bittner: Well, it's performative.
Joe Carrigan: You're right. It's performative.
Dave Bittner: It allows them to put out this statement and, you know, should these people's heads ever pop up out of their little holes in the ground they might get nabbed or whatever.
Joe Carrigan: Yes, but I just imagine -- I just imagine the people behind this going, "Oh no. They don't know who we are. Let's keep going. We're doing pretty well."
Maria Varmazis: Yeah.
Dave Bittner: Yeah. Interesting. All right. Well, we will have links to those stories in the show notes. Maria, what do you got for us this week?
Maria Varmazis: Well, I've been doing a little bit of reflecting on Australia's new -- not new, but their under 16 social media ban just went in to effect as of time of this recording. And I've been reading with great interest the reactions from Australia about how things are going, especially from teens, whether or not, you know, this has been effective or they find it annoying or a relief. And some of the memes I've been seeing has been really focusing on the under 16s didn't need this so much as the over 65s do. And that was -- that sort of brings me to actually the crux of what I wanted to talk about today where there's a -- there's a survey that came out I think over the summer from Cox Mobile along with Common Sense Media where they surveyed the youth, the sandwich generation which are folks I think basically like us with both children as well as parents who are older that we're helping take care of. And then also they surveyed seniors. So and they surveyed across these three groups what their main concerns about being online in this day and age are and what their concerns of safety are. And then something I want to focus on specifically is what they found out from seniors. When they talked to the seniors in this survey they said most of them consider themselves digitally literate, and seniors in this case are over 65s. And that they, you know, use their devices for shopping, banking, social media, and entertainment. And 41% of seniors surveyed said they reported spending five or more hours online every day which that gave me pause because I'm going "Is -- how many hours do I spend online a day outside of work at least?" Of the retirees that I know who are not obligated to be tethered to a desk, how many hours do I think they're spending? And honestly five or more does track for the people that I can think of where I'm just seeing them on their phones all the time. And that then made me look. After I thought about that I went back and looked at some of the results from the sandwich generation, specifically folks closer to my age, and their concerns about their parents or the elderly in their life. And they said that in this survey more than a third of their parents had experienced phishing scams, malware, or data breaches in the last year. And 60% of the sandwich generation said they're worried about the risk of identity theft of their parent or elderly loved one. So I just -- that just to me was just an interesting - I don't know. It was very telling that while the seniors said that they felt like they were pretty good, digitally literate, and they're also spending an unbelievable amount of time online every day. The sandwich generation who are presumably looking out for these folks are going, "I am seeing something a little different from what the elderly are reporting." So that definitely gave me some pause. And the survey had some take aways for the sandwich generation in conversation with the seniors, although seniors of course are very welcome to listen in, about what they can do to enhance safety of the over 65s online. So I thought I would just go through those because again I think a lot of us are having these conversations this time of year in general. So just something just to brush up on. So number one for the recommendation was encouraging strong passwords. Yes. Table stakes. But recommending a password app if -- password manager app if you can. But maybe help set one up if this is something they're having trouble with. Or honestly telling them to write them down in a notebook that they keep near the computer, that's okay for a senior to do that. Like we don't scare people out of doing stuff like that. At that point if someone breaks in to their house and steals their password book they have bigger problems. That's like it's I know we were telling people for ages "Don't do that," but you know certain situations it may make more sense that, you know, it's all right. Number two is to promote security software. So many seniors say they have security software installed, but they may not have automatic updates enabled. And they may not know how to do that. They may need some help with that. And they may not know that that also could include their mobile devices. So if they have a desktop machine at home they may be more up to date with that than on their phone. That kind of thing. Anything like that that can help protect them is a good idea to have set up. In my own personal situation, I don't know about what you all have ever seen, but I know that my parents would often disable that, sometimes unknowingly because they found it really annoying. And then forget to reenable it. So that's like --
Dave Bittner: Right. Right. It's a really good point because when it comes to this sort of thing there's that old saying if it ain't broke don't fix it. That doesn't apply to software because vulnerabilities get discovered and patched. So --
Joe Carrigan: In this case broken means you're vulnerable.
Dave Bittner: Yeah. So I think, you know, if you're going to be visiting family over the holidays or something like that maybe asking them if you'd like them to take a look and see if their devices are up to date. That's a good thing to be able to do.
Maria Varmazis: Yeah. It's a pretty -- and for a lot of us it's a pretty quick -- I would guess for a lot of our listeners this would be a pretty quick and relatively easy thing to do. And this could actually save you quite a bit of grief later. So it might be worth saving yourself some trouble and just doing it now. Number three recommendation is encouraging them to enable multi factor authentication. And maybe in some cases just introducing them to what it is. You know, those text messages you sometimes get. People don't always understand what this means. And, you know, why do I need this if I have a password? These are all good conversations to have. People may be familiar with it through their banks, but they may not understand the value of enabling it for other services. So just talking to them about it can be a huge -- like it's worth the trouble, you know. It's worth doing. Make sure for your really important stuff you've got that set up. The number four thing is to review what apps and channels have accumulated on devices over time. About half of the seniors who were surveyed in the survey I was referring to earlier say that they make a habit of checking that their own devices have unsafe apps removed. They go through and kind of do an app hygiene check. That's only half. Right? So maybe we encourage the other half once in a while just check. Like do you know everything that's on your phone? What it's doing? If you don't, maybe it's time to delete it.
Joe Carrigan: Yeah. I don't know everything that's on my phone.
Maria Varmazis: Fair. And also same. But for me like when I was on my long flight the other week that was a great time for me to do that. I'm like I'm stuck here for 11 hours. I'm just going to go through and see what's on. What else am I going to do? Read a book? Nah. I'm like I'll just go through my phone and see that I know what all the apps are. And I found myself deleting quite a few. The number five recommendation is to use built in safety features. So these are privacy controls. So this might be a really abstract one to explain to people, but why you need to be kind of prescriptive about location sharing and not just say yes to everything. But if -- this is something that is definitely worth talking about with your loved ones and just, you know, make sure that if there are security features on devices that make sense for them have -- make sure that they're turned on. Again just take a few minutes to look over it with them and explain what they are. And number six is sort of the overarching one of what we've been saying is talk to the loved ones in your life regularly about what's going on. The seniors surveyed said they -- one-third of them. One-third of them have conversations about this stuff several times a week or even daily which is great, but the other two-thirds are not. So, you know, if you're listening to this podcast you're pretty on top of what's going on in the world and good job, but if you've got folks in your life who are not keeping in on this stuff which is most people, you know, you can help them out and just tell them, "Hey, did you know that there are scams that use AI to generate fake versions of people, you know, that might sound very convincing?" To try and scam you out of your money. You know, are you trusting incoming phone calls? That kind of stuff. The things that we all talk about all the time. Are you talking to other people in your life about this? So if you're not, can I just encourage you to please do so? Because that can really really help somebody out. So that's my PSA for the other two-thirds of seniors who are not talking to folks about this stuff. They could use your help.
Dave Bittner: Well, if you find yourself wanting for conversation or around the holiday table you can survey your relatives and find out how they're doing with all this stuff.
Maria Varmazis: Yeah.
Joe Carrigan: Let's have a riveting cybersecurity discussion at Christmas dinner.
Maria Varmazis: Honestly it can beat this alternative, especially if it gets political. So I'm just saying it can beat the alternative. I mean people come to me in my family because they know I'm the family nerd. So they just go, "Hey, Maria. What's this thing?" And I'm just -- same thing with my neighbors lately. They've all been finding out that that's what I talk about. So now I'm getting text messages or questions at the bus stop about, "What is this thing? What is that thing?" So I'm happy to be that person. I know not everybody is, but I'm very happy to help. So I guess send them to me. I don't know.
Dave Bittner: Well, I think I mentioned last week I was sitting in the dentist chair and my dentist was asking me about passwords and password managers and all that kind of stuff.
Maria Varmazis: Yeah. Yeah. And I know that my town's local senior center and our library often have tech check ins for seniors like once a month or something where they just need volunteers who are a little more tech savvy to come in and if the senior has questions about something they just need to have someone that they can ask. Sometimes they just have to show their phone to somebody and go "What's going on here?" So if you're really interested in helping people out like there might be something like that around you or you could volunteer some of your time. So yeah.
Dave Bittner: This is one of my main responsibilities with my father when he was still around was like he would say and the phrase was "Dave, while I have you here."
Maria Varmazis: Here. You're like it's going to be a while. Let me pull up a chair. Yeah.
Dave Bittner: Thanks for coming over and visiting and while I have you here I need you to look at the computer or the printer or whatever.
Maria Varmazis: Five hours later.
Dave Bittner: Right. Exactly.
Maria Varmazis: The struggle's real, Dave. The struggle is real.
Dave Bittner: Well, dad, we're buying you a new computer today. Congratulations. You're on the update -- you get more -- you get new computers more often than I do because it's the path of least resistance. All right. Good stuff. We will have a link to that story in the show notes. I tell you what. Let's take a quick break to hear from our show sponsor. We will be right back after this message. And we are back. It is my turn and I actually have two stories this week because they're both short. So the first one is we got a new alert from the FBI and they have put out a warning about what they're calling virtual kidnapping and extortion schemes. This is an evolution of those grandparent scams. They used fraudulent proof of life photos or videos. They're saying that what they're doing now is they're scraping these from online postings, sometimes from real missing person information. So imagine how bad that would be that you already have someone missing. These folks scrape that information.
Joe Carrigan: And then they go after the family?
Dave Bittner: They go after the family. Right.
Joe Carrigan: Missing -- got it. Yeah. I am as equally appalled as Maria is on this one.
Dave Bittner: Yeah. So they have nothing to do with the person being missing, but they call the loved ones and they say "We've got your kid or whoever and send us money." And of course you send them the money and nothing happens.
Maria Varmazis: So evil. That is so evil.
Dave Bittner: Yeah. Yeah.
Joe Carrigan: That's a great way to describe it, Maria.
Maria Varmazis: It's just straight up evil. That's just terrible.
Dave Bittner: Yeah. So the FBI say that these, you know, fancy AI tools are being leveraged by the criminals to alter footage from social media and to facilitate the scheme so they can make videos. They can make photos. Of course we talked before about they can make audio files of people. Sometimes they'll just have someone who's being a mimic, but these days sometimes if you have video of a loved one that is online that they can view it doesn't take much to be able to synthesize a version of their voice and have it say whatever.
Joe Carrigan: Right.
Dave Bittner: So the main advice here is to have a family password.
Joe Carrigan: Yes.
Dave Bittner: Right? So it's a family password that everyone knows if there's trouble and you need to verify that someone on the other end of the line or the call or whatever is the person that they say they are. You can ask them "What's the family password?" And if they don't know it will tip you off that it's probably not actually them. So.
Joe Carrigan: Right.
Dave Bittner: Be warned.
Maria Varmazis: Solid recommendation.
Joe Carrigan: Be calm if you get the phone call and you're like -- then they're like -- and you're like "What's the family -- just turn around and ask my child what the family password is." Because the first thing they're going to do is "Do you think this is a game?" I'm like, "Look. This is something very easy for you to do to verify that you have my son."
Dave Bittner: Right.
Joe Carrigan: "All you have to do is ask him what the family password is. He'll give it to you and if you give me the right password you'll have my undivided attention."
Dave Bittner: Right.
Maria Varmazis: Wow. You are remarkably calm in a child kidnapping situation, Joe. Got to tell you.
Dave Bittner: You haven't met Joe's kids. I have. And [laughs].
Joe Carrigan: You going to feed that boy?
Dave Bittner: Oh. You don't know what you got yourselves in to here, fellas.
Joe Carrigan: You know how many groceries he eats? He eats his weight in groceries every day.
Maria Varmazis: Have fun with that, guys.
Joe Carrigan: Right.
Dave Bittner: Yeah.
Joe Carrigan: It's like the ransom of Red Chief.
Dave Bittner: Yeah. Yeah. No. I, you know -- let's -- I love it, Joe, because look. Let's not waste each other's time.
Joe Carrigan: Right. Yeah.
Maria Varmazis: Are you yanking my chain? All right. Get out of here.
Joe Carrigan: Immediately the first thing I think is this is a scam anyway. Right? Like I -- whenever I answer the phone, you know, sometimes I do the Mabel Johnson voice because I'm almost convinced it's a scam every time. One time I did that and my dad was on the other end. Oh. Hey, dad.
Dave Bittner: [inaudible 00:33:09] my idiot son again. Been doing that Mabel Johnson voice since he was 13.
Maria Varmazis: And he thinks it fools people and we all just play along.
Joe Carrigan: Yep.
Dave Bittner: That's right. That's right. Oh my gosh. So my second story this actually comes from the folks over at "Billboard" magazine, the music related magazine. And they were tracking scams for fans of music performers. They say that these scams cost victims more than $5.3 billion in 2025.
Maria Varmazis: What?
Dave Bittner: So these folks are hijacking the Instagram accounts for major artists including Adele who I recognize the name of, Future, no idea.
Joe Carrigan: I don't know who that is either.
Dave Bittner: Future. Maria, you're younger than us.
Maria Varmazis: No. Yeah. No. That doesn't --
Dave Bittner: Tyla. Does Tyla mean anything to you?
Maria Varmazis: Nope.
Dave Bittner: T-Y-L-A? No?
Maria Varmazis: No.
Dave Bittner: And even the official page for the late Michael Jackson. All right. Him I know.
Joe Carrigan: I know Michael Jackson.
Dave Bittner: Right. Right. So they push cryptocurrency scams and Gizmodo reported that there are also some folks posing as Johnny Depp and they even had his voice. They convinced one fan to hand over $350,000.
Maria Varmazis: Jeez.
Dave Bittner: To Johnny Depp. By the way, I want to just inject here that just this past week I heard from a long time friend that their mother was scammed out of about $200,000 by a romance scam.
Maria Varmazis: Oh my gosh. I'm so sorry.
Dave Bittner: Yeah. And what's even worse is that the mom still thinks it's legit.
Joe Carrigan: Right. You know, that happens so often.
Dave Bittner: And so my friend is estranged from their mother because of, well -- in part because of this. And it's just heartbreaking.
Maria Varmazis: Oh. Yeah.
Dave Bittner: Anyway back to the story. The complaints to the FTC suggested this fraud ring stole millions in total. And the problem here is that musicians these days are relying heavily on their social media platforms. They've got to market their tours, their albums, and all that kind of stuff. And so these channels have become high risk entry points for fraud and reputation damage. And people are pretty starstruck when it comes to musical folks, you know. I think about like who would I be most starstruck to meet and certainly half of them are probably musicians I admire a lot. And I don't tend to be -- get starstruck. But I can think of some, you know, like --
Maria Varmazis: Yeah.
Dave Bittner: And, you know, it's funny. I saw -- I saw Stephen Colbert talking about this recently. He was talking to Paul McCartney and he was saying how -- Colbert was saying how he rarely gets starstruck, but he was totally starstruck by getting to chat with Paul McCartney. And he said he thinks the reason is because Colbert can't -- doesn't know how to make beautiful music, doesn't know how to write beautiful songs that affect millions of people all over the world. And so that ability seems magical and mysterious. Right? And that leads to being more starstruck than say someone who can do something that you know how to do. They just do it better.
Maria Varmazis: That makes sense. I could see that. Yeah. I understand that explanation. I am also wondering in the case of Michael Jackson they're -- what was the ask in that -- I mean he's not alive anymore. So --
Dave Bittner: Or is he?
Maria Varmazis: Or is he? I guess Elvis is also asking for money. I mean -- I mean I guess I could think of some schemes like, you know, people going his estate is broke because of, you know, something or other. But it's still I mean he's not with us anymore so okay. I really don't understand what the ask would be.
Dave Bittner: Yeah.
Maria Varmazis: Yeah.
Dave Bittner: So the idea here is just be mindful of these things. Warn your friends and family that musicians just don't ask to get you involved in cryptocurrency schemes. Generally that's --
Joe Carrigan: Or you can be like me and just have a healthy contempt for celebrities.
Dave Bittner: Okay.
Joe Carrigan: You know, like if Taylor -- it says here they also mention Taylor Swift, Sabrina Carpenter, Billy Eilish, all three of whom I know who they are.
Dave Bittner: Yeah actually.
Maria Varmazis: Wow.
Joe Carrigan: And I'm not a big fan of Taylor Swift's music.
Maria Varmazis: That is not a shock, Joe. You are not her target demo. No offense.
Joe Carrigan: I'm also not a big fan of Billie Eilish's music. I don't like her --
Maria Varmazis: Again not the target demo, Joe.
Joe Carrigan: But I don't like her tonal qualities. But Sabrina Carpenter I saw her on SNL. I was pretty impressed.
Maria Varmazis: Wow. All right. Still not the target demo, but --
Joe Carrigan: I know, but you know I can see someone sing and go "That's pretty good."
Dave Bittner: What about if one of your, you know -- one of your guitar gods, you know like if Lemmy reached out to you and said --
Joe Carrigan: Lemmy?
Dave Bittner: Yeah.
Joe Carrigan: He's like Michael Jackson. He is also deceased.
Dave Bittner: Well.
Maria Varmazis: Or is he?
Dave Bittner: Or is he?
Joe Carrigan: Technically he was a bass player. So.
Dave Bittner: Death has not slowed me down and I need your investment money.
Joe Carrigan: It doesn't slow me down. I got -- you say all right. I've got to put the microphone way up here. They're singing in to it. Right. I love Motorhead.
Dave Bittner: Everybody has somebody.
Maria Varmazis: Can I make a really out of the way suggestion? Do what I did and work for the people that you idolize in music and you will never care about them ever again because you will see what they are like in person up close and you'll go, "Ew."
Dave Bittner: Yeah. That's true.
Joe Carrigan: Yeah.
Dave Bittner: Never meet your heroes.
Maria Varmazis: Nope. I did that in my 20s and yeah. That sheared me of any idol that I had.
Joe Carrigan: I met Metallica one time.
Maria Varmazis: I'm sorry.
Joe Carrigan: Yeah. I will tell you this. Jason Newsted was a really nice guy.
Dave Bittner: Yeah.
Joe Carrigan: And I haven't ever met Bob what's his name. Robert Trejo [assumed spelling]. I can never remember what his last name is, but he was also a bass player for Suicidal Tendencies. But the rest of the band was insufferable. And that is not the first time I've heard this. Like I have a friend of mine. I tell this story out of school, but he went in to -- he was -- he flew out to California and he went in to somebody else's house and he walks in to the house and he looks at a guy sitting on the coach. He goes, "Oh. Your James Hetfield." And this is James Hetfield and James Hetfield throws his head back and he goes, "Oh. You said there weren't going to be any fans here" to the hostess. Right? And this guy looks at James Hetfield and goes, "I'm not a fan. I just know who you are." And he walks out.
Dave Bittner: All right. Touche.
Joe Carrigan: Yes. That was funny. You know I think I'd be impressed to meet, I don't know -- god. I might like to meet like Tom Araya, the lead singer from Slayer.
Dave Bittner: Okay.
Joe Carrigan: But and maybe Dave Lombardo, the old drummer from Slayer, because I'm really impressed with him and his percussion stuff and I like that. And I think he's really one of the best percussionists in rock and roll ever. Like he's in my top three with Neil Peart and what was his name. Buddy Rich.
Dave Bittner: Oh. Okay. Sure.
Joe Carrigan: I'd put him in that caliber of drummer. So maybe those guys.
Dave Bittner: Yeah.
Joe Carrigan: But I don't think I'd be starstruck. I'd be like, "Hey, it's really good to meet you."
Dave Bittner: Okay.
Joe Carrigan: Because I've met famous people before and I haven't been impressed.
Dave Bittner: Yeah. All right. Well, I will have --
Maria Varmazis: What if you met Tim Berners Lee?
Joe Carrigan: That would be cool. Maybe I would be a little starstruck.
Dave Bittner: Oh. There we go.
Joe Carrigan: I have met Audi Shameer [assumed spelling] the SNRSA.
Dave Bittner: Oh yeah.
Joe Carrigan: And he and my wife hit it off and he is a great guy. [inaudible 00:41:07].
Maria Varmazis: You just got to find the right kind of star, you know. It's just [laughs].
Dave Bittner: I met Michael Dell one time.
Joe Carrigan: Oh did you?
Dave Bittner: I didn't know it was him until after the conversation. I was like, "Oh. Wait a minute."
Maria Varmazis: Dude, you just had a Dell.
Dave Bittner: Yeah. Yeah. Right? He was just introduced to me as Michael and I'm chatting with him, having a lovely time. He walked away and I went "Wait a minute."
Joe Carrigan: Hey. Wait a minute.
Dave Bittner: That was Michael Dell. So all good. All right. We'll have links to both of those stories in the show notes. Joe, Maria, it is time to move on to our Catch of the Day. [ Soundbite of Reeling in Fishing Line ] [ Music ]
Joe Carrigan: Dave, our Catch of the Day comes from the scam bait subreddit. It looks to be some manner of text exchange.
Dave Bittner: Yes. It is. And so I was originally I had in mind that I would do this exchange with Maria, but I actually think it will be way better if I do it with you, Joe.
Joe Carrigan: Okay.
Maria Varmazis: I was going to say that exact same thing, Dave. Thank you because I read it and I was like "No. No. No. The two of you need to do this."
Dave Bittner: Yeah. Yeah. Yeah. So I will start off. So I'm the text on the left side of the screen. You are on the right.
Joe Carrigan: Okay.
Dave Bittner: So it starts off and it says "Okay, my love. Sweet dreams."
Joe Carrigan: And that is from yesterday. So this morning I wake up and I go, "Good morning, darling. How are you?"
Dave Bittner: "Good morning, my love. Waking up today my first thought was you, your smile, your warmth, the way your presence makes the world feel softer and brighter. I hope this morning wraps you in peace and reminds you of just how deeply you're cherished."
Maria Varmazis: This fanfic is crazy.
Dave Bittner: "May your day be as beautiful as your heart and may every moment carry the love I'm sending your way. I'm grateful for you always."
Joe Carrigan: "I'm good, darling. That was truly beautiful."
Dave Bittner: "Sweetheart, I'm facing an unexpected and pressing concern. Just after we finished talking earlier the security company where I store my safe box reached out to me announcing their sudden closure, requiring all clients to retrieve their boxes immediately. I am deeply worried about the potential security risks and the urgency of the situation. My safe box contains invaluable assets including my life savings, important documents, cherished family heirlooms and inheritance."
Joe Carrigan: "But they are not allowed to do that, darling. If they close it they have to give 90 days notice and supply an alternative. What is the security company called, darling?" I didn't --
Maria Varmazis: Darling.
Joe Carrigan: "Why didn't you use a bank like 99.999% of Americans for life savings?"
Maria Varmazis: This wasn't actually you, Joe? I'm just --
Joe Carrigan: No.
Maria Varmazis: Okay.
Joe Carrigan: That is exactly the tone in which I would ask that question.
Dave Bittner: All right. So time passes and we reconnect here. So, Joe, you start things off here, the next page, the next graphic there.
Joe Carrigan: "I'm good and had a great sleep. It's very cold this morning and frosty."
Dave Bittner: "I'm sorry, love. I wish I was there to cuddle with you, hold you close to myself and give you a wet kiss."
Joe Carrigan: "A wet kiss sounds so good, darling. Any news yet?"
Dave Bittner: "I can't wait to kiss you passionately." [ Laughter ]
Joe Carrigan: Still only the second gayest thing I've ever done.
Dave Bittner: "And make you feel on top of the world with romance and other sweet memories."
Joe Carrigan: "It sounds wonderful. Sounds wonderful to me, my love. Is there any news yet?"
Dave Bittner: "I'm still waiting, honey. I'll let you know. How's your morning going, my beautiful queen?"
Joe Carrigan: "It's going well. It's going well so far. How's yours?"
Dave Bittner: "Mine is going well too, honey. There's only one way to happiness and that's to cease worrying about things which are beyond the power of our will. Love means making the other happy even from a distance. Love is knowing you are the bud from which this happiness blossoms. Your presence in my life brings wonderful smiles and loving thoughts within my heart. I bless the day we got connected because I feel a very deep connection with you. I love you today, tomorrow, and forever."
Joe Carrigan: "That is truly beautiful, my love. I love you."
Dave Bittner: "To love is to place our happiness in the happiness of another. Kiss slowly. Love deeply. Forgive quickly. When I close my eyes and think about you I feel a warm gush of summer breeze."
Joe Carrigan: That summer breeze.
Maria Varmazis: Excuse me. I'm sorry. You two need some time alone?
Dave Bittner: "That's because you're the sunshine in my life. I love you much more, darling."
Joe Carrigan: "I will make you happy and give you everything you truly deserve, my love."
Dave Bittner: End scene.
Joe Carrigan: Right.
Dave Bittner: Maria, I don't know why you don't take our love more seriously than you do. You know, Joe and I have been doing this a long time before you joined us so naturally we have feelings for each other.
Joe Carrigan: Of course.
Maria Varmazis: I really was like I should just log off and just only let you two have your moment.
Joe Carrigan: Obviously a romance scam. I mean --
Dave Bittner: And the -- I put victim in air quotes because they are very effectively playing along.
Joe Carrigan: Right.
Dave Bittner: Yeah. But you know there's so many steps here that we see in a typical romance scam of just love bombing, the problem that needs to be solved, setting the stage for that. You know, we didn't actually see the ask here, but you know it's coming.
Joe Carrigan: Right. Well, there was the ask for the money for the -- for the vault. Right?
Dave Bittner: Right.
Joe Carrigan: Isn't that like almost like a trunk box scam kind of thing going on?
Dave Bittner: I think so.
Joe Carrigan: Still old scams wrapped in the internet. That's all it is.
Dave Bittner: Yeah. That's right. That's right.
Maria Varmazis: Why didn't you use a bank like 99.999% of Americans?
Dave Bittner: Oh my goodness.
Maria Varmazis: Yep.
Dave Bittner: All right. Well, we would love to hear from you if there's something you'd like us to consider for our Catch of the Day. You can email us. It's hackinghumans@n2k.com. We will be right back after this message from our show sponsor. [ Music ] And that is "Hacking Humans" brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show please share a rating and review in your favorite podcast app. I still have the giggles. Please also fill out the survey in the show notes or send an email to hackinghumans@n2k.com. This episode is produced by Liz -- let me. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by the very handsome Elliott Peltzman and the irresistible Tre Hester. The beautiful Peter Kilpe is our publisher. And I am most definitely not Dave Bittner.
Joe Carrigan: And I'm Joe Carrigan, darling.
Maria Varmazis: This was the best Christmas present ever. Thank you. And I'm Maria Varmazis.
Dave Bittner: Thanks for listening, my friend. [ Music ]
Maria Varmazis: I hurt from laughing. And that's not just the bronchitis talking. This is I hurt from laughing.
