When Cybercrime Gets Personal
Easy Prey
Most security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage. My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and...
info_outline
Stopping Phone Scams
Easy Prey
Phone scams get dismissed as background noise or just annoying interruptions and unknown numbers with robotic voices we learn to ignore. But behind that noise is an industry built on psychology, automation, and staggering profitability. My guest today is Alex Quilici. He’s an engineer, entrepreneur, and the CEO of YouMail, a company focused on protecting consumers and businesses from unwanted and fraudulent calls. Alex has spent years analyzing how robocalls and scam campaigns are designed, how they evolve, and why they continue to work despite better technology and increased awareness. What...
info_outline
Stolen Identity - Stolen Peace
Easy Prey
Identity theft gets talked about a lot, but usually in the abstract: freeze your credit, watch your statements, don't click suspicious links. What doesn't get talked about nearly enough is what it actually feels like when someone isn't just using your card number, but is actively living as you. My guest today is Brooklyn Lyons. She's 25, recently married, and by her own admission, had no particular expertise in fraud or cybersecurity before October of 2024. That changed when her car window was smashed in a parking lot, and her work bag, laptop, wallet, driver's license, and everything...
info_outline
Inside Modern Fraud
Easy Prey
Fraud doesn’t always announce itself with obvious warning signs. Quite often, it shows up wrapped inside something that feels routine — a purchase you’ve made before, a link that looks legitimate, a message that arrives at just the wrong moment. Nothing feels suspicious, so your guard stays down. By the time questions start forming, the transaction is already done. My guest today is Iremar Brayner. He’s spent more than 15 years working in fraud prevention and risk management across payments, retail, ride-hailing, fintech, and digital marketplaces. In his role at G2A, he leads fraud...
info_outline
Money Laundering
Easy Prey
Organized crime is often imagined as something violent, chaotic, and obvious. But today, it looks far more polished than that. It operates like a multinational business, spread across borders, built on trust networks, specialization, and efficiency rather than brute force. This episode looks at how modern scams, fraud, and money laundering actually work and why they’re so hard to spot before serious damage is done. My guest is Geoff White, an investigative journalist who has spent decades covering organized crime, cybercrime, and financial fraud. His reporting has appeared on BBC News, Sky...
info_outline
Critical Infrastructure Risks
Easy Prey
Most cybersecurity conversations focus on stolen data, breached accounts, and attacks that live entirely on screens. This episode looks at a far more consequential threat: what happens when cyberattacks target the physical systems that keep society running. Power, water, transportation, and manufacturing. When those systems fail, the consequences aren’t just digital. They’re immediate, visible, and sometimes dangerous. My guest is Lesley Carhart, Technical Director of Incident Response at Dragos, a cybersecurity firm focused exclusively on protecting critical infrastructure. Lesley...
info_outline
Familial Identity Theft
Easy Prey
Identity theft is usually framed as an external threat. Hackers, data breaches, anonymous criminals operating somewhere far away. This episode looks at a much harder reality to face: identity theft that happens inside families, often quietly, over many years, and without immediate detection. The damage isn’t just financial. It reshapes trust, relationships, and a person’s sense of stability long before anyone realizes what’s happening. My guest is Axton Betz-Hamilton, an associate professor of financial counseling and planning whose research focuses on familial and child identity theft....
info_outline
Exploiting Trust (Part 2)
Easy Prey
Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world. With...
info_outline
Exploiting Trust (Part 1)
Easy Prey
Most security failures don’t start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn’t open, or that a machine “just works,” or that no one would ever think to look there. Over time, those small assumptions stack up, and that’s where things tend to go wrong. Today’s guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind...
info_outline
Surviving a Ransomware Attack
Easy Prey
A ransomware attack doesn’t always announce itself with flashing warnings and locked screens. Sometimes it starts with a quiet system outage, a few unavailable servers, and a sinking realization days later that the threat actors were already inside. This conversation pulls back the curtain on what really happens when an organization believes it’s dealing with routine failures only to discover it’s facing a full-scale cyber extortion event. My guest today is Zachary Lewis, CIO and CISO for a Midwest university, a 40 Under 40 Business Leader, and a former Nonprofit CISO of the Year....
info_outlineMost security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage.
My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and eBay, and she brings a distinctly mission-driven lens to the work, shaped equally by a career in business and a background as a Krav Maga instructor.
Unit 221B operates less like a typical security vendor and more like a specialized investigative unit, with a team that includes tenured ransomware experts, incident responders, and former law enforcement, all focused on one outcome: criminal arrest. May has seen firsthand how ransomware gangs operate with their own codes of conduct, how a younger generation of cybercriminals is throwing those rules out entirely, and why paying a ransom is increasingly a bet that doesn't pay off.
We talk about why social engineering has overtaken technical hacking as the dominant attack vector, what organizations and individuals should never do in the aftermath of a breach, and how crimes against children online often go unreported for the worst possible reasons. May also shares a story from her own experience being scammed on eBay, and what she did about it, which tells you everything you need to know about how she approaches this work.
Show Notes:
- [1:28] May shares her background and how she came to lead Unit 221B, a threat disruption company serving enterprises, law enforcement, and government.
- [1:41] May traces her path into cybersecurity, explaining how a lifelong sense of justice and a friendship built through Krav Maga training led her to a team of investigators doing real criminal work.
- [5:55] May recounts being scammed while selling luxury shoes on eBay, describing how a fraudulent PayPal email convinced her the sale had failed after she had already shipped the item.
- [8:22] Rather than accepting the loss, May engaged the scammer directly, intercepted her own shipment through FedEx, and used a photoshopped payment screenshot to flip the situation on him.
- [11:36] The story ends with May recovering her shoes, followed by a candid note that this approach carries real risk and is not something she would recommend to others.
- [12:57] May outlines Unit 221B's core work, including criminal investigations, threat intelligence, pen testing, and incident response, all oriented toward federal prosecution and criminal arrest.
- [16:52] The evolving threat landscape, contrasting professional ransomware organizations that tend to honor agreements with a younger generation of cybercriminals who operate without limits.
- [18:44] May describes this younger criminal group in detail, noting members are predominantly 14 to 26 years old, English-speaking, and motivated as much by social status as financial gain.
- [21:49] May explains why wiping systems and restoring backups after a breach is one of the most damaging mistakes an organization can make, eliminating evidence and removing any path to prosecution.
- [23:04] She walks through Unit 221B's incident response process, covering digital forensics, insider threat identification, and determining who is behind an attack before advising on next steps.
- [26:32] May addresses the ransom payment question directly, recommending against paying as a default while acknowledging that knowing your adversary is essential to making the right call.
- [28:04] The discussion covers the legal and PR dimensions of a breach, including notification obligations and why some organizations choose to go public about what happened.
- [31:08] May pushes back on the perception that law enforcement doesn't help, explaining that federal agencies are understaffed and must prioritize cases, but are genuinely committed to the work.
- [34:08] The issue of victims deleting evidence before reporting, and how frequently this forecloses any possibility of investigation or prosecution.
- [34:55] The conversation turns to crimes targeting children, including sextortion, and why open dialogue between parents and kids is critical to getting victims to come forward before lasting harm is done.
- [37:18] May reflects on a keynote she gave at Harvard's Bold Conference for young women, describing the tension between advice to build an online presence and the real safety risks that come with it.
- [38:51] May shares practical security guidance for young people online, including being mindful of what appears in video backgrounds, using strong passwords, and enabling two-factor authentication.
- [40:35] May identifies AI-assisted attacks and social engineering as the two most significant forces reshaping the threat landscape, with technology now available to both attackers and defenders equally.
- [43:45] May describes Unit 221B's invite-only intelligence platform, which brings together top investigators, law enforcement, and private sector experts to collaborate and move cases forward.
- [45:10]Listeners can find Unit 221B at unit221b.com and on LinkedIn, and anyone facing a threat or needing guidance can reach out.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.