Hacking Humans: Scammers, IRS Scams, and Rage Bait Phishing

IRS Scam Clarifications

• 💡 A listener named Tim, an IRS Criminal Investigation agent, provided crucial clarification on IRS scams.
• 🎯 Real IRS Criminal Investigation agents do show up unannounced at people's homes, make cold calls, or send emails.
• ⚠️ Agents can verify their identity over the phone or email, but cannot send photos of credentials.
• 🤝 For verification, it's recommended to meet an agent in person at a public place like a local IRS office or US attorney's office.
• 🚫 IRS Civil scams still follow the old rules: be wary of unsolicited contact and never pay with gift cards or cryptocurrency.

Evolving Phishing Tactics

• 🎣 Attackers are abusing legitimate SendGrid accounts to send politically charged phishing emails.
• 📧 Previously, these scams focused on compromising SendGrid accounts directly with messages about account issues.
• 💥 The new tactic, dubbed "rage bait phishing," uses emotionally charged subjects like "Support ICE" or political movements (LGBTQ+, BLM) to trick users into clicking malicious links.
• 🎯 The goal is to get users to click a link to "go to account settings" to disable these perceived changes, leading to compromised SendGrid accounts.
• 📈 This tactic leverages emotional responses to bypass critical thinking and is expected to become more popular.
• 🔑 To protect yourself, enable 2FA on SendGrid accounts, use strong passwords, and be aware of your emotional state when encountering urgent emails.

International Scam Crackdowns and Local Exploits

• 🇰 Cambodia is continuing its crackdown on massive Southeast Asian scam networks following the arrest of alleged kingpin Chen Zhi, signaling deeper international cooperation against fraud.
• 💸 These scam networks have stolen billions of dollars worldwide.
• 🚗 An Uber driver in Nashville fell victim to a convincing phone scam impersonating Uber Support, falsely accusing him of drunk driving.
• 💰 The driver was instructed to pull over, cancel his ride, and pay $300 for a sobriety test at a Walgreens, ultimately losing the money as no one showed up.
• ⚠️ Uber confirmed they never call customers directly from their support line, highlighting the scam's fraudulent nature.

Catch of the Day: Scammer's Repetitive Tactics

• 🎣 The "Catch of the Day" features a scammer attempting to build rapport by repeatedly using the recipient's name ("Maggie") in every sentence.
• 🤖 This tactic, often taught in sales, appears poorly translated or potentially AI-generated, leading to awkward and unnatural conversation.
• 🤦‍♂️ The repeated name usage is described as "cloying" and "irritating," a clear attempt to build false rapport.
• ⚠️ The scammer also makes odd references, comparing the name "Maggie" to MSG and a Muppet, further highlighting the unnatural communication style.