Phishing, Spear Phishing and Whaling

been a lot of talk about spear fishing. Now much of that discussion centers on a report from that detailed how Russian intelligence agents targeted the United States Democratic National Committee or d NC with a spear phishing campaign that ultimately allowed the malicious actors to make off with a lot of sensitive and confidential information and infiltrate sensitive systems. Now, I'm not going to get political on this EPISOD, so

that's not what I want to focus on. I rather want to focus on the strategies that malicious actors use to either steal information or convince people to hand it over willingly through deception. So I'm going to talk about concepts like social engineering, fishing, spear fishing, and whaling and I'm listing them in that order because it involves moving from a more general concept to a more specific application

of those concepts. So let's get it started with social engineering. Now, generally speaking, social engineering, at least in this context, refers to using deception and manipulation in order to get hold of information. It's just, really it's just about tricking people to give up stuff that normally they wouldn't part with,

and that's really all it boils down to. Typically, this means that someone is pretending to be a trusted entity and they work to convince a target or mark in the old carnival speak, the marking the person that you have marked as being vulnerable. You are trying to get them to hand over information or even give them control of their devices. So you might convince someone to install some malware. It's disguised as something else, like an innocent file, but your your job is to get them to do

something that compromises information or system information systems. And this shows us yet again that critical thinking is a really important skill. It's good to apply critical thinking when someone is asking you for information or telling you that you should install a program. Sometimes those are bad people, and sometimes they're up to no good. Now, you can think of a social engineer as a con artist, so it's someone who uses psychological manipulation to get a specific reaction

from mark. Stage magicians and mentalists use those sort of strategies or to entertain. They're not doing it to do something underhanded. They're doing it in order to make people uh, amazed or laugh or applaud. A stage magician, for example, has to learn the art of misdirection. This is the technique of getting an audience to pay attention to something that is ultimately unimportant, at least as far as the mechanics of a trick, and that's so that they don't

notice the actual important stuff that's going on. It gives the magician the time and opportunity to pull off a trick. A good magician can hold an audience's attention with some mesmerizing stage work. They might incorporate clever pattern, but the whole point is to keep focus off of something that might otherwise spoil the illusion. Dr Robert Saldini, is a professor emeritus of psychology and Marketing at Arizona State University,

outlined six basic principles of influence. These relate to strategies that they're they're drivers that someone can employ to convince another person to agree with what they are saying. And essentially, these six broad principles can get someone to say yes. It's the idea of influencing someone to agree to do something. Understanding these principles can help you recognize when someone is trying to use those strategies on you. But these are

strategies that rely on very human traits. They work because of the way we're wired. More or less, it's even being aware of them doesn't mean that you will be immune to them, because it's it's very much dependent upon what it means to be human. So Childni cites other psychologists who identified what they called judgmental heuristics. You can

think of these as sort of cognitive shortcuts. They are basic rules that we accept as being generally true, so it's sort of like a foundational statement that we would not question. But if someone knows how those work, they can take advantage of it. So, in other words, if someone is really good at using these principles, you might not be aware of it right away. And I certainly consider myself to be vulnerable to them. I know I'm vulnerable to them. I can think of examples where people

use these technique U on me and it worked. Sales people in particular tend to really focus on these their entire books out there that are all about how to leverage these principles in order to make sales, make business deals, et cetera. So what are the six big categories. Well, the first is the rule of reciprocation. That's our tendency to want to repay someone who has done something on our behalf. Essentially, this comes down to the concept of favors.

So an example you might have encountered could be free samples. Merchants know that a free sample can create the urge within a potential customer to buy a product because that person feels obligated after having accepted a sample. So if I'm sitting at a table and I have samples of let's say it's olive oil, I've got different little bowls of olive oil, and you can dip a little bit of bread in there and taste them, and I'm there saying I'm here to answer any questions. Do you like it?

What do you think? We have the social pressure within us to say, oh, I like it a lot, even if we don't. We have that social pressure, Like very few of us would say, oh, I don't like this at all to someone who seems like they are invested in your answer. So we feel obligated to go along with it. And we may feel obligated because we have accepted something that in return we will buy something even if we didn't like the thing, because we feel this

social pressure. And this goes along with what it means to be human. I'll touch back on that when we get towards the end of these principles. So most people don't like to feel that they are under some sense of obligation to someone else. They don't like to feel they owe somebody something, and so they will very quickly try to act to even the scales right so that they are no longer obligated. So rule of reciprocation is the first principle. Next is scarcity. People tend to want

more of stuff that they can have less of. That's the basic idea. And you can look at this with just like the prices for precious metals. Precious metals are precious largely because of their scarcity, because they're so hard to get and there's not a whole lot of it. That's what drives up their value. People want it more because it's harder to get. The entire diamond industry is based off of this concept. There are plenty of diamonds, There are tons of diamonds. They are not even rare.

But because the world's supply of natural diamonds is controlled essentially by a single company, that company can control the scarcity of diamonds and thus inflate their value. Because people want what they can't have, So offering someone a chance to experience something or possess something that has extremely limited

availability is a really useful tactic. If you tell someone, hey, this service that we have, we're gonna get rid of it in a week, typically you see a lot more people try and take advantage of that service before it goes away forever. It's an incredibly useful way of getting people to do something you want them to do. Next is the principle of authority, which is the notion that people will tend to go along with someone they view

as being an expert or being credible. So have you ever encountered a problem and thought, Uh, someone smarter than I am is going to handle this, or you just assume that someone more capable than you has the situation covered. Maybe you were present when an emergency happened and you look around to see if someone else jumps to help, because you think, well, clearly, there's gotta be someone here who's better at handling this kind of situation than I am,

so I'm gonna step back and allow that to happen. Well, that behavior shows that we frequently will defer and even seek out people who appear to be more knowledgeable or capable than ourselves under certain situations. So if someone poses as a person of authority convincingly, they can more easily persuade people to do stuff. The fourth principle of influence, according to Cialdini, is consistency. This is related to the

concept of commitment committing to do something. If you get someone to agree to a small initial commitment, that can set the ground for a larger commitment further down the road. So a classic example in a scam could be the Nigerian scam. A lot of Nigerian scams will start off where the scam artist first asks for a relatively small amount of money because they say, hey, there's a huge amount of money in this country. Has your name on it.

It's it's clearly not meant for you, but because it has your name on it, we can get it to you. It's an enormous sum. However, in order for me to get this money to you, first, I'm gonna need a small amount of money from you to help secure this, and then we can get you rich. And people will say okay, And then the scam ars might come back and say, oh, as it turns out, I'm gonna need a little bit more money because I'm gonna have to bribe some officials here in order to get your wealth

to you, and so on and so on. The idea being that because you've already made an initial commitment, you would be willing to make a larger subsequent commitment. And this can happen not just in scams, it can happen in completelygitimate, although sometimes questionably ethical applications. That in the Principles is the principle of liking, which means we're more easily influenced by people we like. This is not brain surgery, right, If you like someone, you're more willing to agree with

them and to do things that they need you to do. Now, Sheldeoni states there are three factors that go into whether or not we actually like someone. First, we tend to like people who are similar to ourselves. The more alike they are to ourselves, at least to a certain extent, the more we tend to like them. Second, we like people who complement us because we're vain. We're egotistical creatures. If you come up to me and say, hey, I really like your work, I am far more likely to

like you. And Third, we like people who will work with us towards a mutual goal. If we both need to get a specific task done, and you help me do that task, I am more likely to like you. So a scam artist might try to wheel out some information about you in order to make it seem as if the artist also shares the similar interests and values that you have, and try and create this pathway to get you to like the scam artists so that in return, you will actually do whatever the scam artist wants you

to do. The sixth principle is consensus, which essentially says that when we're in doubt, we tend to look at what other people are doing so that we can get some direction over what we should do. Now, I certainly identify with this. I think about just about any situation I've been in in which I was joining a group of people working together on an activity. Maybe we're all doing the same thing over and over, like folding T shirts.

That's an easy one. We're all folding T shirts, and I keep looking over to the left and right to see how other people are doing it, so that I feel like I'm doing it the right way, that I'm not messing up. I have this incredible social pressure on me to do it correctly, and rather than try and learn this in a more formal way, you know, a more process oriented way, I'm doing it looking at how everyone else is doing this. Now, if everyone else is

doing this quote unquote the correct way, that's fine. But if people are doing things incorrectly, then all I'm doing is adding to the number of people who are doing something incorrectly. But there's again, is a lot of social pressure at play here for you to do as the group does. And this is not just psychobabble. These principles put into words behaviors that humans have developed as social creatures.

Human survival has largely depended upon our working together, and so we've developed these behaviors that promote cooperation and they discourage inhibiting cooperation. Understanding those behaviors and then subtly leveraging them can have a really big impact on interactions, and

that plays right into the hands of social engineers. So if you happen to know people tend to follow these principles because humans as a species have sort of evolved to be these social creatures, then you can take advantag edge of that. Now, granted they are going to be outliers. There will be people who do not conform, they do not adhere to these principles, they don't have any connection to them, But more frequently than not, you're going to

find that they work and that they work on you. Next, I'm going to define the terms like fishing, spear fishing, and whaling, and we'll explore some specific tactics and stories related to those practices. But first let's take a quick break to thank our sponsor. All right, So social engineering is all about manipulating people to give them to do what you want, typically in a way that involves deception and handing over confidential information. But what is fishing all about?

And it's spelled p h I s H I n G by the way, fishing with a pH Fishing describes the practice of tricking people into handing over sensitive information through some digital means. Most frequently we talk about using e ail as a way of phishing for data, but you could use a spoofed website, you could use instant messaging, but it doesn't really matter. The basic concept is the same.

You're fishing for data. I find it interesting, by the way, that we have a lot of nautically themed terms to describe different behaviors on the Internet, because there's fishing, their spear fishing, there's whaling, but there's also trolling. Trolling refers not to mythical monsters from fairy tales, but from the practice of dragging a net behind a boat to troll

in an effort to scoop up a catch. Trolling on the Internet originally referred to people who would go into message forums and they would lay down a trap, which would be they would post something intended to get a rise out of members of the forum, legitimate members, so they weren't necessarily aiming at anyone in particular. They were just kind of laying a trap for anybody who was gullible enough to fall into it. The goal was just to rile people up, and why would you do that. Well,

some people just want to watch the world burn. I guess they like to think that they were able to have influence on another person and that brings them some mean sense of joy. It's not great, but it does happen far too frequently. Or sometimes the troll actually has ulterior motives beyond just upsetting people. Maybe you have someone who's running a different message board, and so what they're doing is they're essentially sabotaging what they see as competition.

But whatever the motivation, the practice involved being obnoxious in one way or another in an attempt to get at least a hit or two from well meaning but misguided forum members. And I say misguided because the person's anger or frustration was the trolls goal all along. They're not necessarily arguing something they actually believe in. All we wanted to do was get someone upset. So if you get upset, the troll wins. So the only real way to win is not to play. And that's why you often hear

people say don't feed the trolls. Problem is, if you don't feed the trolls, sometimes trolls will just keep on trying to get people to agree to awful, awful things, So that philosophy only goes so far as well, and it's only applicable in certain situations. But that's another podcast. Fishing is similar in a lot of ways to trolling, except instead of trying to irritate people, you're trying to trick people into handing over information they should definitely not

hand over. Fishing is a general approach. The attacker does not necessarily have a particular target in mind. It's kind of a blanket attack. They don't really care who ends up being a victim. All they want to do is gather as many hits as possible. Just doesn't matter. From where as such this, phishing messages tend to be pretty generic. Phishing emails may appear to come from a legitimate source. On a casual glance, they might look like they were sent from an actual company, like a bank or a

government organization. There are countless variations, but they all try to fool the recipient into taking an action that will ultimately result in a bad outcome for the target. So, for example, you might get an email from a bank stating that you have an old account with money in it and you should transfer that money out of your account. It is essentially saying, hey, you got free money, and this bank asks that you fill out some information so

that you can retrieve your cash. But in reality, the emails coming from a phishing scheme and it's looking to harvest as much confidential information from users as possible. Maybe they're saying, give us your current bank account information so that we can transfer the money. We can wire it from this old account into your current account, but in reality they just want access to your current account. That's a pretty clumsy example, but it is an example of

something that could actually happen. Often, the email address in a message can be a dead giveaway whether the message is legitimate or not. You can look at the originating email address and say, well, it says it's from Gmail, but the domain on the email is not related at all to Google. Well that's a dead giveaway. Chances are you're looking at a scam if email address does not match whatever entity it claims to be from. And I doubt any legitimate organization would ever ask for sensitive details

to be sent over email. Almost every single one if they respond to these kind of attacks, says we will never ask for your personal information over email, particularly since there's no guarantee that the recipient is using encryption on their emails, So if you're not using an encrypted email service, there's no guarantee that a third party listening in wouldn't get access to that information anyway, even if everything else

was legitimate. So that being said, it is possible to forge an email address so that a message appears to be from an official, legitimate source. There's nothing in the email protocol on its own, just the regular email protocol that verifies an address in the front field is actually a legitimate address. Now you can do some snooping yourself. You can examine email headers, which might require activating a specific feature in your email interface like in Gmail. I

think it's reveal source or something along those lines. Uh oh, show original is what it is. That's what it is. You choose show original, and that's gonna give you kind of the hypertext version of the email, and that will include listing all the servers that the email has passed through with the line received colon from, and at the bottom of that section, the last received from would represent

the original computer that sent the email. And if you look at that and the original computers domain is different from the official domain. Again, that could be a red flag. It's not necessarily proof positive, but it does indicate that it could be a malicious email and you should be

careful about it. On the admin side of this, if you were a system administrator, organizations can implement what is called a sender policy framework to prevent forged email addresses, which is an email validation protocol, and essentially it allows an organization to map specific I P addresses that are authorized to be associated with email addresses containing the organization's

web domain. So, in other words, it says, if someone tries to send an email and they claim that email is from US, check to make sure their IP address is on this list of authorized IP addresses, and if it isn't, don't allow our email. Don't allow that that from field to display our domain. It's essentially saying check here to make sure that it's legit. But again, you have to implement this. It's not something that is natively

part of the email protocol. Now. I've received countless phishing emails over the years, and my favorites are the ones from companies or banks that I have never done any business with. But even those types of obvious scams can fool people. They might think, Hey, I might be able to get some free money because these folks think I have cash in their coffers, so I'll just play along, and I can essentially get some poor SAPs doughe just because they happen to have the same name as I

do that stinks to be them. Only it turns out that the SAP all along was the person who received the email, because they will end up handing over sensitive information to an attacker rather than getting hold of someone else's money. A phishing attack doesn't need to get that many hits to be a success. Is a pretty cheap way of attacking people. It's not expensive to mock up an email that looks like it came from an official source, and it's also not that expensive to email hundreds of

thousands of people. It's pretty easy to do so if you cast a wide enough net, you're sure to get some hits. There might not be a lot, but you don't really need a lot to actually make it profitable. So it's not an efficient way to trick people, but it can still make you money, though not at a super high profitability. But also you would be a total scumbag for doing it if you try chose to do this kind of stuff. So that's fishing. What is spear fishing because that's been the news quite a bit with

this d n C stuff. Well, as I mentioned earlier, we're moving from the general to the more specific. So spear phishing is phishing. It uses the same sort of general approaches phishing, except this time the target is a defined one. Instead of it just being a widespread blanket attack against anyone and everyone, this is a targeted attack. It's targeting a specific company or organization. The emails or other messages take aim at the people who work in

those organizations or for those companies. The attacker might tailor their approach specifically for the target. They might be able to use the target's actual name in the email. UM that's a pretty smart move. Actually, it's likely to increase

the number of successful hits. So rather than sending out generic hey you've got some cash and X bank that you need to retrieve, or dear Amazon customer, we see you overpaid on your last order, so fill out this information for a refund, a spear fisher might take aim

using details that apply to a specific targeted organization. The actual emails might not look that different from general phishing ones, though they may contain more specific information, they use similar language because again, they're trying to leverage those principles of influence that all humans are vulnerable to. A spear phishing attack could take the form of an email claiming to contain a security patch or a system update that supposedly

a company wide policy. The email would claim to guide employees to bringing their computers up to date, but actually they would install a malicious piece of software. Are a good old friend, you know malware and malware can take lots of different forms, but typically with phishing attacks, the malware's purpose is to facilitate the transfer of stolen information. It might allow a back channel of access to a system's computers, you know that backdoor access that allows a

hacker to take administrative control of a computer. Or it might contain a key logger which will record every keystroke made on that computer, which is an effective way to steal someone's user and aim or password. Or it could be lots of other stuff too. Worse yet, it could contain a file or a link to a page that would take advantage of a zero day exploit. This is a vulnerability that exists in some form of software or

operating system that has yet to have been published. It's very possible that the entity that made the software has no way of knowing that it even exists. Zero day

exploits are incredibly valuable to hackers. If you find one and you know that it hasn't been published, then you know that you have a really good chance of that zero day exploit having a huge impact if you wrap it in some other attack, So you could compromise a target computer or an entire system, and you give an attacker access to that machine or the entire network that machine is connected to, at least as far as the

target would be able to access. And then if you had escalation software in there, you can even escalate so that you elevate the the status to admin levels test that gives you unfettered access to the system. The spear phishing attack might look like it came from another employee requesting access to certain types of information. It could look like it came from a finance department saying, we need you to pay this uh this invoice, so just give

me your your information here. The larger the organization the easier it is to slip something like this through, because it's not likely that everyone's going to know everyone else. The smaller the organization, the more you might say, I'm just gonna walk over to Sue's desk and find out if Sue actually sent me this email, and that would obviously the work against the the intent of the hacker. Next, I'm going to share a whale of a tail with you me, lads, but first let's take another quick break

to thank our sponsor. Okay, so we've defined fishing, and we define spear fishing, but what is whaling. Whaling refers to phishing attacks that are then more specific than spear fishing. These attacks target high ranking executives the the whales, or they might be high ranking members of an organization. These targets have the most potential access to an organization, and it's confidential information, so they have a very high value attached to them. The attacker stands to gain the most

from compromising that kind of target. Also, some of them are really really not computer savvy, and as such they can fall for tricks way too easily. I say this having met a lot of executives who seem to have only a cursory understanding of how technology works. Uh. As they age out of leadership positions, then we see a

little bit less of that. But we always got to remember that typically leadership tends to be older, you know, than your rank and file employee, and because technology changes so quickly, it's very possible for the older members of any group to have less knowledge about the most current and potentially most dangerous uses of tech. So whaling again

follows similar tactics as phishing and spear fishing. It could be a much more specific message designed to give the best possible chance for a successful hit, but otherwise it's pretty much the same as what we've already covered, So I'm not gonna waste time rehashing what I've already said. Just remember that the specificity I talked about earlier will be even more so for whaling. You will have messages that call out the executive by name. It might use

names of people the executive actually knows. It might even use a spoofed email address so it seems like it's coming from someone the person knows. Of course, the closer the friendship, the more you run the risk of not sounding like that person, which could set off red flags in someone's mind. They might say, huh, soon never talks to me like this an email that would end up being an issue, But otherwise you have a much greater chance of getting a succes us. As always, you should

use critical thinking whenever you get a message. It's best to do so. And while I've focused on email again, those phishing attacts could come through other channels such as instant messaging or similar communication channels, or even through spoofed websites. So using critical thinking and just paying attention can really save you a lot of heart heartache in the long run.

So here's some basic rules you should follow. First, try to make sure an incoming message is in fact from a legitimate source, particularly if there's an attachment to the email or if it's asking you to hand over information. That might involve digging a little deeper if the attacker bothered to forge an email field, so if they forge that from field, then you might need to check the source code just to make sure that in fact it

is legitimate. And then you might even ask like, well, why are they asking for this information and why should it be done over email? That's not necessarily the most secure way. In fact, You should really never send confident ential information like user names, passwords, credit card information, wire transfer information, anything like that over email or an instant message system because most of the time those are not secure.

They're not a lot of them are not encrypted. So even if the person contacting you is completely legitimate, if they are on the up and up, you totally trust them. They're not gonna do anything to to to mess with you the channel. If you're using a channel that's unencrypted, someone else could potentially get hold of that information. So it may even be that a third party could get

hold of this information. It's just not a smart move to send that kind of stuff over email or instant messager, and most legitimate communication will never require you to send in sensitive info over email. Rather, you would have to visit a legit website that's verified and secure. You look for that little lock in the U r L bar, and you make sure that the website you go to actually belongs to the company or entity that it's supposed

to belong to before fill anything out. Third, if you're in a company or organization and you receive a message that seems hinky and it's catered to you or to your company, you should probably let someone in I T know about it so that they can be on the

lookout and perhaps issue a company wide alert. Because even if you don't fall for this, if it's a spear fishing attack that's targeting people who belong to the same organization you do or the same company you work for, all it takes is a couple, maybe even as few as one positive hits to make a lot of damage. So if you notice something, you say something, it gives you the best chance to not have your company or organization fall victim to these kind of attacks. This is

really serious business. So let's take another look at the U S. D n C phishing attacks in twenty sixteen that I mentioned earlier. So what actually happened in those attacks. Well, according to a joint report from the Department of Homeland Security and the FBI, two groups which the report labels a P twenty eight and APT twenty nine, breached the d n C servers through phishing attacks. APT, by the way,

stands for Advanced Persistent threat. The first attack started in the summer of The group behind the attack was APT twenty nine. The attackers sent emails to more than one thousand different addresses attached to the d n C, and the messages contained malware attachments. They were posing as a normal file. It looked like an innocent file. Opening the file would install the malware on the target machine. The malware established an encrypted communication channel between the compromise systems

and APT twenty nine. The malware also could escalate privileges, meaning the malware was able to trick computers into giving the attackers admin level access to the system so they could steal information send it back to their own computers over this encrypted channel of communication, and because of this they were largely undetected for a while. The second attack

happened in that was a P twenty eight. They sent out an email to a large number of people in the d n C. The email posed as an organization wide policy that would require users to reset their passwords, saying passwords have expired. You need to go and follow this link and reset your password. So they would go to a link and that led to a website that was made to look like it was an official d NC site, but in fact it was a phishing site, so they would guide users to enter their user names

and their passwords and a new password. Ostensibly so that they could reset their passwords, but in reality, the hackers were gathering log and credentials and they were just shipp shipping them straight to APT. The investigation into those attacks is still ongoing, but from what we know, it seems pretty certain the attackers were Russian civilian and military intelligence services. So you have a group of Russian hackers targeting a United States political parties UH systems, and that's a big

scary thing. No matter what country you live in or what country uh you know, no matter which countries are involved, this kind of attack is a serious thing where one country is trying to influence the political outcome of another country. I don't care who you are. That's terrifying. The United States, by the way, has done not necessarily cyber crime kind of stuff like this, but the US certainly has a long history of trying to influence other nations and their

political proceedings. So I'm not saying the US is innocent of those kind of things either, But it is terrifying to look at the way that you can actually leverage human psychology and have a big impact like this, And honestly, I think that's the most troubling thing about fishing attacks because they don't have to be sophisticated. There's no need to craft a super tricky code. You don't have to sit there and secretly infiltrate a computer system. Phishing works

not because of the technology. I mean technology facilitates it. It makes it easier to steal information. But phishing works because of the way we humans work. It works because we're fallible. We can be tricked, we can be influenced. It shows yet again that no matter how secure a system is, no matter what technology you have put in place, the system is really only as good as the people

who have access to it. If you design the world's most secure bank vault door and it has biometrics and voice activation and all this kind of stuff where only a select few are able to ever access it, and then I leave that door open while I dash off to go grab lunch, it doesn't do you any good. I have practiced very very very bad security protocol. Phishing works because we humans will often take these mental shortcuts and we won't use critical thinking. And it doesn't need

to work every single time. In fact, pending upon the attack, it may need to only work once. So if there are ten thousand employees of a company, and you just need just one of them to click on a malicious attachment. That means all you need is a point zero one percent success rate. It does not have to be great, it just has to work once. So it's no surprise that there's so many phishing attacks out in the wild. They get results, and they don't need a lot of

people to fall for them to be effective. That's all Also why there's a lot of crappy ones out there, because why put in the effort to design something really, really good If you can still get hits with something that's crappy. That will save you time and effort. So just go ahead send the crappy thing out. You won't get quality hits, but you'll still get hits. To defeat phishing scams, we can institute different protocols and protections to help weed out spam emails before they ever get to

a user, and obvious scams that kind of thing. We can blacklist certain uh I P addresses, but ultimately we have to rely on people resisting those attempts to influence them and use a bit of critical thinking. Now. I know I've talked a lot about critical thinking over the last two weeks, I'm gonna give it a rest. I'm gonna switch gears for the rest of this week, sort of.

I always try to use critical thinking whenever I'm putting a show together, so there is some going on in the back end, but I'm not gonna harp on about it anymore for the rest of this week. Instead, we're going to talk about speech recognition, natural language processing, and voice assistant slash virtual assistant slash. It's hard to come up with a name for them, but you know, I'm talking about your series, your Alexas, your Google assistants, that

kind of thing. So that's where we're going to concentrate on for the rest of this week. If you guys have any suggestions for future episodes of Tech Stuff, whether it's a specific technology, maybe it's a policy relating to tech. Maybe it's a company or a person in technology. Maybe there's someone you want me to interview or have on as a special guest, Please let me know. Send me a message. My email address for this show is tech Stuff at how stuff works dot com, or you can

drop me a line on Facebook or Twitter. The handle for both of those is tech Stuff hs W. Don't forget to follow us on Instagram and I'll talk to you again really soon. For more on this and thousands of other topics, because it how stuff works. Dot com