Podcasts by Hacking Humans

OWASP server-side request forgery (noun) [Word Notes] from 2022-02-22T08:00

An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers. 

Vulnerabilities will be found. from 2022-02-17T06:00

Guest Deral Heiland from Rapid7 talks with our UK Correspondent Carole Theriault about the state of IOT, Joe shares a personal story about bank checks and a debit card received at his home that wer...

OWASP security logging and monitoring failures (noun) [Word Notes] from 2022-02-15T08:00

The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system. 

If you wish for peace, prepare for cyberwar. from 2022-02-10T06:00

Guest Nick Shevelyov, Chief Security Officer for Silicon Valley Bank. joins Dave sharing some personal history around security, and discussing his book "Cyber War… and Peace," Dave and Joe have som...

OWASP identification and authentication failures (noun) [Word Notes] from 2022-02-08T08:00

Ineffectual confirmation of a user's identity or authentication in session management.

The ransomware game has evolved. from 2022-02-03T06:00

Guest Allan Liska from Recorded Future joins Dave to discuss the evolution of ransomware and his new book "Ransomware: Understand. Prevent. Recover," Joe shares a question from listener Joan about ...

OWASP broken access control (noun) [Word Notes] from 2022-02-01T08:00

Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls. 

Useful ransomware protection for you. from 2022-01-27T06:00

Guest Roger Grimes, Data Driven Defense Evangelist at KnowBe4, joins Dave to discuss his new book "Ransomware Protection Playbook," Dave has a story about a Meta (Facebook) group with a cryptocurre...

OWASP security misconfiguration (noun) [Word Notes] from 2022-01-25T08:00

The state of a web application when it's vulnerable to attack due to an insecure configuration. 

The perfect environment for ATOs (account takeovers) to breed. from 2022-01-20T06:00

Guest Jane Lee, Trust and Safety Architect at Sift, joins Dave to talk about the Digital Trust and Safety Index, Joe and Dave share some follow up from a listener, Ben, with a suggestion as an alte...

OWASP insecure design (noun) from 2022-01-18T08:00

A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures.

The only locks you should pick are your own. from 2022-01-13T06:00

Guest Tom Tovar, CEO and Co-Creator of AppDome, joins Dave and Joe to discuss the results of a recent consumer survey, Dave's story is based on a tweet where the user's child's middle school had so...

Log4j vulnerability (noun) [Word Notes] from 2022-01-11T16:00

An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. 

Changing the game on ransomware. from 2022-01-06T06:00

Guest Adam Flatley, Director of Threat Intelligence at Redacted, talks with Dave about "the only way to truly disrupt the ransomware problem is to target the actors themselves," Joe shares some sta...

OWASP injection (noun) [Word Notes] from 2022-01-04T08:00

A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. 

Encore: zero trust (noun) [Word Notes] from 2021-12-28T08:00

A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only t...

The CyberWire: The 12 Days of Malware. from 2021-12-25T06:00

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson ...

Even if a cause moves you, do your due diligence. from 2021-12-23T06:00

Guest Amaya Hadnagy, Media Support for the Social-Engineer, LLC, joins Dave to share information about charity scams, Dave shares a personal story about some safety triggers he recently put into pl...

OWASP cryptographic failures (noun) [Word Notes] from 2021-12-21T08:00

Code that fails to protect sensitive information. 

The 3 M's: Minimize, monitor and manage. from 2021-12-16T06:00

Guest Adam Levin, security expert and podcast host of "What the Hack with Adam Levin," joins Dave to share advice and discuss some experiences shared on his podcast, Dave and Joe have some listener...

account takeover prevention (noun) [Word Notes] from 2021-12-14T08:00

The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. 

Scams abound this time of year. from 2021-12-09T06:00

Guest Dave Senci of Mastercard's NuData Security talks about the security issues with remote access and coaching frauds, Dave's got a story about receiving a "Best Buy gift card" and USB mailing, J...

threat hunting (noun) [Word Notes] from 2021-12-07T08:00

The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. 

Do you really want that device to be a connected device? from 2021-12-02T06:00

Guest Jay Radcliffe from Thermo Fisher Scientific shares his advice and security concerns with smart devices since the holiday gifting season is around the corner, Joe and Dave have some listener f...

vulnerability management (noun) [Word Notes] from 2021-11-30T08:00

The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this.

software bill of materials (SBOM) (noun) [Word Notes] from 2021-11-23T08:00

A formal record containing the details and supply chain relationships of various components used in building software. 

A good amount of skepticism helps protect you online. from 2021-11-18T06:00

Guest Blake Hall, CEO and founder of a company called ID.me, discusses protecting your identity online, Dave and Joe have some follow up from listener Rafa on 2FA he uses, Dave has a story about bo...

zero trust (noun) [Word Notes] from 2021-11-16T08:00

A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only t...

OT security (noun) [Word Notes] from 2021-11-09T08:00

Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. 

Cybersecurity awareness should be a year-round activity. from 2021-11-04T05:00

Guest Dr. Jessica Barker from Cygenta talks with UK correspondent Carole Theriault about how every month should be cyber awareness month, Joe has a story about password spraying (kind of like a cre...

cybersecurity skills gap (noun) [Word Notes] from 2021-11-02T07:00

The difference between organizational employee job requirements and the available skillsets in the potential employee pool.

Good grammar is essential for business email compromise. from 2021-10-28T05:00

Guest Brandon Hoffman from Intel 471 is back sharing some research on business email compromise, Dave's got a story on buying collectable sneakers and how bots make that really hard to do, Joe has ...

digital transformation (noun) [Word Notes] from 2021-10-26T05:00

The use of technology to radically improve the performance or reach of the business. 

Joekens, Bittnercoins, and the serious impacts of spam analysis. from 2021-10-21T05:00

UK Correspondent Carole Theriault returns with an interview with Paul, a spam analyst, Dave and Joe have some follow-up, Joe revisits NFTs with rug pull scams, Dave's story is about phishers using ...

bulletproof hosting (noun) [Word Notes] from 2021-10-19T07:00

Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors.

Physical pen testing: You've got to be able to think on your feet. from 2021-10-14T05:00

Guest Marina Ciavatta CEO at Hekate talks with Dave about some of her social engineering and pen testing experiences, Dave's got a story is about getting your family to use a password manager, Joe'...

endpoint security (noun) [Word Notes] from 2021-10-12T07:00

The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks. 

Measuring security awareness proactively. from 2021-10-07T05:00

Guest Zach Schuler of NINJIO joins Dave to discuss measuring the effectiveness of awareness training, Joe's got a story about a school nurse who was scammed with a "Bank of America" Zelle transacti...

Executive Order on Improving the Nation's Cybersecurity (noun) [Word Notes] from 2021-10-05T07:00

President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal ...

Capture the Flag, Black Badges and social engineering tricks. from 2021-09-30T05:00

Guest Chris Kirsch, DefCon 25 Social Engineering Capture The Flag winner and Co-Founder and Chief Executive Officer at Rumble, talks with our UK Correspondent Carole Theriault about his experience ...

lateral movement (noun) [Word Notes] from 2021-09-28T07:00

Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the...

They won't ask for sensitive information over the phone. from 2021-09-23T05:00

Guest Alex Hinchliffe, Threat Intelligence Analyst from Unit 42 at Palo Alto Networks joins Dave to talk about some of his team's ransomware research, Joe's story is about a new jury duty scam that...

common vulnerabilities and exposures (CVE) (noun) [Word Notes] from 2021-09-21T07:00

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world. 

Sometimes, deepfake victims don't want to be convinced it is fake. from 2021-09-16T05:00

Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks abo...

dead-box forensics (noun) [Word Notes] from 2021-09-14T07:00

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.

Collaboration platforms are a gateway for ransomware attacks. from 2021-09-09T05:00

Guest Gil Friedrich from Avanan joins Dave to discuss how collaboration platforms, like Microsoft Teams, Slack and others, opened up a new gateway to ransomware attacks, Joe's story comes from list...

cybersecurity maturity model certification (CMMC) (noun) [Word Notes] from 2021-09-07T07:00

A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bid...

Don't blindly test your colleagues. from 2021-09-02T05:00

Guest Javvad Malik from KnowBe4 shares his thoughts on bad security training with the CyberWire's UK correspondent Carole Theriault, Dave's story is about deepfake technology being used for busines...

incident response (noun) [Word Notes] from 2021-08-31T07:00

A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.

Companies don't want their customers to be victims of fraud. from 2021-08-26T05:00

Guest Brandon Hoffman from Intel 471 joins Dave to talk about how cybercriminals are going after large retail and hospitality companies, Joe shares some advice for college students to avoid scams a...

script kiddies (noun) [Word Notes] from 2021-08-24T07:00

Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers. 

Effective cybersecurity training has to be meaningful to employees. from 2021-08-19T05:00

Guest Jann Yogman, entertainment industry veteran and writer of Mimecast Awareness Training, joins Dave to share his thoughts on the ransomware epidemic and the cybersecurity awareness training pro...

sandbox (noun) [Word Notes] from 2021-08-17T07:00

An isolated and controlled set of resources that mimics real world environments and used to safely execute suspicious code without infecting or causing damage to the host machine, operating system,...

The attackers keep coming every single day. from 2021-08-12T05:00

Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we di...

security orchestration, automation, and response (SOAR) (noun) [Word Notes] from 2021-08-10T07:00

A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or al...

Acceleration of our digital lives and impacts on cybercrime. from 2021-08-05T05:00

Guest Darren Shou, Chief Technology Officer of NortonLifeLock, shares insight on some of the scams he and his colleagues have been tracking, Joe and Dave share some follow up from listener Robert a...

personally identifiable information (PII) (noun) [Word Notes] from 2021-08-03T07:00

A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data. 

What are our devices doing to our compassion? from 2021-07-29T05:00

Guest Dr. Charles Chaffin, author of the book "Numb: How the Information Age Dulls Our Senses and How We Can Get them Back," joins Dave this week, we have some listener follow up from John with a t...

secure access service edge (SASE) (noun) [Word Notes] from 2021-07-27T07:00

A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, an SD-WAN abstraction layer, and network peering with one or more of the big conte...

It's ok to be trusting, just be careful. from 2021-07-22T05:00

Guest Gil Friedrich from Avanan joins Dave to talk about how bad actors are infiltrating organizations using collaboration apps, we have two pieces of listener follow up from Michael and Tobias, Jo...

red teaming (noun) [Word Notes] from 2021-07-20T07:00

 The practice of emulating known adversary behavior against an organization's actual defensive posture.

Threat actors changing ransomware tactics. from 2021-07-15T05:00

Guest Kurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Hou...

next generation firewall (noun) [Word Notes] from 2021-07-13T07:00

A layer seven security orchestration platform deployed at the boundary between internal workloads slash data storage and untrusted sources that blocks incoming and outgoing network traffic with rul...

Introducing 8th Layer Insights: Deceptionology 101: Introduction to the Dark Arts from 2021-07-11T07:00

Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems lik...

Collaboration, data portability, and employee mobility fuel insider risk. from 2021-07-08T05:00

Guest Joe Payne of Code 42 joins Dave to discuss insider risks Joe has a story about Frank Abagnale who's conned everyone one way or another, Dave's story is about a real estate scam conning a sing...

fast flux (noun) [Word Notes] from 2021-07-06T07:00

A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among ...

An inside view on North Korean cybercrime. from 2021-07-01T05:00

The CyberWire's UK correspondent Carole Theriault returns to share an interview with Geoff White, reporter from the BBC and co-host of the Lazarus Heist podcast, Joe has some listener follow-up fro...

encryption (noun) [Word Notes] from 2021-06-29T07:00

The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.

Bad password hygiene jeopardizes streaming services. from 2021-06-24T05:00

Guest Matthew Gracey-McMinn joins us from Netacea to speak with Dave about security issues with streaming services, Joe shares some follow-up from listener Jason about a bracelet sale mentioned a f...

keylogger (noun) [Word Notes] from 2021-06-22T07:00

Software or hardware that records the computer keys pressed by a user. 

Answering a job ad from a ransomware gang. from 2021-06-17T05:00

Guest Mantas Sasnauskas from CyberNews joins Dave to talk about how he and his colleagues applied for a job with a ransomware gang, Joe and Dave reply to a listener named Christopher about certific...

non-fungible tokens (NFT) (noun) [Word Notes] from 2021-06-15T07:00

Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.

Pandemic taxes: later due dates afford more time for scams. from 2021-06-10T05:00

Guest Robert Capps of NuData Security joins Dave to discuss what businesses can do to bolster their protection against tax fraud, Joe and Dave have some follow-up from 2 episodes ago when they disc...

multi-factor authentication (noun) [Word Notes] from 2021-06-08T07:00

The use of two or more verification methods to gain access to an account.

The fight in the dog. from 2021-06-03T05:00

Guests Jan Kallberg and Col Stephen Hamilton of Army Cyber Institute at West Point join Dave to talk about cognitive force protection, Joe and Dave have some follow-up from a listener named Obada a...

machine learning (noun) [Word Notes] from 2021-06-01T07:00

A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Hacking people vs. hacking technologies to get into companies. from 2021-05-27T05:00

Guest Tim Sadler from Tessian on how oversharing on social media and in OOO messages can open the door for hackers, Joe shares a story about vishing emails from "Amazon" that had spam confidence le...

intelligence (noun) [Word Notes] from 2021-05-25T07:00

The process of turning raw information into intelligence products that leaders use to make decisions with.

Whaling attacks are more targeted than phishing or spearphishing. from 2021-05-20T05:00

Guest Kev Breen from Immersive Labs joins Dave to talk about how to address whaling attacks, Dave shares a discussion he had with. a colleague about password managers and elderly parents and Joe we...

SaaS (noun) [Word Notes] from 2021-05-18T07:00

A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any dev...

How to best fight fake news. from 2021-05-13T05:00

Guest Helen Lee Bouygues of the Reboot Foundation joins Dave to talk about social media’s effect within the misinformation ecosystem and how users can best fight fake news, Dave and Joe share some ...

decryption (noun) [Word Notes] from 2021-05-11T05:00

A process of converting encrypted data into something that a human or computer can understand.

Digital identities are at the core of recent breaches. from 2021-05-06T05:00

Our UK correspondent Carole Theriault returns to share her interview with Julie Smith from the Security Alliance and Kelvin Coleman from National Cyber Security Alliance about Identity Management D...

brute-force attack (noun) [Word Notes] from 2021-05-04T07:00

A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.

Anyone can be a target of romance scams. from 2021-04-29T05:00

Guest Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams, Joe and Dave share some listener follow-up, Joe's got a story about emails sent t...

denial-of-service attack (noun) [Word Notes] from 2021-04-27T07:00

A cyber attack designed to impair or eliminate access to online services or data.

Make systems to mitigate the mistakes. from 2021-04-22T05:00

Guest Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity, Joe shares some follow-up from a listener named Alex about the Alexa...

cold boot attack (noun) [Word Notes] from 2021-04-20T07:00

A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal ...

Being aware can go a long way to prevent attacks. from 2021-04-15T05:00

Guest Herb Stapleton, the FBI’s cyber division sector chief, joins Dave to talk about the FBI's Internet Crime Complaint Center (IC3) annual report and its findings, Joe's story is about an ongoing...

cloud computing (noun) [Word Notes] from 2021-04-13T07:00

On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.

Finding targets of opportunity. from 2021-04-08T05:00

Guest Peter Warmka, founder of the Counterintelligence Institute, joins Dave to talk about how insider targets are chosen and assessed, Joe shares a weird phone call he received, Dave's story from ...

APT (noun) [Word Notes] from 2021-04-06T07:00

An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict opera...

The pandemic is slowing, time to travel? from 2021-04-01T05:00

Guest Fleming Shi of Barracuda joins Dave to talk about about travel-related phishing attacks now that vaccines are more readily available, Dave and Joe share listener advice about preventative ema...

backdoor (noun) [Word Notes] from 2021-03-30T07:00

An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.

Technology is not designed for older users. from 2021-03-25T05:00

Guest Ming Yang of Orchard joins Dave to talk about ways to help your parents with technology (aka providing tech support for our parents). Dave shares the FBI's advisory warning of an expected inc...

watering hole attack (noun) {Word Notes] from 2021-03-23T07:00

From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.

Ideally, look for someone open to deception. from 2021-03-18T05:00

Guest professional magician Brandon Williams talks with Joe about the art of deception. we have some follow-up on a watering hole attack we discussed a few episodes back, Joe's story is about the A...

network telescope (noun) [Word Notes] from 2021-03-16T07:00

Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

Insider threats and security concerns for APIs. from 2021-03-11T06:00

Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up...

SOC Triad (noun) [Word Notes] from 2021-03-09T08:00

A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.

Fraud activity within secure messaging apps in plain sight. from 2021-03-04T06:00

Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the ...

supply chain attacks (noun) [Word Notes] from 2021-03-02T08:00

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victi...

How likely are online users to reveal private information? from 2021-02-25T06:00

Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a ...

taint analysis (noun) [Word Notes] from 2021-02-23T08:00

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

Including your passwords in your final arrangements. from 2021-02-18T06:00

Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some...

ATM skimming (noun) [Word Notes] from 2021-02-16T08:00

The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.

In the disinformation and misinformation crosshairs. from 2021-02-11T06:00

Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks abo...

APT side hustle (noun) [Word Notes] from 2021-02-09T08:00

A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.

Understanding human behavior is a key to security. from 2021-02-04T06:00

Guest Nico Popp of Forcepoint joins Dave to discuss why understanding human behavior is a major key to security, Dave & Joe discuss some listener follow-up about a Craigslist posting, Joe's story i...

endpoint (noun) [Word Notes} from 2021-02-02T08:00

A device connected to a network that accepts communications from other endpoints like laptops, mobile devices, IoT equipment, routers, switches, and any tool on the security stack.

What is true and important versus what is the spin. from 2021-01-31T22:10:42.023393

Dave's story is about some cybercriminal gangs that have stolen $22 million from users of the Electrum wallet app, Joe's story talks about a business email compromise scam cost a US company $15 mil...

Use a Dance Dance Revolution floor lock for your data centers. from 2021-01-31T22:10:42.023393

Starting with some listener follow-up on password managers, Joe's story has an angel investor bilking people out of due diligence fees, Dave's story comes from Graham Cluley on a malware campaign t...

darknet (noun) [Word Notes] from 2021-01-31T22:10:42.023393

A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy desi...

Cookies make for some tasty phishing lure. from 2021-01-31T22:10:42.023393

In addition to his regular story Dave shares a situation where his mom almost took the bait, Dave's story is about an SMS phishing (smishing) Apple scam in UK (ps, there's never a free iPhone & Joe...

It's human nature. from 2021-01-31T22:10:42.023393

Dave and Joe have some follow-up from a listener on OG accounts, Joe's story talks about a new phishing campaign inspired by Twitter from earlier this summer, Dave shares a story about using securi...

The story is what gets people in. from 2021-01-31T22:10:42.023393

Joe shares a story on the ability to make a scam work through storytelling skills, Dave's story is about a guy duping a convenience store clerk into taking over her shift and later robbing the plac...

It's evolving rapidly and getting more furious by the minute. from 2021-01-31T22:10:42.023393

Dave & Joe have a tip as some follow-up on cloning social media accounts, Dave's story is about turning the tables on hackers in the UK, Joe talks about Kaspersky's Spam and phishing report, The Ca...

social engineering (noun) [Word Notes] from 2021-01-31T22:10:42.023393

The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time....

Take a deep breath. from 2021-01-31T22:10:42.023393

Joe's story is about the effectiveness of social media account cloning, Dave talks about toll fraud, The Catch of the Day is a Bitcoin scam with some scam baiting on the side, and later in the show...

man trap (noun) [Word Notes] from 2021-01-31T22:10:42.023393

A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors can’t be open at the same time. A person presents credentials to the...

Many times it is less sophisticated than we think. from 2021-01-31T22:10:42.023393

Dave's story is about robocalls to a telephony honeypot, Joe talks about postcards impersonating HIPAA communications (you have one? please let Joe know), The Catch of the Day is an email that our ...

Flying under the radar. from 2021-01-31T22:10:42.023393

Dave's story is about a forgotten scam, Joe talks about the recent Twitter hack, The Catch of the Day is a pretty standard phishing email for you to be on the lookout for, and later in the show, Da...

Ignore the actor, focus on the behavior. from 2021-01-31T22:10:42.023393

Dave shares an horrific cyberstalking story from the local area, Joe's story is about a phishing campaign impersonating voicemail alerts, The Catch of the Day is an HR front for a check floating sc...

Be the custodian of your own digital identity. from 2021-01-31T22:10:42.023393

Dave talks about a deepfake recording impersonating a CEO, Joe's story is about a new phishing campaign, The Catch of the Day is a very persistent cash app scammer, and later in the show, Dave's co...

Never think of security as a destination. from 2021-01-31T22:10:42.023393

Dave talks about gift card scams associated with YouTube live streams, Joe's story is about a scam impersonating Canadian hospital staff, The Catch of the Day is phish impersonating a small game de...

A little dose of skepticism. from 2021-01-31T22:10:42.023393

We have some listener follow-up sharing dnstwister.report site, Dave has a story of consent phishing, Joe talks about calendar invite phishing, The Catch of the Day is a lazy money multiplying scam...

Close in your pajamas. from 2021-01-31T22:10:42.023393

Joe shares a different spin on ransom attacks, Dave has a story on phone number reuse, The Catch of the Day is a notice from British Gas (accent included), and later in the show, Dave's conversatio...

It can happen to anybody. from 2021-01-31T22:10:42.023393

Dave shares a story of an attempt on his father's Verizon account, Joe has the story of an Amazon gift card phishing attempt, The Catch of the Day is a funny phishing email, and later in the show, ...

Taking a selfie with your ID. from 2021-01-31T22:10:42.023393

Joe talks about HROs (High Reliability Organizations), Dave has a scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanj...

HH Extra - Happy 100 shows! from 2021-01-31T22:10:42.023393

We'd like to thank you, our dear listeners, for sticking with us and our podcast through thick and thin, bad accents and even worse ones, with this - a collection of some of our favorite Catch of t...

Disinformation vs. misinformation. from 2021-01-31T22:10:42.023393

Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming ...

The art of cheating. from 2021-01-31T22:10:42.023393

Joe shares some insights into the art of cheating travelers, Dave has a story of a woman facing drug charges trying to kidnap another woman's baby, an update on last week's bizarre phone scam, The ...

Hi, I'm trying to steal your money. from 2021-01-31T22:10:42.023393

Dave shares the most bizarrely honest phone scam of all time, Joe has a pretend PayPal phishing scam, the Catch of the Day finally lets Dave show us his best Blanche Devereaux, and later in the sho...

Telling The Truth In A Dishonest Way - Rebroadcast from 2021-01-31T22:10:42.023393

Today's episode is a re-broadcast of an episode from August 2018.  Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. ...

Algorithms controlling truth in our society. from 2021-01-31T22:10:42.023393

Special guest host Graham Cluley joins Dave while Joe takes a short break. Dave shares the success of the FBI's reWired campaign which has apprehended alleged scammers around the world. Graham desc...

Covid has shifted the way we deal with money and increased fraud. from 2021-01-28T06:00

Guest Eric Solis of MOVO Cash talks with Dave about the increase of fraud attacks on consumers and businesses by not having a body of regulations for digital payments, Dave's story is about his rec...

unified extensible firmware interface (UEFI) (noun) [Word Notes] from 2021-01-26T08:00

An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer’s firmware and the computer’s operating system.

Targeted phishing campaigns and lottery scams abound. from 2021-01-21T06:00

Guest Arjun Sambamoorthy of Armorblox talks with Dave about five targeted phishing campaigns that weaponize various Google services during their attack flow, Joe's story is about the MegaMillions j...

Daemon (noun) [Word Notes] from 2021-01-19T08:00

An operating system program running in the background designed to perform a specific task when certain conditions or events occur.

As B2C interactions shift online, call centers become new fraud vector. from 2021-01-14T06:00

Guest Umesh Sachdev of Uniphore talks with Dave about how call centers are becoming the new fraud vector, Dave's story involves an email that has a Trump scandal .jar file attached that's really a ...

greyware (noun) [Word Notes] from 2021-01-12T08:00

Also known as spyware and adware, it is a software category where developers design the application neither to cause explicit harm nor to accomplish some conventional legitimate purpose, but when r...

Combating growing online financial fraud. from 2021-01-07T06:00

Dave switches gears and shares a story from the National Law Review with a social engineering spin to it about a theft exclusion in a title company's errors and omissions policy, Joe shares a story...

fuzzing (noun) [Word Notes] from 2021-01-05T08:00

An automatic software bug and vulnerability discovery technique that input's invalid, unexpected and/or random data or fuzz into a program and then monitors the program's reaction to it.

Unix (noun) [Word Notes] from 2021-01-05T08:00

A family of multitasking, multi-user computer operating systems that derive from the original Unix system built by Ken Thompson and Dennis Ritchie in the 1960s.

Encore: Don't go looking for morality here. [Hacking Humans] from 2020-12-31T06:00

Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infilt...

deep packet inspection (DPI) (noun) [Word Notes] from 2020-12-29T08:00

A network monitoring and filtering technique that examines both the header information and the payload of every packet traversing a network access point.

Encore: Separating fools from money. [Hacking Humans] from 2020-12-24T06:00

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Gra...

rootkit (noun) [Word Notes] from 2020-12-22T08:00

A clandestine set of applications designed to give hackers access and control over a target device.

tactics, techniques and procedures (TTPs) (noun) [Word Notes] from 2020-12-22T08:00

A set of behaviors that precisely describes a cyber adversary attack campaign.

Phishing lures that may be in your inbox soon, and how to deal "left of bang." from 2020-12-17T06:00

Joe talks about phishing lures with holiday packages, current events, and things he expects to see in your inbox soon, Dave's shares a blog post on how to troll a Nigerian prince, The Catch of the ...

identity theft (noun) [Word Notes] from 2020-12-15T08:00

In this case Identity is the set of credentials, usually electronic that vouch for who you are and theft is to steal. The theft of a person's identity for purposes of fraud.

The landscape has shifted for holiday shopping to online. from 2020-12-10T06:00

Joe provides some listener feedback on allowing site notifications, Dave shares good news in his story about taking down money mules, Joe's got not as good news about a phishing campaign targeting ...

Virtual Private Network (VPN) (noun) [Word Notes} from 2020-12-08T08:00

A software, hardware or hybrid encryption layer between two devices on the network that makes the traffic between the sites opaque to the other devices on the same network.

cyber threat intelligence (CTI) (noun) [Word Notes] from 2020-12-08T08:00

Information used by leadership to make decisions regarding the cybersecurity posture of their organization.

Going behind the scenes and preventing social engineering in financial institutions. from 2020-12-03T06:00

Joe has a story about fake websites with advanced profiling tools and malicious software by OceanLotus, Dave's story is about sites that ask if it's ok to send you notifications, The Catch of the D...

Network Time Protocol (NTP) attack (noun) [Word Notes] from 2020-12-01T08:00

A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destinat...

smishing (SMS phishing) (noun) [Word Notes] from 2020-12-01T08:00

From the intrusion kill-chain model, the delivery of a “lure” via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into ...

port mirroring (noun) [Word Notes] from 2020-11-24T08:00

A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, a...

The public's expectations are changing. from 2020-11-19T06:00

Dave has a story about the security risks of your outbound email, Joe's story is about a fake company, Ecapitalloans, using fake BBB affiliation, The Catch of the Day comes from a listener named Ma...

shadow IT (noun) {Word Notes] from 2020-11-17T08:00

Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitio...

Network Detection and Response (NDR) (noun) [Word Notes] from 2020-11-17T08:00

NDR tools provide anomaly detection and potential attack prevention by collecting telemetry across the entire intrusion kill chain on transactions across the network, between servers, hosts, and cl...

Ransomware: Statistically, it's likely to happen to anybody. from 2020-11-12T06:00

Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giv...

remote access Trojan or RAT (noun) [Word Notes} from 2020-11-10T08:00

From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice mad...

Too good to be true. from 2020-11-05T06:00

Dave has a story about a fake Facebook copyright violation scam trying to trick you out of your TFA to get into your account, Joe story about the largest elder fraud scam in US history, The Catch o...

business email compromise or BEC (noun) [Word Notes] from 2020-11-03T08:00

A social engineering scam where fraudsters spoof an email message from a trusted company officer that directs a staff member to transfer funds to an account controlled by the criminal. 

David Sanger on the HBO documentary based off his book, "The Perfect Weapon". [Special Edition] from 2020-11-01T08:00

On this Special Edition, our extended conversation with author and New York Times national security correspondent David E. Sanger. The Perfect Weapon explores the rise of cyber conflict as the prim...

The Malware Mash! from 2020-10-30T05:00

New consequences, extortion and cyber insurance. from 2020-10-29T05:00

Joe has a story about a woman who called a fake customer service number and got scammed, Dave's story talks about how phishing kits are not that. hard to find, just check YouTube, The Catch of the ...

anagram (noun) [Word Notes] from 2020-10-27T07:00

A word, phrase, or sentence formed from another by rearranging its letters. For example, cracking a columnar transposition cipher by hand involves looking for anagrams.

rogue access point (noun) [Word Notes] from 2020-10-20T05:00

1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2. A wireless...

Don't click any button...even the 'No' button. from 2020-10-08T05:00

Dave's story is about how some adware took a turn for the worse (and how his dad has fallen adware in the past), Joe's story talks about how someone is trying to phish AT&T employees and others, Th...

phishing (verb) [Word Notes] from 2020-10-06T05:00

From the intrusion kill chain model, the delivery of a “lure” to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive...

credential stealing (verb) [Word Notes] from 2020-09-29T05:00

From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, h...

The Bombe (noun) [Word Notes] from 2020-09-22T05:00

An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. The first bombe–named Victory and designed by Alan Turning and Gor...

Your information is already on the Dark Web. from 2020-09-17T05:00

Dave and Joe have some follow-up on mobile banking apps, Dave talks about the website bitcoinabuse.com, Joe's story Brian Krebs did on old Gmail emails and people using them either errantly or mali...

cross-site scripting (noun) [Word Notes] from 2020-09-15T05:00

From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 9...

penetration test (noun) [Word Notes] from 2020-09-08T05:00

The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military c...

Zero-day (adjective) [Word Notes] from 2020-08-18T05:00

A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the mome...

NMAP (noun) [Word Notes] from 2020-08-11T04:00

A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon L...

Send me money so I know you are real. from 2020-07-09T05:00

We have some follow-up, and this time, Joe was not right, Dave's story is about poison-selling scam, Joe about an impersonation site, The Catch of the Day claims to be notice of a United Nations pa...

Because they deserve the money! from 2020-07-02T05:00

Dave's story shows Macs are not immune, Joe talks about a dark place in his soul (aka survey scams), some listener follow-up saying Joe was right!, The Catch of the Day an advanced fee scam from th...

Seniors and millennials more alike than people think. from 2020-06-04T05:00

Dave has a ransomware story from inside a virtual machine, Joe talks phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple",...

Wearing a mask in the Oval Office. from 2020-05-28T05:00

Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA inte...

How scammers fill the gap. from 2020-05-21T05:00

Dave has a story on a possible Disney-styled phishing email, Joe has the skinny on a circular pyramid scheme, some listener follow-up, The Catch of the Day is a YouTube verification badge for you, ...

Every day you're a firefighter. from 2020-05-14T05:00

Dave and Joe have a follow up for a listener, Joe has two stories on different levels of effort of phishing schemes, The Catch of the Day is looking for a sugar baby, and later in the show our inte...

Exploiting our distractions.  from 2020-05-07T05:00

Dave has the story of PR firms selling lies online, Joe has the story of a sophisticated Business Email Compromise attack, The Catch of the Day advises you to update your account information IMMEDI...

Passwords are the easiest things to steal. from 2020-04-30T05:00

Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Exe...

Wallet inspector. from 2020-04-23T05:00

Dave warns of fake QR code websites stealing Bitcoin, Joe has the return of classic cons, the Catch of the Day forgets one crucial element, and later in the show, our interview with Kurtis Minder. ...

They're getting smart, but we're getting smarter. from 2020-04-16T05:00

Joe has the story of a cold-calling conman, Dave has a story of vindication for seniors who lost money in phone scams, the Catch of the Day has Joe doing his research, and later in the show my conv...

Even famous people get scammed. from 2020-04-09T05:00

Dave has the story of a Walking Dead actress raising money for a scammer, Joe has an article warning of Government websites giving bad security advice, the Catch of the Day tries to put the fear of...

Shedding light on the human element. from 2020-04-02T05:00

Joe has the story of a very exposing scam, Dave has the scoop on a rare BadUSB attack, The Catch of the Day is a 'lame scammer who needs to get a life' and later in the show our conversation with T...

Paging Dr. Dochterman. from 2020-03-26T05:00

Dave shares an example of modern-day snake oil, Joe brings us his favorite old-time scams, the Catch of the Day is straight from Dr. Dochterman - you really can't make this stuff up - and later in ...

Winking emoji. from 2020-03-12T05:00

Joe shares the story of a phishing website posing as the Singapore Police site, Dave shares a harmful, simple little message, the Catch of the Day drags her scammer through the mud and asks if he w...

Don't go looking for morality here. from 2020-03-05T06:00

Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infilt...

Fake news and misplaced trust. from 2020-02-13T06:00

Joe shares a collection of romance scams from the great plains, Dave has a report which uncovered a root system of fake news, the catch of the day comes straight from... Warren Buffett? Later in th...

I wouldn't want my computer to be disappointed. from 2020-02-06T06:00

Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is ...

They had no idea. from 2020-01-30T06:00

Dave shares a particularly exposing sextortion scam. Joe has a story of a million-dollar scam that targeted college students in Miami just trying to pay their tuition. The catch of the day comes st...

Flipping the script. from 2020-01-23T06:00

Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their ...

Life in the (second) age of pirates. from 2020-01-16T06:00

Dave has an account from a man who was almost scammed by an impersonation of his own close friend. Joe has the story of a sophisticated phishing scheme involving Microsoft Office 365. The catch of ...

Ransomware is a reality. from 2020-01-09T06:00

Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probabl...

Leading by example and positive reenforcement. from 2020-01-02T06:00

Dave has a warning from a galaxy far, far away. Joe has a report of a scam attempt on a listener who fancies fancy pens. The catch of the day features a Tinder dating app bot scam. Our guest is Den...

Managing access and insider threats. from 2019-12-19T06:00

Joe's wife has been getting suspicious shipping notices. Dave describes a phone scam where crooks intercept phone calls. The catch of the day turns the tables on a would-be scammer. Carole Theriaul...

If you didn't ask for it don't install it. from 2019-12-12T06:00

Dave describes a gas-pump hidden camera scam. Joe shares the story of a fraudulent Microsoft Windows Update notice. The catch of the day involves a scammer making use of an online celebrity's profi...

I really wanted that shed. from 2019-12-05T06:00

Joe shares the story of a woman losing her life savings to a scammer claiming to be from the FBI. Dave describes the $139 shed scam. The catch of the day is another threat of revealing compromising...

Security has to be friendly. from 2019-11-21T06:00

Dave wonders about Juice Jacking warnings. Joe shares findings from Agari's latest email fraud and identity deception report. The catch of the day promises romance in exchange for airline tickets. ...

Skepticism is the first step. from 2019-11-14T06:00

Joe shares stories of typo-squatting. Dave reminds warns us against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer. Carole T...

When you are the target, objectivity is gone. from 2019-11-07T06:00

Joe shares a report on who's more susceptible for scams. Dave shares a story from a listener who what hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to sca...

Don't dismiss the fraudsters. from 2019-10-31T05:00

Dave describes a credential gathering scam targeting users of the Stripe online payment system. Joe responds to an email message from his boss, and learns a valuable lesson. Our catch of the day fo...

The ability to fundamentally deceive someone. from 2019-10-24T05:00

Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of...

The fallacy of futility. from 2019-10-17T05:00

Dave describes a ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the illuminati. Ray [REDACTED] ret...

Don't trust ransomware to tell you its real name. from 2019-10-10T05:00

Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the ...

The ultimate hacking tool. from 2019-10-03T05:00

Joe reviews highlights from a Proofpoint report on the human aspects of cyber attacks. Dave describes the FTC's cases against online dating site Match.com. The catch of the day comes straight from ...

The usefulness of single sign on. from 2019-09-26T05:00

Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Fac...

An ethical hacker can be a teacher. from 2019-09-12T05:00

A listener updates us on "notice of arrest" policies. Dave notes increased instances of Google Calendar spam. Joe shares a claim that AI voice mimicry was used to dupe a company out of nearly a qua...

Think before you post. from 2019-09-05T05:00

Follow-up from down under. Joe shares the story of a Mom scammed out of Gaelic Football League tickets. Dave describes a bounty hunter hoaxing suicide threats to get location information from mobil...

Securing your SMS. from 2019-08-29T05:00

Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves Sou...

Backups backups backups. from 2019-08-22T05:00

Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a...

Swamping search results for reputation management. from 2019-08-15T05:00

Dave shares the story of a small community hospital dealing with a ransomware attack. Joe reviews the different types of extortion emails. The catch of the day is an inheritance scam from Canada. C...

Positive pretexting on the rise. from 2019-08-08T05:00

Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian...

Images are the language of the brain. from 2019-08-01T05:00

Dave outlines a church donation scam. Joe shares reporting from Ars Technica on romance scams coming out of Africa. The catch of the day is courtesy of London comedian James Veitch Our guest is Gar...

Looking after Dad. from 2019-07-25T05:00

Joe shares a story on the market economy of phishing. Dave explains how gamers are being taken advantage of on popular chat app Discord. The catch of the day included a little bit of showbiz razzle...

The skills gap disconnect. from 2019-07-18T05:00

Dave shares a listener story of scammers calling drug stores to try to gather customer rewards points. Joe describes federal contractors being scammed out of over $10 million of hardware, some of i...

Know and spot the patterns. from 2019-07-11T05:00

Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engag...

Encore — Separating fools from money. from 2019-07-04T05:00

We're taking a break for the Independence Day holiday in the US, so enjoy this episode from the early days of our show.
Dave shares a story of airport penetration testing with high degree of y...

Be wary of all emails. from 2019-06-27T05:00

Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor ...

The knowledge / intention behavior gap. from 2019-06-20T05:00

Joe shares the story of an elaborate check fraud scam involving HR impersonators. Dave reads an email from a listener who got phished by his own company, and has questions about authorization app v...

Just because I trusted you yesterday doesn't mean I trust you today. from 2019-06-13T05:00

Dave describes researchers spotting scammers on dating sites using AI. Joe shares a phishing scheme that asks users to manage undelivered mail. The catch of the day involves cute puppies and Mogwai...

The best way to break in is to walk through the front door. from 2019-06-06T05:00

Joe describes one of history's great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day inv...

Be willing to admit you don't know everything. from 2019-05-30T05:00

Dave reviews Google's recent security report on basic account hygiene. Joe describes passive social engineering, including USB charging stations at airports. The catch of the day exposes a trunk bo...

People aren't perfectly rational. from 2019-05-23T05:00

A listener writes in with the results of his phishing attempt on his wife. Joe describes research from F-Secure on the most dangerous email attachment types. Dave shares the story of scammers imper...

Live at KB4CON 2019. from 2019-05-16T05:00

It's a special edition of the Hacking Humans show recorded live at the KB4CON conference in Orlando, FL. Join Joe, Dave and their special guests Stu Sjouwerman, KnowBe4's CEO, and Kevin Mitnick, wo...

A data-driven approach to trust. from 2019-05-09T05:00

Joe describes a church scammed out of millions of dollars. Dave shares good news about a group of scammers being apprehended and arrested. The catch of the day involves a Vietnamese investment offe...

Twitter bots amplifying divisive messages. from 2019-05-02T05:00

Followup from listeners on Google search result scams. Dave describes the city of Ottawa sending $100K to a fraudster. Joe shares results from the FBI's Internet Crime Report. The catch of the day ...

Let's play, "Covered by cyber insurance — true or false?" from 2019-04-25T05:00

Dave and Joe answer a listener question about a mysterious Netflix account. Dave describes a service for Airbnb scammers. Joe explains a particularly "nasty" Instagram scam. Carole Theriault interv...

I have been practicing honesty and truthfulness my whole life. from 2019-04-18T05:00

Followup from an Australian listener. Dave shares a Paypal scam leveraging Google ads. Joe describes TechCrunch reporting on a spam service that was left out in the open. The catch of the day promi...

Scammers have no ethics whatsoever. from 2019-04-11T05:00

Joe describes a study of people's perceptions when presented with a magic trick. Dave shares the story of fake boyfriend app. Our catch of the day involves the promise of millions from a bank in Af...

Girl Scouts empowering cyber security leaders. from 2019-04-04T05:00

Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of ...

Pick a persona to match the goal. from 2019-03-28T05:00

Followup on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catc...

Kids are a great target. from 2019-03-21T05:00

A listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest is Frances De...

When we rush we make bad decisions. from 2019-03-14T05:00

Joe tracks the surprising number of malicious links hosted on legit websites and why it's dangerous. Dave describes an extortion scheme targeting podcasters. Our catch of the day involves a lonely ...

Don't assume younger people get it. from 2019-03-07T06:00

Followup on last week's TLD discussion. Dave shares a sextortion scam with a tragic ending. Joe highlights conveyance scams that rely on certain days of the week. Our catch of the day features a we...

Delivering yourself to a kidnapper. from 2019-02-28T06:00

Joe describes fraudsters taking advantage of top-level domain name confusion. Dave explains how a Google Nest security system shipped with an undocumented microphones. Our catch of the day involves...

Stop and think before you click that link. from 2019-02-21T06:00

We've got followup from a listener on cognitive dissonance and behavioral science. Dave shares a listener story about a University Dean's List scam. Joe shares statistics from a government agency p...

The trauma is multifactored. from 2019-02-14T06:00

On this Valentines Day edition of Hacking Humans, Joe and Dave examine romance scams, including the sad tale of woman bilked out of hundreds of thousands of dollars. There's a silly, non-murdering ...

Make it seem like the real answer is impossible to know. from 2019-02-07T06:00

Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day inv...

The excitement of tricking someone wears off quickly. from 2019-01-31T06:00

We've got followup on bank scams and ransomware. Joe describes a highly sophisticated multinational business scam. Dave shares a story about private school parents falling for a Bitcoin discount sc...

Opening your eyes to the reality in which we live. from 2019-01-24T06:00

Dave reviews tips on protecting yourself from ransomware. Joe describes a clever way to trick people into enabling macros. An attempt at celebrity friendship is our catch of the day. Carole Theriau...

Prisoners have nothing but time. from 2019-01-17T06:00

Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our ...

Trained humans are your strongest link. from 2019-01-10T06:00

Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day o...

At some point you're probably going to have to do some running. from 2019-01-03T06:00

Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to a...

Truth emerges from the clash of ideas. from 2018-12-20T06:00

We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's c...

A pesky problem that doesn't go away. from 2018-12-13T06:00

Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Guest Chris Bailey from Entrust Datacard teaches...

Bringing trust to a trustless world. from 2018-12-06T06:00

Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a f...

Be very aware of your desire to be right. from 2018-11-29T06:00

Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases.
Links:
Wikipedia page on U...

CEOs can be the weakest link. from 2018-11-15T06:00

Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of th...

Human sources are essential. from 2018-11-08T06:00

Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experie...

Scams are fraud and fraud is crime. from 2018-11-01T05:00

We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of th...

Fear, flattery, greed and timing. from 2018-10-25T05:00

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radclif...

Waste my time and I'll waste yours back. from 2018-10-18T05:00

Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoy...

Information is the life blood of social engineering. from 2018-10-11T05:00

Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering.

Have a ...

Easier to trick than to hack. from 2018-10-04T05:00

Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Ma...

Kidnappers, robots and deep fakes. from 2018-09-27T05:00

Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology an...

Stringing along a scammer. from 2018-09-20T05:00

Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian e...

Influence versus manipulation. from 2018-09-13T10:00

Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security. 
Links to s...

Real estate transactions in the crosshairs. from 2018-09-06T10:00

Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering tre...

Red teaming starts with research. from 2018-08-30T10:00

Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White.
Links to ...

Telling the truth in a dishonest way. from 2018-08-23T10:00

Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awarene...

Sometimes less is more. from 2018-08-16T10:00

Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Loo...

Focus, technology, and training fight phishing. from 2018-08-09T10:00

Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And Da...

Luring unsuspecting money mules. from 2018-08-02T10:00

Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint descri...

Nothing up my sleeve. from 2018-07-26T10:00

Dave shares a story of deception right out of Hollywood.
https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932
Joe proposes changing the financial incentives for sc...

Think like an attacker. from 2018-07-19T11:00

Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Toba...

Presidential prank, pensioner pilfered. from 2018-07-12T11:00

Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Ar...

Phone scams, phantom employees and sitting Ducks. from 2018-07-05T11:00

Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul D...

Separating fools from money. from 2018-06-28T11:00

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Gra...

Playing on kindness. from 2018-06-21T05:00

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from ...

Gaming pro athletes online. from 2018-06-14T05:00

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. 
Stephen Frank from the National Hockey League Players Association joins...

A flood of misinformation and fake news. from 2018-06-07T05:00

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. 
Professor Stephen Lewandowsky from the University of Bristol...

Social Engineering works because we're human. from 2018-05-30T05:00

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy s...