Easy Prey
Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim.
info_outline
Elder Exploitation
05/06/2026
Elder Exploitation
Aging parents often rely on the people closest to them for help, but what happens when that help becomes a way to take control? For Charles Wallace, the warning signs started small. His mother’s fridge was suddenly overfilled. A caregiver refused to provide receipts. Spending patterns began to shift in ways that did not make sense. At the time, each concern could be explained away. Looking back, they were part of something much larger. Charles spent 15 years in banking and finance, and after his mother’s death, he used that experience to reconstruct more than 3,000 transactions. What he found was a devastating pattern of elder financial abuse involving a professional caregiver, nearly a million dollars in losses, missing belongings, questionable legal changes, and systems that failed to respond when the red flags were already there. This conversation is both personal and practical. Charles shares the story behind his book, The Caregiver’s Game, while also explaining what families can do differently when hiring caregivers, monitoring finances, protecting valuables, and watching for subtle signs of manipulation. It is a difficult story, but an important one for anyone with aging parents, vulnerable relatives, or concerns about how easily trust can be weaponized. Show Notes: [01:06] Charles Wallace explains how his background in IT, project management, banking, healthcare, and application development later shaped the way he investigated his mother’s case. [04:23] A neurology appointment became a turning point when the caregiver observed the cognitive testing and likely understood the seriousness of the results. [07:18] After his mother’s death, the family learned about a new will and an annuity that could have paid the caregiver roughly half a million dollars. [10:31] Looking back, Charles reflects on trusting the broker, CPA, and other professionals to watch out for his mother, not realizing how much could still slip through. [12:49] Credit card activity told a larger story, with spending spreading across the county in ways that did not match his mother’s habits. [15:05] Over three years, the caregiver billed for 24-hour care, seven days a week, despite having no credentials. [18:22] Once the bank and credit card statements were finally available, the changes in spending habits were obvious. [21:38] The conversation turns to how banks, CPAs, and families might better monitor accounts by looking beyond total spending and watching detailed patterns. [24:52] Hiring a caregiver outside an agency is identified as a major risk factor, especially when the caregiver is unlicensed and approaches the older adult directly. [28:42] After the annuity payout was blocked, later emails and property activity left Charles with unresolved questions about what really happened next. [31:48] Families can reduce risk by hiring caregivers through an agency and making sure they retain the authority to hire and fire. [34:47] Removing valuables, keeping a mental inventory, and noticing when belongings disappear can help families catch problems sooner. [37:46] Charles points to possible improvements such as caregiver registries, fingerprinting, and stronger systems to protect older adults from financial exploitation. [38:26] The Caregiver’s Game offers a forensic look at elder financial abuse and the daily warning signs families may miss until it is too late. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/41075805
info_outline
Art Heists
04/29/2026
Art Heists
The world of art theft looks glamorous in the movies, but the reality is far more complicated. From multi-million dollar forgery schemes to undercover FBI operations recovering stolen national treasures, art crime is a global industry hiding in plain sight. This conversation digs into how these crimes actually play out and why the people who pull them off often end up stuck with the very pieces they thought would make them rich. My guest today is Robert Wittman, a former FBI special agent and the founder of the FBI’s Art Crime Team. Over a 20-year career, he worked undercover in more than 20 countries and helped recover over $300 million in stolen art and cultural property. He’s also the author of Priceless, where he shares stories from those investigations and what really goes on behind the scenes. We discuss the movie version of art crime and how it actually works. Whitman explains why most stolen masterpieces are nearly impossible to sell, how insider access plays a role in many museum thefts, and why forgery and fraud now make up the bulk of the market. There’s also a practical side to it. Whether it’s fine art, prints, or even sports memorabilia, the same patterns show up again and again. People trust the wrong details, skip the research, and get pulled in by what feels like a deal. The takeaway is pretty straightforward. Slow down, check what you’re buying, and don’t assume something is real just because the story sounds convincing. Show Notes: [01:06] Robert Wittman introduces his FBI career and explains how he founded the Art Crime Team, leading investigations across 20 countries and recovering over $300 million in stolen art. [04:01] He shares how he ended up in art crime almost by accident, getting assigned museum theft cases early in his career when no one else wanted them. [07:00] We get a breakdown of the art crime industry, including how much of it is driven by forgery and fraud versus outright theft. [10:00] Whitman explains why stolen high-value artwork is extremely difficult to sell and often becomes a liability for the criminals who take it. [13:43] A reality check on museum security, comparing Hollywood portrayals to how thefts actually happen in the U.S. and abroad. [16:18] The conversation shifts to jewelry theft and why stolen gems are far easier to break down and resell than famous works of art. [19:19] He walks through a major forgery case involving a well-known New York gallery that unknowingly sold millions of dollars in fake paintings. [22:55] Practical advice for everyday buyers on how to avoid getting scammed when purchasing art or collectibles online. [26:34] One of the most fascinating recoveries: an original copy of the Bill of Rights stolen in the 1800s and tracked down over a century later. [30:20] A much smaller but equally interesting case involving ancient cylinder seals and how they were unknowingly brought back from Iraq. [32:30] The risks in the sports memorabilia market, including widespread forgery and why authentication matters more than ever. [35:37] Final advice on protecting yourself as both a buyer and seller by doing basic research and understanding the true value of what you have. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40559260
info_outline
The Power of Prediction
04/22/2026
The Power of Prediction
We make predictions all the time including about the weather, about traffic, about what someone is going to say next. It feels natural, even rational. But when algorithms start making predictions about us, whether we'll repay a loan, reoffend after prison, or respond to a medical treatment, something fundamental shifts. The forecast stops being a guess and starts becoming a verdict. My guest today is Carissa Veliz, a philosopher and associate professor at the University of Oxford, where she also researches at the Oxford Internet Institute. Her work focuses on the ethics of technology, privacy, and artificial intelligence, and she advises companies and governments around the world on these issues. She's the author of the widely acclaimed book Privacy is Power, The Ethics of Privacy and Surveillance, and her new book, Prophecy: Prediction, Power, and the Fight for the Future, from Ancient Oracles to AI, is out now. We talk about how the role of prophet has simply changed costumes throughout history from oracles and astrologers to economists and now tech executives and why that matters more than most people realize. Carissa explains how predictions about human beings are fundamentally different from predictions about the weather, why so many AI-driven forecasts are closer to commands than hypotheses, and what it actually looks like to take back your agency in a world increasingly shaped by algorithms. Show Notes: [01:13] Carissa Veliz shares her background in philosophy, ethics, and advising companies and governments on technology and data. [02:35] She explains how prediction has existed throughout human history, from survival instincts to ancient prophecy. [03:49] The role of “prophets” evolves over time—from oracles and astrologers to economists, data scientists, and tech leaders. [07:05] Predictions about people differ from predictions about nature because they can influence outcomes and become self-fulfilling. [07:55] Many modern predictions, especially from tech leaders, function more like commands than neutral observations. [10:13] Carissa outlines key questions to ask when evaluating any prediction, including who benefits if it comes true. [10:13] She argues society has been overly naive about predictions, often mistaking power plays for objective knowledge. [14:18] AI systems are designed to please users, which can conflict with truth-seeking and scientific rigor. [14:54] Growing superstitions around AI include attributing agency, intention, or even spirituality to algorithms. [15:47] People begin trying to “please the algorithm,” creating a modern version of superstition in digital systems. [19:55] The lack of regulation in AI places the burden of understanding risks entirely on individuals. [19:55] Carissa argues the real issue isn’t just bias, but whether predictions about people should be used at all. [24:49] Insurance shifts from pooling risk across populations to targeting individuals, increasing inequality and personal burden. [27:02] Self-fulfilling prophecies in medicine and decision-making can hide their own failures by erasing alternative outcomes. [30:25] Predictive systems risk limiting human potential by filtering out those who don’t fit expected patterns. [30:25] Society thrives when individuals can defy expectations, something prediction-heavy systems may suppress. [35:21] Algorithms reduce exposure to randomness, while real-world interactions create unexpected opportunities and insight. [36:11] Over-reliance on AI can replace human relationships and narrow life experiences. [36:11] Carissa reframes uncertainty as a positive force that enables freedom, choice, and democratic possibility. [36:11] She encourages treating predictions as possibilities to question—not instructions to follow. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40869135
info_outline
Privacy vs Reality
04/15/2026
Privacy vs Reality
Online security advice often sounds simple until you actually try to follow it. Between password managers, privacy settings, and data brokers, protecting yourself can start to feel like a full-time job. That gap between what sounds easy and what’s actually realistic is where a lot of people get stuck. My guest today is Yael Grauer, a freelance investigative technology reporter who covers privacy, security, digital freedom, hacking, and mass surveillance. She also works as a program manager of cybersecurity research at Consumer Reports, where she manages Security Planner, a free resource that provides customized guidance to help people stay safe online. We discuss what actually matters when it comes to protecting yourself, why so much of the responsibility ends up on individuals, and how to approach security in a way that’s realistic. She explains where the biggest risks tend to come from, what people often overlook, and how to make practical decisions without turning it into something that takes over your time. Show Notes: [01:02] Yael explains her role at Consumer Reports and how she moved from investigative reporting into security and privacy work. [04:26] Long lists of security steps can overwhelm people, often leading to inaction. [06:52] Real progress requires pressure on companies and policymakers, not just individuals. [09:41] Security advice quickly becomes outdated as platforms and settings constantly change. [12:34] App permissions and privacy settings are often confusing and inconsistent across platforms. [16:30] Panic and stress can make even simple security decisions harder in the moment. [19:50] A practical approach is focusing on the risks most likely to affect you first. [20:19] Media and pop culture create unrealistic expectations about hacking and surveillance. [25:22] Yael shares personal examples of falling for phishing attempts despite her expertise. [27:30] Timing and context can make anyone vulnerable, even those who understand the risks. [30:00] The way you pay matters, with credit cards offering better protection in many cases. [33:24] Social media platforms often fail to respond effectively to compromised accounts. [36:27] Concerns about surveillance often center on location tracking and shared data. [39:38] Tools meant for serious crimes can gradually be used for less critical enforcement. [43:15] Clear, readable privacy policies help people make informed decisions about their data. [45:08] Privacy isn’t gone, but maintaining it requires ongoing effort and awareness. [47:20] Data broker opt-out tools show progress, though they don’t fully solve the problem. [52:00] Different state laws create inconsistent protections and added complexity. [55:13] Final advice focuses on taking small, practical steps instead of trying to do everything at once. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40558605
info_outline
Wired to Trust
04/08/2026
Wired to Trust
It’s easy to think scams only work when someone misses something obvious. In reality, most of them don’t look obvious at the start. They show up as normal situations with just enough friction to notice, but not enough to stop. That small gap is where people tend to move forward instead of stepping back. My guest today is Tali Sharot, a cognitive neuroscientist who studies how we form beliefs and make decisions. She’s known for her research on the neural basis of human optimism, and her work has been published in leading journals. In her books, The Optimism Bias and The Science of Optimism, she explains why we expect things to work out and how that tendency can quietly expose us to risk. We discuss what’s happening in those in-between moments, why a situation can feel slightly off and still seem reasonable enough to continue, and how past experience lowers our guard without us noticing. We also look at that brief internal hesitation people tend to override, and why it’s often the most useful signal they have. By the time something clearly crosses the line, the decision has usually already been made. Show Notes: [01:14] Tali explains her background as a cognitive neuroscientist and how her work blends psychology, brain science, and behavior. [01:48] Her interest in the field began with a simple question about how the brain drives thoughts, emotions, and actions. [03:00] She shares a personal story about renting out her apartment that turned into a scam. [04:30] Early warning signs show up right away, including unusual requests and meeting conditions. [05:30] Despite noticing those signals, she moves forward and hands over the keys. [08:43] Looking back, she explains how she rationalized each red flag instead of acting on it. [10:02] That uneasy gut feeling is often based on real information your brain is processing quickly. [11:40] Repeated positive experiences can lower your guard and make risky situations feel familiar. [12:30] The “truth bias” leads people to assume others are being honest unless something clearly proves otherwise. [14:00] There’s often a gap between what you feel in the moment and how you explain it afterward. [17:45] The emotional impact of being scammed can linger long after the financial loss is resolved. [20:47] The brain constantly predicts what should happen next and reacts when something doesn’t fit. [21:30] Subtle cues like timing, tone, and facial expression can signal deception without you realizing it. [24:58] Repetition makes scammers more convincing by smoothing out inconsistencies in their story. [26:18] Online communication removes many of the signals people rely on to judge trustworthiness. [27:59] Setting simple personal rules can help you avoid engaging with common scam tactics. [31:00] People are more vulnerable when they want something to be true, especially in relationships or opportunities. [34:30] Even basic checks, like verifying an email address, can stop many scams early. [36:43] A lot of scams succeed because people don’t pause long enough to look closely. [38:19] Familiar situations lead to less attention over time, making it easier to miss important details. s on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40558125
info_outline
Intimate Partner Fraud
04/01/2026
Intimate Partner Fraud
Most scams leave a digital trail. A fake email, a spoofed number, a fraudulent website. You can trace them, report them, sometimes even reverse them. But what happens when the scam has no digital trail at all, because it isn't happening on a screen? What happens when the con is standing right in front of you, making you laugh, meeting your friends, and planning a future with you? My guest today is Tracy Hall. She's an author, keynote speaker, and senior marketing executive with over 25 years at some of the world's most recognizable tech companies including eBay, Virgin, GoDaddy, and Afterpay. She is sharp, successful, and by every measure, exactly the kind of person you'd assume would see it coming. She didn't. And neither would you. In 2017, Tracy woke up to a Crime Stoppers video of an unidentified man being arrested outside a Sydney apartment. That man was her boyfriend of 18 months. Except he wasn't who she thought he was. The man she knew as Max Tevita a Bondi surfer, a finance executive, the person she was building a life with was actually Hamish McLaren, Australia's most infamous conman, a man who had been running long game cons for thirty years across multiple countries, stealing somewhere between eighty and a hundred million dollars from victims around the world. Tracy was his last victim before his arrest. He had stolen her entire life savings of $317,000 and far more than that. This is a story about what happens when the scam isn't a phishing email. It's a relationship. And it will change the way you think about trust, manipulation, and what any of us are actually capable of missing. Show Notes: [1:03] With 25 years as a senior marketing executive behind her, Tracy shares how a year after separating from her husband she began online dating, where she met a man calling himself Max Tevita. [3:25] Presenting himself as a Bondi surfer and chief investment officer, Max spent 18 months slowly and methodically guiding Tracy to invest her entire life savings with him. [5:55] A crime stoppers video changed everything. The man Tracy knew as her boyfriend was actually Hamish McLaren, a professional conman who had been defrauding victims globally for 30 years and stealing an estimated $80 to $100 million. [7:36] A masterful shapeshifter, McLaren adjusted his persona in real time based on Tracy's reactions, including quietly getting rid of his five cars after she called him out on it. [9:54] Tracy breaks down the psychological mechanics of the con, including similarity bias, mirroring, and how McLaren constructed a character she was essentially telling him she wanted. [11:05] Through elaborate "movie sets and scenes," McLaren built layers of authority and confirmation bias over 18 months, making investing her life savings with him feel completely logical. [14:21] Some moments only made sense in hindsight, including a childhood friend accidentally calling McLaren by his nickname "Ham Bone" and his instant, convincing cover story on the spot. [18:22] Humans default to truth, and Tracy explains how that biological wiring makes us uniquely vulnerable to manipulation, especially around emotionally charged stories. [19:29] Every victim got their own version of McLaren barrister, triathlete, business strategist as Tracy describes meeting others who had each been conned by an entirely different character. [22:53] Learning to trust other people wasn't the hard part. Tracy reflects on why rebuilding faith in her own judgment was far more difficult, and how shame dominated the aftermath. [25:21] Through professional help and a conscious daily decision not to let McLaren turn her into a cynical person, Tracy describes how she slowly rebuilt both her finances and her sense of self. [27:05] Understanding the psychology behind scams, cognitive biases, invisible contracts of trust, emotional exploitation is the best defense we have, and Tracy breaks down exactly how it works. [31:33] The medium may be different, but the tactics aren't — Tracy draws striking parallels between her in-person experience and digital romance baiting scams, showing how the emotional manipulation is nearly identical. [34:00] There is no demographic, age group, or intelligence level that is immune. Tracy makes the case that scammers hunt for vulnerability, and at the right moment, we are all soft targets. [36:12] By subtly discouraging Tracy from socializing with friends, McLaren was limiting outside scrutiny and Tracy explains why getting a new partner in front of your personal network as quickly as possible is one of the most important protective steps you can take. [40:24] No digital footprint is a major red flag. Tracy outlines key warning signs to watch for and recommends reverse image searches as a basic but powerful verification step when meeting someone new. [42:08] Every single time Tracy speaks publicly, someone approaches her afterwards with a story they have never told anyone a reminder that silence is exactly what these criminals depend on to keep operating. [43:45] Now fully dedicated to education and awareness, Tracy introduces her memoir The Last Victim and explains how she has channeled her experience into a mission to help others recognize and recover from fraud. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40416235
info_outline
Identity without Passwords
03/25/2026
Identity without Passwords
Every day, employees at hotels, restaurants, and resorts across the country are doing exactly what they were hired to do: being warm, responsive, and eager to help. It's what makes hospitality work. It's also what makes hospitality one of the most targeted industries in cybersecurity. When your entire workforce is trained to say yes, teaching them to be suspicious is an uphill battle. The smarter solution might be to take the target off their backs entirely. Jasson Casey is the co-founder and CEO of Beyond Identity, a company built around one idea: making identity-based attacks impossible. With over 20 years of experience designing large-scale security infrastructure for global enterprises and carriers, Jasson has spent his career thinking about what happens when stolen credentials open doors they never should have. Beyond Identity's answer isn't better passwords or more authentication hoops, it's eliminating the credential that can be stolen in the first place. Josh Johansen is the Director of IT Systems and Technology at Brandt Hospitality Group, an owner, operator, and developer of hotels under brands including Marriott, Hilton, Hyatt, and IHG. Josh came up through hotel operations, not a computer science program, and that background shapes how he thinks about security practically, from the floor up. He knows his workforce isn't looking to become cybersecurity experts. His job is to build systems that protect them anyway. We talk about why the hospitality industry is such a rich target for phishing attacks, and what happened when one of Josh's general managers nearly paid a fraudulent invoice because she couldn't log in without a password she no longer had. Jasson breaks down how device-bound passkeys work, why most consumer passkeys aren't nearly as secure as people think, and what separates a real security system from one that just looks like one. Josh shares the lessons learned from rolling out this technology across a multi-brand hotel portfolio including what he'd do differently and what it means for an industry still wrestling with shared logins, high turnover, and workers using four different brand systems before lunch. Show Notes: [3:05] A cyber insurance mandate pushes Brandt Hospitality Group to find an MFA solution, and complaints about authentication fatigue make the obvious options the Brandt partners are already using feel like the wrong fit. [4:03] After months of evaluating vendors and completing a full proof of concept, the leading candidate drops smaller accounts without warning, sending Josh back to square one and into a same-day demo with Beyond Identity. [5:09] Beyond Identity moves fast, puts together a rapid proof of concept, and earns the business. Josh describes meeting Jasson in person for the first time at BeyondCon shortly after signing on. [5:45] Hospitality is uniquely vulnerable to phishing attacks, and the industry's culture of helpfulness connects directly to the behaviors bad actors are counting on. [6:49] A general manager calls convinced she needs her password to pay an overdue vendor invoice. When she can't get a login prompt, the situation is recognized immediately as a phishing attempt she nearly fell for. [7:33] Reflecting on that moment, someone sharp and experienced nearly became a victim, and removing the password from the equation entirely turns out to be the real breakthrough. [9:05] The conversation turns to the limitations of cyber awareness training, and why even well-intentioned employees with heavy workloads cannot be expected to function as a reliable last line of defense. [11:13] Jasson describes how Beyond Identity works, using the analogy of a monkey in a jail cell to explain how a signing key stored in a secure hardware enclave can authenticate a user without ever leaving the device. [12:06] The concept of stealable credentials expands beyond passwords to include API tokens, session cookies, SSH keys, and anything else that can be copied and lifted from a system. [17:33] The discussion shifts to agentic identity and AI-driven workflows, with customers on opposite ends of the spectrum — some where agents make up the majority of their workforce, others who paused rollouts after discovering how easily prompt injections could expose sensitive data. [19:17] The biggest mistake organizations make going into a passkey rollout is diving in without a clear understanding of how their identity environment is actually configured and what that means when things don't behave as expected. [20:35] A lesson from their own deployment — initially limiting passkeys to senior staff and leaving line-level employees on passwords — makes clear that partial coverage leaves meaningful gaps. [22:58] Most organizations under active phishing load will experience an incident during a mid-deployment window, and that moment often becomes the event that accelerates full adoption. [24:33] The shared workstation challenge in hospitality comes into focus, along with how the device-bound passkey differs from the consumer versions employees may already be familiar with through Google or Facebook. [29:14] Jasson draws a clear line between consumer passkeys optimized for conversion and enterprise passkeys built for security, explaining how sync fabric trades credential protection for convenience in ways that matter in a corporate environment. [31:07] One enrolled device can cryptographically authorize the enrollment of another, allowing organizations to scale without moving keys or introducing new vulnerabilities. [33:33] The passkey model changes accountability inside a hotel operation — device-bound credentials and role-based access make it significantly harder for well-meaning managers to share login access with staff informally. [36:55] As the conversation wraps, a simple test is offered for evaluating any passkey system: if the passkey can move, it is not a security product. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40416035
info_outline
When Cybercrime Gets Personal
03/18/2026
When Cybercrime Gets Personal
Most security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage. My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and eBay, and she brings a distinctly mission-driven lens to the work, shaped equally by a career in business and a background as a Krav Maga instructor. Unit 221B operates less like a typical security vendor and more like a specialized investigative unit, with a team that includes tenured ransomware experts, incident responders, and former law enforcement, all focused on one outcome: criminal arrest. May has seen firsthand how ransomware gangs operate with their own codes of conduct, how a younger generation of cybercriminals is throwing those rules out entirely, and why paying a ransom is increasingly a bet that doesn't pay off. We talk about why social engineering has overtaken technical hacking as the dominant attack vector, what organizations and individuals should never do in the aftermath of a breach, and how crimes against children online often go unreported for the worst possible reasons. May also shares a story from her own experience being scammed on eBay, and what she did about it, which tells you everything you need to know about how she approaches this work. Show Notes: [1:28] May shares her background and how she came to lead Unit 221B, a threat disruption company serving enterprises, law enforcement, and government. [1:41] May traces her path into cybersecurity, explaining how a lifelong sense of justice and a friendship built through Krav Maga training led her to a team of investigators doing real criminal work. [5:55] May recounts being scammed while selling luxury shoes on eBay, describing how a fraudulent PayPal email convinced her the sale had failed after she had already shipped the item. [8:22] Rather than accepting the loss, May engaged the scammer directly, intercepted her own shipment through FedEx, and used a photoshopped payment screenshot to flip the situation on him. [11:36] The story ends with May recovering her shoes, followed by a candid note that this approach carries real risk and is not something she would recommend to others. [12:57] May outlines Unit 221B's core work, including criminal investigations, threat intelligence, pen testing, and incident response, all oriented toward federal prosecution and criminal arrest. [16:52] The evolving threat landscape, contrasting professional ransomware organizations that tend to honor agreements with a younger generation of cybercriminals who operate without limits. [18:44] May describes this younger criminal group in detail, noting members are predominantly 14 to 26 years old, English-speaking, and motivated as much by social status as financial gain. [21:49] May explains why wiping systems and restoring backups after a breach is one of the most damaging mistakes an organization can make, eliminating evidence and removing any path to prosecution. [23:04] She walks through Unit 221B's incident response process, covering digital forensics, insider threat identification, and determining who is behind an attack before advising on next steps. [26:32] May addresses the ransom payment question directly, recommending against paying as a default while acknowledging that knowing your adversary is essential to making the right call. [28:04] The discussion covers the legal and PR dimensions of a breach, including notification obligations and why some organizations choose to go public about what happened. [31:08] May pushes back on the perception that law enforcement doesn't help, explaining that federal agencies are understaffed and must prioritize cases, but are genuinely committed to the work. [34:08] The issue of victims deleting evidence before reporting, and how frequently this forecloses any possibility of investigation or prosecution. [34:55] The conversation turns to crimes targeting children, including sextortion, and why open dialogue between parents and kids is critical to getting victims to come forward before lasting harm is done. [37:18] May reflects on a keynote she gave at Harvard's Bold Conference for young women, describing the tension between advice to build an online presence and the real safety risks that come with it. [38:51] May shares practical security guidance for young people online, including being mindful of what appears in video backgrounds, using strong passwords, and enabling two-factor authentication. [40:35] May identifies AI-assisted attacks and social engineering as the two most significant forces reshaping the threat landscape, with technology now available to both attackers and defenders equally. [43:45] May describes Unit 221B's invite-only intelligence platform, which brings together top investigators, law enforcement, and private sector experts to collaborate and move cases forward. [45:10]Listeners can find Unit 221B at unit221b.com and on LinkedIn, and anyone facing a threat or needing guidance can reach out. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40365345
info_outline
Stopping Phone Scams
03/11/2026
Stopping Phone Scams
Phone scams get dismissed as background noise or just annoying interruptions and unknown numbers with robotic voices we learn to ignore. But behind that noise is an industry built on psychology, automation, and staggering profitability. My guest today is Alex Quilici. He’s an engineer, entrepreneur, and the CEO of YouMail, a company focused on protecting consumers and businesses from unwanted and fraudulent calls. Alex has spent years analyzing how robocalls and scam campaigns are designed, how they evolve, and why they continue to work despite better technology and increased awareness. What began as a voicemail platform shifted into fraud prevention after users unintentionally revealed a powerful truth that even small friction can disrupt scam operations. He shares how his own father got pulled into a tech support scam which cemented his mission to move beyond blocking calls and toward tracing and stopping scams closer to their source. We talk about how scam calls are engineered, the tactics that trigger panic and urgency, and how criminals use data breaches, AI tools, and impersonation to sound convincing. We also explore what’s changing, including fewer random calls, more targeted attacks, rising text and messaging scams, and the difficult balance between stopping fraud and allowing legitimate calls through. Alex shares practical ways consumers and businesses can reduce risk, along with a candid look at why this problem is so persistent and where it’s likely heading next. Show Notes: [2:23] Alex explains how YouMail shifted from a voicemail company into fraud prevention after noticing users using an out-of-service message to deter robocallers. [3:25] Discussion turns to robocall volume, with Alex estimating billions of calls per day and roughly five billion robocalls per month. [4:10] About half of all robocalls are unwanted, while the rest include legitimate reminders from doctors, hospitals, and financial institutions. [5:05] Alex notes that legitimate telemarketing still exists but is now heavily overshadowed by sketchy and scam-driven campaigns. [6:40] Scam calls have declined in raw volume, yet attackers are becoming more targeted and efficient. [7:15] Scammers increasingly pivot to texts, email, and messaging platforms where third-party blocking is harder. [9:27] Alex describes limited progress shutting down shady telemarketers but better success against large-scale illegal robocall operations. [11:05] Sense of urgency emerges as the dominant tactic, often involving fake charges, legal threats, or financial panic triggers. [13:10] Modern scams combine spoofed caller ID with breached personal data to create highly convincing impersonations. [16:27] Scammers are compared to extremely motivated marketers who rapidly adopt AI and optimization techniques. [17:30] The economics are startling, with scam campaigns generating enormous profits at extremely low cost per call. [18:44] Alex advises letting unexpected calls go to voicemail and returning calls through verified, official channels. [20:50] Panic-based bank account scams are highlighted as particularly dangerous because fear overrides logic. [23:19] Businesses are identified as vulnerable targets, especially through employees’ personal mobile phones. [31:52] Enforcement efforts are increasing, and Alex predicts stronger regulatory pressure over the coming year. [35:54] Impersonation scams tied to toll roads, DMVs, crypto, and romance schemes are flagged as growing threats. [38:19] A simple defensive principle is reinforced: pause, disengage, and verify independently before taking action. [41:44] Alex outlines YouMail’s call-screening approach, adding friction that blocks automated scam systems while allowing real callers through. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40241885
info_outline
Stolen Identity - Stolen Peace
03/04/2026
Stolen Identity - Stolen Peace
Identity theft gets talked about a lot, but usually in the abstract: freeze your credit, watch your statements, don't click suspicious links. What doesn't get talked about nearly enough is what it actually feels like when someone isn't just using your card number, but is actively living as you. My guest today is Brooklyn Lyons. She's 25, recently married, and by her own admission, had no particular expertise in fraud or cybersecurity before October of 2024. That changed when her car window was smashed in a parking lot, and her work bag, laptop, wallet, driver's license, and everything was gone by morning. What followed wasn't a quick nightmare with a clean ending. It stretched across months, multiple counties, a jail communication system, the dark web, and a wanted fugitive who dyed her hair to look more like the face on a stolen ID. Brooklyn didn't just sit with it. She pulled criminal records, reverse-searched phone numbers, tracked an inmate's transfers across four facilities, identified a suspect on her own, and eventually filed a civil lawsuit without an attorney. We talk about what it feels like when someone is pretending to be you, not just spending your money, but messaging people as you, signing up for accounts as you, building a life in your name. We also get into the specific steps she took to fight back, the tools she wishes she'd known about sooner, and what recovery actually looks like when the case isn't closed, and the person still hasn't been caught. Show Notes: [1:47] Brooklyn introduces herself as a 25-year-old from Texas with no prior experience in fraud or identity theft. [2:13] She describes moving to the DFW area after getting married in June 2024 and being aware of the high rate of car break-ins in the region. [3:32] Her car window is smashed overnight, and her work bag is stolen, containing her laptop, wallet, driver's license, and all her cards. [4:03] Brooklyn's immediate response is to freeze her credit with all three bureaus and cancel her cards within 10 to 15 minutes. [4:57] Despite locking everything down, her cards are maxed out, and a police report is filed with little follow-up from law enforcement. [5:12] A period of quiet follows before a letter arrives around Valentine's Day 2025 claiming she rented a U-Haul and never returned it. [5:48] Experian alerts her that her driver's license has been found on the dark web, arriving almost simultaneously with the U-Haul letter. [7:14] While checking USPS Informed Delivery for a wedding invitation, Brooklyn spots a certified letter from a county jail addressed to her with an inmate's name listed beneath hers. [8:28] She contacts the jail and discovers an inmate had listed her as his girlfriend when booked, requesting she pick up his belongings before a prison transfer. [9:53] Brooklyn looks up the inmate in the state conviction database and finds a record including identity theft, car burglary, organized crime, and credit card abuse of the elderly. [11:58] A jail investigator reveals that the inmate's girlfriend had created an account in Brooklyn's name using her driver's license photo, editing her own appearance to match Brooklyn's features. [14:02] Brooklyn traces the same pattern across multiple county jail facilities the inmate passed through, confirming the woman repeated the identity fraud at each one. [15:13] A detective confirms the woman has stolen or attempted to use 17 other identities, and that Brooklyn is the only one who has caught on so far. [16:52] Four police departments become involved, and Brooklyn begins coordinating with investigators across all of them through a shared email thread. [19:22] Pulling her credit report reveals phone numbers tied to the suspect, leading Brooklyn to discover PayPal accounts, Cash App profiles, and a Facebook page created in her name. [20:58] Brooklyn uses a PayPal password recovery prompt to identify the first three letters of the suspect's real name. [22:03] She requests all jail booking documents containing her name from every county involved and receives text message logs from one department. [22:33] Using a birthday and partial name found in the messages, Brooklyn searches mugshots.com and identifies the suspect herself, later getting vague confirmation from investigators. [24:38] Chris asks whether the suspect and inmate were in a relationship, and Brooklyn explains they appear to share a child and were trying to manage a custody situation. [27:57] Brooklyn investigates whether a Verizon phone number was tied to an account in her name and later finds the suspect's real email embedded in her electricity account profile. [29:27] Brooklyn details changing her driver's license four times throughout the ordeal and suspects the woman is using her information for utility accounts to avoid being found. [31:02] Two police departments issue arrest warrants for the suspect, but she remains at large and difficult to locate. [31:33] Brooklyn files a civil lawsuit on her own without an attorney, drafting the paperwork herself and submitting a known address for the suspect. [32:04] She drafts a settlement agreement requiring the suspect to delete all fraudulent accounts, send proof, and return her physical driver's license, emailing it directly to her. [33:12] The suspect signs the agreement but does not comply with any of its terms within the deadline Brooklyn set. [33:37] Brooklyn files a motion to enforce the settlement agreement, which has since been approved by the court. [36:58] Discussion turns to whether the original car break-in was connected to the couple, with Brooklyn expressing frustration that law enforcement never attempted to link the CVS footage to them. [38:14] Brooklyn reflects on how the situation became consuming, describing obsessive monitoring of jail systems, court records, and criminal databases at its peak. [39:18] She shifts toward healthier monitoring habits, including monthly credit pulls, USPS Informed Delivery checks, and identity protection subscriptions like Aura. [40:33] The emotional toll is discussed, including nightmares, anxiety, therapy, and the strange experience of seeing someone try to physically resemble her. [43:22] Brooklyn describes seeing light at the end of the tunnel, connecting her recovery to moving out of the area and reclaiming her sense of self. [46:13] She reflects on pride in handling most of the case herself and finding closure in knowing the suspect is now aware that Brooklyn knows everything. [48:03] Brooklyn expresses empathy for others who may not have the same access to legal knowledge or law enforcement relationships that helped her navigate the process. [49:14] Practical tips are shared, including USPS Informed Delivery, e-verify identity freezing, and the IRS identity theft PIN available during tax filing. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40176705
info_outline
Inside Modern Fraud
02/25/2026
Inside Modern Fraud
Fraud doesn’t always announce itself with obvious warning signs. Quite often, it shows up wrapped inside something that feels routine — a purchase you’ve made before, a link that looks legitimate, a message that arrives at just the wrong moment. Nothing feels suspicious, so your guard stays down. By the time questions start forming, the transaction is already done. My guest today is Iremar Brayner. He’s spent more than 15 years working in fraud prevention and risk management across payments, retail, ride-hailing, fintech, and digital marketplaces. In his role at G2A, he leads fraud strategy for one of the world’s largest digital entertainment platforms, where speed, approval rates, and loss prevention are constantly pulling against each other. We discuss why scams continue to work despite smarter tools, how “friendly fraud” complicates the picture, and why digital goods create very different risk patterns than traditional retail. We also get into automation, AI-driven decisions, and what it really looks like to manage fraud in real time. Show Notes: [1:36] Iremar shares how his career in fraud prevention began, moving from bank customer service into reviewing suspicious transactions. [2:45] He explains why he completed law school but chose not to become a lawyer, and how legal training shaped his understanding of fraud psychology. [4:10] Fraud is framed as an emotional event, with urgency, financial stress, and excitement often lowering a person’s defenses. [6:16] Digital marketplaces attract fraudsters due to low-cost items and products like gift cards that are easy to cash out. [7:10] The concept of card testing emerges, where stolen payment details are validated through small purchases. [8:05] Iremar discusses the rise of friendly fraud, where legitimate customers dispute transactions after receiving goods. [9:30] Major product launches, such as highly anticipated game releases, create predictable spikes in fraud risk. [11:05] Marketplace fraud requires managing risk on both sides, verifying sellers while monitoring buyers in real time. [12:40] He describes G2A’s shift away from manual review toward fully automated transaction decisioning. [14:15] The tension between frictionless customer experience and effective fraud prevention is unpacked. [16:05] Automation and AI are positioned as essential tools for scaling fraud defenses without overwhelming operations. [18:10] AI’s real impact is discussed: not changing fraud itself, but making attacks faster and more scalable. [20:05] Iremar explains why human judgment still plays a critical role alongside AI systems. [21:41] Fraud patterns differ across industries, illustrated through examples from ride-hailing platforms. [23:10] Abuse of referral and incentive programs reveals how self-referrals became a common fraud tactic. [24:40] Identity misuse by drivers highlights risks tied to document verification. [25:50] Face recognition and customer reporting become tools for detecting account misuse. [27:15] High-value luxury marketplaces introduce entirely different fraud and logistics challenges. [29:10] Practical consumer advice: buy from reliable sources, review refund policies, and question unrealistic pricing. [30:05] Seller protection strategies focus on accurate product descriptions and shipment tracking. [32:05] The most common complaints in marketplaces are items not received and items not as described. [33:20] Iremar recounts becoming a fraud victim after a fraudulent airline ticket charge. [35:00] A WhatsApp impersonation attempt using his photo targeted his mother. [36:10] Verification habits are emphasized as one of the strongest defenses against scams. [37:40] The risks of social media and account takeover scenarios are discussed. [39:30] Challenges around encouraging broader adoption of two-factor authentication. [40:05] Career advice for those interested in fraud prevention as a profession. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/40176170
info_outline
Money Laundering
02/18/2026
Money Laundering
Organized crime is often imagined as something violent, chaotic, and obvious. But today, it looks far more polished than that. It operates like a multinational business, spread across borders, built on trust networks, specialization, and efficiency rather than brute force. This episode looks at how modern scams, fraud, and money laundering actually work and why they’re so hard to spot before serious damage is done. My guest is Geoff White, an investigative journalist who has spent decades covering organized crime, cybercrime, and financial fraud. His reporting has appeared on BBC News, Sky News, The Sunday Times, and other major outlets, and he is also the creator of The Lazarus Heist, the hit podcast and book series exploring North Korea’s global hacking operations. His latest book, Rinsed, examines how technology has transformed the world of money laundering. We talk about how modern criminal networks are structured, why scams now rely on patience and psychology rather than speed, and how money laundering functions as a service industry that quietly supports fraud at scale. The conversation also explores why victims are sometimes unknowingly used to move stolen funds, how urgency is weaponized to override judgment, and why slowing down remains one of the most effective defenses people have. Show Notes: [01:08] Geoff shares his background and why the organized crime + technology overlap is where he’s spent his career. [02:52] Why longer-form work (books, podcasts) is often the only way to explain complex crimes that don’t fit into a quick news segment. [03:56] Old-school enforcement was violence; modern crime groups often can’t use that when partners are anonymous and overseas. [04:23] The trust networks holding global crime together can be more fragile than people assume. [05:06] The strange “trust inside crime” dynamic especially in ransomware, where criminals must appear “reliable.” [06:18] Competition today looks more like corporate rivalry than street violence, especially in ransomware affiliate ecosystems. [07:41] Do these groups evolve from traditional cartels or arise from new tech-native criminals? Geoff says it depends on the region. [09:58] The skill split of elite coders builds ransomware, while newer recruits use social engineering to get initial access. [11:34] Money laundering adapts fast with crypto, game currencies, NFTs while the core “service business” model stays the same. [12:46] The “cost” of laundering: fees can be extreme for newcomers, and lower for experienced players with connections. [13:53] A disturbing case where victims are daisy-chained to launder money and reinforce the romance-scam illusion. [15:12] Why money mules are treated as disposable and how many don’t realize the seriousness until law enforcement shows up. [16:48] The tactic of letting victims withdraw a little money to make a platform feel legitimate and why it works so well. [18:09] Geoff connects today’s tactics to classic con mechanics (“putting the mark on the send”) and the psychology behind it. [19:22] Geoff describes seeing an “escalator scam” firsthand: small payouts early, then pressure to pay to “unlock” higher earnings. [21:51] The scary shift is that scams now look polished and patient, stretching across multiple channels and weeks (or longer). [23:12] The more we “self-custody” money and identity online, the more security responsibility shifts onto individuals. [24:32] A major crypto seizure case raises a messy question when seized assets grow in value, who gets the upside? [28:46] Geoff’s practical defense: slow down on anything money-related, create space, and don’t let urgency steer decisions. [31:17] Why today’s scammers play the long game of months of relationship-building can lead to life-changing losses. [34:29] Repeat victimization: recovery scams and fake “investigators” often target people right after they’ve been hit. [36:08] “Traceable” doesn’t mean “recoverable,” why freezing and returning stolen crypto is legally and logistically hard. [38:44] UK reimbursement changes shift liability between sending and receiving banks but there are tradeoffs and open questions. [41:28] Geoff reacts to US payment quirks (card taken away, tip written in pen) and why it still surprises outsiders. [45:11] Closing advice is to learn from other people’s stories and run “what would I do?” scenarios before a crisis hits. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39965420
info_outline
Critical Infrastructure Risks
02/11/2026
Critical Infrastructure Risks
Most cybersecurity conversations focus on stolen data, breached accounts, and attacks that live entirely on screens. This episode looks at a far more consequential threat: what happens when cyberattacks target the physical systems that keep society running. Power, water, transportation, and manufacturing. When those systems fail, the consequences aren’t just digital. They’re immediate, visible, and sometimes dangerous. My guest is Lesley Carhart, Technical Director of Incident Response at Dragos, a cybersecurity firm focused exclusively on protecting critical infrastructure. Lesley specializes in industrial control systems and operational technology, investigating real-world attacks against power plants, water systems, transportation networks, and industrial facilities built on aging, irreplaceable technology. We talk about why these environments are uniquely vulnerable, how ransomware groups and nation-state actors quietly gain long-term access, and why many compromises go undetected for years. The conversation also explores the limits of traditional cybersecurity thinking, the real-world constraints operators face, and what organizations can realistically do to improve security when failure isn’t an option. Show Notes: [01:30] Lesley Carhart is here and explains what operational technology is and why industrial systems are uniquely vulnerable [03:40] How decades-old computers still run power plants, water systems, and transportation infrastructure [06:10] Why industrial environments can’t simply patch, upgrade, or shut systems down [08:25] The mindset shift required when safety and continuity matter more than stopping an intrusion [10:40] Why air-gapped systems are mostly a myth in modern critical infrastructure [13:15] How remote access became unavoidable—and one of the biggest risk factors [16:05] The three main threat categories facing industrial systems: ransomware, insiders, and nation-state actors [18:45] Why ransomware is especially damaging in power, water, and manufacturing environments [21:30] How nation-state attackers quietly establish footholds years before taking action [24:20] Why many industrial compromises go undetected for months—or even years [27:10] What incident response looks like when you can’t just “pull the plug” [30:05] The most common causes of industrial failures: human error, maintenance issues, and environment [32:40] A surprising incident that looked like a nation-state attack—but wasn’t [34:55] Why critical infrastructure organizations often feel pressure to pay ransoms [37:00] Practical starting steps for organizations with aging, mission-critical systems [39:20] Advice for people interested in industrial cybersecurity and working with legacy technology [42:10] Why mentorship matters and why Lesley chooses to give back to the field Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39965290
info_outline
Familial Identity Theft
02/04/2026
Familial Identity Theft
Identity theft is usually framed as an external threat. Hackers, data breaches, anonymous criminals operating somewhere far away. This episode looks at a much harder reality to face: identity theft that happens inside families, often quietly, over many years, and without immediate detection. The damage isn’t just financial. It reshapes trust, relationships, and a person’s sense of stability long before anyone realizes what’s happening. My guest is Axton Betz-Hamilton, an associate professor of financial counseling and planning whose research focuses on familial and child identity theft. Her work is deeply personal. As a teenager, Axton discovered her own credit had been destroyed before she ever had a chance to build it, the result of identity theft that began when she was a child. Years later, she uncovered the truth behind who was responsible and how multiple generations were affected. We talk about how familial identity theft works, why it’s so difficult to detect, and what recovery really looks like when the person who caused the harm was someone you trusted. The conversation covers the long road to rebuilding credit, the emotional fallout that often gets overlooked, and the practical steps people can take to protect themselves and their children before damage is done. Show Notes: [02:15] Axton Betz-Hamilton explains how her parents’ identities were stolen in the early 1990s, before consumers had legal protections. [03:50] Discovering a 10-page credit report at age 19 and realizing her financial life was damaged before it began. [05:45] What it’s like to learn your credit score is in the second percentile nationwide and why that realization changes everything. [07:10] How early frustration with identity theft shaped Axton’s academic path and research focus. [09:05] The moment evidence surfaced pointing to a family member as the source of the identity theft. [10:45] Uncovering decades of fraudulent accounts affecting multiple generations within one family. [12:50] How grief abruptly shifted into investigation after learning the truth about who caused the harm. [15:20] The long, two-track process of disputing fraudulent credit while slowly rebuilding legitimate credit history. [17:40] Why some fraudulent accounts had to age off credit reports instead of being removed. [19:05] How isolation and manipulation can allow familial identity theft to continue undetected for years. [21:55] Exploring possible motivations behind the theft and how financial behaviors can repeat across generations. [23:10] The simplest way to detect identity theft is by regularly checking all three credit reports. [24:30] Why freezing your credit is one of the most effective and underused protection tools. [26:05] The importance of freezing children’s credit to prevent damage that may not surface until adulthood. [28:00] How modern tools like IRS identity PINs reduce the risk of tax-related identity theft. [30:15] Using E-Verify freezes to prevent identity theft tied to employment and income. [33:10] The emotional impact of familial identity theft and why boundaries are often necessary for healing. [35:00] How family systems fracture when some members believe the victim and others defend the offender. [36:40] Why mental health support is a critical part of recovery, not an optional one. [38:00] The Identity Theft Resource Center as a comprehensive support option for victims navigating recovery. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39934790
info_outline
Exploiting Trust (Part 2)
01/28/2026
Exploiting Trust (Part 2)
Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world. With more than 30 years of experience, FC explains why human behavior, not technology, is consistently the weakest link in security, and how his success in physical breaches almost always depends on people trying to be helpful rather than malicious. The stories he shares range from quietly unsettling to darkly funny, but they all point to the same pattern: security controls fail when they don’t account for how people actually work. The discussion goes deeper into why trust, politeness, and unquestioned compliance undermine defenses, how workplace culture encourages risky shortcuts, and what actually helps reduce risk without fear, blame, or expensive overengineering. Show Notes: [00:00] FC explains why most physical security breaches succeed because someone is trying to be helpful, not because of technical skill. [02:07] His background in cybersecurity and how physical security testing grew out of traditional penetration testing work. [04:26] Why trauma and hypervigilance can sharpen situational awareness in security professionals. [08:55] Early physical security failures are discussed, including poorly placed cameras and people casually sharing sensitive information. [11:06] FC explains how security controls that interfere with work often lead employees to find unsafe workarounds. [13:24] A story illustrates how even air-gapped systems fail when people move data for convenience. [15:32] Trust and rule-following culture are explored as major contributors to physical access failures. [16:40] FC shares how his near-perfect success rate comes from people helping him gain access without questioning authority. [17:08] He recounts an incident where employees helped him remove multiple computers from a secure building. [19:40] A failed engagement is described where internal resistance led to police being called unnecessarily. [24:00] FC tells the story of accessing a vault and removing a gold bar during a test unknown to senior executives. [26:53] The preparation required for high-risk physical tests, including staged kidnappings, is explained. [31:50] Practical advice begins with learning to think like an attacker when assessing your own home or workplace. [34:02] Situational awareness is discussed as a key deterrent against both physical crime and social engineering. [36:13] FC explains why security cameras are more useful for investigation than prevention, especially in offices. [37:41] Camera placement mistakes are covered, including mounting cameras within easy reach. [39:06] The importance of not advertising valuables or security measures is emphasized. [41:30] FC discusses personal vigilance and why monitoring finances and subscriptions matters. [44:00] His book How I Rob Banks is discussed, including the real stories and lessons it contains. [46:06] FC explains how his company chooses clients and why culture change is a major part of their work. [50:29] Security improves when systems are designed around real human behavior. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39909575
info_outline
Exploiting Trust (Part 1)
01/21/2026
Exploiting Trust (Part 1)
Most security failures don’t start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn’t open, or that a machine “just works,” or that no one would ever think to look there. Over time, those small assumptions stack up, and that’s where things tend to go wrong. Today’s guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind spots. Formerly the head of offensive cybersecurity research at Raytheon and now co-founder of cybersecurity firm Cygenta, FC is also the author of How I Robbed Banks, a book packed with true stories from the field. In this conversation, FC shares what he’s learned from decades of breaking into places he was hired to protect. The stories range from funny to unsettling, but they all point to the same pattern: technology usually isn’t the weakest link. People are. From outdated systems that can’t be replaced to everyday workplace habits that quietly invite risk, this episode offers a grounded look at how intrusions really happen and what actually makes environments safer. Show Notes: [03:06] FC grew up before cybersecurity existed and learned computers when manuals were thicker than the machines themselves. [05:27] How early internet culture shifted from curiosity-driven exploration to the rise of malicious actors. [07:15] Why inviting external testers to break into your systems was once an unthinkable idea and how that changed. [09:35] The danger of internal blind spots and why external validation is often more valuable than internal confidence. [10:46] Unexpected discoveries during penetration tests, including systems no one remembered were even running. [12:23] Choosing unusual, esoteric security projects and why unconventional systems often hide the biggest risks. [12:50] A real-world operation that involved reverse-engineering hardware to shut down power infrastructure in seconds. [16:29] One of the easiest break-ins ever happens accidentally, proving how fragile some systems really are. [17:21] The most common technical failure seen across organizations: poor network segmentation. [18:36] How a routine internal scan accidentally knocked an entire country’s banking connection offline. [20:04] A bank unknowingly runs its internal network on an IP range owned by the U.S. Department of Defense. [21:43] A mysterious daily network outage turns out to be caused by a single employee’s music collection. [23:07] Plugging into a forgotten network switch triggers a fire during a government penetration test. [25:15] Why penetration testers are often blamed first even when nothing has been touched yet. [26:25] Discovering malicious insider code planted by coordinated nation-state actors. [29:41] Why some outdated systems must remain untouched and why “just update everything” isn’t realistic. [33:15] Implanting covert hardware inside everyday office devices to gain persistent network access. [35:01] How avoiding people altogether is often the most effective form of social engineering. [37:10] Why attackers move from the top floors down and how authority bias works without a single word spoken. [38:35] Clothing, context, and small visual cues that instantly make people assume you belong. [42:26] A penetration test derailed by an unexpected office costume day—and why randomness can be a defense. [44:33] A simple exercise anyone can use to start thinking like an attacker by examining their own home. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39799600
info_outline
Surviving a Ransomware Attack
01/14/2026
Surviving a Ransomware Attack
A ransomware attack doesn’t always announce itself with flashing warnings and locked screens. Sometimes it starts with a quiet system outage, a few unavailable servers, and a sinking realization days later that the threat actors were already inside. This conversation pulls back the curtain on what really happens when an organization believes it’s dealing with routine failures only to discover it’s facing a full-scale cyber extortion event. My guest today is Zachary Lewis, CIO and CISO for a Midwest university, a 40 Under 40 Business Leader, and a former Nonprofit CISO of the Year. Zachary shares the inside story of a LockBit ransomware attack that unfolded while his team was still building foundational security controls, forcing real-time decisions about recovery, disclosure, negotiations, and whether paying a ransom was even an option. We talk about the shame that keeps many cyber incidents hidden, the emotional weight leaders carry during these moments, and the practical realities that don’t show up in tabletop exercises from buying bitcoin to restoring systems when password managers are encrypted. It’s an honest, grounded discussion about resilience, preparedness, and why sharing these stories openly may be one of the most important defenses organizations have. Show Notes: [04:05] Zachary Lewis explains why the absence of an immediate ransom note delayed suspicion of an attack. [06:00] The first technical indicators suggest something more serious is unfolding. [07:45] Discovering encrypted hypervisors and realizing recovery won’t be straightforward. [09:30] Zachary outlines when data exfiltration became a real concern. [11:05] Receiving the LockBit ransomware note confirms the organization has been compromised. [12:55] The 4:30 a.m. phone call pushes leadership into full crisis mode. [14:40] Zachary reflects on managing fear, responsibility, and decision fatigue mid-incident. [16:20] Executive expectations collide with technical realities during the breach. [18:05] Why “doing most things right” still doesn’t guarantee protection. [19:55] Cyber insurance begins shaping early response decisions. [21:35] Bringing in incident response teams and legal counsel under tight timelines. [23:20] Zachary describes working with the FBI and understanding jurisdictional limits. [25:10] What law enforcement can and cannot realistically provide during ransomware events. [26:50] Opening communication channels with the threat actors. [28:35] The psychological pressure behind ransomware negotiations. [30:10] Attacker-imposed timelines force rapid, high-stakes decisions. [31:55] Zachary walks through the practical challenges of acquiring cryptocurrency. [33:40] Why encrypted password managers created unexpected recovery barriers. [35:15] Determining which systems could be restored first—and which could not. [37:00] Lessons learned about backup integrity and offline recovery. [38:45] The importance of clear internal communication during uncertainty. [40:25] Balancing transparency with legal and reputational concerns. [42:10] How staff reactions differed from executive responses. [43:55] Zachary discusses the stigma that keeps many ransomware incidents quiet. [45:40] Why sharing breach stories can strengthen collective defenses. [47:20] MFA gaps and configuration issues exposed by the attack. [49:05] Why tabletop exercises fall short of real-world incidents. [50:50] Long-term security changes made after recovery. [52:30] Zachary offers advice for CISOs facing their first major incident. [54:10] What preparedness really means beyond compliance checklists. [56:00] Why resilience and recovery deserve equal priority. [58:30] Final reflections on leadership, accountability, and learning in public. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39575725
info_outline
Why You Fall For Scams
01/07/2026
Why You Fall For Scams
Why do smart, capable people fall for scams even when the warning signs seem obvious in hindsight? In this episode, Dan Ariely joins us to examine how intuition often leads us in the wrong direction, especially under stress, uncertainty, or emotional pressure. A renowned behavioral economist, longtime professor of psychology and behavioral economics at Duke University, and bestselling author of Predictably Irrational, The Upside of Irrationality, Misbehaving, and Misbelief, Dan has spent decades studying why rational people consistently make choices that don’t serve them. We talk about the deeply human forces that shape how we decide who to trust, and how easily those instincts can be exploited in high-stakes situations involving fraud, financial loss, and digital deception. Dan shares a deeply personal story about surviving severe burns and the long process of self-acceptance that followed, using his own experience to show how hiding, blending in, and social pressure quietly influence behavior in ways most of us never stop to question. We also explore why stress pushes people to search for patterns, stories, and a sense of control, even when those explanations aren’t accurate. Dan explains how our minds operate like a “vintage Swiss Army knife,” well suited for small, predictable communities but poorly equipped for modern risks like scams, cybersecurity threats, and low-probability, high-impact events. Topics include why near-misses teach the wrong lessons, why authority and urgency are so effective in manipulation, and why expecting people to be perfectly rational is a losing strategy. We also discuss practical ways to slow decisions down and bring in outside perspectives to help design safeguards that work with human nature. Show Notes: [01:52] Dan Ariely joins the episode to examine how human decision-making actually works under pressure. [03:41] How intuition can point us in the wrong direction during moments of stress and uncertainty. [05:26] Trust, authority, and urgency as core levers used in fraud and manipulation. [07:12] When decisions feel overwhelming, the brain’s tendency to rely on shortcuts. [08:58] Dan explains why rational thinking often breaks down faster than we expect. [10:34] Near-misses and how they quietly reinforce false confidence instead of caution. [12:09] Why repeated exposure to risk doesn’t necessarily make people better decision-makers. [13:55] Stress-driven pattern seeking and the human need for explanation and control. [15:32] Superstition, conspiracy thinking, and what they reveal about uncertainty tolerance. [17:18] Why modern threats like scams and cybercrime confuse brains built for simpler environments. [18:56] The “vintage Swiss Army knife” analogy and what it says about human cognition. [20:41] Authority cues and why skepticism often disappears in the presence of perceived expertise. [22:27] Slowing decisions down as one of the most reliable defenses against manipulation. [24:13] Dan reflects on how behavioral economics challenged traditional models of rational choice. [25:59] A personal story about surviving severe burns and the long path to self-acceptance. [27:44] How hiding and blending in can quietly shape behavior and self-perception. [29:31] Social pressure and its role in everyday compliance and risk-taking. [31:16] Why vulnerability doesn’t look the way people expect it to. [33:02] Expecting perfect rationality and why that assumption consistently fails. [34:47] Designing systems that account for human limits instead of ignoring them. [36:33] The value of outside perspective when decisions carry real consequences. [38:19] Practical ways individuals can reduce risk by changing how they decide. [40:05] When slowing down matters more than having more information. [41:52] Applying behavioral insights to fraud prevention and digital safety. [43:38] Why better tools help, but mindset still plays a critical role. [45:24] Final thoughts on working with human nature rather than fighting it. [48:02] What listeners can take away about decision-making, risk, and self-awareness. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39495285
info_outline
Mobile Device Threats
12/31/2025
Mobile Device Threats
In a world where we’re told to carry our entire lives in our pockets, we’ve reached a strange tipping point where the very devices meant to connect us have become windows into our private lives for those who wish us harm. It’s no longer a matter of looking for the "shady" corners of the internet; today, the threats come from nation-state actors, advanced AI, and even the people we think we’re hiring. We are living in an era where the most sophisticated hackers aren't just trying to break into your phone, they’re trying to move into your business by pretending to be your best employee. Joining the conversation today is Jared Shepard, an innovative industry leader and the CEO of Hypori. A U.S. Army veteran with over 20 years of experience, Jared’s journey is far from typical; he went from being a high school dropout to serving as a sniper and eventually becoming the lead technical planner for the Army’s Third Corps. He is also the founder of Intelligent Waves and the chair of the nonprofit Warriors Ethos, bringing a perspective shaped by years of advising technologists in active war zones. We’re going to dive deep into why Jared believes everything you own should be considered already compromised and why that realization is the first step toward true security. From the terrifying reality of his own 401k being stolen via identity theft to the future of "dumb terminals" that protect your privacy by storing nothing at all, this discussion challenges the status quo. We’ll explore how to navigate a future where AI can fake your identity in real-time and why the ultimate battle in cybersecurity isn't against a specific country, but against our own human tendency toward laziness. Show Notes: [[02:12] Jared Shepard of Hypori is here to discuss how modern cyber threats actually play out in real life. [04:48] How modern attacks unfold slowly instead of triggering obvious alarms. [05:55] Why many victims don’t realize anything is wrong until secondary systems start failing. [07:56] What identity theft looks like when accounts are targeted methodically over time. [08:48] How attackers prioritize persistence and access over immediate financial gain. [10:32] A real attempt to take over long-term financial accounts and how it surfaced. [13:07] Why financial institutions often respond late even when fraud is already underway. [15:44] The limits of traditional identity verification in an AI-driven threat environment. [16:52] Why layered authentication still fails when underlying identity data is compromised. [18:21] Deepfakes, voice cloning, and why video calls no longer prove much. [20:57] How laptop farms are used to bypass hiring controls and internal access checks. [22:18] Why insider-style access is increasingly coming from outside the organization. [23:33] Why some companies are quietly bringing back in-person steps for sensitive roles. [26:09] SIM farms, mobile identity abuse, and how scale changes detection. [28:47] The growing tension between personal privacy and corporate device control. [31:22] Why assuming device compromise changes everything downstream. [33:58] Isolating data from endpoints instead of trying to secure the device itself. [35:12] How moving compute and data off the endpoint reduces exposure without requiring device monitoring. [36:35] How pixel-only access limits data exposure even on compromised hardware. [39:11] Why AI training data introduces new security and poisoning risks. [41:46] Why recovery planning is often overlooked until it’s too late. [44:18] The problem with victim-blaming and how it distorts security responses. [46:52] Why layered defenses matter more than any single tool or platform. [47:58] What practical preparation looks like for individuals, not just enterprises. [49:12] Rethinking privacy as controlled access rather than total lock-down. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39495040
info_outline
Past, Present, and Future of AI agents
12/24/2025
Past, Present, and Future of AI agents
The intersection of AI and cybersecurity is changing faster than anyone expected, and that pace is creating both incredible innovation and brand-new risks we’re only beginning to understand. From deepfake ads that fool even seasoned security professionals to autonomous agents capable of acting on our behalf, the threat landscape looks very different than it did even a year ago. To explore what this evolution means for everyday people and for enterprises trying to keep up, I’m joined by Chris Kirschke, Field CISO at Tuskira and a security leader with more than two decades of experience navigating complex cyber environments. Chris talks about his unconventional path into the industry, how much harder it is for new professionals to enter cybersecurity today, and the surprising story of how he recently fell for a fake Facebook ad that showcased just how convincing AI-powered scams have become. He breaks down the four major waves of InfoSec from the rise of the web, through mobile and cloud, to the sudden, uncontrollable arrival of generative AI. He then explains why this fourth wave caught companies completely off guard. GenAI wasn’t something organizations adopted thoughtfully; it appeared overnight, with thousands of employees using it long before security teams understood its impact. That forced long-ignored issues like data classification, permissions cleanup, and internal hygiene to the forefront. We also dive into the world of agentic AI which is AI that doesn’t just analyze but actually acts and the incredible opportunities and dangers that come with it. Chris shares how low-code orchestration, continuous penetration testing, context engineering, and security “mesh” architectures are reshaping modern InfoSec. Chris spends a lot of time talking about the human side of all this and why guardrails matter, how easy it is to over-automate, and the simple truth that AI still struggles with the soft skills security teams rely on every day. He also shares what companies should think about before diving into AI, starting with understanding their data, looping in legal and privacy teams early, and giving themselves room to experiment without turning everything over to an agent on day one. Show Notes: [00:00] Chris Kirschke, Field CISO at Tuskira, is here to explore how AI is reshaping cybersecurity and why modern threats look so different today. [03:05] Chris shares his unexpected path from bartending into IT in the late ’90s, reflecting on how difficult it has become for newcomers to enter cybersecurity today. [06:18] A convincing Facebook scam slips past his defenses, illustrating how AI-enhanced fraud makes traditional red flags far harder to spot. [09:32] GenAI’s sudden arrival in the workplace creates chaos as employees adopt tools faster than security teams can assess risk. [12:08] The conversation shifts to AI-driven penetration testing and how continuous, automated testing is replacing traditional annual reports. [15:23] Agentic AI enters the picture as Chris explains how low-code orchestration and autonomous agents are transforming security workflows. [18:24] He discusses when consumers can safely rely on AI agents and why human-in-the-loop oversight remains essential for anything involving transactions or access. [21:48] AI’s dependence on context becomes clear as organizations move toward context lakes to support more intelligent, adaptive security models. [25:46] He highlights early experiments where AI agents automatically fix vulnerabilities in code, along with the dangers of developers becoming over-reliant on automation. [29:50] AI emerges as a support tool rather than a replacement, with Chris emphasizing that communication, trust, and human judgment remain central to the security profession. [33:35] A mock deposition experience reveals how AI might help individuals prepare for high-stress legal or compliance scenarios. [37:13] Chris outlines practical guardrails for adopting AI—starting with data understanding, legal partnerships, and clear architectural patterns. [40:21] Chatbot failures remind everyone that AI can invent policies or explanations when it lacks guidance, underscoring the need for strong oversight. [41:32] Closing thoughts include where to find more of Chris’s work and continue learning about Tuskira’s approach to AI security. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39385130
info_outline
You Are Traceable with OSINT
12/17/2025
You Are Traceable with OSINT
Publicly available data can paint a much clearer picture of our lives than most of us realize, and this episode takes a deeper look at how those tiny digital breadcrumbs like photos, records, searches, even the background of a Zoom call can be pieced together to reveal far more than we ever intended. To help break this down, I’m joined by Cynthia Hetherington, Founder and CEO of The Hetherington Group, a longtime leader in open-source intelligence. She also founded Osmosis, the global association and conference for OSINT professionals, and she oversees OSINT Academy, where her team trains investigators, analysts, and practitioners from all experience levels. Cynthia shares how she started her career as a librarian who loved solving information puzzles and eventually became one of the earliest people applying internet research to real investigative work. She talks about the first wave of cybercrime in the 1990s, how she supported law enforcement before the web was even mainstream, and why publicly accessible data today is more powerful and more revealing than ever. We get into how OSINT actually works in practice, from identifying a location based on a sweatshirt logo to examining background objects in video calls. She also explains why the U.S. has fewer privacy protections than many assume, and how property records, social media posts, and online datasets combine to expose surprising amounts of personal information. We also explore the growing role of AI in intelligence work. Cynthia breaks down how tools like ChatGPT can accelerate analysis but also produce hallucinations that investigators must rigorously verify, especially when the stakes are legal or security-related. She walks through common vulnerabilities people overlook, the low-hanging fruit you can remove online, and why your online exposure often comes from the people living in your home. Cynthia closes by offering practical advice to protect your digital footprint and resources for anyone curious about learning OSINT themselves. This is a fascinating look at how much of your life is already visible, and what you can do to safeguard the parts you’d rather keep private. Show Notes: [01:17] Cynthia Hetherington, Founder & CEO of The Hetherington Group is here to discuss OSINT or Open-Source Intelligence. [02:40] Early cyber investigators began turning to her for help long before online research tools became mainstream. [03:39] Founding The Hetherington Group marks her transition from librarian to private investigator. [04:22] Digital vulnerability takes center stage as online data becomes widely accessible and increasingly revealing. [05:22] We get a clear breakdown of what OSINT actually is and what counts as “publicly available information.” [06:40] A simple trash bin in a photo becomes a lesson in how quickly locations can be narrowed down. [08:03] Cynthia shares the sweatshirt example to show how a tiny image detail can identify a school and possibly a city. [09:32] Background clues seen during COVID video calls demonstrate how unintentional information leaks became routine. [11:12] A news segment with visible passwords highlights how everyday desk clutter can expose sensitive data. [12:14] She describes old threat-assessment techniques that relied on family photos and subtle personal cues. [13:32] Cynthia analyzes the balance and lighting of a Zoom backdrop, pointing out what investigators look for. [15:12] Virtual and real backgrounds each reveal different signals about a person’s environment. [16:02] Reflections on screens become unexpected sources of intelligence as she notices objects outside the camera frame. [16:37] Concerns grow around how easily someone can be profiled using only public information. [17:13] Google emerges as the fastest tool for building a quick, surface-level profile of almost anyone. [18:32] Social media takes priority in search results and becomes a major driver of self-exposed data. [19:40] Cynthia compares AI tools to the early internet, describing how transformative they feel for investigators. [20:58] A poisoning case from the early ’90s demonstrates how online expert communities solved problems before search engines existed. [22:40] She recalls using early listservs to reach forensic experts long before modern digital research tools were available. [23:44] Smarter prompts become essential as AI changes how OSINT professionals gather reliable information. [24:55] Cynthia introduces her C.R.A.W.L. method and explains how it mirrors the traditional intelligence lifecycle. [26:12] Hallucinations from AI responses reinforce the need for human review and verification. [27:48] We learn why repeatable processes are crucial for building trustworthy intelligence outputs. [29:05] Elegant-sounding AI answers illustrate the danger of unverified assumptions. [30:40] An outdated email-header technique becomes a reminder of how quickly OSINT methods evolve. [32:12] Managed attribution—hiding your digital identity—is explained along with when it’s appropriate to use. [33:58] Cynthia unpacks the reality that the U.S. has no constitutional right to privacy. [35:36] The 1996 case that sparked her digital-vulnerability work becomes a turning point in her career. [37:32] Practical opt-out steps give everyday people a way to remove basic personal data from public sites. [38:31] She discusses how indirect prompting of AI tools can still narrow down someone’s likely neighborhood or lifestyle. [39:58] Property and asset records emerge as unavoidable exposure points tied to government databases. [40:52] A high-risk client’s situation shows how family members often create digital vulnerabilities without realizing it. [42:44] Threats that surface too late demonstrate why proactive intelligence work is essential. [44:01] Concerns about government surveillance are contrasted with the broader access private investigators actually have. [45:12] Train tracks become an example of how physical infrastructure now doubles as a modern data network. [46:03] She explains how audio signatures and forensic clues could theoretically identify a train’s path. [47:58] Asset tracking becomes a global operation as valuable cargo moves between ships, trucks, and rail systems. [49:48] Satellite imagery makes monitoring even remote or underwater locations almost effortless. [51:12] Everyday applications of geospatial analysis include environmental changes and shifts within local communities. [52:19] Surveillance is compared to gravity; it's constant, invisible, and always exerting pressure. [52:44] Cynthia shares practical strategies for controlling your environment and keeping conversations private. [54:01] Resources like OSINT Academy, Information Exposed, and the Osmosis Association offer pathways for learning and strengthening personal privacy. [55:32] The episode closes with encouragement to stay aware of what you share and how easily digital clues can be connected. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39384895
info_outline
Anyone Could Walk In
12/10/2025
Anyone Could Walk In
Sometimes we forget how much trust we place in the little things around us like a lock on a door or a badge on someone’s shirt. We see those symbols and assume everything behind them is safe, but it doesn’t always work that way. A person with enough confidence, or the right story, can slip through places we think are locked down tight, and most of us never notice it’s happening. My guest today is Deviant Ollam, and he’s one of the rare people who gets invited to break into buildings on purpose. He talks about how he fell into this unusual line of work, the odd moments that shaped his career, and why understanding human behavior matters just as much as understanding locks or alarms. Listening to him describe these situations, where he’s walking through offices, popping doors, or blending in with repair crews, makes you realize how blind we can be to our own surroundings. We also get into the practical side of things: the mistakes companies make, the small fixes that go a long way, and why teaching employees to slow down and ask a few extra questions can make all the difference. It’s an eye-opening conversation, especially if you’ve ever assumed your workplace is more secure than it really is. Show Notes: [03:24] Deviant shares how early adventures, abandoned buildings, and curiosity about locks pulled him toward physical security. [06:20] A story about a law firm reveals how an office “secure” door was bypassed instantly, exposing major hardware flaws. [09:16] Discussion shifts to how the locksmith and safe technician community reacted to his public teaching and how that’s changed over time. [13:28] The topic turns to security theater and the gap between feeling safe and actually being protected. [16:18] An explanation of symbolic locks versus real security products highlights how easily people mix up the two. [19:11] Conversation moves into the lack of clear U.S. lock standards and why European systems make things easier for consumers. [21:51] Layered security comes into focus, emphasizing that the goal is to delay and deter rather than stop every possible attack. [24:35] Monitoring tools, overlooked windows, and forgotten blind spots show how attackers often choose the easiest entry point. [27:38] We look at the politics of penetration tests and why coordinating with building management is essential. [31:28] Escalation testing illustrates how long suspicious behavior can go unnoticed inside an organization. [34:34] The need for simple, obvious reporting channels becomes clear when employees aren’t sure who to alert. [37:00] A breakdown of common cover stories shows why attackers lean on confidence and industry jargon. [39:50] Urgency and pressure tactics surface as key components of social engineering and why “polite paranoia” helps. [41:14] A viral prank underscores how easily an unverified person can be escorted into restricted areas. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39256690
info_outline
The Scam You Never See Coming
12/03/2025
The Scam You Never See Coming
Fraud today doesn’t feel anything like it used to. It’s not just about somebody skimming a credit card at a gas pump or stealing a check out of the mail. It has gotten personal, messy, emotional. Scammers are building relationships, earning trust, and studying the little details of our lives so they can strike when we’re tired, distracted, or dealing with something big. And honestly, most people have no idea how far it’s gone. My guest, Ian Mitchell, has spent more than 25 years fighting fraud around the world and leading teams in the financial sector. He’s the founder of The Knoble, a nonprofit bringing banks and industry leaders together to protect vulnerable people from scams, human trafficking, and exploitation. Ian has seen the evolution of fraud firsthand, from the old-school days of stolen cards to the organized global crime networks using technology, AI, and human manipulation to scale at a pace we’ve never experienced before. What stood out to me is Ian’s belief that the strongest defense doesn’t start with fancy tools or tighter security. It starts at home. Real conversations with our kids about safety online. Checking in on aging parents. Talking openly with people we trust so scammers can’t isolate us and break us down. It’s serious work, but Ian is hopeful. He believes there are far more good people than bad, and when we look out for each other, we’re a lot harder to exploit. Show Notes: [00:58] Ian unexpectedly shifted from music and modeling into the world of fraud prevention. [01:19] Founding The Knoble and building a global network to fight human crimes and protect vulnerable populations. [01:49] A look at Follow the Money, the documentary project raising awareness about exploitation and financial crime. [02:19] Why Ian believes crimes of exploitation have moved directly into our homes and daily lives. [03:08] The early moment when Ian uncovered a major fraud ring while working at an internet company. [06:44] How canceling $300,000 in fraudulent orders changed the direction of his career. [08:11] Reflections on the “wild west” early days of online fraud and security. [11:01] How fraud evolved from stolen cards into emotional manipulation and trust-based scams. [12:49] The post-COVID surge in scams and the shift toward targeting individuals instead of systems. [14:03] Why fighting fraud today requires global coordination and an army of trained professionals. [16:38] Scammers coaching victims to distrust banks, friends, and even family members. [17:05] The longest romance-style scam Ian has seen — an eight-year manipulation before money was ever requested. [18:25] Discussion on timing, trust, and why even smart people can be caught off guard. [22:05] Ian shares his own experience dealing with identity theft and the complexity of proving it wasn’t him. [23:22] AI and big data transforming broad scam attempts into precise, personalized attacks. [25:31] The alarming rise of sextortion schemes targeting kids ages 13–16 and why awareness is critical. [26:40] The urgent need for uncomfortable safety conversations within families. [28:09] Why Ian believes the first line of defense isn’t technology — it’s communication at home. [29:30] The emotional impact on scam victims: shame, isolation, and loss of confidence in judgment. [31:13] How AI can be used for good and why the industry must move quickly to fight back. [40:40] Three essential conversations families should start having right now. [41:21] Protecting children through parental controls, boundaries, and digital safety. [42:42] Encouraging open dialogue with aging parents about financial protection and autonomy. [44:19] Finding balance: staying vigilant without living in fear. [47:57] A hopeful reminder that there are far more good people than bad — and collective action matters. [48:30] Where to find Ian, learn more about The Knoble, and connect with his work. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39151410
info_outline
Hacking AI
11/26/2025
Hacking AI
AI has brought incredible new capabilities into everyday technology, but it’s also creating security challenges that most people haven’t fully wrapped their heads around yet. As these systems become more capable and more deeply connected to the tools and data we rely on, the risks become harder to predict and much more complicated to manage. My guest today is Rich Smith, who leads offensive research at MindGard and has spent more than twenty years working on the front lines of cybersecurity. Rich has held leadership roles at organizations like Crash Override, Gemini, Duo Security, Cisco, and Etsy, and he’s spent most of his career trying to understand how real attackers think and where systems break under pressure. We talk about how AI is changing the way attacks happen, why the old methods of testing security don’t translate well anymore, and what happens when models behave in ways no one expected. Rich also explains why psychology now plays a surprising role in hacking AI systems, where companies are accidentally creating new openings for exploitation, and what everyday users should keep in mind when trusting AI with personal information. It’s a fascinating look behind the curtain at what’s really going on in AI security right now. Show Notes: [01:00] Rich describes getting into hacking as a kid and bypassing his brother’s disk password. [03:38] He talks about discovering Linux and teaching himself through early online systems. [05:07] Rich explains how offensive security became his career and passion. [08:00] Discussion of curiosity, challenge, and the appeal of breaking systems others built. [09:45] Rich shares surprising real-world vulnerabilities found in large organizations. [11:20] Story about discovering a major security flaw in a banking platform. [12:50] Example of a bot attack against an online game that used his own open-source tool. [16:26] Common security gaps caused by debugging code and staging environments. [17:43] Rich explains how AI has fundamentally changed offensive cybersecurity. [19:30] Why binary vulnerability testing no longer applies to generative AI. [21:00] The role of statistics and repeated prompts in evaluating AI risk and failure. [23:45] Base64 encoding used to bypass filters and trick models. [27:07] Differentiating between model safety and full system security. [30:41] Risks created when AI models are connected to external tools and infrastructure. [32:55] The difficulty of securing Python execution environments used by AI systems. [35:56] How social engineering and psychology are becoming new attack surfaces. [38:00] Building psychological profiles of models to manipulate behavior. [42:14] Ethical considerations and moral questions around AI exploitation. [44:05] Rich discusses consumer fears and hype around AI’s future. [45:54] Advice on privacy and cautious adoption of emerging technology. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/39150940
info_outline
The Ransomware War
11/19/2025
The Ransomware War
Ransomware isn’t a lone hacker in a hoodie. It’s an entire criminal industry complete with developers, brokers, and money launderers working together like a dark tech startup. And while these groups constantly evolve, so do the tools and partnerships aimed at stopping them before they strike. My guest today is Cynthia Kaiser, former Deputy Assistant Director of the FBI’s Cyber Division and now the Head of the Ransomware Research Center at Halcyon. After two decades investigating global cyber threats and briefing top government leaders, she’s now focused on prevention and building collaborations across government and industry to disrupt ransomware actors at their source. We talk about how ransomware groups operate, why paying a ransom rarely solves the problem, and what layered defense really means for organizations and individuals. Cynthia also shares how AI is reshaping both sides of the cyber arms race and why she believes hope, not fear, is the most powerful tool for defenders. Show Notes: [01:04] Cynthia Kaiser had a 20-year FBI career and has now transitioned from investigation to prevention at Halcyon. [03:58] The true scale of cyber threats is far larger than most people realize, even within the government. [04:19] Nation-state and criminal activity now overlap, making attribution increasingly difficult. [06:45] Cynthia outlines how ransomware spreads through phishing, credential theft, and unpatched systems. [08:08] Ransomware is an ecosystem of specialists including developers, access brokers, money launderers, and infrastructure providers. [09:55] Discussion of how many ransomware groups exist and the estimated cost of attacks worldwide. [11:37] Ransom payments dropped in 2023, but total business recovery costs remain enormous. [12:24] Paying a ransom can mark a company as an easy target and doesn’t guarantee full decryption. [13:11] Example of a decryptor that failed completely and how Halcyon helped a victim recover. [14:35] The so-called “criminal code of ethics” among ransomware gangs has largely disappeared. [16:48] Hospitals continue to be targeted despite claims of moral restraint among attackers. [18:44] Prevention basics still matter including strong passwords, multi-factor authentication, and timely patching. [19:18] Cynthia explains the value of layered defense and incident-response practice drills. [21:22] Even individuals need cyber hygiene like unique passwords, MFA, and updated antivirus protection. [23:32] Deepfakes are becoming a major threat vector, blurring trust in voice and video communications. [25:17] Always verify using a separate communication channel when asked to send money or change payment info. [27:40] Real-world example: credential-stuffing attack against MLB highlights the need for two-factor authentication. [29:55] What to do once ransomware hits includes containment, external counsel, and calling trusted law-enforcement contacts. [32:44] Cynthia recounts being impersonated online and how she responded to protect others from fraud. [34:28] Many victims feel ashamed to report cybercrime, especially among older adults. [36:45] Scams often succeed because they align with real-life timing or emotional triggers. [38:32] Children and everyday users are also at risk from deceptive links and push-fatigue attacks. [39:26] Overview of Halcyon’s Ransomware Research Center and its educational, collaborative goals. [42:15] The importance of public-private partnerships in defending hospitals and critical infrastructure. [43:38] How AI-driven behavioral detection gives defenders a new advantage. [44:48] Cynthia shares optimism that technology can reduce ransomware’s impact. [45:43] Closing advice includes practicing backups, building layered defenses, and staying hopeful. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38861320
info_outline
Opportunistic Crimes
11/12/2025
Opportunistic Crimes
Criminals are always adapting. Whether it’s copper wiring stripped from job sites or porch pirates grabbing deliveries in broad daylight, they keep finding new ways to take what isn’t theirs. But maybe prevention isn’t about harsher punishment or more cameras. Maybe it’s about smarter design and understanding what drives people to steal in the first place. My guest today is Dr. Ben Stickle, a professor of criminal justice at Middle Tennessee State University and one of the country’s top researchers on property crime. Before entering academia, he worked in law enforcement, which gives him a rare mix of real-world perspective and research-based insight. His work on metal theft, catalytic converter crime, and package theft sheds light on who’s actually committing these offenses, what motivates them, and which prevention methods truly work. We discuss how fluctuating metal prices influence theft rates, why cameras often fail to stop certain crimes, and how a few simple design changes to your home can make a real difference. Dr. Stickle also shares unexpected examples of modern theft, from stolen pets to disappearing beehives, and explains how communities can act early before small trends turn into national headlines. Show Notes: [01:22] Ben recalls his early years as a police officer and what motivated him to serve. [01:27] The conversation moves into crime scene investigation training and lessons from real-world cases. [03:38] Ben talks about transitioning into teaching and research, guided by a drive to improve policing through knowledge. [05:30] The focus turns to crime prevention and understanding how to stop crimes before they happen. [06:15] Discussion shifts to metal theft, from copper wiring to catalytic converters, and the steep cost of replacing what’s stolen. [10:47] Ben explains how metal theft isn’t new, tracing its roots all the way back to ancient Greece. [14:58] The challenges of balancing better security design with cost and practicality come to light. [17:46] The topic turns to porch piracy and why package theft has become one of the most common crimes in America. [19:43] Ben breaks down how daily routines influence theft risk and how thieves range from organized groups to impulsive opportunists. [25:23] The role of cameras is questioned as Ben explains why surveillance doesn’t always deter crime. [27:00] Practical prevention strategies emerge like delivering to lockers, hiding packages, and using better drop-off options. [28:53] New tech enters the discussion with alarms, GPS tracking, and geofencing tools designed to stop porch pirates. [29:14] Ben explores how rethinking porch layouts could help protect deliveries and reduce crime opportunities. [31:47] The conversation expands to environmental criminology and how physical spaces can influence criminal behavior. [34:00] Ben emphasizes the importance of targeted prevention instead of one-size-fits-all solutions. [38:00] The value of using local crime data, rather than fear-driven news, to make safety decisions is underscored. [40:30] Emerging trends come up, from pet and beehive thefts to crimes tied to the growing sharing economy. [42:00] The episode wraps with takeaways on prevention, awareness, and where listeners can find Ben’s research. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38742565
info_outline
Post Scam Guidebook
11/05/2025
Post Scam Guidebook
Fraud usually gets talked about in numbers like how much money was stolen, how many people were affected, how many cases got filed. But behind every one of those numbers is a person who’s been blindsided, manipulated, or left trying to rebuild trust in others and in themselves. This episode shifts the focus back to those human stories and the fight to protect them. My guest, Freddie Massimi, has spent more than a decade helping scam victims find both financial and emotional recovery, bringing empathy and understanding to a field that too often feels cold and procedural. As a certified financial crimes investigator and program manager at The Knoble, Freddie has made it his mission to bridge the gap between institutions and individuals. He shares the heartbreaking and hopeful moments that define his work including one phone call that saved a life. Along with how that experience changed the way he thinks about what true fraud prevention really means. Freddie also opens up about The Knoble’s Post-Scam Victimization Guide, a collaborative, trauma-informed resource designed to help victims regain control of their lives and prevent re-victimization. From crypto scams to romance cons, he explains how these schemes keep evolving, why empathy is still one of the best tools we have, and how every fraud fighter can make a difference simply by listening and responding with humanity. Show Notes: [00:40] Freddie shares his background as a certified financial crimes investigator and program manager at The Knoble. [01:40] A look back at Freddie’s early path into criminal justice and how empathy shaped his fraud-fighting approach. [03:07] The story of a Tennessee widow who lost $300,000 in a pig-butchering crypto scam. [04:30] Freddie’s emotional account of saving a victim’s life and how it reframed his mission to protect others. [07:42] The rise of collaborative fraud-fighter networks and Freddie’s work leading The Knoble’s post-scam initiatives. [08:11] How The Knoble unites financial institutions, law enforcement, and NGOs to address “human crime.” [08:58] Development of the Post-Scam Victimization Guide, a trauma-informed resource for banks and fraud teams. [10:39] How financial crime has evolved from simple check scams to complex digital exploitation and trafficking. [13:01] The need for faster, more transparent information sharing between banks and law enforcement. [14:04] What makes the Post-Scam Guide different including actionable steps, empathy-driven language, and real-world tools. [15:00] Sextortion cases, Gavin’s Law, and how shame and silence compound the harm. [18:30] Practical tools in the guide, including hotline numbers, QR codes, and scripts for supporting victims. [20:20] How to talk to romance scam victims with compassion including using questions that spark reality checks, not judgment. [22:00] Why shame keeps scams underreported and how trauma-informed communication changes outcomes. [23:19] The role of technology in scams: remote access, malware, and how scammers exploit smartphones and computers. [24:36] Shoutout to Kitboga for his cybersecurity tools and awareness campaigns against scam call centers. [25:22] Why elderly victims remain the most vulnerable and how education can empower prevention. [27:24] The double victimization cycle like when scammers return pretending to recover lost money. [30:00] Freddie’s real-world example of helping a victim secure their accounts and recover identity. [32:50] How banks can adjust fraud detection systems to catch hidden patterns of exploitation. [34:30] Spotting red flags in gift card purchases and why speaking up can literally save lives. [36:31] Freddie’s advice for anyone who suspects they’re being scammed: stop all contact and secure your accounts. [37:06] The importance of documenting everything and reporting through IC3.gov and law enforcement. [38:30] Emotional recovery and community support are just as vital as financial recovery. [41:00] The biggest mistake victims make after being scammed is staying silent out of shame or fear. [41:40] Freddie’s story about protecting his own grandmother from IRS and WhatsApp scams. [43:00] Common text-message scams and why you should never reply, even with “wrong number.” [44:48] How to access The Knoble’s free, vetted Post-Scam Victimization Guide. [45:30] Where to connect with Freddie and The Knoble’s wider fraud-fighter network. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38725590
info_outline
Can You Trust Anything Online
10/29/2025
Can You Trust Anything Online
You think you’d never fall for a scam until you meet someone like Kitboga. He’s a software engineer who’s turned his curiosity about online fraud into a full-time mission to outsmart scammers and protect the people they target. His YouTube channel, The Kitboga Show, has millions of followers and nearly a billion views, thanks to his mix of humor, empathy, and clever ways of exposing how scams really work. In our conversation, Kit opens up about how this all started, what it’s really like to spend hours pretending to be a scam victim, and how organized crime has turned fraud into a massive global business. He shares what’s changed over the years and why those old “red flags” don’t always work anymore and how new tools like deepfakes and AI have made deception harder to spot than ever. Kit also talks about his newest project, Serif Secure, a free tool he created to help people clean and protect their computers after a scam attempt. He’s honest, thoughtful, and a little funny even when the subject is dark. By the end, you’ll see just how much one person can do to fight back. Show Notes: [01:15] Kit explains how he got into “scam baiting” and why protecting victims became personal. [03:05] He shares how streaming scam calls to friends unexpectedly turned into a viral mission. [06:07] Kit recounts nearly falling for a Discord impersonation scam himself. [09:17] We discuss how deepfakes and AI are changing what a “red flag” looks like online. [11:31] Scammers now use real services like PayPal and DocuSign to appear legitimate. [13:11] Kit explains how long-term investment and “pig-butchering” scams draw people in slowly. [15:51] Fraudsters are now going after 401(k)s and retirement funds instead of small cash grabs. [17:00] We examine how fake phone numbers and online ads make verification harder than ever. [19:56] Kit talks about the emotional toll of scam-baiting and why he sometimes needs a break. [21:51] We reflect on why decades-old scams, like Nigerian letters, still thrive today. [23:57] The scale of organized fraud is compared to global industries worth trillions. [25:41] Kit admits scams will never truly disappear—only evolve with new technology. [26:44] We learn how his team uses automation to detect and map out scam networks. [30:24] Kit describes juggling live streaming with scam calls and the role humor plays in coping. [33:37] He explains why scammers’ aggression still works and what it reveals about victims. [37:00] Kit shares moving stories of victims, including a widower deceived in a romance scam. [40:00] We explore how scams erode self-trust and make victims doubt their own judgment. [42:13] Kit talks about working with law enforcement and the need for stronger collaboration. [44:10] We hear about Serif Secure, his anti-scam software designed to protect users’ devices. [47:04] The software now proactively blocks remote access tools and phishing websites. [48:14] Kit warns about “scam recovery” frauds and the cruel trick that targets victims twice. [49:30] We wrap with practical advice on skepticism, security, and staying a step ahead of scammers. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38646315
info_outline
Real Time Fraud Detection
10/22/2025
Real Time Fraud Detection
Everywhere you turn, someone’s trying to fake something like an image, a voice, or even an entire identity. With AI tools now in almost anyone’s hands, it takes minutes, not days, to create a convincing fake. That’s changed the game for both sides. The fraudsters have new weapons, and the rest of us are scrambling to keep up. The real question now isn’t just how to stop scams, but how to know who or what to trust online. My guest today, Bala Kumar, spends his days on the front lines of that battle. He’s the Chief Product and Technology Officer at Jumio, a company working to make digital identity verification faster, smarter, and safer. Bala has more than twenty years in the industry, including leadership roles at TransUnion, and he’s seen firsthand how the race between innovation and exploitation never really ends. It just keeps speeding up. In our conversation, Bala shares how generative AI has supercharged the fraud world, what makes identity such a fragile link in digital trust, and why biometrics may finally offer a way forward. We also dig into the psychology behind online risk, how convenience often wins over caution, and what small habits can help people protect themselves in an age where deception looks more real than ever. Show Notes: [01:04] Bala Kumar has a background in product management and fraud prevention from TransUnion to Jumio. [01:59] He describes how fraudsters constantly evolve, forcing companies to anticipate attacks instead of just reacting. [03:56] The quality of manipulated images has skyrocketed, making real vs. fake nearly indistinguishable. [05:17] Jumio’s systems catch most fake IDs, but Bala admits even advanced systems must keep auditing for missed fraud. [07:16] Regular audits and rapid response cycles help Jumio identify attack spikes within 24–48 hours. [09:40] Generative AI has dramatically increased the speed and volume of fraud attempts across industries. [11:33] Jumio uses cross-transaction risk analysis to detect emerging fraud patterns and shut down attacks quickly. [13:00] Fraudsters move from one platform to another, always searching for weaker defenses and faster wins. [15:10] Bala explains how fraud prevention has expanded beyond banking into gaming, dating, and gig platforms. [16:38] Consumers crave low friction, which ironically makes them more vulnerable to scams. [17:20] Instant gratification culture pressures companies to reduce security steps, fueling greater risk. [19:52] New AI-driven fraud tactics include injected camera feeds and highly realistic deep fakes. [20:12] Old tricks like “send me a selfie with proof” no longer work—deepfakes can now mimic anything. [22:22] Bala sees biometrics as the next major safeguard for digital identity and real-time verification. [23:12] Facial recognition has become mainstream, paving the way for secure and low-friction identity checks. [26:19] Jumio is already deploying biometric check-ins for events and hotel registrations with great success. [27:30] Account recovery and payout systems now use liveness and device checks to confirm identity safely. [30:09] Bala critiques outdated knowledge-based questions like “What’s your favorite food?” as unreliable security. [31:12] Consumers lack visibility into which apps use strong verification or multi-factor authentication. [33:56] He calls for an independent rating system to rank apps based on security and identity protection. [37:53] Bala urges users to question why companies ask for personal data like SSNs or ZIP codes. [39:29] Even a ZIP code and last name can expose personal records, highlighting the need for awareness. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38646005
info_outline
Child Predator Tactics
10/15/2025
Child Predator Tactics
Kids spend more time online than ever, and for the most part it feels normal. They’re gaming, watching videos, and chatting with friends. But hidden in those same spaces are adults who know how to pose as kids, build trust, and push conversations into dangerous territory. Parents might think it couldn’t happen to their child, yet detectives see how quickly an “innocent” interaction can turn into grooming or extortion. That’s the world Detective Seth Cockerham works in every day. He’s been in law enforcement in Texas for close to a decade, and the last few years have been dedicated to investigating crimes against children. He talks about these cases with both the eye of an investigator and the heart of a parent, because he knows what it’s like to raise kids in a world where technology isn’t going away. Seth explains how predators move kids off kid-friendly apps into spaces parents can’t easily monitor, what behaviors should make families pay attention, and why kids often keep things to themselves. He also shares what has worked in his own home like parental control tools, early conversations about boundaries, and making sure his daughters know they can come to him about anything. At the end of the day, his message is simple: if your child says something feels wrong, take it seriously. Show Notes: [01:07] Seth explains his path into law enforcement and how he moved into child crime investigations. [02:24] Why drowning and neglect cases motivated him to take a deeper role in protecting kids. [04:05] The personal impact of working child abuse cases and balancing it as a parent. [05:30] How predators go where kids are online, from YouTube to gaming platforms with chat features. [07:00] Grooming tactics predators use, often pretending to be the same age to build trust. [07:40] Grooming can escalate in hours or take weeks, with predators moving kids to apps like Snapchat. [10:39] AI filters sometimes detect inappropriate content, but predators still find ways around it. [11:52] Behavioral changes are often the first signs kids are being exploited or manipulated online. [14:10] Why some kids go to police instead of parents and how Seth builds trust with families. [16:47] Most child abuse cases involve someone the child already knows; online cases are often strangers. [18:20] International predators make prosecutions harder, especially in sextortion cases. [21:08] Managing families’ expectations when investigations take longer than TV shows portray. [23:55] Fastest time Seth has moved from a report to an arrest in an online case. [24:14] Common traits of perpetrators, often highly tech-savvy with strong knowledge of systems. [26:46] The parental control tools Seth uses at home, including the Bark phone for his kids. [29:30] How to reset boundaries with older kids and use resources like NetSmartz for education. [32:37] Seth’s advice to kids: never send selfies to strangers, don’t believe threats, tell a trusted adult. [33:39] His warning about sextortion: paying money never works, it only leads to more demands. [36:20] Resources for victims include counseling through advocacy centers and photo removal tools. [37:20] Seth’s key takeaway: listen to your kids and take their concerns seriously. Thanks for joining us on Easy Prey. Be sure to and leave a nice review. Links and Resources:
/episode/index/show/easyprey/id/38445590