James Dyer and Jack Chapman of Egress join to discuss "Cybercriminals don’t take holidays: How bad actors use this two-step phishing campaign to weaponize out-of-office replies." Dave and Joe share some listener follow up from Ron, who has a suggestion about registration specific email accounts. Joe has two stories this week, one where he shares some good news on a scammer who received some justice after taking part in a $66K romance scam. His second story is on social media and how it is a breeding ground for scammers. Dave's story this week follows how Google-hosted malvertising leads to a fake keepass site that looks genuine. Our catch of the day comes from our very own editorial staff who share an interesting email they received from the infamous National Security Department.
Links to the stories:

N.J. man sentenced to prison for taking part in $66K romance scam

Social media: a golden goose for scammers

Google-hosted malvertising leads to fake Keepass site that looks genuine


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Weaponizing your out-of-office replies.

Deception, influence, and social engineering in the world of cyber crime.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

News Commentary

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from Canada on a gentleman who thought he was calling Best Buy's Geek Squad, but instead ended up getting scammed out of $25,000. Dave and Joe share quite a bit of listener follow up, the first one is from Raul who shares how they saw an infamous Facebook scam. The second one is from listener Alec who shares some thoughts on episode 286's catch of the day. Lastly, Paula shares some thoughts on a recent discussion on why people are on the phone when a flight gets cancelled. Joe brings back answers to an old scam featured on an episode back in January on toll scams, as well as sharing about how the OpenSSF and OpenJS Foundations have issued an alert for social engineering takeovers of open source projects. Dave shares updates from the ex-athletic director accused of framing principal with AI and how he was arrested at the airport with a gun. Our catch of the day comes from listener Kenneth who shares an email from a "doctor" who has puppies for sale. 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

An Ontario senior thought he called Geek Squad for help with his printer. Instead, he got scammed out of $25,000

Smishing Scam Regarding Debt for Road Toll Services

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Ex-athletic director accused of framing principal with AI arrested at airport with gun


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

From support to scam.

Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when run, usually annoys the user and often performs actions that the developer did not disclose, and that the user regards as undesirable.

Encore: greyware (noun) [Word Notes]

Roger Grimes, a Data Driven Defense Evangelist from KnowBe4 and author is discussing his new book, "Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing." Dave and Joe share some listener follow up, the first being from listener Tim, who shares a story of him almost falling for a scam involving some of his investment assets. Lastly, Dave and Joe share a story from an anonymous listener who wrote in to share about a LinkedIn imposter nightmare. Dave's story focuses on a how the LabHost PhaaS platform was disrupted by a year-long global law enforcement operation, resulting in the arrest of 37 suspects, including the original developer. Joe shares the story of an 81 year old Ohio man, who was arrested after shooting a woman after both of them got wrapped up in a phone call scam. Our catch of the day comes from Robert, who writes in with what he believes is a email scam from a Chinese company called "Infoonity." 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

LabHost phishing service with 40,000 domains disrupted, 37 arrested

Ohio Man - Daily Mail


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Fighting off phishing.

An automatic software bug and vulnerability discovery technique that inputs invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.

Encore: fuzzing (noun) [Word Notes]

Trevin Edgeworth, Red Team Practice Director at Bishop Fox, is discussing how change, like M&A, staff, tech, lack of clarity or even self-promotion within and around security environments presents windows of opportunity for attackers. Joe and Dave share some listener follow up, the first one comes from Erin, who writes in from Northern Ireland, shares an interesting new find about scammers now keeping up with the news. The second one comes from listener Johnathan who shared thoughts on reconsidering his view on defining Apple's non-rate-limited MFA notifications as a "vulnerability." Lastly, we have follow up from listener Anders who shares an article on AI. Joe shares a story from Amazon sellers, and how they are being plagued in scam returns. Dave brings us the story of how to save yourself and your loved ones from AI robocalls. 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

Theory Is All You Need: AI, Human Cognition, and Decision Making

Amazon Sellers Plagued by Surge in Scam Returns

How to Protect Yourself (and Your Loved Ones) From AI Scam Calls

News Insights: Does X Mark a Target? with Trevin Edgeworth, Director of Red Team


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Weaponizing your out-of-office replies.

Download our free app to listen on your phone