February 6 – Romance Scam, Deep Fake Cyber Espionage, and Teenagers in Cybercrime

The Daily Decrypt

February 6 - Romance Scam, Deep Fake Cyber Espionage, and Teenagers in Cybercrime

00:00 / 14:28

Romance scams, sophisticated cyber espionage campaigns, and the alarming trend of teenagers turning to cybercrime. We begin with the U.S. Secret Service’s warning about the rise of romance scams, where fraudsters exploit individuals’ longing for companionship to manipulate and defraud them, emphasizing that no one is immune to these deceptions.

Next, we dive into The Hacker News’ report on a cyber espionage campaign known as Patchwork, which targets individuals in Pakistan and India through malware-infected apps, revealing the depths of digital deception and the espionage capabilities of VajraSpy malware.

Finally, we explore the dark trend of teenagers engaging in cybercrime, discussing the allure, the risk, and the potential redirection of these young talents towards ethical paths in cybersecurity.

Featured Articles:

Join us as we navigate the intricate web of digital threats and discuss the importance of cybersecurity awareness, the role of technology companies in safeguarding against these threats, and how society can foster a culture of ethical digital engagement among the youth.

Listen in for an in-depth analysis and expert insights into the evolving landscape of cyber threats and defenses.

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Transcript:

Romance Scam, Deep Fake Cyber Espionage, and Teenagers in Cybercrime

[00:00:00] announcer: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now.

[00:00:29] offsetkeyz: Good morning, everyone. Today is February 6th. And welcome back to the daily decrypt. Today. We’re going to be talking about something that affects every human with a beating heart. You all are vulnerable to romance scams. We are also going to be talking about how scammers use deep, fake to swindle their way into $200 million.

And finally. We’re just going to touch on how cyber crime has become a playground for teenagers.

And why [00:01:00] they have chosen this field to get their kicks.

So first up we’re talking about romance scams. I’m not sure if you’re all aware, but in. A little over a week. There’s the infamous romance holiday of Valentine’s day. And although I personally am not plagued by loneliness at this current moment. I have felt loneliness in the past.

You can become pretty vulnerable when you’re feeling that way.

And everyone is susceptible to it. Frequency can vary from individual to individual, but As it gets closer to Valentine’s day. The romance scams start to become more and more popular. So essentially a romance scam is when someone online, which is where a lot of dating takes place. Nowadays we’ll use. Your desire for companionship to get you to do anything, Give them money, send them nude photographs. the creativity is unmet. Anything is possible.

Especially in today’s [00:02:00] day and age where AI is becoming more prevalent. It’s hard to tell if you’re talking to a real person or to an artificial intelligence or machine learning bot.

So you can imagine how easy it would be to have long-winded conversations with someone, tell them deep dark secrets. And you’re not even knowing that this isn’t even a real person. Maybe it is a real person who is crafting these responses, writing down everything you say, maybe they’re going after your.

Security questions on your bank account.

Maybe they’re trying to get your email, send you some stuff through email. They’re trying to get information out of you. They’re trying to gain your trust. They’re trying to use that loneliness and desire for companionship to get something out of you. So these scams have already started they’re well underway. Especially in the romantic season of Valentine’s day. So take a look at all your online chats on Tinder, et cetera.

And just ask yourself, do you think this is a scam? Could [00:03:00] this possibly be a scam?

Don’t be afraid of being perceived any sort of way for saying no to anything. That’s just general advice for dating from someone who’s been on plenty of online dates and seeing the crazies that are out there.

Don’t hesitate to say no to paying for a meal. Don’t hesitate to say no. To. Pick up someone at the hospital or anything there’s a timeline in that you should be kind of following as to what’s normal throughout the dating process. And if it’s too early,

no is a very powerful word. And if someone is not willing to respect your no.

They’re not worthy of your time. This is romance 1 0 1. With your host offset keys.

Now that being said,

We all know the popular. Dating apps like Tinder hinge and Bumble and stuff like that. Those are relatively safe. As far as the app itself goes, the people on there, maybe not quite as much, but. There are other apps that have been spun up in the last year, specifically targeting this. [00:04:00] Timeframe. That are not dating apps. They’re fake dating apps that either install malware on your phone. Or track everything you’re doing on your phone, et cetera. You likely will not find these in the apple store, but they are. Running rampant in the Google play store.

The hacker news recently reported on. Cyber espionage campaign orchestrated by a threat actor known as patchwork. Patrick targets individuals in Pakistan and India tricking them into downloading malware infected apps from the Google play store. These apps are disguised as messaging and news platforms.

they install the. Malware, they transform the victim’s Android devices into espionage tools. So the capabilities. Allow attackers to steal personal data intercept messages from encrypted services, like WhatsApp and signal and record phone calls and even capture photos.

Especially if you’re an Android user, be careful read [00:05:00] reviews about dating apps.

You’re downloading. Make sure those reviews are from credible sources because if I were to spin up an app that was malicious, I would also spin up multiple websites. That had fake reviews. So check things out like forbes.com or any sort of reputable third party. Site that you know, and trust for these reviews.

If they don’t have anything on there, it’s not worth.

Getting on there. Maybe this app. Offered you some sort of incentive to download it you know, free premium for a year. If you’re one of the first hundred downloads,

Just to remember that if anything seems too good to be true, it probably is stick to the basics, especially during this season. Tinder hinge, Bumble.

Meet up with the person before sending the money. All that stuff. Just be safe out there. Dating is a business. it’s a top seller for. Corporate conglomerates to use your romance against you and hackers also know that. So make sure to [00:06:00] stay safe out there.

Send us a DM. If you have any questions, if you want to send us some screenshots, we’ll happy to take a look at them.

The next article comes from the south China morning post and discusses a groundbreaking scam that rocked a multi-national companies, Hong Kong office, leading to a loss of Hong Kong, $200 million through the use of deep fake technology.

The story penned by Harvey Kong unfolds a sophisticated scheme where criminals used digital wizardry to impersonate the company’s chief financial officer. And other staff members that a video call.

That’s crazy.

I’m on video calls all day for work. Looking around seeing the faces that I know. Every day. They could be deep fakes, you know, I don’t know how these people got the video footage to make the deep fake, but. That’s insane. This is a new level of the cyber frontier, in my opinion, where we can have videos of [00:07:00] people we know. Asking you for money.

Okay. So imagine sitting in a video conference and everyone looks and sounds exactly as you expect. But none of them are there. That’s what happened. The scammers were able to convincingly mimic the CFO and others. Tricking and employee into transferring $200 million to fraudulent accounts.

So there’s not much more to this story other than the fact that it’s absolutely mind blowing. What can we trust nowadays? How can we prevent this type of thing?

I think this goes back to trust, but verify. you should never do anything based on one. Interaction.

Say someone called you from CVS or from the power company or from wherever and asked you for money. Right. You’re going to trust that that’s a real interaction, but you’re also going to verify that it’s a real interaction by calling back. Like hanging up the phone, calling the verified number that you found in the yellow pages or in some reputable source.

So this is the same thing. If the CFO is looking you in the eyes, And asked you to transfer [00:08:00] $200 million. Definitely send finance and email, send the CFO an email, just confirming that this is the number that’s correct.

You got to trust, but verify. So that’s the new model going forward in this digital age is trust, but verify, think about ways in which you can verify what you just experienced because. Nowadays, there’s a chance. My voice has been mimicked on AI. face may have been too. I’ve received calls saying that someone in my life has been hurt from someone who sounds exactly like my mother. It’s not safe out there. Trust, but verify.

Oh You

[00:08:42] offsetkeyz: And finally just an interesting perspective story for this one. Becky Bracken from the dark reading.com. Discussed what brings teenagers and cyber crime together? I just think this is pretty interesting to think about. Because when I think of someone who’s performing cyber crimes or really any sort of [00:09:00] sophisticated attack. I tend to think of mature adults between the age of 28 and 55.

That’s just what picture I paint in my head.

But a lot of these cyber attacks are from kids who are living in their parents’ basement. 16 year olds, 15 year olds. You know, I was just reading about. How Mozilla Firefox and Facebook were both founded and created by teenagers, right? Both of them at the time. We’re created by teenagers. So it’s kind of transformed from these Silicon valley startups, the teenagers, trying to get in early and use their technical skills. To create a career for themselves.

They’re now pivoting more towards hacks and.

Using the internet for their advantage. What you’re doing on a computer in your parents’ house feels safe and it feels like. It’s legal. It’s just typing things in. You’re not actually going out and [00:10:00] committing a crime, even though the stakes are way higher. You can also mask yourself pretty well. And especially during that, those ages of maybe 15 to 20.

You feel invincible? You feel like, maybe you just got your driver’s license, maybe your whatever, you’re invincible, you see. Nothing can touch you.

And I know we’ve all done questionable things in our youth because of the lack of maturity and the lack of understanding of the implications of those things. And thinking about these kids. Who are. You know, ransom wearing. The banking industry.

If it’s accessible. I I probably. Would have as well, because I was a dumb teenager. Not saying I would now by any means. Absolutely not dedicated my life to not doing that and preventing others from doing it. But just I’ll be the first to admit that I was a dumb teenager and I also had some skills behind the keyboard, so I [00:11:00] probably would have to.

Just for the kicks, you know?

So this article. On dark reading.com. You can find it in our show notes. Talks about what motivates kids to get into cybersecurity. And it’s, it’s exactly that.

Maybe they’re just curious. Maybe they’re under some sort of financial pressure. Maybe their family is having a hard time making ends meet. There’s just thrill of the challenge or, you know, they’d seem risk-free. These are the main. Reasons that children are turning to it.

And the article also discusses ways that we can.

Turn around and try to prevent this as a community, as a culture. And it’s really interesting perspectives. But there’s also things that we need to think about, especially if you’re a teacher or someone who’s influencing young children, a parent. Et cetera. Think about opportunities you’re giving to your child to satisfy those itches. In a healthy, safe, legal way.

How are you? Keeping them curious and challenging them. You know, school is not [00:12:00] challenging for most teenagers. It could be challenging just because they’re failing. Doesn’t mean it’s challenging. maybe they’re too bored. Maybe they’re having a hard time paying attention. And the only thing they can pay attention to is. Like dark. Web crimes. So we need to find ways to stimulate the children in our lives and keep them engaged, you know, make sure they’re not under any financial pressure.

If, if their behaviors change overnight. I know that’s what teenager dumb is about behaviors changing, but. You know, maybe they’re really happy one day and really depressed the next day. And they stay in this lump and then they get like really happy again. Check in with them. Be normal people don’t be dictators.

Make sure they’re healthy and safe. And that T is a, another lecture from someone who doesn’t have children. So sorry to mansplain parenting to you. I just. I see a lot of children getting busted and put in jail with million dollar fines for doing ransomware from their parents’ house. So. None of you want that for [00:13:00] your children?

None of you want that for your students. So let’s find creative ways to engage them in ways that the dark web could.

See, I think that’s it for today. Thank you so much for listening.

Moving forward. we’re going to be cutting back to four days of news and then one day. Friday or Wednesday or whatever day we choose will be a bonus segment. If you caught our bonus segment this last Saturday, I hope you enjoyed it. And I hope you’re looking forward to. Learning more about ways you can build industry standard experience from your own house.

We’ve got some ideas about how to bring in some guest speakers and some people with actual.

Authority in the area of hiring entry-level cybersecurity professionals to discuss. The validity of the projects that we’re going to be introducing to you and Yeah, leave us a comment below. Give us a follow on Instagram or X or anywhere that we are. We have a website we’re on Reddit. We are trying to get the word out there. I’ve been really. Really humbled by the amount of support [00:14:00] that we’ve had.

Coworkers, friends, family members, and. People are telling other people in it, it means a lot to us. We’re going to keep it up as much as we can.

We will talk to you tomorrow.