Talk With a Friendly Human
Attila: It's like, what?
Attila: You know, you're missing out.
Attila: I'm not saying it's bad, I'm saying that you miss out.
You're listening to the Cyber Secured Podcast, helping you become safer in every way.
Now, your hosts, Matt and Attila.
Attila: Welcome to the Cyber Secured Podcast.
Attila: My name is Attila.
Matt: My name is Matt.
Matt: Happy Friday, everybody.
Attila: Happy Friday.
Attila: Well, it's Friday for us.
Attila: I'm not sure if it's Friday for you, but if it's not Friday for you, we wish it were.
Matt: Yes.
Attila: But have some interesting things that have happened this week, and we wanted to talk about it on this week's podcast.
Attila: There's been a big increase in text messaging scams.
Attila: In fact, I think, Matt, is that your phone being text messaged as we speak?
Matt: It is.
Matt: I'm gonna shut it off.
Matt: I can't ever seem to completely mute my...
Attila: Okay, I was getting text messages as well at the same time.
Attila: So we get a lot of text messages.
Attila: It seems to like just never end.
Attila: And it's the same experience that I have whenever we try to meet with someone to talk about their network infrastructure or they're having a security concern.
Attila: While we're talking to them, phone is being just nonstop.
Matt: Even what?
Matt: Two episodes ago, your phone was just constantly buzzing, and you just kind of lost it a little bit while we're recording.
Attila: It's hard to focus.
Attila: And of course, whenever I do a TV spot, it's the same thing.
Attila: My phone just decides, oh, this is the time to notify you about every stupid thing that you've subscribed to.
Attila: I think the text messaging was not such a big deal, at least in America, until maybe about 10 years ago.
Attila: And then it started really kind of picking up.
Matt: Well, it's when we started getting official security-related text messages from Google or Microsoft or Yahoo, that I think it started becoming, or being taken more seriously.
Matt: It's almost like an alternative to email, but like email, it definitely has some major security holes on the user side from how we handle it, how we see it.
Attila: Yeah, for sure.
Attila: I mean, now we have RCS messaging, which is supposed to be...
Matt: I've seen that online, but I haven't actually looked into what it is.
Attila: It's supposed to be encrypted messaging.
Matt: Okay.
Attila: Right, and 10.
Attila: And that's only if, obviously, it's iPhone to iPhone, Android to Android, iPhone to Android, not so much.
Attila: So now RCS is available on Android.
Attila: That's right.
Attila: So you're supposed to be able to encrypt back and forth, but from back, I know I don't sound that old, but I'm getting older here.
Attila: Back in the paging days, when pagers used to send messages out, and this is the predecessor to text messages, that was all clear text.
Attila: Anyone could just fire up a receiver and listen to those text messages and then interpret them and be able to see those text messages.
Matt: Was that technology all in analog?
Attila: It's all analog, yeah.
Attila: I was on the 157 band and the 900 band, and you used to be able to just see all the text messages just coming right on through.
Attila: There was no encryption at all.
Matt: I remember back in the day in high school, all my peers had, I didn't have a peacher.
Matt: I wasn't rich enough, but...
Attila: You weren't a drug dealer, that's why.
Matt: I guess all my friends are drug dealers.
Matt: There you go.
Attila: You know, you probably had some real fun friends, I'll tell you that.
Matt: I mean, they had all the fun.
Matt: I didn't get to have any of the fun, but...
Attila: So, that morphed into two-way paging, right?
Attila: And then that was pretty much the same thing, you had a transmitter.
Attila: And now that turned into text messaging on the phones, and still the same thing.
Matt: Was that popularized by BlackBerry?
Matt: Because, I mean, people were really hooked to their BlackBerrys.
Matt: It was the sidekicks.
Attila: The first one was RIM, and then RIM was bought by BlackBerrys.
Attila: The RIM devices could do two-way paging, and then BlackBerry bought them, and then kind of integrated data into that, and then that became like the first kind of smart device where you could browse the web and check email and do two-way SMS, right?
Matt: Well, and that was huge.
Matt: I remember the first time I posted a photo from my phone.
Matt: I was in Hong Kong.
Matt: I didn't have data on my first iPhone in the US., but when I was visiting Hong Kong, I got a SIM card that I could post photos.
Matt: I remember doing it.
Matt: I was on a bus.
Matt: Took a photo of myself in a mirror on the bus.
Matt: And yeah, to me, that was just earth-shattering.
Matt: That was mind-blowing.
Attila: And now, if you're not doing that, you're weird.
Matt: Yeah, I'm dating myself by telling that.
Matt: But yeah, so SMS has definitely had its evolution and it's come a long ways, but like everything, there's some major security issues when it comes to how we handle it, what we do when we see it.
Matt: I don't know about you, but I get my text messages, I kind of let them linger.
Matt: I mean, you've got to alert fatigue, you've talked about that.
Matt: But someone like my mom, she gets an email, she gets a text message, and she's the kind of person that, for better or worse, she wants to act right then.
Matt: Like she's got to take care of it.
Matt: It looks important, she needs to do something.
Matt: And if it looks official, so caution tends to kind of go to the wind, and she'll follow the instructions and do whatever it's said.
Attila: Well, and I think since, like you said, the text messaging became used for more real correspondence, that's when that kind of behavior emerged from people, right?
Attila: Because you can get something in the physical mail, you won't respond right away.
Attila: Email, same kind of thing, and a link of a text messaging, somehow it gets your attention and it grabs your attention.
Attila: And the marketing strategies that are being used by these bad guys to try to scam people out of money using text messaging is the same thing that we, it's the same method that's been used to, for other marketing agencies like retailers, for example, they'll text you like, hey, we're having a sale right now for the next eight hours, go to our website here, put in this code, and you get a discount on shoes.
Attila: And that same strategy is being used by the bad guys.
Attila: And the ones that they can't seem to stop are the toll road ones.
Matt: Yeah, I got one recently.
Matt: And we're in Hawaii.
Matt: We don't have toll roads, we don't have toll bridges, so anybody that receives that stuff here, we automatically know it's not real.
Matt: But I did visit California recently, and because I used to live in California, I was aware and knew of the tolls, but I didn't know how my rental car would handle it, and I forgot to ask.
Matt: And so I didn't know, driving around, going over the bridges, did I need to stop and pay?
Matt: And I did see a little thing in my car, and a number of the toll locations, they didn't have a place where you could stop any longer, you just drove through.
Attila: Yeah, it's all computerized.
Matt: Yeah, so I just kind of figured maybe it might show up on my bill, or I'd have to pay for it later because there was another trip that I made that I think I got told that I had to pay afterwards.
Matt: So when I received one of those texts, I thought it was real.
Attila: Why wouldn't you know?
Attila: Right?
Attila: Yeah, it makes sense.
Attila: It kind of corresponds.
Attila: And the way that these scammers are becoming adept at this is they just look at number blocks and they just start texting everyone.
Attila: So on that text that you got, it probably said, press Y to reply to this.
Attila: Like, yes, I got the text.
Attila: And then go to this website and pay the toll.
Attila: And of course, when you press Y, that's you validating to the scammer that this phone number that they texted is valid.
Matt: Yeah, right.
Matt: Well, actually, whether I pressed Y or N for no...
Attila: Right.
Matt: Yeah.
Attila: You know, one other thing I wonder if they're capitalizing on, I don't know if you noticed, but there is a red receipt that you have on iPhone, default is turned on.
Matt: Yeah, I had to turn mine off.
Attila: Yeah.
Attila: And a lot of people don't.
Attila: They don't even know about that feature.
Matt: You're right.
Matt: They probably do capitalize on that.
Attila: So as soon as it hits the message, right?
Attila: But that could be just an iMessage thing.
Attila: So I don't know.
Matt: Yeah, I don't know.
Matt: But that's similar to ping.
Attila: Yeah.
Attila: It's like it pings you.
Attila: You got a response back.
Attila: The message was read.
Attila: Now we have a hot one, right?
Attila: And now they can continue to barrage that number with other messages.
Attila: It's like, oh, we got a clean list, clean to validate the list.
Attila: Now this is a common thing used in marketing, right?
Attila: So in marketing, when you're looking for prospects, you're prospecting, you get a list of companies and you call them up.
Attila: And if the phone number is good, then great.
Attila: You can say that this is a valid company.
Attila: If it's bad or they're out of business, you now scrub the list.
Attila: It's called scrubbing the list.
Attila: And back in the day with predictive dialers, predictive dialers are essentially robots that dial number blocks.
Attila: And if it calls a number and it hears a disconnected sound, then it goes, okay, do, do, do, this is a bad number.
Attila: Okay, it's going to mark that automatically as being a bad number.
Attila: So it is also a scrub list.
Attila: So you can figure out which numbers are valid, which ones are not.
Attila: Same thing they're doing with SMS messaging.
Attila: Now here's where it gets interesting, AI.
Attila: So they take the predictive text dialers, I guess, is the best way of putting it.
Attila: So these scripts that they've honed, using GPT, I'm sure.
Attila: I doubt they're writing this stuff from scratch.
Attila: So they blast out this message, they figure out which ones are valid, and then they send a message to those text messages.
Attila: Now the response is that they get back, if they don't get a lot of responses, they can adjust the message on the fly and continue to send out thousands of text messages per...
Attila: Yeah, A-B testing, exactly.
Attila: Per minute, thousands per minute.
Attila: And there's no way to stop them, right?
Attila: Because they're coming from out of the country, they're coming from who knows what phone numbers.
Attila: And there's something that really works against you by using a mobile phone for everything, right?
Attila: Because we use mobile phones for bill pay, for looking at menus at a restaurant, for, I don't know, paying...
Matt: Paying our parking?
Attila: Paying the parking tickets, exactly.
Attila: Or paying for tolls, even, right?
Attila: And because that is another thing you can do.
Attila: I mean, you can pay for tolls by holding up your phone at a toll road, right?
Attila: So it's in everything, right?
Attila: Banking, online banking, credit cards, you name it.
Matt: My driver's license is in my phone.
Attila: Yeah.
Matt: My phone is my key for my car.
Attila: You can tap to pay, right?
Attila: Apple Pay, Google Pay.
Attila: When you use your phone for everything and you have a small screen, I don't know about you, but I like big screens, like, you know, 27-inch computer screens.
Attila: I can see everything very clearly.
Attila: It's not an issue.
Attila: You're looking at a small screen.
Attila: You can miss that that phone number that sent you that text message, phishing message, the smishing, right?
Attila: SMS phishing, the smishing message.
Attila: It's from like the Philippines or Korea.
Attila: Yeah, right.
Attila: It could be from overseas.
Attila: You're gonna miss that country code in the beginning.
Matt: It could be like a plus 039 or something.
Attila: Yeah.
Attila: It's usually a two-digit code.
Matt: Sorry for all of you in that world code.
Matt: I don't know what that country is.
Attila: Well, it's two-digit code.
Attila: So 39, I'm not sure, but I'm sure we can look that up pretty quickly.
Attila: But, oh, now you got me curious.
Attila: 39 country code.
Attila: Yes, that is, oh, wow.
Attila: It is Italy.
Attila: There you go.
Attila: So Italy, if you see a plus 39, that is from Italy, Italy country code.
Matt: What was the one you said earlier?
Matt: 63 is the Philippines?
Attila: Yes, 63 is Philippines.
Attila: I think we're 41.
Attila: I think 44, no, 41 is Switzerland.
Matt: Well, I mean, either way, honestly, having those texts come in from a foreign country to me is a little odd, because it's so easy to spin up a number.
Matt: I mean, anywhere, you do have some safeguards in place, some of which I am battling right now, which is driving me nuts, the 10 DLC registration requirements.
Matt: And it's actually for this very reason.
Matt: They've made it kind of impossible.
Matt: I guess it's kind of a good thing, but I don't know.
Matt: I don't know the answers.
Matt: I know on the voice side, one of the solutions that I used a while ago, and I might actually do again, is services like No More Robo.
Attila: No More Robo, yeah.
Matt: Yeah.
Matt: And that's kind of a middle man for your phone number.
Matt: So when calls come in, if it's from a known scam center or even like bill collecting agency, whatever you want, it can actually block all that stuff, screen it for you before you receive the phone call.
Matt: I don't know if anything like that exists for texting.
Matt: Probably not.
Attila: Yeah, like you can't stop a phone number from texting you, even if it has a poor reputation score.
Matt: Yeah.
Attila: It has no way around it.
Attila: Yeah.
Matt: That's the one place where, I mean, we have email filtering and email domain reputation.
Matt: That all goes through its different things, and that still has plenty of issues.
Attila: You know, I heard something, this wasn't some, must have been some other podcasts, but they were talking about how the most effective marketing strategies that exist right now for legitimate companies is by text messaging, because it's exactly what you said.
Attila: People get 1,000 emails a minute, there's a million different spam filters out there.
Attila: So you say too many salesy words inside of an email message, and it's in spam, phone calls, forget it, right?
Attila: Everyone's got a phone tree or they're blocking stuff, right?
Attila: Text messages cuts right through the crap.
Attila: And then people like your mom and people like me, who are used to responding to, you know, tap, click, quick, you know, swipe, done, you know, on their phones, might accidentally tap something on that text message, click a link.
Attila: And now they're either phished or credential harvested or their phones infected.
Matt: Well, I mean, that was the whole thing with Linus Tech Tips that I have learned about recently.
Matt: I knew his channel had gotten hijacked.
Attila: Really?
Matt: Oh yeah.
Matt: I mean, that's a big channel.
Matt: They have giant sponsors.
Matt: Their videos are really fun.
Matt: And they've gotten to a really, really large size.
Matt: So it was really shocking to see, I mean, it's a computer company and they got guys that are really smart and no security and stuff.
Matt: It was kind of shocking to see that his site had gotten taken over and a bunch of fishing messages were leaving his page and his videos were getting deleted left and right.
Matt: And he went online, made a video about it.
Matt: And you see him, I mean, he's got the blur bars over him.
Matt: But late at night, you see him walking up to his computer, either naked or in his underwear, and he's on the computer freaking out.
Matt: And so in a follow up video I saw recently, it's exactly that.
Matt: It was a smishing email, SMS.
Matt: It was a smishing SMS that had gotten through to him that said his Twitter account had gotten taken over.
Attila: Oh, so it fooled him too.
Matt: Yeah, and he was at a barbecue and it happened.
Matt: So like you just said, was on his phone, small screen, clicked on the link, followed through, thought it was real, typed in his password, went through the whole process and thought he was okay.
Matt: And it was either that night or the night after that his YouTube channel started coming under attack.
Attila: I think you hit a real important point there, distraction.
Attila: I don't think we've ever been more distracted than we are today.
Matt: Yeah, no.
Attila: And I don't know anyone who doesn't watch Netflix or some streaming thing without a phone in their hand at the same time.
Attila: I don't know about you, but I can't focus on more than one thing at a time and have any sort of brain power.
Matt: Yeah, I have to set that stuff aside.
Matt: And actually, it's partially because I want to focus, but also partially because my wife has gotten mad at me a number of times.
Attila: Well, they did a Mythbusters episode on this where they had someone, obviously it was a closed course.
Matt: Yeah.
Attila: First stop, they were drunk.
Matt: Okay.
Attila: Drunk driving.
Matt: Sounds about right.
Attila: And they were like, okay, how well do we do in this obstacle course driving through these cones?
Attila: And I think they had a mannequin.
Attila: Right.
Attila: I had a little dog.
Attila: So they were testing response times.
Attila: And then they did a second one, trying to text message at the same time.
Attila: And they did worse text messaging than drunk.
Attila: And I believe NASA also had this study, like in the 1960s, they were trying to figure out the effects of distraction when trying to pilot a rocket ship to the moon, which is complicated.
Attila: And of course, when they distracted the astronauts, it was like 60% brain power.
Attila: So if you're driving or you're at a barbecue or you're trying to watch Netflix and something comes in, just know your brain is not functional.
Matt: Well, I learned also on a show I was watching, multitasking, what we think we're doing when we multitask is not really multitasking.
Matt: You're not really doing two things at once.
Matt: You're doing two separate things very quickly, very separately, and with diminishing returns.
Attila: There's switching.
Matt: Yeah, switching.
Matt: There's really only been a few instances in history that we know of where some people are gifted with actual multitasking, which is a whole nother subject and unbelievable, but...
Attila: But for the rest of us...
Matt: For the rest of us, for most of us, yeah, you can't.
Matt: It really speaks volumes to how important focus is.
Matt: And when we don't have full focus, you know, that's when those things come through.
Attila: There's also some statistics about how long it takes you to get refocused after you have been distracted.
Attila: So let's say you're writing an important email to someone, and your phone goes off with a text message, and you say, okay, and you look at your phone, and then you look back at your email.
Attila: Now you're out of flow.
Attila: Do you know on average how long it takes you to get back into flow?
Matt: Isn't it something like 40 minutes?
Attila: It's 12 minutes.
Matt: Oh, 12 minutes, okay.
Attila: So if within the next 12 minutes you get another text message, or a pop-up on your phone saying you've been...
Attila: I took Facebook Messenger off my phone because it was ridiculous.
Attila: It's non-stop.
Attila: There's always something popping up on there.
Attila: But any of the apps, any number of things, a bird can fly by and scream at you through the window.
Matt: When I show up here to work, my phone goes on to do not disturb for that reason.
Attila: You have to, because you cannot refocus, because you keep going out of focus, out of focus, out of focus, and your day can be completely ruined.
Attila: And at the same time, that's when you're most vulnerable to a hacker.
Attila: Well, let's not call them hackers.
Attila: Scammer.
Matt: Yep.
Attila: A scammer.
Attila: Getting into, you know, finding your phone number, sending you a text message, freaking you out.
Attila: You're distracted.
Attila: And because we have this tap, click, quick swipe mentality, we picked up, you know, it's only accelerated.
Attila: Now, you're gone, right?
Attila: You know, I think there is a solution to this.
Matt: Okay.
Attila: I don't like talking about problems without a solution.
Matt: Right, yes.
Attila: But the solution is not quite what you're gonna be excited about.
Matt: Okay.
Attila: So there's a new type of phone called a light phone.
Attila: Have you heard of it?
Matt: I have not.
Attila: So a light phone, it's a $500, $600 phone, and it's popular amongst those that have grown up with the internet, right?
Attila: It's social media, like heavy social media use, online dating, the whole thing.
Attila: And so they're in their 20s.
Attila: And there's also folks that are a little bit older in life who are just fed up with the constant annoyance of their mobile phone.
Attila: And so they're willing to pay $500, $600 to this phone.
Attila: And it's a phone with an e-paper display.
Attila: It has the ability to do podcasts, GPS.
Matt: I do think I remember hearing about this.
Attila: Text messaging.
Attila: So even if you get out, like a smishing text message, you can't tap on it and open it because it doesn't have a browser.
Attila: But it does have data and GPS, but very minimal.
Attila: It's designed strictly for podcasts, phone calls.
Attila: Wow.
Attila: Imagine that, phone calls, right?
Attila: And the reason that it's popular amongst the 20-sums is because they've grown up with their face in a screen, staring at every notification and X or Twitter or Facebook, whatever, thing going on at the time.
Attila: And they look up and they say, Oh my God, 10 years have gone by.
Attila: I'm now in my 20s and there's an entire world.
Attila: There's trees in the sky and in sunlight.
Attila: Maybe I should pay attention.
Attila: Like literally, they're starting to recognize that they're missing life because their face is in a phone all the time.
Matt: Yeah.
Attila: Isn't that interesting?
Matt: Yeah.
Matt: I've seen it firsthand.
Matt: There was a chick that I dated in Another Life a long time ago, and she was a lot of fun.
Matt: But anytime we'd hang out, sit there and watch a movie or a TV show, I'd look over and she'd just be on her phone.
Matt: And I'm like, aren't we hanging out?
Matt: Like why are you here if you're just going to be on your phone the whole time?
Matt: And she'd usually be playing like this game that sometimes she'd want to do multiplayer with me at a distance.
Matt: But she's sitting right next to me and it's like, okay, well.
Attila: You're not alone.
Attila: I mean, if you go out to, like we went out to Valentine's Day, Valentine's Day you got to go out to a nice dinner.
Attila: And we go out to dinner and this was recently, right?
Attila: I would say half the couples at the table, both the couples were staring into their phones the whole time.
Matt: Yeah, I've seen that too.
Attila: And the new way that kids play, I've seen this from my daughter, is to say, okay, we're going to come over and we're going to play together.
Attila: I'm thinking, you know, they're going to throw a ball, maybe they're going to go run around outside, maybe play tag or who knows?
Attila: You know, throw a frisbee.
Attila: There you go.
Attila: Something.
Attila: No, what they do is they both go in their room, they both turn on their laptops, and they play Roblox together next to each other.
Attila: It's like, what?
Attila: You know, you're missing out.
Attila: I'm not saying it's bad.
Attila: I'm saying that you miss out.
Attila: And there's a time and a place for everything.
Attila: I mean, there's a time and a place to watch movies, there's a time and a place to watch video games, and there's a time and a place to socialize.
Attila: Like, I know you guys can't see us here, but Matt and I are standing in his office.
Attila: While he's standing, I'm sitting because I'm lazy.
Attila: And we're looking at each other, talking with microphones attached to our lapels.
Attila: And we don't have a...
Attila: I mean, I have a screen over here in front of me just to like look up stuff, but I'm not looking at the screen while I'm talking to Matt.
Attila: Like, we're having a conversation that you are a part of.
Attila: And that's something that you miss.
Attila: So I know we've gone like way off topic here with...
Attila: We started off with smishing, and now we've ended up with how society has evolved.
Matt: Hey, we wanted to have a conversation.
Matt: And the fact is, you gotta be careful out there.
Matt: No technology is perfect.
Matt: Some technologies have protections in place.
Matt: SMS is one of those that unfortunately there really isn't anything.
Matt: And you just gotta be careful.
Matt: There are tools and technology to protect phones, things that companies can utilize, MDM and MDM policies.
Attila: Mobile device management.
Matt: Mobile device management, yeah.
Matt: It's not, same thing, it's not perfect, but it's a step in the right direction.
Matt: And any hurdle that you can put in place of the bad guys is usually an improvement.
Matt: But the number one thing is just to be vigilant, to pay attention.
Matt: If you get a text and you're not focused and you're not sure, try to zone in before you do anything.
Matt: Because pressing yes or no, why or and, we'll tell the guys who you are, that you're available.
Matt: And then following up on the link, my mom fell for one of those, where she thought a package had gotten lost.
Matt: We purchased so many things over Amazon and websites.
Matt: And yeah, she thought a package had gotten lost and she had to pay a dollar.
Matt: And so she went and put in her credit card, and the next day, she noticed that they charged another dollar and another dollar and another dollar.
Matt: She thought, oh, shit.
Attila: Yep, they're tapping.
Matt: Yep.
Attila: They're tap, tap, tap, and then it's a thousand dollars right away, yeah.
Matt: So yeah, just be vigilant out there.
Matt: Ask someone else if you're not sure.
Matt: Everyone's got that cousin or relative that's good with technology, and they don't necessarily like the questions, but you got to have someone that you can ask.
Attila: And if you're interested in seeing what some of these scam text messages look like, we just did an email and a social media blast about this, about the ToeRose scams.
Attila: It's on our DeepWatch blog, so you can go to sitepack.com/blog, and you'll see it right there.
Attila: It's one of the newer episodes.
Attila: Or if you're there, just search for text or smish, S-M-I-S-A, that'll pop it right up.
Attila: And of course, if you do run across something that's unusual and you want to run it by a second pair of eyes, we're here to help.
Attila: But that's it for our episode.
Attila: Thanks for tuning in.
Attila: I'm Attila.
Matt: I'm Matt.
Matt: Stay safe out there, guys.
Attila: Stay safe.
This episode was brought to you by Cypac.
To learn more about keeping your business safe from threat, crime, and disaster, visit Cypac.com.