In our latest episode we discuss how a woman hid under the bed after scammers told her she was under “digital arrest”, how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I get the whiff of horseshit through all this phone call.
When you're dealing— oh, you're so bold now, aren't you? You're so bold.
When there was an American policeman in New Hampshire, Carole, while we were driving through it and he was telling you to stop and pull over, you weren't so bold then, were you?
No, you pulled over then, didn't you?
When there was an American policeman in New Hampshire, Carole, while we were driving through it and he was telling you to stop and pull over, you weren't so bold then, were you?
No, you pulled over then, didn't you?
There was a gun on his hip, that's why.
Smashing Security, episode 394: Digital Arrest Ransomware, phishing, phishing, darknet scams, and streamjacking with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 394. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 394. My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, we're joined today by a very special guest.
Very VIP.
Yes, delighted to welcome back Maria Varmazis. Hello, Maria.
Hi, thanks for having me back.
She had a voice change.
And you squealed with delight.
Welcome back, Maria.
Thank you. Maria, obviously in your day job, you're working on N2K Space Daily, T-Zero, what one is it called? Something that, there's so many names.
T-Minus Space Daily, that's the show I host, yes.
That's it, that's the one.
And she's on Hacking Humans a lot.
I'm also on Hacking Humans, yes.
Yes?
Yes. How about we kick the show off? But first, let's thank this week's wonderful sponsors, 1Password, Vanta, and ThreatLocker. Now coming up on today's show, Graham, what do you got?
I've got a digital arrest drama worthy of a Bollywood movie.
Ooh.
And what about you, Maria?
Bits gets streamjacked.
Ooh.
Okay. And I've got Granny Daisy to the rescue. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, I want to take you over to India today where an extraordinary story is unfolding about how scammers have weaponised people's fear of law enforcement.
Okay.
Okay, fair, fair, yes.
Are you scared of police at all? You know, if Roscoe P. Coltrane— you live in the States, Maria.
Yes.
If someone were to stop you, pull you over to one side?
I've had some experiences with law enforcement. I mean, their job is to intimidate. Yeah, I don't enjoy it. I don't. But I don't think I'm supposed to.
Graham, we had a, I don't know, friendly chat with a highway cop once when I was driving.
We were driving through New Hampshire, weren't we?
A little bit quickly.
And the police over in the States have guns. And he was standing in the middle of the freeway telling us to stop, wasn't he? Anyway, yeah.
Anyway.
Anyway. Yeah. So picture this, right. We're in India. You are a respected neurologist in Lucknow, India. You are Dr. Rachika Tandon, an associate professor.
You're at the top of your game. You are, aren't you? Life's going well. You recently came back from a conference in Goa.
You're at the top of your game. You are, aren't you? Life's going well. You recently came back from a conference in Goa.
Ooh.
Neurology. That is your bag. You are an expert in it. You are competent. You are a professional. That's how I'm picturing you both.
Okay.
As respected neurologists.
That's okay. I'm all right with that.
And then your phone rings. That's the phone ringing. I guess I didn't have to do the sound effect. But anyway, the phone rings and you pick up the phone. I won't do all the sounds.
And it's the telecoms regulator on the phone to you. They're saying, apparently your number has been used to send harassing messages.
And it's the telecoms regulator on the phone to you. They're saying, apparently your number has been used to send harassing messages.
Harassing?
Yes.
Okay.
Yeah, messages of harassment have been sent from your phone number 22 times. There have been complaints. 22 times? That's a lot of complaints.
That's more than we had about last week's episode, isn't it? That's a lot of complaints. Moments later, a senior policeman joins the call.
I don't know if he wrestles the phone off the telecoms operator. He accuses Dr.
Ruchika of using a joint bank account with her mother to launder money for the trafficking of women and children.
That's more than we had about last week's episode, isn't it? That's a lot of complaints. Moments later, a senior policeman joins the call.
I don't know if he wrestles the phone off the telecoms operator. He accuses Dr.
Ruchika of using a joint bank account with her mother to launder money for the trafficking of women and children.
Oh, wow.
As a respected urologist, if this is true, this has got to be quite a difficult situation to be in.
It is a bit of a sticky pickle, isn't it? It is.
Mm-hmm.
I mean, Maria, have you ever been accused of laundering money for the trafficking of women and children?
Not yet, but there's still time.
And it would make you nervous, wouldn't it, if you had been? If you were pulled over by a cop, let's imagine on the telephone rather than on the freeway.
Pulled over by the cop on the phone. Okay.
Right.
Okay.
He doesn't remember how it works.
And while — and while — I've been working from home for a long time. And while this conversation is going on, and you're feeling a bit nervous, "Well, what's all this about?
What's this about?" You hear this chorus of voices shouting in the background, "Arrest her! Arrest her! Arrest her! Arrest her!" "Nts, nts, nts." No?
What's this about?" You hear this chorus of voices shouting in the background, "Arrest her! Arrest her! Arrest her! Arrest her!" "Nts, nts, nts." No?
Oh, okay.
I would think it's a prank call.
Well, she's feeling upset. She thinks it can't be true.
Right. I'd be that too.
And this policeman on the other side says, well, the police are going to come in 5 minutes to arrest you. All of our police stations have been alerted to you. Don't go on the run.
She says, it can't be true. And he says, don't worry, don't worry, he says, because I am calling from India's federal detective agency, the CBI, the Central Bureau of Investigation.
And he says, this is a matter of national secrecy, he says.
And because of the high stakes involved, I will try and talk to my colleagues and I will persuade them not to put you in physical custody, says this policeman.
He says, instead, you're going to be put in digital custody. Have you heard of digital custody?
She says, it can't be true. And he says, don't worry, don't worry, he says, because I am calling from India's federal detective agency, the CBI, the Central Bureau of Investigation.
And he says, this is a matter of national secrecy, he says.
And because of the high stakes involved, I will try and talk to my colleagues and I will persuade them not to put you in physical custody, says this policeman.
He says, instead, you're going to be put in digital custody. Have you heard of digital custody?
Digital custody?
No.
This is where, rather than — I guess it makes a lot of sense, especially in these cash-strapped times.
Rather than putting someone in a cell, they say, you're going to be watched on your phone 24 hours a day in your room.
So you have to set up your phone in a corner of the room, turn the camera on. We will watch you. We will question you via a Skype call as we investigate until we've cleared you.
You have to obey our rules.
Rather than putting someone in a cell, they say, you're going to be watched on your phone 24 hours a day in your room.
So you have to set up your phone in a corner of the room, turn the camera on. We will watch you. We will question you via a Skype call as we investigate until we've cleared you.
You have to obey our rules.
Interesting.
Okay.
Wow. Kind of sensible in some ways, right?
Can I go to the bathroom?
Can I go to the bathroom? Oh, oh!
Well, there are rules, Crow. There are rules, which I shared with you. And some of the rules include: you have to place the phone everywhere you go in the house.
While you're cooking, while you're sleeping, even when you go to the loo.
You are allowed to place it outside the loo, but only after you've shown them there's no other exit from the loo. So, they're tracking this woman's every move.
While you're cooking, while you're sleeping, even when you go to the loo.
You are allowed to place it outside the loo, but only after you've shown them there's no other exit from the loo. So, they're tracking this woman's every move.
Why don't they just get a Roomba?
You know, oh, what, with a camera?
But this all hinges on her complying with what they're saying, and they're not there in person, so they're just assuming that she's one of those rule follower types.
But if you're not a rule follower, this just falls apart.
But if you're not a rule follower, this just falls apart.
No, but frankly, I get the whiff of horseshit through all this phone call. When you're dealing— oh, you're so bold now, aren't you? You're so bold.
But when there was an American policeman in New Hampshire, Carole, while we were driving through it and he was telling you to stop and pull over, you weren't so bold then, were you?
No, you pulled over then, didn't you?
But when there was an American policeman in New Hampshire, Carole, while we were driving through it and he was telling you to stop and pull over, you weren't so bold then, were you?
No, you pulled over then, didn't you?
There was a gun on his hip.
That's why.
Oh, was it really a gun or was it a water pistol? Was he really a policeman or was he wearing fancy dress? We don't know. It could have been anything.
I think he doth protest too much, and I'm right. Yeah.
Now, the problem was that Dr. Rachika has got a rubbish phone. It doesn't have a camera on it. It's an old-fashioned phone.
So she's told by the policeman, "Right." He says, "What you're gonna do is you're gonna drive down to the store and buy a smartphone right now." And this respected neurologist does exactly that.
She goes down to the store, she buys herself a smartphone, and she begins obeying the rules. This new smartphone with its camera on is watching her every move.
She lies to her workplace. She says, I'm too ill to come into the hospital where I work. She told her relatives she was too sick to see them.
When her uncle popped round to her house, she hid under the bed. With her phone camera running all the time. So she wasn't answering the door.
She didn't want him to see her through the windows. Hid under the bed.
So she's told by the policeman, "Right." He says, "What you're gonna do is you're gonna drive down to the store and buy a smartphone right now." And this respected neurologist does exactly that.
She goes down to the store, she buys herself a smartphone, and she begins obeying the rules. This new smartphone with its camera on is watching her every move.
She lies to her workplace. She says, I'm too ill to come into the hospital where I work. She told her relatives she was too sick to see them.
When her uncle popped round to her house, she hid under the bed. With her phone camera running all the time. So she wasn't answering the door.
She didn't want him to see her through the windows. Hid under the bed.
Jesus!
She even wakes up her medical students at night, asking them to go out and buy extra data for her phone to keep the digital arrest going.
This goes on— with this long list of rules for 7 days.
This goes on— with this long list of rules for 7 days.
Oh my God!
Oh, this poor woman. Oh my God.
All the time she's been questioned about her life and work, and they've reassured her that they're legitimate because they know all about her. They know where she's been.
They know she's been at this conference. They know stuff that they found on social media.
And the scammers— and yes, newsflash, and I know this will be a shock to you— they were scammers.
They know she's been at this conference. They know stuff that they found on social media.
And the scammers— and yes, newsflash, and I know this will be a shock to you— they were scammers.
What? Never!
They even faked a trial done via Skype.
There was a fake court online where she was ordered to dress in white to show respect to the judge, because judges are real sticklers for dress codes.
There was a fake court online where she was ordered to dress in white to show respect to the judge, because judges are real sticklers for dress codes.
They committed to the bit. Okay.
Yeah.
And the court is saying, well, look, we need to make sure we've got the right person here. You have to verify your identity. So could you transfer your savings? Oh— temporarily.
It's only just for government verification. And, of course that's what she did. She transferred her savings into this account.
It's only just for government verification. And, of course that's what she did. She transferred her savings into this account.
Oh my God, this is awful.
She lived the nightmare, this poor woman.
Well, this is the thing.
Unbelievable. Even if she had the wish of wanting to call the cops, she was kind of terrorized in her own home because she mentally fell into their trap.
Well, she thought she was talking to the cops, so why would you call the cops on the cops? That's a—
Because there must have been something where you're going, I can't believe cops do this.
Yeah, but genuinely, who would you call? Yeah.
And this was it, because after this happened and she thought this is a bit strange. I don't seem to be in digital custody anymore. They don't seem to be carrying on with the trial.
And where's my money?
Where's my money? So she started Googling digital arrests, and what she found is that hundreds of people have had the same experience in India.
She went down to the police station, and again, she was unsure. Is this a real police station? Am I reporting to the genuine police? And she said to them, this is what's happened.
Have you heard of it? The policeman apparently laughed at her. Which isn't very sympathetic. And they said this is happening all the time.
So similar digital arrests have been taking place across the country. People have lost in total millions and millions.
She went down to the police station, and again, she was unsure. Is this a real police station? Am I reporting to the genuine police? And she said to them, this is what's happened.
Have you heard of it? The policeman apparently laughed at her. Which isn't very sympathetic. And they said this is happening all the time.
So similar digital arrests have been taking place across the country. People have lost in total millions and millions.
You laughed at me actually when I got scammed.
Laughed? Yeah, laughed.
We went, Carole!
So there was no laughter in this one at all.
Yeah, that's a lie. That was hysteria. That was a mixture of upset, the emotions were bubbling out of me.
So, the problem is so big, last month, Prime Minister Modi of India warned about it during his monthly radio address.
But the scammers behind this, they are believed to run call centres in Cambodia, Myanmar, Laos, and possibly the individuals who are working these call centres are actually working against their will.
We've talked before about these pig butchering scams and other scams.
So, the problem is so big, last month, Prime Minister Modi of India warned about it during his monthly radio address.
But the scammers behind this, they are believed to run call centres in Cambodia, Myanmar, Laos, and possibly the individuals who are working these call centres are actually working against their will.
We've talked before about these pig butchering scams and other scams.
Mm-hmm.
Where— The people working in the call centre have had their passports taken away from them, and they're effectively slaves.
Yeah.
It's horrendous, but lots of people have fallen for this. Another guy who fell for this was actually a guy who was writing the autobiography of the Prime Minister.
And again, he was duped. And he says, "Well, they knew all about me. They found out information about me.
They appeared to be genuine police." Sometimes they actually have video calls with you, and they're dressed up as policemen, wearing their little uniforms.
And again, he was duped. And he says, "Well, they knew all about me. They found out information about me.
They appeared to be genuine police." Sometimes they actually have video calls with you, and they're dressed up as policemen, wearing their little uniforms.
High school theatre club stuff, their dreams. We can't make it on Broadway, so we're gonna make it in scams. We're gonna do it our way, damn it.
It's astonishing, isn't it?
So the Indian cops have arrested some people in connection with these digital arrest frauds, but it seems there's quite a lot of it going on, so I think they probably only grabbed some of the people.
The Indian Prime Minister, he's given some advice. 3 steps to digital security, he says. Stop, he says. Don't panic. Don't give away your personal information. Think, he says.
Does it really sound something a government agency would do? Would they threaten you on the phone?
'If it smells fishy, it probably is,' which is good advice, unless you have actually bought some fish. Is that what he said? I don't know if that's verbatim. I don't—
So the Indian cops have arrested some people in connection with these digital arrest frauds, but it seems there's quite a lot of it going on, so I think they probably only grabbed some of the people.
The Indian Prime Minister, he's given some advice. 3 steps to digital security, he says. Stop, he says. Don't panic. Don't give away your personal information. Think, he says.
Does it really sound something a government agency would do? Would they threaten you on the phone?
'If it smells fishy, it probably is,' which is good advice, unless you have actually bought some fish. Is that what he said? I don't know if that's verbatim. I don't—
Well, okay. Sorry.
No, well, no, I'm not quoting.
I thought you were quoting.
He said, he said, 'Stop, think, and take action. Call the National Cyber Helpline.' He said, 'Report the crime.
Inform your family all about this.' And maybe we've done our little bit, because we've got a lot of listeners in India.
Maybe we've done our bit to raise awareness of this as well, Hope.
Inform your family all about this.' And maybe we've done our little bit, because we've got a lot of listeners in India.
Maybe we've done our bit to raise awareness of this as well, Hope.
Yes, and I'm actually talking about phone scams as well. So, double dose-y this week.
Ah, interesting.
Mm.
So, do you think this could happen to you?
Well, of course.
Yeah.
Of course this shit could happen to us. And it would just be a way that would, you know, I look at this one and go, oh, I wouldn't fall for that.
But of course there's a billion things I would fall for.
But of course there's a billion things I would fall for.
It wouldn't happen to you, Carole, 'cause you never bloody well answer the phone.
Correct.
That's the ultimate defence. Maria, what's your story for us this week?
So, are either of you familiar with Bitz?
Bits, as in an eighth of a byte?
Oh, that kind of bits. What if I told you that Bitz was a person? Bitz the person. The person Bitz.
Is it with a Z?
With a Z, yes.
Oh my God. How did I know? I just— In which case, I definitely wouldn't know about them. I would have avoided them because that's a stupid way to spell bits. Who is Bitz with a Z?
Or a Z?
Or a Z?
Bitz with a Z, or a Z as I would say as a Yank. Bitz is a YouTuber with at least 63,000 subscribers.
And he's one of those gaming YouTubers where he streams himself for hours as he plays video games. Which is a thing. Yeah.
And he's one of those gaming YouTubers where he streams himself for hours as he plays video games. Which is a thing. Yeah.
Okay.
It's a career. It's a career. It's perfectly easy.
I'm in the wrong line of work because I love video games and I just, could I make money just playing Civilization all day with people watching me as I swear at Gandhi?
I mean, it could happen. Maybe I'm doing—
I mean, it could happen. Maybe I'm doing—
Maybe. But you like talking too, Maria.
And I do. I do like the gab. I'm just rethinking my career right now as I'm speaking to you both. I'm wait a second, maybe I should do this. Yeah. So Bitz is a YouTube gaming streamer.
And he's got a lot of followers. He's worked really hard over many, many years to build up his account. It is a career. People make money doing this somehow. His stream is very cozy.
He's sitting in his gamer chair. There's a lot of obligatory LED lights behind him making it look very much like a gaming cave, but then there's a fireplace in the background.
It's very cozy, like a gaming lodge.
And he's got a lot of followers. He's worked really hard over many, many years to build up his account. It is a career. People make money doing this somehow. His stream is very cozy.
He's sitting in his gamer chair. There's a lot of obligatory LED lights behind him making it look very much like a gaming cave, but then there's a fireplace in the background.
It's very cozy, like a gaming lodge.
I can imagine kids watching that would just be, one day that's gonna be me, one day.
And me as a not a kid going One day that's gonna be me. No. And subscribe, everybody. Yeah, so he—
Oh, I've just clicked through to his channel. He has an enormous fire running in the background, doesn't he? Is that for real?
You know, I've actually been wondering, is that a gas fireplace? What the deal is? 'Cause it looks quite nice.
Is he aware there's so much fire in his living? I mean, that looks dangerous. I'd want to warn him.
There's a lot of creosote in your room, sir. That can't be good for your gaming setup.
I just went and looked. It is ginormous. Oh dear, he looks like he's got fire.
He's like he's burning, burning with the flame of gaming. Yes, he's having a good time.
So he uploaded this video very recently with the title simply, "My YouTube channel got deleted last night." Oh yeah, not his doing, not his doing. So Mr. Bits was — Sir Bits? Mr.
Bits was the victim of a thing that I'm just learning about called streamjacking. Which is a targeted attack that tends to go right after YouTubers with a large following.
Can you guess what the goal is of streamjacking? Steal followers?
So he uploaded this video very recently with the title simply, "My YouTube channel got deleted last night." Oh yeah, not his doing, not his doing. So Mr. Bits was — Sir Bits? Mr.
Bits was the victim of a thing that I'm just learning about called streamjacking. Which is a targeted attack that tends to go right after YouTubers with a large following.
Can you guess what the goal is of streamjacking? Steal followers?
Yeah, it's going to be to promote something or advertise to all those 63,000 people who follow him.
Yes. What, what, what, pray tell, could somebody with bad intentions be wanting to redirect people to do or purchase? Any cryptocurrency scam?
Yes, I was going to say swilling. Isn't there the new fad on TikTok, swilling oil in order to, you know, cure oil? Yeah, you swill oil in your mouth for a minute or two.
Like diesel?
Like, like mouthwash. And then, yeah, anyway, whatever. Okay, right, crypto.
It's crypto. It's eventually, it's a crypto scam. It's a very, very long way of getting to a crypto scam.
But the thing that I found interesting about this — here's sort of the chronology of what happened to Mr. Bits.
He was casually browsing Twitter/X, whatever the hell we're calling it now, right? He got a security notice saying there was an attempted login on his account.
I'm guessing the geofencing or whatever was noticing somebody was trying to log into a session from a different location.
And then pretty much right after, he got logged out of his account, and anytime he tried to log back in, he couldn't. And at the same time, his TV logged out.
I'm guessing maybe that's the fireplace thing, there's a TV.
But the thing that I found interesting about this — here's sort of the chronology of what happened to Mr. Bits.
He was casually browsing Twitter/X, whatever the hell we're calling it now, right? He got a security notice saying there was an attempted login on his account.
I'm guessing the geofencing or whatever was noticing somebody was trying to log into a session from a different location.
And then pretty much right after, he got logged out of his account, and anytime he tried to log back in, he couldn't. And at the same time, his TV logged out.
I'm guessing maybe that's the fireplace thing, there's a TV.
So his TV would have logged out.
His fireplace logged out, as one's fireplace often does.
Hashtag dad jokes.
Yes, yes. Then he went on to his YouTube, he tried to get onto his YouTube account, and he found out that that account he also could not access. So it had been hacked.
His Twitter had been hacked.
His Twitter had been hacked.
He must have been having kittens. This is livelihood, because this is his whole life, his whole existence. YouTube channel.
It is, yep. And his whole identity of his YouTube channel also changed pretty much immediately.
The channel's name, the banner up at the top of the channel, even the email address and his password all pretty much instantly changed and started live streaming crypto-related videos.
And you know, this, the scam calls to action saying, you know, go to this website to double your crypto wallet, that kind of thing. It's a crypto scam.
He was shitting bricks, as they say. Just absolutely just painful. Yeah, not really.
The channel's name, the banner up at the top of the channel, even the email address and his password all pretty much instantly changed and started live streaming crypto-related videos.
And you know, this, the scam calls to action saying, you know, go to this website to double your crypto wallet, that kind of thing. It's a crypto scam.
He was shitting bricks, as they say. Just absolutely just painful. Yeah, not really.
Oh, snow curl.
Oh, sorry, I thought you said colorful.
Oh, it's not. Yeah, I would presume that it is.
I will say that the happy ending to the story is it took only 12 hours for him to get through to YouTube support and recover his account.
And the reason I say it's happy is in many cases streamers who have been stream jacked as Mr. Bits did, they never get their accounts back.
They— many people have said their account just basically is nuked.
And these are people who get hundreds of thousands of subscribers and they can never get that back after years and years of work.
So it's just gone in an instant, which is so terrible. So 12-hour recovery is pretty great.
And yeah, he uploaded this video to let his followers know if you ended up clicking any of that stuff, you need to check out your stuff right away because you probably have malware.
So how did this all happen and how did this streamjacking occur? Because this is the thing that I also found super interesting.
He had received through his email an NDA through DocuSign for a sponsorship deal, and it all looks totally legit. It was a real legitimate DocuSign document.
The organization was all legit. It all passed the initial sniff test. However, it wasn't. He was misled by someone with bad intentions.
And signing that NDA caused him to download a malicious file to his machine that then essentially cloned his browser and its sessions.
That allowed the attacker to get access to all of his sessions across his browser, everything he was logged into. Because what he had noted on his—
I will say that the happy ending to the story is it took only 12 hours for him to get through to YouTube support and recover his account.
And the reason I say it's happy is in many cases streamers who have been stream jacked as Mr. Bits did, they never get their accounts back.
They— many people have said their account just basically is nuked.
And these are people who get hundreds of thousands of subscribers and they can never get that back after years and years of work.
So it's just gone in an instant, which is so terrible. So 12-hour recovery is pretty great.
And yeah, he uploaded this video to let his followers know if you ended up clicking any of that stuff, you need to check out your stuff right away because you probably have malware.
So how did this all happen and how did this streamjacking occur? Because this is the thing that I also found super interesting.
He had received through his email an NDA through DocuSign for a sponsorship deal, and it all looks totally legit. It was a real legitimate DocuSign document.
The organization was all legit. It all passed the initial sniff test. However, it wasn't. He was misled by someone with bad intentions.
And signing that NDA caused him to download a malicious file to his machine that then essentially cloned his browser and its sessions.
That allowed the attacker to get access to all of his sessions across his browser, everything he was logged into. Because what he had noted on his—
God, right.
What he had noted on his video was that he smartly has a separate email account for every single one of his social media things.
So YouTube has its own email, Twitter has its own email, Twitch has its own email. So if one of those gets compromised, he doesn't lose the whole lot. So he thought okay, I'm good.
So YouTube has its own email, Twitter has its own email, Twitch has its own email. So if one of those gets compromised, he doesn't lose the whole lot. So he thought okay, I'm good.
I've not heard of that before. It's clever.
Yeah, it is. Now that I know that— except in this case, they were able to completely bypass that. Apparently he had two-factor authentication on.
Well, it sounds like maybe they'd grabbed the session cookies from his browser.
Yeah, so sort of able to replicate— as he was logged into all of those accounts, maybe they were able to replicate being logged into the accounts themselves.
Yeah, so sort of able to replicate— as he was logged into all of those accounts, maybe they were able to replicate being logged into the accounts themselves.
It sounds like it. So they just snarfed it all up and they were able to just log into all his things that he was logged into.
So given all that, it's quite amazing that he was actually able to recover anything at all, because that, to me, that's just— the keys to the kingdom are gone.
But I guess he was able to outrun some of the attackers to change some of those passwords before they could get to it. But in any case, he was able to recover his account.
But yeah, this whole thing just revealed to me— I didn't know streamjacking was a thing. I had no idea. But yeah, in the end it was all crypto scam.
But my goodness, in the meantime, people who have large YouTube followings or followings on any social media, just beware of unexpected NDAs and deals coming into your inbox.
The fact that it even went around his two-factor authentication I suppose would give you a false sense of security, but if it hijacked your browser sessions, then yeah, that's wow.
So given all that, it's quite amazing that he was actually able to recover anything at all, because that, to me, that's just— the keys to the kingdom are gone.
But I guess he was able to outrun some of the attackers to change some of those passwords before they could get to it. But in any case, he was able to recover his account.
But yeah, this whole thing just revealed to me— I didn't know streamjacking was a thing. I had no idea. But yeah, in the end it was all crypto scam.
But my goodness, in the meantime, people who have large YouTube followings or followings on any social media, just beware of unexpected NDAs and deals coming into your inbox.
The fact that it even went around his two-factor authentication I suppose would give you a false sense of security, but if it hijacked your browser sessions, then yeah, that's wow.
A lot of these cryptocurrency scams, which I've seen lately, have used the face or the name of Elon Musk as well, haven't they?
They sure have.
It's strange how they've sort of embraced him and used him.
Isn't he the doggy coin guy?
Well, he's taking on this new position, isn't he? He's going to be very, very busy. I don't think he's got time just to hand out cryptocurrency to everyone.
You laughed at me on air when I said that was happening. You said, he's not gonna take that role, are you insane? Or something along those lines.
And the question is, how long will he last? Yes, how long will he be in it?
Oh, they're gonna stay super good friends, you'll see.
Oh really? Oh really? I will laugh at that one. Carole, what's your topic for us this week?
Okay, well, we've been talking a lot about scams. My story is about scams as well.
Okay.
But if you get a phone call and you don't recognize the number, what do you do?
I do not answer.
You do not answer?
I don't even answer phone calls from people I do know.
Yeah, no, I do the same. I do the same. You, Clue?
Yeah, yeah, straight to voicemail.
Really? If you don't recognize it, even if it could be a journalist you don't recognize or, you know?
Nah, these days I just think, who the hell are you calling me? I look at the area code as well.
Oh, well.
That might be an indicator. Who calls?
I call people.
I'm old school. I don't email. I don't do anything else. I guess I can't ask you guys how many scammy or nuisance calls you get because you have no idea because you don't take—
No, I get a lot. That's part of the reason I get so many every day. Daily? Probably about 5 or 6.
And that's after subscribing to one of the services that's supposed to help filter them out. So I probably get even more than that. But, yeah.
And that's after subscribing to one of the services that's supposed to help filter them out. So I probably get even more than that. But, yeah.
And you'd think in these crazy days of advanced tech, the powers that be would have figured out a way to address the spam call epidemic because it seems it is an epidemic and it's getting bigger and bigger all the time.
So I'll sprinkle a few numbers so you can get an idea of how big of a thing it is. But in the US, Truecaller states Americans have received 2.9 billion calls every month.
That's their average, 2.9 billion. And more than a third of calls from non-contacts in the US are unwanted or spam calls, nuisance calls.
The FTC showed that consumers reported losing more than $10 billion to fraud in 2023, the highest ever recorded. And calls are a big part of that.
So I'll sprinkle a few numbers so you can get an idea of how big of a thing it is. But in the US, Truecaller states Americans have received 2.9 billion calls every month.
That's their average, 2.9 billion. And more than a third of calls from non-contacts in the US are unwanted or spam calls, nuisance calls.
The FTC showed that consumers reported losing more than $10 billion to fraud in 2023, the highest ever recorded. And calls are a big part of that.
And in some US states, you probably get those robocalls, don't you, from politicians or political groups?
Oh, yeah.
To vote one particular way. I imagine they don't care about some states, but in key battleground states, they would have done that. That must be really irritating.
Yep. And the UK, it's not much better. The UK reported it has the highest fraud call rate in Europe. 27% of calls being fraudulent are classified as nuisance.
Wow.
But the recorded losses seem to be much less, even if you take into account population ratio. So UK finance figures for last year recorded losses of £136 million.
But another report said 70% of people who have faced this scam situation have never reported it.
But another report said 70% of people who have faced this scam situation have never reported it.
Yeah.
So 70%.
I probably wouldn't report it.
Yeah, same here.
Yeah. I'd be honest.
And especially if you spotted it and nothing happened. Let's say, you know, it was obviously a scam and you hung up.
Yeah.
You probably wouldn't call, right? Because it's a pain in the ass to call. Or you imagine it's going to be a long process, complicated. I don't have time. I got to go make dinner.
I think in some cases you can forward the number, can't you, to addresses and things. But yeah, I probably— I feel bad about it, but I probably wouldn't.
And worldwide, it's not much rosier. USA Today just reported that in the last 12 months, we've hit a new high, a global loss to scam calls of $1 trillion.
So in short, scam calls are annoying. They waste time. They can dupe you into parting with your hard-earned cash. Banks don't like it. Telecom companies don't like it.
Nobody likes it except for the scammers that win. So what can you do? What can you do about all this?
Well, this year the UK seems to have made a concerted effort into educating the public about scams and how to avoid them.
Graham, you may have seen the national campaign, which is similar to the one that you mentioned earlier in India, Stop Think Fraud, which launched earlier this year.
You may have seen that around London or in buses, public transport, that sort of thing. And the Home Office is working with stakeholders across a variety of industries.
You've got banks like Barclays and telecom companies like BT and O2 and the Royal Mail and TikTok. So loads of people are involved in this.
And they even held their first fraud summit in London this year. And then there was the big arrest last August.
The National Crime Agency reported that they shut down the platform RussianComms, which was used by hundreds of criminals to defraud victims across the world through scam calls.
They estimate 170,000 people across the UK were believed to be victims.
So in short, scam calls are annoying. They waste time. They can dupe you into parting with your hard-earned cash. Banks don't like it. Telecom companies don't like it.
Nobody likes it except for the scammers that win. So what can you do? What can you do about all this?
Well, this year the UK seems to have made a concerted effort into educating the public about scams and how to avoid them.
Graham, you may have seen the national campaign, which is similar to the one that you mentioned earlier in India, Stop Think Fraud, which launched earlier this year.
You may have seen that around London or in buses, public transport, that sort of thing. And the Home Office is working with stakeholders across a variety of industries.
You've got banks like Barclays and telecom companies like BT and O2 and the Royal Mail and TikTok. So loads of people are involved in this.
And they even held their first fraud summit in London this year. And then there was the big arrest last August.
The National Crime Agency reported that they shut down the platform RussianComms, which was used by hundreds of criminals to defraud victims across the world through scam calls.
They estimate 170,000 people across the UK were believed to be victims.
Geez.
And financial losses in the tens of millions.
Yeah, sadly.
Yep.
And this platform allowed criminals to basically hide their identity by appearing to come from preselected numbers, most commonly financial institutions or telecom companies or law enforcement agencies.
Very similar to what you were saying earlier, Graham.
Very similar to what you were saying earlier, Graham.
Yeah, this is where it really can be convincing is it looks like it is a phone call coming from your telephone operator, for instance, or coming from your bank or a text message which may appear to come from them as well.
So yeah, that's a real nuisance, isn't it?
So yeah, that's a real nuisance, isn't it?
And I mean, according to the adverts shared across social media for RussianComms, the service included unlimited minutes, hold music, encrypted phone calls, instant handset wipe, and 24/7 support.
What?
What?
Sorry.
Whoa, whoa, whoa. What's this instant handset wipe?
Handset wipe.
Is that because people are worried about getting infected by a dirty telephone? Like the Golga Frinchum?
I imagine it means wiping the number or whatever you're pretending to be from the handset, I imagine. Okay. There's a lot of efforts going on.
There's a lot of a smattering of work going on that I've certainly noticed when I'm out and about London.
But there's a new effort in the UK that is launched this week from telecoms company O2. Meet Daisy, the AI granny and head of O2's scammer relations.
So she's been designed to answer phones and keep the fraudsters on the line. The idea being to waste their time and keep them away from you.
Because if they're on the phone with them, they may not be on the phone with you.
So O2 tout that Daisy is so lifelike that she has successfully kept numerous fraudsters on calls for 40 minutes at a time. So that could be 3. Numerous, I don't know.
What is numerous? What's numerous?
There's a lot of a smattering of work going on that I've certainly noticed when I'm out and about London.
But there's a new effort in the UK that is launched this week from telecoms company O2. Meet Daisy, the AI granny and head of O2's scammer relations.
So she's been designed to answer phones and keep the fraudsters on the line. The idea being to waste their time and keep them away from you.
Because if they're on the phone with them, they may not be on the phone with you.
So O2 tout that Daisy is so lifelike that she has successfully kept numerous fraudsters on calls for 40 minutes at a time. So that could be 3. Numerous, I don't know.
What is numerous? What's numerous?
Numerous means a number, I think. I think that is the strict definition of numerous.
I'd imagine more than one.
Ideally, it'd be more than one. Yes.
I'd like to think so. So let's see what we think. "Hello, scammers. I'm your worst nightmare. I'm an AI created by O2 to waste phone scammers' time." So W's, then a dot.
3 times W and then dot.
"I think your profession is bothering people, right? I'm just trying to have a little chat."
"It's nearly been an hour, for the love of—"
"Gosh, how time flies. Because while they're busy talking to me, they can't be scamming you. And let's face it, dear, I've got all the time in the world." So what do you guys think?
Maria?
Maria?
Yeah, I mean, if I didn't know I should be suspicious about it, that might fool me. I could see that.
From my days of doing tech support of elderly relatives, that sounds very convincing, actually. That's the sort of phone call I could imagine myself being on.
I mean, she is winding them up something fierce as well, right? Just having circular conversation. And I do like it because it is a bit funny. It educates and it's compelling.
They have a great ad, which I'll put in the show notes if you want to see it in action.
And we all like seeing someone get wound up when they've been doing something shitty, like attempting to scam a granny.
They have a great ad, which I'll put in the show notes if you want to see it in action.
And we all like seeing someone get wound up when they've been doing something shitty, like attempting to scam a granny.
Well, the great thing is that this is using up a scammer's time, isn't it? Which they could have been spending attacking someone else and scamming someone else out of their money.
So it could have been a real granny they were talking to rather than Daisy.
So it could have been a real granny they were talking to rather than Daisy.
Yeah, exactly.
And apparently they did a survey and 70% of folks said they wished they could get their own back against scammers that have duped them or a loved one.
But maybe they didn't necessarily have the time to go do the scam baiting thing and didn't have the technical expertise.
So rather than trying to scam bait a scammer, which I do not recommend—leave that to the people that know what they're doing—what you can do is if you think you've got a scam, do report the scam.
So in the UK, you would do this to Action Fraud. The number is 7726. That's what you text. And I very much support this.
And O2 say, and I love this, they say by reporting dodgy calls and messages, telecoms companies are able to investigate and block the mobile numbers used by fraudsters.
And they can also use scam texts to help refine these blocking services to make it easier to identify and stop new trends faster in future.
They boast that they blocked 89 million texts last year alone, thanks in part to Action Fraud 7726 and people like us reporting it.
But maybe they didn't necessarily have the time to go do the scam baiting thing and didn't have the technical expertise.
So rather than trying to scam bait a scammer, which I do not recommend—leave that to the people that know what they're doing—what you can do is if you think you've got a scam, do report the scam.
So in the UK, you would do this to Action Fraud. The number is 7726. That's what you text. And I very much support this.
And O2 say, and I love this, they say by reporting dodgy calls and messages, telecoms companies are able to investigate and block the mobile numbers used by fraudsters.
And they can also use scam texts to help refine these blocking services to make it easier to identify and stop new trends faster in future.
They boast that they blocked 89 million texts last year alone, thanks in part to Action Fraud 7726 and people like us reporting it.
Very good. Well done, Daisy.
I know. Yeah, well, why don't we let Daisy have the last word here? "It's showing me a picture of my cat Fluffy."
"It's showing you the picture of your card, Fluffy. Stop calling me dear, you stupid fuck! Got it, dear."
Do zero-day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker.
Imagine taking a proactive deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team.
ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance.
Onboarding and operation is fully supported by their US-based support team.
Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely.
Worldwide companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high.
To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com/threatlocker.
That's smashingsecurity.com/threatlocker. And thank you to ThreatLocker for sponsoring the show.
Imagine taking a proactive deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team.
ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance.
Onboarding and operation is fully supported by their US-based support team.
Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely.
Worldwide companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high.
To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com/threatlocker.
That's smashingsecurity.com/threatlocker. And thank you to ThreatLocker for sponsoring the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practice and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off. Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps?
I wouldn't think so. So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in at every app on every device because it solves the problems traditional IAM and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off. Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps?
I wouldn't think so. So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in at every app on every device because it solves the problems traditional IAM and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week!
Pick of the Week!
Pick of the Week is the part of the show where everyone chooses whatever they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security related necessarily.
Better not be.
Well, my pick of the week this week is not security related. My pick of the week this week is social media related. For all I know, you're a huge fan of social media.
You can't stop yourself.
You can't stop yourself.
Are you talking about Blue Sky like every other person on the planet?
So my pick of the week this week is Blue Sky.
There it is.
So, it can't have escaped your notice, gentle listener, that there's a new— well, it's not that new. It's been around for a few years.
I've had an account on it for a while as well, but I haven't been very active on it until the last couple of weeks because I've decided to close my Twitter account. Huzzah!
I've had an account on it for a while as well, but I haven't been very active on it until the last couple of weeks because I've decided to close my Twitter account. Huzzah!
Me too.
Ah, excellent.
Mine's gone. I deleted it. Yeah.
Yep. Maria, I know you're on Mastodon. I'm on Mastodon as well, yes. But I've never really embraced Mastodon entirely. I've not completely got into it. I'm enjoying Bluesky though.
It's someone said to me, is it the new version of Twitter? And I said to them, no, it's the old version of Twitter before Twitter became shitter when Elon Musk took over.
So it's Twitter 1.0, not Twitter 2.0. At the moment, it's lovely. There's no ads. The algorithm— well, you can define your own algorithm.
You can just have a chronological feed of everybody who you're following rather than Elon Musk popping up all the time being promoted even when you're not following him.
And it's utterly charming. There are easy ways to block people and it seems to be quite civilised.
So I'm really enjoying Blue Sky, and that's why I'm posting and mostly hanging out now. And I think it's great. I know there's been a lot of hype about it.
I saw today, day of recording, they've just passed 20 million users, which is extraordinary.
It's someone said to me, is it the new version of Twitter? And I said to them, no, it's the old version of Twitter before Twitter became shitter when Elon Musk took over.
So it's Twitter 1.0, not Twitter 2.0. At the moment, it's lovely. There's no ads. The algorithm— well, you can define your own algorithm.
You can just have a chronological feed of everybody who you're following rather than Elon Musk popping up all the time being promoted even when you're not following him.
And it's utterly charming. There are easy ways to block people and it seems to be quite civilised.
So I'm really enjoying Blue Sky, and that's why I'm posting and mostly hanging out now. And I think it's great. I know there's been a lot of hype about it.
I saw today, day of recording, they've just passed 20 million users, which is extraordinary.
Have people been leaving X? Have there been any in droves?
Yes, the Guardian newspaper left X, as they like to call it. The Clifton Suspension Bridge in Bristol, they left.
I've been waiting for that one.
I believe that Shatner and Mr. Sulu and various other members of Star Trek.
LeVar Burton.
Geordi La Forge.
Yep.
Have made the jump to blue sky as well. So people are leaving.
And Mark Hamill.
Yes, Mark Hamill. Mark, yes, he is. He's there.
Mark Hamill left. Yes, he's there.
He's a superstar. So, lots of people are leaving Blue Sky. If you're nice, why don't you come join us?
If you're not, stay on X.
You know what, Maria, I will put a link to your Blue Sky in the show notes as well as my own.
Carole, are you joining Blue Sky or you're not really into social media as much as maybe—
Carole, are you joining Blue Sky or you're not really into social media as much as maybe—
I just have real friends when, you know, well, all right.
I was just gonna say we need to get Sticky Pickles on Blue Sky, but maybe not. I don't know.
Well, no, you can do that.
I mean, you know. Okay. I'm still on Mastodon too, though. I just wanna say I both.
Yes.
They're just very different.
Yeah, yeah. I Mastodon too. It's just at the moment, Blue Sky is a little bit more engaging for me.
Yes.
Maria, what's your pick of the week this week?
So, it's been a little while since I've been on the show, and I've been watching a lot of TV.
The two of you know, I'm pretty sure that I recently moved houses, so I haven't been able to get out in the world and do things.
My only entertainment has basically been just TV when, you know, I'm exhausted from a long day of unpacking or throwing boxes out, right? I'm gonna get my nerd on.
I'm gonna get my full total anime dork nerd on, and I'm gonna give you my recommendations. It's an anime on Netflix called DanDaDan, okay? And I'm absolutely obsessed with it.
Oh, I'll just read you the pitch.
In a bet to prove whether ghosts or aliens exist, two high schoolers face terrifying paranormal threats, gain superpowers, and maybe even fall in love.
Basically, there's a nerd who's really into UFOs, and then there's the weird outcast girl who's really into spiritual, paranormal aura stuff.
And they both think the other one is wrong. They're like, there's no way UFOs could exist, there's no way ghosts are real, and they both find out that the other one is right.
It's just super funny. I really have been enjoying the hell out of it, and it's on Netflix, so a lot of people can watch it.
Netflix, I think, gave this show a ton of money for their art direction, so it's unusually good for an anime. The opening theme song is insanely good.
So yes, it is an anime, so I know many people, that's just a non-starter. But if you are willing to watch an anime, this one's really, really fun and I greatly enjoy it. DanDaDan.
The two of you know, I'm pretty sure that I recently moved houses, so I haven't been able to get out in the world and do things.
My only entertainment has basically been just TV when, you know, I'm exhausted from a long day of unpacking or throwing boxes out, right? I'm gonna get my nerd on.
I'm gonna get my full total anime dork nerd on, and I'm gonna give you my recommendations. It's an anime on Netflix called DanDaDan, okay? And I'm absolutely obsessed with it.
Oh, I'll just read you the pitch.
In a bet to prove whether ghosts or aliens exist, two high schoolers face terrifying paranormal threats, gain superpowers, and maybe even fall in love.
Basically, there's a nerd who's really into UFOs, and then there's the weird outcast girl who's really into spiritual, paranormal aura stuff.
And they both think the other one is wrong. They're like, there's no way UFOs could exist, there's no way ghosts are real, and they both find out that the other one is right.
It's just super funny. I really have been enjoying the hell out of it, and it's on Netflix, so a lot of people can watch it.
Netflix, I think, gave this show a ton of money for their art direction, so it's unusually good for an anime. The opening theme song is insanely good.
So yes, it is an anime, so I know many people, that's just a non-starter. But if you are willing to watch an anime, this one's really, really fun and I greatly enjoy it. DanDaDan.
How do you spell DanDaDan?
DanDaDan, like DanDaDan.
Oh, okay, okay.
Okay, yep, cool. It's a lot of fun.
Cool. All right, check it out. Crow, what's your pick of the week?
So my pick of the week is a book called Butter by Asako Suzuki. It was published in Japan in 2018, and this year was made available in English.
And it's a novel, it's a fiction book, and the central character is Manako, and she's this curvaceous femme fatale and foodie and lover of butter.
And she's in detention and awaiting trial for having killed 3 men.
And it's a novel, it's a fiction book, and the central character is Manako, and she's this curvaceous femme fatale and foodie and lover of butter.
And she's in detention and awaiting trial for having killed 3 men.
Oh, okay, a bit of a turn.
And they seem to have died from things like heart attacks and maybe natural causes, but she was always involved.
Uh-oh.
Eating too much butter.
High cholesterol.
And then we've got this journalist named Rika, and she wants this woman's story, right? She wants to do the true reveal, you know, the piece about this foodie killer.
But the problem is the foodie killer doesn't want to talk to the press until the journalist writes her with a request for a beef stew, right? So that's how it all kicks off.
And it's a thrilling search for what happens to actually these men, but also there's a lot about food. So if you like food and reading about food, this is a great fun book to read.
It touches upon Japanese society as well, and demanding beauty standards that Japanese women are expected to maintain, and fatphobia, and all kinds of things.
Plus, plus, Butter is based on a real-life case of the Konkatsu Killer, which was a con woman and talented home cook called Kijima, and she was convicted of poisoning 3 of her male lovers.
But the problem is the foodie killer doesn't want to talk to the press until the journalist writes her with a request for a beef stew, right? So that's how it all kicks off.
And it's a thrilling search for what happens to actually these men, but also there's a lot about food. So if you like food and reading about food, this is a great fun book to read.
It touches upon Japanese society as well, and demanding beauty standards that Japanese women are expected to maintain, and fatphobia, and all kinds of things.
Plus, plus, Butter is based on a real-life case of the Konkatsu Killer, which was a con woman and talented home cook called Kijima, and she was convicted of poisoning 3 of her male lovers.
Blimey.
Wow. So it's a fat book, like 500 pages. It's great. The holidays are coming around the corner. Get it for your foodie friends who like to read.
So Butter by Asako Suzuki, my pick of the week.
So Butter by Asako Suzuki, my pick of the week.
Wow.
Excellent. Well, that just about wraps up the show for this week. Maria, thank you for joining us.
I'm sure lots of our listeners love to find out what you're up to and follow you online. What's the best way to do that?
I'm sure lots of our listeners love to find out what you're up to and follow you online. What's the best way to do that?
You can find me on T-Minus Space Daily every day, wherever you find your great podcasts. And I also am on Hacking Human.
And you can find Smashing Security on Bluesky as well, unlike Twitter, which wouldn't give us a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, 1Password, Vanta, and ThreatLocker. And of course, to our wonderful Patreon community.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 393 episodes, check out smashingsecurity.com.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 393 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye. Bye.
Bye.
Tiny waist, thank you.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Maria Varmazis:
Episode links:
- ‘You are under digital arrest’: Inside a scam looting millions from Indians – BBC News.
- Digital Arrest Scam: How You Can Stay Safe – YouTube.
- Tamil Nadu Professor Placed Under Digital Arrest, Duped of Rs 10 Lakh – YouTube.
- ‘Mann Ki Baat’ episode 115 – India Prime Minister Narendra Modi.
- “My YouTube Channel Got Deleted Last Night..” – Bitz on YouTube.
- NCA shuts down major fraud platform responsible for 1.8 million scam calls – National Crime Agency.
- O2 launches free anti-scam caller identification for millions of customers – O2.
- AI Scambaiters: O2 creates AI Granny to waste scammers’ time – YouTube.
- “StreamJacking” – Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams – Guardio.
- Graham Cluley on Bluesky.
- Maria Varmazis on Bluesky.
- Dan Da Dan – Netflix.
- Butter by Asako Yuzuki – Harper Collins.
- ‘Butter’ book review: Meditations on murders – The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker – the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
