When you are the target, objectivity is gone.
Thursday, November 7, 2019
Joe shares a report on who’s more susceptible for scams. Dave shares a story from a listener who was hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to scam someone selling a motorcycle. Our guest is Maria Konnikova, an award-winning author, journalist, and international champion poker player. Her latest book is The Biggest Bluff.
Links to stories:
Maria Konnikova: [00:00:00] What is it about humans that makes us fall for these things, no matter how smart we are, no matter how educated we are, no matter how prepared we think we might be?
Dave Bittner: [00:00:11] Hello, everyone, and welcome to the CyberWire’s “Hacking Humans” podcast. This is the show where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I’m Dave Bittner from the CyberWire, and joining me is Joe Carrigan from the Johns Hopkins University Information Security Institute. Hello, Joe.
Joe Carrigan: [00:00:29] Hi, Dave.
Dave Bittner: [00:00:30] We’ve got some good stories to share this week – and later in the show, my interview with Maria Konnikova. She’s an award-winning author, journalist and an international champion poker player. She’s got two New York Times bestsellers, “The Confidence Game” and “Mastermind: How to Think Like Sherlock Holmes.” She’s a contributing writer for The New Yorker, and she’s currently working on a book about poker and the balance of skill and luck in life. It’s called “The Biggest Bluff,” and it’s going to be published later this year – so looking forward to that conversation.
Dave Bittner: [00:00:59] But first, a message from our sponsor, KnowBe4. Have you ever been in a security training? We have. What’s it been like for you? If you’re like us, ladies and gentlemen, it’s the annual compliance drill – a few hours of PowerPoint in the staff break room. Refreshments in the form of sugary donuts and tepid coffee are sometimes provided, but a little bit of your soul seems to die every time the trainer says, next slide. Well, OK, we exaggerate, but you know what we mean. Stay with us. And in a few minutes, we’ll hear from our sponsors at KnowBe4, who have a different way of training.
Dave Bittner: [00:01:40] And we are back. Joe, why don’t you start things off for us this week?
Joe Carrigan: [00:01:44] Sure thing, Dave. This week, Michelle Singletary had a story in The Washington Post about a report released from the FTC called “Protecting Older Consumers.” And it’s dated from 2018, 2019. Now, the FTC, for our international listeners, is the Federal Trade Commission here in the U.S. This report had some interesting findings, including one thing that said people older than 60 were about 20% less likely to fall for a scam than people younger than 60, which is not what you think it would be, is it?
Dave Bittner: [00:02:12] No.
Joe Carrigan: [00:02:13] However, when older people fall for a scam, their losses are much higher. So the average loss from a scam for an older person is about $1,700, and you compare that with about $500 for a younger person, depending on their age group, right? So it’s about three times as much. That’s generally because these people have more money to lose. If I call someone that’s 20 and I say, hey, I need $1,000, there’s a good chance they’re going to say, I don’t have $1,000, right?
Dave Bittner: [00:02:36] Right. They’re going to say, I need $1,000, too.
Joe Carrigan: [00:02:41] Right.
Joe Carrigan: [00:02:41] But someone calls someone over 60 – I need $1,000 – they’re going to know I have a bunch of those laying around, right?
Dave Bittner: [00:02:48] (Laughter) Right. Yeah. Because they’re lighting cigars with $1,000 bills. Yeah, OK.
Joe Carrigan: [00:02:51] Exactly. So I actually looked at this report. The report is really good, and we’re going to put a link to the report in the show notes, as well as report to Michelle’s article. But there’s some good news in here, as well. Reports of scams without loss are up 93%. So people are calling the FTC to report these scams now that they’re happening. Reports of scams with loss are down 19%. There are less events where people are losing money.
Dave Bittner: [00:03:14] They’re catching on to the scams.
Joe Carrigan: [00:03:16] They’re catching onto the scam.
Dave Bittner: [00:03:17] And they’re also reporting them.
Joe Carrigan: [00:03:18] Right.
Dave Bittner: [00:03:18] OK.
Joe Carrigan: [00:03:19] And the vast majority of people over 60 who filed complaints about scams actually didn’t lose money to the scam. So that’s also good news. There’s some really great graphics in this report that lay out the types of scams and how they affect people, and there are different scams that affect different people. And we’ve talked about this before on the show, where it depends on what your trigger is, right? Older people are more likely to fall for the tech support scam, and they’re also more likely to fall for prizes and sweepstakes scams, as well as imposter friend or family scams. Have you heard of anybody falling – getting one of these calls from an imposter friend or family?
Dave Bittner: [00:03:54] Oh, yes. What I think of first is the one where you’ll get an email from someone that says, hey, I’m overseas and I’m stuck without my passport. Can you send me $100 or something?
Joe Carrigan: [00:04:03] Yeah, send me some money.
Dave Bittner: [00:04:04] Yep.
Joe Carrigan: [00:04:04] My dad got a phone call from somebody pretending to be his grandson, one of his – one of my brother’s kids. And my dad immediately recognized it as a scam because my nephew doesn’t have an accent, and this guy did.
Dave Bittner: [00:04:18] That’s a good tipoff.
Joe Carrigan: [00:04:19] Right.
Dave Bittner: [00:04:19] Yeah, yeah. All right.
Joe Carrigan: [00:04:21] So, you know, but there’s somebody out there whose grandson does have the same accent – right? – and may fall for it. Younger people are more likely to fall for online shopping scams, as well as fake check scams, and – this is really not a surprise – business or work opportunity scams because if someone were to call me – I’m not 60 yet, but…
Dave Bittner: [00:04:42] (Laughter).
Joe Carrigan: [00:04:42] But if someone were to call me with a business opportunity – or actually, it’s probably not from being called; it’s probably from responding to an ad in the newspaper and looking for a job. I’m set in my career, and I’m moving along nicely in it, right?
Dave Bittner: [00:04:54] Right.
Joe Carrigan: [00:04:55] And most people my age are doing that. Younger people are still trying to find their way. So they’re more susceptible to this simply because they’re going to have more exposure to it. I found these other two statistics pretty interesting in the report, as well. The No. 1 way that these scams get started are with phone calls, by far. It’s not even close. It starts with a phone call, and people wind up losing money to a phone call. But the No. 1 way to lose money is via wire transfer. Wire transfer only makes up about 50% of the incidences in which people lose money, but it makes up 45% of the losses.
Dave Bittner: [00:05:27] I guess that aligns with both – the older people are more likely to be using wire transfers than things like Venmo or…
Joe Carrigan: [00:05:35] Right.
Dave Bittner: [00:05:35] …PayPal, online transfers of money.
Joe Carrigan: [00:05:37] Right.
Dave Bittner: [00:05:38] And they’re sending more money.
Joe Carrigan: [00:05:39] They’re sending more money, and the loss is not necessarily recoverable, as well.
Dave Bittner: [00:05:43] Harder to claw it back. Yeah.
Joe Carrigan: [00:05:45] Exactly. With a credit card, I can say that was a fraudulent transaction. I got scammed. The credit card company goes, OK, we just won’t pay the vendor. And it’s simple. But with a wire transfer, it’s not simple.
Joe Carrigan: [00:05:55] It’s a great report. It goes into a lot of other things, like what the FTC is doing to protect seniors and everybody, really, and also what the scams look like, which we’ve all seen before. But take a look at the report. Share it with your older relatives and friends. If you are an older person, read the report. It’s a good idea.
Dave Bittner: [00:06:10] You know, it reminds me that I think it’s easy for us to kind of reinforce that stereotype that it’s older folks who are most susceptible to these things.
Joe Carrigan: [00:06:20] Right.
Dave Bittner: [00:06:20] And they are not necessarily.
Joe Carrigan: [00:06:22] No, they’re not.
Dave Bittner: [00:06:23] But I find myself and some of the folks that I talk to – you sort of have this shorthand where you say, imagine Grandma at home and she gets a call, and it’s easy for her to be scammed. And to me, I – you know, I kind of picture the old grandma in the Tweety Bird cartoons, you know? With the…
Dave Bittner: [00:06:39] Right? You know, that – when you say grandma, that’s who I picture as the person who’s likely to be scammed. But we actually got a note from a listener once, and she – basically, she said, hey, knock it off. She said, I’m 50 and I’m a grandma.
Joe Carrigan: [00:06:51] Right.
Dave Bittner: [00:06:51] And I’m capable. I know my stuff. You know, (laughter) I know what I’m doing. I’m not going to be scammed, you know? So just please be sensitive to saying grandma. There are lots of us who are grandmas…
Joe Carrigan: [00:07:02] Right.
Dave Bittner: [00:07:03] …Who do not meet that profile of the woman who kept after Tweety Bird, right?
Dave Bittner: [00:07:09] So I think that’s good, and I think it’s important to note that. And I think this article helps remind us that, you know, we have these biases and these preconceived notions, and they may not align with what’s actually so.
Joe Carrigan: [00:07:20] Right. I’m not surprised to find that older people are less likely to be scammed than younger people simply because, as you age, you gain more experience and lose more faith in humanity.
Dave Bittner: [00:07:30] Right.
Joe Carrigan: [00:07:30] So I think that has a lot to do with it. But what is also not shocking in this report is that when an older person does fall victim to it, they probably have more to lose.
Dave Bittner: [00:07:39] Yeah.
Joe Carrigan: [00:07:40] And that’s unfortunate.
Dave Bittner: [00:07:41] Yeah, yeah. It’s a bigger catch.
Joe Carrigan: [00:07:43] It is a bigger catch. The younger people are the easier catch.
Dave Bittner: [00:07:45] Interesting.
Joe Carrigan: [00:07:46] Yep.
Dave Bittner: [00:07:47] All right. Well, it’s a good story. My story this week actually comes from a listener. This is a listener whose name is also David. And he sent this in via Facebook. And he says, hey, Joe and Dave; I’ve got one for “Hacking Humans.” He says, I’m on travel for business right now. And last night, I got a call from someone claiming to be the general manager of the hotel. They indicated that a computer malfunction had occurred, and they needed to re-reserve my room. Then they began to ask for various info, specifically card info. I was suspicious, so I told them I would come down to the desk to speak to them in person. They hung up.
Joe Carrigan: [00:08:22] Ooh.
Dave Bittner: [00:08:23] I went down to the desk, though I was sure it was a scam at this point, to let them know. I then spoke to the morning shift manager to ensure it got reported up the chain. Being a “Hacking Humans” listener likely saved me on this one, as it seemed to be on the up and up – no weird accents or broken English, polite and well-spoken individual. But it just seemed wrong that they would call me up and ask me about this rather than have me come down so they could rerun my card if needed. Interesting.
Joe Carrigan: [00:08:49] Immediately, I’m wondering, how did they know that you were in a hotel? Is this just something where they’re sending out these calls and whoever answers are saying, this is the hotel manager for where you’re staying, and whoever says, I’m in a hotel, or whoever that makes sense to is the target? Or is it something that – where they said, this guy’s on travel; he’s probably in a hotel – let me call him?
Dave Bittner: [00:09:07] I had the same sort of questions.
Joe Carrigan: [00:09:09] Right.
Dave Bittner: [00:09:09] One thing I wondered – and I did reach out but haven’t heard back – was whether or not they called him on his personal phone or his room phone. I think you’d be much more likely to fall for this if it were your room phone.
Joe Carrigan: [00:09:20] Yes. That’s a good point.
Dave Bittner: [00:09:22] Yeah. Now…
Joe Carrigan: [00:09:23] If they called on a room phone, then they already know that there’s somebody in that room.
Dave Bittner: [00:09:25] Presumably, yes.
Joe Carrigan: [00:09:27] That makes sense.
Dave Bittner: [00:09:28] Right, right. So…
Dave Bittner: [00:09:31] Yes, Joe. Boy, nothing gets by you, Joe.
Joe Carrigan: [00:09:32] No, nothing does. I…
Dave Bittner: [00:09:33] Presumably, the person in the hotel room would be in the hotel. That’s right.
Joe Carrigan: [00:09:38] Yes.
Joe Carrigan: [00:09:40] Boy, oh, boy.
Dave Bittner: [00:09:40] So most hotels have some layers of security about this. In other words, with a good hotel, you can’t just call up and say, please connect me to room 217. The people at the front desk will say, do you have a name for the person in that room, before they’ll just connect you.
Joe Carrigan: [00:09:54] Right.
Dave Bittner: [00:09:54] You can call a hotel usually and ask for a particular name, and they will connect you to that person’s room. But I wonder if someone could be in the hotel lobby on a hotel phone…
Joe Carrigan: [00:10:06] Yes, they can be because…
Dave Bittner: [00:10:06] …Just calling rooms.
Joe Carrigan: [00:10:08] …If you know how that works, you can just sit on the phone – let’s say you rent a room in the hotel, and then you can just call other rooms and run the scam.
Dave Bittner: [00:10:16] Right. That would be a low investment.
Joe Carrigan: [00:10:19] Yep.
Dave Bittner: [00:10:19] (Laughter) Get a room in the hotel and just call people…
Joe Carrigan: [00:10:22] Yep.
Dave Bittner: [00:10:23] …For the evening, yeah. Interesting. Well, that’s a new one for me. And thanks to David for sending that in.
Joe Carrigan: [00:10:27] Yeah, that’s also a new one for me. Thank you, David. I appreciate you sharing that.
Dave Bittner: [00:10:32] And by the way, I think he did exactly the right thing by…
Joe Carrigan: [00:10:35] One hundred percent, couldn’t agree more.
Dave Bittner: [00:10:35] …By saying – yeah – he’s going to go down to the desk and talk to them in person. And that will solve this one for sure. All right. Well, again, thank you, David, for sending that in. It is time to move on to our Catch of the Day.
0:10:47:(SOUNDBITE OF REELING IN FISHING LINE)
Dave Bittner: [00:10:50] Our Catch of the Day was sent in by a listener. This is from a website called twentytwowords.com. It is written by Mandy Kennedy. And it’s – “Man Gets Revenge on Craigslist Scammer in the Most Satisfying Way Imaginable.” These Craigslist scams are pretty popular. They happen a lot. Joe, I’m going to read the part of the person trying to do the scam, and you can be the part of the person who’s contending with them.
Joe Carrigan: [00:11:15] OK.
Dave Bittner: [00:11:15] The person scamming here is responding to an ad that was placed selling a motorcycle, and it goes like this. Hi, I’m Jessy. Is your 2012 Yamaha FZ8, reduced, $4,200 (Austin) still available to buy?
Joe Carrigan: [00:11:31] Yes, just posted today. Yep.
Dave Bittner: [00:11:33] Thanks for the swift response. Are you the first owner? What’s the condition, and why are you selling it?
Joe Carrigan: [00:11:37] Most of that is in the ad, but I bought it new, and it’s in great condition. One sec.
Dave Bittner: [00:11:42] Sound good. Am OK with condition, and I will be paying via PayPal. Do you have PayPal account?
Joe Carrigan: [00:11:47] Don’t take this the wrong way, but you haven’t even looked at it. Not really convinced you’re a person.
Dave Bittner: [00:11:51] I would have really loved to come for the viewing and give you cash, but due to my work frame, that might not be possible. That (ph) why I’m offering to pay you via my online PayPal.
Joe Carrigan: [00:12:00] Where do you live?
Dave Bittner: [00:12:01] I’m locate (ph) in Arlington. And you?
Joe Carrigan: [00:12:03] Downtown Austin. You have a motorcycle endorsement on your license?
Dave Bittner: [00:12:07] Yeah. I went to buy this for my son in Georgia.
Joe Carrigan: [00:12:09] What do you need from me?
Dave Bittner: [00:12:10] All righty. Kindly get back to me. PayPal, email, full name, pickup location, final asking price, cellphone number – for me to make the payment into your account as soon as possible.
Joe Carrigan: [00:12:19] Who will be picking up and when?
Dave Bittner: [00:12:21] I will have carrier agent to come for the pickup when the payment was clear. I think you don’t have problem with that because the motorcycle will be at your side until transactions (ph) was completed.
Joe Carrigan: [00:12:30] Can we talk on the phone?
Dave Bittner: [00:12:31] I have an (ph) hearing problem after a surgery, so I only do text now. Please bear with me.
Joe Carrigan: [00:12:36] The buyer can’t meet in person because of a number of reasons – i.e., they are a soldier in Iraq, they are a marine biologist, et cetera. The buyer requested you send the item to their shipping agent. The buyer asked you to send the money through Western Union or MoneyGram through the shipping agent. The buyer only sends you text messages and won’t speak to you on the phone. You’re really checking off all the things, aren’t you?
Dave Bittner: [00:12:59] What do you mean by this?
Joe Carrigan: [00:13:00] I mean, that’s from the PayPal website telling what signs to look for for a scam. There’s no good reason you would spend $4,000 on a bike that’s not for you and you haven’t seen without paying cash and have some random agent pick it up to ship it halfway across the country. Stop wasting my time.
Dave Bittner: [00:13:16] And that’s where we’re going to end it. It goes on. There’s more. He strings him along a little more deeply, but we’ll end it there.
Joe Carrigan: [00:13:23] Yeah, I love how he just copies and pastes all the things to look for from PayPal directly from the PayPal website (laughter).
Dave Bittner: [00:13:29] Yeah, yeah. Pretty straightforward, though, and like the person said, checking off all the boxes.
Joe Carrigan: [00:13:34] Right.
Dave Bittner: [00:13:34] And the real big red flag – I’ve seen many of these – where the scammer talks about having a hearing problem after surgery so they can’t get on the phone.
Joe Carrigan: [00:13:43] Right.
Dave Bittner: [00:13:43] That is a really common one. All right. Well, that is our Catch of the Day. Coming up next, we’ve got my interview with Maria Konnikova. She’s a bestselling author. Her new book, “The Biggest Bluff,” is going to be released later this year.
Dave Bittner: [00:13:56] But first, a word from our sponsors, KnowBe4. And now back to that question we asked earlier about training. Our sponsors at KnowBe4 want to spring you from that break room with new-school security awareness training. They’ve got the world’s largest security awareness training library, and its content is always fresh. KnowBe4 delivers interactive, engaging training on demand. It’s done through the browser and supplemented with frequent simulated social engineering attacks by email, phone and text. Pick your categories to suit your business. Operate internationally? KnowBe4 delivers convincing, real-world proven templates in 24 languages. And wherever you are, be sure to stay on top of the latest news and information to protect your organization with KnowBe4’s weekly Cyberheist News. We read it, and we think you’ll find it valuable, too. Sign up for Cyberheist News at knowbe4.com/news. That’s knowbe4.com/news.
Dave Bittner: [00:15:03] And we’re back. Joe, I recently had the pleasure of speaking with Maria Konnikova. She’s an award-winning author, journalist and international champion poker player. She’s got two New York Times bestsellers – “The Confidence Game” and “Mastermind: How to Think Like Sherlock Holmes.” She’s got another book called “The Biggest Bluff,” and that’s coming out later this year. Here’s my conversation with Maria Konnikova.
Maria Konnikova: [00:15:26] What is it about us that makes us susceptible? What is it about humans that makes us fall for these things no matter how smart we are, no matter how educated we are, no matter how prepared we think we might be? None of us are immune. It’s one of these things where you think, oh, you know, I have a background in psychology. I’ve studied this. And one of the things that I learned in – especially in interacting with con artists is you cannot be prepared, and you never see them coming.
Maria Konnikova: [00:15:57] So I think the most surprising thing to me, as I did my research, was that I would have never spotted them in a million years. I had some really uncomfortable experiences where I was interviewing a con artist. I knew exactly what they had done. I knew exactly who they were. We were together and talking about this. And I felt my sympathy going from the victim to the con artist because they’re so damn charismatic. And you listen to them and you’re like, oh, wow, maybe you’re right. Maybe they really did have it coming. Maybe you really didn’t do anything so bad. Maybe you really are just this misunderstood human being. And it’s a really horrible thing to realize about yourself, that you’re falling for the wiles of these really bad people.
Maria Konnikova: [00:16:39] And so I, actually about halfway through the process of researching my book, stopped talking to the con artists themselves in person because you don’t want the narrative to be skewed in that direction. But it just makes you realize how powerful they are, how charismatic. If you saw them coming, if you could actually spot this, then they wouldn’t be very good con artists. So I think it’s something very deep in them and deep in us that causes that connection, that trust to build. And you see how easy it is to take advantage of our trust, of our confidence. It’s frightening.
Dave Bittner: [00:17:12] Do you feel as though, with all the work that you’ve done, that you would be equipped to spot a con artist now?
Maria Konnikova: [00:17:19] No, absolutely not. The good con artists know – I think that’s one of the frightening things. You can see certain red flags. But I could spot a con artist if that con artist were conning you – that I might not have been able to spot. But when you are the target and if it’s a good enough con artist, the things that are very clear, the things that are very evident when you’re on the sidelines, that objectivity is gone when it’s you because what the con artist does, their MO, is to make you the protagonist in the story, to engage your emotions, to engage your passions, to engage your hopes, your fears, your very idiosyncratic view of the world. And they do this so well that, to you, it doesn’t look like a con.
Maria Konnikova: [00:18:07] You don’t see those red flags when they’re happening to you. You know, we all think if it’s too good to be true, it is. But what I found when I was researching “The Confidence Game” is nothing’s too good for you. You know, it’s too good for that other guy, but when it’s happening to you, you don’t think, oh, you know, this is really too good to be true. You think I am so lucky. You know, I deserve this. I’ve worked so hard for this. Yeah. Finally, the universe is answering and giving me what I deserve.
Dave Bittner: [00:18:35] Is there a common thread that you find that runs through these con artists? Is there anything that they tend to have in common?
Maria Konnikova: [00:18:41] Con artists come from all walks of life. It’s not the case that, you know, oh, they were abused as a child or they come from underprivileged backgrounds. None of that is true. So just like there is no profile of a victim, there’s really no profile of a con artist. But they do have some psychological traits in common. So one of the things that I found was that con artists often exhibit what’s called the dark triad of traits, and this is psychopathy and narcissism and Machiavellianism. Psychopathy is the least common, and so a lot of con artists are not psychopaths. The other two are much more common. So you don’t have to have all three of the dark triad.
Maria Konnikova: [00:19:20] So psychopathy basically means that you don’t process emotion the way that a nonpsychopathic brain does. So when other people might feel, you know, a hot, visceral, emotional response, you understand what’s happening cognitively, but you don’t actually feel it in that same emotionally engaging way. And so that makes you better able to take advantage of people because you don’t feel guilt. You don’t feel remorse. You don’t feel at all bad about what you’re doing. And so you say, well, doesn’t really matter. And if you even look at the language that con artists use to talk about their victims, they don’t call them victims. They call them marks. So it’s, like, walking targets. But like I said, this one is actually the least common. The other two, I would say, all con artists have.
Maria Konnikova: [00:20:07] So narcissism is not just this overblown ego and sense of self that, you know, you’re the center of the universe, but it’s also a sense of entitlement. So I deserve this. This is for me. And this actually is a really clever way that con artists have of explaining away what they’re doing. They say, oh, I’m not doing anything wrong. I’m just righting the world. I am putting things back where they belong, meaning I deserve these things. So, for instance, impostors who steal other people’s identities and degrees, they’ll say things like, oh, well, you know, yeah, sure, I dropped out of high school, but I’m smarter than those doctors. I deserve that MD. I could have gotten that Ph.D. Let me just take those credentials. I should have gotten them anyway. And so that’s how they rationalize that. And that sense of entitlement allows them to really go through all of these rationalization hoops in their mind that make them OK with what they’re doing.
Maria Konnikova: [00:21:07] But the one that’s I think the most crucial to how they’re able to do what they do is Machiavellianism. And Machiavellianism comes from Machiavelli’s “The Prince.” What Machiavellianism means is that you’re able to convince people to do your bidding, but they think it’s their idea. They think it comes from them. They don’t realize that you’re the one who planted those seeds, that you’re the one whose suggestion it was. So it’s this very kind of sneaky way of getting your victims to do what you want them to do, but they don’t realize it, and so they still trust you. They don’t see you as manipulative. Instead, they think, oh, I’m brilliant. I’ve got this great idea. Why don’t I invest in this rare wine collection or whatever it is?
Dave Bittner: [00:21:52] What did you learn from the victims? What sort of lessons can we take from them?
Maria Konnikova: [00:21:57] Well, first of all, I think that the most important thing is that this has nothing to do with any sort of moral, ethical or personal failure on anyone’s part. I think as a culture, we really blame victims in terms of victims of con artists. It’s one of the few crimes where people tend to be on the side of the con artist because they think it’s kind of glamorous and cool. And they try to look down at the victim and say, oh, well, you know, that was stupid. I never would have done that. You know, well, you were just greedy; you were just this; you were just that. That’s not true. And what you learn when you talk to these victims are that these are really smart people, really good people, not greedy people, people who usually want the best and who want a better version of themselves and a better version of the world. And that’s what they believe in. And that’s why they fell for con artists. And so I think that that was the most important thing that I learned just because it’s so unexpected.
Maria Konnikova: [00:22:52] You know, you have people of all walks of life, all education levels. And even when you get a con like Bernie Madoff, for instance, where people say, oh, well, you should have been – should have known better, you know, someone with such returns – well, a lot of these people – a lot of his victims actually weren’t that wealthy. They gave him all of their money, all of their savings. There were people who’d saved their entire life and then gave it to him to manage because they said, well, I don’t know anything about finance and other people seem to trust him. And so we’ll trust him, too. And so even in a situation like that, it’s really not a greed motivator. And I think that that’s the most important thing that I learned. And I think that that’s the most important thing that I hope that others will learn as well.
Dave Bittner: [00:23:33] You know, on this show, we often talk about the notion of being able to sort of inoculate people against some of these scams, that the more knowledge you have, the more likely you are to be able to detect if someone’s trying to pull one over on you. What’s some of the advice you have for our listeners?
Maria Konnikova: [00:23:49] First, I actually do not think that inoculation is possible. Knowledge is incredibly powerful. And, yeah, you can inoculate yourself to certain types of cons if you know that they exist, you know, some very specific varieties. And I think that, you know, first, some of the most powerful advice is don’t be overconfident and realize that there is really no such thing as the exception to the rule. And that includes you. You are not the exception. And listen to other people. That’s what we don’t usually tend to do.
Maria Konnikova: [00:24:21] So think about a relationship, right? Think about if your friend is dating someone and you just – you don’t really like them because you think they’re bad for them. You think that there’s red flags. You think that it’s not a healthy relationship for a lot of ways. What does the friend do when you say, hey, I’m not quite sure about the person you’re dating? Do they say, oh, thank you so much, you know, let me raise your concerns and do some due diligence and make sure that everything is accurate? No. They say, well, I can’t believe you’re not happy for me. I can’t believe that you’re the one who’s raining on my parade when everything is going so well. That’s the natural emotional reaction. So don’t be that person. And it’s much easier said than done.
Maria Konnikova: [00:25:00] When you’re emotionally invested in the situation, it’s just so easy to lose track. And then whenever anyone else tries to raise any red flags or issues, you just won’t listen to them. You shut them out completely. So I would say the people you trust, you know, your friends, your family, the people who’ve been with you through everything, if they’re raising concerns, you should probably listen. My saying this right now is not going to make you listen because once you’re actually in that situation, you just become unreachable. And I know that. I’ve experienced it personally. I think that when we’re not in that situation, we’re much more confident of our ability to get out of it than when we are.
Dave Bittner: [00:25:41] Joe, what do you think?
Joe Carrigan: [00:25:42] Very interesting. I liked one of the things she said. No matter how smart or educated we are, none of us are immune. We’ve had stories on here about medical doctors or med school teachers getting scammed out of tons of money. And that’s true. You’re not immune, no matter what. There’s something out there that’s going to work on you. She had to stop talking to con artists. That’s amazing. She knew what she was getting into. She sought these people out to try to talk to them and try to get their stories, but then she found herself starting to empathize with these people.
Dave Bittner: [00:26:10] Right. And that’s kind of their superpower, right…
Joe Carrigan: [00:26:12] Right.
Dave Bittner: [00:26:13] …The con artists.
Joe Carrigan: [00:26:13] Exactly.
Dave Bittner: [00:26:13] Yeah.
Joe Carrigan: [00:26:14] Maria makes a great point about victim blaming in cons. We do this a lot, particularly in this country. And, yeah, they have appealed to somebody’s sense of greed or somebody’s sense of pride or – but these are vulnerabilities we all have. Who out there wouldn’t like to have some kind of opportunity to make a huge pile of money? Don’t look at somebody and say that you fell for this because of your greed because, chances are, if the con artist would’ve focused on you, you would have fallen for it for the same reasons.
Dave Bittner: [00:26:41] Yeah. I often wonder how much we’re kind of projecting our own shame, that we recognize that – what’s that saying? – there, but for the grace of God, go I, you know, that sort of thing, like…
Joe Carrigan: [00:26:51] Yes.
Dave Bittner: [00:26:51] And so, yeah, it’s a strange little bit of denial, I suppose.
Joe Carrigan: [00:26:55] She says there’s nothing you can do except brace your own vulnerability. With these professional scammers, when they set their sights on you, I imagine that this is probably, like, if you’re, you know, defending a computer network and a nation state sets its sights on you, there’s probably nothing you can do. And she’s got a good point. These guys are really good at what they do. But she also says that you can spot when a con artist is working on somebody else, but you will not be able to see them working on you, which kind of ties into her last point of you should listen to what other people say. Be receptive to when people are telling you warning signs. But she also says that it’s hopeless there, too (laughter).
Dave Bittner: [00:27:32] Well, I think about even, you know, in my own life. And I suspect you’ve experienced this, too, where that’s – you know, hindsight is 20/20 when you look back and you say to yourself, what was I thinking?
Joe Carrigan: [00:27:42] Right.
Dave Bittner: [00:27:43] Why was I in that relationship, or why did I do that thing, or why did I go along with that? It’s almost like you’re looking back at a different person.
Joe Carrigan: [00:27:50] Right. Yeah, absolutely. And I’ve also been in the situation where I’ve said to somebody, I don’t think that’s a healthy relationship that you’re in, and she’s 100% right. People do not respond well to that.
Dave Bittner: [00:28:01] Well – and I think those of us who’ve been around for a while, we get trained to keep our mouth shut…
Joe Carrigan: [00:28:05] Yeah, absolutely.
Dave Bittner: [00:28:06] …Because we know it’s not going to be responded to well.
Joe Carrigan: [00:28:09] It’s of little use. When I see that same behavior happening again, what am I going to do? I’ve already told this person two or three times that this relationship, this event, is not going to work – end well for them.
Dave Bittner: [00:28:19] Right.
Joe Carrigan: [00:28:19] But I don’t know. Maybe it’s a form of learned helplessness on our part as the people who see the warning signs. And what we do, we just talk about it with our friends, going that’s not going to end well (laughter).
Dave Bittner: [00:28:28] Right. Right. Right.
Joe Carrigan: [00:28:29] Should we tell her? No. Should we tell him? No. No. That will not end well either. So…
Dave Bittner: [00:28:34] (Laughter) It always goes well with our teenage children, too. They love to have us give them advice about relationships.
Joe Carrigan: [00:28:39] Yep.
Dave Bittner: [00:28:42] All right. Well, I think that’s a good place to end it. Again, thanks to Maria Konnikova for joining us. Her book is called “The Biggest Bluff.” And that’s coming out this year. Do check it out.
Dave Bittner: [00:28:52] And that is our podcast. We want to thank all of you for listening.
Dave Bittner: [00:28:55] And, of course, we want to thank our sponsors, KnowBe4, whose new-school security awareness training will help you keep your people on their toes with security at the top of their mind. Stay current about the state of social engineering by subscribing to their Cyberheist News at knowbe4.com/news. Think of KnowBe4 for your security training.
Dave Bittner: [00:29:12] We want to thank the Johns Hopkins University Information Security Institute for their participation. You can learn more at isi.jhu.edu.
Dave Bittner: [00:29:20] The “Hacking Humans” podcast is proudly produced in Maryland at the startup studios of DataTribe, where they’re co-building the next generation of cybersecurity teams and technologies. Our coordinating producer is Jennifer Eiben. Our editor is John Petrik. Executive editor is Peter Kilpe. I’m Dave Bittner.
Joe Carrigan: [00:29:34] And I’m Joe Carrigan.
Dave Bittner: [00:29:35] Thanks for listening.
Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.