From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common way hackers steal credentials is with some version of a phishing attack.

Encore: credential stealing (verb) [Word Notes]

Deception, influence, and social engineering in the world of cyber crime.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

News Commentary

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee." 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

The Package King of Miami

2024 Data Breach Investigations Report


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

The AirBnB booking that wasn’t.

A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.

Encore: APT side hustle (noun) [Word Notes]

This week, we are joined by host of 8th Layer Insights, Perry Carpenter from KnowBe4 and Dr. Jessica Barker from Cygenta to discuss human risk: awareness, behavior and beyond. Joe and Dave share some listener follow up, the first being from Richard, who writes in to share some tips and tricks regarding relationship scams mentioned in a previous show. The second is from Michael, who writes in with some thoughts on social engineering to compromise open source projects from episode 288. Dave shares a story on researchers observing millions of daily emails from "Jenny Green," facilitated by the Phorpiex botnet, distributing LockBit 3.0 ransomware that has affected millions of people. Joe share's Paul Raffile's story, a gentleman who got fired from Facebook before he even started. Our catch of the day comes from listener Gordy who shared an email with us regarding his "McAfee security." 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

Security Experts Issue Jenny Green Email Warning For Millions


LinkedIn Paul Raffile (Part 1)


LinkedIn Paul Raffile (Part 2)


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Awareness, behavior, & beyond.

A device connected to a network that accepts communications from other endpoints like laptops, mobile devices, IoT equipment, routers, switches, and any tool on the security stack.

Encore: endpoint (noun) [Word Notes]

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story about how ransomware infections are beginning to change to form a more psychological attack against victims' organizations, as criminals are using personal and aggressive tactics to force them to pay. Dave and Joe share some listener follow up, from Bob, who writes in to share how he shares stories with his family members, and mentions one specifically on a Best Buy Geek Squad scam. Dave share's a story on bank scams, and how scammers are using genuine push notifications to trick their victims. Joe shares a story regarding email security loopholes, and how these loopholes are the latest path for North Korean social engineering attacks. Our catch of the day is from our follow up listener Bob, as he shares the story of trying to figure out the difference between a real email from the U.S social security department and a fake one. 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

Ransomware crooks now SIM swap executives' kids to pressure their parents

Bank scammers using genuine push notifications to trick their victims

Email security loopholes are latest path for North Korean social engineering attacks


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Encore: credential stealing (verb) [Word Notes]

Download our free app to listen on your phone