Right About Now with Ryan Alford - You Might Also Like: Hacking Humans
Episode Date: January 28, 2025Introducing Crypto chameleons and star fraud. from Hacking Humans.Follow the show: Hacking Humans On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily sp...ace podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week we jump right into stories, Maria shares Apple’s new AI feature and how it is unintentionally rewording scam messages to make them appear more legitimate and flagging them as priority notifications, raising concerns about increased susceptibility to scams. Joe has two stories this week, the first focuses on two individuals, including an inmate using a smuggled cellphone, being charged with defrauding a Sarasota woman of $12,000 in a jury duty scam involving spoofed law enforcement identities and Bitcoin transfers, with authorities urging vigilance against such schemes. Joe's second story is on a LinkedIn job interview turned hacking attempt when a technical challenge contained obfuscated code designed to gather crypto wallet information from the user's computer; the scam highlights the importance of carefully reviewing code and using secure environments like virtual machines during such evaluations. Finally Dave has the story on a prolific voice phishing crew manipulating legitimate Apple and Google services to deceive victims, leveraging advanced phishing kits, social engineering tactics, and automated tools like "autodoxers" to target cryptocurrency holders and high-value individuals for significant financial theft. Our catch of the day comes from listener Keefe, who shares a voicemail from one suspicious sounding Walmart voice. Resources and links to stories: Apple’s new AI feature rewords scam messages to make them look more legit Apple urged to withdraw 'out of control' AI news alerts Suspected jury duty scammers arrested for bilking Sarasota woman out of $12K: DOJ The code challenge scam A Day in the Life of a Prolific Voice Phishing Crew You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com. DISCLAIMER: Please note, this is an independent podcast episode not affiliated with, endorsed by, or produced in conjunction with the host podcast feed or any of its media entities. The views and opinions expressed in this episode are solely those of the creators and guests. For any concerns, please reach out to team@podroll.fm.
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hello everyone and welcome to N2K CyberWire's Hacking Humans podcast where each week we
look behind the social engineering scams, phishing schemes and criminal exploits that
are making headlines and taking a heavy toll on organizations around the world.
I'm Dave Bittner and joining me is my co-host, Joe Kerrigan.
Hey, Joe.
Hi, Dave.
And my other co-host, my N2K colleague and host of the T-Minus Daily Space Podcast, Maria
Vermasas.
Hello, Maria.
Hello, Dave.
Hello, Joe.
Hello, Maria. Hello, Dave. Hello, Joe. Hello, gentlemen.
We've got some good stories to share this week and we will be right back after this
message from our sponsor.
And now a few thoughts from our sponsors at ThreatLocker. The tactics used by cybercriminals
are becoming more and more advanced every day.
The shift from a default allow approach to a default deny
is more critical than ever.
This is where Threat Locker comes in.
Stay tuned for how Threat Locker Allow Listing
and Ring Fencing has your back.
All right, I don't see any follow-up in our rundown today, so we will jump right into
our stories here.
Joe, you have the honors.
What do you got for us?
I have two stories because they're both kind of short.
But the first one is about some suspected jury duty scammers who have been arrested in Sarasota, Florida,
but they managed to get 12 grand out of somebody.
So here's the interesting part of this.
There are two of them.
One is named Anthony Sanders
and the other one is Marlita Andrews.
And they worked together to victimize this woman
out of $12,000.
They called her on the phone
Anthony and Sanders did called her on the phone said you owe money for missing jury duty now
Everybody who listens this show hopefully knows that if you miss jury duty, they're not going to call you and demand money. I
Don't know what the penalties are, but it's not that it's not as serious that is true
Right. Yes, that's correct. I don't know what the penalties are, but it's not that. It's not as severe as this. At least in the United States that is true. Right.
That's correct.
I don't know how that works outside.
But yeah, this guy was able to spoof the sheriff's office
phone number and knew the name of the sheriff.
The interesting thing about this is while he was doing this,
Anthony Sanders, he was in prison.
What?
He was on the phone in prison,
scamming somebody out of $12,000.
And Andrews is the person that was out
using the cryptocurrency.
So they talked this woman into going to a,
they said, you gotta go to pay your fine at the bond place,
but they just sent her to a cryptocurrency ATM
where she pumped in 12 grand
and then transferred $12,000 to Andrew's crypto wallet.
That money was immediately dispersed.
So I don't think that this woman
is going to get her $12,000 back.
It's probably gone.
But it's interesting this guy was running it out of prison
and his girlfriend, Marlita Andrews, was working with him
on the outside as, I guess, as the legs of the operation.
Yeah.
Right, moving things around.
I guess we should note that they've been indicted
and arrested, so these are all allegations so far.
Correct, these are all allegations so far. So far, that's right.
But yeah, you know,
the things people sneak into prison, right?
Yeah.
Like I think-
And how?
Years ago, you know, people would talk about
the war on drugs.
And one of my responses was, you know,
how are we gonna keep drugs out of people's hands
when we can't keep drugs out of prisons?
Right.
Like, there's, I guess where there's a will, there's a way when there's a market.
Yeah.
I heard somebody, you know, I've been doing amateur radio lately and I heard someone tell
a story recently that they heard a couple of young women whispering to each other on a radio frequency recently.
And he was wondering like, why are they whispering?
Just having conversation, whispering.
And through the use of directional antennas, he figured out that they were both in the
local women's prison.
And they were whispering to each other because they weren't supposed to have the radios.
It was nighttime.
Somehow they'd gotten in walkie talkies or something.
And so this person keyed up and said, you know, ladies, you never know who can hear
what you're talking about.
As loudly as possible. Right. Exactly. keyed up and said, you know ladies, you never know who can hear what you're talking about.
As loudly as possible. Right, right, exactly. And they both, oh, you know,
said you never heard from them again. That's funny. Yeah, yeah. So,
good that these folks were caught, assuming that they, of course, did this. And they are innocent until proven guilty. Yeah. The next story comes from LinkedIn
and this poster is Franco Aguilera
and Franco is telling a story,
we're gonna put a link in the show notes.
He's, I'll just kind of start summarizing this here.
He says a few days ago, a user on LinkedIn reached out
to him and said, hey, I like your stuff.
Let's do a job interview
and I wanna see your technical chops here.
You know, your stuff looks good on paper,
but I wanna see if you can do it.
So let's have an interview.
So the guy signs up with his interview
and the person who wants to interview him says,
go download this repository from GitHub.
And he does that and he starts running it.
And Joe, let me interrupt you real quick.
For folks who aren't in this world,
we should explain that this is a pretty routine thing.
Can you explain what code challenges are
for somebody seeking this kind of employment?
All right, so if you're a software engineer,
software developer, you may get tasked as part of your job interview process
with developing some kind of software
that answers a question.
Usually it's an academic or pedantic question,
or maybe it's a business question.
And you may also be tasked with updating
some code base somewhere.
Or you may have to implement something that already exists,
like using a library.
So GitHub is a code repository place
where all this code is stored.
And well, not all of it,
but it's one of the places where it's stored.
Yeah, a lot of it.
Anybody can open up a GitHub account
and start storing, start creating repositories,
keep them private, make them public.
Microsoft bought GitHub, so understand that
if you're going to use the service.
I mean, I don't know how common it is
in the software engineering world.
I mean, I haven't done a software engineering
job interview in years.
Yeah.
So, we used to do the whiteboard exercises,
where somebody would say, how would you solve this problem?
And then we'd have to draw it out on a whiteboard.
Right.
Maybe write some pseudocode or maybe write some code.
But this new thing is you get on like some kind of Zoom
or Google Meet or Teams,
and you share your screen and
they watch you do the development process.
But what happened with this guy is he said, they said, I need you to go out and download
this client server package and fire up the server and then we're going to try to interact
with it. Well, in this server package, there was a line
that prevented the server from running.
And he checked that line and he found this obfuscated file.
He's got pictures of all these things in here too.
So I mean, hearing me talk about it is kind of good,
but seeing the pictures might make it more clear.
And then he found that this script was going out
and collecting information and sending it to an IP on the internet somewhere. So in the back
end, this is not normal, right? We should never expect this to be happening.
That is correct. So on the back end, this thing was going around and what he thinks
it was doing was looking for crypto keys, crypto wallet keys. And it was specifically looking for those kinds of things
on his computer.
And he said, this is on him for not doing a code review
beforehand or for just firing up a VM
and doing the code exercise in a VM
where there would be nothing of any value to lose essentially.
Right, VM is virtual machine.
Virtual machine, correct.
So you can set up a virtual machine
that looks and acts like a real machine.
Use that as your machine.
If you have, VMware has a low cost version
that you can buy that you can use yourself.
There's also a virtual box where you can just spin them up.
VirtualBox is free, but it is an Oracle product.
And then there's other Linux implementations
that you can use.
So if you recall a couple, about a year ago,
maybe two years ago,
I had to be like a year and a half ago
or something like that.
I was talking about a friend of mine
who is a software engineer
and he got tricked into running what he thought was a game
because somebody had taken over
one of his friend's Discord accounts.
Yeah, I remember that.
And sent him essentially a piece of malware
that just went through and stole all the information
then tried to blackmail him.
Now he didn't send any money, he just changed all his passwords while he delayed the guy.
But it was very scary to have that happen.
And I'm sure this was very scary for Franco as well,
Franco Aguilera.
Right.
So yeah, when you're doing a code review,
if you're a software engineer,
if they're going to ask you to download and run something,
maybe do that in a VM, I think.
Right.
Not a bad idea.
Yeah, I don't think that's something you just do.
I don't think you just trust these people.
No, and I think that's a big part of,
or a big point of what's going on here,
is that you're somebody,
when you're somebody who's looking for a job,
the balance of power is uneven.
Yes, it is.
And you want to please these people.
So chances are you're going to do what they ask
without putting up any kind of stink
because you don't want to be seen as being difficult.
And that gives them the advantage of saying,
well, we just want you to install this on your computer.
And- Yup, 100%. There's definitely a power dynamic in play here. I mean it may not work on guys our age Dave
You know somebody says hey, I'm gonna do a job interview. I want you to run run this program
I'm like there is no way I'm installing that on my saw
I'm like yeah, I was just thinking about that power dynamic the more of a gray beard you are
I doubt they're gonna have you running anything
But if you're more entry level then you really don't have much of
a pushback on that. I'm married to a software developer, so I'm just thinking about what
he's been through with his career. So yeah. Yeah, I could totally see someone more junior
having to do this. What was that?
How gray is his beard?
It's quite gray. I actually noticed the other day. He's actually been fully inducted into the gray beard.
I'm quite proud.
So has he adopted the angry, curmudgeon-y old attitude, old man attitude yet?
Oh yeah, I married him with that.
Oh, okay.
He said it from the get-go.
Gotcha.
Not a bug, but a feature.
That's true. Yes, true.
It's great. All right. Well, we will have a link to both of these stories in the show notes.
I'm going to go next here.
My story comes from the folks at Krebs on Security.
This is Brian Krebs, well-known, I guess you'd call him an investigative reporter when it comes to cybersecurity things.
Yep. and I guess you'd call him an investigative reporter when it comes to cybersecurity things. And he has a post here, first of the new year,
it's titled, A Day in the Life
of a Prolific Voice Fishing Crew.
And this is a very interesting kind of long read,
a bit of a deep dive into an organization
who does exactly what he describes here, voice fishing.
You know, I wanna stop right there and say,
thank you, Brian, for not using the term vishing.
My goodness, I was just thinking that.
I was just thinking that too.
Voice fishing is such a better descriptor of what it is.
It tells you everything you need to know.
It's good jargon.
Same wavelength, Joe.
I was just thinking that.
You don't like vishing, you don't like smishing?
I don't like either of those terms.
No, no.
With you 100%, man.
It's like, oh God.
Yep.
Yeah.
I agree.
I agree.
Sorry.
So imagine this.
You're, as you know, I like to say you're sitting home, you're minding your own business,
you get a call or an email
from either Apple or Google. And they're sending you notifications on your phone, maybe on
your computer. And as far as you can tell, everything looks legit. And that is the mechanism
by which these scammers are going after people and stealing money and data and that sort of thing.
And part of the scam is that they're using real services from Apple and Google to trick
you into thinking everything is okay.
And this article has a couple examples of folks who got hit here.
There's a gentleman named Tony who's a cryptocurrency investor.
He lost $4.7 dollars in a phishing. Yeah, I guess Wow
Can I just say it must be nice to have 4.7 million dollars to lose?
It depends how much of his how much of his personal assets was that right?
Was all on paper or was it real? Yeah, I mean, yeah. Yeah, obviously I'm being I'm being flippant here
Yes, yes. I mean if he's worth 400 million, okay, yeah, that's...
Well, actually, we'll get to that with our second victim.
Okay.
So, he got what looked like a recovery prompt from Google, which is where, you know, they
say somebody's trying to break into your account or you're trying to recover your account,
you've forgotten your password, and then he got a fake email from Google.com and
the bad guys used that to take him to a fake website that looked like a Google login and then they stole his
login details. They drained his crypto accounts and this was all by pretending to be Google.
Victim number two is a gentleman,
perhaps you've heard of, named Mark Cuban.
Okay.
Yeah, that guy.
Famous billionaire Mark Cuban.
He was only hit for $43,000 for a scam,
which is the money in his couch cushions, probably.
Yeah, he didn't even notice.
Right.
Jeez.
Right, but evidently he was on the set of Shark Tank and he got a phone call from somebody
pretending to be Google.
That happens to everybody.
Right.
But think about that, right?
He's on the set of a television show, so he's distracted.
He doesn't want to be the guy interrupting the show probably.
Right.
And somebody's asking him for something and he gave them the one-time code that the scammers
sent him on his phone, right?
So when you try to do an account recovery, Apple or Google or, you know, lots of these
places, they'll send you a one-time code and they'll say, we're sending this code, please
put in this code.
This is how we know it's you.
Well, if you share that one-time code,
that's kind of the ball game.
And that's what Mark Cuban ended up doing.
And that's how they got into his email
and they stole $43,000 in cryptocurrency.
Now, to me, Mark dodged a bullet here.
Absolutely.
What you could do if you got into Mark Cuban's email.
Yeah, yeah, these guys.
Oh man, but the bragging rights though.
Even if it's only 43k, you hacked Mark Cuban.
Right.
If I'm one of these guys, I'm not telling anybody where I got $43,000
because if I say I got it from Mark Cuban, they're going to be like,
you only got $43,000.
Oh, fair, all right.
I mean, you could look at it that way.
That's true.
Yeah, I mean, still, that is a remarkably big loss
for a scam.
Somebody is having a very good day
at whatever scam organization this is.
Yeah, so this article talks about the groups who do this.
One of them is called Crypto Chameleon,
and basically they do this as a service.
They rent out the fishing kits.
Are we on the same brand?
Karma, karma, karma, karma, crypto chameleon.
Is that what you guys are thinking?
I did not go there.
Crypto, crypto, crypto, crypto chameleon.
I heard Maria singing it.
I'm just like, yep.
I did not go there,
but now I will not be able to get it out of my mind.
So these folks rent out their fishing kits,
very business-like.
And what's interesting, there are different folks
who take on different responsibilities.
So they have the callers,
who are the ones who talk to the victims,
there are the operators who manage the tools.
And then there's the drainers,
who are the ones who steal the tools, and then there's the drainers who are the ones who steal the
money.
I wonder like what the pecking order is, you know, do you ultimately is like what's what's
the most important hardest job to get?
What do you graduate to if you make your way through this?
Yeah, through this chain or are some people just naturally attracted to different things?
I don't know.
Maybe it's like an Ocean's 11 kind of thing where you have all the different
crew members, right?
Exactly, exactly.
The article does go through the various steps
that they take when doing this.
You know, the first they identify the target,
that's pretty straightforward,
but they use some tools that they call auto-doxers,
which are tools that can basically go through big data breaches and
identify people who are interesting, likely to have assets, you know, those sorts of things,
high value targets.
And then they have the initial contact, which is either a phishing email, a phone call,
or some kind of notification. And this is where, in this story, they're impersonating Google or Apple support.
And then they go through the building trust process.
They call the victim and they pretend to be a support agent.
They'll say, hi, this is Mike from Apple, or I'm from Google Account Recovery.
And they reference the notifications
that the victim has already received,
which reinforces that illusion of legitimacy.
Right.
And then they guide the victim through steps
to resolve the issue.
In this particular case,
the scammers were spoofing Apple's actual support line.
So the call you got coming into your phone, if you looked it up or with a caller ID, it
would say it's from Apple.
And if you looked it up to verify, it would say, yeah, it's Apple.
That's it.
Right.
So obviously, there's social engineering, all these things we've talked about, they
convince you to log in to a fake
login page usually.
They'll tell you that we need you to log in in order to secure your account.
So you're doing the safe thing.
And then you enter your username, your password, and maybe your two-factor authentication.
And that's basically it.
Then they've got access to your accounts.
They log in as you. They
very often will search for things like cryptocurrency accounts and if you have
that they'll drain your wallet. Some of them will look to have persistence on
your device so even after they've gotten the initial stuff that they've grabbed
they will install software that allows them to stay
in there and be able to poke around at their own convenience. So that's something you have
to worry about. And then once they're done with you, they're often on their way. So,
interesting story. It digs into a lot of the depth of how these groups operate, the various
positions that people have,
and some good ways to try to protect yourself against it.
So we will have a link to that in the show notes.
Anything in particular that grabs your attention?
Maria, let me start with you.
I mean, it's just always amazing to me
how sophisticated these operations are.
It's fascinating.
I'm always fascinated to hear about it,
even though I'm also scared that I'm gonna be next.
I mean, it's one, I think,
I have these conversations with my mom a lot.
She maybe listens to the show,
which would be nice, maybe she should.
She's always like, oh, you're so on top of this stuff,
you know about these things.
And I tell her, I'm actually,
I get more scared the more I learn about these things.
Because I mean, very, very smart people
in just a moment of being rushed or weakness
or whatever you want to call it,
they fall victim to these things.
And it's like today them, tomorrow me.
It's so, I don't know.
I'm trying not to lose hope here
about what it means for all of us,
but it is really remarkable how my old mental model
of this being just some lone troublemaker or something is so, so outdated.
And it's just incredible to hear.
Yeah, Ocean's Eleven really is.
Now I'm thinking that too, Joe.
Thanks again.
That's in my head now.
It's big business.
It is.
Yeah, goodness.
Yeah.
Apple and Google both warn and reiterate that they will never ask you for your password
or call you unsolicited.
So be mindful of that, but...
Yeah, never trust the inbound call
and never give those codes out.
Those codes are for you and you alone.
If you see those codes coming up,
that means someone's trying to break into your account.
And that's how you should think of it.
Those codes never need to be shared via the spoken word.
Right. Right. That will never happen.
All right. Well, we will have a link to that story in the show notes.
Before we get to Maria's story, why don't we take a quick break to hear a message from our sponsor.
So let's return to our sponsor sponsor ThreatLocker.
ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure
from the ground up.
Where traditional cybersecurity tools require you to create a list of things you don't
want to run, ThreatLocker enables you to easily curate an allow list of everything you need
in your environment and network, and block everything else by default.
With ThreatLocker allow listing and ring-fencing, you gain a more secure approach to blocking
exploits of known and unknown vulnerabilities.
ThreatLocker provides zero-trust control at the kernel level that enables you to allow
everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust
endpoint protection platform deploys in a learning mode that analyzes the
operations of your company using machine learning to assist you in
developing your allow list for approved applications, what they can do on the
endpoint, what can interact with your data, and even
East and West network traffic.
We thank ThreatLocker for sponsoring our show.
And we are back.
Maria, what do you have for us this week?
Well, first, let me start with a question.
Gentlemen, do either of you have your phone notifications on for apps that are not phone and messages?
Yes.
Yeah, I have a couple of them that have that.
I have it dialed in.
Right, me too.
So you don't have it blanket off,
but you don't have everything pinging you all the time?
No, no. Correct.
If I had everything on,
I would have already thrown my phone through a plate glass
But you do have a few apps that that paying you that are not just messages and phone okay
Yes, like Southwest on my my phone
Yeah, and and that's the problem with that is when I when I'm flying that's when I want the alerts
But right now I'm getting the alerts because they're having some kind of fair sale.
I'm not going anywhere.
I don't need to know that.
So I might just disable the alerts for that.
Yeah.
I have all of my alerts off unless it's phone or messages.
And then I'm very careful about enabling them if I'm traveling.
But that's it.
I'm really cold turkey otherwise.
But I think we are the exception for this kind of thing,
given that Apple with one of its latest iOS updates
rolled out AI-generated summaries of notifications.
This is clearly a need that a lot of people have
with the flood of notifications you get from messages
and apps of all sorts of things.
So what Apple is thinking AI can be helpful with
is that instead of you all or us all
having to read the pile of notifications
coming in as they come in,
why not just have AI summarize it for you
and tell you the gist of what's going on?
Right, right.
Yeah, which sounds like a nice, useful thing.
And it's also baked in is the idea
that if there's something that's really high priority
in the giant pile of notifications, you know, you've got Facebook pinging you
and Southwest pinging you and email and all that stuff, it'll tell you this one specific
thing in the pile of it is actually something you need to address right now. So all of that
sounds like technology may be making life better, but I think you can probably anticipate
where this is going.
I think I can.
You probably can.
You may also remember back in December,
this feature is not brand new.
It's been out for a month or two now, I think,
if not a little longer.
There were some headlines about the BBC
complaining to Apple that Apple's AI-generated summaries
of news headlines were wildly inaccurate
in some darkly hilarious ways.
One example was saying that the UnitedHealthcare CEO shooter,
Luigi Mangione, had shot himself.
Not true, he has not done that.
And also, New York Times had a similar gripe
where a summary push to users said that Israeli Prime Minister
Benjamin Netanyahu had been arrested.
Also, that didn't happen.
So even though these are in-phone generated summaries,
presumably it's the same AI doing all this generation
of these massively distributed headlines.
So a lot of people are getting these inaccurate summaries.
So there are also some fun versions
of these summaries going out.
I remember reading, I want to say on, maybe
on Blue Sky, maybe on Twitter, I don't know, I have since disabled my Twitter account.
There were some really funny stories about people finding out that they had been broken
up with through AI-generated summaries, which are pretty great.
I remember that.
Girlfriend expresses displeasure with you and breaks up with you. I mean, that's just...
Right. Has moved all of her stuff out of your house.
Congratulations, you're finding out,
this is how you're learning about this.
Would you like to look for a new roommate?
AI can help you with that, it's so great.
So that's more, you know,
that's about the feature and it's warts
and all that kind of stuff.
But here's the security angle that I think is of interest for us.
Blue sky posters, that's where I'm at now, by the way, also.
They are noticing that these AI-generated summaries are, oh, so helpfully flagging
priority items that are not necessarily priority.
They're taking all of those notifications that face value AI is. So those final notice
invoice scam emails, Apple AI goes, hey, I'm being helpful here. Oh, gosh, this message
is marked urgent. You'd better act right away. It's a security issue. Oh, my gosh. And then,
oh, that USPS parcel. Oh, my. Oh, no. You'd better confirm your details at this specific
link to get it released. So it's really lovely that AI is now sanitizing all of those cues that we have learned to
look for that would normally tell us to slow down and go, and this is probably a scam.
And now AI is just surfacing it to you without any of those cues at all saying, just take
action right now.
This is priority.
Isn't that lovely? And it's coming from this trusted source.
Yeah, it's coming directly from your operating system.
You're not even having to go to messages anymore.
It's just right there, right in front of you.
This is priority.
So yay.
Apparently you can, if you have Apple Intelligence
on your iDevice, you can actually disable it for now. I don't know how long they'll let people do that, but if you can do it, if you have it,
I would personally recommend that you disable it right now.
Because it sounds like this feature is really not well-baked.
So I think it needs some more time before it is something that people can responsibly
trust.
I don't have it, so I have not been able to kick the tires, but frankly, if I did, I would
not be using it. Well I do have it, so I have not been able to kick the tires, but frankly, if I did, I would not be using it.
Well, I do have it.
I would turn it off, Dave.
Because I am running the beta of iOS.
Oh, there you go.
So I am on the sharp bleeding edge of it all.
Are you finding it useful overall, or is it too buggy?
I find it useful overall in that it allows me at a glance
to have, like you said at the outset,
to have the gist of what's going on.
So what it attempts to do, like for messages for example,
is take all of a message, no matter how long it is,
and condense it down to the sentence that just describes it
so that, again, you glance down at your phone,
that's what you see is this AI summary,
and then you decide, if you hit the,
tap on the summary, it takes you to the actual message.
So it's not like the you to the actual message.
So it's not like the AI version becomes the message.
Summaries are just there to try to save you some time
and combine multiple things.
I have yet to see one that is off the mark
or ridiculous or deceptive,
but I'm sure it's only a matter of time.
One of the things I've seen in the criticisms of these
is that people are suggesting to Apple
that they do a better job of flagging these things
as being AI generated.
So put an Apple logo next to it or something like that so that it's crystal clear
that you're not reading the original message. The actual thing, yeah. Yeah. I wonder if that would
happen in this case. I'm sorry, if that would help in this case. If you said, oh, hey, this is a USPS
delivery notification, but this is just an AI-generated notification of that notification.
Right.
Yeah.
Maybe it would help.
I don't know.
I still stand by.
I would not use it personally.
If I was recommending this to my mom, I would say turn it off personally.
It sounds like a headache.
But Dave, I know I trust you that you could discern, but some folks might go, I don't want the headache, so I would probably disable it.
Yeah, I guess I'm at the point with it where I'm still curious about it.
I'm still trying it out.
It has not yet betrayed me in any way, so I'm tiptoeing around it.
Yes, right.
But I'm bracing myself for that.
I mean, like I said, it's only a matter of time.
So we'll see.
I could absolutely live without it.
It's not like there's some empty hole in my life that's been filled by having my text
messages concisely summarized.
If there was, Dave, I'd be really happy.
Right.
Just imagine me leaning against a window where it's raining outside, wishing
to myself if only I had summarized texts of messages.
If only this 168 characters were shorter.
Right.
Yeah.
I don't have time to read these text messages.
Of course, now we all have very long texts.
I'm sure my wife would love to have something that summarized my text messages to her.
Right.
They can be long-winded.
Are you an essayist on text messages?
I am.
Yeah.
Now, Joe, when you send a text message, do you use voice to text?
Absolutely.
I see.
Oh, you're one of those people.
Okay.
All right.
Now a lot of things make sense. Okay. all right. Now a lot of things make sense. Okay.
Well, I mean maybe you could use you know what you need to do Joe, let me let me help you out here my friend
Okay, so maybe you could do this manually. So what you need to do is because I know you
You enjoy using some of the LLMs. Yes from time to time
I have a chat GPT subscription, yeah.
So let me suggest you dictate your message into chat GPT.
And say, make that as concise as possible.
Please summarize this for my wife and see what it does.
Saving marriages one day at a time, love this.
Right.
Right, well, but I mean, think about it.
You could have a preset that said, you know,
I want this to be as affectionate and warm and kind as possible.
You know, although, I mean, they'll probably blow your cover, right?
Because all of a sudden your text messages started saying,
hello to my lovely, beautiful wife from your adoring husband.
I hope this text message finds you well.
You're right, exactly.
You must do the needful.
Love of my life, my sweet baboo.
My sweet baboo.
Oh my goodness.
All right, well, we will have a link to Maria's story
here in our show notes.
And again, we would love to hear from you.
If there's something you'd like us to consider for the show,
you can email us.
It's hackinghumans at n2k.com.
All right, it is time to move on to our catch of the day.
["Catch of the Day"]
["Catch of the Day"]
Dave, our catch of the day comes from Keefe? I'm going to say Keef.
Keef?
Just Keef.
Keef?
Okay.
Keef.
It is a transcript of a voicemail and it's pretty good.
Okay.
All right.
I will read it. Yes.
It says, Walmart account for an amount of $919.45 to cancel your order or to connect
with one of our customers support representative.
Please press one.
Hey, this is Amelia from Walmart.
A pre-authorized purchase of PlayStation 5 with special edition and pulse 3D headset
is being ordered from your Walmart account for an amount of $919.45.
To cancel your order or to connect with one of our customer support representatives, please
press 1.
Hey, this is Amelia from Walmart.
Pre-authorized purchase of a PlayStation 5 with special edition and Pulse 3D headset
is being ordered from your Walmart account for an amount of $919.45.
To cancel your order or to connect with one of our
customer support representatives, please press one.
Hey, this is Amelia from Walmart.
Can I get an AI summary of this, please?
Yeah, is that right?
It's Amelia from Walmart.
All right, I take back what I said.
That's a good question.
I'm gonna do that.
You're gonna actually copy this?
Well, this is a picture, so we can't copy it.
Oh wait. ChatGPT will take a picture. Okay. All right so I'm going to say
summarize this message for my lovely wife. There we go.
There we go. Alright, it's chugging away.
Here's a summary for your wife.
This message claims to be from Walmart, saying there's a pre-authorized purchase of $919.45
for a PlayStation 5 and accessories on your Walmart account.
It urges you to press 1 to cancel the order or to speak to a representative.
This is likely a phishing or scam call
trying to trick you into sharing personal
or financial information.
If you didn't make this purchase, do not engage.
Check your account directly
through Walmart's official website or app.
Okay, so chat GPT for the win.
All right, for the win.
I'll give him that.
I am impressed.
There you go.
I'll give him it.
Wow, that far exceeded my expectations.
Have either of you ever received one of these
endlessly looping messages on your phone?
No, I've never gotten the endlessly looping one,
but I have gotten the fake Amazon call.
Okay.
And I pressed one to get,
then somebody came on the line
and I immediately said,
so I just want to know how this scam works,
what happens next?
And the guy just unleashed a string of profanity at me
that I really didn't deserve.
I mean, I probably deserve it, but not from this fact.
Right.
Right.
So I just listened to it and kind of got a laugh out of it and then hung up.
Yeah.
I said, I don't think you're from Amazon because Amazon is not this mean to me.
Right. Yeah, I have gotten these before and I suppose it's just some kind of technology
that's randomly calling people with the intention of getting on their voicemail
and there's just some device that's looping this over and over and over again.
So, you know, it's designed to have the call last
a certain amount of time and then just hang up.
Just a cassette in some dusty basement.
Yeah, exactly.
There's an old reel-to-reel, old 8-track, just looping.
That's what I imagine.
An 8-track cart.
Right next to the whole music that somebody's still playing. It's just looping. That's what I imagine. It ain't track cart. Yeah. It's right next to the old music
that somebody's still playing.
It's just.
My wife and I have been on hold with a company
trying to get our gas canister
outside of our new house serviced.
Yeah.
And I have become more and more convinced
with every company I weighed on hold,
that music is designed to get you to hang up. It's designed to make you go, this just isn't worth it, and then just hang up.
Yeah. Yeah. I think there's something to that. I mean, that's a conspiracy theory I can get
behind.
Yeah.
All right. Well, that is our catch of the day. Our thanks to Keith for sending that
in. And if you have something you'd like us to consider,
you can email us at hackinghumans at n2k.com.
And of course, we want to thank this week's sponsor,
Threat Locker.
Go to threatlocker.com slash HH
and check out their Zero Trust Endpoint Protection Platform. That's the words
threat and locker with no space dot com slash HH where you can request a demo and neutralize
the threat of malware running on your devices. That is our show brought to you by N2K Cyberwire.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to hackinghumans at
n2k.com.
This episode is produced by Liz Stokes. fill out the survey in the show notes or send an email to hackinghumans at n2k.com.
This episode is produced by Liz Stokes.
Our executive producer is Jennifer Iman.
We're mixed by Elliot Peltsman and Trey Hester.
Our executive editor is Brandon Karpf.
Peter Kilpey is our publisher.
I'm Dave Bittner.
I'm Joe Kerrigan.
And I'm Maria Varmasis.
Thanks for listening.