In this episode, Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once.
Meanwhile, Carole unpacks a painfully awkward tale of amour fou, as a 76-year-old Belgian man drives 476 miles to meet his dream woman… only to be greeted by her very-much-still-husband at the gate.
Plus: Sky Arts painting competitions get a thumbs up, Mark Zuckerberg never loses at board games, and the scandalous Facebook memoir Meta tried to silence.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
How old is this woman? I thought our hero was like 38, but he's 76. Dirty old fella.
A little bit dirty.
Smashing Security, episode 427. When 2G attacks and a romantic road trip goes wrong. With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 427. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 427. My name's Graham Cluley.
And I'm Carole Theriault.
So what's coming up this week, Carole?
First, let's thank this week's wonderful sponsor, Vanta. It's their support that helps us give you this show for free. Coming up on today's show, Graham, what do you got?
I'm gonna be asking if it's time to turn off 2G.
Ooh, okay. And I'm gonna ask how far should you drive for love? All this and much more coming up on this episode of Smashing Security.
Now, chums, Carole, you love a concert, don't you?
Oh, if I like the band, yeah.
Have you ever been to a big concert where there are thousands and thousands of people and you're all crammed in, you know, like—
Yeah, I'm not a huge fan. I do go, but I do have a bit of like, it's too many people. And if there's a rush or, you know, I get—
That's what I think too. Yeah.
Yeah.
I'd much rather something a bit smaller. I don't like all those people around, but there are ways in which cybercriminals can take advantage of big groups of people.
And I'm going to tell you about one of the ways in which they can do that today.
And I'm going to start my story in August last year, where police in New Zealand reported that they had arrested a 19-year-old kid who was suspected of conducting a cybercrime that they said had never been seen before in the country.
I mean, how many times can that happen? As something brand new has never happened in the country before. But that's what they claimed happened.
And the police called their investigation Operation Orca.
And I'm going to tell you about one of the ways in which they can do that today.
And I'm going to start my story in August last year, where police in New Zealand reported that they had arrested a 19-year-old kid who was suspected of conducting a cybercrime that they said had never been seen before in the country.
I mean, how many times can that happen? As something brand new has never happened in the country before. But that's what they claimed happened.
And the police called their investigation Operation Orca.
Mm, like the whale.
Well, exactly. The killer whale, isn't it? I think they don't like to be called killer whales, do they? They think that's rather— which I can understand.
I wouldn't want to mess with one though.
I wouldn't want to mess with one either. But if I were an orca, I'd probably be thinking, hey, you know, come on, we're all about the peace and love as well.
You know, we're not all about killing all the time.
But anyway, it's funny how the police come up with these kind of names, because it has absolutely nothing to do with the ocean or killer whales and orcas.
But when it's written in all capitals by law enforcement agencies, it instantly makes their investigation sound way cooler.
I'm sure the police just love to have a cool operation name. And I think Operation Orca—
You know, we're not all about killing all the time.
But anyway, it's funny how the police come up with these kind of names, because it has absolutely nothing to do with the ocean or killer whales and orcas.
But when it's written in all capitals by law enforcement agencies, it instantly makes their investigation sound way cooler.
I'm sure the police just love to have a cool operation name. And I think Operation Orca—
Everybody wants a cool operation name, unless you don't want a cool one, because you don't want anyone to pay attention. So then you just go 564 little p big P G8.
Well, what Auckland Police uncovered was, for the first time ever apparently in New Zealand, an SMS blaster. Do you know what an SMS blaster is?
No, tell me.
Well, also known as a false or fake base station, which may give you a clue, and obviously SMS as well. It's a close relation to those Stingrays or IMSI catcher things.
You know how the bad guys can set up a fake base station, like a fake cell tower.
You know how the bad guys can set up a fake base station, like a fake cell tower.
Yeah.
And whereas stingrays are all about intercepting and spying on people's calls, an SMS blaster is all about going the other way.
It's about sending messages to people's phones via SMS. And what happened in New Zealand was they arrested this 19-year-old.
He'd blasted out 700 scam texts in one evening, all pretending to be from banks. And he'd done it from this rig, which he'd built in his car. He'd plugged it all in.
I guess he'd probably plugged it into the cigarette lighter or something like that. And it was a computer in the back of his car whirring away, a proper big computer.
And he's got this antenna and it's blasting off. And what would happen is that this thing would be picked up by people who maybe didn't have a great phone connection.
So if you were in town, or if you were at a crowded concert, or you're in the busy centre of a city, and if you haven't got great connectivity, your phone might say, well, let me see what else is out there.
Let me see what else I can connect to. This isn't Wi-Fi. This was a 2G signal.
It's about sending messages to people's phones via SMS. And what happened in New Zealand was they arrested this 19-year-old.
He'd blasted out 700 scam texts in one evening, all pretending to be from banks. And he'd done it from this rig, which he'd built in his car. He'd plugged it all in.
I guess he'd probably plugged it into the cigarette lighter or something like that. And it was a computer in the back of his car whirring away, a proper big computer.
And he's got this antenna and it's blasting off. And what would happen is that this thing would be picked up by people who maybe didn't have a great phone connection.
So if you were in town, or if you were at a crowded concert, or you're in the busy centre of a city, and if you haven't got great connectivity, your phone might say, well, let me see what else is out there.
Let me see what else I can connect to. This isn't Wi-Fi. This was a 2G signal.
Yeah.
And these things, these SMS blasters, they're stealthy. They're mobile. They can fit not just in the back of a van, they can fit in a backpack.
So someone could be walking around with a rucksack and sending out SMSs from it. And these things are sold on the internet for not very much money.
You can spend $300, or you can get a really nice one or a powerful one for maybe $20,000, $30,000, something like that. But they don't require deep technical expertise.
So simple to set up, ready to operate. And the way in which these things monetize is they send out spam SMSs.
So someone could be walking around with a rucksack and sending out SMSs from it. And these things are sold on the internet for not very much money.
You can spend $300, or you can get a really nice one or a powerful one for maybe $20,000, $30,000, something like that. But they don't require deep technical expertise.
So simple to set up, ready to operate. And the way in which these things monetize is they send out spam SMSs.
Yeah, so it's just spam, right? It's just annoying.
Well, yeah, it is just spam.
I mean, you know, spam's still irritating, but it's not oh, my money's gone.
Not immediately, no.
Oh.
But there's a difference between spam, which you normally get via SMS, and spam, which you get via email, because normally you have an ISP and you have your mail provider who's filtering out spam.
And similarly, you have your network operator who is stopping as many fraudulent spam SMS messages getting to you as possible.
And similarly, you have your network operator who is stopping as many fraudulent spam SMS messages getting to you as possible.
And they're bypassing all that.
Right. They are bypassing all that.
And they're not only bypassing the spam filter, they're also able to pretend to be someone else because the normal checks which exist to pretend not to be a bank or not to be a government agency don't exist when some criminal has set up an SMS blaster, when he's created effectively the cell tower.
And they're not only bypassing the spam filter, they're also able to pretend to be someone else because the normal checks which exist to pretend not to be a bank or not to be a government agency don't exist when some criminal has set up an SMS blaster, when he's created effectively the cell tower.
So say I'm sitting in Auckland in the café that he's bopping by, you know, in his car. Would my phone necessarily— how would I not receive that type of message?
If you were already on a good data connection, then it probably wouldn't connect to it. But if it detects, oh, there's a much better data connection—
And it doesn't verify it?
Well, this is the thing. Do you remember I said 2G? Yeah. This is the thing. The criminals aren't using the latest technology to get you. They're not using 4G or 5G. They're using 2G.
God, pretty soon they're gonna be writing letters.
You'll be complaining about it.
And the thing is that 2G doesn't have all the authentication, doesn't have all the security built into it, which more modern mobile communications do have.
So most network carriers, they don't even support 2G anymore. They don't even, 'cause they don't trust it. They think, well, we don't really want this.
So they're not encouraging anyone to use it, but your phone might still connect to it if it can find a signal. And you receive the spam message.
Maybe it claims to come from FedEx, for instance, tells you to click on a link to verify your details so that they can make a delivery to you.
And you end up on a page which asks you to hand over some personal information or even worse, log in.
And that would be a big mistake because most people use the same password for everything. And now they know your passwords as well.
And the thing is that 2G doesn't have all the authentication, doesn't have all the security built into it, which more modern mobile communications do have.
So most network carriers, they don't even support 2G anymore. They don't even, 'cause they don't trust it. They think, well, we don't really want this.
So they're not encouraging anyone to use it, but your phone might still connect to it if it can find a signal. And you receive the spam message.
Maybe it claims to come from FedEx, for instance, tells you to click on a link to verify your details so that they can make a delivery to you.
And you end up on a page which asks you to hand over some personal information or even worse, log in.
And that would be a big mistake because most people use the same password for everything. And now they know your passwords as well.
Not our listeners.
Come on. Well, yes. Okay. I know our listeners are not only handsome and beautiful, they're also incredibly smart.
And they've heard us bang on about it. 9 years.
Exactly. For the last 427 episodes, they know we've been saying, "Stop reusing the same passwords." Anyway, this was the first time it happened in New Zealand.
And it's not just New Zealand. Late last year, police in Thailand, they arrested a 35-year-old Chinese guy who was driving his van around.
He was using SMS Blaster to spam over 100,000 SMS texts per hour to people in Bangkok.
So he was just driving around the city center where, of course, there's lots and lots of people with phones.
His device had a range of approximately 3 kilometers, so about 10,000 feet. 100,000 phishing messages sent every hour. And this is effectively free after the cost of the device.
Whereas even with email spam, there's some cost involved and only a tiny percentage of it is likely to get through.
And it's not just New Zealand. Late last year, police in Thailand, they arrested a 35-year-old Chinese guy who was driving his van around.
He was using SMS Blaster to spam over 100,000 SMS texts per hour to people in Bangkok.
So he was just driving around the city center where, of course, there's lots and lots of people with phones.
His device had a range of approximately 3 kilometers, so about 10,000 feet. 100,000 phishing messages sent every hour. And this is effectively free after the cost of the device.
Whereas even with email spam, there's some cost involved and only a tiny percentage of it is likely to get through.
But yeah, basically you've just shown the pathway to get to your phone, but that message could potentially have anything in it, right?
Oh yeah, yeah. It could have all kinds of malicious links in it, or it could pretend to be a public health warning. It could be something like a security alert to evacuate.
With a QR code? Yep. Can't resist a QR code.
Can you send a QR code via SMS? I don't know.
ASCII art?
I don't know. ASCII art? Maybe. Anyway, these particular messages, they claim to be from Thailand's largest mobile phone operator, saying, "Your 9,268 points are about to expire.
Hurry up and redeem your gift now." And there was a link, of course, to a phishing site.
People who clicked on it were asked for their credit card information, which then ends up in the hands of the scammers.
And as Risky Business has pointed out, we are seeing a rising tide of SMS blaster attacks. Last week, a Chinese tourist was arrested in Oman.
He was driving around the capital there with an SMS blaster, sending messages, luring the unwary to a phishing page for a local bank.
There've also been reports from Japan and Brazil and Indonesia and Thailand and Qatar and the Philippines, Hong Kong.
And sometimes these guys who are driving around even disguise themselves as tour guides so that they, I've got an excuse.
This is why we're just slowly driving round the city centre.
Hurry up and redeem your gift now." And there was a link, of course, to a phishing site.
People who clicked on it were asked for their credit card information, which then ends up in the hands of the scammers.
And as Risky Business has pointed out, we are seeing a rising tide of SMS blaster attacks. Last week, a Chinese tourist was arrested in Oman.
He was driving around the capital there with an SMS blaster, sending messages, luring the unwary to a phishing page for a local bank.
There've also been reports from Japan and Brazil and Indonesia and Thailand and Qatar and the Philippines, Hong Kong.
And sometimes these guys who are driving around even disguise themselves as tour guides so that they, I've got an excuse.
This is why we're just slowly driving round the city centre.
Or Deliveroo. They could just be Deliveroo bikes.
They could be, couldn't they? They could be. And they've got that— Oh yeah, if you're one of those riders with the food on your back.
The big square backpack.
Oh my goodness, Carole. That's exactly it. End of last month in London, another Chinese student was sentenced to over a year in prison.
He was driving around, targeted tens of thousands. He had one of these devices in the back of his black Honda CR-V, driving around Greater London.
And in this case, the messages pretended to be from government agencies. So this problem is really big.
So big, in fact, that there's now a world map updated daily showing the location of the latest reports.
And we're putting that link in the show notes if you want to find out where that's all going on.
He was driving around, targeted tens of thousands. He had one of these devices in the back of his black Honda CR-V, driving around Greater London.
And in this case, the messages pretended to be from government agencies. So this problem is really big.
So big, in fact, that there's now a world map updated daily showing the location of the latest reports.
And we're putting that link in the show notes if you want to find out where that's all going on.
Okay, Graham, how do I make sure that this can't happen to me?
Very good question, Carole.
Thanks.
Because that's the obvious step, right? Why do we need 2G anyway?
You could have told us at the beginning. She said, don't listen to my story, just do this. But okay, no, no, no, tell us.
Why don't the network operators first of all turn off 2G?
Well, because that would improve security, not only against these, but also the Stingrays, the IMSI catchers, and other fake cell tower attacks.
But the problem is that some people will lose connectivity. There's some devices like smart meters and alarm systems, some older devices may still be running on 2G.
Obviously, costs time to upgrade them. So even though phone calls typically aren't using 2G, there are some people who are using it, and it may hit vulnerable populations hardest.
Obviously, there's parts of Africa, for instance, where they may only have 2G. And so for that reason, most countries are phasing out 2G quite slowly over some years.
They're hopefully only going to turn it off entirely when they're confident enough people are using the alternatives.
So the next step is, okay, if the network carriers aren't gonna do anything about this, what can you do? Now, disabling 2G on your phone, great idea.
If you can do that, it's one of the most effective ways to protect yourself from this because 2G is, as I said, an old insecure mobile standard with no proper encryption or authentication.
And on the more recent Android phones, there is an option to do it. You can go into the settings and disable 2G. I suspect many people haven't, but you may well want to do that.
But what if you don't have an Android? Right?
Well, because that would improve security, not only against these, but also the Stingrays, the IMSI catchers, and other fake cell tower attacks.
But the problem is that some people will lose connectivity. There's some devices like smart meters and alarm systems, some older devices may still be running on 2G.
Obviously, costs time to upgrade them. So even though phone calls typically aren't using 2G, there are some people who are using it, and it may hit vulnerable populations hardest.
Obviously, there's parts of Africa, for instance, where they may only have 2G. And so for that reason, most countries are phasing out 2G quite slowly over some years.
They're hopefully only going to turn it off entirely when they're confident enough people are using the alternatives.
So the next step is, okay, if the network carriers aren't gonna do anything about this, what can you do? Now, disabling 2G on your phone, great idea.
If you can do that, it's one of the most effective ways to protect yourself from this because 2G is, as I said, an old insecure mobile standard with no proper encryption or authentication.
And on the more recent Android phones, there is an option to do it. You can go into the settings and disable 2G. I suspect many people haven't, but you may well want to do that.
But what if you don't have an Android? Right?
Say I had an iPhone, for example.
Say you had an iPhone. Well, things are going to get a bit more complicated, Carole. There is a way to do it. Shall I tell you what the way is?
Sure.
Go to Settings, tap Privacy and Security, scroll down, tap on Lockdown Mode and turn on Lockdown Mode.
Turn on this extreme protection if you believe you're being targeted in a cyber attack.
Is that what it's saying to you?
Yeah.
Exactly. And this is the problem. So Lockdown Mode, which was introduced in Apple iOS 16, it blocks and limits some of the riskier features of an iPhone.
It's designed as extra protection, as you said, against an advanced attack.
So ones which are targeting maybe journalists and political activists, high-profile individuals, or if you're Geoff Bezos, you know, someone who may be of interest to foreign states who may want to hack them.
So if you do this, it's gonna break things. Some things will no longer work on your phone. Some websites will look broken. It will turn off things like link previews.
You won't be able to receive certain types of attachment via messages like PDFs and Word docs. You won't be able to get FaceTime calls.
So that's a big advantage in my opinion, unless someone has called you before.
It's designed as extra protection, as you said, against an advanced attack.
So ones which are targeting maybe journalists and political activists, high-profile individuals, or if you're Geoff Bezos, you know, someone who may be of interest to foreign states who may want to hack them.
So if you do this, it's gonna break things. Some things will no longer work on your phone. Some websites will look broken. It will turn off things like link previews.
You won't be able to receive certain types of attachment via messages like PDFs and Word docs. You won't be able to get FaceTime calls.
So that's a big advantage in my opinion, unless someone has called you before.
I think I've got a much easier solution.
Okay.
This is texts, right? So why can't you just say, I just want to receive texts from my contacts?
Can you do that on your phone?
Well, I certainly do it with my phone call. You can't get a hold of me unless my number's in my phone.
Yeah, I don't know if you can do that with iPhone or not, with texts.
Yeah, you can. In Messages, you can say known senders.
Can you?
Yeah.
Well, one factor, of course, is these scammers can forge who the message has come from.
So if you have had a message in the past from your bank, for instance, because frankly, turning off everyone who you don't know, I get messages from the pharmacy, the doctor, the banks, the water people, you know, all sorts of weird things.
I think it'd be great if we could just turn off 2G because I think lockdown mode is overly strict for most people.
It's undoubtedly more secure, but it always has to be a bit of a balance.
It feels like Apple would be wise to include some more granularity so everyone could turn off 2G you can with Android right now, 'cause lockdown mode is clearly a bit too much, isn't it?
So if you have had a message in the past from your bank, for instance, because frankly, turning off everyone who you don't know, I get messages from the pharmacy, the doctor, the banks, the water people, you know, all sorts of weird things.
I think it'd be great if we could just turn off 2G because I think lockdown mode is overly strict for most people.
It's undoubtedly more secure, but it always has to be a bit of a balance.
It feels like Apple would be wise to include some more granularity so everyone could turn off 2G you can with Android right now, 'cause lockdown mode is clearly a bit too much, isn't it?
I don't know. Yeah, lockdown was a bit, a bit, yeah, a bit hardcore.
The other option, and we've been saying this for 427 episodes as well, is you're gonna have to just rely on your good old wits, aren't you? And check messages carefully.
Trust links, be careful, have your spider sense about you, about what you're entering.
But it's tricky if you can't even trust the message, if it claims to come from someone or a company that you know.
Trust links, be careful, have your spider sense about you, about what you're entering.
But it's tricky if you can't even trust the message, if it claims to come from someone or a company that you know.
There you go.
So I thought this was an unusual case here where the— actually, it's the old technology being used by the criminals to take advantage of the latest technology in our pockets.
Yeah, interesting. Nice twist.
Krow, what's your topic this week?
Have you heard of the Paris Syndrome?
The Paris Syndrome?
The Paris Syndrome, and I'm talking about the city.
I've heard of the China Syndrome, and I've heard of Paris Hilton. But what is the Paris Syndrome?
It's a psychological condition that affects some visitors who arrive in Paris with an overly idealised expectation of what the city will give them.
Only to be met with the realities of the city.
Only to be met with the realities of the city.
Yes, yes.
Apparently visitors that experience Paris Syndrome report feeling anxious and/or dizzy.
Just disappointed generally.
Some have even reported hallucinations.
Cool, that Notre Dame.
The Paris of their dreams, the one they had seen in movies and read about, because, you know, culture is totally promoted, that woefully failed these visitors.
Yes.
You know, I think we can forgive these people. I mean, we all— You know that Paris is known as the city of love, isn't it?
I do Paris. Paris is great. It's not my favorite city, not my favorite, but you know, if I was looking for a city of love, I don't know why Paris has the monopoly on that.
And French is considered the language of love, isn't it?
I mean, the French tourist board or France's marketing department have done a bloody good job, haven't they, convincing everyone that this is the place to go for romance.
Kind of started before them. For centuries, right? They've kind of made their words flow, you know, soft consonants, the rise and fall of the intonation. They're poets.
Okay, honestly, if you were single, right, and there was two identically wonderful in all ways women vying for your attention, and one hailed from La Belle France, right, and sported a "voulez-vous aller à la bibliothèque avec moi?" Yes, "Do you want to go to the library with me?" Good.
And the other was from — let's not upset our listeners now. I'll bleep it out. I'll bleep it out. I'll bleep it out. Who would more likely woo you?
Okay, honestly, if you were single, right, and there was two identically wonderful in all ways women vying for your attention, and one hailed from La Belle France, right, and sported a "voulez-vous aller à la bibliothèque avec moi?" Yes, "Do you want to go to the library with me?" Good.
And the other was from — let's not upset our listeners now. I'll bleep it out. I'll bleep it out. I'll bleep it out. Who would more likely woo you?
Obviously, it would be France. France.
Of course. Exactly. And so that's why I'm sure you're going to feel for our guy of the hour, Michel, right? He's about — he's about your age at 76.
Cheeky.
Michel, he's from La Belge, or Belgium, a tiny country near France. And he was doing his thing. And okay, so let's be honest, he was probably feeling a little bit lonely.
And no wonder, because his wife had passed 4 years earlier.
And no wonder, because his wife had passed 4 years earlier.
Oh, poor fella.
4 years is a long time for a guy who's, you know, 76 years young. But sometimes, Graham, Cupid will give you a second shot.
I'm hoping.
Reigniting those swoony feelings.
And this is what happened to Michel, because soon he finds himself speaking to a lovely woman that hailed from his neighboring country, la belle France, and named — how French is this?
Sophie Vouzelot.
And this is what happened to Michel, because soon he finds himself speaking to a lovely woman that hailed from his neighboring country, la belle France, and named — how French is this?
Sophie Vouzelot.
Sophie Vouzelot?
Sophie Vouzelot? What a perfectly enchanting name. And so français. So quelle belle chance for Michel. The man cannot believe his turn of fate.
And Sophie, by the way, is a catch, right? She's quite a catch.
And Sophie, by the way, is a catch, right? She's quite a catch.
Oh, catch. I thought you said cat.
No, like a poisson.
What? I'm so confused. Something's fishy about this.
Back and forth the messages go between them on WhatsApp, right? And it must have been intense.
Right.
And deeply soulful because just a few weeks later, Michel hops in his little car, his bagnole, and hits the highways.
All right.
And drove 476 miles.
He's keen.
760 kilometers, for our Canadian friends, to France towards his French lover, Mrs. Vuzelot. Well, I guess lover's the wrong word because they haven't actually done it.
I mean, in person. I don't know. There's a deep connection between them. Anyway.
I mean, in person. I don't know. There's a deep connection between them. Anyway.
Lovely.
On the way, on the way, he must be daydreaming, right? What will he say to her? How will she greet him? Will they have a tête-à-tête over a Ricard on the rocks?
He arrives at their house in Saint-Julien, in southern France, near Marseille. He's sitting outside her gates.
This is the moment he's been dreaming about since he met her just a few weeks ago. And he zings the gate's intercom. And a monsieur answers with a bonjour.
And Michel says, "I am the future husband of Sophie Vouzelot." Oh, that's coming on a bit strong. Well, they had an intense connection and they talked a lot.
And there's a response, "Well, I'm the current one."
He arrives at their house in Saint-Julien, in southern France, near Marseille. He's sitting outside her gates.
This is the moment he's been dreaming about since he met her just a few weeks ago. And he zings the gate's intercom. And a monsieur answers with a bonjour.
And Michel says, "I am the future husband of Sophie Vouzelot." Oh, that's coming on a bit strong. Well, they had an intense connection and they talked a lot.
And there's a response, "Well, I'm the current one."
Ding dong. Yeah.
So the current husband of Sophie Vouzelot Fabienne Boutamine, another fantastically French name, starts recording explaining to his phone camera what just happened, saying there's going to be a confrontation.
Now I'm going to translate this video for you so you can figure out what happens because he put one in English with an AI doing the translation.
And I have put it in the show notes because mon dieu, it's crazy. It's not at all accurate.
Now I'm going to translate this video for you so you can figure out what happens because he put one in English with an AI doing the translation.
And I have put it in the show notes because mon dieu, it's crazy. It's not at all accurate.
Oh dear.
So he goes to the gate intercom and says bonjour again, and Michel says, "Who are you?" And the husband, Fabien, is a bit amped up at this point.
He says, "What do you mean, who am I? Who are you? Who are you?" And Michel eventually says, "I'm Michel, and you are Fabien, and something is not right." Fabien, of course, agrees.
Michel says, "I think she," meaning Sophie, "played a dirty trick on me." And Fabien says, "Ahaha, not my wife. It's the fake accounts.
You have to be very careful." But Michel sounds quite confused. And I'll paraphrase here, but he says something like, "Look, you two are divorced.
You and your wife are divorced." And Fabien says, "No, the ring is still on my finger." And then says, "You didn't give them any money, did you?" This is still through the gate they're talking.
"Yes," says Michel, "a lot. She said she was pregnant, and she lost the baby and needed money." Oh, boy, oh boy. And Fabien's like, "No, no, she's still pregnant.
Ring's still on my finger." And he stays very cool and compassionate and explains again that this is a scam and advises him to go to the gendarmerie.
He says, "What do you mean, who am I? Who are you? Who are you?" And Michel eventually says, "I'm Michel, and you are Fabien, and something is not right." Fabien, of course, agrees.
Michel says, "I think she," meaning Sophie, "played a dirty trick on me." And Fabien says, "Ahaha, not my wife. It's the fake accounts.
You have to be very careful." But Michel sounds quite confused. And I'll paraphrase here, but he says something like, "Look, you two are divorced.
You and your wife are divorced." And Fabien says, "No, the ring is still on my finger." And then says, "You didn't give them any money, did you?" This is still through the gate they're talking.
"Yes," says Michel, "a lot. She said she was pregnant, and she lost the baby and needed money." Oh, boy, oh boy. And Fabien's like, "No, no, she's still pregnant.
Ring's still on my finger." And he stays very cool and compassionate and explains again that this is a scam and advises him to go to the gendarmerie.
How old is this woman? I thought our hero was like—
38.
And he's 76. Dirty old fella.
A little bit dirty. Let's not judge, but okay. Hello.
It's Michael Douglas and Catherine Zeta-Jones.
You know what it's like when Cupid hits you in the butt with that little thing?
I don't want Cupid hitting me anywhere, least of all there.
And then our Fabien guy says, I really wish you hadn't given them any money. And the guy interrupts, sends around €30,000.
Oh my— what?
And he says, she will pay me back. So Michel still doesn't get that they're not in on it. This is all based on Fabien's video.
So hang on now. So let me try and understand what's going on here. So Michel is on the outside. He's the old geezer.
He's getting married. He's, you know, marrying Sophie.
Oh right, he hasn't met her yet, but they're definitely an item and he's paid his dowry or whatever. He's paid a substantial amount of money to her.
He's chatting to some disembodied voice through the intercom system, but who he thinks is the ex-husband of his intended betrothed.
He's chatting to some disembodied voice through the intercom system, but who he thinks is the ex-husband of his intended betrothed.
Exactly.
Right?
Yes, because whoever was impersonating Sophie put a whole yarn saying, my husband's left me, I've lost the baby.
Right.
I've moved out.
And so there's a bit of Michel which thinks, well, this guy is talking cobblers because of course we're in love and, you know, it's all going to be good.
Yes.
I don't know why he's inside the house, but right.
And this is when the real Sophie Vouzelot comes out and talks to Michel.
Finally.
Through the gate and gently directs them again to the cop shop to report the scam.
Because this keeps on happening?
Well, it turns out that 38-year-old Sophie Vouzelot is a minor celeb in France. So she's got a bit of an influencer social something going on.
She used to be a model, but she also used to be a former Miss France runner-up. And I'm like, what? I didn't know that stuff still existed. So I do a little searching. And it does.
It really does. There is still to this day a Miss France. I watched a bit of Miss France 2025.
She used to be a model, but she also used to be a former Miss France runner-up. And I'm like, what? I didn't know that stuff still existed. So I do a little searching. And it does.
It really does. There is still to this day a Miss France. I watched a bit of Miss France 2025.
Oh, did you?
All meringue dresses and tiaras and gleaming teeth and tears. The whole thing.
All in the name of research, Carole.
I tell you what. So yeah, so scammers pretending to be Sophie duped our 76-year-old Michelle into thinking she had left her husband, needed money, and would marry him.
Isn't there supposed to be some rule about the age of the person you should sensibly, you know, the limit? Isn't it something like you half your age and add, I don't know.
It's 7 is the one I knew or have known.
What is it? Half your age plus 7?
Yeah.
Is that right?
That's what I heard. Yeah.
Mind you, that's still a big age gap if you're 76.
Right?
I think stick within your decade. That's my advice.
Yeah. Well, he kind of had a little bit of a Paris syndrome himself, right? Because he finally reached his destination only to be brutalised by reality.
So did he have to then drive all the way home?
Yeah, he had to drive home. He had to go stay. He was like, I can't drive home. I have to go to a hotel tonight.
Poor chap.
Poor little man.
I'm just thinking I must never ever give any money to a pregnant woman 38 years younger than me, thinking that I'm going to end up in a relationship with her.
Learn from Michelle. If you can't believe your luck, then don't.
Now, Carole, according to Vanta's latest State of Trust report, cybersecurity is the number one concern for UK businesses. And of course, Vanta can help you with that.
Whether you're a startup growing fast or already established, Vanta can help you get ISO 27001 certified and more without any of the headaches.
You see, Vanta allows your company to centralize security workflows, complete questionnaires up to 5 times faster, and proactively manage vendor risk to help your team not only get compliant, but stay compliant.
So stop stressing over cybersecurity and start focusing on growing your business in 2025. Check out Vanta and let them handle the tough stuff.
Head to vanta.com/smashing to learn more. That's Vanta, V-A-N-T-A,.com/smashing. And thanks to Vanta for sponsoring Smashing Security.
Head to vanta.com/smashing to learn more. That's Vanta, V-A-N-T-A,.com/smashing. And thanks to Vanta for sponsoring Smashing Security.
And welcome back. Can you join us for our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
Better not be.
Well, my pick of the week this week is not security related.
Good.
My pick of the week this week is art related. Now, Carole, I don't know if you know anything about painting. I don't know if you know anything about art.
Don't know anything about anything like that.
Yeah, I don't know if you have any interest in the subject at all. But I am a fan of a couple of TV shows which are on Sky Arts. Have you heard of Sky Arts?
It is a channel we have here in the UK. I don't know if it's available elsewhere.
It is a channel we have here in the UK. I don't know if it's available elsewhere.
Owned by Rupert.
Rupes. Well, you know, it's— yeah, it's owned by Sky, unfortunately. But you don't have to give him any money. If you've got Freeview, it's on the free-to-air channel.
Oh, yeah, yeah, yeah.
Channel 36, it is. So you don't have to have a subscription or a dish or an app or any of that nonsense. It's talking to John's parents. Right.
Anyway, the show which I want to recommend, there's two shows. One is called Portrait Artist of the Year, and one is called Landscape Artist of the Year.
And this is my comfort blanket. I can watch so much of this.
What they have is a whole bunch of artists, and they get their little easels out, and they get their paints, and they go and sit out in the rain, or if they're doing the portrait, they maybe lucky enough to sit inside instead.
And they spend an hour competing against each other, trying to do the best landscape or the best portrait of somebody.
Anyway, the show which I want to recommend, there's two shows. One is called Portrait Artist of the Year, and one is called Landscape Artist of the Year.
And this is my comfort blanket. I can watch so much of this.
What they have is a whole bunch of artists, and they get their little easels out, and they get their paints, and they go and sit out in the rain, or if they're doing the portrait, they maybe lucky enough to sit inside instead.
And they spend an hour competing against each other, trying to do the best landscape or the best portrait of somebody.
I love it.
It's a wonderful show. It's presented by, well, it used to be Frank Skinner. He used to be one of the presenters. I like him, yeah. It's now Steven Mangan, the curly-haired actor guy.
And he's doing it alongside thinking man's crumpet, Joan Bakewell, right? Very big fan of. If only I'd been alive in 1968. Anyway, never mind.
But it's a lovely TV show, and I think it's fantastic. Have you ever seen it?
And he's doing it alongside thinking man's crumpet, Joan Bakewell, right? Very big fan of. If only I'd been alive in 1968. Anyway, never mind.
But it's a lovely TV show, and I think it's fantastic. Have you ever seen it?
No, I'll check it out. I'll check it out.
Oh, for goodness' sake, Carole, this is an institution. They're on about Series 12 or something.
I know, it's just, you know, yeah.
Some of the art is incredible.
And what I love about it is everyone will be doing a landscape, and you'll get some very conventional ones, some very technical ones, some very precise and photo-like, and other ones which are just abstract bonkers.
And other times they're not using paint at all. It's, oh, I'm just using a piece of thread, or I'm just using some mud. And you know, you never know who's going to win.
But you always, when you watch it, you have your favourites. You have the ones you're not so sure about.
And what I love about it is everyone will be doing a landscape, and you'll get some very conventional ones, some very technical ones, some very precise and photo-like, and other ones which are just abstract bonkers.
And other times they're not using paint at all. It's, oh, I'm just using a piece of thread, or I'm just using some mud. And you know, you never know who's going to win.
But you always, when you watch it, you have your favourites. You have the ones you're not so sure about.
Yeah, I love all that.
There are some experts on hand as well, you know.
Oh yes.
And they're all there wearing their cravats and they're saying all the technical things about the art, which you don't realise. But it's a terrific TV show.
Portrait Artist of the Year and Landscape Artist of the Year. There's also a couple of them on YouTube if you can't find them anywhere else. And that is my pick of the week.
Portrait Artist of the Year and Landscape Artist of the Year. There's also a couple of them on YouTube if you can't find them anywhere else. And that is my pick of the week.
Bing, bing. You got a twofer there.
Yep. Krow, what's your pick of the week?
Okay, I just finished Careless People, a memoir by Sarah Wynne Williams.
Oh, yes.
This is that scandalous memoir that came out earlier this year dishing the dirt about Facebook's head honchos.
And you may first have heard about the book thanks to Meta's relentless efforts to shut it down. According to Slate, when Wynne Williams publicized the book, Meta saw red.
The day after publication, an arbitrator issued an interim ruling finding that Wynne Williams violated a non-disparagement clause in her severance agreement.
So she's duly restricted from further promoting the book or commenting upon her old workplace.
And in that twist of fate, all this negative attention amped up the intrigue, and the book has done very, very, very well.
And you may first have heard about the book thanks to Meta's relentless efforts to shut it down. According to Slate, when Wynne Williams publicized the book, Meta saw red.
The day after publication, an arbitrator issued an interim ruling finding that Wynne Williams violated a non-disparagement clause in her severance agreement.
So she's duly restricted from further promoting the book or commenting upon her old workplace.
And in that twist of fate, all this negative attention amped up the intrigue, and the book has done very, very, very well.
Oh, what a shame. What a shame that that happened.
Right. So the perspective is from an international liaison point of view.
Ooh la la.
So Sarah gets a job at Facebook and is responsible for getting Mark and Sheryl Sandberg into bed, proverbially, with international leaders.
Right.
So presidents and prime ministers. And this is like going to Davos and G7 thingies. That's where we're kind of heading to.
And basically, she played an integral role in making Facebook what it is today. So, insert word here. But lordy, does she land a few hard-hitting punches.
Her focus is definitely Mark and Sheryl.
And basically, she played an integral role in making Facebook what it is today. So, insert word here. But lordy, does she land a few hard-hitting punches.
Her focus is definitely Mark and Sheryl.
What juicy gossip did you get from it, Carole?
Shocking recounts of sexual harassment. Ooh!
The appeasing of dictators, the gaming of algorithms, targeting of children with ads, political interference, misleading Congress, power games, manipulation.
She even touches upon Zuckerberg's presidential aspirations.
The appeasing of dictators, the gaming of algorithms, targeting of children with ads, political interference, misleading Congress, power games, manipulation.
She even touches upon Zuckerberg's presidential aspirations.
Oh, no.
Just please, just please. American Friends, please. Zuckerberg is portrayed as a hybrid of Sam Bankman-Fried and Donald Trump, says Slate.
To me, he just comes off as a man-child, and maybe that's the same thing. But she tells this tale of him loving board games, right?
He never watches TV, doesn't movies, doesn't want to watch your art show, right? He likes Settlers of Catan and Ticket to Ride.
To me, he just comes off as a man-child, and maybe that's the same thing. But she tells this tale of him loving board games, right?
He never watches TV, doesn't movies, doesn't want to watch your art show, right? He likes Settlers of Catan and Ticket to Ride.
Okay.
And everybody lets him win every single time.
Oh my goodness.
Everybody lets him win every single time.
Because I wonder what happens if he wouldn't win?
Near the end, when things are getting a bit tense, she starts kicking his ass, and he can't believe it.
And she just goes, "Do you really think people don't let you win?" 'Cause I think he thinks he has a touch of God in him. For fuck's sake.
But the thing you can't help but wonder throughout the book is why, oh why, did Sarah stay for years and years?
And she just goes, "Do you really think people don't let you win?" 'Cause I think he thinks he has a touch of God in him. For fuck's sake.
But the thing you can't help but wonder throughout the book is why, oh why, did Sarah stay for years and years?
Right.
And this is shocking, right? The things that they put her through, the things they ask her to do, the things she says yes to.
Was the money good?
During it, she makes quite a few comments that she wasn't there during the glory years when everyone got their big millions.
She arrived after, and they just gave her what she asked for. So everyone around her was making more money, she claims. She says, why'd she stay there? She does give some answers.
They don't sit perfectly with me. But she does seem to have the writing bug, so I'm sure we're going to see her turn out more stuff. But that said, Graham, delicious reading.
One of those things where you sit there going, "Oh my God."
She arrived after, and they just gave her what she asked for. So everyone around her was making more money, she claims. She says, why'd she stay there? She does give some answers.
They don't sit perfectly with me. But she does seem to have the writing bug, so I'm sure we're going to see her turn out more stuff. But that said, Graham, delicious reading.
One of those things where you sit there going, "Oh my God."
"Oh my God." What's it called again?
Careless People. That's a kind of Gatsby reference.
Oh, yes.
For those literary people out there.
Yeah.
It's my beach book recommendation for this week, Careless People by Sarah Wynne Williams. That's my pick of the week. Fantastic.
That sounds really interesting.
You'd love it.
And that just about wraps up the show for this week. You can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And thank you to our episode sponsor, Fanta, and of course to our wonderful Patreon community. It's their support that helps us give you this show for free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 426 episodes. Check out smashingsecurity.com.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 426 episodes. Check out smashingsecurity.com.
Until next time, cheerio. Bye-bye. Bye.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Teen arrested for ‘smishing scam’ using technology never before seen in New Zealand – RNZ.
- Op Orca — smishing scam smashed – New Zealand police.
- SMS blasting incidents are rising – Risky Bulletin.
- Bangkok busts SMS Blaster sending 1 million scam texts from a van – Bleeping Computer.
- Police warn of SMS scams as ‘blaster’ is used to send thousands of texts – The Guardian.
- Reports of SMS Messages Sent by Fake Base Stations – Commsrisk.
- Keeping your Android device safe from text message fraud – Google Security blog.
- What is Paris syndrome? How culture shock can kill a trip – The Independent.
- Belgian man crushed after driving nearly 500 miles to meet French model he believed was his ‘future wife’ – Fox News.
- French is the language of love: myth, reality, and romance – ICLS.
- Romance scam victim travels 700km ‘to marry French beauty queen’ – BBC News.
- Un homme se présente chez moi pour être mon futur mari… – YouTube.
- Sky Artist of the Year.
- Careless People – The Guardian Bookshop.
- Careless People: We read the book that Mark Zuckerberg doesn’t want you to read – Slate.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
