This week, Carole Theriault sits down to talk with Paul Ducklin from Sophos on extortion scams targeting LGBTQ+ communities. Joe and Dave share multiple pieces of listener follow up, the first from Matt and Kevin, who write in to share a Wikipedia link regarding N.B. (Nota Bene, or note well) and an ad from 1801. The second one is a write in from someone who is referred to as "P," who shares more information on the Facebook link shortener discussion. Finally, Joe and Dave get a great piece of listener feedback from listener and friend of the show Jonathan, who writes in about resist fingerprinting and how Firefox doesn't block fingerprinting. Dave's story is on trafficking victims being forced to scam people. Joe's story is on a credit union being targeted for phone scams. Our catch of the day comes from listener Ian, who shares how his son was trying to get college housing accommodations and went through Facebook, only to find out that not everyone is as trustworthy as they seem. Links to stories: From Industrial-Scale Scam Centers, Trafficking Victims Are Being Forced to Steal Billions Don’t fall for a scam targeting Ent Credit Union customers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology. CyberWire Glossary link: https://thecyberwire.com/glossary/web-30 Audio reference link: “What Elon Musk Just Said about Metaverse, Web3 and Neuralink,” By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.
Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNION coordinator," who claimed to want to give Will one million dollars in compensation. Links to stories: Package scam delivers unordered items, victims billed hundreds of dollars One Million Facebook Credentials Compromised in Four Months by Ongoing Phishing Campaign Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: “The Wrath of Khan (1982) ‘Kirk’s Response,’” by Russell, YouTube, 16 May 2017.
Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one. Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
A process of hiding the complexity of a system by providing an interface that eases its manipulation. CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer Audio reference link: “What Is Abstraction in Computer Science,” byCodeExpanse, YouTube, 29 October 2018.
Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is about social media addiction, and how companies are making the platforms deliberately addictive. Dave's story is on your internet fingerprint that you leave behind, and how easy it is for websites to know everything about you and your computer settings. Our catch of the day comes from listener Pablo, who shares about a scammer contacting him through text trying to receive money for coronavirus insurance. Links to stories: Meta, Instagram hit with 8 lawsuits for ‘exploiting young people for profit’ Social media apps are 'deliberately' addictive to users The Fingerprint You Leave Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
A set of services for managing identity and access management, or IAM across all of an organization's data islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric Audio reference link: “Leadership Compass Identity Fabrics - Analyst Chat 126,” by KuppingerCole, YouTube, 30 May 2022.
Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified throughathird-partymonitoringserviceandnotT-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam. Dave's story is on police warning against a rise in voice phishingas they have made 2000 arrests since the crackdown on social engineering and business email scams started. Our catch of the day comes all the way from the Netherlands, listener Joram shares a scam he discovered in his spam folder. The sender notified him that she is frail and will be dying soon, to which her millions of dollars will be lost since she has no next of kin. The sender goes on to tell him that he is receiving this money just out of the goodness of her heart. Links to stories: Heineken says Father's Day beer contest is a scam 2,000 arrests in crackdown on social engineering and business email scams Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter
A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain Audio reference link:"Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.