In this episode, Graham warns why it is high time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once.
Meanwhile, Carole unpacks a painfully awkward tale of amour fou, as a 76-year-old Belgian man drives 476 miles to meet his dream woman... only to be greeted by her very-much-still-husband at the gate.
Plus: Sky Arts painting competitions get a thumbs up, Mark Zuckerberg never loses at board games, and the scandalous Facebook memoir Meta tried to silence.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Teen arrested for 'smishing scam' using technology never before seen in New Zealand - RNZ.
- Op Orca — smishing scam smashed - New Zealand police.
- SMS blasting incidents are rising - Risky Bulletin.
- Bangkok busts SMS Blaster sending 1 million scam texts from a van - Bleeping Computer.
- Police warn of SMS scams as ‘blaster’ is used to send thousands of texts - The Guardian.
- Reports of SMS Messages Sent by Fake Base Stations - Commsrisk.
- Keeping your Android device safe from text message fraud - Google Security blog.
- What is Paris syndrome? How culture shock can kill a trip - The Independent.
- Belgian man crushed after driving nearly 500 miles to meet French model he believed was his 'future wife' - Fox News.
- French is the language of love: myth, reality, and romance - ICLS.
- Romance scam victim travels 700km 'to marry French beauty queen' - BBC News.
- Un homme se présente chez moi pour être mon futur mari… - YouTube.
- Sky Artist of the Year.
- Careless People - The Guardian Bookshop.
- Careless People: We read the book that Mark Zuckerberg doesn’t want you to read - Slate.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. How old is this woman? I thought our hero was like 38, but he's 76. Dirty old fella.
CAROLE THERIAULT. A little bit dirty.
UNKNOWN. Smashing Security, episode 427. When 2G attacks and a romantic road trip goes wrong. With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 427. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. So what's coming up this week, Carole?
CAROLE THERIAULT. First, let's thank this week's wonderful sponsor, Vanta. It's their support that helps us give you this show for free.
Coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm gonna be asking if it's time to turn off 2G.
CAROLE THERIAULT. Ooh, okay. And I'm gonna ask how far should you drive for love?
All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, Carole, you love a concert, don't you?
CAROLE THERIAULT. Oh, if I like the band, yeah.
GRAHAM CLULEY. Have you ever been to a big concert where there are thousands and thousands of people and you're all crammed in, you know, like—
CAROLE THERIAULT. Yeah, I'm not a huge fan. I do go, but I do have a bit of like, it's too many people.
And if there's a rush or, you know, I get—
GRAHAM CLULEY. That's what I think too. Yeah.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. I'd much rather something a bit smaller. I don't like all those people around, but there are ways in which cybercriminals can take advantage of big groups of people.
And I'm going to tell you about one of the ways in which they can do that today. And I'm going to start my story in August last year, where police in New Zealand reported that they had arrested a 19-year-old kid who was suspected of conducting a cybercrime that they said had never been seen before in the country.
I mean, how many times can that happen? As something brand new has never happened in the country before.
But that's what they claimed happened. And the police called their investigation Operation Orca.
CAROLE THERIAULT. Mm, like the whale.
GRAHAM CLULEY. Well, exactly. The killer whale, isn't it?
I think they don't like to be called killer whales, do they? They think that's rather— which I can understand.
CAROLE THERIAULT. I wouldn't want to mess with one though.
GRAHAM CLULEY. I wouldn't want to mess with one either. But if I were an orca, I'd probably be thinking, hey, you know, come on, we're all about the peace and love as well.
You know, we're not all about killing all the time. But anyway, it's funny how the police come up with these kind of names, because it has absolutely nothing to do with the ocean or killer whales and orcas.
But when it's written in all capitals by law enforcement agencies, it instantly makes their investigation sound way cooler. I'm sure the police just love to have a cool operation name.
And I think Operation Orca—
CAROLE THERIAULT. Everybody wants a cool operation name, unless you don't want a cool one, because you don't want anyone to pay attention. So then you just go 564 little p big P G8.
GRAHAM CLULEY. Well, what Auckland Police uncovered was, for the first time ever apparently in New Zealand, an SMS blaster. Do you know what an SMS blaster is?
CAROLE THERIAULT. No, tell me.
GRAHAM CLULEY. Well, also known as a false or fake base station, which may give you a clue, and obviously SMS as well. It's a close relation to those Stingrays or IMSI catcher things.
You know how the bad guys can set up a fake base station, like a fake cell tower.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And whereas stingrays are all about intercepting and spying on people's calls, an SMS blaster is all about going the other way. It's about sending messages to people's phones via SMS.
And what happened in New Zealand was they arrested this 19-year-old. He'd blasted out 700 scam texts in one evening, all pretending to be from banks. And he'd done it from this rig, which he'd built in his car.
He'd plugged it all in. I guess he'd probably plugged it into the cigarette lighter or something like that. And it was a computer in the back of his car whirring away, a proper big computer.
And he's got this antenna and it's blasting off. And what would happen is that this thing would be picked up by people who maybe didn't have a great phone connection. So if you were in town, or if you were at a crowded concert, or you're in the busy centre of a city, and if you haven't got great connectivity, your phone might say, well, let me see what else is out there.
Let me see what else I can connect to. This isn't Wi-Fi. This was a 2G signal.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And these things, these SMS blasters, they're stealthy. They're mobile.
They can fit not just in the back of a van, they can fit in a backpack. So someone could be walking around with a rucksack and sending out SMSs from it. And these things are sold on the internet for not very much money.
You can spend $300, or you can get a really nice one or a powerful one for maybe $20,000, $30,000, something like that. But they don't require deep technical expertise. So simple to set up, ready to operate.
And the way in which these things monetize is they send out spam SMSs.
CAROLE THERIAULT. Yeah, so it's just spam, right? It's just annoying.
GRAHAM CLULEY. Well, yeah, it is just spam.
CAROLE THERIAULT. I mean, you know, spam's still irritating, but it's not oh, my money's gone.
GRAHAM CLULEY. Not immediately, no.
CAROLE THERIAULT. Oh.
GRAHAM CLULEY. But there's a difference between spam, which you normally get via SMS, and spam, which you get via email, because normally you have an ISP and you have your mail provider who's filtering out spam. And similarly, you have your network operator who is stopping as many fraudulent spam SMS messages getting to you as possible.
CAROLE THERIAULT. And they're bypassing all that.
GRAHAM CLULEY. Right. They are bypassing all that.
And they're not only bypassing the spam filter, they're also able to pretend to be someone else because the normal checks which exist to pretend not to be a bank or not to be a government agency don't exist when some criminal has set up an SMS blaster, when he's created effectively the cell tower.
CAROLE THERIAULT. So say I'm sitting in Auckland in the café that he's bopping by, you know, in his car. Would my phone necessarily— how would I not receive that type of message?
GRAHAM CLULEY. If you were already on a good data connection, then it probably wouldn't connect to it. But if it detects, oh, there's a much better data connection—
CAROLE THERIAULT. And it doesn't verify it?
GRAHAM CLULEY. Well, this is the thing. Do you remember I said 2G?
Yeah. This is the thing. The criminals aren't using the latest technology to get you.
They're not using 4G or 5G. They're using 2G.
CAROLE THERIAULT. God, pretty soon they're gonna be writing letters.
GRAHAM CLULEY. You'll be complaining about it. And the thing is that 2G doesn't have all the authentication, doesn't have all the security built into it, which more modern mobile communications do have.
So most network carriers, they don't even support 2G anymore. They don't even, 'cause they don't trust it. They think, well, we don't really want this. So they're not encouraging anyone to use it, but your phone might still connect to it if it can find a signal.
And you receive the spam message. Maybe it claims to come from FedEx, for instance, tells you to click on a link to verify your details so that they can make a delivery to you.
And you end up on a page which asks you to hand over some personal information or even worse, log in. And that would be a big mistake because most people use the same password for everything. And now they know your passwords as well.
CAROLE THERIAULT. Not our listeners.
GRAHAM CLULEY. Come on. Well, yes. Okay. I know our listeners are not only handsome and beautiful, they're also incredibly smart.
CAROLE THERIAULT. And they've heard us bang on about it. 9 years.
GRAHAM CLULEY. Exactly. For the last 427 episodes, they know we've been saying, "Stop reusing the same passwords."
Anyway, this was the first time it happened in New Zealand. And it's not just New Zealand.
Late last year, police in Thailand, they arrested a 35-year-old Chinese guy who was driving his van around. He was using SMS Blaster to spam over 100,000 SMS texts per hour to people in Bangkok.
So he was just driving around the city center where, of course, there's lots and lots of people with phones. His device had a range of approximately 3 kilometers, so about 10,000 feet.
100,000 phishing messages sent every hour. And this is effectively free after the cost of the device. Whereas even with email spam, there's some cost involved and only a tiny percentage of it is likely to get through.
CAROLE THERIAULT. But yeah, basically you've just shown the pathway to get to your phone, but that message could potentially have anything in it, right?
GRAHAM CLULEY. Oh yeah, yeah. It could have all kinds of malicious links in it, or it could pretend to be a public health warning. It could be something like a security alert to evacuate.
CAROLE THERIAULT. With a QR code? Yep. Can't resist a QR code.
GRAHAM CLULEY. Can you send a QR code via SMS? I don't know.
CAROLE THERIAULT. ASCII art?
GRAHAM CLULEY. I don't know. ASCII art? Maybe. Anyway, these particular messages, they claim to be from Thailand's largest mobile phone operator, saying, "Your 9,268 points are about to expire. Hurry up and redeem your gift now." And there was a link, of course, to a phishing site.
People who clicked on it were asked for their credit card information, which then ends up in the hands of the scammers. And as Risky Business has pointed out, we are seeing a rising tide of SMS blaster attacks.
Last week, a Chinese tourist was arrested in Oman. He was driving around the capital there with an SMS blaster, sending messages, luring the unwary to a phishing page for a local bank.
There've also been reports from Japan and Brazil and Indonesia and Thailand and Qatar and the Philippines, Hong Kong. And sometimes these guys who are driving around even disguise themselves as tour guides so that they, I've got an excuse. This is why we're just slowly driving round the city centre.
CAROLE THERIAULT. Or Deliveroo. They could just be Deliveroo bikes.
GRAHAM CLULEY. They could be, couldn't they? They could be. And they've got that— Oh yeah, if you're one of those riders with the food on your back.
CAROLE THERIAULT. The big square backpack.
GRAHAM CLULEY. Oh my goodness, Carole. That's exactly it. End of last month in London, another Chinese student was sentenced to over a year in prison. He was driving around, targeted tens of thousands. He had one of these devices in the back of his black Honda CR-V, driving around Greater London.
And in this case, the messages pretended to be from government agencies. So this problem is really big. So big, in fact, that there's now a world map updated daily showing the location of the latest reports. And we're putting that link in the show notes if you want to find out where that's all going on.
CAROLE THERIAULT. Okay, Graham, how do I make sure that this can't happen to me?
GRAHAM CLULEY. Very good question, Carole.
CAROLE THERIAULT. Thanks.
GRAHAM CLULEY. Because that's the obvious step, right? Why do we need 2G anyway?
CAROLE THERIAULT. You could have told us at the beginning. She said, don't listen to my story, just do this. But okay, no, no, no, tell us.
GRAHAM CLULEY. Why don't the network operators first of all turn off 2G? Well, because that would improve security, not only against these, but also the Stingrays, the IMSI catchers, and other fake cell tower attacks. But the problem is that some people will lose connectivity.
There's some devices like smart meters and alarm systems, some older devices may still be running on 2G. Obviously, costs time to upgrade them. So even though phone calls typically aren't using 2G, there are some people who are using it, and it may hit vulnerable populations hardest.
Obviously, there's parts of Africa, for instance, where they may only have 2G. And so for that reason, most countries are phasing out 2G quite slowly over some years. They're hopefully only going to turn it off entirely when they're confident enough people are using the alternatives.
So the next step is, okay, if the network carriers aren't gonna do anything about this, what can you do? Now, disabling 2G on your phone, great idea. If you can do that, it's one of the most effective ways to protect yourself from this because 2G is, as I said, an old insecure mobile standard with no proper encryption or authentication.
And on the more recent Android phones, there is an option to do it. You can go into the settings and disable 2G. I suspect many people haven't, but you may well want to do that.
But what if you don't have an Android? Right?
CAROLE THERIAULT. Say I had an iPhone, for example.
GRAHAM CLULEY. Say you had an iPhone. Well, things are going to get a bit more complicated, Carole. There is a way to do it. Shall I tell you what the way is?
CAROLE THERIAULT. Sure.
GRAHAM CLULEY. Go to Settings, tap Privacy and Security, scroll down, tap on Lockdown Mode and turn on Lockdown Mode.
CAROLE THERIAULT. Turn on this extreme protection if you believe you're being targeted in a cyber attack.
GRAHAM CLULEY. Is that what it's saying to you?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Exactly. And this is the problem. So Lockdown Mode, which was introduced in Apple iOS 16, it blocks and limits some of the riskier features of an iPhone. It's designed as extra protection, as you said, against an advanced attack.
So ones which are targeting maybe journalists and political activists, high-profile individuals, or if you're Geoff Bezos, you know, someone who may be of interest to foreign states who may want to hack them. So if you do this, it's gonna break things. Some things will no longer work on your phone.
Some websites will look broken. It will turn off things like link previews. You won't be able to receive certain types of attachment via messages like PDFs and Word docs.
You won't be able to get FaceTime calls. So that's a big advantage in my opinion, unless someone has called you before.
CAROLE THERIAULT. I think I've got a much easier solution.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. This is texts, right? So why can't you just say, I just want to receive texts from my contacts?
GRAHAM CLULEY. Can you do that on your phone?
CAROLE THERIAULT. Well, I certainly do it with my phone call. You can't get a hold of me unless my number's in my phone.
GRAHAM CLULEY. Yeah, I don't know if you can do that with iPhone or not, with texts.
CAROLE THERIAULT. Yeah, you can. In Messages, you can say known senders.
GRAHAM CLULEY. Can you?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Well, one factor, of course, is these scammers can forge who the message has come from. So if you have had a message in the past from your bank, for instance, because frankly, turning off everyone who you don't know, I get messages from the pharmacy, the doctor, the banks, the water people, you know, all sorts of weird things.
I think it'd be great if we could just turn off 2G because I think lockdown mode is overly strict for most people. It's undoubtedly more secure, but it always has to be a bit of a balance. It feels like Apple would be wise to include some more granularity so everyone could turn off 2G you can with Android right now, 'cause lockdown mode is clearly a bit too much, isn't it?
CAROLE THERIAULT. I don't know. Yeah, lockdown was a bit, a bit, yeah, a bit hardcore.
GRAHAM CLULEY. The other option, and we've been saying this for 427 episodes as well, is you're gonna have to just rely on your good old wits, aren't you? And check messages carefully. Trust links, be careful, have your spider sense about you, about what you're entering. But it's tricky if you can't even trust the message, if it claims to come from someone or a company that you know.
CAROLE THERIAULT. There you go.
GRAHAM CLULEY. So I thought this was an unusual case here where the— actually, it's the old technology being used by the criminals to take advantage of the latest technology in our pockets.
CAROLE THERIAULT. Yeah, interesting. Nice twist.
GRAHAM CLULEY. Krow, what's your topic this week?
CAROLE THERIAULT. Have you heard of the Paris Syndrome?
GRAHAM CLULEY. The Paris Syndrome?
CAROLE THERIAULT. The Paris Syndrome, and I'm talking about the city.
GRAHAM CLULEY. I've heard of the China Syndrome, and I've heard of Paris Hilton. But what is the Paris Syndrome?
CAROLE THERIAULT. It's a psychological condition that affects some visitors who arrive in Paris with an overly idealised expectation of what the city will give them. Only to be met with the realities of the city.
GRAHAM CLULEY. Yes, yes.
CAROLE THERIAULT. Apparently visitors that experience Paris Syndrome report feeling anxious and/or dizzy.
GRAHAM CLULEY. Just disappointed generally.
CAROLE THERIAULT. Some have even reported hallucinations.
GRAHAM CLULEY. Cool, that Notre Dame.
CAROLE THERIAULT. The Paris of their dreams, the one they had seen in movies and read about, because, you know, culture is totally promoted, that woefully failed these visitors.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. You know, I think we can forgive these people. I mean, we all— You know that Paris is known as the city of love, isn't it?
GRAHAM CLULEY. I do Paris. Paris is great. It's not my favorite city, not my favorite, but you know, if I was looking for a city of love, I don't know why Paris has the monopoly on that.
CAROLE THERIAULT. And French is considered the language of love, isn't it?
GRAHAM CLULEY. I mean, the French tourist board or France's marketing department have done a bloody good job, haven't they, convincing everyone that this is the place to go for romance.
CAROLE THERIAULT. Kind of started before them. For centuries, right? They've kind of made their words flow, you know, soft consonants, the rise and fall of the intonation. They're poets.
Okay, honestly, if you were single, right, and there was two identically wonderful in all ways women vying for your attention, and one hailed from La Belle France, right, and sported a "voulez-vous aller à la bibliothèque avec moi?" Yes, "Do you want to go to the library with me?" Good. And the other was from — let's not upset our listeners now. I'll bleep it out. I'll bleep it out. I'll bleep it out. Who would more likely woo you?
GRAHAM CLULEY. Obviously, it would be France. France.
CAROLE THERIAULT. Of course. Exactly. And so that's why I'm sure you're going to feel for our guy of the hour, Michel, right? He's about — he's about your age at 76.
GRAHAM CLULEY. Cheeky.
CAROLE THERIAULT. Michel, he's from La Belge, or Belgium, a tiny country near France. And he was doing his thing.
And okay, so let's be honest, he was probably feeling a little bit lonely. And no wonder, because his wife had passed 4 years earlier.
GRAHAM CLULEY. Oh, poor fella.
CAROLE THERIAULT. 4 years is a long time for a guy who's, you know, 76 years young. But sometimes, Graham, Cupid will give you a second shot.
GRAHAM CLULEY. I'm hoping.
CAROLE THERIAULT. Reigniting those swoony feelings. And this is what happened to Michel, because soon he finds himself speaking to a lovely woman that hailed from his neighboring country, la belle France, and named — how French is this? Sophie Vouzelot.
GRAHAM CLULEY. Sophie Vouzelot?
CAROLE THERIAULT. Sophie Vouzelot? What a perfectly enchanting name. And so français. So quelle belle chance for Michel. The man cannot believe his turn of fate. And Sophie, by the way, is a catch, right? She's quite a catch.
GRAHAM CLULEY. Oh, catch. I thought you said cat.
CAROLE THERIAULT. No, like a poisson.
GRAHAM CLULEY. What? I'm so confused. Something's fishy about this.
CAROLE THERIAULT. Back and forth the messages go between them on WhatsApp, right? And it must have been intense.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And deeply soulful because just a few weeks later, Michel hops in his little car, his bagnole, and hits the highways.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. And drove 476 miles.
GRAHAM CLULEY. He's keen.
CAROLE THERIAULT. 760 kilometers, for our Canadian friends, to France towards his French lover, Mrs. Vuzelot. Well, I guess lover's the wrong word because they haven't actually done it. I mean, in person. I don't know. There's a deep connection between them. Anyway.
GRAHAM CLULEY. Lovely.
CAROLE THERIAULT. On the way, on the way, he must be daydreaming, right? What will he say to her? How will she greet him? Will they have a tête-à-tête over a Ricard on the rocks?
He arrives at their house in Saint-Julien, in southern France, near Marseille. He's sitting outside her gates. This is the moment he's been dreaming about since he met her just a few weeks ago. And he zings the gate's intercom. And a monsieur answers with a bonjour. And Michel says, "I am the future husband of Sophie Vouzelot." Oh, that's coming on a bit strong. Well, they had an intense connection and they talked a lot. And there's a response, "Well, I'm the current one."
GRAHAM CLULEY. Ding dong. Yeah.
CAROLE THERIAULT. So the current husband of Sophie Vouzelot Fabienne Boutamine, another fantastically French name, starts recording explaining to his phone camera what just happened, saying there's going to be a confrontation. Now I'm going to translate this video for you so you can figure out what happens because he put one in English with an AI doing the translation. And I have put it in the show notes because mon dieu, it's crazy. It's not at all accurate.
GRAHAM CLULEY. Oh dear.
CAROLE THERIAULT. So he goes to the gate intercom and says bonjour again, and Michel says, "Who are you?" And the husband, Fabien, is a bit amped up at this point. He says, "What do you mean, who am I? Who are you? Who are you?" And Michel eventually says, "I'm Michel, and you are Fabien, and something is not right."
Fabien, of course, agrees. Michel says, "I think she," meaning Sophie, "played a dirty trick on me." And Fabien says, "Ahaha, not my wife. It's the fake accounts. You have to be very careful." But Michel sounds quite confused.
And I'll paraphrase here, but he says something like, "Look, you two are divorced. You and your wife are divorced." And Fabien says, "No, the ring is still on my finger." And then says, "You didn't give them any money, did you?" This is still through the gate they're talking. "Yes," says Michel, "a lot. She said she was pregnant, and she lost the baby and needed money." Oh, boy, oh boy. And Fabien's like, "No, no, she's still pregnant. Ring's still on my finger." And he stays very cool and compassionate and explains again that this is a scam and advises him to go to the gendarmerie.
GRAHAM CLULEY. How old is this woman? I thought our hero was like—
CAROLE THERIAULT. 38.
GRAHAM CLULEY. And he's 76. Dirty old fella.
CAROLE THERIAULT. A little bit dirty. Let's not judge, but okay. Hello.
GRAHAM CLULEY. It's Michael Douglas and Catherine Zeta-Jones.
CAROLE THERIAULT. You know what it's like when Cupid hits you in the butt with that little thing?
GRAHAM CLULEY. I don't want Cupid hitting me anywhere, least of all there.
CAROLE THERIAULT. And then our Fabien guy says, I really wish you hadn't given them any money. And the guy interrupts, sends around €30,000.
GRAHAM CLULEY. Oh my— what?
CAROLE THERIAULT. And he says, she will pay me back. So Michel still doesn't get that they're not in on it. This is all based on Fabien's video.
GRAHAM CLULEY. So hang on now. So let me try and understand what's going on here. So Michel is on the outside. He's the old geezer.
CAROLE THERIAULT. He's getting married. He's, you know, marrying Sophie.
GRAHAM CLULEY. Oh right, he hasn't met her yet, but they're definitely an item and he's paid his dowry or whatever. He's paid a substantial amount of money to her. He's chatting to some disembodied voice through the intercom system, but who he thinks is the ex-husband of his intended betrothed.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. Right?
CAROLE THERIAULT. Yes, because whoever was impersonating Sophie put a whole yarn saying, my husband's left me, I've lost the baby.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. I've moved out.
GRAHAM CLULEY. And so there's a bit of Michel which thinks, well, this guy is talking cobblers because of course we're in love and, you know, it's all going to be good.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. I don't know why he's inside the house, but right.
CAROLE THERIAULT. And this is when the real Sophie Vouzelot comes out and talks to Michel.
GRAHAM CLULEY. Finally.
CAROLE THERIAULT. Through the gate and gently directs them again to the cop shop to report the scam.
GRAHAM CLULEY. Because this keeps on happening?
CAROLE THERIAULT. Well, it turns out that 38-year-old Sophie Vouzelot is a minor celeb in France. So she's got a bit of an influencer social something going on. She used to be a model, but she also used to be a former Miss France runner-up. And I'm like, what? I didn't know that stuff still existed. So I do a little searching. And it does. It really does. There is still to this day a Miss France. I watched a bit of Miss France 2025.
GRAHAM CLULEY. Oh, did you?
CAROLE THERIAULT. All meringue dresses and tiaras and gleaming teeth and tears. The whole thing.
GRAHAM CLULEY. All in the name of research, Carole.
CAROLE THERIAULT. I tell you what. So yeah, so scammers pretending to be Sophie duped our 76-year-old Michelle into thinking she had left her husband, needed money, and would marry him.
GRAHAM CLULEY. Isn't there supposed to be some rule about the age of the person you should sensibly, you know, the limit? Isn't it something like you half your age and add, I don't know.
CAROLE THERIAULT. It's 7 is the one I knew or have known.
GRAHAM CLULEY. What is it? Half your age plus 7?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Is that right?
CAROLE THERIAULT. That's what I heard. Yeah.
GRAHAM CLULEY. Mind you, that's still a big age gap if you're 76.
CAROLE THERIAULT. Right?
GRAHAM CLULEY. I think stick within your decade. That's my advice.
CAROLE THERIAULT. Yeah. Well, he kind of had a little bit of a Paris syndrome himself, right? Because he finally reached his destination only to be brutalised by reality.
GRAHAM CLULEY. So did he have to then drive all the way home?
CAROLE THERIAULT. Yeah, he had to drive home. He had to go stay. He was like, I can't drive home. I have to go to a hotel tonight.
GRAHAM CLULEY. Poor chap.
CAROLE THERIAULT. Poor little man.
GRAHAM CLULEY. I'm just thinking I must never ever give any money to a pregnant woman 38 years younger than me, thinking that I'm going to end up in a relationship with her.
CAROLE THERIAULT. Learn from Michelle. If you can't believe your luck, then don't.
GRAHAM CLULEY. Now, Carole, according to Vanta's latest State of Trust report, cybersecurity is the number one concern for UK businesses. And of course, Vanta can help you with that.
CAROLE THERIAULT. Whether you're a startup growing fast or already established, Vanta can help you get ISO 27001 certified and more without any of the headaches.
GRAHAM CLULEY. You see, Vanta allows your company to centralize security workflows, complete questionnaires up to 5 times faster, and proactively manage vendor risk to help your team not only get compliant, but stay compliant.
CAROLE THERIAULT. So stop stressing over cybersecurity and start focusing on growing your business in 2025. Check out Vanta and let them handle the tough stuff. Head to vanta.com/smashing to learn more. That's Vanta, V-A-N-T-A,.com/smashing. And thanks to Vanta for sponsoring Smashing Security.
GRAHAM CLULEY. And welcome back. Can you join us for our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is not security related.
CAROLE THERIAULT. Good.
GRAHAM CLULEY. My pick of the week this week is art related. Now, Carole, I don't know if you know anything about painting. I don't know if you know anything about art.
CAROLE THERIAULT. Don't know anything about anything like that.
GRAHAM CLULEY. Yeah, I don't know if you have any interest in the subject at all. But I am a fan of a couple of TV shows which are on Sky Arts. Have you heard of Sky Arts? It is a channel we have here in the UK. I don't know if it's available elsewhere.
CAROLE THERIAULT. Owned by Rupert.
GRAHAM CLULEY. Rupes. Well, you know, it's— yeah, it's owned by Sky, unfortunately. But you don't have to give him any money. If you've got Freeview, it's on the free-to-air channel.
CAROLE THERIAULT. Oh, yeah, yeah, yeah.
GRAHAM CLULEY. Channel 36, it is. So you don't have to have a subscription or a dish or an app or any of that nonsense. It's talking to John's parents. Right. Anyway, the show which I want to recommend, there's two shows. One is called Portrait Artist of the Year, and one is called Landscape Artist of the Year.
And this is my comfort blanket. I can watch so much of this. What they have is a whole bunch of artists, and they get their little easels out, and they get their paints, and they go and sit out in the rain, or if they're doing the portrait, they maybe lucky enough to sit inside instead. And they spend an hour competing against each other, trying to do the best landscape or the best portrait of somebody.
CAROLE THERIAULT. I love it.
GRAHAM CLULEY. It's a wonderful show. It's presented by, well, it used to be Frank Skinner. He used to be one of the presenters. I like him, yeah. It's now Steven Mangan, the curly-haired actor guy. And he's doing it alongside thinking man's crumpet, Joan Bakewell, right? Very big fan of. If only I'd been alive in 1968. Anyway, never mind. But it's a lovely TV show, and I think it's fantastic. Have you ever seen it?
CAROLE THERIAULT. No, I'll check it out. I'll check it out.
GRAHAM CLULEY. Oh, for goodness' sake, Carole, this is an institution. They're on about Series 12 or something.
CAROLE THERIAULT. I know, it's just, you know, yeah.
GRAHAM CLULEY. Some of the art is incredible. And what I love about it is everyone will be doing a landscape, and you'll get some very conventional ones, some very technical ones, some very precise and photo-like, and other ones which are just abstract bonkers. And other times they're not using paint at all. It's, oh, I'm just using a piece of thread, or I'm just using some mud. And you know, you never know who's going to win. But you always, when you watch it, you have your favourites. You have the ones you're not so sure about.
CAROLE THERIAULT. Yeah, I love all that.
GRAHAM CLULEY. There are some experts on hand as well, you know.
CAROLE THERIAULT. Oh yes.
GRAHAM CLULEY. And they're all there wearing their cravats and they're saying all the technical things about the art, which you don't realise. But it's a terrific TV show. Portrait Artist of the Year and Landscape Artist of the Year. There's also a couple of them on YouTube if you can't find them anywhere else. And that is my pick of the week.
CAROLE THERIAULT. Bing, bing. You got a twofer there.
GRAHAM CLULEY. Yep. Krow, what's your pick of the week?
CAROLE THERIAULT. Okay, I just finished Careless People, a memoir by Sarah Wynne Williams.
GRAHAM CLULEY. Oh, yes.
CAROLE THERIAULT. This is that scandalous memoir that came out earlier this year dishing the dirt about Facebook's head honchos. And you may first have heard about the book thanks to Meta's relentless efforts to shut it down. According to Slate, when Wynne Williams publicized the book, Meta saw red. The day after publication, an arbitrator issued an interim ruling finding that Wynne Williams violated a non-disparagement clause in her severance agreement. So she's duly restricted from further promoting the book or commenting upon her old workplace. And in that twist of fate, all this negative attention amped up the intrigue, and the book has done very, very, very well.
GRAHAM CLULEY. Oh, what a shame. What a shame that that happened.
CAROLE THERIAULT. Right. So the perspective is from an international liaison point of view.
GRAHAM CLULEY. Ooh la la.
CAROLE THERIAULT. So Sarah gets a job at Facebook and is responsible for getting Mark and Sheryl Sandberg into bed, proverbially, with international leaders.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. So presidents and prime ministers. And this is like going to Davos and G7 thingies. That's where we're kind of heading to. And basically, she played an integral role in making Facebook what it is today. So, insert word here.
But lordy, does she land a few hard-hitting punches. Her focus is definitely Mark and Sheryl.
GRAHAM CLULEY. What juicy gossip did you get from it, Carole?
CAROLE THERIAULT. Shocking recounts of sexual harassment. Ooh!
The appeasing of dictators, the gaming of algorithms, targeting of children with ads, political interference, misleading Congress, power games, manipulation. She even touches upon Zuckerberg's presidential aspirations.
GRAHAM CLULEY. Oh, no.
CAROLE THERIAULT. Just please, just please. American Friends, please.
Zuckerberg is portrayed as a hybrid of Sam Bankman-Fried and Donald Trump, says Slate. To me, he just comes off as a man-child, and maybe that's the same thing.
But she tells this tale of him loving board games, right? He never watches TV, doesn't movies, doesn't want to watch your art show, right?
He likes Settlers of Catan and Ticket to Ride.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. And everybody lets him win every single time.
GRAHAM CLULEY. Oh my goodness.
CAROLE THERIAULT. Everybody lets him win every single time.
GRAHAM CLULEY. Because I wonder what happens if he wouldn't win?
CAROLE THERIAULT. Near the end, when things are getting a bit tense, she starts kicking his ass, and he can't believe it. And she just goes, "Do you really think people don't let you win?"
'Cause I think he thinks he has a touch of God in him. For fuck's sake.
But the thing you can't help but wonder throughout the book is why, oh why, did Sarah stay for years and years?
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And this is shocking, right? The things that they put her through, the things they ask her to do, the things she says yes to.
GRAHAM CLULEY. Was the money good?
CAROLE THERIAULT. During it, she makes quite a few comments that she wasn't there during the glory years when everyone got their big millions. She arrived after, and they just gave her what she asked for.
So everyone around her was making more money, she claims. She says, why'd she stay there?
She does give some answers. They don't sit perfectly with me.
But she does seem to have the writing bug, so I'm sure we're going to see her turn out more stuff. But that said, Graham, delicious reading.
One of those things where you sit there going, "Oh my God."
GRAHAM CLULEY. "Oh my God." What's it called again?
CAROLE THERIAULT. Careless People. That's a kind of Gatsby reference.
GRAHAM CLULEY. Oh, yes.
CAROLE THERIAULT. For those literary people out there.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. It's my beach book recommendation for this week, Careless People by Sarah Wynne Williams. That's my pick of the week.
Fantastic.
GRAHAM CLULEY. That sounds really interesting.
CAROLE THERIAULT. You'd love it.
GRAHAM CLULEY. And that just about wraps up the show for this week. You can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And thank you to our episode sponsor, Fanta, and of course to our wonderful Patreon community. It's their support that helps us give you this show for free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 426 episodes. Check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio. Bye-bye.
Bye.
-- TRANSCRIPT ENDS --