lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: HPR Knowledge Base MCP Server

Browse Source 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
2025-10-26 10:54:13 +00:00
commit 7c8efd2228
4494 changed files with 1705541 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
hpr_transcripts/hpr2754.txt Normal file
View File

@@ -0,0 +1,99 @@
Episode: 2754
Title: HPR2754: Craigslist Scam Catch
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2754/hpr2754.mp3
Transcribed: 2025-10-19 16:21:32
---
This is HPR episode 2007-154 entitled Craigslist Comcast and in part of the series Privacy and Security.
It is hosted by Edward Miro and is about 8 minutes long and carries an explicit flag.
The summary is help to client avoid being come on Craigslist and wanted to share some tips to HPR.
This episode of HPR is brought to you by archive.org.
Support universal access to all knowledge by heading over to archive.org forward slash donate.
Hello and welcome to Hacker Public Radio. I'm Edward Miro and for this episode I decided to record on our personal experience I had recently helping a client catch a Craigslist scan.
This will be part 2 in my series I'm calling Information Security for everyone as with most of the content I publish in the world of InfosSec.
My goal is to present the information in a way that a majority of people can get value from and anyone can play this for a friend, colleague or family member and make it easy for the non-hackers in our lives to understand.
This particular episode shows a powerful way social engineering can be implemented to steal money from unsuspecting victims and I'll break down a few main points in red flags to look for at the end.
A couple weeks ago I was sitting with a client when she asked me off handedly if I'd ever sent a moneygram before.
I told her I had, I had and asked curiously why she wanted to know.
She explained that she was very excited to be adopting a puppy from online and she needed to send $350 to the service that ships pets across the country.
This immediately caused my hacker sense to start tingling so I probed a bit more about the transaction.
I asked if she had spoken to the seller on the phone and she said she hadn't.
I said that seemed weird but she assured me that the seller said it had to do with her religion.
I wasn't aware of any religious prohibitions to speaking on the phone that also allowed using Craigslist but okay.
I told her that that seemed a bit fishy to me. She asserted that she thought it did to it first but she knew it was legit because she wasn't sending the money to the seller.
It was being sent to a third party pet transportation company that the seller had had contact her.
She even showed the website of the company on her cell phone which to be blunt to my eyes looked extremely janky.
I asked her if we could sit down for a few minutes and take a look at a few details before she sends anyone any money.
She reluctantly agreed and really wanted this puppy.
The first thing I asked to look at was the emails back and forth from the seller.
I checked Google and all other major social media sites for the seller's name, no matches.
Couldn't Google the seller's email address due to the Craigslist email relay system?
This in and of itself might be okay, we all use pseudonyms online sometimes and Craigslist is a site you might not want to use your real name.
Fine.
She then showed me the email thread with the shipping company.
The first strange thing I noticed from the emails was the link to the pet shipping company.
The name didn't match the URL and the link.
You'd think a business would be able to get their own name right.
I also saw that if you Google the name given by the shipper, it's extremely similar to a legitimate pet shipping company
and indeed that legit company comes up as the first site found due to Google fixing our query.
When you go to the link in the email however, the site itself was terrible to my eyes but not to my client who is not as seasoned as I am at Kitchen Scams.
I also showed her that the company didn't have any social media presence at all.
No Facebook, Twitter, anything.
For the email address that was contacting her was really long company name at Outlook.com.
She also told me she had spoken to the shippers on the phone and I asked if she still had their number.
She did but she told me she could never get through when she called them and they'd always have to call her back.
I asked for the number and called it on my phone. It was a Google voice number.
Not only that, it was at the screening mode.
She told me when he did call her, he was rude and tried to get her hurry up and send the money.
At this point I told her I was 100% confident this was a scam and I advised her not to go through with the deal.
At this point she was extremely unhappy but felt it was still a legitimate transaction because she had pictures sent to her and not only the puppy but of the puppy in the shipping crate at the shipping company waiting for payment to be shipped.
She explained that it's not like it was a person trying to sell dogs or from a puppy mill.
It was a lady giving it away for free and the money was for the shipping.
She just didn't see why a scammer would go to the trouble of doing that and felt the pictures were authentic.
I then asked her to save all the images to her device and then showed her a site she could use to do reverse image searches.
Before she did it, I asked her if she agreed that if this wasn't a scam, those pictures wouldn't exist anywhere on the internet.
She agreed and each of the pictures was found at least 9 other places online.
Her heart sank and she didn't have any for the rebuttals to my concerns.
She knew it was a scam and I just saved her from losing at least $350.
Not to mention that the scammer would have also asked for more money later for shots and insurance who knows how far they might have gotten.
So here are the main red flags.
One, seller wouldn't talk on the phone.
Two, seller name didn't seem legitimate.
Three, name of shipping company didn't match URL and email.
Four, googling company name shows close match with legitimate company.
Five, company website very poorly designed and implemented.
Six, company has no social media presence.
Seven, email address of contact that company using generic email address and not a legit domain.
Eight, contact that company could only call her and she was never able to make inbound calls.
Nine, phone number of company was Google voice number.
Ten, reverse image searches showed proof photos unoriginal.
A few of the social engineering tricks used by the scammers in the scam to make it more successful.
One, listed as adoption versus a sale to alleviate concern.
Two, handed off to quote unquote second party to build legitimacy.
Three, use cute puppy pictures to appeal to emotion and overrule suspicion.
Four, counted on target not paying attention to detail.
Five, shipper established a sense of urgency.
She was very thankful and I told her to be very careful when anyone from online ever asks her to send money.
I told her in all likelihood this was probably one person the whole time, hence why the person adopting out the dog couldn't talk on the phone.
They were also probably not even in this country as we know many of these scams aren't.
She did say that the shippers English wasn't that great.
I also told her to make sure she shares this experience with all her friends and family.
I always feel the best way to handle someone getting caught in a scam is to be on their side and never shame them.
We were all susceptible to scams in social engineering and the best way to proceed is to empower them to share what they've learned.
I also sent her a link to an article on the Better Business Bureau cited about these very types of scams that I'll also link below.
She was shocked how similar her experience was to the ones explained in the article.
Well, thank you for taking the time to listen to my experience helping a client avoid getting caught in the all too common crux of scam.
I hope this will help any non-hackers in your life and like I say in all my podcasts.
I don't claim to know all there is to know and love feedback and any opportunities to learn more or collaborate with others in the field.
As with most of the research and articles I've written in the past, these are geared towards standard users in a business setting
and are meant to be a jumping off point for further research and to be a foundation for cyber security 101 level training classes.
If you like what I do and want to have me come speak to your team or just want to chat, feel free to email me.
Thank you and have a great day.
You've been listening to Hecker Public Radio at HeckerPublicRadio.org.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast and click on our contributing to find out how easy it really is.
Hecker Public Radio was founded by the Digital Dove Pound and the Infonomicon Computer Club and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on the website or record a follow-up episode yourself.
Unless otherwise stated, today's show is released under creative comments, attribution, share a light 3.0 license.