Frank Riccardi sits down to discuss how cybercriminals exploit people’s fondness for reused passwords to launch credential stuffing attacks. Dave and Joe share a bit of follow up, one from a listener named Steve who shares some push back from the 23andMe story from last week, and the other from a listener named Michael who shares a story of unpaid toll scams. Joe shares the story of a Utah exchange student and how he fell victim to a cybersecurity kidnapping, and now authorities are trying to figure out how it happened. Dave shares a scam about tragic fake posts that lead to a "win now" website, that has been flooding his Facebook feed. Our catch of the day comes from Jon who writes in to share a suspicious email that made it through the spam filter in Google. 
Links to the stories:
After Utah exchange student cyber kidnapping, we're looking at how the scam works

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Password Perils: The threat of credential stuffing exploits.

Deception, influence, and social engineering in the world of cyber crime.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

News Commentary

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from Canada on a gentleman who thought he was calling Best Buy's Geek Squad, but instead ended up getting scammed out of $25,000. Dave and Joe share quite a bit of listener follow up, the first one is from Raul who shares how they saw an infamous Facebook scam. The second one is from listener Alec who shares some thoughts on episode 286's catch of the day. Lastly, Paula shares some thoughts on a recent discussion on why people are on the phone when a flight gets cancelled. Joe brings back answers to an old scam featured on an episode back in January on toll scams, as well as sharing about how the OpenSSF and OpenJS Foundations have issued an alert for social engineering takeovers of open source projects. Dave shares updates from the ex-athletic director accused of framing principal with AI and how he was arrested at the airport with a gun. Our catch of the day comes from listener Kenneth who shares an email from a "doctor" who has puppies for sale. 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

An Ontario senior thought he called Geek Squad for help with his printer. Instead, he got scammed out of $25,000

Smishing Scam Regarding Debt for Road Toll Services

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Ex-athletic director accused of framing principal with AI arrested at airport with gun


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

From support to scam.

Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.

Encore: greyware (noun) [Word Notes]

Roger Grimes, a Data Driven Defense Evangelist from KnowBe4 and author is discussing his new book, "Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing." Dave and Joe share some listener follow up, the first being from listener Tim, who shares a story of him almost falling for a scam involving some of his investment assets. Lastly, Dave and Joe share a story from an anonymous listener who wrote in to share about a LinkedIn imposter nightmare. Dave's story focuses on a how the LabHost PhaaS platform was disrupted by a year-long global law enforcement operation, resulting in the arrest of 37 suspects, including the original developer. Joe shares the story of an 81 year old Ohio man, who was arrested after shooting a woman after both of them got wrapped up in a phone call scam. Our catch of the day comes from Robert, who writes in with what he believes is a email scam from a Chinese company called "Infoonity." 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

LabHost phishing service with 40,000 domains disrupted, 37 arrested

Ohio Man - Daily Mail


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Fighting off phishing.

An automatic software bug and vulnerability discovery technique that inputs invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.

Encore: fuzzing (noun) [Word Notes]

Trevin Edgeworth, Red Team Practice Director at Bishop Fox, is discussing how change, like M&A, staff, tech, lack of clarity or even self-promotion within and around security environments presents windows of opportunity for attackers. Joe and Dave share some listener follow up, the first one comes from Erin, who writes in from Northern Ireland, shares an interesting new find about scammers now keeping up with the news. The second one comes from listener Johnathan who shared thoughts on reconsidering his view on defining Apple's non-rate-limited MFA notifications as a "vulnerability." Lastly, we have follow up from listener Anders who shares an article on AI. Joe shares a story from Amazon sellers, and how they are being plagued in scam returns. Dave brings us the story of how to save yourself and your loved ones from AI robocalls. 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

Theory Is All You Need: AI, Human Cognition, and Decision Making

Amazon Sellers Plagued by Surge in Scam Returns

How to Protect Yourself (and Your Loved Ones) From AI Scam Calls

News Insights: Does X Mark a Target? with Trevin Edgeworth, Director of Red Team


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Password Perils: The threat of credential stuffing exploits.

Download our free app to listen on your phone