It’s two years since I first warned readers not to be too easily tricked into believing that they were communicating online with Hollywood hard man Jason Statham.
And yet the high-octane action hero still seems to be ensnaring the hearts of the lonely. Or at least someone posing as Jason Statham is.
Bizarrely, I get quite a few emails from readers of this site asking me if the person they have been speaking to for months via WhatsApp/Google Hangouts/email really is Jason Statham or not.
“Could the bankable baldie, engaged to a double-barrelled former Victoria’s Secret model with whom he has had a young son, really be interested in me?” they seem to be asking.
To which the answer is, no. Sorry, he’s not. It’s not him you’re talking to. You’re being scammed.
And even though I can’t, hand on heart, give you 100% incontrovertible proof that it’s not Jason Statham you’re talking to… trust me, it’s not Jason Statham you’re talking to.
Look after yourself, and your heart, and stop talking to people who are pretending to be Jason Statham. Who knows what their wicked intentions might be.
For more discussion on this topic, be sure to listen to our “Smashing Security” podcast:
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
It would have made much more sense for me to give him a lift to a petrol station, filled up a petrol can.
Not if he was some killer!
You know what? I think it just says you're a good guy. Who cares if he scammed you? You were a good guy.
So having convinced myself there's no way I could be a victim of this, what you've done, Carole, very successfully there, is you've said, "No, you have been a victim of this, you moron." No, I've said, "Mark, you're human." Mark's human.
Mark's human, everybody.
Chicken-loving human.
There's your soundbite.
Smashing Security, Episode 126: Zombie Chickens and Fast Food Victims. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 126.
My name is Graham Cluley.
My name is Graham Cluley.
And I'm Carole Theriault.
Hello, Carole!
Have we done too many of these things?
Well, we are joined by a special guest. He's dialling into the show right now. It's chicken fancier Mark Stockley from Naked Security. Hello, Mark.
Hi. Chicken fancier?
Yeah, that's—
I'm not sure I would describe myself as a chicken fancier.
You do run a Twitter account called the Internet of Hens, I believe.
I do, yes. Yeah, but it's not what your description might suggest. The content's all safe for work.
Yeah, yeah, right.
Says Mark Stockley.
I assure you, I assure you.
Yeah, that's what they said to me when they said go visit Lemon Party.
Okay.
Now, where are you calling in to us from today?
So I am calling in from what's colloquially known as the Glastonbury toilet, which is this microscopic studio at Sophos HQ.
And I was given very specific instructions by Paul Ducklin earlier about how to turn on the fan so it doesn't get too hot in here.
So obviously I completely ignored him and I can't find the fan, so I'm basically sat in a polystyrene box. So how long does this podcast last?
And I was given very specific instructions by Paul Ducklin earlier about how to turn on the fan so it doesn't get too hot in here.
So obviously I completely ignored him and I can't find the fan, so I'm basically sat in a polystyrene box. So how long does this podcast last?
Once again, Duck proves that he's right.
As businessmen in the city, you'd pay a good amount of money to be enclosed like that, I imagine.
Yeah, just imagine you're in a sauna.
Yeah, wrap yourself up in polythene, go for the whole experience. Why not?
If you hear a loud thud about three-quarters of the way through the podcast, don't worry about it. That's just my head hitting the desk as I pass out.
Carole, what have we got coming up on the show this week?
So coming up on this episode of Smashing Security, Graham shines his spotlight on all manner of scams, including romantic ones.
Ooh la la.
Mark gives us the lowdown on a nasty fight for site ownership of doitforthestate.com.
And I'll be yakking about how a promo character from the '70s comes back to seek out Canadian fast food junkies. Buckle up your seatbelts, folks.
All this and much more coming up on this episode of Smashing Security.
And I'll be yakking about how a promo character from the '70s comes back to seek out Canadian fast food junkies. Buckle up your seatbelts, folks.
All this and much more coming up on this episode of Smashing Security.
Now, now then, now then, Krull.
Krull. Yes, I assume you mean me.
Yes. Krull, I don't always say pleasant things about you, but the truth is you're everything a man could ever want, aren't you?
Where are you going with this?
Deep voice, hairy chest, lots of muscles. Now, the truth is, the truth is, right, there are lots of lonely chaps out there who'd love the thrill of having a frisson with you.
They've heard the voice. They've observed the charm.
They've heard the voice. They've observed the charm.
I'm not sure I'm comfortable with this.
They're dreaming of what you might be like in the full-bodied flesh.
This is revolting.
And scammers, they know that you're a hot tamale as well. There's loads of guys out there who'd love to wrap you up in a banana leaf and fill you up with mole negro and chicken. No!
Stop!
No, don't worry, Carole. Don't worry. It doesn't mean you work for all men. Goodness gracious. No, you certainly don't. Right. Take Mark, for instance, right?
Don't drag me into this.
He's the web developer type, isn't he? He's got a bit of a neckbeard going on. He's hairy. He's very hairy.
He's got a neckbeard.
I've seen it. No, but he's got a lot of hair in all kinds of places, hasn't he?
He's not wrong.
He dreams of a girl who knows her way around a Cascading Style Sheet. That's what he likes. He's hot for HTML5.
He's after a woman who clicks yes when offered an Adobe browser plugin, just as long as it's not over in a flash, right? That's what he's like.
That's the kind of thing you're into all that, Mark? Yeah, into the webby stuff, right?
He's after a woman who clicks yes when offered an Adobe browser plugin, just as long as it's not over in a flash, right? That's what he's like.
That's the kind of thing you're into all that, Mark? Yeah, into the webby stuff, right?
Just keep going.
Am I right?
We're just ignoring you.
I'm right. All right.
Well, my point is this. My in-depth research reveals that scammers are posing on dating sites and social media.
And of course they're posing, not in the normal way we pose on social media, but posing as individuals that they are not.
And just like an imposter might claim to be a doctor and offer to take a look at your calves, so a romance scammer might try to convince you that they run in similar social circles to you, right?
They're gonna change their language. They're gonna speak to you in a fashion which makes you think, oh, they're just like me. So Carole, you're into baking.
They might tell you about their buns that they've been working on.
And of course they're posing, not in the normal way we pose on social media, but posing as individuals that they are not.
And just like an imposter might claim to be a doctor and offer to take a look at your calves, so a romance scammer might try to convince you that they run in similar social circles to you, right?
They're gonna change their language. They're gonna speak to you in a fashion which makes you think, oh, they're just like me. So Carole, you're into baking.
They might tell you about their buns that they've been working on.
I thought you were gonna say I'm into swearing.
Yeah, yeah. So the scammer may pretend to have Tourette's, you know, oh yeah, okay, I'm great with you, right? Mark, you've got your chickens, obviously.
I'll leave that to your imagination. Any fluffing feathers. So they may convince you that they have compatible values and forge an emotional connection, right?
So they say, oh yeah, you know, I've looked at your Facebook likes. I love Titanic as well. I cried when Leonardo DiCaprio let go of the wreckage or Toy Story 3.
They're so sad at the end. Or, oh yeah, Smashing Security. It was so much better when Vanja was on the show. It's never been the same since. All those kinds of things, right?
People are working out what you like and what you're interested in. They're sort of mirroring you. You know the drill.
And once the imposter has formed a connection with an individual, they then claim, I don't know, maybe they need money urgently to cover an emergency, right?
The ceiling's fallen down because there's been a flood upstairs, or our chimney is infested with bees. You know, some sort of crisis has occurred.
And you think, oh, I must help these people. Or there's a family situation.
Great Aunt Agatha has been taken ill with lupus, or Tiny Tim needs new crutches, something like that, right?
I'll leave that to your imagination. Any fluffing feathers. So they may convince you that they have compatible values and forge an emotional connection, right?
So they say, oh yeah, you know, I've looked at your Facebook likes. I love Titanic as well. I cried when Leonardo DiCaprio let go of the wreckage or Toy Story 3.
They're so sad at the end. Or, oh yeah, Smashing Security. It was so much better when Vanja was on the show. It's never been the same since. All those kinds of things, right?
People are working out what you like and what you're interested in. They're sort of mirroring you. You know the drill.
And once the imposter has formed a connection with an individual, they then claim, I don't know, maybe they need money urgently to cover an emergency, right?
The ceiling's fallen down because there's been a flood upstairs, or our chimney is infested with bees. You know, some sort of crisis has occurred.
And you think, oh, I must help these people. Or there's a family situation.
Great Aunt Agatha has been taken ill with lupus, or Tiny Tim needs new crutches, something like that, right?
Call me crazy, but I think you're describing a romance scam here.
Yeah, exactly. And this is how they do it, is they claim to be compatible with you by first of all making the connection.
Then they come along, you know, with maybe a business opportunity, right? They say, oh yeah, I met this great guy, John McAfee. Told me you should buy some cryptocurrency.
He's tweeted about it. Let's go and give me lots of money and I'll do it. Or I'm out on a business trip in Cairo, I've lost my wallet and passport, only you can help me.
Or I want to come and visit you, but I'm over here in Basingstoke, send me the money for the airplane ticket and I'll come over and visit you.
So these sort of things are happening all the time.
So they've made the emotional connection and then they come in for the money, and they're incredibly successful at doing these sort of things.
So they forge this strong emotional attachment. And they work because no one— well, almost no one, right, Carole? No one wants to be an arse. Yeah. No one wants to say no.
If someone's in a crisis, if someone has got something bad going on, no one would say, no, I'm not going to help you, especially if—
Then they come along, you know, with maybe a business opportunity, right? They say, oh yeah, I met this great guy, John McAfee. Told me you should buy some cryptocurrency.
He's tweeted about it. Let's go and give me lots of money and I'll do it. Or I'm out on a business trip in Cairo, I've lost my wallet and passport, only you can help me.
Or I want to come and visit you, but I'm over here in Basingstoke, send me the money for the airplane ticket and I'll come over and visit you.
So these sort of things are happening all the time.
So they've made the emotional connection and then they come in for the money, and they're incredibly successful at doing these sort of things.
So they forge this strong emotional attachment. And they work because no one— well, almost no one, right, Carole? No one wants to be an arse. Yeah. No one wants to say no.
If someone's in a crisis, if someone has got something bad going on, no one would say, no, I'm not going to help you, especially if—
Yeah, they don't want to say, I'm sorry, I'm a very busy man and I don't drink coffee, for instance. Right. That would be inappropriate.
I can't sort out your bee infestation. You're gonna have to find someone else to do it.
I'm beginning to understand why I haven't fallen victim to any of these scams.
Oh, your utter lack of empathy. Is that what— Didn't you— I said, web developer.
Mark, no, something happened to you on the road, didn't it? With a car. It was a live scam.
Oh no, you're right. You're right. It was the weirdest thing.
I was driving along and I was flagged down, but literally my car was flagged down and I opened the door and this guy gave me a story and then I handed him some money.
I was driving along and I was flagged down, but literally my car was flagged down and I opened the door and this guy gave me a story and then I handed him some money.
Yes.
What?
And then I drove off. And then after I'd driven off, I then spent the next couple of hours going, I was just flagged down and I just handed someone some money. And it was—
Wow.
It was entirely incongruous. I assume now it was a scam. I mean, it wasn't a lot of money.
Yeah, I think it was for petrol. That's what I remember it being. He had to get somewhere because someone was sick.
Yeah, his car had broken down.
Petrol and yada yada.
I imagine, yeah, even if you didn't know the guy, even if you— I presume you didn't form an emotional attachment with him, a romantic relationship during those 5 minutes.
I don't know how—
I don't know how—
He was batting his eyelashes, Mark.
And he wasn't a chicken, so not my type.
But I guess it would be quite difficult. So if you're on the— in a lay-by or something, it'd be quite difficult to say, no, I'm not going to give you £10.
I'm going to get in my car and drive off.
I'm going to get in my car and drive off.
Yeah, saying no involves starting your car door and leaving him in a cloud of dust.
Yes.
But also waiting to get into the highway again. So you might be sitting there for quite a while.
With indicator on.
Indicator on.
But it was actually, it was in the middle of nowhere.
Oh, so even more difficult. So it wasn't that there were other people ready to offer him some cash.
No. I mean, it may have been genuine, but it's one of those things where you drive off and you go, okay, well, so now he's got some money.
How is he going to go and get the petrol to put in this car? And then you go, it doesn't make any sense.
It would have made much more sense for me to give him a lift to a petrol station, filled up a petrol—
How is he going to go and get the petrol to put in this car? And then you go, it doesn't make any sense.
It would have made much more sense for me to give him a lift to a petrol station, filled up a petrol—
You know what? I think it just says you're a good guy. Who cares if he scammed you? You're a good guy.
No, I'm not nice.
So having convinced myself there's no way I could be a victim of this, what you've done, Carole, very successfully there is you've said, no, you have been a victim of this.
No, I said, Mark, you're human. Okay, Graham, carry on.
Mark's human. Mark's human, everybody. Chicken-loving human.
Soundbite.
The reason why I'm talking about romance scammers and such today is because according to BBC News, there is a woman who hasn't been named because I imagine she might be a little bit embarrassed.
Not embarrassed because she joined a Facebook fan page for Jason Statham, the Hollywood Fast and Furious actor, but because she was contacted via Facebook after joining that page by someone who posed as Jason Statham.
Not embarrassed because she joined a Facebook fan page for Jason Statham, the Hollywood Fast and Furious actor, but because she was contacted via Facebook after joining that page by someone who posed as Jason Statham.
Is it wrong that I've lost all sympathy for this person already because they joined?
Because it's Jason Statham. It's Lock, Stock and Two Smoking Barrels, isn't it? It's all that sort of thing. He's always a hitman, isn't he?
I think in his movie— I know that I've actually seen it.
I think in his movie— I know that I've actually seen it.
I can't even think who it is.
He looks a bit like one of the Mitchell brothers from EastEnders, if you've ever seen them. So basically he's got a head like a boiled potato. Great. Now she's into him.
Oh yeah, she's seriously into him. I mean, she joined the fan page and then he contacted— and she thought, oh, isn't he nice, he's contacted me.
And over time their conversation got more intimate and they switched to WhatsApp, whereupon he started to say, can you send me a selfie?
And, you know, I just need a decent smile from someone like you right now.
Oh yeah, she's seriously into him. I mean, she joined the fan page and then he contacted— and she thought, oh, isn't he nice, he's contacted me.
And over time their conversation got more intimate and they switched to WhatsApp, whereupon he started to say, can you send me a selfie?
And, you know, I just need a decent smile from someone like you right now.
If the equivalent happened to me and Noam Chomsky got in touch, right? Chomsky? Right? I think I would tell people about it because I'd be so excited that that had happened.
If Noam Chomsky got in touch with you, you'd still be reading the first email that he sent you.
I know.
You didn't have time to tell anyone else.
But maybe she did. I mean, some sort of Hollywood stars are quite well known for engaging with their fans a lot.
I think, isn't it Vin Diesel, who's quite a bit like Jason Statham in a way, another sort of hitman, hard man kind of guy, and although not quite as cockney.
I think, isn't it Vin Diesel, who's quite a bit like Jason Statham in a way, another sort of hitman, hard man kind of guy, and although not quite as cockney.
Man of the people.
And I think he's well known for chatting with his fans and things. I don't know what he gets out of it. Let's stop there.
But anyway, she was feeling rather vulnerable because poor thing, her mum and her fiancé had passed away recently.
And when her purse was ripe for the plucking and she was conned into giving away hundreds of thousands of pounds, the fake Jason claimed that some sort of movie deal had fallen through or something, and you know, there was a bit of a money shortage.
And he said, do you mind going down Western Union and you can send me the cash. And she did. In total, hundreds of thousands got sent.
And it's not just horny diehard fans of Hollywood hunks who need to watch out for these things.
But anyway, she was feeling rather vulnerable because poor thing, her mum and her fiancé had passed away recently.
And when her purse was ripe for the plucking and she was conned into giving away hundreds of thousands of pounds, the fake Jason claimed that some sort of movie deal had fallen through or something, and you know, there was a bit of a money shortage.
And he said, do you mind going down Western Union and you can send me the cash. And she did. In total, hundreds of thousands got sent.
And it's not just horny diehard fans of Hollywood hunks who need to watch out for these things.
I don't understand how you'd get rid of that much money unless you were being blackmailed.
Yeah, no, no, if you're being blackmailed, say he had pictures of her and threatened to do something or something like that, I can see why some people might think, okay, pay them off.
Yeah, no, no, if you're being blackmailed, say he had pictures of her and threatened to do something or something like that, I can see why some people might think, okay, pay them off.
She thinks Jason Statham is going to be her boyfriend. She maybe thinks she's already—
In her head, she goes like, she doesn't think, oh, he might have richer friends than me.
I think the thing is, I guess this stuff works because for the victim, this is a one-to-one communication.
Yeah.
But actually for the attacker, he might be doing this with hundreds of people. And it may be that all of them have exactly that same thought.
All, you know, 99 out of 100 of them say, of course he's got richer friends. This is obviously a scam.
You only need one of them to turn around and say, yeah, I'll send you a few hundred thousand dollars. And that's it's absolutely worth your while.
All, you know, 99 out of 100 of them say, of course he's got richer friends. This is obviously a scam.
You only need one of them to turn around and say, yeah, I'll send you a few hundred thousand dollars. And that's it's absolutely worth your while.
Yeah.
And she was vulnerable, right? That's the thing to remember. She was in a low point in her life. You know, think rubbish was going on in her life.
And maybe this was the one thing that she was clinging on to.
And maybe this was the one thing that she was clinging on to.
And she might be thinking, what do I care about money? The people I love are dead. I don't care. A bit depressed.
And, you know, maybe I'll shack up with Statham.
Yeah, I'll just shack up with this.
Why not, right?
The thing is, if you don't send the money, that's the point where you're driving away and leaving them in a cloud of dust. Your basic—
Right, exactly. We need to go back to Mark. Mark is the one who's actually been there in a relationship with someone. It'd been brief. It hadn't been online. It'd been face to face.
It was with a member of the same sex, at least same species, at least, which is an improvement for you, Mark. So that was, that was a good thing. But you know, it happens, right?
People get duped.
It was with a member of the same sex, at least same species, at least, which is an improvement for you, Mark. So that was, that was a good thing. But you know, it happens, right?
People get duped.
People get duped.
We've just seen in America, 9 men arrested in 3 different states in connection to a series of email scams, some of them business email compromise, some of them romance scams.
That earned them over $3.5 million doing this kind of thing. They also pretend to be Russian oil oligarchs. It's easy to say that people are dumb or stupid or deserved it.
That earned them over $3.5 million doing this kind of thing. They also pretend to be Russian oil oligarchs. It's easy to say that people are dumb or stupid or deserved it.
No, no one said that. You did.
No, you actually— you did. You were saying that earlier on.
Yeah, I might have as well.
Oh, well, there you go. So it's easy to say that, folks, because you just did. But when— I feel gaslit.
You're being scammed, Carole.
When I wrote about this earlier this week, about this poor woman, I got that reaction.
Lots People saying, oh, you know, they're blaming the victim and saying, you know, you deserve to lose all that money and all that, you're so dumb.
But I think people who go around blaming them are actually part of the problem. Only about 5% of victims are estimated to come forward from these romance scams.
So it's the tip of an iceberg. If you're telling people they're dunces, you're not actually helping because no one thinks they're a dunce. Everyone thinks they're being logical.
Everyone thinks in the moment that they're being entirely reasonable. Right, with the information which they have.
So I think we need to stop calling people "der brains" and actually just warn them of the threats rather than say, "You're a bloody idiot," because no one will identify at that point.
They think, "Well, I'm not being an idiot because Jason really likes me and he's a really nice guy." Has this happened to you, Graham?
Lots People saying, oh, you know, they're blaming the victim and saying, you know, you deserve to lose all that money and all that, you're so dumb.
But I think people who go around blaming them are actually part of the problem. Only about 5% of victims are estimated to come forward from these romance scams.
So it's the tip of an iceberg. If you're telling people they're dunces, you're not actually helping because no one thinks they're a dunce. Everyone thinks they're being logical.
Everyone thinks in the moment that they're being entirely reasonable. Right, with the information which they have.
So I think we need to stop calling people "der brains" and actually just warn them of the threats rather than say, "You're a bloody idiot," because no one will identify at that point.
They think, "Well, I'm not being an idiot because Jason really likes me and he's a really nice guy." Has this happened to you, Graham?
Is that why you're being so defensive?
Well, I joined, of course, the Diana Rigg Appreciation Society some years ago.
How many other members were there when you joined? Enough said.
'Nuff said.
Mark, what's your story for us this week?
So my story is for anyone who's ever endured the pain of doing a domain transfer.
Oh.
So if you own a website domain, let's say nakedsecurity.sophos.com.
Plug.
Then you might have an idea about what a pain in the ass transferring domains can be.
Basically, if you want to give ownership of your domain to someone else, you have to do a domain transfer.
And all you're doing is you're moving a record from one computer to another. So it should be the simplest thing in the world.
But normally it involves dealing with some massive hosting company's automated processes or worse, their first line support people.
Basically, if you want to give ownership of your domain to someone else, you have to do a domain transfer.
And all you're doing is you're moving a record from one computer to another. So it should be the simplest thing in the world.
But normally it involves dealing with some massive hosting company's automated processes or worse, their first line support people.
Yep.
So it creates complications and it wastes time far out of proportion to what's actually involved. And I've wasted more time on domain transfers than I can tell you.
And one of the reasons it's hard is because if you control the domain, you can control the site. So taking control of a site's name is often easier than hijacking the site proper.
And hijacking normally means some kind of phishing or hacking. There was a spate of domain hijacks a few years ago.
As websites became harder to break into, people started phishing the owners to get the domains instead.
And one of the reasons it's hard is because if you control the domain, you can control the site. So taking control of a site's name is often easier than hijacking the site proper.
And hijacking normally means some kind of phishing or hacking. There was a spate of domain hijacks a few years ago.
As websites became harder to break into, people started phishing the owners to get the domains instead.
Anyway, I remember, for instance, Twitter, their domain details got hijacked by one of the hacking groups.
So anyone who went to Twitter instead got a page about— I can't remember who the hacking group were now, but it looked like the Twitter website had been defaced.
But in fact, what happened was everyone was being pointed towards a different site. Yeah.
So anyone who went to Twitter instead got a page about— I can't remember who the hacking group were now, but it looked like the Twitter website had been defaced.
But in fact, what happened was everyone was being pointed towards a different site. Yeah.
And it's happened to Google as well. I mean, Google have amazing security, but I think it was Google Palestine. They had a domain hijack and exactly the same thing happened.
Visitors were sent to a different site. And it's happened to lots of sites and Google's a good example because they have such good security.
It sort of shows how domain hijack can be a bit of an end run around security sometimes. Anyway, that isn't what happened in this case.
This is about a man called Rossi Lothario Adams II from Cedar Rapids, United States.
Visitors were sent to a different site. And it's happened to lots of sites and Google's a good example because they have such good security.
It sort of shows how domain hijack can be a bit of an end run around security sometimes. Anyway, that isn't what happened in this case.
This is about a man called Rossi Lothario Adams II from Cedar Rapids, United States.
What?
What? No, say that real.
Rossi Lothario Adams II, did you say?
Yeah.
Wow.
Breathe, breathe, Graham.
Self-appointed name or, you know?
Well, no, appointed by his dad, I imagine. It says II. There was an original Rossi Lothario Adams.
Somebody who was so impressed with his own name that he— I've come up with a brilliant name for our son. Where was I?
This man, Rossi Lothario Adams II from Cedar Rapids, really, really wanted to own a domain name called doitforstate.com. That's do it for state spelt with a 4 spelt F-O-R.
This man, Rossi Lothario Adams II from Cedar Rapids, really, really wanted to own a domain name called doitforstate.com. That's do it for state spelt with a 4 spelt F-O-R.
Okay.
Adams started a social media company in 2015 called State Snaps. And its domain name was doitforstate.com as well. But the 4 was spelt using the numerical character 4.
Oh, I see. How frustrating that must be.
So it's the website and social media for State Snaps. It's dedicated to sort of US college debauchery.
So it's drinking games, toga parties, drugs, and anything related to beer, boobs, butts, combinations of those things.
So it's drinking games, toga parties, drugs, and anything related to beer, boobs, butts, combinations of those things.
Ah, university.
Butts and beer. What a great combination. Yeah. Okay, good.
Are you with me so far?
Yep.
Okay.
Yes, but I'm not on the site.
That's all right. Tap, tap, tap, tap.
You're not looking at beer and butts.
So doitforstate.com, spelt with an F-O-R, was owned by a man called Ethan Dayo, a self-styled entrepreneur and personal branding expert.
Right.
And Adams tried to purchase doitforstate.com with an F-O-R from Dayo for about two years without success.
And what was this other guy doing with his, with the version with the proper spelling? What was he doing with his site?
I think it was unused. As far as I know, there hasn't been anything on doitforstate.com with an FOR since 2015.
Right. Okay.
But Adams was unsuccessful in his attempts to purchase from Dayo. Obviously didn't want to sell.
Well, I wonder who else he was thinking would want it. If not the people, anyway. Okay. So the price couldn't be agreed. All right.
Yeah. So then Adams changed his tactics. And Deo became aware of Adams' new approach when he heard somebody breaking into his home in Cedar Rapids on the 21st of June, 2017.
Holy moly. The burglar breaking into his home was a man called Sherman Hopkins, who was a cousin of Mr. Adams.
Holy moly. The burglar breaking into his home was a man called Sherman Hopkins, who was a cousin of Mr. Adams.
Keep it in the family.
He broke in with a gun.
Oh my God.
And he forced Deo at gunpoint to turn on his computer and to connect to the internet. Now, I'm guessing that Hopkins has endured the pain of doing a domain transfer before.
Because he had thoughtfully written out the instructions on how to do a transfer to go from one GoDaddy account to another.
Because he had thoughtfully written out the instructions on how to do a transfer to go from one GoDaddy account to another.
So hang on, hang on, hang on.
So the guy's come in holding this other guy to gunpoint and says, turn on your computer and move the domain, follow these instructions to move the domain on GoDaddy to this new owner.
Doesn't that rather give you a clue as to who might have hired the gunman at that point? Isn't there a rather bit of a flaw in this crime?
Well, could he have not broken into the computer?
So the guy's come in holding this other guy to gunpoint and says, turn on your computer and move the domain, follow these instructions to move the domain on GoDaddy to this new owner.
Doesn't that rather give you a clue as to who might have hired the gunman at that point? Isn't there a rather bit of a flaw in this crime?
Well, could he have not broken into the computer?
Yeah. His email address is—
Adams the Third or whatever it is. Could he not have just— could the burglar not have done it himself? You know, rather than— it's a bit obvious.
The thing is, it didn't get that far.
Oh, okay.
Okay, so the scene is exactly as you spelled out. So Hopkins is holding a gun to Dayo's head and he's given him these instructions.
Oh my goodness.
But as is normal during a domain transfer, it didn't go smoothly and they ran into problems.
Did they have to call up tech support?
Instead of calling support, there was a struggle. Hopkins pistol-whipped and tased Deo before shooting him in the leg.
Tased? He came fully armed?
Remarkably, Deo himself then managed to get the gun and shot Hopkins in the chest.
Oh my goodness.
You're making this up.
Hopkins, all told, has slightly less experience than calling support. And we know about this because the cops got involved and Hopkins and Deo have now both had their day in court.
Oh, the police got involved in this, did they?
Yeah.
Oh, I see. It was a matter for the authorities. You surprise me.
Hopkins has been sentenced to 20 years, and Adams was convicted last week, and he's also facing a maximum of 20 years in jail.
So again, in the end, not a million miles away from how it feels to do a normal domain transfer.
So again, in the end, not a million miles away from how it feels to do a normal domain transfer.
What? One comes in with a gun and forces the other to swap over the domain, and why are they both facing 20 years of jail time. I can understand why the shoot, you know, the—
Hopkins is the guy that broke in with the gun?
Yes.
He got 20 years. And in the process of convicting him, I guess the police found out that he was working on behalf of Adams. So Adams has now had his day in court.
So Hopkins was convicted and charged last year, and Adams was convicted last week and is now awaiting sentencing.
So Hopkins was convicted and charged last year, and Adams was convicted last week and is now awaiting sentencing.
Oh, okay. So we still don't know the sentence of Jezebel Adams IV.
No.
That's going to come at some later point.
And our poor victim still has his hands on the domain.
As far as I know, yeah.
He's got no one to sell it to.
Price has gone up.
So happy days, happy days.
If you want that domain, you now know how hard you have to work to get it, okay?
Carole, what's your story for us this week?
Okay, can you guys tell me what popular '80s food chain character used to use the catchphrase, "Rabble, rabble"?
Rabble, rabble. It's not gobble gobble, is it? Because that was Colonel Sanders.
I think you've got chickens on the brain. I think we know who's obsessed with chickens here. Actually, it's not Mark.
Yeah.
I want to know what you've been doing with Colonel Sanders.
You don't.
I know there's some listeners out there screaming the answer at you two. So those are the raspy tones of the Hamburglar. Do you remember that?
It was a pint-sized thief with an insatiable hunger for Mickey D burgers.
He started out in the '70s as one of the first McDonald's villains in ad spots, right, to help build decades of narrative tension between Ronald's crew and the baddies crew, which had— I know it had Hamburglar, and I think there was that big purple blob thing, Grimace.
Grimace was the other one.
It was a pint-sized thief with an insatiable hunger for Mickey D burgers.
He started out in the '70s as one of the first McDonald's villains in ad spots, right, to help build decades of narrative tension between Ronald's crew and the baddies crew, which had— I know it had Hamburglar, and I think there was that big purple blob thing, Grimace.
Grimace was the other one.
I think Mr. Blobby.
Now, in North America, at least, the Hamburglar was this red-headed pudgy kid. And he had a black and white striped shirt, a cape, wide-brimmed hat, red gloves.
It looked kind of Puss in Boots style. And the only thing he said was either unintelligible or rabble rabble.
Now, I find the Hamburglar quite creepy, but that might be because I find it looks remarkably similar to Chucky the killer doll.
It looked kind of Puss in Boots style. And the only thing he said was either unintelligible or rabble rabble.
Now, I find the Hamburglar quite creepy, but that might be because I find it looks remarkably similar to Chucky the killer doll.
Oh, yes.
From the '88 horror movie of the same name. It was called Chucky, wasn't it?
Yeah, yeah, yeah. To be honest, there's a lot of McDonald's stuff which is quite spooky. I mean, Ronald McDonald himself is a terrifying character, isn't he?
Yes. I was just thinking, if you line up the McDonald's characters from most disturbing to least disturbing, least disturbing is the weird purple blob thing.
Then it's Hamburglar, and then it's Ronald.
Then it's Hamburglar, and then it's Ronald.
I mean, what were their marketing— I mean, now they have Justin Timberlake, which I suppose is a bit better, but they've chosen some really odd things, haven't they?
Funnily enough, though, during my research, it brought up the UK version of Sir Hamburglar a lot, or Your Hamburglar. And what the fuck, guys? WTF?
What the French fries?
This Hamburglar has the super long witchy nose. His teeth look like they've been thrown into his face from a good distance. I mean, you tell me. Look, you've got the link there. Okay.
I want to understand. You both were born here. I want to know why marketing experts in the UK thought this would appeal to the 10-year-old you guys.
I want to understand. You both were born here. I want to know why marketing experts in the UK thought this would appeal to the 10-year-old you guys.
I'm checking it out. Oh my goodness. There's that clown. Here he comes around the corner.
Oh, whoa, whoa. Right.
Yeah, he's terrifying.
He's terrifying. Absolutely terrifying.
So I don't understand.
That says a lot about everything. Of course, you're wondering, why am I talking about the Hamburglar?
Yeah.
Well, there's a reason. This promo character has become a reality, and he is hunting down burgers in my homeland of Canada.
So Canuck burger fiends are under attack from a real-life Hamburglar who is making use of their My Mickey D apps to steal a heck of a lot of burgers.
So in February, Lauren Taylor from Halifax told the CBC she had no idea how, get this, $483 and change was spent on her McDonald's app.
So Canuck burger fiends are under attack from a real-life Hamburglar who is making use of their My Mickey D apps to steal a heck of a lot of burgers.
So in February, Lauren Taylor from Halifax told the CBC she had no idea how, get this, $483 and change was spent on her McDonald's app.
Oh, sure she hasn't. No idea at all.
Have we got a picture of her? We're looking for someone who's about 30 stone.
She's actually not.
Dressed as a Hamburglar.
No, I watched a video with her. So she first noticed the order confirmations, dozens of them, right? And they're all sporting the last 4 digits of her actual debit card.
And by the time she checked in with the bank, she only had $199 left in her bank account.
And by the time she checked in with the bank, she only had $199 left in her bank account.
And all this money was spent on produce from McDonald's?
All this was spent through the app for McDonald's produce, but they were made in another Canadian province about 10-hour drive away in Quebec.
And Lauren still told the CBC, this is an app that's supposed to be secure, so why do I live in Nova Scotia and why is my card being used in Quebec? It's crazy.
McDonald's, of course, retorted, saying that there was no security breach on the Mickey D app and reminded users to use the app vigilantly and not share passwords with others, create unique passwords.
Lauren told the CBC that she does use different passwords for all online accounts, she changes them frequently, never shares her passwords, passwords are strong.
So what's going on, right? And the Mickey D app requires 8 to 12 characters, upper, lowercase, one number in it.
So all this sounds a bit suspicious, or it might sound like it was just her spending $500 on a big crazy meal.
I've seen the menu, how you could spend $500 at McDonald's, and it's quite difficult.
And Lauren still told the CBC, this is an app that's supposed to be secure, so why do I live in Nova Scotia and why is my card being used in Quebec? It's crazy.
McDonald's, of course, retorted, saying that there was no security breach on the Mickey D app and reminded users to use the app vigilantly and not share passwords with others, create unique passwords.
Lauren told the CBC that she does use different passwords for all online accounts, she changes them frequently, never shares her passwords, passwords are strong.
So what's going on, right? And the Mickey D app requires 8 to 12 characters, upper, lowercase, one number in it.
So all this sounds a bit suspicious, or it might sound like it was just her spending $500 on a big crazy meal.
I've seen the menu, how you could spend $500 at McDonald's, and it's quite difficult.
It's impossible. It's impossible. Clearly, clearly feeding a village or something.
Are you saying that the McDonald's store where this was happening was in another state or something? So some distance away from her.
Yeah. Yeah.
Is it possible she was cycling back and forth from there, which would mean that she could consume it and then maybe the amount of calories she would use riding back?
I imagine she'd get a fairly fierce—
It's about, I don't know, 1,000 miles. So yeah.
Oh, quite a lot.
Yeah.
She'd have big calves, wouldn't she?
Yeah. The problem is, Lauren's not the only person to have noticed that her Mickey D app seems compromised.
One guy, Brett, noticed that within half an hour his account had been used by an imposter and spent $50 worth of food at McDonald's in Mirabel, Quebec. So he was in Halifax.
Again, the attack happened in Quebec, and there were two orders: one for 30 Chicken McNuggets and another for a double Big Mac meal. This is where he gets the name the Hamburglar.
And fast forward to this week, the latest victim is Patrick O'Rourke, who was getting email notifications but hadn't actually been managing his email account very well, and someone purchased— get this— 100 meals in a single week, racking up a $2,000 bill.
This included loads of Big Macs and McFlurries. And O'Rourke, obviously not a dumbass, doesn't think one person could have possibly eaten all this food.
One guy, Brett, noticed that within half an hour his account had been used by an imposter and spent $50 worth of food at McDonald's in Mirabel, Quebec. So he was in Halifax.
Again, the attack happened in Quebec, and there were two orders: one for 30 Chicken McNuggets and another for a double Big Mac meal. This is where he gets the name the Hamburglar.
And fast forward to this week, the latest victim is Patrick O'Rourke, who was getting email notifications but hadn't actually been managing his email account very well, and someone purchased— get this— 100 meals in a single week, racking up a $2,000 bill.
This included loads of Big Macs and McFlurries. And O'Rourke, obviously not a dumbass, doesn't think one person could have possibly eaten all this food.
No, they'd be dead.
Yeah, so what's going on here, right? This Hamburglar has already nabbed food worth thousands from a handful of victims across Canada. And what do you think the likely scenarios are?
What's the modus operandi?
What's the modus operandi?
So one idea I had is a place like McDonald's have free Wi-Fi, right?
And I was wondering whether maybe their Wi-Fi at some branches wasn't set up properly and maybe the app isn't communicating securely and maybe people are stealing tokens or passwords or something from the app.
Could something like that?
And I was wondering whether maybe their Wi-Fi at some branches wasn't set up properly and maybe the app isn't communicating securely and maybe people are stealing tokens or passwords or something from the app.
Could something like that?
I wonder if people actually use the app when you're in store. Do people do that?
Oh, yeah. Well, if you're really lazy, could you? I don't know.
It's not beyond the realms of possibility that people will be sat in a McDonald's on their phone ordering food.
I mean, letting their kid do it or something.
Yeah. It's a long way to the counter.
I mean, could it be a disgruntled employee or ex-employee? Could that be something? Because would they have access even to the passcodes at some point and be able to use them?
But they're saying that there isn't a vulnerability in the app, are they? And that's correct, is it?
Well, that's certainly what McDonald's are standing by at the moment.
It's not impossible to imagine a scenario where a company says that there is no vulnerability in their app and later turns out—
What are you talking about, Mark? I've never heard such a thing.
I'm just saying it's not an impossible scenario.
Highly unlikely though, highly unlikely.
I mean, someone's definitely seeming to attack Canadians that don't seem to have a lot to do with each other.
So it seems to be happening around different provinces, but they're all taking place in Quebec. So Quebec police are now apparently looking for the Hamburglar.
So it seems to be happening around different provinces, but they're all taking place in Quebec. So Quebec police are now apparently looking for the Hamburglar.
Do we know how many of these things have taken place? So you've spoken about 3 of them, but is this—
When they put it up on Twitter, lots of people were saying, hey, this happened to me too, this happened to me too. So there seems to be a lot of unconfirmed reports online.
Yeah, but there seems to be about 4 or 5 in the I wonder if it's an accident. Well, maybe.
Yeah, but there seems to be about 4 or 5 in the I wonder if it's an accident. Well, maybe.
Could it be like butt-dialling? People are ordering these things without realising they're ordering them.
Yes, but they're not ordering at the McDonald's where they live, right?
Yeah, okay, okay. I'm sorry, I haven't got the answer.
Is it actually the case that there's a McDonald's in Quebec that's had to hand over 100 hamburgers in one order? Or is it just kind of ghosts in the machine?
So this guy O'Rourke, who had 100 meals bought on his Mickey D app, that happened over a space of a week.
So it happened at different locations, different McDonald's around in the vicinity.
So they're obviously trying to go in and buy something that's maybe probably $50, not raising too many eyebrows and doing it right.
And maybe there's probably more than one doing it at the same time.
So it happened at different locations, different McDonald's around in the vicinity.
So they're obviously trying to go in and buy something that's maybe probably $50, not raising too many eyebrows and doing it right.
And maybe there's probably more than one doing it at the same time.
Have you got an actual answer for us, Carole?
No.
Oh, for goodness sake.
But I have advice.
Okay. Okay. It better be good.
So one, I think McDonald's can't sit there and say nothing to do with us, gov.
I think that's just uncool because they're obviously not enforcing two-factor authentication on the app.
They're not doing anything to validate that the device belongs to the account user before a payment is made.
I mean, they could ask for, you know, a code number, you know, upon receiving it or something. So they could bake in more security, I think, in the app.
And users, don't use a debit card for your online purchase accounts. Consider using a credit card, right?
So a credit card is where the credit card company makes the purchase and then you pay for that purchase upon receiving it.
And if it's not what you want, you can say, hey, I'm not paying for this.
But if it's coming out of your own money and it's debiting your account, you're the one who is losing out there.
Now, in this case, both banks have paid two of the users back the money that they lost. But I don't hear McDonald's paying back the money.
So that's— I don't know what's going to happen there. And I mean, really, do you really need a frickin' junk food app on your phone?
I think that's just uncool because they're obviously not enforcing two-factor authentication on the app.
They're not doing anything to validate that the device belongs to the account user before a payment is made.
I mean, they could ask for, you know, a code number, you know, upon receiving it or something. So they could bake in more security, I think, in the app.
And users, don't use a debit card for your online purchase accounts. Consider using a credit card, right?
So a credit card is where the credit card company makes the purchase and then you pay for that purchase upon receiving it.
And if it's not what you want, you can say, hey, I'm not paying for this.
But if it's coming out of your own money and it's debiting your account, you're the one who is losing out there.
Now, in this case, both banks have paid two of the users back the money that they lost. But I don't hear McDonald's paying back the money.
So that's— I don't know what's going to happen there. And I mean, really, do you really need a frickin' junk food app on your phone?
So that's, that's where I was going to go. I think all of your advice is great.
And yeah, I think the point that you made earlier about, or the point that Graham made about blaming the victims earlier is well made as well.
And I don't think it's nobody's fault that they use a McDonald's app, but we do live in a world where there's an app for everything.
And I thought the whole point of McDonald's and fast food was that it was fast.
They've optimized the delivery of food over the taste, the quality, literally everything has been sacrificed to get you that burger in double quick time.
So trying to shave a few seconds off that by using an app is a great way of increasing your attack surface.
So I think just, you know, do you really need an app for all the things that you do is a great question because you have to go there to pick it up anyway, unless it's, I don't know, are they delivering by drone now?
And yeah, I think the point that you made earlier about, or the point that Graham made about blaming the victims earlier is well made as well.
And I don't think it's nobody's fault that they use a McDonald's app, but we do live in a world where there's an app for everything.
And I thought the whole point of McDonald's and fast food was that it was fast.
They've optimized the delivery of food over the taste, the quality, literally everything has been sacrificed to get you that burger in double quick time.
So trying to shave a few seconds off that by using an app is a great way of increasing your attack surface.
So I think just, you know, do you really need an app for all the things that you do is a great question because you have to go there to pick it up anyway, unless it's, I don't know, are they delivering by drone now?
The last thing you want, other than of course an actual McDonald's burger, is a McDonald's burger that's been waiting for you for 10 minutes, isn't it?
I have some—
I have them all waiting for you, Graham.
They've all been waiting for you for 10 minutes. There's a queue of them, literally. You can see it if you look over the shoulder of the person who's serving you.
I'm thinking you would only actually use this when you're at the store.
Have you ever used the touchscreens they have inside McDonald's these days? I wonder if it's anything like this. Giant touchscreens.
And the idea is that you walk in and instead of standing in a queue, you walk up to this touchscreen and then you spend, I don't know, 3 or 4 hours making your order as you figure out this sort of giant, you have to slap it and scrolling and these submenus that, and oh, if the app is anything like that, then it'll add hours to your day.
And the idea is that you walk in and instead of standing in a queue, you walk up to this touchscreen and then you spend, I don't know, 3 or 4 hours making your order as you figure out this sort of giant, you have to slap it and scrolling and these submenus that, and oh, if the app is anything like that, then it'll add hours to your day.
And that touchscreen will have been touched by loads of vulnerable kids who've been to the loo and not washed their hands. That's disgusting.
Yeah.
And so, yeah, I think the takeaway here is maybe take a look at the apps on your phone, particularly those tied with debit or credit cards, and ask yourself if you really need those apps, if they're providing really the value you think they are, because they're just vulnerabilities waiting to happen.
Actually, do you want to hear one last fun fact about the Hamburglar guy? So they killed them off, right? They killed them off in the early noughties.
And so, yeah, I think the takeaway here is maybe take a look at the apps on your phone, particularly those tied with debit or credit cards, and ask yourself if you really need those apps, if they're providing really the value you think they are, because they're just vulnerabilities waiting to happen.
Actually, do you want to hear one last fun fact about the Hamburglar guy? So they killed them off, right? They killed them off in the early noughties.
Did they video that? Did they put out an advert of his death?
Facebook Live.
Yeah.
Was it like Chucky being killed?
But they brought him back to life in 2015.
Oh, nice.
McDonald's were introducing this sirloin burger, you know, full flavor thing, and they needed a character and a promo.
So our little nasty little Hamburglar was reintroduced all grown up and, well, kind of sexy. And there were even news spots going, is this guy hot or not?
One newscaster saying he's either creepy or Fifty Shades of Hamburglar.
So our little nasty little Hamburglar was reintroduced all grown up and, well, kind of sexy. And there were even news spots going, is this guy hot or not?
One newscaster saying he's either creepy or Fifty Shades of Hamburglar.
Rabble, rabble. That doesn't work at all.
I know.
Fifty Shades of Hamburglar. Hang on, I've got one. I've got one. Couldn't they have said Fifty Shades of Filet?
Or Fish?
Filet, gray filet. Oh, come on, that's—
He likes burgers.
They could have, Graham. I don't know why they would.
They could have.
I think hers is better. Hey, Graham, didn't you recently download the Threat Intelligence Handbook from Recorded Future?
I did, yes. I went and grabbed myself a copy. It's a chunky thing, you know, 100 pages.
Whoa.
Yeah, it's not some cheapo flimsy little pamphlet.
No, the Threat Intelligence Handbook, it really gives you the skinny on threat intelligence and how you can apply it in your workplace to really get some practical benefits.
No, the Threat Intelligence Handbook, it really gives you the skinny on threat intelligence and how you can apply it in your workplace to really get some practical benefits.
The best of all, it's completely free. Listeners, visit smashingsecurity.com/intelligence to get your free copy. We are also sponsored this week by our friends at LastPass.
Now, Graham, isn't it something like 90% of security breaches involve stolen password or a poor password.
Now, Graham, isn't it something like 90% of security breaches involve stolen password or a poor password.
Yeah, stolen passwords, poorly chosen passwords, reused passwords.
Passwords are really sort of the hinge pin of so many security attacks which happen, which means that you probably want an enterprise password manager like the one offered by LastPass.
Passwords are really sort of the hinge pin of so many security attacks which happen, which means that you probably want an enterprise password manager like the one offered by LastPass.
Listeners can learn all about LastPass Enterprise at lastpass.com/smashing.
You don't have to say forward slash, by the way. You can just say slash, just so you know.
And last but not least, we are supported this week by Gartner. Gartner is the world leading research and advisory company, and they are having a big event.
It's massivo, I'll tell you. All the big security vendors are going to be there.
They're going to be talking about cyberattacks, artificial intelligence, blockchain, machine learning, and much more.
It's all taking place between June 17th and 19th at the Gaylord National Convention Center in National Harbor, Maryland.
They're going to be talking about cyberattacks, artificial intelligence, blockchain, machine learning, and much more.
It's all taking place between June 17th and 19th at the Gaylord National Convention Center in National Harbor, Maryland.
And if you are a CISO, IT security and risk professional, you probably want to go to the Gartner Security and Risk Management Summit.
And listen up, listeners, you can receive $350 off the registration fee by using the code SMASHING with a G. To learn more, visit smashingsecurity.com/gartner.
Once again, you don't have to say forward slash, just say slash.
Is there an echo?
And welcome back. You join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
It doesn't work.
How is the polystyrene chamber pot or whatever it is that you're sitting in?
I've lost about 10 pounds in sweat since the beginning of the podcast. I'm not going to lie.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like. Doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like. Doesn't have to be security-related necessarily.
It shouldn't be.
It doesn't have to be. Now, my pick of the week this week— no, definitely doesn't have to be.
My pick of the week this week is a movie which I saw yesterday, and it was rather wonderful. I don't know if you guys have seen it or not.
It is called Spider-Man: Into the Spider-Verse.
My pick of the week this week is a movie which I saw yesterday, and it was rather wonderful. I don't know if you guys have seen it or not.
It is called Spider-Man: Into the Spider-Verse.
Strangely, it's not been on my list.
Has it not? Well, you know, the name itself would normally put me off because I am not interested in superhero movies.
I tend to fall asleep during any sort of CGI fighting or anything like this. This is an animated film.
I tend to fall asleep during any sort of CGI fighting or anything like this. This is an animated film.
Oh, dying. I'm dying to see this.
Oh, well, Mark, actually, because you are quite an artist yourself, as indeed are you, Carole. I believe you're appearing in Oxford Art Weeks. Let's not forget that.
Let's plug that again. Yes. But it is incredible. I saw the trailer a few months ago. I wanted to see it at the cinema. I missed it.
And I've just grabbed it on one of the streaming services and paid a little bit cash. And it is fantastic. It is spectacular.
Let's plug that again. Yes. But it is incredible. I saw the trailer a few months ago. I wanted to see it at the cinema. I missed it.
And I've just grabbed it on one of the streaming services and paid a little bit cash. And it is fantastic. It is spectacular.
I'm looking at the promo right now and it does look fantastic, Graham.
It is incredible. It is the closest I've ever seen a movie to a comic strip.
And there's a whole variety of animated styles and the thought and the attention that's gone into it, plus a fantastic funny script. It's not your typical animated movie.
It's not like one of these DreamWorks sort of things, you know, where they have funny characters, you know, singing chunks or something like that. It's none of that going on.
Well, it's a little bit of that going on because there's a character called Peter Porker who appears. The basic premise is that we are dealing with a multiverse, people.
There are parallel universes.
There's a bad guy who has a reason for trying to get through to another parallel universe, and different Spider-Men from different parallel universes are coming through with different characteristics.
It is funny, but more than anything else, it is a spectacle and it is phenomenal. Phenomenal to watch. Brilliant.
And there's a whole variety of animated styles and the thought and the attention that's gone into it, plus a fantastic funny script. It's not your typical animated movie.
It's not like one of these DreamWorks sort of things, you know, where they have funny characters, you know, singing chunks or something like that. It's none of that going on.
Well, it's a little bit of that going on because there's a character called Peter Porker who appears. The basic premise is that we are dealing with a multiverse, people.
There are parallel universes.
There's a bad guy who has a reason for trying to get through to another parallel universe, and different Spider-Men from different parallel universes are coming through with different characteristics.
It is funny, but more than anything else, it is a spectacle and it is phenomenal. Phenomenal to watch. Brilliant.
It looks very beautifully drawn.
Yeah.
I've put in a couple of links in the show notes to some documentaries about the animation, which I'd really recommend you check out.
And if that doesn't whet your appetite to go and see the movie proper, I don't know what will, but I'd really recommend it. Spider-Man: Into the Spider-Verse.
And if that doesn't whet your appetite to go and see the movie proper, I don't know what will, but I'd really recommend it. Spider-Man: Into the Spider-Verse.
And when Graham says show notes, just someone asked this, that means on the website. So just go to smashingsecurity.com and you'll find it all there.
Yeah. And some of the podcast apps as well will include it. Sometimes they don't put them in as clickable links, but smashingsecurity.com, you'll find them on there too. Yeah.
Mark, what's your pick of the week?
Mark, what's your pick of the week?
Well, before I tell you my pick of the week, very quickly, I want to know, do you two have a plan for the zombie apocalypse?
When the zombie apocalypse happens, what are you going to do?
When the zombie apocalypse happens, what are you going to do?
I think I'm going to go and hide under a chicken coop because chickens actually are very friendly.
I used to keep chickens, but I think that in a zombie situation, they would probably peck out the eyes of the zombies and protect me.
So that is, I think, one of the safer places to go.
I used to keep chickens, but I think that in a zombie situation, they would probably peck out the eyes of the zombies and protect me.
So that is, I think, one of the safer places to go.
How much time did you spend with your chickens, Graham?
They were lovely.
I think I'd offer myself up to the zombies because don't you get stronger the longer you are a zombie?
So if you're one of the first, it probably wouldn't help your complexion, Carole. That's true.
So if you're one of the first, it probably wouldn't help your complexion, Carole. That's true.
So your plan for surviving the zombie apocalypse is just to immediately become a zombie?
Immediately become a zombie. And yeah.
If only we'd had people like you during World War II, Carole. Oh, here come the Lemons. Yes, let's just give it.
So all I can say is I'm very glad that you weren't responsible for the Netflix series Black Summer because it would have been a very short TV program.
Mercifully, it was created by someone else. I don't know who. And they have made a wonderful zombie apocalypse short TV series which we've just finished watching, and it's fantastic.
I don't know if you're into zombies, but if you like zombies, it's a bit like somebody took the first series of Fear the Walking Dead.
Mercifully, it was created by someone else. I don't know who. And they have made a wonderful zombie apocalypse short TV series which we've just finished watching, and it's fantastic.
I don't know if you're into zombies, but if you like zombies, it's a bit like somebody took the first series of Fear the Walking Dead.
Yeah, I've watched that actually.
But the first series of Fear the Walking Dead, it's all about people struggling with the initial outbreak, and they've crossed that with 28 Days Later, which is a terrifying Danny Boyle zombie film where the zombies run.
And so when you get bitten by a zombie, you become a zombie almost instantly. You don't have to wait a day. So they just pop back up to life and then they run after you.
And so when you get bitten by a zombie, you become a zombie almost instantly. You don't have to wait a day. So they just pop back up to life and then they run after you.
See, that sounds like much more fun than being chased.
It is, but it's very claustrophobic. There's lots of close camera work. It's all about the people and the fear. And it's very good if you like zombies.
Are you sure you're not just talking about your little box that you're in right now? Being claustrophobic was the first word that came to mind.
Yeah, and it's really warm.
Carole, what's your pick of the week?
Ah, I have a doozy this week, and I was waiting to hear yours to see if I would beat you, and I think I have.
It's not a competition.
If any listener's in front of a computer right now, I suggest you follow my instructions.
Hang on, hang on.
It's worth it. It's really good. Please head to coolmathgames.com. CoolMathGames.
Math with a TH.
Are you sure?
No. Yeah, TH, no S. Normal.
CoolMathGames.com. Yeah. Do I want to accept cookies?
No, don't eat them.
Reject all cookies.
Well, it's a cute looking site.
It's a website from 1999.
CoolMathGames. It's been around since 1997. This is a brain training site. A site where logic and thinking meet fun and games. There's no violence. There's no empty action.
Just loads of challenges.
Just loads of challenges.
I'm playing chess right now.
To give you a little mental workout.
Can you recommend one of the games?
Yes. See, Graham, we've lost Graham already. There you are.
No, I started doing some— I tried to do some chess, but I'll do IQ Ball instead. Okay.
I'm quite a fan of this little cute— We have to get our little purple critter to the target, it says. To do this, you shoot out with his grabber and latch onto things.
I'm quite a fan of this little cute— We have to get our little purple critter to the target, it says. To do this, you shoot out with his grabber and latch onto things.
Yeah, and it just goes. And you can play. There's no having to log in. You could just go and waste 10 minutes, which I did happily this morning before we decided to record. It's cute.
See, look at you guys sitting there.
See, look at you guys sitting there.
Wow.
Yeah. Now this is amazing, right? So already you're thinking, wow, this is pretty cool. Guess what gets better? Gets better. You ready?
You can go Cool Math for Kids and Cool Math Games and coolmath.com, which was the first one for math for ages 13 to 100.
You can go Cool Math for Kids and Cool Math Games and coolmath.com, which was the first one for math for ages 13 to 100.
Don't accept all the cookies.
No, never.
Hurry up, Graham, I'm starting to feel a bit faint here.
Okay, which one do I need to play? Anything.
I don't— no, no, I'm just saying all these three right? You have something for your kids there, something for you. There's math, there's games, there's logic.
Have fun, you're welcome, world. And thank you to the creators of Cool Math Games.
Have fun, you're welcome, world. And thank you to the creators of Cool Math Games.
Wow. Well, Carole, that's a great pick of the week. Although, so I've tried that.
I think you need to go and try out Black Summer and Spider-Man: Into the Spider-Verse, and only then will we know which was the best pick of the week.
I think you need to go and try out Black Summer and Spider-Man: Into the Spider-Verse, and only then will we know which was the best pick of the week.
Okay, whatever. Not worried.
Well, that just about wraps it up for this week. Mark, I'm sure lots of our listeners would love to follow you online or even flag you down on a motorway.
Well, you can hear me every week on the Naked Security podcast, and you can follow my chickens on Twitter @InternetOfHens.
Cool. And you can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't allow us to have a G.
And if you're on Reddit, why not continue the discussion with us up there as well? Just search for Smashing Security on Reddit and you'll find our subreddit.
And if you're on Reddit, why not continue the discussion with us up there as well? Just search for Smashing Security on Reddit and you'll find our subreddit.
And big shout out to this week's Smashing Security sponsors. Their support helps us give you this show for free, so be sure to check out their offers.
And of course, big thanks to you all. Thank you for listening, supporting us, and helping us spread the word.
And of course, big thanks to you all. Thank you for listening, supporting us, and helping us spread the word.
And until next week, cheerio, bye-bye, later.
Mark, I've passed out.
Yep, but you revived me, so thank you.
Are you gonna say toodle-oo or anything?
Oh, sorry, goodbye. Yeah, bye.
Good, excellent. Well, that went very smoothly, I think.
Whoop whoop.
Hello Graham,
I have been speaking with "Jason Statham" for almost a year. He has called me from a LA area cell phone but offshore spoof calls can authenticate an LA exchange.We use hangouts to communicate but in my mind I know its not him. I keep waiting for the shoe to drop, (a request for money) which hasn't come yet however he talks about coming to visit me on the FFF Plane (lol) and how it will cost for "protection". He wanted me to write an email to the FFF family stating we were in love and he needed a vacation. (i'm not in love) (this is becoming more of a hindrance actually). He told me RWH cheated on him and she is with someone else. He also said he is in Taiwan filming and putting together the biggest contract of his life. He sent me a picture of his boarding pass when heading to Taiwan but it was a Qantas boarding pass and there were no flights departing LAX to Taiwan or even that flight number on that day. I'm going to miss speaking with him because it has become tedious but I wanted someone to know that this happens every day and there are so many lonely people that might need to be loved and cared about.
Thanks for getting the message out there. Let's try to be sure no one else gets hurt in their heart or wallet.
Kindest regards,
too smart for this bananhead
Guess what I am one now too
Same thing FFF he wants to come over and they want me to pay for the plane
Omg. Same fake Jason and I talked for months on Googlechat. He said he was in Viet Nam filming for FFF but needed vacation. Wanted me to say i was his fiancee and that Jason needed to come back to the states so we could marry. Wanted me to send FFF 3800 dollars for the flight , etc. W
Hi,
I know how you feel… I am into it now & he wants me to pay for the FFF plane ticket….. he did he tell you that Rosie cheated…. I am so happy to find your’s because he is good & I have to stop talking to him
Thanks so much
He's still at it ladies lol he tried that same shit with me but I knew better right from the start if it's to good to be true you know it ain't
He is stuck in taiwan and he can’t get access to his bank account so i should applied for a fff visa for 4k and he give me back the money .Rosie cheated on him with the manager wow.
Yes In Taiwan- I am in Canada ????????. Wrote to team Statham got no reply to confirm identity. He started to do the my credit card thing. Except I actually traveled for a living before and if he works Fast Furious that's Disney just like Johnny Depp. No guy earning over 100 million has to get for any woman. Talk is cheap. Plane rentals actually can be too. I dont mind a bit of chat during my coffee hr. It's entertainment whether or not it's him. However I think his team should stop whomsoever trace the IEP address cause many have not worked and traveled. Perhaps more people will post / Instagram can pull the fake account. I didn't reach out to this account. We are doing fantasy photography in Canada ????????. Otherwise I block fake Elons etc. Sad the "team" in real doesn't stop the crap eh !
Don't fall for it they're good be scammers okay one of them accidentally called me he's from Nigeria he was wearing a Bob Marley hat because I am Jason Statham he tried that s*** with me he tried saying that Rosie cheated on him blah blah blah it's b******* don't send no money that's all they want is money
I wonder if your man in Nigeria is a mate of Gary Barlow?
https://grahamcluley.com/smashing-security-podcast-368/
I also had to that be too that Rosie cheated with manager so he really wants someone he can trust love who can take care of his babies right now I jva eanout 4telegrams for the same man Jason Statham an Zangi 2 an Skype one so I really don't understand how cone can Jason be in so many accounts in one time cause if you check while you online you'll be find other lines on too guys we facing a very big problem am certain now it's not him at first I was worried sick cause I was once scammed on his name someone ask for a gift card an now he wants me to buy meet an greet ticket cause he is preparing to come to South Africa actually he has something to do but he wants to come see me meet me first before going around South Africa thank you
Hi
This is truly unbelievable. I am an attorney of :30 years and had the same exact experience as you. He was going to come to South Africa especially to meet me and that l had to pay for a meet and greet card. Yesterday he asked me to get him an iTunes gift card for $100.
I got it to but he is in scotland and he wants to set up place in lakes and also is driver and hinself to come pick me up to meet him vut first i got you will have to pay 500 to his management to meet he is in cuckoo land
Thank you for all the information. It is hurtful to find out the truth. I am so glad I woke up to check on this. Thank you so much again. J
I received yesterday a message from fake Jason Statham. Thank God I'm a cautious person by nature. Why should a famous actor like to chat with me?
He told me he was cheated by his wife, divorced and has one child named Jack. Thank God for waiting rooms and their gossip magazines. I knew about the birth of the second child on 2022/02/02, so I asked him about his new born daughter… why he "forgot" her…. and why divorce? He's not married with his long-termed partner yet. No wonder but no reply on that. LOL
Okay, I'm a bitch, so I put this bloke under pressure. I said I want a proof he's the real Jason. Therefore I said he has to make a short video of himself and he has to say my name during filming.
This was yesterday evening. Nothing happened until this morning. No wonder. LOL I think he reconsidered his strategy becauce of the video I wanted he sent me a picture of his alleged passport. Ladies, this was the worst forgery I've ever seen!! ROFL
Higher pressure on him. No, I don't wanna see any passport, I want a video AND in there my name spoken by himself.
After this it took a while and a long sermon came about his likes and hobbies, about false friends, lives in New Zealand at the moment, writing a new skript and whatsever. And the best: He sent me a screenshot from an online magazine as "proof" of his divorce. Well, what he didn't know was the fact I search the WWW yesterday and read this news by myself. It was taken by an online-website and was nothing else but gossip. LOL
I gave him no chance to ask me about anything, especially not for money. I confronted him by the facts and called him a lousy Love Scammer, using a fake passport (the manual signature was a completely different name/forename was "Doug") and old gossips as proof. At the end I said I inform the police incl. warnings on Twitter & Co. and I block him. My last sentence I've written was "Rott in hell, Wanker!"
He read it and … BANG ….. his profile went blank before I could block him.
Honestly, my english was better than his. And I'm german!
What is WWW
World Wide Web. It’s usually referred to as the internet now ????
Got the same thing on Facebook. Friending me because I'm a fan. I just sent the video with my name request lol.
Shut up you are old fool
And you are an ass.
He wants me to pay to the fff £5400 for the private jet to bring him over for a vacation . I realise it's a scam and he is getting no money out of me! But it's amazing how much loving he gives out and so easily can people get conned by this person.
He still at it ladies apparently he is on his way to taiwan also sent me the pic of the ticket told me he loves me and his girlfriend cheated on him also. Hasn't asked for anything yet waiting on it though says he goes and helps out at the Catholic orphanage also. I'm playing along with him as he will get caught out and so he should.
Well I’ve sent bicon to Taiwan also been scammed every day every night talking to him in Rowan supposedly he can’t get out asked me to email fff family as well!!! Soooo stupid I can’t believe myself!!
Oh! Yes happened to me. Many Red flags right off. I could write a book. I kept all information.
I believe there is a group. They are still at it.
Yes, the fake Jason Stathem has tried the same thing with me. He just flew to Taiwon, probably two weeks ago. Sent me the pic of his airline ticket.would send me pics of himself, which I found online already. He can't call because he said there are too many restrictions over there. I played along with it all. He sent me a FFF email. No official company name to it. An apparent Ewin Scott replied. They wanted $8600 for a private jet. I said I could only afford $1500. Jason asked me to plead with them to pay the rest. They agreed. I told Jason it would be better if he flew here and he reimburses tham. He said it's not the way they work. This apparent Ewin Scott gave me a Commonwealth Bank account to a Linda Louise Street. I took the information to the bank to check if there was a such account. They confirmed that there was. The funny thing was, is that when I'd challenge this fraudster. He or she would slip up and at least four times this person would refer to themselves as being a woman. So many red flags. Oh and the conversation online started by him saying that he didn't want a relationship due to being do hurt by Rosie because she cheated on him and his young daughter wasn't his. Then, very quickly, he fell madly in love with me and wanted to marry me.I am wondering how many they've conned. I think there could be a group of them to be honest. Plus a lot of broken written English in the messages. He'd. Make out he had to go and work on set in Thaiwon. That he had to learn his lines which were more lies. I'm still messaging him at the moment. He had been up most of the night and now on set learning lines. The funny thing is that he disappears nearly the same time everyday and is virtually the same time that he started messaging me when he was supposedly in America. He said he was alone and Rosie went back to the UK to live. No one knows a out the breakup because it's a secret and he would tell the world that we are together once he's with me. He'd buy me a house and flashy car and that I'd travel everywhere with him. We'd never be apart. He's very persistent on getting that money because they can't access their accounts in Thaiwan I just wonder how many these people have scammed already. Stay safe people and be very vigilant please!!! Oh I also found online of resent footage of him and Rosie at a fashion show together and another being in another country. He said Rosie posts them because she gets all these endorsements and that she doesn't want anyone to know that they've broken up. Hmmm unbelievable!
Could you please post the Taiwan ticket photo so I can show my family member that it’s public knowledge?
There's a group of them, all trying it on!
Yup. My elderly family member is currently getting scammed. She believes it because of the sound of his voice and the Taiwan plane ticket photo. Apparently they talk for 8 hours a day
my best friend is going through the exact same thing right now, he has sunk his claws right into her and nothing we tell her will convince her its not him . i did a search on social media and found the real jason statham and his family are having to pay people back out of there pockets just to prove it is not him pulling these stunts. so far we have been unable to convince my best friend she is going to get badly hurt. he has told my friend we are all lying to her and not to listen to us we are jealous of there love . if anyone has any pics he has sent you or the platform he used to message you on . he sent her a video yesterday but no sound on the video.
sincerly
womanonamission
I have had the same conversation. He found Rosie in bed with his manager and he does not believe that the daughter is his. He has asked for hundreds of thousands FS if dollars to be with me. When we are together he will announce to the world we are together and he has been separated from rosie since after the girl was born. Telling me that. He has no access to his funds. I believe it is a room full of people trading off like a tag team scam game. I knew something was off when he couldn’t tell me the names of his personal makeup artists. I have worked on two fast and furious movies with him. I knew both artists. I have enjoyed the conversations and am now talking with someone claiming to be Brian Wilson. He too cannot get access to his assets because his wife has filed for divorce and has frozen their assets. He has asked for small loans.
Just another rube
I think all these ladies won't lie I have just had the same thing write now called himself Jason Statham and he claimed to love me and he also sad they are not married yet with Rose so for now he is pressuring me of buying a card I kept saying I will buy it thx for the msg I wish that all the girls can be cautious about I will ask for the Vidio too I know as soon as I ask if he refuse I'll know it's true thank you so much for this girls be warned I just read that article now
My mother has been conned out of thousands of dollars from this as*hole and she won’t stop talking to him due to being a lonely, widow that’s desperate for attention even if it’s fake. I’ve filed reports with the FBI and FTC. I even followed him on Instagram and he’s trying to start a conversation with me. More needs to be done to find these people that do this and provide them with a long, slow, painful death. They’re pure evil.
Tell her to contact me. .
Jennifer
Sad to say this email has scammed me out of thousands also. ????
I wasn't and then I was…..
Well at least I know that I am not the only one being taken. He offered me a job working for his marketing team ???? lol I knew it was a fake. Time to burst their bubbles.
Also scammed similar but no money requested as of yet. Taiwan ticket, questioned said was oriented that's why it wasn't tracksble online. In love bullshit… wants to marry etc. Will be blocking soon.
Meh if you're daft enough to be a fan of this guy, it's only natural you'll get scammed.
Yup me too. Wow what a jerk
I am recemails from this imposter and he is threatening to kill me and my family because I showed him this article. He has made numerous threats of violently killing me and making me suffer. I made a police report and also reported him to google. To this day he continues to create new email addresses and send me awful things.
*receiving emails
I just wanted to add to my earlier comment. it only took just a few exchanges of emails for this to become very violent.. once I asked him to prove he was who he said he was he instantly turned. It never even got to a conversation about money or love or anything because I called his bluff right away.
Omg! I had the same thing except it was Rod Stewart. Now I’m stupid enough to be talking to Jason Statham so nice and sincere ,.Talking to him for weeks. And now wants to open an account and a certain bank and kink it to mine so he can send me money for b our future together….
I have been scammed. I’m embarrassed and angry. And broke. I’ll be one of those women being scolded on Dr Phil I’d be willing to do it if I’d get my money back.
I got scammed by Jason Statham too. 5 years. I payed him over 110 k until i got broken and lost sll. Then he turned subject and wanted my bsnk account so man. Other people could pay for orphanants on my account and i send then bitcoin
After over 700 k i went to police
But hes still going on
Right now hes really begging just for 500 buck coins for buying these and that and for his son Jack
To the beginn of this crab he claimed gift cards for updating his cell ph. Over 70 k in 3 years. Talking to the moon
Now im tired and want to get rid off. But he always comes up with new whatts app nr. When i block one he gets a new on the next day
Im not paying anymore those he calles louzy 500 buck. Im not trying to do this for the man who wants to spend the rest of my life with.
He says come on you can do this your hard working woman. Dont disappoint me
Etc
I have so many names of victims who payed to my bank account and brought it to police
Police found only some turkish guys name
But this scammer JS really dares to say
Im talking to the real one
He even gave me i formations about filming
I have no more idea what to do
Please dont judge me. I was scammed also by this person claiming to be Jason Statham and stole $100.000 of my retirement fund I am ashamed and embarrassed that it happened all for this fictious package with $2.2 million. This happened over a period if 7 1/2 years. This pretend Jason told me he hated Rosie and wanted too hurt her and wanted too be marry me and have babies. At first he did a lot of sweet talking and I got lured in. He still tried to get money out of me. He even tried to gaslight me but it didnt work.. So many red flags and I didnt see it. I asked for video chats, pictures, calls and I always got black screens for video chats or google pictures. He used the email address
These imposters are making the real Jason statham look like a fool, I never believed it was him I never even commented on anything he did so I don't know how they even got the idea to contact me. I used to be a fan of his work but the imposters have made the thought of him make me sick, now when I think of Jason statham I want to punch him in the face repeatedly it's a shame but I can't help how I feel. Signed I once was a fan. But the imposters have ruined it for me.