Topic: Phish

A host describes a sophisticated social engineering attempt involving a caller spoofing Google Safety and Security. The scammer utilized sites.google.com to host a fake ticket-closing portal and attempted to verify legitimacy by citing the host's MX records and sending spoofed emails from no-reply@google.com. The interaction ended when the host challenged the scammer to send an email from a corporate @google.com address.

A live demonstration of a "pig butchering" scam attempt via SMS involves a sender named "Chloe" pretending to be a swimming instructor. These scams typically originate from organized crime rings in Southeast Asia or China and aim to lure victims into fraudulent cryptocurrency investments.

A host describes a technical glitch in automated robot calls where saying "hang up" causes the system to reset or disconnect. This leads to a discussion of the "pig butchering" scam, a long-term crypto fraud often initiated via "wrong number" text messages. Scammers build rapport with victims over months before convincing them to invest in fraudulent cryptocurrency exchanges.

A website called "The Trumpet" (theoffice45.com) is identified as a phishing scam designed to collect email addresses from Trump supporters. The site features a black-and-white photo of the former president and a fake "password" for Mar-a-Lago security. The hosts warn listeners that this is not an official Trump platform and is likely a data-harvesting operation for political opponents or scammers.

A K-8 technology educator provides feedback on the show's critique of modern schooling. The teacher outlines a curriculum focused on password creation, phishing recognition, and ethical issues surrounding surveillance devices like Ring and Fitbit.

Cliff Stoll laments the transition of the internet from an academic playground to a weaponized tool for political manipulation and cyber warfare. He cites Stuxnet and the 2016 election interference as examples of how the theft of information is used to bend global events. Stoll hopes that advancements like facial recognition and two-factor authentication will eventually make phishing attacks, such as the one on John Podesta, less effective.

The Mueller Report confirmed that two Florida counties were "hacked" during the 2016 election, though Governor Ron DeSantis clarified that the intrusion was a phishing scam that did not change any results. The hosts criticize the use of the word "hack" to describe simple credential theft and emphasize that the FBI notified the counties before the election took place.

The breach of John Podesta's emails is characterized as a phishing incident rather than a sophisticated hack. Whistleblower Bill Binney maintains that data was leaked locally rather than hacked remotely. Online interactions regarding these theories often involve persistent trolls from platforms like Reddit.

The Federal Trade Commission has issued a warning regarding a new phishing scam targeting Netflix users. Fraudulent emails asking for payment confirmation are being used to steal credentials. The segment notes that such scams are common and often serve as "native ads" for security services or streaming platforms.

A widespread email scam is using John C. Dvorak's name and old email threads to distribute infected Word documents. The hosts clarify that Dvorak's machine is not infected; rather, the attackers are spoofing his "From" address to gain the trust of recipients. They warn listeners not to open any attachments labeled "Dvorak.doc" and explain that the headers show the emails originate from unrelated servers.

Microsoft's digital crimes unit obtained a court order to seize six web domains allegedly tied to Russian military hackers attempting to disrupt the U.S. midterms. The hosts express concern over the legal precedent of a private corporation taking over DNS records and question the technical validity of claims that "port scanning" by Russians was a destructive threat.

Microsoft claimed to have foiled Russian hacking attempts targeting the U.S. Senate and conservative think tanks. The hosts analyze a cybersecurity promo featuring Debra Plunkett, formerly of the NSA, which encourages the use of encrypted messaging. They question the authenticity of the "hacking" claims, noting that many were later downgraded to simple phishing attempts.

Reports from The Daily Beast and NPR allege that Russian hackers targeted Senator Claire McCaskill’s staff with a spear-phishing campaign involving forged Microsoft Exchange password resets. Critics argue the media is over-emphasizing these common cyber threats while ignoring other international issues like the situation in Yemen. The timing of the report is questioned relative to McCaskill's competitive re-election race in Missouri.

A host shares a detailed "sextortion" email he received, which claimed to have used a keylogger and webcam to record him watching adult content. The scammer demanded $3,000 in Bitcoin to prevent the video from being sent to the victim's contacts. The hosts explain that these are broad-spectrum phishing attacks using old leaked passwords to appear legitimate.

The hosts mock the idea that "spear phishing" is a sophisticated state-sponsored attack, noting that it is a common tactic used by low-level criminals. One host describes receiving suspicious emails with Cyrillic attachments and discusses the importance of not clicking on unknown files or using isolated "sandbox" machines for testing.

Robert Mueller indicted 12 Russian intelligence operatives for hacking the DNC. The hosts note that details in the indictment, such as the "Act Blues" spear-phishing setup, are identical to claims made in a 2017 lawsuit by George Webb. Webb's theory alleged the Awan brothers were responsible for the hack, leading the hosts to question if Mueller's team plagiarized the details.

NBC News issued a consumer alert regarding a sophisticated phishing scam targeting 110 million Netflix subscribers with fake billing validation emails. Separately, the deep business relationship between Netflix and the Weinstein Company, established in 2013, is under scrutiny following the Harvey Weinstein scandal. Analysts suggest the streaming giant may be a target of broader industry shifts.

A producer provided a rundown of a DHS/FBI briefing regarding the "Grizzly Steppe" hacking campaign. The report clarifies that the activity was a 100% spear-phishing campaign using fake Gmail and Yahoo landing pages, and the DHS explicitly stated there was no attack on actual voting systems.

A CBS report by Scott Pelley regarding a Russian cyberattack on the Ukrainian power grid is reviewed. The report claims that U.S. utilities are more vulnerable than Ukraine's because the American grid is more "advanced and automated," making it harder to fix manually. The hosts criticize the report as "anti-Russian" fear-mongering.

The discussion turns to the business model of mainstream media, which relies on an aging audience to sell pharmaceuticals and reverse mortgages. This leads to a tangent on phishing scams and the importance of teaching children how to detect fraudulent emails. One host shares a personal experience with PayPal security flags while using a VPN.