Easy Prey

Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim.

Rethinking Online Anonymity with Lance Cottrell 11/20/2024

Rethinking Online Anonymity with Lance Cottrell In a world of cybersecurity and online privacy, anonymity seems to be the key. VPNs are often promoted as the cure-all to our internet needs. Let’s talk about some of those misconceptions. Today’s guest is Lance Cottrell. Lance founded Anonymizer in 1995 and is an internationally recognized expert in cryptography, online privacy, and internet security. He is the principal author on multiple internet privacy and security technology patents. Lance stayed on as Chief Scientist as Anonymizer was acquired by Intrepid, and now advises start-ups through his platform. Show Notes: [1:09] - Lance shares his background and how he spent the start of his career and into founding Anonymizer. [3:03] - To continue destigmatizing being a victim of a scam, Lance shares his own experience as a victim himself. [5:38] - In-person scammers are very believable. They learn through building a relationship the things that you want. [9:47] - There are two reasons why people commit treason - revenge and justice. [10:42] - Prior to founding Anonymizer, Lance had fantastic access to the internet in the early 90s and became involved in the open-source community. [13:58] - Lance describes how Anonymizer did business-wise and where it capped. [17:40] - There are different types of customers for Anonymizer, general consumers as well as government entities. [20:30] - There were certainly times where someone would come to Anonymizer and they had done something that was really pretty dire. [23:28] - Anonymizer was able to develop some new technologies that Lance describes. [25:35] - If you need to trust someone, research who that someone is and understand if you can. [27:11] - The biggest mistake is thinking your IP address is the important thing. [29:19] - Actually achieving anonymity or pseudonymity and maintaining overtime is incredibly challenging. [31:09] - Human behavior tends to give away anonymity. [33:47] - People don’t think anywhere near enough on the threat model. [34:58] - When are VPNs actually beneficial? [37:32] - Be very specific about what you want to protect. [40:05] - Obsession and trying to run your life around trying to be anonymous is not helpful. [41:41] - Lance discusses some of the interesting aspects of the psychology of criminals. [43:10] - Lance shares some parting advice and the basic things to do to stay protected. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33358852

AI: Double-Edged Sword for Cybersecurity with Vincent LaRocca 11/13/2024

AI: Double-Edged Sword for Cybersecurity with Vincent LaRocca Cybersecurity is more crucial than ever. It’s essential that we proactively safeguard our data and recognize that no one is immune to attacks. We are all vulnerable. As malicious actors continually enhance their tactics, we must stay one step ahead by consistently improving our defenses. Today’s guest is Vincent LaRocca. Vincent is the CEO of CyberSecOp with the commitment to protecting sensitive data and mitigating cyber threats. With over two decades of experience, Vincent has successfully steered CyberSecOp to become one of the world’s fastest growing managed security providers, specializing in cybersecurity assessments, breach management, and risk management consulting. Show Notes: [1:15] - Vincent shares his background and how he found himself working in cybersecurity. [2:40] - Even the experts are vulnerable. Vincent shares an experience he had with fraud at his bank. [4:16] - Cyber threat trends are moving to AI. [6:19] - As consumers, we need to be aware of how AI is using our data and what we give it permission to have access to. [8:19] - AI isn’t going anywhere. It will continue to grow and develop. [9:16] - Threat actors are unfortunately usually one step ahead of defenses. They are using AI to exploit vulnerabilities. [11:54] - AI gives threat actors even more reach. The number of incidents and scams are extremely high and will multiply. [13:59] - Small organizations and business owners are hit pretty hard by breaches since they often do not have a cybersecurity team. [16:09] - Vincent shares some of the traits and qualifications that are good to look for in cybersecurity professionals for small businesses. [19:07] - Defenses are built against things that we know about, not things we don’t know about. [21:27] - There are things that can be done that are free or more cost-effective. [23:40] - There’s no point in putting a fancy lock on the front door if there’s nothing protecting the back door. [27:06] - Even if an organization has invested in cybersecurity and knows how to keep data safe, if their partners or vendors do not, it means very little. [28:31] - There are so many breaches that have happened that we don’t even know about and our data is out there mixed in with so much more. [30:31] - We are a part of an AI revolution currently and the landscape of AI will be completely different in just a few years. [33:58] - The tools for cybersecurity, including machine learning, are improving every day as well. [37:09] - Don’t turn a blind eye and assume you can’t afford protection. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33315662

Understanding and Avoiding Triangulation Fraud with Soups Ranjan 11/06/2024

Understanding and Avoiding Triangulation Fraud with Soups Ranjan As consumers, we may realize the need to be vigilant by using two-factor authentication and password managers, but there are so many scams out there that can impersonate legitimate organizations, websites, and people. We really can’t let our guard down. Today’s guest is Soups Ranjan. Soups has over 18 years of experience in software engineering, data science, and risk management. He is the co-founder and CEO of Sardine. This behavior-infused platform offers fraud prevention, compliance, and payment solutions for various industries including banking, online marketplaces, FinTech, crypto, online gaming, and gift card exchanges. Previously, Soups led the Risk and Data Science teams at CoinBase, where he scaled the platform and enabled millions of users to buy, sell, and store cryptocurrency securely and efficiently. Show Notes: [1:15] - Soups shares his background and information about his company, Sardine. [4:30] - He has not been a victim of a scam online but did experience an in-person scam. [6:57] - Sardine works with a diverse set of clients. Trends differ based on the industry. One major trend is an increase in triangulation fraud. [9:07] - Once they have card details, they can pretty much do whatever they want with it. [11:40] - Even on a contactless card, using tap-to-pay, be careful. Don’t hand over your device. [12:43] - It is becoming increasingly difficult to verify the identities of merchants. [15:21] - There is a big rise in scams as a result of the demand for real-time money transfers and exchanges. [17:45] - Some scammers are instructing victims to install screen viewers and recording tools. [19:50] - Machine learning is used to help protect clients. [21:41] - There are intrinsic behaviors that Sardine monitors to watch for unusual activity. [24:41] - Soups describes some of the other types of data that is observed in addition to behavior. [27:08] - Soups explains 3D Secure and what the benefits of this system are. [30:41] - Dollars lost to scams have far surpassed the dollars lost to fraud. [33:37] - The United States is behind in regulatory measures. [35:59] - It is best to work with banks that take fraud and scams very seriously. [37:15] - Soups lists some of the red flags and be on the lookout for. [39:44] - It is extremely important to protect your email address in the same way you protect your bank account. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33280277

Finding Small Business Fraud with James Ratley 10/30/2024

Finding Small Business Fraud with James Ratley There are a shocking amount of businesses that ultimately fail because of fraud. Many managers and business owners are unaware of their losses because they do not have the systems in place to look for fraud and it may not be their primary concern. Today’s guest is James Ratley. Jim graduated from the University of Texas at Dallas with a bachelor’s degree in Business Administration. In 1971, he joined the Dallas Police Department as a police officer. He was on numerous task forces with a concentration on major fraud cases. He joined a major forensic accounting practice and was in charge of fraud investigations. In 1988, he was named the Program Director of The Association of Certified Fraud Examiners and in 2006, became the President. In 2011, he became the CEO and he retired in 2018 after 30 years there. James has been an adjunct professor, published author, and named by Accounting Today as one of the top influencers multiple times. Show Notes: [1:14] - James shares his background and the way his career panned out over 30 years. [3:35] - When the ACFE was established, there was no information or education around it at all. [5:09] - The average organization loses 5% of their revenue to fraud. Out of every ten people hired, statistically, six of them will steal from you. [6:46] - Fraud can be prevented and strategies to reduce fraud are typically inexpensive. [8:40] - It’s important for business owners not to be afraid to call it fraud. [10:25] - Fraud perpetrators believe they deserve what they’ve taken. [13:26] - It’s important for businesses to have strong management and leadership. Training is crucial. [14:18] - James discusses the most common types of fraud and how even the seemingly minor things could be detrimental. [18:24] - Fraud perpetrators are really good at hiding what they are doing and making the business owners believe it could never be them. [20:15] - Another strategy is to separate tasks out and be strict about them. [21:37] - Surprise cash counts is another good strategy. [23:13] - There are no small frauds, only frauds that have not had time to reach maturity. [25:44] - You impact rationalization through education. [29:16] - James lists some of the red flags that could indicate something more going on. [31:31] - There should be policies and regulations that purchasing officers are held to. [36:30] - Auditors must be completely independent. [40:10] - Some business owners will deny the problem is happening because it is hard to deal with and accept that someone they trust could be stealing. [44:35] - Many small organizations go out of business due to operating at a loss. Most of the time this is because of fraud. [47:25] - Never judge someone by the standards you have for yourself. [51:12] - Something to remember is that most fraudsters will steal in even numbers. [53:11] - In most cases that James has worked, the manager had seen all the signs, but never thought anything about it. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33142307

Truth and Lies with Mark Bowden 10/23/2024

Truth and Lies with Mark Bowden Now that so much of our communications are digital, such as texts, emails, and chats, we miss out on the tone and facial expressions to help us understand the intent and content in communication. It’s important to know ourselves well enough to know what areas we’ll be more easily influenced and are susceptible to being deceived. The greater our desire for something to be true, the easier it is for us to be scammed. Today’s guest is Mark Bowden. Mark is a world-renowned body language expert, keynote speaker, and best-selling author. He is the founder of the communication training company, TruthPlane. Mark is also a member of The Behavior Panel on YouTube. Show Notes: [1:08] - Mark shares his background and what motivated him to specialize in human behavior. [2:34] - There are parts of the brain that are activated when we first meet someone new. [3:56] - Think about how many people you see on a regular day. Some you will notice and some you will not. [7:03] - There are certain parts of the brain that can overwrite natural instinct. [10:02] - Mark demonstrates how body language changes when there is perceived risk. [14:50] - Body language signals can be perceived inaccurately. People can also change their body language to send different signals. [17:15] - So many signals that our brains rely on in communication disappear when we cannot see the person we’re talking to. [19:16] - Mark gives an example of how the human brain perceives the bait of a scam. [22:48] - The first step in critical thinking is to suspend judgment. [25:58] - “You can only con a greedy man.” Think about what you want so much that if it were offered, you lose your sense of judgment. [28:33] - If anyone ever tells you that something seems like it isn’t true, suspend judgment and look into it. [30:32] - It’s a risky world. There are people who have dedicated their lives to deceiving others. [35:13] - Part of critical thinking is asking other people whom you trust about what they think. [39:56] - Sometimes we will set people up to see how they will respond. [43:11] - It is best to have an open mind and be willing to see things for what they are over what you want them to be. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33129497

The Update That Broke America with Gabe Dimeglio 10/16/2024

The Update That Broke America with Gabe Dimeglio Many industries are reliant on software and if the software becomes corrupt or an update fails, it may require hands-on support. Do you have your infrastructure set for repair and recovery? Today’s guest is Gabe Dimeglio. Gabe is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission-critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analysis/risk mitigation, and compliance. Mr. Dimeglio serves as Vice President & Executive Advisor, Security, Office of the CTO at Rimini Street. He is responsible for oversight of the GSS organization that provides tailored consulting and advisory security services to prospects and clients, in collaboration with Rimini Street sales, client engagement, and retention functions. Show Notes: [1:18] - Gabe shares his background and what he does in his roles at Rimini Street. [2:38] - Anyone can be a victim of a scam. That includes Gabe. [4:03] - Scams are very sophisticated and techniques have come a long way in the last decade. [5:23] - Gabe describes what happened with the update that shut down much of the United States’ systems and infrastructure. [8:30] - To complicate things, the platform could not be restarted with this update in effect. [10:42] - Updates are sideloaded continuously and are processed by this kernel driver. The thought process is interesting because it has happened before. [12:37] - This was the biggest problem caused by Crowdstrike. [14:47] - One mistake out of 10,000 updates is a low error rate, but there is a lot of reputation damage done in this event. [16:50] - In the case of Crowdstrike, turning off auto-update was not an option. [18:43] - Any time software, programs, or data are introduced, you’re also introducing risk. [21:04] - Part of the solution to fixing this massive problem was hands-on support on every box. [26:13] - One problem is that there are some industries where technology is very outdated. [27:23] - People are selling their solutions and the solutions are cloud-managed. This is scary due to frequent cloud breaches. [31:10] - There are still businesses that have no security professionals or teams managing client data and safety. [32:53] - The skills gap is crushing most businesses. [35:03] - Security has come a long way, even if there are still areas of lack. [37:01] - For the last couple of years, security has been something that there is a budget for in most businesses. [40:49] - Don’t ever let anyone convince you to shortcut anything. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33040887

A Lesson in Crisis Management with Jeremiah Grossman 10/09/2024

A Lesson in Crisis Management with Jeremiah Grossman It’s not always easy to determine the value of digital assets. The potential of overestimating or undervaluing your data can make it difficult to establish how much protection you need for a cyber intrusion. Today’s guest is Jeremiah Grossman. Jeremiah has spent over 25 years as an InfoSec professional and hacker. He is the Managing Director of Grossman Ventures. He is an industry creator and founder of White Hat Security and Bit Discovery. He has his black belt in Brazilian Jiu-Jitsu and is an avid car collector. Show Notes: [0:53] - Jeremiah shares his background and what he does as the managing director of new venture capital, Grossman Venture. [1:55] - When he was 24, Jeremiah’s business was victimized by a data breach. [5:30] - This experience taught him that if you treat your customers with integrity and have their best interests in mind, they will keep doing business with you. [7:43] - These things happen to countless businesses. It is important to keep customers and clients informed. [10:27] - Cybercrime is one of the only crimes where the victim doesn’t always know they’re a victim. [13:30] - When it comes to solving these problems, we have to narrow in on the problems that are worth solving and then work for a solution. [14:53] - Doing an asset evaluation is a good starting point. There is no algorithm to determine the value of digital assets. [19:18] - What role does AI play in this and what should people be wary of? [20:31] - How do we raise the cost on the adversary? [23:12] - There are ways to bait adversaries as well which is an inexpensive solution. [25:17] - These days, adversaries are nowhere physically near the data. They access it all through digital means. [27:28] - Jeremiah is optimistic about AI and in his perspective, AI is a tool that will help us determine solutions. [28:07] - Currently, cyber insurance has become compulsory. [30:48] - Jeremiah explains how things work in venture capital and the problems that are common. [34:11] - There are many things that we can do better in this space. [35:46] - Jeremiah shares advice for small and medium-sized businesses. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/33040582

Pig Butchering Is Getting Worse with Erin West 10/02/2024

Pig Butchering Is Getting Worse with Erin West Pig butchering is worse than just manipulating someone and taking their money. It leaves them with emotional anguish. Once their finances have been drained, they lose their financial security and they no longer trust people. Today’s guest is Erin West. Erin has been with the County of Santa Clara for 26 years and is a Deputy District Attorney. She specializes in cryptocurrency investigations and prosecutions. Show Notes: [0:46] - Erin shares her background and what her role is as a Deputy District Attorney in Santa Clara County. [3:20] - Five years ago, Erin found herself working on prosecutions regarding SIM swapping and cryptocurrency hacks. [4:35] - The emotional impact of “just a financial crime,” is staggering. [7:38] - You never know who around you is a victim of some of these crimes. [8:18] - Erin describes the experience of being convinced to click a link herself. [10:32] - Scammers will think about different things that would trigger someone into clicking a link. [13:40] - Pig butchering involves building trust with a victim and showing them a false plush lifestyle. [16:08] - A red flag is a text or social media message you may receive that seems misdirected or to a wrong number. [19:21] - It feels like the right thing to do when we feel the need to respond to the scammer with a “you’ve got the wrong number,” but that’s how they start a conversation. [22:29] - In many cases, scammers bulk text a massive amount of phone numbers. But some people are specifically targeted on social media. [24:23] - Covid really accelerated this type of scam due to loneliness. [25:40] - A misconception is that these scams target the elderly. But it is not based on age at all. [27:03] - Unfortunately, law enforcement is not set up to be able to handle this type of crime. [28:18] - Erin explains that law enforcement doesn’t tend to always lead with empathy when this type of crime is reported. [30:12] - It is important to report the crime to local law enforcement, but there are other places that the crime can be reported to in addition. [32:50] - Victims should be able to speak to a detective. [34:33] - Victims should be very wary of third party recovery programs. [37:26] - On the other side of things, a scammer could also be a victim of human trafficking and being forced to scam others. [39:40] - Scams are being operated on a massive scale and have a front of a corporate business. [41:14] - Initially, most of the cases seemed to have money moved out of the country. However, recently scammers have been found to be operating in the US. [44:04] - There is some hope and opportunities in recent months where money laundering has been intercepted. [46:41] - Progress in education and advocating for less victim shaming is moving in the right direction. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32863137

Protecting Parents with Terri Proctor 09/25/2024

Protecting Parents with Terri Proctor Sometimes people only share their stories after they’ve gone through a challenging time. But it’s also important to learn from those in the middle of a scam to learn how people are manipulated and how vulnerable our loved ones can really be. Today’s guest is Terri Proctor. Terri’s elderly mother has been scammed by romance scammers over the last three years. In trying to get help from different recommended services, she realized that no one was really interested in helping. She started the non-profit Stop Elderly Scams to educate and bring awareness to the community. Show Notes: [0:53] - Terri shares her background and how she was thrown into her situation. Her experience led her to founding a non-profit. [2:28] - Over the course of a year, Terri’s mother lost about $100,000 to a romance scammer. [3:30] - Terri’s mother was not treated like a victim. She was treated as a willing participant. [6:01] - There were many reasons why Terri’s mother was vulnerable to manipulation, including loneliness. [8:23] - It is sad to see the comments online about victims of scams. [10:23] - The shame and embarrassment a lot of victims feel causes them to not talk about the problem or seek help. [11:57] - In the beginning, Terri admits that she had a lot of anger and frustration that was also focused on her mother. It is better to listen and try to reason. [14:54] - Terri’s mother was stopped by a store manager from buying more gift cards. The manager has expressed concern that she is not the only one. [16:51] - Part of the vulnerability of Terri’s mother is loneliness. [18:47] - Other types of scams tend to target the elderly. It is hard to keep up. [24:08] - How can we help our loved ones without taking away their independence? [26:21] - People should feel free to talk about these issues. Terri shares how her non-profit is helping educate and make a difference. [28:46] - It is challenging to find the balance in helping loved ones and making sure they have their autonomy. [29:59] - When you think you’ve learned about one thing or one scam, another problem pops up. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32776912

Technology Regulation is Outdated with Bruce Schneier 09/18/2024

Technology Regulation is Outdated with Bruce Schneier Regulators have to invest a considerable amount of time in keeping legislation and policy up to date regarding technology and AI, but it’s not easy. We need floor debates, not for sound bytes or for political gain, but to move policy forward. Today’s guest is Bruce Schneier. Bruce is an internationally renowned security technologist called The Security Guru by The Economist. He is the author of over a dozen books including his latest, A Hacker’s Mind. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. He is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University, a lecturer in Public Policy at Harvard Kennedy School, a board member of the Electronic Frontier Foundation and AccessNow, and an advisory board member of EPIC and VerifiedVoting.org. Show Notes: [1:40] - Bruce shares what he teaches at Harvard and the current interest in policy. [4:27] - The notion that tech can’t be regulated has been very harmful. [6:00] - Typically, the United States doesn’t regulate much in tech. Most regulation has come from Europe. [7:52] - AI is a power magnification tool. Will the uses empower the already powerful or democratize power? [9:16] - Bruce describes loopholes and how AI as a power magnification tool can mean something different in different situations. [12:06] - It will be interesting to watch AI begin to do human cognitive tasks because they will do them differently. [13:58] - Bruce explains how AI collaboration can be a real benefit. [16:17] - Like every text writer, AI is going to become a collaborative tool. What does this mean for writing legislation? [17:18] - AI can write more complex and detailed laws than humans can. [21:27] - AI regulation will be skewed towards corporations. Bruce explains how public AI could work. [23:46] - Will AI help the defender or the attacker more? [26:19] - AI can be good against legacy, but we need some sort of infrastructure. [29:27] - There’s going to be a need for proof of humanity. [32:29] - It is hard to know what people can do to help move regulation along. Ultimately, it is a political issue. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32542632

Threat Emulation with Andrew Costis 09/11/2024

Threat Emulation with Andrew Costis Security risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring. Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others. Show Notes: [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ. [3:49] - At the time of this recording, there has been a major global security panic. [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of. [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went. [9:33] - Pen tests and threat emulation do not need to be limited to just once a year. [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention. [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again. [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies. [16:41] - Andrew discusses the frequency of really critical CVEs. [19:01] - What do attackers go after when they’ve breached a system? [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable. [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset. [24:56] - If we run every test, the amount of data will be overwhelming. [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach. [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found. [30:18] - The red team is not going to be able to cover your entire organization. [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference. [33:50] - How are vulnerabilities and tests prioritized? [36:19] - Andrew describes the things his team works on and their objectives for customers and clients. [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach. [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32542482

Ransomware: To Pay or Not To Pay? with Amitabh Sinha 09/04/2024

Ransomware: To Pay or Not To Pay? with Amitabh Sinha Ransomware may not be on your machines due to your negligence or mistakes. It could be there because of third-party software you are utilizing. Do you know what to do if this happens to you? Today’s guest is Amitabh Sinha. Amitabh has a PhD in Computer Science and more than 20 years of experience in enterprise software, end-user computing, mobile, and database software. He co-founded Workspot in 2012. He was the General Manager of Enterprise Desktop and Applications at Citrix Systems. In his five years at Citrix, he was the VP of Product Management for XenDesktop and VP of Engineering for the Advanced Solutions Group. Show Notes: [1:03] - Amitabh shares his background and current role and contributions at Workspot. [4:35] - The first sign of ransomware in an organization is widespread blue screens and Microsoft machines shutting down. [5:40] - How does ransomware find its way to a device? [6:59] - Ransomware in your organization is not necessarily your fault. [10:37] - Amitabh describes how he has helped client organizations back up and running after having been infected with ransomware. [13:11] - Typically, it is not recommended to pay the ransomware, but it may be a viable option for some organizations. [15:59] - Most small companies are not prepared to prevent or handle ransomware. [17:34] - In most large companies, not all PCs are up to date on security patches. [20:41] - Cloud storage is much safer and can be accessed on other physical machines in the event that ransomware shuts down an organization. [24:41] - For those who work from home, sometimes multiple machines makes things even more complicated. [27:35] - What are you willing to pay to not have something happen? That’s how ransomware takes advantage of people. [31:20] - For small companies, there is typically an architectural solution, but that isn’t always viable for large organizations. [33:14] - Consider the critical functions of your organizations and what a plan could be if computers were not accessible. [34:37] - These types of attacks are more and more frequent. [36:44] - Amitabh is confident that AI will make preventing ransomware even more challenging. [40:38] - Most people have accepted that a lot, if not all, their information has already been leaked on the internet. But businesses are particularly vulnerable. [42:30] - A whole organization can be drastically impacted by just one machine being hit by ransomware. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32542257

Firewalls Don’t Stop Dragons with Carey Parker 08/28/2024

Firewalls Don’t Stop Dragons with Carey Parker We all use technology. Things like internet browsers, search engines, instant messaging, and payment apps. But we aren’t always aware of the data being collected. This information can not only impact your privacy, but those around you as well. Today’s guest is Carey Parker. Carey is the author of , a step-by-step guide to computer security and privacy for non-techies. He also hosts a podcast by the same name. He recently retired from a career in software engineering to focus on teaching others how to defend their digital devices and protect their personal data. Show Notes: [0:53] - Carey shares his background and what provoked the motivation for a career shift. [4:07] - If we all did the small things that protect privacy, we would all be stronger. [5:20] - Even if you have already shared a lot of your information online, it is not hopeless and it’s not too late. [6:32] - Your security and privacy overlap with other people’s. [8:35] - We need to be protecting privacy for all of us, not just ourselves as individuals. [10:17] - Carey explains why and how apps and companies collect data. [11:48] - Foreign governments would love to get their hands on the data that is collected by countless companies and apps. [13:53] - Data is valuable to software developers for honest reasons. Collecting data isn’t inherently bad. [17:16] - When determining what connection to use, you are trading off who you trust - your ISP, the public wifi connection, or a VPN. [23:10] - Carey shares some easy things you can change right now to protect your privacy. [25:25] - Companies love to get your email address and your phone number. These become unique identifiers. [27:05] - Search engines collect data as well. This is important to remember. [28:05] - Payment apps are another obvious type of website that collects data. Which ones should you avoid? [30:32] - There is value in social media. Make sure the things you post are not public by default. [32:19] - Metadata and location tools are used on any social media image. [34:37] - Messaging apps collect data and share it. There is a gold standard app though that Carey suggests. [36:31] - Email is trickier because it is open standard. It wasn’t designed with encryption in mind. [38:55] - Carey discusses automated AI systems like Alexa. [41:26] - When using AI tools, assume that the information is collected and could be public. [42:35] - Car privacy is horrible and there is almost nothing you can do about it. [46:18] - It is not true that you need to give up privacy for security. Carey discusses the differences. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32218217

Stopping Robocalls with Aaron Foss 08/21/2024

Stopping Robocalls with Aaron Foss Finding a solution to stop spam calls to you, your family, or your business isn’t easy. We may not win this war, but we don’t want the government making this decision for us. We can make it more manageable in the meantime. Today’s guest is Aaron Foss. After winning the FTC Robocall Challenge in 2013, Aaron started Nomorobo. Since then, Nomorobo has stopped billions and billions of unwanted robocalls and spam texts from reaching our phones, and it was acquired by Applause group in August 2023. Aaron has been featured in The New York Times, Wired, CNN, CNBC, Fox News, and countless other media outlets. He has testified in front of Congress, not once, not twice, but three times. Show Notes: [1:14] - Aaron shares his background as a serial entrepreneur in the intersection of technology and business. [3:57] - At the beginning, Aaron didn’t even know what a robocall was. [6:47] - Robocalls have this negative connotation. They can actually be good. But there are many that are unwanted. [8:13] - There are different types of robocalls and there is a differentiation between spam and scam calls. [10:08] - Aaron explains why spam emails are easier to block than robocalls. [12:20] - There are some robocalls that are necessary and helpful for some people. That is one reason why not all robocalls can be blocked. [13:40] - Not answering the phone is not a plausible solution. [15:50] - Nomorobo is basically a series of bots talking to other bots. [16:50] - Aaron describes caller ID and how spoofing a number is possible. [19:42] - This is such a big problem because the barrier of entry is low. [21:08] - It is amazing that we can call anyone in the world. But that also means that scammers can, too. [22:53] - This is a complicated problem, and the future solution is a combination of government regulation, companies like Nomorobo, and AI. [26:29] - We are never going to win the war, but we can keep it manageable. [29:45] - What is the role of the carriers when it comes to robocalls? [31:47] - Keeping scammers on the phone does not make the problem go away. [33:52] - Some scams are seasonal and some are evergreen, like Medicare calls. [36:26] - Aaron explains the different ways these scams can be done and the range of damage they can do. [39:56] - At best, this is an annoyance. But there are people in our lives that are vulnerable and less protected. [44:42] - Sometimes, Nomorobo users have to turn it off for specific reasons and specific calls they’re waiting for. [47:56] - This problem is an example of “death by a thousand papercuts.” [49:30] - There are some red flags and things you might notice if you answer robocalls that could indicate that they are scams. [50:46] - This seems like an easy problem to solve, but it is far more complicated than most people think. [52:00] - Aaron describes what it was like to testify in front of Congress. [56:43] - Listen and educate yourself. Talk to other people about these things. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32197022

Safety Can’t Be an Afterthought with Kris Burkhardt 08/14/2024

Safety Can’t Be an Afterthought with Kris Burkhardt Most businesses rely on some type of software, either for scheduling, payment, banking, customer lists, or something else. It’s important to know where this information is stored and what would happen if that software was hacked or you weren’t able to access it. Today’s guest is Kris Burkhardt. As Accenture’s Chief Information Security Officer, Kris leads a team of over 800 security experts charged with protecting company client and customer data. Show Notes: [0:49] - Kris describes his role at Accenture and what Accenture is known for in the security industry. [2:26] - Part of their program is sending phishing tests and Kris has failed one before as well. It happens, especially when we are in a rush. [5:39] - We are so highly connected that when something goes down, it impacts us in ways we never considered. [7:10] - Many small businesses rely on software service providers because there is a lot of good about them. But what happens when they go down? [9:56] - Defenders have to get it right all the time. [11:13] - The last ten years have seen an immense amount of growth in how we store data. We have to stay ahead of change when it comes to security. [13:59] - It is hard to understand how much we rely on technology. [17:34] - Kris describes a time when the CEO of Accenture was used in a deep fake and the threat actor was very clever. [21:17] - Kris believes that advances in technology will make it harder to pretend to be someone else. [23:20] - Children are growing up in a technological world and are naturally more skeptical and cautious as a result. [25:49] - Safety has always been an afterthought. [27:15] - Kris shares what he thinks scams and deep fakes will look like in the near future. [30:12] - Pay attention to things that don’t seem consistent. [32:57] - People feel like there is a trade off when it comes to efficiency and security. [39:37] - Having a plan ahead of time is absolutely beneficial in staying ahead of security problems. [44:25] - As deep fakes become more and more of a problem, Kris suggests having code words with family members. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32180522

Child Safety Tips with Steve Lazarus 08/07/2024

Child Safety Tips with Steve Lazarus Is it right for parents to be the ones to have to put limits on their children’s screen time or to monitor the content they consume? Knowing the impact of social media and kids can influence the decisions that are made. Today’s guest is Steve Lazarus. Steve is a retired FBI agent, crime fiction author, and Instagram influencer specializing in personal and child safety topics. Show Notes: [0:42] - Steve shares his background and his career history in the FBI and the military. [4:02] - For a long time, Steve was anti-social media. However, since the publication of his book, he has garnered a significant social media following. [5:50] - He started his Instagram with posts of things that he would never do as a retired FBI agent. [7:08] - Steve describes the post that went super viral on TikTok and Instagram. [9:00] - Parents need to know what their kids are looking at on the internet and control the amount of access they have online. [10:40] - Sextortion is a very real and serious problem, especially for young boys. [12:27] - Always report any case of sextortion or sexual content involving a minor. Law enforcement becomes involved immediately. [14:09] - Steve lists some of the things to look for when children and teens that could be red flags. [16:01] - The internet is on almost every device in your home. A child’s access is not limited to just a computer. [17:59] - Covid did not help the increasing amount of time children spend online. [20:52] - We’re asking kids to have good judgment without teaching them how. [22:13] - The first question that needs to be asked by anyone, but especially a child is, “Do I know this person?” [26:07] - To deal with the digital world now, common sense is crucial and we can’t take everything at face value. [27:56] - A relatively new issue is AI generated images that are very convincing and look so real. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/32180447

Fraud: Not Going Away with Steve Lenderman 07/31/2024

Fraud: Not Going Away with Steve Lenderman Synthetic IDs can be used to open fake accounts, but without a person to file the fraud claim, how should companies deal with this type of deceit? There is no crime where someone doesn’t need to pay for the loss. Either way, the loss is passed on to the consumers in some way or another. Today’s guest is Steve Lenderman. Steve is currently the Head of Fraud Solutions North America at Quantexa and has over 25 years of experience in financial crimes investigation. His previous roles include being the Senior Vice President of Fraud Prevention Investigations at Bank Mobile Technology, the Director of Strategic Fraud Prevention at ADP, and the Fraud Operations Lead for PayPal Business Loans. He is a certified fraud examiner and actively contributes to the anti-fraud community. Show Notes: [1:07] - Steve shares his background and what his current role is at Quantexa. [4:04] - For those who are interested in a career path in cybersecurity or fraud, Steve has some tips. [6:07] - What is synthetic identity? Steve describes what it is and why we should be concerned about them. [8:59] - Although still mostly built around financial data, synthetic IDs have also morphed into other nefarious uses. [10:56] - All fraud in general is underreported, but synthetic IDs are extremely underreported, so data is not accurate, although still very high. [12:37] - Synthetic IDs can be used to open a credit card and then after several purchases, fraudsters leave the card open and unpaid. [14:21] - Some think that synthetic IDs and fake accounts are victimless. [18:59] - To understand how fraud works, Steve had to create synthetic IDs. [22:15] - Over the years, it has gotten even easier to do, which is alarming. [25:13] - Credit repair using a CPN is illegal fraud using synthetic IDs. [26:40] - Synthetics are all built around data and the ease of collecting data in the last few years has increased the ease of creating them. [27:57] - Criminals have learned that they can use synthetic IDs in more ways and in more industries. [31:04] - Small businesses are particularly easy targets for synthetic ID use. [33:16] - It is possible for synthetic IDs to also be used to create a new business. [34:53] - Technology has also made it possible for a deep fake to be created to match a synthetic ID. [36:49] - A lot of synthetic IDs are created with unused credit. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31839962

Phishing Attack Awareness and Training with Josh Bartolomie 07/24/2024

Phishing Attack Awareness and Training with Josh Bartolomie Criminals do their own recon to study how vendors craft their emails and how they can structure them to match. Scammers know employees are busy and that they want to act promptly on requests, but they also understand it takes time to verify the validity of the email. How do we train employees to know what is real and what isn’t? Today’s guest is Josh Bartolomie. After joining Cofense in 2018 as the Director of Research and Development, Josh currently serves as the Vice President of Global Threat Services. He has over 25 years of IT and cybersecurity experience. He designed, built, and managed security operations centers, incident response teams, security architecture, and compliance for global organizations. Show Notes: [1:08] - Josh shares his background and what he does in his current role at Cofense. [4:06] - After all these years, email continues to be an easy way for scammers to target many people at one time and victimize a percentage of them. [5:52] - Wherever there are a lot of people, that is where attackers will go because that is a bigger pool of success for them. [7:08] - You used to be able to block emails with an unsubscribe button, but now we rely on those emails, too. [9:50] - The goal is not to stop them altogether, because at this point it isn’t possible. The goal is to dissuade people from clicking links and trusting emails. [11:47] - With AI and LM, crafting emails has never been easier for scammers. [13:48] - Organizations get hit in different ways, but HR generally gets targeted a lot. [16:54] - Intellectual property theft is also a part of email crafting. [20:14] - Chris shares the story of an unfortunate experience. [25:10] - Acknowledge that these things do happen and they can happen to you. [27:33] - Always call the vendor. It’s an extra layer and extra work, but never trust an email that says something has changed when it comes to finances. [28:54] - Organizations should have a strong reporting culture. [30:55] - Employees can report emails that seem suspicious. The majority of them are spam emails, rather than scams, but they should be reported. [34:02] - What constitutes a spam email? What is the difference? [36:13] - Organizations tend to cut IT and cybersecurity when there are budget cuts. [39:18] - This is changing every single day. [41:46] - Scammers collect data and create profiles. They are very sophisticated in their strategies to target organizations. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31839937

Consumer Education for Fraud Protection with Doug Shadel 07/17/2024

Consumer Education for Fraud Protection with Doug Shadel Some scammers love the challenge of deceiving those they target while others are forced to scam. Those that thrive off of destroying others try to heighten your emotions very quickly. Both excited and angry responses can get you into making irrational decisions. Today’s guest is Doug Shadel. Doug is a former fraud investigator and special assistant to the Attorney General at the Washington State Attorney General’s office. He served as state director for AARP Washington and Strategy Director for AARP’s national anti-fraud efforts. Doug has collaborated on numerous educational videos and academic studies and co-authored five books about fraud. He also co-authored the AARP Fraud Frontier 2021 Report. He is currently Managing Director of Fraud Prevention Strategies LLC, a Seattle-based consulting firm. Show Notes: [1:08] - Doug shares his background and career in fighting fraud. [2:43] - Robo-calls have been a long lasting problem that Doug has been working on with AARP and Nomorobo. [7:11] - Over the years, Doug has interviewed numerous scammers. They all say their primary goal is to get a victim in a heightened emotional state. [9:07] - Doug describes the research that shows when people are in a heightened emotional state, they are more likely to fall victim to a scam. [10:57] - Block the incoming robocalls to begin with to help avoid a scammer manipulating you into a heightened emotional state. [13:17] - It still is very dangerous to answer these phone calls because a lot of them are really persuasive and really good at what they do. [14:34] - There isn’t a specific demographic profile. Doug explains what people who fall victim to a scam have in common. [16:49] - The FCC has come down hard on robocallers, but this has just caused scammers to be more careful and even more skilled. [18:09] - Have you recently received calls asking for a donation? Doug describes how these work. [21:12] - The number one red flag of a robocall is the threat of loss. [25:22] - Caller ID is not reliable. It is very common and easy for scammers to spoof a call. [27:48] - There are some legitimate needs for people to be able to spoof a call. [29:42] - Assume it is a scam if you did not initiate the contact. [33:08] - By and large, scammers will not cause violence on a victim, even if they threaten them. They follow the path of least resistance. [36:02] - Doug describes some software he uses to edit videos that incorporates AI. These tools are great, but are also used by scammers. [39:26] - Grandparent scams are really common. Doug describes what people have said after falling victim. [40:40] - There is an illusion of invulnerability. If you are convinced that you are not vulnerable to something, you won’t do anything to prevent it. [43:04] - There’s a lot more money for scammers to make in scamming an employee of a large company than individuals. [46:10] - The pandemic also had a big impact on the scamming industry. [50:50] - The AARP Fraud Watch Network Helpline is 1-877-908-3360. [53:00] - Always report a scam when you know of one. It helps more than you know. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31809422

Educating Teens About Technology is Necessary with Clayton Cranford 07/10/2024

Educating Teens About Technology is Necessary with Clayton Cranford Please stop yourself from saying, “This could never happen to me or my family.” We can all have vulnerable blindspots when it comes to those we love being exploited or endangered. Even the best trained educators can be manipulated into making a mistake. Today’s guest is Clayton Cranford. Clayton is the founder of Cyber Safety Cop. He is a retired sergeant from the Orange County Sheriff's Department who served as a school resource officer, juvenile investigator, and behavioral threat assessor. He is one of the nation’s leading law enforcement educators on social media, child safety, teen drug abuse prevention, and behavioral threat assessments. He is the author of the definitive parent guide to online safety, . Show Notes: [1:10] - Clayton shares his background as a school resource officer in 2012, which was the year that saw the adoption of smartphones by teens. [2:48] - It all amounts to a simple and common narrative: a good kid made a bad choice and a parent who had no idea what was going on. [4:08] - The turning point in Clayton’s career was his first day as a school resource officer. [6:14] - There are things that parents can do to absolutely make a difference. [8:20] - Technology has changed our kids, particularly their mental health. [10:06] - Schools and counselors are alarmed at the number of children who are struggling with anxiety and depression. [12:50] - Clayton shares some of the data that shows an increase in depression and suicidal ideation in teens. [15:40] - Parents could come together to make real change, but oftentimes, parents don’t often make a change until it's too late. [17:51] - A lot of parents are using devices to help their kids regulate their emotions. [21:06] - Boys tend to lean more into video games, but girls tend to spend more time on social media. There are differences in the effect on their brains. [24:52] - When it comes to friends, teens have gone from quality to quantity. [27:02] - Every new generation that is now exposed to social media from the time they are born are experiencing severe mental health concerns. [30:03] - Parenting styles have changed through each generation. [32:03] - Why are parents giving their children phones so young? [36:41] - Clayton says not to give your child a smartphone until high school. [37:48] - There are apps that you can put on your child’s phone that will help regulate screen time. [39:45] - Clayton discourages parents from putting technology, particularly mobile devices in your child’s bedroom. [40:49] - Parenting in a digital world is more about how to talk to your children than telling them what they should and shouldn't do. [42:16] - Snapchat is an especially big problem. How can we have this conversation? [44:51] - The number 1 app that puts drugs in a child’s hands is Snapchat. [45:50] - Your relationship with your child is important, but you need to be aware of what each app can do and what it can lead to. [47:10] - Parents are saying that they are glad they didn’t have the internet when they were growing up. [49:02] - Interacting online takes away the sense of consequence that we feel when we interact in person. [52:10] - The way kids think is normal. But they don’t understand the consequences of their online behavior. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31809287

Protecting Financial Accounts From Scams and Fraud with John Buzzard 07/03/2024

Protecting Financial Accounts From Scams and Fraud with John Buzzard Thieves used to rob banks and steal physical money, but in a digital world, it is much easier to sit behind a keyboard and deceive you into giving it to them. Fortunately, there are specific things you can do to protect your finances before scammers get into your accounts. Today’s guest is John Buzzard. John is a nationally recognized financial industry fraud expert who has delivered significant influence in credit card fraud, risk, and security services for financial institutions throughout the United States. Show Notes: [0:56] - John shares his background and what he does currently in the financial industry fraud space. [2:31] - Everything old is new again. Things come back in a cyclical fashion but have a new digital spin. [3:49] - There’s a price to pay for convenience especially if we don’t keep an eye on things and be aware of what can go wrong. [5:19] - Be conscious of where you bank and make purchases. [7:46] - Set up alerts so any activity in your bank accounts, including deposits, is made known. [11:34] - There are different viewpoints on freezing your credit. [17:15] - There are some capabilities in apps that can block certain types of activity. [20:35] - During and post-Covid, we have gotten into a “tap and go” contactless experience when making purchases. [22:20] - New payment techniques are safe. John discusses Apple Pay as something secure that he likes to use for safety and convenience. [25:40] - John explains card chips and what happens when they aren’t working. [27:59] - If there is fraud, it is handled differently if it is a chip transaction or a mag swipe. [31:01] - John shares an experience in wanting to create a new PIN for an account. [33:39] - What shouldn’t you share on social media to help prevent scams and fraud? [37:54] - When you have a complete stranger reaching out to you, no matter how they do it, they’re job is to get you disturbed and upset so that you react. [40:24] - Speaking in passcodes and passphrases is totally acceptable. That is often the thing a criminal does not have, even if they have your password. [44:16] - From a resolution standpoint, when you go to your financial services provider, as a consumer you do have rights. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31730987

AI: Doomsday vs. A Very Bad Day with Dr. Robert Blumofe 06/26/2024

AI: Doomsday vs. A Very Bad Day with Dr. Robert Blumofe After a data breach, many criminals are beginning to use deep learning AI to categorize the information they have stolen. They’re using a steady amount of micro attacks on individuals and businesses and not just full-scale assaults. Today’s guest is Robert Blumofe. Bobby joined Akamai in 1999 to lead the company’s first performance team. While serving as one of Akamai’s chief architects, he was instrumental in the design and development of their intelligent edge platform which now handles trillions of internet requests daily. Bobby’s technical past lends itself to a passion in machine learning and AI and he holds a PhD in Computer Science from MIT. Show Notes: [1:02] - Bobby shares his background and current role at Akamai. [2:32] - When he joined the company in 1999, he didn’t really know what Akamai did. [4:29] - Customers recognized that Akamai could have the capabilities to see all the traffic to their websites and potentially block attacks. [7:02] - Machine learning is really remarkable. Akamai has been using deep learning as a tool to solve problems for their security products. [9:25] - AI has become a big part of everything we do. [10:35] - The quantity and quality of the data used by AI is what differentiates the machine learning and models of an enterprise. [12:36] - Bobby discusses what the next five years could look like for cyber criminals. [15:24] - Criminals only need one success out of thousands or millions of targets. [17:32] - Social media platforms really do want to do the right thing but there’s only so much they can do. [18:39] - As a consumer, you have to be on guard and not necessarily trust where information is coming from. [20:42] - Any new significant development in technology is hard to differentiate from magic, especially in the early days of development. [23:04] - Machine learning is remarkable and as a technologist, Bobby wants to love it. But there are so many examples of misuse. [25:29] - Use the technology, but check the output. [29:10] - When solving a simple problem, does the AI really need to know everything? They access so much data that isn’t useful. [31:19] - Just because an entity can carry on a conversation, doesn’t mean it has authoritative knowledge. [33:04] - What is zero trust? [34:51] - A misconception is that AI will take over and plan like sci-fi movies. [39:11] - You need to have all the checks and balances in critical areas. [42:07] - Leadership in organizations needs to prioritize efforts and be very involved. [44:52] - We need to assume that AI will continue to develop and criminals will continue misusing the technology in new ways. [47:23] - The changes and advances have been so fast recently, that we may need the opportunity to pause. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31730837

Preventing SIM Swapping Scams with Mark Kreitzman 06/19/2024

Preventing SIM Swapping Scams with Mark Kreitzman AI search tools are being used by criminals to sort through data breaches and data dumps they’ve stolen to target as many individuals as possible. After your phone has been swapped, they’ll have the ability to access all your SMS messages and phone calls. But there are precautions you can take. Today’s guest is Mark Kreitzman. Mark is a seasoned cybersecurity expert with over 20 years of experience in building cybersecurity companies. Mark brings insights into evolving threats facing mobile security and data privacy. His expertise in our increasingly mobile world makes him a valuable resource in discussing how to mitigate your risks as it pertains to mobile communications. Show Notes: [1:02] - Mark shares his background in cybersecurity and what he does now in his career. [2:08] - In 2017, Mark experienced a SIM swap scam. [5:30] - He used his anger and paranoia to help develop Efani, a cybersecurity focused mobile service. [8:51] - When you get SIM swapped and the carrier recognizes that you’ve been attacked, they go into liability protection mode. [11:16] - Mark shares some of the details of what happened in his experience and explains that he still doesn’t know if he was specifically targeted. [14:00] - Through fraud, scammers can actually become resellers. [17:27] - SIM swapping started as a way to target and harass celebrities. [20:52] - Once scammers have information, they can get into many different accounts because people tend to use the same passwords. [23:14] - Everybody’s information is floating out there. Data breaches give scammers and fraudsters access to so much. [24:19] - Mark describes what you will see on your phone from your end when a SIM swap scam has occurred. [28:42] - Efani is a mobile service provider. Mark explains how they are different. [31:28] - With a $5 million insurance policy, Efani does everything possible to protect it. [34:54] - Efani is extremely busy because there are so many cases of this problem. [37:07] - When you give a carrier your social security number to open an account, you are essentially opening a credit account. [39:58] - Unfortunately, many people don’t know about this type of scam. It is a silently growing trend. [42:08] - With Efani, mobile carriers are never given a customer’s information. [45:45] - Mark tends to live on the paranoid side after being a victim of this type of scam. He shares what he does when he travels. [49:05] - Using a VPN while traveling is a great idea to help protect yourself. [51:44] - Right now, Efani has a promo code you can use for your plan just for Easy Prey listeners: Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31681497

The Problem with Not Reporting Scams with Kathy Stokes 06/12/2024

The Problem with Not Reporting Scams with Kathy Stokes Many assume that scammers just target the more mature in age, but they go after everyone. Younger people who may have been manipulated may not have the same amount of money to lose, but that doesn’t mean they aren’t being targeted. Today’s guest is Kathy Stokes. Kathy is the Director of Fraud Prevention Programs with AARP. She leads the AARP social mission work to educate older adults on the risks that fraud represents to their financial security. She currently serves on the advisory council to the Board of International Association of Financial Crimes Investigators and on the advisory council to the Senior Issues Committee of the North American Securities Administrators Association. Show Notes: [1:02] - Kathy shares her background, what she does at AARP, and what AARP actually is. [3:50] - AARP has had a Fraud Watch Network for a while, but its current form is different from years past. [5:29] - There is a concerted effort to bring the generations together to educate others in the community. [7:26] - It is a common misconception that older people are targeted more often than other age groups. [10:38] - The biggest barrier is something that is beginning to break down. It’s the shame and victim blaming. We are at a turning point. [12:50] - Unfortunately, police officers are not able to do much for financial crimes, but it is still important to report them. [16:01] - Most scams are considered “low ticket” items, even if it is several thousand dollars and that’s all you have. [18:08] - AARP has a resource for how to talk about scams with family members who have been a victim of a scam. [20:50] - Rewording how we talk to and about victims of scams is changing. [24:23] - You have to have a strong and unique password for literally everything. [25:27] - Even just one extra layer of protection in the form of two-factor authentication is helpful. [28:10] - No one will ever ask you for an authentication code over the phone. [30:20] - There’s got to be something we can do as a society to help victims with the money they’ve lost. [32:48] - We cannot trust incoming communication, including calls, emails, and texts. [36:45] - Education and continuing to talk about this will help keep the trend of less victim shaming going. [39:30] - Victims can change the verbiage as well. Report the scam and file a police report. [41:29] - You can and should also report scams you know about even if you did not experience a loss. [43:10] - A number to use to reach the Fraud Watch Network is 877-908-3360. [48:09] - If someone you know has been a victim of a scam, don’t get mad at them for “falling for it,” get mad that this was done to them. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31653702

The Difference Between Fraud and Scams with Uri Rivner 06/05/2024

The Difference Between Fraud and Scams with Uri Rivner Moving money has never been easier. We no longer need to go into a bank, fill out a slip, and hand it to a teller to receive our money. We can now transfer money instantly. Scammers are taking advantage of unfamiliar technology to either hack in and take our money or to deceive you into sending it to them yourself. Deciding if the bank is responsible for the loss is becoming more and more of a conversation. Today’s guest is Uri Rivner. Uri has been fighting financial crime for 20 years working closely with the world’s largest banks on developing strategies against online fraud and scams. Prior to founding Refine Intelligence, Uri was co-founder and Chief Cyber Officer at BioCatch, the global leader in behavioral biometrics for fraud detection. Earlier, Uri served as Head of New Technologies at RSA. Innovations Uri spearheaded, such as risk-based authentication, are now saving the industry billions of dollars each year in fraud. Show Notes: [1:19] - Uri shares his background in fighting fraud for the last 20 years. [3:43] - The companies Uri has worked for, founded, and co-founded work with banks and financial institutions to help protect against fraud. [5:10] - In a fraud situation, people are tricked through social engineering to hand over their information, but the fraudsters move the money. [6:41] - Fraud is unauthorized. A scam is an authorized payment. [7:39] - Uri describes some of the history of frauds changing over to scams. [10:42] - Although there’s a difference between fraud and scams, the lines can be blurred. [14:10] - Remote access malware became a real problem. [17:13] - What are the differences between how the banks handle fraud and how they handle scams? [19:08] - Banks can look at data and account action to determine if a criminal moved money or if the victim did it for them. [20:36] - It is much more difficult for banks to detect scams. [23:29] - If banks see something unusual, they typically reach out to the customer to hear the reason. This doesn’t always work due to social engineering. [28:13] - Engaging customers is tricky because people don’t typically answer the phone or criminals are coaching the victim through what to say. [30:17] - This year, in the UK, banks will be held liable. [33:17] - By design, banks are supposed to know their customers. But that’s not the case these days. [36:48] - For banks, it is harder now to connect with customers to find out exactly what happened. [39:31] - Uri explains what happened with the US introduction of instant money transfers through Zelle. [41:50] - There is an increase in Zelle scams, but banks were able to offer some support and reimbursement. [43:59] - Scams are the most effective tools criminals have. [46:45] - Uri describes what we can look out for and how to best prepare ourselves to prevent scams. [49:19] - When money is moved from a bank account, it is the end of a chain of events that led to it. What is the responsibility of the platform that transferred it? Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31578832

Sex Trafficking and Murder on the Road with Frank Figliuzzi 05/29/2024

Sex Trafficking and Murder on the Road with Frank Figliuzzi It sounds like an episode straight out of Criminal Minds. The FBI’s Highway Serial Killers initiative hunts for long-haul truckers behind at least 850 murders of mostly female sex trafficking victims along our nation’s highways. Today’s guest is Frank Figliuzzi. Frank was the FBI’s Assistant Director over Counterintelligence. He served 25 years as an FBI Special Agent in assignments across the country. As the head of all espionage investigations, Frank frequently briefed the White House, the DNI, and the Attorney General. For the past seven years, Frank has been a national security analyst for NBC News and MSNBC. He’s the author of a national bestseller, , and now . Show Notes: [1:30] - Frank shares his background and what his role was in the FBI for 25 years. [3:52] - His most recent book is and is about the FBI’s Highway Serial Killers initiative. [5:57] - These cases go back several decades and remain unsolved. [7:13] - Trucking is a crucial part of our society, but there are different types of truckers and some are more likely to commit crime. [9:12] - The success of the initiative really relies on local police departments. [11:13] - Frank describes some of the things he learned from experts in street-level human trafficking. [14:27] - Frank gives examples of some of the things he did for research. [15:53] - The type of trucker that Frank is most concerned about are the ones with very little interaction with other people. [17:21] - There is more security and tracking of truckers in more corporate organizations. [18:44] - The corporate job is less attractive to someone who is motivated to commit crime. [20:03] - Frank was amazed at how high tech trucking is these days and the brains needed to understand it all. [23:03] - Frank describes his experience as he shadowed a trucker and immersed himself in the lifestyle. [26:43] - The number one profession for serial killers is a trucker. What is it about the job? Does it attract killers or make killers? [29:17] - Most people think that people they know would never be a victim of a crime like this. [31:06] - Human trafficking is most commonly initiated by someone the victim knows. [32:56] - Get rid of the notion that this can’t happen to your family. That’s dangerous in and of itself because you’ll never see it coming. [34:40] - Connecting with potential victims has moved online. [37:57] - Trafficking victims are often victimized more and treated like criminals themselves. [40:01] - What are the similarities between crime scenes in many of these cases? [42:42] - The 850 unsolved cases only account for the ones that are known. [43:46] - There is an organization called Truckers Against Trafficking (T.A.T.). Frank explains what they do and how they help. [46:48] - Technological advances are making a huge difference, particularly in DNA. [49:19] - These crime scenes are the worst Frank has ever seen even after his 25 years in law enforcement. [52:40] - Sometimes, a victim’s name is not known for many years if at all. It is hard to track the solve-rate of these crimes. [55:12] - There are DNA testing organizations that work with police departments. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31481117

Next Gen Romance Scams with Anna Rowe 05/22/2024

Next Gen Romance Scams with Anna Rowe Scammers have gone from postal mail and faxes to email and phone calls where you never see the person, but now with AI, you can even have a live video call that seems completely real with deep fake technology. It’s no longer safe to just see a person, but there are other things you can do to know if you’re communicating with the individual they claim to be. Today’s guest is Anna Rowe. Anna is the founder of Catch the Catfish and co-founder of LoveSaid. She is a Subject Matter Expert in Romance Fraud and Victim Support. Show Notes: [0:55] - Anna shares her background as a teacher and describes how she was catfished in 2015. [2:52] - How can you make genuine informed consent when someone is deceiving you at that level? [3:45] - A therapist’s suggestion of researching narcissists and psychopaths started her healing journey. [5:35] - Anna learned that this type of scam commonly comes from West Africa and the scammers are known as Yahoo Boys. [7:44] - Romance fraud can be in person, like with Anna’s experience. But there are romance scams that are online only. [9:32] - It is common for romance scammers to also be perpetrating other types of fraud at the same time. [11:44] - Pig butchering includes another problem, where scammers themselves are also trafficked. [13:59] - A lot of victims don’t realize they are interacting with a scammer for a long time because they aren’t asking for money. [17:51] - In years past, Photoshopping an image to appear realistic wasn’t as easy as it is now with AI. [19:26] - Blending a new face onto an existing photo can even be used in video. [21:15] - Voice cloning is also often used and apps to do this are free. [24:24] - Deep fake scammers use content on social media stories and live streams to record long pieces of video. [26:20] - This technology is improving quickly, but Anna shares some of the ways you can tell if something is a deep fake. [28:51] - There are simple things to check on profiles that you can notice as red flags before getting involved with someone. [33:01] - Scammers also really like using cryptocurrency because it is unregulated. [34:14] - Scammers build a reality typically by using the 5 C’s of reasons why their spouse is gone. [37:30] - There are different strategies to look for certain things as you “become your own detective” on various social media platforms. [40:57] - When scammers know that you are “onto them” they know what they can change. [43:36] - Every decision a scammer makes is premeditated. [46:50] - Scammers will keep you hooked and space away from them could get you in a space of trusting your gut. [53:32] - Reverse image searches are extremely helpful. [57:50] - Anna describes some of the ways she was able to determine what her scammer was doing. [61:10] - Anna was put into an open relationship without her consent. [63:05] - Future faking is common in narcissists and psychopaths. [64:26] - These scams are really damaging and it is important to not use victim shaming language when discussing it. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31406487

Challenges of Employee Onboarding and Offboarding with Craig Davies 05/15/2024

Challenges of Employee Onboarding and Offboarding with Craig Davies Many years ago, people chose to stay with the same employer for decades. Today, employees are changing jobs more regularly. Each company needs to have processes in place allowing access to systems needed to do their jobs, but there’s also a risk of when they leave that they may still have access to certain programs. Today’s guest is Craig Davies. Craig started in banking, holding many roles including CSO. As the CISO and the Executive Director of Gathid Ltd., he is passionate about helping organizations strengthen access management without completely overhauling their people, processes, physical infrastructure, and technology. Craig has spent more than 25 years in cybersecurity working with infrastructure operations, security architecture and software, web development and operations. He was the first CEO of Ost Cyber and at Atlassian he helped develop the security program for all aspects of their business, including security, cloud operations and protection. Show Notes: [1:32] - Craig shares his background and what his roles are at Gathid. [4:52] - When bringing on new employees, there are several front-end issues that a company and employee can face. [6:22] - It can be really frustrating for a new employee when there are so many different programs to learn and manage. [8:18] - We have to think about the employee’s journey. [10:59] - In many cases, new employees receive a ton of access without learning the process during onboarding. [11:49] - Offboarding can be a nightmare because we don’t always think about all the things that are connected. [15:26] - We need to protect the person who is leaving. [18:06] - One of the challenges is knowing who should be responsible. [19:12] - There needs to be a list of all the programs and systems that an employee may have access to. [21:17] - Offboarding is not typically a priority but not focusing on it can be a huge risk. [24:43] - Smart use of control is important especially in onboarding and offboarding. [27:26] - Working remotely makes systems and access even trickier. [29:39] - There is a reason the large companies have large systems. [31:50] - Every company has the same problems. The ones that have a process in place have likely experienced a crisis. [34:57] - What are the challenges to the new ways of working post-pandemic? [36:26] - You can’t get rid of risk, but you can manage it. [44:50] - These processes all start with a conversation. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/31175992

5 Common Uses of Synthetic IDs with Stuart Wells 05/08/2024

5 Common Uses of Synthetic IDs with Stuart Wells There are entire communities set up to fight fraud that use synthetic IDs as well as scammer gangs that are advancing their creative ways to use these documents. This is changing regularly as biometric authentication advances continue. Today’s guest is Stuart Wells. Stuart is the CTO of Jumio and is responsible for all aspects of Jumio’s innovation, machine learning, and engineering. He is an industry veteran with more than 30 years of tech experience. He was previously the Chief Product and Technology Officer at FICO, and held executive positions at Avaya and Sun Microsystems. Show Notes: [1:18] - Stuart shares his background and what he does at Jumio as the Chief Technology Officer. [3:20] - The science behind document protection is literally decades old. [5:06] - Stuart describes the process of verifying a document at Jumio. [5:57] - What are the practical uses of synthetic IDs? [7:39] - There are large volumes of both fraudulent and honest individuals creating and using synthetic IDs. [9:25] - A lot of businesses are seeking verification from places like Jumio to protect themselves and their reputation. [11:49] - Biometrics as a tool to use against fraudsters has grown globally. [13:54] - Biometrics are very useful, but there are challenges. [15:31] - Stuart shares a recent story about a fake video interaction that cost the victim millions of dollars. [17:37] - At this point in the technology’s development, there are some signs of deep fakes that we can spot. [19:03] - How can this negatively impact an individual? [20:18] - Listen to your inner voice and check with another source before sending money. [22:52] - You don’t have to be a programmer to use these tools. The creators have made them easy to use and people are using them to do harm. [25:46] - The early versions of deep fake technology had a lot of easy-to-see abnormalities, but they are getting tougher to spot. [27:26] - Although these negative impacts are concerning, there is some excitement about the positive uses of these advances. [32:07] - What direction is verification headed when it comes to biometrics? [33:54] - Documents have anatomy and security measures in place. [36:43] - Most security systems are layered. [40:00] - This landscape is continuously changing. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/30932703

Vantage Travel Bankruptcy with Michelle Couch Friedman 05/01/2024

Vantage Travel Bankruptcy with Michelle Couch Friedman Imagine booking a vacation only to find out that the company files for bankruptcy a week later. As a consumer, would you know what your rights are? There’s a big difference between travel insurance and travel protection. One can leave you with no way to get your money back. Today’s guest is Michelle Couch Friedman. Michelle is the founder and CEO of Consumer Rescue. She is an experienced consumer reporter, advocate, mediator, author, and licensed psychotherapist. Michelle has also been a columnist, contributing editor, and former executive director for Elliott Advocacy, a non-profit organization dedicated to consumer advocacy. Show Notes: [1:02] - Michelle shares her background and what she does through Consumer Rescue. [5:00] - The only way to get money back from a bankrupt company is through your credit card company if you paid with one, or if you have travel insurance. [6:36] - Right before announcing their bankruptcy, Vantage did a “sales blitz” and offered great deals to loyal customers, knowing that they wouldn’t deliver. [9:49] - Vantage was unique in that it had been a successful business for 40 years and had a loyal customer base. [12:44] - Looking back at the way Vantage behaved after the pandemic, there were some red flags. [15:43] - Michelle explains the difference between travel insurance and travel protection. [17:36] - Travel insurance should be purchased away from the company taking you on the trip. [19:47] - Make sure you can find a clause somewhere that says you are protected against the insolvency of the tour operator with or without bankruptcy. [22:10] - If the tour operator is not able to deliver, you could file a credit card dispute. But there are some limitations. [26:04] - You should always pay with credit cards. Don’t be tempted by discounts offered with bank transfers. [31:21] - The average age of Vantage Travel clientele was older and scammers took advantage of their vulnerability. [33:10] - When filing claims and filling out forms, personal information makes its way to scammers on a “victim list.” [36:09] - Cryptocurrency is a red flag in cases like this as well. [38:41] - There is some information you can find by contacting the court in the jurisdiction of the bankrupt company. [41:53] - A company bought Vantage Travel’s customer list and had all of their contact information. [43:57] - In order to protect yourself, even if you have full trust in the company, do research and find red flags and reports. [46:26] - Never pay with a bank transfer, even if they offer a discount. [50:40] - Make sure the travel insurance policy protects against insolvency, not just bankruptcy. [53:34] - Michelle shares how to reach Consumer Rescue and what services they provide for free. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources: /episode/index/show/easyprey/id/30748103

Easy Prey

TOPICS