Scammers gonna scam.
Dave Bittner: Hello, everyone. And welcome to N2K CyberWire's Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Carrigan. Hey, Joe.
Joe Carrigan: Hi, Dave.
Dave Bittner: And our N2K colleague and host of the T-Minus Space Daily podcast, Maria Varmazis. Maria.
Maria Varmazis: Hi, Dave; and hi, Joe.
Dave Bittner: Maria, we're really glad you're back.
Joe Carrigan: Yes.
Dave Bittner: It just wasn't the same without you. I mean, it's not like we didn't get along or anything.
Joe Carrigan: We had a good time.
Dave Bittner: We didn't come to blows or anything like that.
Maria Varmazis: Were the boys fighting again? Oh, gosh.
Joe Carrigan: Well, I don't know that's ever happened.
Dave Bittner: No, it hasn't. It hasn't.
Maria Varmazis: Yet.
Dave Bittner: But Joe and I have a great relationship and occasionally agreeing to disagree.
Joe Carrigan: Yes.
Maria Varmazis: All right. Well, sometimes it's the best you can hope for. That's fine.
Joe Carrigan: We avoid those topics where we -- where we have these -- where we have these disagreements.
Dave Bittner: That's right.
Joe Carrigan: Don't discuss it, which is what reasonable people do when they're friends.
Dave Bittner: There you go. There you go.
Maria Varmazis: That's true.
Dave Bittner: All right. We've got some good stories to share this week, and we've got some follow-up that I'm actually saving for my segment of the show because it is both so good and so complete that I want to actually make a segment out of it.
Joe Carrigan: Excellent.
Dave Bittner: But, in the meantime, Joe, any chicken update for us?
Joe Carrigan: Well, with my busted up ankle, I haven't made a lot of progress on the coop. But I do have to go out there every day and make sure they have liquid water, which is not the case; like, wasn't the case this morning. But I will tell you that one of my -- one of my hens, who exhibited a certain behavior when she was a chick, is still exhibiting the same behavior. So what would happen when I would walk out to the garage when they were in the garage, and I'd take the cover off of the little containment pen with the little chicks in it, this one would always immediately hop up onto the -- onto the edge of the pen and wait for me to pick her up.
Dave Bittner: Aww.
Joe Carrigan: Isn't that sweet? That's why we call her Snuggle Bug. She always wanted me to pick her up.
Dave Bittner: Course you do. Yeah. I love it.
Joe Carrigan: So I told you last week I built this chicken run with a really nice Dutch door on it.
Dave Bittner: Right.
Joe Carrigan: And I think it was Monday night I was out there, getting -- getting in there to make sure that they had water for the evening. And I opened the top door, and Snuggle Bug hops up directly onto that, onto the top of the bottom door and is like, Are you going to pick me up? And I'm like, Yeah. I'll pick you up. And I pick her up, and I take her up to the house. And I -- I let Lisa see her and, you know, give her -- Lisa likes to give her a big hug. And she loves it. She's like, This is so nice, which is really weird, you know?
Dave Bittner: Yeah. Well, that's good.
Joe Carrigan: Yeah. I don't know. It's really weird this chicken likes to be handled as much. It's not -- none of the other chickens want you to pick them up.
Dave Bittner: Yeah.
Joe Carrigan: They -- they just -- they -- they're just not interested in it, especially not the rooster, which you're actually not supposed to pick up the roosters.
Dave Bittner: Are you -- you have not yet gotten any eggs?
Joe Carrigan: Not yet, no.
Dave Bittner: Okay.
Joe Carrigan: I don't expect eggs until another two or three months.
Dave Bittner: Oh. Okay.
Joe Carrigan: That's when I'm expecting to start getting eggs. Now, my daughter is getting eggs galore. She has two. She got eight eggs yesterday, and she has two, two full cartons of eggs --
Dave Bittner: Wow.
Joe Carrigan: -- at the house. So the time of buying eggs in the Carrigan households may be coming to an end.
Dave Bittner: All right. Well, just don't forget your friends who also love eggs.
Joe Carrigan: Yes.
Maria Varmazis: I'm jealous. I'm too far to get fresh eggs from you.
Dave Bittner: Joe, I'm glad -- for what is it? Snuggle bug.
Joe Carrigan: Snuggle Bug.
Dave Bittner: Snuggle Bug. I'm glad for Snuggle Bug. But this -- this clip came across my desk this week. We're talking about chickens and us in one of the N2K Slack channels. And one of our colleagues, Tim, shared this clip. So I just want to play it here for us now, and we can comment on the other side. It's only 40 seconds long. This is Werner Herzog, the director and actor, well-known. And he's talking chickens. Here he is.
Werner Herzog: The enormity of their flat brain, the enormity of their stupidity is just overwhelming. You have to do yourself a favor. When you're out in the countryside and you see chicken, try to look a chicken in the eye with great intensity. And the intensity of stupidity that is looking back at you, it's just amazing. By the way, it's very easy to hypnotize a chicken. They're very prone to hypnosis. And, in one or two films, I've actually shown that.
Maria Varmazis: Is there anything --
Joe Carrigan: I'm getting my pocket watch out tonight.
Maria Varmazis: Yeah. There's -- Is there anything he could say that wouldn't make it immediately funny and also go super hard? Like, it's just...
Dave Bittner: No. There's definitely an intensity about him that he brings to everything.
Maria Varmazis: Everything. Yeah.
Dave Bittner: I don't know. I mean -- I mean, Snuggle Bug doesn't sound stupid.
Joe Carrigan: Well, she is still a chicken.
Dave Bittner: Okay.
Maria Varmazis: All right. So keep our expectations measured. Yeah. Understood.
Joe Carrigan: One of the things I was telling my wife when -- when she was giving her a hug is I -- remember they have very small brains.
Dave Bittner: Yeah.
Joe Carrigan: And I was -- I actually was looking -- looking it up online how small their brain is relative to their body size. And, like, compared to a crow, there's no comparison. Crows are, like, really intelligent birds.
Dave Bittner: Right. >> Maria Varmazis. Yeah. They're too intelligent corvids. They're just --
Joe Carrigan: They big-brain birds.
Maria Varmazis: I hate blue jays so much. Sorry. I have, like, a whole thing. We're getting -- we're talking about birds now?
Joe Carrigan: Yeah.
Maria Varmazis: Like, let's talk about birds.
Joe Carrigan: I'm not a fan of blue jays either.
Maria Varmazis: Yeah. But I love ravens, but they're very creaky. I've got a bunch that live around my house, and they scare the heck out of me.
Joe Carrigan: Yeah. I'm still trying to make friends with the crows. None of them want to be my buddy.
Dave Bittner: Yeah.
Joe Carrigan: You know, I do walk around with a pocket full of peanuts to just drop on the ground when I see crows. Hey, have a peanut.
Dave Bittner: Yeah.
Joe Carrigan: Because apparently they love that.
Dave Bittner: They do.
Maria Varmazis: We're going from chicken talk to bird talk. Is that just the evolution of the show? Okay.
Joe Carrigan: This is chicken adjacent because the reason I want the crows to be my friend to be around my house is they will run off the hawks.
Maria Varmazis: True.
Dave Bittner: Oh. That's true.
Joe Carrigan: Harm my chickens.
Dave Bittner: Yes. I have -- we have a lot of crows near my house. And we also get a lot of raptors because I live near a lake, and so the raptors come hunting. They grab fish. It's like National Geographic, you know.
Joe Carrigan: Like, you get bald eagles from time to.
Dave Bittner: I do, yeah. And I've actually seen that National Geographic moment where the eagle swoops down and grabs a fish and flies away. And it is majestic.
Joe Carrigan: That's awesome.
Dave Bittner: And you it's the kind of thing you don't think could actually happen in your backyard because you think this only happens on National Geographic. But it does happen there.
Joe Carrigan: But you were sitting on your back deck and saw that happen.
Dave Bittner: Yes.
Joe Carrigan: That's amazing.
Dave Bittner: But what I've also witnessed is that the crows can be big old jerks.
Joe Carrigan: Right.
Dave Bittner: They will absolutely run off a bald eagle because the crows have maneuverability that the bald eagle doesn't have. So they'll team up like three crows. And they'll just be buzzing around the eagle, pecking him and harassing him until the eagle flies away.
Joe Carrigan: Yeah. I got a story, but I can't really tell it here because it doesn't really lend itself to a podcast. But I did see a crow smack a hawk. I'll try to tell it anyway.
Maria Varmazis: It's a bad podcast story, but I'm going to tell it. All right. Step in. All right.
Dave Bittner: Yeah. Like the audience.
Joe Carrigan: Yeah. All right. Chicken talk. Let's just hit those stories. This crow came off of my neighbor's house and hit a hawk that was carrying like a little sparrow or something.
Dave Bittner: Okay.
Joe Carrigan: And the sparrow got away, and the hawk was -- apparently the crow was like, Yeah. Not in my town, buddy.
Dave Bittner: Yeah.
Joe Carrigan: Ran that Hawk off.
Dave Bittner: I have a friend who lives right down the street from our studio here, and she had one of those little bird feeders that you attach to the window so you can see the little birds feeding from outside.
Joe Carrigan: Yes.
Maria Varmazis: So cute.
Dave Bittner: And so she was sitting there watching the little birds, and all of a sudden there was this big swoop and feathers everywhere. A hawk came in and helped themselves to the buffet.
Joe Carrigan: See my related story. I have a very similar story, but I'll tell it when -- another time.
Dave Bittner: All right.
Joe Carrigan: It's just that's enough about birds, I think.
Dave Bittner: Well, let's get to our Hacking Humans stories. Welcome to, yes, birds are us weekly.
Joe Carrigan: Right.
Dave Bittner: I tell you what. Let's take a quick break. We'll be right back. I'm going to kick things off for us. But it's actually a piece of feedback here, and it is probably the best feedback we've ever gotten.
Joe Carrigan: Really.
Dave Bittner: Well, it is.
Maria Varmazis: Yeah.
Dave Bittner: I mean, it is -- it's legit. It is complete. It is well-written. It is authoritative. So we got a note from Tim. I'm just going to leave it at that.
Joe Carrigan: Okay.
Dave Bittner: Who is a special agent in the IRS Criminal Investigation Department.
Maria Varmazis: Who listens to this show. Thank you, Tim.
Dave Bittner: Yeah.
Joe Carrigan: So I have a feeling, Dave, that there's a lot of correction coming from Tim.
Dave Bittner: Well, that is true.
Maria Varmazis: Gentle, professional correction. Yes.
Dave Bittner: That is true.
Joe Carrigan: Which I appreciate, Tim.
Dave Bittner: But Tim does it in the nicest way.
Joe Carrigan: All right.
Dave Bittner: And so that's why we're sharing it.
Joe Carrigan: Good.
Dave Bittner: So I will just read Tim's kind note. Tim says, I just got done listening to the episode. It's just too good to be true, and couldn't help but send you an email after hearing all the IRS talk.
Maria Varmazis: Thank you.
Dave Bittner: You guys did a pretty good job of hitting home the main points of scam interactions with the IRS. I could tell there was some hesitancy around what criminal investigation would or wouldn't do in real interactions and wanted to offer my two cents. So you see what Tim has done here is buttered us up --
Joe Carrigan: Right.
Dave Bittner: -- saying that we did a good job.
Joe Carrigan: Yes.
Dave Bittner: And here comes the correction.
Maria Varmazis: Now, see; now the IRS is offering us money. Should we trust it? Mmm. Two cents.
Dave Bittner: Right, right.
Joe Carrigan: Yeah.
Dave Bittner: Well, if we ever get audited, you know, my first call is going to be with Tim.
Joe Carrigan: Right.
Dave Bittner: So Tim goes on and writes, We in criminal investigation 100% show up to people's houses unannounced.
Joe Carrigan: Okay. So Tim does work in criminal investigation.
Dave Bittner: Correct.
Maria Varmazis: Yes.
Joe Carrigan: Okay.
Dave Bittner: Yeah.
Maria Varmazis: So he says.
Dave Bittner: Yeah. Make cold calls or send an email to initiate contact, which were all things that we said they don't do.
Joe Carrigan: They -- correct.
Dave Bittner: So we were wrong.
Joe Carrigan: Yes.
Maria Varmazis: Yes.
Dave Bittner: Tim goes on and says, It all just depends on what form of communication we've tried up until that point, where criminal investigation agents and the interviewee are located, how adversarial the interaction might be, and so on. When in doubt, though, we'll be at your front door and leave a business card if we don't establish contact right then and there. Also, we're happy to try and verify ourselves over the phone or email by answering a number of questions and sharing our badge numbers. However, we are prohibited from sending photos of our credentials or badge.
Joe Carrigan: Yeah.
Dave Bittner: So that is a common hang-up between us, and people will reach out that think they're being scammed because the IRS never calls. He put that in air quotes.
Joe Carrigan: Right.
Dave Bittner: So he says, If someone needs to verify whether or not an IRS special agent is real, they should meet them in person at a public place such as the local US Attorney's Office, the local IRS office, or a library and ask to see their credentials and badge. That seems reasonable to me. Tim goes on and says, In IRS civil, you are correct about the forms of communication and all the telltale signs for scams. If it's not a letter or a call or email from someone you've already spoken to, forget about it. And definitely do not buy gift cards to pay off your fake overdue tax liability. Last, do not pay in bitcoin.
Joe Carrigan: All right.
Maria Varmazis: And he said that with a smiley face, which I really appreciated.
Dave Bittner: A little smiley emoji at the end there.
Joe Carrigan: Yes.
Dave Bittner: And Tim says, And, in general, thank you for putting together such informative and entertaining episodes. Tim's buttering us up again.
Maria Varmazis: He's such a professional.
Dave Bittner: He is. Yeah.
Maria Varmazis: And I've fallen for it completely. Thank you, Tim.
Joe Carrigan: Right.
Dave Bittner: You can tell Tim's used to interacting with people who are -- who he is much smarter than who look like us. Tim says, I love to hear about all the scams that are out there and trying to figure out how they might apply to my tax and nontax case work that dabbles in pig butchering, investment fraud, SIM swapping, and account takeovers, cryptocurrency theft, and everything else in the cyber adjacent world. Keep up the great work. And that's Tim who, again, is a special agent with the IRS. So, Tim, thank you so much --
Joe Carrigan: Yeah.
Dave Bittner: -- for taking the time to write.
Maria Varmazis: Yes. Thank you, Tim.
Joe Carrigan: Absolutely.
Dave Bittner: This is amazing. I guess we have to update our -- our information here.
Joe Carrigan: Yeah.
Dave Bittner: The IRS does come to your door.
Joe Carrigan: They do. Especially criminal investigation.
Maria Varmazis: If you're -- if -- yeah. Criminal investigation, yes. For sure. Yeah.
Dave Bittner: Yeah. So I guess you have to be -- you have to have been -- see, and now I'm speculating again. So I'm expecting, you know, Part 2 from Tim.
Joe Carrigan: Right.
Dave Bittner: It sounds -- what I infer from this -- and correct me if either of you feel as though my inference is incorrect -- you're probably pretty far down the path with them.
Joe Carrigan: Yes.
Dave Bittner: And, by that, I mean ignoring them.
Maria Varmazis: Yeah.
Joe Carrigan: Which you should never do.
Dave Bittner: Right, right.
Maria Varmazis: Yeah.
Dave Bittner: So I'm guessing letters come first and then probably phone calls and emails or whatever. Like, also, would imagine these agents are not thrilled to have to come out and knock on your door. Like, that's probably not a great day for them.
Maria Varmazis: Scary for them too. Yeah, yeah.
Dave Bittner: That's true.
Joe Carrigan: It's not -- it's not a zero risk job.
Maria Varmazis: Yeah.
Dave Bittner: Absolutely. No. But I guess that is part of the job so.
Maria Varmazis: Yeah. His tip about meeting in a public place, like, let's meet at the local IRS office, that's a great one.
Joe Carrigan: Right?
Dave Bittner: Yeah.
Joe Carrigan: Yeah. I'll meet you at the local IRS office. That would be -- that would be the place to meet, at the -- at the -- what did he say? The -- not the state's attorney.
Dave Bittner: US Attorney.
Joe Carrigan: US Attorney's office.
Dave Bittner: Yeah. I'd probably be less inclined to meet at a library, just because --
Joe Carrigan: Anybody can go to a library.
Dave Bittner: Anybody can go to a library. And, you know. I -- yeah, yeah. I -- the local IRS office seems optimal to me because nobody's going to walk into the local IRS office and pretend to be an IRS person, right?
Joe Carrigan: Right.
Maria Varmazis: I mean, somebody might. But that's ballsy as heck, so I'm not sure.
Dave Bittner: Yeah, yeah, yeah. Exactly.
Joe Carrigan: Yeah. Now, here's -- here's the comeback to that. Well, not really a comeback but an observation because I think that -- that Tim is probably well aware of this.
Dave Bittner: Yeah.
Joe Carrigan: If you're somebody who is under criminal investigation with the IRS, you're not going to the IRS office to meet an agent because you're afraid there's going to be somebody there to put you in handcuffs or something.
Dave Bittner: Yeah.
Joe Carrigan: If they're in criminal, if you're in the criminal part of the -- of their, you know, investigative services. So, I mean, the IRS has a job to do, and I get it. Yeah. I'm not happy with -- you know, you know me, Dave. I'm not happy paying taxes.
Dave Bittner: Right.
Maria Varmazis: Not me. I love paying my taxes.
Dave Bittner: Well, Joe, as you know, taxes are the price we pay for civil society.
Joe Carrigan: Yes. I understand.
Dave Bittner: This is -- so, Maria, this is one of the areas Joe and I agree not to talk about.
Joe Carrigan: Right. Tax policy.
Maria Varmazis: Oh, boy. That's a thrilling conversation.
Dave Bittner: Yeah, yeah. Oh, yeah.
Joe Carrigan: Tax policy happens above the level of the IRS, right?
Dave Bittner: Sure.
Joe Carrigan: The IRS is the service that is responsible for enforcing tax policy.
Dave Bittner: Right. They execute the policy that --
Joe Carrigan: Correct.
Dave Bittner: -- has been given to them by Congress.
Joe Carrigan: By -- yeah.
Maria Varmazis: They're the money police. Yeah.
Joe Carrigan: By a bunch of knuckleheads who fooled another bunch of knuckleheads into voting for them and...
Dave Bittner: All right. Well, thank you, Tim. Thank you, Tim, for sending this in. Truly, I --
Joe Carrigan: Yeah. Tim, I appreciate it.
Dave Bittner: This is really good stuff. Like I said, one of the best bits of feedback that we've ever had. So we are thrilled that you took the time to do this and also pleased as punch that you're listening to our show and finding value in it.
Joe Carrigan: Yeah. That's awesome.
Dave Bittner: Thank you very much. All right. Let's move on. Maria, you are up next. What do you got for us here today?
Maria Varmazis: Well, I have an evolution of a phishing campaign, a phishing campaign that's been around at least since 2020. So what I'm going to do is talk about what it used to look like and then get into what it looks like now. All right. So this phishing campaign was being used and being sent primarily through mass email clients called -- called SendGrid. So SendGrid is the primary one that's been used for this. I know that MailChimp also has been used for these phishes. But I'm going to concentrate on SendGrid because they've been really highlighted as the problematic one. So, yeah.
Joe Carrigan: I love the name MailChimp. It's one of my favorite online service names ever. MailChimp.
Dave Bittner: Yeah.
Maria Varmazis: Filing that away in useless information that I, you know.
Dave Bittner: Right. So SendGrid is similar to MailChimp; and then it's a -- it's a mail email service provider.
Maria Varmazis: Correct. Yeah.
Dave Bittner: Okay.
Maria Varmazis: So you are a business, or a small business, presumably, and you've got a list of thousands of emails of clients, presumably, that you want to email. And you need to use usually a service like SendGrid to mass email people without getting flagged as spam through any kind of email provider.
Dave Bittner: Right, right.
Maria Varmazis: So you use something like SendGrid. Your email account is sort of is flagged as, hey. This is trustworthy. You have a reputation. The SendGrid has a reputation. And the email -- the emails go, Okay. These emails can come through. The email services allow your emails to go through. So Brian Krebs actually covered a problem with SendGrid phishy emails back in 2020 where essentially, at that time, SendGrid did not have 2FA enabled on their service. So many, many SendGrid accounts were getting compromised, either through stolen credentials, brute force access, or even just basic old password reuse. And, essentially, bad actors were compromising legitimate SendGrid accounts and then spamming the people on the legitimate email list with phishy emails. So, ideally, what would happen for the attacker would be that somebody would click the phishy link, and they would then be taken to a fake SendGrid login page; and then the cycle would continue anew where now another SendGrid account has been compromised, and more phishy emails could go out. So it would just keep going over and over. And actually Netcraft in 2024 called this specific situation phish section over and over. Just keeps going as phishes all the way down. And these, the specific SendGrid phishes back in 2020, the emails themselves were always sort of SendGrid account related. So the emails would say something like, Hey. Your account's been compromised. Your payments been declined. Your account's been marked for deletion. Your account's under review. Do you have bad practices? So that would be that urgency that's often talked about, about -- that hooks the person into the phish. And they would go, Oh, no. I need to fix something with my SendGrid account. And, of course, that means I need to log into my account to fix it, and that's how their account would get compromised. So that's sort of the old paradigm for the SendGrid phish. Now there's a new SendGrid phishing tactic being used. And this is covered by a gentleman named Fred Benenson in his personal blog because he's been noticing this. And he has dubbed it The Rage Bait phish. And this is super fascinating.
Dave Bittner: Oh, goody.
Joe Carrigan: Yeah. That might work on me.
Maria Varmazis: Yeah. I think it might work on a lot of us. I think -- do I even need to explain what rage bait is now? It's sort of in the air we breathe. It's -- yeah. It's the media landscape. And so that's --
Joe Carrigan: Yeah. That's 100% correct.
Maria Varmazis: Yeah.
Joe Carrigan: It's pretty much all the internet has become.
Maria Varmazis: It's just pure rage bait. So what Fred was noticing is he got an email that was a very clear SendGrid phish. And this is how it goes. I'm just going to read it. The subject line says this: ICE support initiative, and this is the text. Hello. We're writing to inform you of an important update to our email platform in response to recent events. As part of our commitment to supporting US Immigration and Customs Enforcement, we will be adding a Support ICE donation button to the footer of every email sent through our platform. This button will appear automatically in all outgoing emails starting next week. What this means for you: All emails sent from your account will include the Support ICE footer element. Recipients can click to donate directly to ICE support programs. This change helps us demonstrate our platform's civic commitment. And then the next line is, There is an opt out available. If you prefer to not include this footer in your emails, you can disable it in your account settings. And there's a handy little button there. It says, Go to Account Settings. Run. Do not walk to that button. Oh, no, Dave. You've been phished. Wow. I can just see Kermit flailing his arms right now.
Dave Bittner: Ah!
Maria Varmazis: Yeah. So Fred also had noticed previous phishes in this rage bait vein. One of them was an LGBT Pride footer that, again, would automatically be added to all of the emails that you sent. And another one was --
Joe Carrigan: I was going to say I'll bet they do this the other side of the political spectrum. Here it is.
Maria Varmazis: Oh, 100 percent. Another one that was an automatic Black Lives Matter footer automatically added to any email that you sent.
Dave Bittner: Sure.
Maria Varmazis: So they're casting the widest possible net. How many people can they possibly hook through rage bait? And they're trying all of the tactics. So it's I just thought this was remarkable because I was looking for other examples of people noticing this since I read Fred's blog post, and I haven't seen a lot of instances of this. But that feels like a yet is coming.
Dave Bittner: Right.
Maria Varmazis: I imagine this -- this seems rather dastardly to me, a phish using rage bait as its hook. And I've got to imagine this tactic is going to become very popular very soon, if it hasn't already.
Joe Carrigan: I'll bet this is remarkably successful.
Dave Bittner: Oh, yeah. Yeah. I mean, this is what we always talk about, using your emotions to short circuit your critical thinking.
Joe Carrigan: Right.
Dave Bittner: You know, you get somebody wound up. You're going to do what to my business email?
Maria Varmazis: To my business email. Yes.
Dave Bittner: Right. And so they're just going to smash that Go to Settings button.
Joe Carrigan: I can even see someone who --
Maria Varmazis: Panic.
Joe Carrigan: Yeah. I can see someone, a centrist, right, a political centrist going I don't want that on my email because I don't want to alienate a huge chunk of my -- of my customer base.
Maria Varmazis: I don't want to feel those angry emails from either direction. Yeah. Completely understand. Nobody wants that. Yeah. I'm just the marketing intern, and I'm seeing this in my inbox. And I'm going, I don't want to have to explain that to my boss.
Dave Bittner: Right.
Maria Varmazis: Yeah, yeah. And then I'm not even thinking about it. I'm literally, you know, in the bathroom seeing that email, panicking before the CMO calls me up, going, what the heck is this? And I'm hitting that Go to Settings button and not even thinking about the fact that I probably just got phished.
Dave Bittner: Right. Yeah.
Maria Varmazis: This would 100% have worked on me, 100% because I've been in that situation. I would have panicked so quickly. So I guarantee you we're going to be seeing a lot more of this kind of tactic. And, again, as far as we know, the goal here is to compromise SendGrid accounts, to send more of this to continue the phish section. I wonder if there's a longer long-term play it here in the background that we don't know about yet, but there's got to be one.
Joe Carrigan: I think I know what that is, actually. And I don't know -- I've never used SendGrid, but is it possible when you're in SendGrid, when you're in the interface to say I just need the list of email addresses I have?
Maria Varmazis: Oh, I'm sure there is. Like, just a quick export. Yeah.
Joe Carrigan: So if you can just export all the email addresses that all these small businesses have, you know they're valid email addresses. And now you have essentially a huge cache of new, refreshed email addresses.
Dave Bittner: Yeah, yeah.
Maria Varmazis: Yeah. That's true because the email services like SendGrid also will tell you if those emails are actually healthy, you know, if they're not getting -- if they're not bouncing back so that you can -- you know that they'll actually work. So, yeah. That's a pretty good -- good point. They're just able to get the clean email that are actually working so.
Joe Carrigan: That's my guess.
Maria Varmazis: That's a good guess.
Joe Carrigan: The only -- the only reason I think that is because they're only sending out phishing to other SendGrid accounts, or they're sending this phishing -- these -- these phishing emails out, they're phishing SendGrid account holders.
Maria Varmazis: Yes.
Joe Carrigan: And then they're -- they're not using the SendGrid account to send out actual phishing emails.
Maria Varmazis: Right. As far as I know, that's true. Yes.
Joe Carrigan: That to me looks like they're just building new email lists.
Dave Bittner: Yeah. Could be.
Maria Varmazis: Yeah. So far, that seems to be the case. But, again, I really wouldn't be surprised if there's a really long game at play.
Dave Bittner: Yeah.
Maria Varmazis: But we'll see, I guess. So the news on the SendGrid side of things is that there is actually 2FA now available for SendGrid account holders.
Joe Carrigan: It's not mandatory, though.
Maria Varmazis: It -- no. Well, actually, you know, I shouldn't say. I don't know that that's -- that it's mandatory. If it isn't mandatory, please enable it.
Joe Carrigan: Yep.
Maria Varmazis: Please. It's -- they were -- SendGrid was getting reamed by InfoSec press for a while for not having 2FA. So they do have it now, so you should definitely enable that. Strong unique passwords because, again, a lot of these SendGrid accounts are being compromised from simple password reuse. And please be aware of this new tactic. So, if you see this and it makes you freak out, take a moment.
Joe Carrigan: Right.
Maria Varmazis: Don't click the Go to Settings. Maybe try another way to get to your settings without clicking the link in an email.
Dave Bittner: Right.
Maria Varmazis: So give that a shot.
Dave Bittner: Just, you know, be aware of your emotions. And if you find yourself getting wound up over something, stop and check yourself. I know it's easier said than done.
Joe Carrigan: Right. Especially you're over there making all those noises like Dave was.
Maria Varmazis: The appropriate noises.
Dave Bittner: Ra, ra, ra!
Maria Varmazis: Rabal rabal rabal rabal rabal rabal.
Dave Bittner: All right. Very good. We will have a link to this story in our show notes. I tell you what. Let's take a quick break here. We will be right back after this message from our sponsor. And we are back. Joe, you're up. What do you got for us?
Joe Carrigan: I have two stories today because the first one is, again, going back to Southeast Asia; and it's from Reuters. And the headline is, Cambodia to keep up crackdown on scam centers after arrest of alleged mastermind. I love when someone gets called a mastermind.
Maria Varmazis: Alleged.
Joe Carrigan: Right?
Dave Bittner: Yeah.
Joe Carrigan: I'm just going to go over this one really quickly, because I don't want -- we spent a lot of time on this. But there -- the US has indicted this guy, Chen Zhi, and he has since been extradited to China. And, despite that, Cambodia is saying we're going to continue to curb these scams. And the article talks about how these scam centers in Myanmar and Cambodia have generated billions of dollars in losses, with a B. And Cambodia is in close cooperation with other nations, according to the foreign minister of Cambodia. So good on them. They're going to keep this up. They know just capturing one bad guy is not the end of this. There's a virtually endless chain of people who are willing to -- they hear the word billions, and they go, All Right. I'm in.
Maria Varmazis: How do I get in on that action? Yeah.
Joe Carrigan: Yeah. My other story comes from WSMV, and this one is about an Uber driver who got scammed out of $300. And here's how this scam worked. He was driving along, doing what Dave does --
Dave Bittner: Minding his own business.
Joe Carrigan: -- minding his own business, driving an Uber ride.
Maria Varmazis: Nothing but taxes. Yep.
Joe Carrigan: Right. I hope he's paying his taxes like every fine, upstanding American, including us.
Dave Bittner: That's right.
Joe Carrigan: And he was -- he gets a phone call on his phone, naturally.
Dave Bittner: I see. That's weird.
Joe Carrigan: Here comes the pigeon with the phone call.
Maria Varmazis: The shoe just started ringing. I don't know.
Dave Bittner: Yeah. Getting a phone call through my glove compartment. That's odd.
Joe Carrigan: She -- Maria says shoe, but she probably doesn't remember Get Smart.
Dave Bittner: Yeah.
Joe Carrigan: Maria, do you remember Get Smart?
Maria Varmazis: I know of Get Smart. I've seen -- I saw that. I've seen the remake and a few of the originals, but yeah.
Joe Carrigan: Maxwell Smart had the phone -- the shoe phone.
Dave Bittner: Yeah.
Maria Varmazis: Yeah. I think that's probably what I was unintentionally referencing.
Joe Carrigan: Dial in the heel. It was hilarious. That was Mel Brooks, by the way.
Dave Bittner: Yeah.
Joe Carrigan: One of my favorites. So this guy is -- they're calling him Zach. That's not his name. So he -- he has said that he originally was able to make enough money to live on Uber, but now he's just doing it as a side hustle because it doesn't support him anymore. He's making less and less money with it. But, when he answered the phone, he got an automated message saying that it was Uber support. And they told him that he had been reported as being a drunk driver, and they said he needed to pull over immediately and go through a verification process; otherwise, he would be banned from the Uber app.
Maria Varmazis: Wow.
Joe Carrigan: So he gets this call. He does what -- what the phone call says in the middle of a ride.
Dave Bittner: Oh, no.
Joe Carrigan: They told him to cancel the ride and head to a Walgreens for a sobriety test. Then he has to pay $300 for a sobriety test, which he says, If you pass -- the guy on the phone says, If you pass, you'll be instantly refunded the money. But, if you fail, you'll be fined another $750 and be permanently banned from -- from the app. So he -- they sent him a barcode. He transfers money. I'm not sure which app this is through, but it's probably through like Venmo or something similar to it because those work with barcodes.
Dave Bittner: Yeah.
Joe Carrigan: And he sent $300. And he got back his -- to his car and went to the Walgreens to wait for the person to meet him in the parking lot, but no one ever shows up. And that's essentially the scam is they have scammed him out of $300, and he's now not making money with -- with Uber right now because he's -- you know, hey. Somebody told us that you're drunk right now. Pull over. Uber, he reached out to Uber, and they said, We will never call you directly from our customer support line.
Dave Bittner: Yeah. We've heard that before.
Joe Carrigan: Right. Next week, we're getting an email from somebody at Uber.
Maria Varmazis: We'll read that one out.
Dave Bittner: Wouldn't it be -- wouldn't it be just the greatest thing in the world if Tim was moonlighting as an Uber driver.
Joe Carrigan: That would be hilarious.
Dave Bittner: And he called us with the -- with the real skinny.
Joe Carrigan: Right.
Dave Bittner: I don't know why that tickles me so much, but it does.
Maria Varmazis: Because he's got expertise in both arenas. Yeah.
Dave Bittner: Right.
Joe Carrigan: So, anyway, Zach has lost $300 to this. And he's working with Uber to try to get his money back. Uber I don't think is probably going to give him the money back. He did have someone break into his Uber account at one time and essentially steal $700 in credit. But he got that back because that was from Uber's system.
Dave Bittner: How hard do you suppose it is to get an Uber driver's phone number?
Joe Carrigan: I don't know. That is one of the nagging questions that underpins this for me is how do they know this guy was an Uber driver?
Maria Varmazis: Okay.
Joe Carrigan: How do they know that he was in the middle of driving?
Dave Bittner: Yeah.
Joe Carrigan: Something else.
Maria Varmazis: In an automated way or a manual way? Because, I mean, I've had Uber drivers message me from their cell phone, but does it go through an intermediary? I would think it would. But I'm thinking, when someone's picking you up, they're like, Hey. I'm here.
Joe Carrigan: Right.
Maria Varmazis: Usually you get a text message, but I have presumed all this time that's coming directly from the Uber driver's actual phone number and not, you know, like a third party but.
Joe Carrigan: I've always -- when I use Uber, it's -- I do everything through the app. Like, I'll get a message of where he is.
Dave Bittner: Right.
Joe Carrigan: And he's five minutes away or she's five minutes away. And it's -- you know, it's all done through the app. I never get text messages.
Maria Varmazis: Oh, yeah. I've gotten text messages before. And I've always thought that was a little odd that I'm getting an actual text message.
Dave Bittner: Yeah. I've gotten text messages.
Maria Varmazis: Yeah. But I don't know how you automate that. I'm sure there's a way.
Dave Bittner: Yeah. I mean, I suppose, given where we are in the world today, that it's not that hard to put the word out that you want to buy a list of phone numbers of Uber drivers in your town.
Joe Carrigan: Yeah.
Dave Bittner: And that's probably pretty easy to buy. So it could be that simple.
Joe Carrigan: Yeah. The other thing that occurred to me is it could be the ride that he was actually picking up, that that guy was in on the scam.
Dave Bittner: Could be. Could be.
Joe Carrigan: That -- yeah. That he -- I don't know how that would work. I'd have to -- I'd have to know more. And this article doesn't have a lot of details on it, so I'm just doing what I do best and speculating wildly.
Dave Bittner: Well, if you get 300 bucks a pop.
Joe Carrigan: Right.
Dave Bittner: You know, that's --
Joe Carrigan: Right. It's worth it. Lucrative. Yeah.
Dave Bittner: Yeah. Absolutely. All right. Well, we will have a link to those stories in the show notes. And, of course we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's HackingHumans@n2k.com. Joe, Maria, it is time to move on to our Catch of the Day. [ SOUNDBITE OF REELING IN FISHING LINE ]
Joe Carrigan: Dave, our Catch of the Day comes from the scam bait subreddit. And, honestly, this -- did you do this, Dave?
Dave Bittner: I did.
Joe Carrigan: Because It's called Dave Part 1.
Dave Bittner: Yeah, yeah, yeah. Right.
Joe Carrigan: And is this -- is this really your submission?
Dave Bittner: No.
Joe Carrigan: Oh. It's a coinci -- it's a coinky dink. I guess a lot of people are named Dave.
Dave Bittner: Yes. Fewer and fewer. I mean, you know, kids today aren't giving their kids normal names anymore.
Joe Carrigan: Right.
Dave Bittner: So, if it was -- if someone did name their child Dave these days, there'd be a y somewhere in there. It'd be like D-A-Y-V-E, you know. But whatever. You know, our generation of parents named us to fit in, and today's generation of parents names their kids to stand out. That's the main difference.
Joe Carrigan: Yes.
Dave Bittner: All right. So we're going to do this here. Tell you what. Maria, how about you partner up with me on this one. I will be the -- I will lead off.
Maria Varmazis: Okay.
Dave Bittner: And we'll go from here. So I'll be the text in white. You be the text in blue.
Maria Varmazis: You got it.
Dave Bittner: Very good. All right. Here we go. Hello there, Miss Maggie. Good day. I kind of want to say Merry Christmas, Maggie, and thanks for getting back to me here. Well, good game. So good luck, Maggie.
Maria Varmazis: Hello. Where are you from?
Dave Bittner: Hello there, beautiful Maggie. Well, thanks for your responding to me here, Maggie. And it's nice to meet your acquaintance virtually. And I kind of want to wish you a Happy Bozing Day to you, Maggie. And I'm Dave Sylvester from Pearland Texas. And you?
Maria Varmazis: Bozing Day? I am from the United Kingdom.
Dave Bittner: Yes. It's Bozing Day today. Nice to know that you're from the United Kingdom, Maggie. Well, where in the United Kingdom are you currently from? And how's your day been today? Hope you're enjoying the weather out there today, Maggie.
Maria Varmazis: I have never heard of Bozing Day ever. I'll have to look that one up. I'm from England.
Dave Bittner: That's fine, Maggie. Then we shouldn't be argue with it. If you haven't heard of Bozing Day, Maggie, okay. And I'm so glad you're from England. Pretty. So nice to meet you here, Maggie. Can you please tell me some few things about yourself, Maggie? The way you look and your smile tells me how gorgeous and beautiful you are, Maggie. Please, can I know something about yourself, please?
Maria Varmazis: Maggie. Nobody was arguing. What would you like to know?
Dave Bittner: It's okay, Maggie. So sorry, Maggie. I didn't mean to say we both argue, though it was a joke. And I'd like to say something that funny too.
Maria Varmazis: Morning. How are you?
Dave Bittner: Hello there, beautiful Maggie. So nice to hear from you here again, Maggie. And thank you for getting back to me here, Maggie. So nice. It's morning there. Getting bright too. Well, it's morning here but still dark. However, nice to see you here, Maggie. And I'd like how gorgeous you look in your profile picture, Maggie. Your smile are so cute and nice, Maggie. Well, I'm doing good hearing from you here now, Maggie. Well, how was your night? And hope you're feeling this beautiful day there in England, Maggie.
Maria Varmazis: That name just doesn't sound real anymore.
Joe Carrigan: Right. It's not. I've got a follow-up for this is that Dave is --
Dave Bittner: Maggie.
Maria Varmazis: Maggie. My night was wonderful but cold. How was yours?
Dave Bittner: Oh, I see, Maggie. So I'm glad your night was wonderful. Sounds like you enjoy sleeping the whole night, Maggie. Well, I'm so sorry if it's cold out there, Maggie.
Maria Varmazis: I'm sorry. Confused. It's winter, so the cold is expected.
Dave Bittner: Been a good weather these days here, Maggie, but sometimes it might also get cold too. Well, my night was good and just got up a while ago to be on the game. And I got you a message and decided to reply you, Maggie. And I'm so sorry if I do bother you with my message while we play the game, Maggie. Hope you're okay while we're playing in chat, Maggie.
Maria Varmazis: I think there's a bit missing here, but it's fine. I had breakfast.
Dave Bittner: I'll just continue.
Maria Varmazis: Yeah.
Dave Bittner: If it's winter season, the cold must be expected. But sometimes we deserve it too. Well, so nice we're chatting this beautiful day. However, how's your day been today? And have you had your breakfast yet, Maggie?
Maria Varmazis: I had breakfast hours ago. What have you eaten?
Dave Bittner: That's really cool. And I hope you enjoy your breakfast, Maggie. And are you the one who made it yourself, Maggie, if I may ask, Maggie, because I guess you must be good by cooking too. And did you have your coffee before having your breakfast, Maggie?
Maria Varmazis: I asked what you had to eat.
Dave Bittner: I haven't eat yet, but I have made my coffee. I'm about to start having my first cup of coffee while I'm chatting with you, Maggie. And it ends there.
Maria Varmazis: It's like he's got Tourette's, and Maggie is his tick.
Joe Carrigan: Maria, you were out last week. But last week I was talking about a --
Maria Varmazis: Maggie.
Joe Carrigan: -- sales guy I used to work with who used these Jedi mind tricks to influence people. And it was the one we talked about last week was when you -- when you call and leave a voicemail, tell them you got good news; and they'll always call you back.
Dave Bittner: Right.
Joe Carrigan: And then you have to make up some good news, right? And that one works really well.
Maria Varmazis: Oh, it's a dastardly one. Oh, my God. I'm going to use that.
Joe Carrigan: I know. I shared that -- I shared the story about me calling my sister to test it out, and it did work. And when my sister was -- called me back, she was very disappointed in me.
Dave Bittner: You're out of the will.
Joe Carrigan: Right.
Maria Varmazis: Good news. I'm talking to you. So, anyway.
Joe Carrigan: She's much younger than I am, so I don't need to be in her will. She needs to be mine. The other Jedi mind trick this guy would always put forth is say people's name a lot.
Dave Bittner: Yeah.
Joe Carrigan: And when I came in the morning, Joe, how are you today, Joe? And I'd be like.
Dave Bittner: Yeah.
Joe Carrigan: And I'm like, Why do you do that? I point blank asked him because you know me, Dave. When I see something like that, I will just go, Why are you like that, right?
Dave Bittner: Right.
Joe Carrigan: And he goes, people like hearing their name, Joe.
Maria Varmazis: It also helps you remember their name, Joe.
Joe Carrigan: Yeah. I have other tricks for remembering people's names, Maria.
Dave Bittner: Is that right, Joe?
Joe Carrigan: Yes, Dave.
Dave Bittner: Interesting.
Maria Varmazis: Dave, Maggie.
Dave Bittner: Yeah. Wow. Okay, Maria. Great, Maggie. You just reminded me of Pepe the Prawn. Okay. We're going to do this? Okay. We're going to do this, Maggie.
Joe Carrigan: One of my favorite Muppets.
Dave Bittner: Yeah.
Maria Varmazis: Maggie is excellent liquid you add to your food. It makes it a -- tasty. Anyway, that's -- it's a -- it's like MSG in a bottle. It's great. It's called Maggie.
Dave Bittner: Right. Maggie. So obviously this person is, as Joe said, trying to repeat someone's name to build rapport.
Joe Carrigan: Correct.
Dave Bittner: And it's just a gobbly goop of poorly translated probably AI generated responses.
Joe Carrigan: Well, I don't know because there's a lot of bad grammar in this.
Dave Bittner: That's true.
Joe Carrigan: So it's probably just copy and pasted from a script.
Dave Bittner: Could be.
Joe Carrigan: And I will tell you, this is like the single worst Jedi mind trick that I've ever heard anybody try to say, like, in sales.
Maria Varmazis: Maggie.
Joe Carrigan: Just keep repeating someone's name in every sentence.
Dave Bittner: Yeah. You know, it's funny. I run into folks who have clearly been taught that lesson and taken it to heart. Every now and then I'll be interviewing someone for the CyberWire, you know. And I'll say so, cybersecurity expert, you know, what color is the sky? And they'll say, Well, Dave, I'm really glad that you asked me about that, Dave. Here's what I think, Dave, about the color of the sky, Dave. I'm like...
Maria Varmazis: I'm buying time while I think of an answer for you. Yeah.
Joe Carrigan: Dave.
Dave Bittner: Right, right. I have no problem with people referring to me by my name. But, when you can tell that they're doing it just to try to build a false sense of rapport, it's cloying.
Joe Carrigan: Right. It is. It's so irritating.
Dave Bittner: Yeah, yeah. Sure is, Joe.
Joe Carrigan: And, by the way, it is not one I ever did, not a trick I ever used. I found -- I found it insulting to try to use it.
Dave Bittner: Is that right, Joe.
Joe Carrigan: Yeah. You guys are now just trying to irritate me.
Maria Varmazis: Maggie.
Joe Carrigan: And that's okay because I get the joke. I get the joke. But, yeah.
Dave Bittner: Yeah. All right. Well, that's great, Joe. All right. So --
Joe Carrigan: I think I may have even had an episode of my old podcast about this trick. And there may -- this may have been --
Dave Bittner: Oh. This was a -- oh, yeah. That would track for sure. Sure. All right. You should definitely check that out, Joe.
Joe Carrigan: Yes.
Dave Bittner: All right. Well, again, we would love to hear from you. If there's something you'd like us to consider for our Catch of the Day, please do email us. It's HackingHumans@n2k.com. And that is Hacking Humans, Joe, brought to you by N2K CyberWire. We'd love to know what you think of this podcast.
Maria Varmazis: Maggie.
Dave Bittner: Your feedback is -- we deliver the insights to keep you a step ahead in the rapidly changing world of cybersecurity, Joe. If you like the show, please share a rating review on your favorite podcast app. Please also fill out the survey in the show notes, or send an email to HackingHumans@n2k.com, Joe. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. We're mixed by Elliott Peltzman and Tré Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
Joe Carrigan: And I'm Joe Carrigan, Dave.
Maria Varmazis: And I'm Maria Varmazis, Maggie.
Dave Bittner: Thanks for listening, Maggie.v
