Hacking Humans

Caught on ScamTok

36 min
Jul 16, 20262 days ago
Listen to Episode
Summary

This episode examines sophisticated phishing campaigns targeting Facebook users with fake verification offers, a global fraud bust by Interpol involving 5,800 arrests and $293 million seized, and humorous examples of poorly executed celebrity impersonation scams on TikTok.

Insights
  • Attackers are increasingly mimicking legitimate customer service experiences (chatbots, verification processes) to build trust before requesting sensitive data like passwords, MFA codes, and identity documents
  • Meta business accounts compromised through fake verification scams can be weaponized to lock out legitimate owners and launch convincing attacks against their customer bases
  • International law enforcement coordination (97 countries in Operation First Light) can disrupt major scam infrastructure, but seized assets represent only a fraction of total illicit gains from social engineering operations
  • Scammers operating at scale use volume-based strategies with minimal personalization, making them vulnerable to basic verification questions and inconsistencies that victims can exploit
  • Online purchase scams have become the dominant fraud category in recent BBB data, surpassing traditional debt collection scams as the primary threat
Trends
Shift from crude phishing emails to interactive, multi-step social engineering experiences that mimic legitimate corporate onboardingIncreased targeting of small business social media accounts as entry points for identity theft and account takeoverGrowing use of fake customer service centers with physical infrastructure (uniforms, signage, video backgrounds) to enhance scam credibilityCryptocurrency and virtual currency seizure becoming standard in international fraud enforcement operationsCelebrity impersonation scams migrating to TikTok and other social platforms with bot-driven or volume-based engagement tacticsDebt collection scams declining while online purchase fraud rises, suggesting victim behavior changes or enforcement effectivenessChina-led international coordination on social engineering fraud, indicating geopolitical prioritization of financial crime preventionScammers requesting identity documents (passports, driver's licenses) alongside account credentials, indicating identity theft bundling with account compromise
Companies
Meta
Subject of phishing campaign targeting business account verification; offers paid verification service that scammers ...
Huntress
Cybersecurity company that conducted research on Facebook verification phishing campaign running November-June
Better Business Bureau
Operates scam tracker with heat map visualization tool tracking scam reports and losses by state and category
Interpol
Led Operation First Light, a 97-country international effort resulting in 5,811 arrests and $293 million in seized il...
N2K
Network powering the Cyber Wire and Hacking Humans podcast
People
Dave Bittner
Co-host of Hacking Humans podcast discussing social engineering scams and phishing campaigns
Joe Kerrigan
Co-host of Hacking Humans podcast providing analysis of fraud trends and international enforcement operations
Maria
Regular co-host of Hacking Humans podcast, absent this episode due to vacation
Danny Palmer
Wrote article on Facebook phishing campaign targeting users with fake verification offers
Noah Kahan
Celebrity whose identity was impersonated in TikTok scam example discussed in Catch of the Day segment
Quotes
"They made it look like you were interacting with a Facebook messenger chat bot"
Dave BittnerEarly segment
"They're not only stealing your Facebook account, they're also stealing your identity"
Joe KerriganFacebook phishing segment
"Stop and talk to somebody. That is a great way to recognize that something is a scam."
Dave BittnerMid-episode
"These guys in the southern part of Africa were probably trying to fake, you know, trying to simulate, hey, we're the Brazilian police and you need to send us money."
Joe KerriganOperation First Light discussion
"I guarantee you this, this $293 million of illicit assets they seized. That is a small fraction of what these people have taken."
Joe KerriganInterpol operation analysis
Full Transcript
You're listening to the Cyber Wire Network, powered by N2K. Hello, everyone, and welcome to the Hacking Humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner, and joining me is Joe Kerrigan. Hey there, Joe. Hi, Dave. Maria is on vacation this week. We miss Maria when she's not here, don't we, Joe? We do, yeah. But I have it on good authority. She will be back with us next time. So before you go diving for that skip button, Joe and I are doing it old school like we used to. That's right. PM, pre-Maria. Yes. That's the acronym now or the initialism? It's PM? I don't know. Okay. BM. It's better than BM, right? Right, yeah. Okay. All right. We don't have any follow-up this week, do we? I don't think so. We do have something to talk about next week, though. Okay. Maria needs to be here for that. Oh, all right. Fair enough. Fair enough. All right. Well, let's tell you what. Let's take a quick break to hear from our sponsors. And when we come back, we will dive into our stories. And we are back. I'm going to jump into things here with us today, Joe. Okay. I have a story from the folks over at Info Security Magazine. This is an article written by Danny Palmer, and it's titled Phishing Attacks Targeted Facebook Users with Fake Verification Offer. Hmm. So imagine you're running a small business. Okay. And one morning you get what looks like an official Facebook business email. Yeah. And it says, good news. We're going to help you protect your brand with a verified badge. Okay. That sounds reasonable. Yeah. Sounds like something I might be interested in doing. It's a trap, Joe. Yeah. I don't want somebody out there impersonating me. Right. so uh this campaign that's outlined in this article uh was particularly sneaky because the emails all looked legitimate enough to slip past a lot of security checks so instead of being like a sloppy phishing attempt the attackers actually borrowed uh facebook messenger chat bots to make the whole experience feel interactive and authentic so they made it look like you were interacting with a facebook messenger chat bot how'd they do that? I don't know. I don't know. I don't know what was going on behind the scenes, but I suspect that's probably not too hard a thing to spin up. In other words, click here to chat with Facebook, right? You get an email that says, click here to chat with Facebook. It sends you someplace that's, you know, that has a domain name that has the word Facebook somewhere in it. Right. Right. And, uh, next thing you know, you're chatting, but it's not with Facebook. Yeah. You're at, like awesomefacebooksupport.com or something like that. Right, exactly, exactly. So they say the victims were guided through what looked like a normal verification process. They requested usernames, passwords, multi-factor authentication codes. Here's where it gets really interesting. Photos of passports or driver's licenses. Oh, so they're not only stealing your Facebook account, they're also stealing your identity. Yeah. Right. Great. They said the scammers were basically building their own customer service department. But I think what's noteworthy is that like every step along the way reassured the victims that they were protecting their account when in reality they were handing over the keys. Right. Yeah. And this research I should mention, by the way, comes from Huntress, which is a very well-known and respected cybersecurity company. Yes. According to their research, the campaign ran from November of last year until June of this year when Meta disrupted the infrastructure behind it. And they point out that a Meta business account in particular can be used to buy scam ads. You could lock out the legit owners. And then you can launch convincing attacks against customers and followers. Mm-hmm. So they point out that the irony here is that Facebook really does offer account verification. Right. But that starts inside Facebook. Yes. Yeah. And they charge you for it. Yeah. One of my biggest fears is my wife has a Facebook page that is for her quilting business. And she doesn't use it a lot. every now and then she'll put a quilt that she's worked on on the page. But a lot of times she can't do that. The customers she has are like, yeah, I don't do that until I give it to somebody. Right. So yeah, don't spoil it. Happy retirement, Uncle Harvey. Yeah. So, I mean, she doesn't use it a lot, but my fear is that that gets taken over. Right. whether somebody compromises my wife's account or somebody somehow convinces somebody on the admin team. Because actually there's three people on admin. It's me, my daughter, and my wife. And my daughter and I are both pretty good at this. And my wife is actually quite shrewd. She is not easily duped. You know, I get questions from her all the time. And I'm like, is this legit? And I'm like, no. although one time with the puppies, you know, the puppy scam, I had to convince her by having, you know, eliciting a certain behavior from the scammer. But she's like, yeah, you're right. This is a scammer. I'm like, because if we offer to go, this was a, I told the story a couple of weeks ago. I remember, yeah. It was up in Pennsylvania, Philadelphia, which is not far from where we live. No, but still a few, a couple hours. Right. But we said, hey, we're willing to come up and meet the puppies. Right. And they started hemming and hawing and beating around the bush about it and saying all kinds of things. It just didn't make sense. Like, you need to make a deposit before you can come and see the puppies. I'm like, tell them that we'll come up and see the puppies. And if we like one of the puppies, we'll give them a deposit in cash then. Right. Right. And, you know, that was, you know, that seemed like the, we're willing to hand you a box of cash, an envelope full of cash for a dog. Right. And they didn't want to do that. So obviously they are not in Philadelphia. Obviously they're scammers. But, you know, when she gets mails, emails that look like they're coming from something, she talks to me about it. And I'm like, you know, I make the evaluation. I help her, you know, I talk to her about it as well. Yeah. And yeah, anytime she does, there are some things that just seem like scam. I know I'm going off topic here, but I recently, Dave, purchased a pachinko machine. Oh, okay. Another pachinko machine. Now I have- I'm glad you said it so I didn't have to. Now I have eight. Eight? Eight. Oh, my Lord. Is it possible that I remember you getting your first pachinko machine? Yeah, probably. Oh, my. Yeah, I got a problem, Dave. Yes, you do. Yes, you do. But this one was a much more modern pachinko machine. Okay. And I was interacting with somebody on Facebook Marketplace, and the price seemed really good for a machine in this condition. It doesn't need any restoration at all, or it actually did need a little bit of work, but not a full teardown. It's in good enough condition. I just needed to clean out some blockages and get it working. But during the course of that, the person who was telling it responded very slowly, which I immediately thought was a scammer. And then I said, you know, we live in the same area. And she's like, how do you know where I live? I said, there's a map on the Facebook Marketplace listing that says you live in Sykesville. And, you know, Sykesville is a big area, and I live near that city. And eventually we established, I said, so when we meet, I will bring cash and you bring the pachinko machine. And she said, how about we meet at this place? And it's a place right by my house. And I said okay maybe this isn a scam So I pull up and sure enough it was a legitimate deal She had the pachinko machine I gave her it looked good I gave her the cash It took it home fixed a couple things and it works now. It is very, very loud though. It is not like- Is there any other kind of pachinko machine? Yeah. So I will tell you- Isn't that kind of the point of a pachinko machine? Yeah. If you've ever seen the videos of a modern pachinko parlor, it sounds like it's just deafening to be in there. Yeah, it's like, it's adjacent to like a Las Vegas slot machine room, right? It's very similar. It's the Japanese version of a slot machine combined with kind of like a pinball machine. And I love these machines, but this is not the typical kind of machine I buy. I really like the older ones that are all mechanical. Okay. I think those are just beautiful works of art and Japanese engineering, which is amazing that these things still work like 40 years later. Anyway, this is not pachinko. talk. Uh, so this one kind of looked like a scam. So I had my guard up. That was the point. Yeah. Uh, so yeah, I, I mean, I, I expect nothing but scams from Facebook. Yeah. So I don't know, maybe this is not something will work on me, but my fear is that my wife loses control of that quilting account. Yeah. No, I, I don't, I think that's not an unreasonable fear. Right. Uh, and, and, you know, good for her that she has you and that you have each other to bounce these things off of. We always talk about that. Stop and talk to somebody. That is a great way to recognize that something is a scam. Yeah, absolutely. So again, this article says that Facebook does offer business verification, but it is a paid service. So if you suddenly get an email that promises to do it for free, probably a cue to start asking questions instead of clicking links. Right. By the way, just that's the end of that story. But I just, this is a podcast, so there are no visuals, but I have to tell you, Joe, about a Facebook ad scam that I saw that just cracked me up. Cracked you up. Okay, good. I laughed out loud and I think to myself, this can't be real. Right. This can't be real. to tell. The ad was for bubble juice. Like, like the stuff that you pour in a dish for the kids? Yeah, exactly. Yeah, bubble juice. That's what we call it too. Yeah, bubble juice, right? Right. You can, and you know, but you can make your own bubble juice. You can? Yep. My wife has a bubble machine that she puts on our back deck. And when people walk by the pathway near our house, sometimes she'll fire up the bubble machine and people are delighted to have, you know, Who doesn't love bubbles? Nobody. Psychopaths, Dave. That's who. That's right. That's right. And so you can make bubble juice at home. You can make your own formula. I'll just give everyone who is out there blowing bubbles a little tip, a couple drops of glycerin in your bubble juice, and your bubbles will last a lot longer. Yes. Anyway, this ad was for bubble juice. Now, how could you possibly make a fake ad about bubble juice? That's what I'm wondering. Because generally we just go to like five below and buy the gallon size jug of bubble juice. Exactly. And just soapy water. I mean, that's it. Planning the kids, spilling it everywhere. Right. It's soapy water. That's all it is. So this ad had kids blowing bubbles. And when the bubbles came out, the bubbles formed shapes. Animals and clowns. And just you name it. anything that a kid would want to play with, they were blowing bubbles out of the, just the regular way you blow a bubble. It's like SpongeBob. Exactly. You got the little plastic wand, but out from the other side of the wand was coming SpongeBob. Or Bubble Buddy. Yeah, yeah. You got to bring it around town. Bring it around town. And that was what this ad was for, was this special, you know, like quantum bubbles or something. You know, like there was some gobbledygook explanation for why these bubbles were capable of doing this. But that is amazing. Yeah. I just sat there with my jaw hanging going, this can't be real. Yeah. This can't be real. And yet I think it was. I don't know. It might have been a prank or a joke or satire. We can't tell anymore, Joe. That's the thing. We can't tell. The AI-generated video of these kids blowing bubbles with shapes. Right. Was so good. We can't tell anymore. You couldn't tell. No. No. I know way too much about this as, you know, because when I was a kid, there was a guy, I watched some show where this guy was like a bubble expert. Oh, yeah. I remember. I remember. Yeah. He was on That's Incredible sometimes. Maybe that's what it was. Yeah. Are you talking about, I don't want to ruin it. Go ahead. So he said he could blow a square bubble. Yes. Or create a cube bubble. Yes. And he did it. He did it. But the way he did it was he put a bunch of bubbles together. So if you notice when two bubbles join, they'll make a flat surface. Right. So he would put six bubbles together in the right configuration such that there was a cubic bubble in the center. Yeah. And it was just, it's really just the four or the six flat surfaces of the joining bubbles. And then because it was the 80s, he would take a drag off his cigarette. I remember that. And take a straw that he soaked in bubble juice and put it in there and then blow smoke into that bubble so you could see it. Yeah. That is the closest thing to a shaped bubble I'd ever see. And one of the things, when he would talk, he would talk about how bubbles have to be spherical because there's no other choice for it. Right. They have to be spheres because of how the physics works around it. Sure. And he says, but if you know when they join, you see that they have a flat side. So he leveraged that. I always thought like, what a unique bar trick, right? Right. Can you imagine this guy going into a bar and just betting? I bet you I could make a square bubble. Yeah. So this guy never paid for a beer. Yeah. But also, probably didn't attract the ladies very much. Yeah, that's not something. that's like me and my magic tricks you know hey is that a corner behind your ear pick a card any card get away from me you weirdo right exactly all right well we will have a link to my story in the show notes uh i tell you what let's take a quick break here we will be right back after this message. And we are back. Joe, what do you got for us? I got two stories today, Dave, because they're both kind of short. My first story actually comes out of WRAL News, and we're not going to put a link to that story in the show notes because it's kind of localized. Okay. And it has some information that is not germane to the global audience. But if you just go to WRAL and look for the scam heat map. That's the story is that in May, the Better Business Bureau, the BBB, brought back their scam tracker feature or on their scam tracker feature, they brought back the heat map. So you can click on a link in this story and we'll put the link to this in the show notes, the heat map from the Better Business Bureau. And this is a map of, it's a data analysis or data visualization tool tool for all the data that gets reported to the Better Business Bureau. So this is only their data. It doesn't represent all the data in crimes, but assuming, or in scams, but assuming that it's a representative sample, which is a big assumption. That assumption is doing a lot of heavy lifting here. I'm looking at this right now and I'm wondering what the heck's going on in Kentucky. Yeah, Kentucky. Kentucky has an incident rate of 0.2 per 1,000 residents, which is not the highest. I think the highest on the 90-day timeline is Idaho, which has 0.23. But Kentucky, you can click on a state, which is really cool. So let's pick on Kentucky some more. All right. But you can see that it's number eight in the ranking of 51 reporting locations here. They have a total of 904 reports for the last 90 days totaling million in losses Wow Which means that per 1 residents that state has lost to scams I mean interesting way to look at the data I don know how helpful this is The story from WRAL says now people in states can track how they're doing over time. And I'm like, not really with this tool. It's an interesting snapshot for looking at like last 12 months, last 90 days, last 30 days. And then it has all time. The all time data is kind of interesting because it changes the kind of scam that has been popular. Like the number one scam in Kentucky in all time was debt collection scams. But if you come down to like the last 90 days, that's going to switch to online purchases, which generally tends to be, in my cursory exploration of this tool, the number one scam across the board recently. So I don't know what's caused debt collection to drop as a scam. Probably some... People not answering their phones. Right. People not answering their phones. Right. Right. Well, and also I'd say online purchase as a category is a pretty big umbrella. Right, right. And that's probably only gone up in, I mean, I guarantee you that's only gone up in the past 10, 15 years. And I don't know how long this data goes back for. Anyway, cool tool. Check it out. Yeah, that's fun. We'll put a link in the show notes. The other story I have today comes from Interpol, which has an amazing story. They have made over 5,800 arrests and seized $293 million in a global fraud bust. And this comes from Léon, France. And how's my French? Not good. Okay. So Interpol got together with 90, had 97 participating countries, which is a huge international effort. And they have arrested 5,811 people and seized this $293 million in illicit assets. And they called this Operation First Light. And it ran from January of this year to late April of this year. And they were focusing on combating social engineering scams and the associated money laundering that goes on around it. So the way this worked was they did an initial period of intelligence collection and getting information together and talking with each other. Participating countries took three months of operational activities, and they were proactively going against high-value targets. So they knew who they were going after. You know, they prioritized the big offenders. They used Interpol's Global Rapid Response, Global Rapid Intervention of Payments, or IGRIP, which means, you know, I'm butchering that acronym, but it's a stop payment mechanism that facilitates the swift blocking of illicit financial flows, which is, and they say here that it can block both fiat and virtual currencies. Okay. One of the things they say in here is that they seized cryptocurrency from someone's virtual wallet, which is probably not 100% correct. They probably seized that money from an exchange rather than from a wallet. because unless you get the actual wallet, because the wallet is what holds the private keys. And if this is on a personal wallet and that guy's out there and you don't have him in custody and can't extract the keys from him through like, I don't know, rubber hose cryptography, which is my favorite. That is actually a term of art. And it's one of my favorite terms of art. I can break any crypto system if I have the guy that knows the secret and have a rubber hose. I just hit him with this rubber hose until he tells me what it is. Right. Yeah, and they analyzed, these numbers are impressive. They analyzed over 150,000 cases. They seized the assets from 31,000 bank accounts. There were 31 bank accounts that were blocked, rather. They solved 23,000 cases, which sounds like they got about one-sixth of the cases. That is, I'm impressed by that number. that is uh that's that's pretty good um they uh they also identified 15 000 suspects and they so again they arrested about a third of them uh and they have uh 99 notices and diffusions issue i don't know what the fusion is no i don't no i don't maybe it's a note to uh telling someone they need to break up their operations they need to diffuse it maybe i don't know that's just a One of the things that impressed me is there is a small, or I was interested in, there's a small country in Africa, the south of Africa, borders on South Africa, called Eswatini. That was a location for a lot of these scammers they arrested. And they have pictures in this article. There is a scam center in Sri Lanka that's being busted. And then they have the Eswatini pictures where they have seized 240 electronic devices, foreign currency, and a realistic replica of a Brazilian police station complete with fake uniforms and signage. So, I mean, these guys in the southern part of Africa were probably trying to fake, you know, trying to simulate, hey, we're the Brazilian police and you need to send us money. Right, right. Right. So you're on some Zoom call with somebody and you see Brazilian police officers strolling around in the background to make it look like a Brazilian police station. Right. So in Espetini alone, they arrested 82 people, which is really good. They also had people in Thailand. They made two arrests in Thailand. Singapore and Oman utilized the iGrip to block $6.6 million in illicit transfers. uh there's a lot of details in this country uh or in this article but one of the interesting things is there's a note to editor uh in the bottom of this and it says operation first light is funded by china's ministry of public security and supported by the participation of three regional policing bodies included uh asian poll uh gcc poll and euro poll so uh and then they go on the list all the 97 countries that are involved. And it's a who's who of people. Like Costa Rica's in there. Yeah. The United States is also one of the participants in this. Yeah. Vietnam, Zimbabwe, Zambia. A lot of countries in Africa. A lot of countries in Europe. I mean, it's an interesting list. Yeah, it is. and interesting that China took the lead here in funding it. Yeah. Well, you know, China's been taking the lead on a lot of this stuff. And good for them. You know, I'm happy to see that. They have, and one of the reasons they're taking the lead on it is because their people are getting hurt by these scam centers. Yeah. And that doesn't reflect well in the government. And I'm glad to see, I'm glad to see this kind of a bust. I'm glad to see that 5,800 of these people are going to get arrested. And you know what happened to those scam center operators that were extradited to China? Yeah. Yeah. They won't be scamming anybody ever again. Let's just say that. No. I guess the one thing that I always wonder about with these sorts of things, because like you, I look at this and I think this is great. Right. all these numbers are big and they've gotten a lot of money and a lot of people and they've shut down things, but it's hard to know what to compare it against. Right. Like how big a chunk of the global market are they actually shutting down? How much do the other operators take note of this? Yeah. And maybe change their ways or decide to get into a different business. Yeah. Go legit. Yeah. I just don't know the answer to that. Yeah. I don't think anybody does. Right. And I think that's part of the problem. I hope it makes a big difference. But I guarantee you this, this 200, uh, $293 million of illicit assets they seized. Yeah. That is a small fraction of what these people have taken. Yeah. These people have probably taken billions. Yeah. I mean, there's 15,000 of them. Yeah. Well, I think they should uh create a grant program for podcasts that help uh prevent scams agree with you 100 Dave Take some of that acquired those ill gains You know what? We'll just take one-tenth of it. We don't want much. No, we're not greedy. We'll just take $29 million. Sure, we'll put it to good use. Yeah. Say the Joe, Dave, and Maria Institute for scam fighting. Right. It'd be like our hall of justice. Yeah, that's right. We'll build a hall of justice, Dave. That's right. Love it. All right. We will have links to Joe's stories in the show notes. And of course, we'd love to hear from you. If there's something you'd like us to consider for the show, please do email us. It's hackinghumans at n2k.com. All right, Joe, it is time for our Catch of the Day. Dave, our catch of the day comes from the Scambait subreddit. These TikTok scam accounts are literally so stupid is the title of this post. Okay. I'll lead us off here. Okay. Just you and me today. Okay. So everybody's going to have to listen to me stammer my way through this. Here we go. So this claims to be from the official Noah Kahan live chat. Now, Joe, do you know who Noah Kahan is? I do not know who Noah Kahan is. I did not either. Okay. And so I looked up Noah Kahan, and Noah Kahan is a musician and quite talented, quite well-known, has a lot of fans. He's a good-looking dude. Legit celebrity. Yep. All right. Now, just because you and I don't know about him, we're old. Yes, we're old. I was just going to say that, Dave. Yeah. There's a reason we don't know who this is. Yes. Probably started putting his music out sometime after the year 2000. which means it's just off my radar. Right. Okay. So it starts off as if it were Noah saying, Hey, dear, I kindly appreciate you for being a great fan. I got too many messages and comments on my official page, so I isolated myself here to reach out to my fans. What's your favorite song of mine? God bless you. Amazing. So cool. I can't believe you're messaging me. I think my favorite song by you is probably Fruit Salad. I'm going to guess that's not one of his songs. So I looked it up. Uh-huh. He does not have a song called Fruit Salad. Okay. And what do you think of when you hear the song Fruit Salad, Joe? The Wiggles? Is it The Wiggles? No, I don't. We were never Wiggles fans in our house. Oh, you're so lucky, Joe. Yeah. Because when I hear Fruit Salad in a song, Fruit Salad, yummy, yummy. Does that mean anything to you? No. No, I'm fortunate. Oh, you're so lucky to not have it. That's the one Australian show that didn't make it into my house. If Maria were here, she'd be... Okay. Give me a Bluey song. I'll sing it. Okay. So Noah goes on. How's the family? I hope all is well. I really want to appreciate you because without you, my fans, I won't be where I am today. Thank you once more. I'm groovy and glad to be a big fan of yours. Do you like the song Fruit Salad? What's your favorite song that you've written? Thank you so much. That really means a lot. fruit salad has such a fun vibe. As for my favorite, it's stick season. The lyrics and emotion are really incredible. Wabbit season. Come on, Dave. You're not doing with it. Stick season. Wabbit season. Stick season. So, he does actually have a song called Stick Season. Okay. I believe also an album called Stick Season. So, whatever bot this is did their homework. Where are you from, my dear? I'm from Las Vegas. I'm a stripper at a club there. You can come see me dance when you're there for your show tomorrow. By the way, I hope you're not a journalist. Nope, Noah, I'm a stripper. Why I asked is because I'm being careful. I've been hurt times without numbers from these journalists out there who pretend to be a fan and end up faking stories about me. No, no, I would never know a thing. I too have been hurt by people pretending to be Noah Cahan and other celebrities I know what that's like I was told that there are imposters here trying to be me that's the reason why I messaged you here I would like us to talk somewhere else because I don't usually use this account for fan chat but you are a nice person I can only imagine how painful it is for you to have people do identity theft to you you're so cool with all your music and huge hits like I set my friends on fire I died in a tent my cat threw up in the litter box and so much more these are all great song makers you're an inspiration to many folks out there thank you so much that truly means a lot to me I'm really grateful for your support it keeps me going I would like to talk to you every day whenever I'm not busy okay I'm gonna stop here for a second because these songs I mean this is obviously somebody messing with sure and I mean nobody makes songs like this except maybe some death metal band probably has songs like my Die in a Tent but I mean he just he skips over he just keeps going this scammer or bot probably bot I don't know yeah just as if it never happened right so anyway the scam bidder then says, you are always busy though. You're on here right now. So you'll be busy every day. You're on tour right now. That's what that should be. Okay. You are always busy though. You're on tour right now. So you'll be busy every day. My sweet little Noah Bean. Love this. Please put another album out. I love your new album. My Spanx are too tight on my pee pee. I'd love for us to chat on Zangy so we can have private conversations there Do you have Zangy? I don't know what that is I need you to prove you really know it first I'll do that over there I'm not used to chatting on TikTok and I don't want my manager to know that I'm communicating with a fan on TikTok I do not have access to that app I just looked I have a flip phone, so I only have TikTok. I don't think TikTok is on flip phones. All right, we'll wrap it up there. Yeah, so, I mean, there's obvious stuff here that we call out, which is trying to move someone to another platform. Right, right. Right, impersonating a celebrity. Yep. Flattering the victim, trying to move them to another platform. And the flattering in these things always starts surprisingly early. Right. You know? Right. Right. It starts, hey, dear, the very first two words, I kindly appreciate you for being a great fan. And it's, I mean, ugh. Yeah, but it's hilarious and I guess demonstrative how it doesn't matter what the scambator says. Right. I love your new album. My Spanx are too tight on my peepee. Right, and the guy just keeps going. Just, yeah, which again means it's either a bot or just someone who I'm guessing has 20 of these windows open. Right. Doesn't have time. And they're just copying and pasting responses in. Right. Right. It's likely that English is not their first language. Like, you know, there's just, there's all kinds of things going on. This person is running a volume game. Right. And just trying to keep going. So, oh, so funny. Yeah, so funny. All right. Well, we will have a link to that in our show notes. And of course, we would love to hear from you. If there's something you'd like us to consider for our catch of the day, please do email us. It's hackinghumans at n2k.com. And that is our show brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans at n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Iben. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpie is our publisher. I'm Dave Bittner. And I'm Joe Kerrigan. Thanks for listening. Thank you.