Hacking Humans N2K Networks

Mike Price from ZeroFox sits down to discuss what 2023 phishing trends mean for the broader industry as we quickly approach 2024. Dave and Joe share a serious write in from listener Michelle who shares her pleads for her aunt, who she believes is being catfished. Listener Marc also writes in with an email that claims to be from "Walmart," that he is quite suspicious of. Joe's story follows Meta, and how they have designed products to target and harm kids. Dave's story is on bad bots and the dangers they pose with fake businesses that are maximizing their illicit earnings. Our catch of the day comes from listener Konstantin, who shares and email received from scammers claiming to be "McAfee," trying to get payment of almost $600.
Links to the stories:

Meta Designed Products to Capitalize on Teen Vulnerabilities, States Allege

Breaking (Bad) Bots: Bot Abuse Analysis and Other Fraud Benchmarks


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

A mathematical method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true.
CyberWire Glossary link: https://thecyberwire.com/glossary/zero-knowledge-proof
Audio reference link: Staff, 2022. Zero Knowledge Proofs [Video]. YouTube. URL https://www.youtube.com/watch?v=5qzNe1hk0oY

Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization’s business. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people’s cell phone numbers as soon as they click on a button that reads "download here". Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further.
Links to stories:

Amazon finally authorized Pakistani sellers. A wave of scammers followed

Army Warns of Scam Targeting New Soldiers


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A social engineering scam where fraudsters spoof an email message from a trusted company officer that directs a staff member to transfer funds to an account controlled by the criminal. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.
Links to this episode's clips if you'd like to watch along:

Dave's clip from the movie: Chicago P.D.


Rick's clip from the movie: The Imitation Game

A U.S. law designed to improve the portability and accountability of health insurance coverage.
CyberWire Glossary link: https://thecyberwire.com/glossary/hipaa
Audio reference link: Dr. Dana Brems, 2021. Doctor reacts to “HIPAA violations” [Video]. YouTube. URL https://www.youtube.com/shorts/Ksk00s8a_IU