Hacked - The Crying Call
Episode Date: April 1, 2022The story of a social engineering grift that starts with someone crying. If you like the show and want to make sure we can keep making it, please subscribe, and if you can visit https://www.patreon.c...om/hackedpodcast and show us some love. Thanks to our sponsor Command Line Heroes. Check out the show right over here -> https://link.chtbl.com/commandlineheroes_cyoa?sid=s9.podcast.hacked Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
A software engineer named Richard Mendelstein walks into a bank in New Jersey.
Approaches the teller.
And Richard has his phone out as he walks up.
He's got someone on the line with him as he goes into this bank.
And Richard, the software engineer, says something to the effect of,
I need to withdraw $4,000 cash.
The bank teller goes to get him the money.
And when the bank teller comes back with the cash, Richard has, like, while they were gone,
he's found a piece of paper and he's scrawled something on it with the little pen off the counter.
And he's holding this note that he's written and he's got his phone in the other hand and he hasn't given the note over.
And he's staring at the phone and he's starting to panic because the call that he was on when he walked into the bank had hung up.
The line had gone dead.
And Richard, phone in one hand, note in the other, starts to freak out in the middle of this bank.
and he looks at the teller and he doesn't give over the note and he just takes the money,
looks at the phone, and he bolts.
The teller watches as he leaves with the money, the phone, and the note that she never got to see.
Which we now know reads as follows.
My daughter has been kidnapped.
Here's the kidnapper's number.
Here's my wife's name and number.
But Richard is long gone.
A little bit of trigger warning.
The following audio is a little bit distressful.
Who is this?
Who is this?
Richard Mendelstein got a call that sounded like that.
Please, whatever you do, please just don't hurt my mom.
Or this one.
I will do anything you want.
All my money you can have.
I'm helping you, man.
I'm giving you all I can.
I'll give you anything you want, man.
Neither of those two exact recordings, but one pretty similar to it.
And there are a lot of recordings kind of like this.
The FBI has a name for what was happening.
happening here. They don't actually handle them anymore. It was happening too much. They call them
virtual kidnappings, which is a pretty bad name for them, which we'll get to why. But what they are
is a story about people using technology at their disposal in unintended ways to unintended effects.
So we're going to talk about this very fascinating piece of social engineering on this episode
of HACT.
Scott, how you doing?
I'm doing great, Jordan.
How are you?
I'm doing good.
You staying warm over there?
I was very warm yesterday, not so warm today.
Question for you.
What is the best way to support this show?
Well, if you want a drop-ship mattress company, we'd love to have you as a sponsor and
advertiser.
But I think for the average listener, the easiest way is definitely Patreon.
Patreon.com slash.
Hacked podcast. Best way to support the show, according to Scott.
According to me. Yeah. And I'm rarely wrong.
You heard it here first. Patreon.com slash hackpodcast if you want to support the show.
Big thanks to all of our patrons on Patreon because this month, this episode, we are going to be hitting a pretty big milestone.
This one, if all goes according to plan, is going to be our millionth download.
Let's go.
Congratulations, Scott.
Congratulations to you too, Jordan.
Appreciate that, buddy.
Big milestone for us.
Thank you to everyone who's been kind of just listening from day one a bajillion years ago.
Everyone who stayed subscribed when we stopped producing it for a hot second there.
Thank you.
Yeah, there was a whole TV venture that spun up and spun down.
We've been, our story has multiple arcs.
Our story has multiple arcs.
That name.
virtual kidnapping.
It's not the best name.
It's kind of a misleading name.
What it does do is get you really good headlines.
Of course.
Criminals are staging a devious new kind of kidnapping,
and the FBI is stumped.
Great headline, right?
It's a new kind of kidnapping.
Well, the, you know,
the word kidnap is like, I don't know,
I'm not a parent,
but I can only imagine it to be the most, like, powerful term,
you know, to just,
100%. Have somebody take your child and make you essentially powerless in that situation is probably
the most frightening thing in the world. Yeah, you hear that a new kind of kidnapping, a virtual kidnapping,
and it gets your heart rate up a little bit. Absolutely. The trouble with all of them is that they
imply a kidnapping of some kind. Sure. And this term does not apply to a kidnapping of any sort.
It's a social engineering people hack.
virtual kidnapping would imply that like, oh, the thing being kidnapped is virtual, right?
Like when you hold something digital ransom, that we have another name for that, it's ransom
where we talk about it all the time.
Calling this a virtual kidnapping is using virtual in a very traditional sense of the word,
where you would use it to mean like practically as described, but technically not quite.
The way you might say there's virtually no way that could happen or there's virtually no way
to control that.
Basically, for all intents and purposes,
not technically quite for, you know, a small exception.
And the exception in this case is the kidnapping part.
So virtual kidnap actually just means not kidnapped.
It means like a fake kidnapping, like a theater, like a kidnapping ruse.
Which brings us back to Richard Mendelstein, not his real name, the morning all of this kicked off.
Richard, 56 years old, software engineer at Google, who, according to the coverage of this by David,
Cushner is the kind of guy to like watch out for fishing schemes and not click on funny links
and store his password in like a little encrypted folder knows what's up when it comes to
cybersecurity. Sure, he's passed the corporate cybersecurity checklist exam every year. You know,
he challenges the test. He gets through it, no problems. He knows what's up. He's got it figured out.
He knows what the term fishing means and he tells his friends about it. I got you.
I know what we're talking about.
In July 29th, at 11 o'clock in the morning,
Richard gets this call.
Richard's daughter has been attending Northwestern University as a junior,
and Richard gets this call,
and his call, like all of these calls,
that happen all over the world,
goes basically the same way.
Richard hears...
At which point, someone grabs the phone away and says...
Listen very carefully.
We have your daughter.
You do exactly as I say.
nothing will happen. I just want money. Don't hang up. Don't talk to anyone. Don't take any calls.
Don't text. At which point, the other big character in this whole story, Richard's wife,
walks into the room. She asks, are you okay? But the kidnapper is still on the line with Richard
and just told him not to talk to anybody and told him, you know, I can hear everything.
So Richard doesn't say anything because he doesn't want to get his daughter hurt.
And in what I'm sure was like a really awkward moment in their kitchen, you know, staring at his wife, holding his phone, he just gets up, walks out of the room, walks outside, gets into his car and drives off.
Leaving his wife just like standing there in her kitchen with no clue what is going on.
Yeah.
Confused.
Richard at this point is now following the kidnapper's instructions and is driving to the bank from the opening story.
And on the way, the kidnapper is like making him.
rattle off all the street names as they rush by to prove that he's actually heading to this bank.
And Richard's phone is lighting up with, hey, husband, like, where did you go?
That was scary and weird, text messages and calls from his wife.
But he can't take them because the kidnapper is on the line with him listening the entire time,
keeping him on this call.
He's always being kept on this call, which is a big part of this, and we'll talk about that later.
Sure.
He gets to the bank, he goes inside, he writes the note,
doesn't give it over, and he walks out with $4,000 in cash.
While he was in there, the call for whatever reason got cut off.
So there's this little lull, this little patch where he isn't being surveyed by these scammers,
where the kidnapper can't hear it.
So he calls his wife, and he gets in his car, and he starts to drive to the police station.
She picks up the phone.
He says, our daughter's been kidnapped, and she says, how do you know?
And he says, because I spoke to her.
Like he heard her, right, on that phone call.
That was her, right?
Right?
Right?
And right as he's ripping into the parking lot,
right in front of the Montgomery Township Police Department,
the kidnapper calls him back.
Richard hangs up on his wife and he answers the call.
So typically in these scams and really,
the social engineering phase of a lot of the hacks we talk about here,
there are like stages to it, almost like an act structure.
And the closer you can keep it tuned,
to that act structure, the better it's going to go.
Of course, yeah.
And it's at this point that that order gets shuffled just enough as to start to unravel.
The whole point of like a people hack like this is that the line never goes dead.
There's never a moment where you're not like adrenaline pumping on the line with the kidnapper.
Sure, yeah, yeah, yeah, yeah, you're fighting anxiety.
You're constantly just trying to solve this situation.
You're in panic mode.
Oh, God, I got to fix this.
And for Richard, that's basically what happens.
Aside from this little blip as he's walking out of the bank and he calls his wife,
aside from that, he is on the line the entire time.
And as soon as he gets to the police, the kidnapper calls him back and he's back in it.
He's back on that roller coaster ride.
Because the call got cut off and he was able to ring up his wife, who Richard just hung up on,
she is now sitting there in her house going like, oh my God, what is going on?
who are these people? Do they have my daughter? What is happening to me right now?
I can pick up my phone and I can call the daughter and I can do all where the husband can't.
She's not on the roller coaster I driving around like Liam Neeson.
Yeah, she's free to have the very rational thought that you just did.
I should probably try calling my daughter.
And her daughter picks up and says presumably like, hi mom.
What's going on?
What's new in your world?
Yeah, what's good?
How's dad?
How's dad doing?
And she says,
dad says you've been kidnapped.
And the daughter goes like,
no,
I'm good.
I'm fine.
But the mom,
the first thing the mom thinks is like,
oh,
maybe this is all part of the ruse.
So she makes her daughter
FaceTime her to prove she's not like at gunpoint.
And her daughter shows up on the camera and she's fine.
And so the mother says,
like,
where are you?
And she says,
with a friend.
The mom says, let me see the friend.
And the friend, like, leans into the face time frame, this little wave.
And once the mom is convinced that her daughter's okay,
and the adrenaline starts to kind of wear off,
and the sharpness starts to get a little bit fuzzier,
she's gotten off the ride, you know, like the engineering has failed,
the ax structure has been broken.
Yeah, exactly.
You've been pulled, you've been removed from the play.
Now, they broke the third wall.
They turn the lights on in the theater and you can see that the floor is a little sticky.
Yeah.
And the mom says, okay, my daughter's at school.
She hasn't been kidnapped.
She's okay.
And the next question that pops into her head is where the fuck is my husband going with $4,000 cash?
And who is going to be there to meet him?
We're going to get to that right after the break.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late,
an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world
where attackers are already using AI.
They created the Aurora Super Intelligence Platform,
a fully agenetic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs,
this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SSC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform
so every AI-driven decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to ArcticWolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches, from sophisticated ransomware operators to AI-enabled to
attacks that turn defenses on their head. Organizations around the world saw headlines they never
expected and cybersecurity teams were tested like never before, but here's the thing. These incidents
aren't just news headlines. They're learning opportunities. And that's why Arctic Wolf is hosting a
live webinar on February 5th diving the most impactful breaches of 2025. Their field CTO and security
leaders are going to unpack not just what happened, but why these attacks succeeded. And most
importantly, what businesses can do to fortify their defenses for it's too late. You're in a
walk away with real insights and how threat actors are evolving, how defenders are responding,
and what strategies can help you stay ahead of the next big breach. It's not fearmongering. It's practical,
actionable, intelligence from experts in the trenches. Register now at arcticwolf.com slash hacked.
I just like, I feel like you could just do this better, you know? Yeah, how would you improve on this?
I think the first thing I would do is, you know, I would make sure that I was in control, like, you know,
Let's lean into the virtual side of this and the digital side of this.
Sure.
Like if you digitally kidnap somebody, i.e. you were to take control of their mobile phone
or have control of their social, you know, social networking, Instagram, etc.
You could make it much more convincing.
Like imagine the phone call came from the daughter's cell phone rather than just some, you know,
random number.
Like I feel like they could be better at this, you know, and that's probably not a great thing
to say, but it's like,
I get that it works,
and it's essentially like a hard ruse
where you pull somebody in an emotional window
and, like, you feed them full of adrenaline
and you force them to do something
or else, you know, under the guise
of a serious threat to their, like,
close family, but I feel like, you know,
from the hacked perspective,
from the digital's perspective,
I feel like they could really tighten up
their game, you know?
For sure.
If you were taking a targeted approach of doing this,
you could probably keep someone on throughout a bunch of,
no, I think this isn't quite right, or something seems off.
You could probably get over a lot of those hurdles
if you could prepare for it and if you could target it.
Well, I'd just think about like,
we've talked about some pretty amazing digital heists on this show
where it comes to like, you know,
getting people access to people's cell phones to bypass,
two-factor authentication,
to get another Bitcoin.
We've seen and talked and discussed about people going farther, doing more.
This just seems like a lazy ransomware method
where it's like we just call people until somebody bites.
It's like it's the same thing as the,
I get 100 phone calls a day saying that I'm being arrested
for not paying taxes or border security stuff or whatever.
And I just ignore them all.
Like there's actually Apple, I don't know if you,
you knew this, but has introduced a new setting where you can just ignore all phone calls from
people that you don't know.
Hmm.
Which is like, in a business perspective is like a scary thing to do.
Sure.
It's not a no number to send it to voicemail.
It's going to hurt.
But it's like I literally, there's certain days that go by that I get like 95 of these like spam
phone calls.
It's like I haven't bitten on the first 2,000 of them.
Why do you think the 2,000 and first one's going to work on me?
Sure.
Yeah, we make a show called Hacked,
so I kind of think about what constitutes a hack a lot of the time.
And I like the, it's using technology in unintended ways.
Like if there's a use outside of what has been designed,
that's when you're getting into it.
And I think that it's really interesting you bring that up
because where these calls are coming from and who is doing them
changes the nature of what this is in a really cool way.
I also get a lot of those calls.
I've never got one of these calls before.
The calls I get are, I think, the same one you just mentioned.
I get the CRA call, which is the Canadian version of the IRA,
like the you've been flagged or your name.
IRS.
IRS, thank you.
I get the sense, I don't know what to do with this thought,
but I get the sense these are really common up here in Canada.
And I presume over time, like the most effective tactics for those calls
become the most common until their commonness reduces their effectiveness,
if that makes sense?
Yeah, 100%.
And I find it really interesting that here in Canada, the most common emotion they're trying to get at is like, oh, you broke a rule.
Like that's the thing that Canadians have revealed themselves to be susceptible to is like, oh, you didn't check a box.
I'm sure you didn't mean to do that.
And then we clamor to make the thing okay.
We're going to put you in jail.
No.
That is, I never thought about it like that.
That is true.
Canadians, we just have like the softest form of this, you know, in America, they're kidnapping
children or pretending to. And in Canada, we're like, you didn't fill out your paperwork
at the border correctly. And you're like, oh my God, take my visa number. I'm so sorry.
I remember that one time I did this in 2004.
Speaking of this in the United States, explosions of virtual kidnappings, like pop off in the
summer of about 2015 or so. When the FBI started to get.
calls. They got a call about a run of fake kidnappings in Southern California, specifically
in area code 310, which is all of West L.A. And it's like a famous area code. And it's the same
thing every time. Person gets the call. There's someone on the other line, out of breath, crying,
you know, help me, help me. They think, is that my relative? And then a ransom demand.
And there's thousands of these things start coming in. One woman, one of the early ones,
did what Richard did. She wrote a note to a bank teller, but she actually handed it over.
The cops came.
But it started happening like all the time.
I think right now in the States it is the third most popular kind of phone phone phone.
Wow.
A guy in Missouri whose mom got taken.
His air quotes run all these.
A pastor in Memphis whose daughter got taken.
A lady who went down to Mexico with her husband and they got like a cartel-themed one.
It happened to a cop in L.A.
Which, speaking of law enforcement, this essentially doubled in 2020.
And while most law enforcement now,
knows about it and can go, oh, this is a fraud when they get one of these calls. In 2022, a bunch
of them still haven't heard about this, which creates this domino scenario where you not only
have loved ones of the purported victim running around trying to solve this problem, doing all
of this like kind of reckless, just trying to solve a problem kind of behavior. You now also
have cops running around trying to solve what they think are kidnappings happening in progress.
Yeah, sure.
To quote FBI agent Eric Arbuthnot, quote,
jumping fences and breaking down doors.
So you have fake kidnappings prompting very real chaos.
Sure, fake kidnapping prompting real responses.
All starting with just that little social engineering glitch moment
of someone crying on a telephone.
It's amazing.
You've got to imagine how many people get that call
that don't even have kids.
You know?
Yeah.
Yeah.
Because that would be something of interest is like how are they at least filtering their call lists?
And like are they doing any kind of pre-filtering to be like,
these people don't actually have children.
Like, let's not call these people.
Or are they just kind of wholesale calling?
Like call everybody.
You know, for every thousand calls we make one person, you know, bites.
So we just need to make enough calls.
I bet if they could check, they would.
And we'll talk about why they can't check pretty soon.
Oh, let's go.
Within an hour, word about what was happening to Richard Mendelstein had started to get out.
Presumably, his wife had talked to one person and kind of word had started to spread amongst their friends and family.
One cousin had heard a rumor that people had hacked Richard and had his bank account, and that's why he was driving around.
There was another rumor.
His wife heard that the kidnappers were actually with him and had him at gunpoint.
which she didn't really know whether or not that was true.
And, you know, when a story like this sort of pops up inside of a social ecosystem,
it did as they tend to do, and it revealed other people's stories.
In short order, people started saying, oh, this happened to me too.
Like her sister's friend thought her daughter got kidnapped,
her brother-in-law's grandpa got tricked about his grandson,
all of them having the same experience of what is real, what is going on,
what's happening, none of which answers that question for his wife, who's just sitting there,
no clue where her husband is going. Practically speaking, how is this done? My first theory was that
they were going to have, I've been reading a lot about the technology that's being used to coordinate
communications inside of the Ukraine right now. When Russia destroyed a bunch of the data towers,
they created a situation where they couldn't use WhatsApp or any encrypted messaging system.
because they needed access to the internet.
So all they had access to them was cell phone coverage.
So they started having to use essentially very fancy sim hub auto dialer type machines.
And there was a guy who got arrested in the Ukraine,
allegedly working for Russia,
who had one of these sim hubs,
these little kind of machines that allow you to act as a repository
for a bunch of different calls coming and going out.
He was essentially acting as like a little telephone switching booth when they found him.
Crazy.
So my first theory was that,
that they would have had one of these SIM hub type machines,
which is not how this is being done.
Which brings us to the reason it started in the States
in a famous area code like 310 in West L.A.
Like just about any other phone-based social engineering scam hack type thing,
this is a numbers game.
And in this case, it is a pen and paper numbers game.
You pick an area code and you start to work your way down a list of all the possible nine-digit number combinations.
And though 99 might hang up, as long as you get the right one,
as long as you get that person for whom hearing that crying on the other end of line
causes that little kind of glitch in their brain where panic starts to eat away all the reason,
you can get them.
Apparently a big part of the script, like the sort of engineering turn,
that lets you get a person is when the interaction goes,
help me, help me.
Jenny, is that you?
And then you jump on and say, we have Jenny.
And they go, oh my God, they have Jenny.
Sure, of course, yeah.
Because you revealed that the person's name was Jenny.
And you just keep moving, moving, moving.
They kept Richard moving in his car on the line,
having just left the police station,
upstate to a town called New Brunswick,
to this specific location.
Like the kidnapper knew the streets.
He knew exactly where he was sending Richard.
And Richard is driving, and he doesn't know what's going to be at this address, but he is taking $4,000 there.
It turns out that Richard was being directed to a very dodgy money wiring place where he was told where to send the cash.
There is a community outside of Houston called the Woodlands.
It's like a rich neighborhood, a lot of oil money.
And a couple years ago, one of these calls unfolded there, exactly as you think it would.
Mother gets the call.
She hears the crying.
they say we want $25,000, she goes to get the money and she takes it to the drop point.
The difference in this case is the drop point.
Instead of like a money-wiring place in a bad part of town, it was an elementary school near Houston.
She was told to drop it off in a garbage can and someone's going to come pick it up.
At which point, a woman named Yonette Rodriguez-A-Costa came and got the money from that garbage can
and was spotted by a surveillance camera.
And a SWAT team picked her up shortly after.
Wow.
And it is here that we find out where these calls have been coming from, who has been doing these calls, why they've been doing it in the very analog pen and paper way that they've been doing it.
Annette, who picks up the money, is the girlfriend of a man named Ismail Brito Ramirez, a 38-year-old serving time in Mexico City on murder and kidnapping charges currently in a prison.
We're not going to dip our toes into the world of physical in real-life kidnappings in Mexico.
is way too big.
It's way beyond the scope of this episode.
Absolutely.
But starting in about 2006, Vox described it as they essentially became democratized.
It went from being something that happened to high value, high profile targets,
to something that would happen to like a teacher,
something that affects middle class people.
People get more afraid of it happening,
which then opened the door to this thing that we're talking about,
which is social engineering surrounding that fear.
People are so skisking.
of kidnappings because they happen so much that you don't even have to kidnap anybody,
you just have to convince someone that you have.
Sure.
Where fear of one crime becomes the main ingredient in another.
Which is all to say that this guy Ramirez, Yennaz's boyfriend, finds himself in prison.
And he's heard about virtual kidnappings.
He knows about this.
It's a thing.
It's all very profitable.
And Ramirez has this little advantage, which is that he speaks English with a super accurate
American accent.
And it gives him this idea
to export this
grift to a place where
they don't know about it yet, where it's not
this super familiar story.
It's not like a Nigerian prince email that
everyone's heard about it. It's like
it's a surprise.
Sure. Yeah. People aren't desensitized to it yet.
And
who has time seven days
a week, 12 hours a day
to make call after
call after call, horrible success rate be damned until someone bites.
I feel like you already answered this, but I'm shocked that prisoners have that much phone time,
but I guess they probably get cell phones in jail.
So Ramirez gets a bunch of burner phones.
Apparently that's a big part of it.
Smuggling phones into prison, very, very common thing.
Having a phone in prison, relatively common thing.
So he cooks up this laundering system.
where victims like Richard transfer the money down to Mexico
and a mule picks it up on the far side of the border
or at a drop outside of a school in the woodlands near Houston.
And suddenly he's built this little like phone crime ring
kind of structured around this social engineering hack
running from right inside of a prison.
At a few thousand dollars at a time,
the feds generally don't care about this that much.
It kind of starts to fly under the radar pretty quickly.
Ramirez does get caught after the Woodlands bust.
He gets charged with conspiracy to commit extortion, wire fraud, and money laundering.
But that kind of just reveals the real problem with this, which is, you know,
oh, throw the book of these people.
I've already had the book thrown.
You can't threaten them with more jail time.
They're in jail.
I guess I'm not getting out on good behavior.
I'm just going to spend more time making money in jail.
Yeah.
Like you got a bunch, especially when you got a bunch of people in jail that are probably not
going to leave for most of the rest of their life and you figure out a clever new crime that
you're uniquely equipped to do inside a prison in this really low-tech way. It makes sense that
it's going to grow pretty quickly. And especially like the outsourcing. I'm sure there's,
you can bring other prisoners in from other institutions and just get the, build the corporate
structure, you know? Which it does. It spreads other cities in Mexico and then down to Puerto
Rico in the Dominican Republic. In Tamilipas, prison officials try to,
to install equipment that would prevent inmates from making calls on the cell phones they've
smuggled in. But the technology that they used was so powerful that turned off service throughout
most of the city. And when you think about it, with just how many people are in prisons,
at a certain point, this turns into what a lot of hacking stories do, which is like you're
going up against the hive mind. Even if you come up with a solution, it's only a matter
of time before one of 100,000 people comes up with a solution for your solution.
So Richard transfers the $4,000 down to Mexico.
Sends the money off, and he exhales.
He gets off the call with the kidnapper.
He's standing there in the parking lot, and he checks his texts.
And he sees a bunch of stuff from his wife.
So he calls her out to find out what's happened.
And he finds out his daughter is okay.
He got hacked, he got tricked, but all is well.
Richard, the thing I find interesting about this is that Richard is a software.
engineer at Google. He knows what a fishing scam is. If we knew his real name, it is not
unreasonable to think he could probably be a subject matter expert on something on this show.
Sure, yeah. The idea that he would ever get a scam email or a text or see a pop-up or answer
almost any other kind of call like you said that would result in him at a money-wiring place
sending a weird amount of cash to Mexico is preposterous. But social engineering is
really, really powerful.
And it functions almost like a joke
where it doesn't work as well if you've heard this one before.
But if you aren't familiar with the punchline,
it can kind of catch you off guard a little bit.
Like it'll sneak up on you.
That a guy like him would get got by it,
I find that very, very fascinating.
And it makes me think that maybe it's not a kidnapping call,
but that there's some kind of call or text or message I could get
that would make me fall for something like this too.
Everybody has a trigger, right?
you know, whatever it is.
Thanks for listening, everybody.
Looking based on last
episodes, downloads that we've got a bunch of new
folks who have joined us, maybe for the first time.
If that's you and you've made
to the end of this episode, thanks.
Really appreciate you being here.
Happy to have you.
Let's cite a couple sources here.
First up, the big one in this is
We Have Your Daughter by David Kushner,
ran an insider. It was a big source for this.
And it is a interesting, you know,
punchy read.
more to that story than we got into in this sort of outside of the hack scope so if you're interested in
this highly recommend you check that out there's also voxas piece by rory smith on the democratization
of kidnappings in mexico also a fascinating interesting story again outside the scope of this
episode but totally worth a read thanks again for joining us and we will catch you in the next one