Cybersecurity Hacks in 2022 | All The Hacks Podcast

00:00:00.000 | If you get a notification from what appears to be an organization of authority, you have

00:00:09.180 | to think about it.

00:00:10.180 | First, the IRS doesn't email anybody.

00:00:12.980 | Police departments wouldn't normally send you an email and go, "Hey, by the way, we

00:00:17.860 | think you've committed a crime, so notify us here."

00:00:21.700 | What you should do, even if you get one that looks really, really official, contact the

00:00:27.100 | specific agency and independently confirm the contact information and then reach out

00:00:33.460 | to them and say, "I got the strangest thing.

00:00:37.100 | Did you send me something?"

00:00:38.500 | Now, most people don't like to red flag themselves with the IRS, but at the same point, you need

00:00:44.300 | to make sure that you're dealing with the IRS and, of course, generally, the only way

00:00:49.420 | they deal with you initially is you get a letter.

00:00:53.480 | Maybe not a letter you want to receive, but you will get a letter.

00:00:57.220 | They don't call you unless you owe them money.

00:01:00.840 | You've owed them money for a very long time.

00:01:03.300 | They've sent you notice after notice after notice.

00:01:06.140 | You didn't respond, and then you might, might get a call from a legitimate debt collector.

00:01:12.440 | There are about three or four that have been designated by the IRS, but again, generally,

00:01:20.380 | it's never something where you're asked to do something urgently.

00:01:24.180 | Hello, and welcome to another episode of All The Hacks, a show about upgrading your life,

00:01:29.460 | money, and travel all while spending less and saving more.

00:01:32.380 | If you're new here, I'm your host, Chris Hutchins, and I'm excited to have you on my journey

00:01:36.100 | to optimize my own life by sitting down each week with the world's best experts to learn

00:01:40.820 | the strategies, tactics, and frameworks they use for their own lives and their success.

00:01:45.100 | Today, I'm talking with Adam Levin, who's an absolute expert on cybersecurity, privacy,

00:01:50.780 | identity theft, and fraud.

00:01:52.380 | At 27, he became the youngest director in the history of the New Jersey Division of

00:01:56.220 | Consumer Affairs.

00:01:57.820 | He later went on to found at least two companies, Credit.com, which focused on consumer credit

00:02:02.620 | building and was acquired in 2015, and CyberScout, a global identity and data protection company

00:02:08.060 | that helped pioneer the cyber insurance business and was acquired in 2021.

00:02:12.900 | On top of all that, he's the author of the critically acclaimed book, Swiped, How to

00:02:16.300 | Protect Yourself in a World Full of Scammers, Fishers, and Identity Thieves, and he hosts

00:02:20.540 | the weekly cybersecurity podcast, What the Hack?

00:02:23.840 | For many months, I've been wanting to do an episode on everything you need to know about

00:02:26.780 | cybersecurity identity theft, so I'm really excited that I got connected with Adam.

00:02:30.660 | We're going to talk about how to protect yourself from all these threats, what kind of tools

00:02:34.560 | and services like VPNs or security keys or credit monitoring are actually worth using.

00:02:39.500 | Basically, I want to leave you with everything you need to know to protect yourself online.

00:02:44.900 | Adam, welcome to the show.

00:02:50.020 | Chris, thanks so much for inviting me.

00:02:53.420 | Yeah.

00:02:54.420 | So just to kick us off, I want to know, what do you think is the most common thing you

00:02:57.940 | see most people doing wrong when it comes to protecting themselves online?

00:03:02.780 | Password protocol is terrible with most people.

00:03:06.420 | Most people pick a easily decipherable simple password because that's what they can remember,

00:03:13.460 | and they use it everywhere.

00:03:15.380 | And unfortunately, what you have to understand is that even assuming that you had the most

00:03:21.100 | indecipherable, sophisticated password possible, if it's been exposed as a result of a leak

00:03:28.700 | or a breach, then it's discovered, and a discovered password is no good to you anymore.

00:03:35.720 | And if it's through your entire universe of websites, it's going to come back and be a

00:03:39.920 | nightmare for you.

00:03:41.060 | So you really have to think hard about the kinds of passwords you're going to use.

00:03:45.660 | In fact, that's why most people use password managers that want to simplify their lives.

00:03:51.660 | But you need to do that because one ubiquitous password in your life is guaranteed to create

00:03:57.300 | a problem for you.

00:03:58.400 | I know that in the past, you know, password managers often will tell you this password's

00:04:02.680 | been in a breach is there was a site that was like, have I been pawned?

00:04:07.380 | Is that still like the gold standard of finding out what passwords of yours have been in a

00:04:11.300 | breach or what is it?

00:04:13.020 | It pretty much is.

00:04:14.020 | Yeah.

00:04:15.020 | Yeah.

00:04:16.020 | Have I been pawned?

00:04:17.020 | And it's not a happy place by any means.

00:04:20.580 | And you can also now track your phone number too.

00:04:24.540 | Oh, cool.

00:04:25.540 | Because, you know, the issue is that, you know, for years we've been told that the,

00:04:30.540 | the ultimate skeleton key to your life is your social security number.

00:04:34.740 | And that's pretty much true.

00:04:37.460 | But if you think about it now, everybody gives their cell phone number out to everybody.

00:04:44.020 | And on top of which it's not something because they're now portable, nobody's going to change

00:04:49.020 | their cell phone number.

00:04:50.820 | So this is a number that's going to stick with you most of your life.

00:04:54.460 | And it is everywhere.

00:04:58.000 | So that that's an issue as well.

00:05:00.500 | What's the risk of your phone number being out there?

00:05:03.060 | Obviously people can call you, but is it that they could know your number and spoof your

00:05:07.780 | number calling customer service and pretend to be you with automated systems or why is

00:05:12.580 | having your number out there, you know, as, as bad or dangerous as maybe your email password,

00:05:18.220 | which makes more sense to me why that would be a bad thing.

00:05:21.060 | Well, the reason why having your number out there is a problem is because if you think

00:05:24.780 | about it, most people who use multi-factor authentication, the second factor tends to

00:05:30.220 | be they a code sent to their phone number.

00:05:34.440 | But so if your, if your phone number is stolen as a result of a SIM swap, which is not as

00:05:39.380 | difficult as one would think is for a few bucks, unfortunately, people call people at

00:05:45.420 | mobile providers and get them to switch things based on the fact that they go, I'm sorry

00:05:53.420 | that I forgot my password and this is my phone number and I just got a new device by the

00:05:59.180 | way.

00:06:00.180 | So can you please transfer to my new device?

00:06:02.700 | And then all of a sudden you don't get the code.

00:06:05.020 | We've had cases where people have lost millions in cryptocurrency because the code was sent

00:06:11.940 | to the phone number that had been stolen by a hacker.

00:06:16.300 | Now I know in five, 10 years ago, SIM swapping kind of hit all the news and it was a big

00:06:20.860 | thing.

00:06:21.860 | Is that still happening as much as it was, or have the carriers gotten better about requiring

00:06:27.220 | more information to switch a phone number or is it still a really big concern?

00:06:30.780 | Well, again, if you pay somebody off, it doesn't matter, you know, what kind of protocols you

00:06:35.120 | have in place the carriers are getting better.

00:06:39.060 | And of course, now you have the opportunity to use a pin number as an additional layer

00:06:44.420 | of security for someone calling to find out more about your phone.

00:06:50.780 | The only problem is that a lot of people, just like we tend to use simple passwords,

00:06:55.420 | people use codes like 0 0 0 0 1 2 3 4 9 8 7 6.

00:07:02.040 | So it's not that difficult to guess for some of the bad guys.

00:07:06.060 | So it sounds like a quick thing everyone needs to do.

00:07:08.860 | If you're not already using a password manager, I mean, go back to basics.

00:07:12.780 | That's something you should do.

00:07:13.940 | I think most people here have probably heard me talk about password managers enough to

00:07:17.980 | hopefully have gotten on the board with that train, but calling your cell phone carrier

00:07:22.820 | and making sure you have that pin set up.

00:07:25.300 | I know I called Verizon once and just said, Hey, can you put me in some sort of more secure

00:07:29.860 | version of, you know, an account that that can work with some banks, financial institutions,

00:07:37.240 | some don't.

00:07:38.240 | I also like to change my mother's maiden name and give them a different word or number or

00:07:43.580 | any string of characters than an actual mother's maiden name, because that like your phone

00:07:48.820 | number is not too difficult to find online.

00:07:51.220 | Are there any other kind of fundamental basics to protect yourself from SIM swapping that

00:07:55.700 | people should be doing?

00:07:56.700 | Well, I mean, you know, that also just be very alert.

00:08:02.020 | And if if all of a sudden you're not getting phone calls or you're not getting texts or

00:08:08.260 | something just doesn't feel right, immediately contact your mobile provider.

00:08:14.320 | But you also brought up an interesting thing, too, when you talk about changing your mother's

00:08:17.640 | maiden name.

00:08:19.340 | I always say to people, listen, when you set up security questions and answers, lie like

00:08:23.100 | a superhero.

00:08:24.100 | I mean, Clark Kent is not going to tell people he's Superman.

00:08:27.460 | Bruce Wayne doesn't run around saying, Hey, I'm Batman.

00:08:31.980 | So if your mother's maiden name is Smith, tell people it's Jones.

00:08:37.180 | If you went to Ridgefield High School, tell them you went to to Southwick.

00:08:42.780 | The key thing is consistency.

00:08:45.900 | It's not as if you're doing an interview to get a security clearance for national security.

00:08:51.900 | All you're trying to do is create something that will be a benchmark.

00:08:56.580 | So it's not about veracity.

00:08:59.040 | It's just about consistency.

00:09:01.540 | Sometimes I just have strings of numbers.

00:09:02.820 | You know, I use one password and I generate a random string of characters.

00:09:06.500 | So it's like, what's your favorite book?

00:09:08.180 | It might be, you know, gobbledygook to me.

00:09:10.220 | It's just a bunch of numbers and symbols and letters, but it certainly isn't something

00:09:14.580 | anyone would guess.

00:09:16.220 | And the same goes for the high school I went to, or my dog's name, or things that you might

00:09:19.780 | actually be able to find out online.

00:09:21.380 | No, no, listen, that's a great idea, as they say, the algorithm.

00:09:27.740 | There's a lot of places we could take this, right?

00:09:29.340 | I didn't think identity theft is a big area, cybersecurity is a big area.

00:09:33.740 | Maybe we start with credit identity.

00:09:36.840 | You mentioned social security number is this protected thing.

00:09:40.060 | With the Equifax breach, in my mind, it's like, I'm kind of operating like my social

00:09:44.620 | security number's out there.

00:09:45.700 | I feel like for, I don't know, one in three Americans now, your social security number

00:09:49.700 | is out there.

00:09:51.100 | Is that still as easily accessible such that if someone wants your social security number

00:09:55.860 | and they try hard enough, they can probably get it?

00:09:58.180 | And if so, what do we do?

00:10:00.140 | Let's face it.

00:10:01.140 | I mean, not just Equifax, we're talking about over the past several years, billions, and

00:10:07.340 | that's Dr. Evil, pinky to the lip B, billions, billions of files have been exposed through

00:10:15.220 | data leaks, breaches, people hitting the wrong key and information getting out there.

00:10:24.380 | People just giving out their social security number.

00:10:26.500 | I mean, think about every time you go to the doctor's office, the dentist's office, what

00:10:30.540 | do they have on the form?

00:10:31.980 | Your social security number, which by the way, you can say, no, I'm not giving you my

00:10:35.620 | social security number.

00:10:37.340 | They're not going to throw you out because they're either operating with your insurance

00:10:42.180 | information or they're going to get a credit card before you ever get out the door.

00:10:47.740 | So you don't need to give them your social security number.

00:10:50.540 | You need to say, no, we have to have it for insurance purposes.

00:10:53.700 | No, they don't.

00:10:55.140 | They really don't.

00:10:56.140 | So, but I mean, there have been stories about people at their children's Little League games,

00:11:02.420 | they were passing around these sheets and people were filling them out and say, yeah,

00:11:08.820 | let me have your social security numbers.

00:11:10.140 | Well, yeah, sure.

00:11:11.140 | Here it is.

00:11:12.140 | You know, people don't really think about it.

00:11:13.580 | They kind of toss it out like you were tossing out rose petals.

00:11:18.260 | So I think you have to assume your social security number is out there.

00:11:21.680 | You have to assume most of your information is out there.

00:11:25.220 | So it's really about something that I developed with my collaborator, Beau Friedlander, who's

00:11:31.180 | also my cohost on What the Hack with Adam Levin.

00:11:34.740 | We wrote a book called Swiped, How to Protect Yourself in a World Filled with Scammers,

00:11:38.980 | Phishers, and Identity Thieves.

00:11:40.460 | We came up with a framework, 3Ms.

00:11:44.980 | How do you minimize your risk of exposure, reduce your attackable surface?

00:11:49.220 | How do you monitor so you effectively know that there's a problem and that you have to

00:11:53.940 | do something about it?

00:11:55.580 | And then how do you manage the damage?

00:11:57.620 | So what you're raising right now with the fact that our information is out there is

00:12:02.060 | how do you effectively monitor so you know as quickly as possible that you have a problem?

00:12:06.820 | Well, one of the things you do is, as we mentioned earlier, you go to the site Have I Been Pawned

00:12:11.900 | and see whether or not your user ID and password has been exposed in a breach.

00:12:17.300 | And then looking at the particular breach where it was exposed, you're going to know

00:12:22.060 | based on the information that has been provided by the companies that have been compromised

00:12:27.700 | how much of your information is out there.

00:12:30.980 | And that's why monitoring is so important.

00:12:34.660 | Get your credit report.

00:12:36.380 | Look at your credit.

00:12:37.380 | Don't just say, "I got my credit report.

00:12:39.060 | I did my good deed."

00:12:40.980 | Get it.

00:12:41.980 | Review it.

00:12:42.980 | Be serious about it.

00:12:44.020 | If something doesn't look right, contact the credit reporting agency.

00:12:48.520 | You need to be looking for things you didn't do as well as things that you might have done

00:12:54.540 | that you forgot you did.

00:12:57.460 | But review it and make sure that it says what you think it should say.

00:13:02.940 | And if it has additional dates of birth out there for you or different places where you've

00:13:10.860 | never worked or different home addresses, these are red flags.

00:13:15.460 | So get your credit report.

00:13:17.460 | Monitor your credit scores because if your credit scores take a sudden precipitous drop

00:13:23.020 | that you can't explain, then it's either one of three reasons.

00:13:26.980 | You didn't pay a bill on time.

00:13:28.940 | Not good.

00:13:29.940 | You need to know that.

00:13:30.940 | You're using too much of your available credit.

00:13:34.180 | Not so good.

00:13:35.180 | You need to know that.

00:13:36.700 | Or you're a victim of identity theft.

00:13:38.920 | Really not good and you need to know that.

00:13:42.060 | Also sign up for what's called transactional monitoring alerts.

00:13:45.820 | This is from your financial institutions, your credit card companies.

00:13:50.220 | It's free and it notifies you any time there's any activity in your account.

00:13:55.900 | And if you see activities going on that do not look familiar, then you have to notify

00:14:01.860 | your financial institution or the credit card company immediately.

00:14:05.380 | But that's one of those red flags.

00:14:07.180 | Also, believe it or not, look at your explanation of benefits statements that you receive from

00:14:12.820 | your health insurance company, because a lot of people have discovered that they were victims

00:14:18.100 | of medical identity theft because there was a treatment on there or an appointment on

00:14:24.220 | there that they never had with a doctor they've never heard of.

00:14:29.480 | So look at that to make sure it was you.

00:14:33.020 | And then finally, there are much more sophisticated forms of monitoring that come from the three

00:14:37.860 | credit reporting agencies, as well as third-party providers, where they have a number of different

00:14:45.260 | things that they're monitoring.

00:14:46.780 | You need them to be monitoring your social security number and your most personal information.

00:14:53.420 | And then you need to get things like what's called instant alerts, which is not, "Hey

00:14:58.780 | Chris, a few weeks ago, somebody using your information to open an account."

00:15:03.500 | But it's, "Hey Chris, somebody is attempting to open an account right now.

00:15:08.480 | Is it you?

00:15:09.740 | Yes or no?"

00:15:11.940 | And then you need to have monitoring that monitors the dark web, because if it shows

00:15:17.140 | up that your information is out there, and it will tell you what information has been

00:15:22.020 | discovered on the dark web, whether it's an email address, a password, a phone number,

00:15:30.060 | account information.

00:15:31.340 | That's why it's important to do that.

00:15:32.660 | So the third M is very important, the second M, very important.

00:15:36.420 | So just to recap, so I know getting your credit report, freeannualcreditreport.com, you can

00:15:40.900 | get it for free.

00:15:41.900 | Yes, you do.

00:15:42.900 | I believe even right now, as a result of maybe the pandemic, you can get it more regularly

00:15:47.500 | than once a year.

00:15:48.500 | You are getting it in some cases, either once a month or once a week, depending upon the

00:15:54.080 | credit reporting agency.

00:15:55.420 | Yeah.

00:15:56.420 | And then a lot of the alerts you talked about are free.

00:15:59.500 | I sign up, I have an account with Experian, Equifax, and TransUnion.

00:16:02.580 | I get alerts, I don't pay for any of those premium services.

00:16:07.060 | I get my credit score, gosh, I probably have five different ways to get it for free, whether

00:16:12.540 | it's Credit Karma, which isn't necessarily your FICO score, but it is a score, or different

00:16:17.460 | credit card companies, Amex gives you a free credit score, I think Capital One gives you

00:16:23.580 | a free credit score.

00:16:25.300 | Are there any of the credit monitoring and reporting services that you actually should

00:16:29.940 | pay for, or are they kind of all a little bit fluffy products that people create for

00:16:36.220 | people who are worried, but you can kind of do all this on your own?

00:16:39.300 | I know you can freeze and lock your credit, which I do, for free also.

00:16:43.860 | Yes.

00:16:44.860 | No, you can do that.

00:16:45.860 | That's as a result of an amendment to a banking law that was done a few years ago.

00:16:53.060 | But there are services that are worth it, because you really need them to take in-depth

00:17:00.060 | dives, and whereas with free credit reports, you can get them frequently, although a little

00:17:07.780 | less frequently now.

00:17:10.100 | The important thing is, you really need to keep up to date, and with that payment, you're

00:17:16.780 | not just paying for the monitoring, but you're also getting access to a professional that

00:17:21.860 | can help you through identity incidents.

00:17:25.460 | And that's really the third M, is that how do you manage the damage?

00:17:29.660 | Now a lot of people don't realize that through their insurance companies, some financial

00:17:37.460 | institutions, and now more and more through their employers, there are programs available

00:17:42.420 | to help you through identity incidents.

00:17:44.880 | In some cases, it's free as a perk of your relationship with the institution.

00:17:49.220 | In some cases, it's deeply discounted.

00:17:51.340 | In some cases, it may not be.

00:17:54.280 | But you have to really think about how important it is to know whether or not you've got a

00:17:59.740 | problem and have somebody who can help you through the problem.

00:18:04.020 | I get that if you are involved in an incident, it can be helpful to have an expert get through

00:18:09.980 | this entire thing, manage the entire process.

00:18:12.660 | But for just monitoring, would you say everyone needs to be using a premium service, or how

00:18:18.660 | do you set the threshold for someone thinking, "Okay, I feel like I've got monitors.

00:18:22.180 | I get my alerts.

00:18:23.180 | I get my transaction alerts.

00:18:24.340 | I check my credit every so often.

00:18:26.460 | When my score changes, I get an alert."

00:18:29.100 | Does the average person in that circumstance who hasn't yet been a victim of any fraud

00:18:32.860 | or theft need the premium services?

00:18:35.860 | Well, it depends how premium you want to go, and you have opportunities to select amongst

00:18:43.820 | those premium services, and even then, the level of premium service you wish to get.

00:18:50.420 | It really has to do with your comfort level, and how alert you are, and how informed you

00:18:59.740 | think you are based on the alerts you're seeing.

00:19:03.980 | The truth is, access to a professional to help you through incidents is priceless.

00:19:09.220 | It really is.

00:19:11.540 | If you talk to a lot of the folks who have been on both sides of the cyber world, they

00:19:18.060 | will all tell you that so much information is out there about us right now, that the

00:19:24.100 | fact that each and every one of us hasn't become a victim of some form of identity theft

00:19:29.540 | is simply because they haven't gotten around to us yet.

00:19:33.180 | It's really a question of supply and demand.

00:19:36.580 | I can tell you, having owned a company, well, first a company that was involved in monitoring,

00:19:41.900 | and then a company that was involved in managing damage and taking care of people, it really

00:19:48.060 | depends on what you want to get out of it, how much you're willing to invest.

00:19:53.340 | It's not a criminally expensive amount if you get the more moderately priced monitoring

00:19:58.300 | programs.

00:20:00.540 | You really need to know, and you need to know as quickly as possible, and you have to pay

00:20:05.940 | attention.

00:20:07.260 | I imagine if I Google credit monitoring services, there's thousands.

00:20:11.860 | I imagine some are much worse than probably just repackaging what you can get for free

00:20:15.340 | for a fee.

00:20:16.700 | Are there particular companies or services that you think are actually providing that

00:20:21.460 | added value for their fees?

00:20:23.460 | There are.

00:20:24.460 | We don't single out anybody specifically, and it's not because I'm being paid by anybody

00:20:31.380 | in particular.

00:20:33.020 | I really feel like it's a function of, you really need to do your research.

00:20:37.100 | Now, the Consumer Federation of America has a website called, I think it's called idtheft.info.

00:20:45.740 | I could be wrong, but just look up Consumer Federation of America.

00:20:50.620 | They actually have the majority of the major players in the identity monitoring service

00:20:59.060 | world signed up.

00:21:01.380 | They signed up for best practices.

00:21:05.020 | What they do at that website is they give you a list of questions and answers to think

00:21:11.860 | about when you're searching for someone to monitor your credit or to actually help you

00:21:16.780 | through a credit incident, and it's really worth it to go to that website.

00:21:22.580 | But there are a number of very good companies that have very good and thorough monitoring

00:21:28.900 | programs.

00:21:30.220 | But as with anything, take time and do your research.

00:21:34.780 | I was hoping I could skip a little of the research and get the answers from you.

00:21:39.220 | Are there any companies you know in this space that's like definitely avoid, like companies

00:21:43.860 | that are on your blacklist of credit monitoring and identity theft protection?

00:21:47.580 | Are there services where you're like, "Nah, just skip over LifeLock.

00:21:50.260 | They're the worst," or something, anyone in the space to avoid?

00:21:53.180 | Well, no.

00:21:54.180 | Well, see, now you're getting me to actually recommend certain companies.

00:21:59.020 | I mean, first of all, okay, I'll give you some.

00:22:02.220 | Aura is one that's very good.

00:22:06.100 | LifeLock is very good.

00:22:08.340 | I can tell you for years, I've used Experian and Protect My ID, their program, that's very

00:22:14.860 | good.

00:22:16.900 | My old company, Credit.com, we had a number of products and services that we matched people

00:22:23.860 | with that were very good.

00:22:26.820 | And I'm sure the folks at Credit Karma and other places can also give you recommendations.

00:22:33.420 | Another place to go, just for just great advice in general, is the Identity Theft Resource

00:22:39.780 | Center.

00:22:40.780 | They're out of San Diego.

00:22:41.780 | Eva Velasquez is the CEO.

00:22:44.020 | She's been CEO for a while.

00:22:46.700 | They're highly respected, and for those people who don't use paying services and are in trouble

00:22:52.660 | and need help and are victims of identity incidents, they actually work with some of

00:22:58.460 | the bigger companies and have a deal going on where these companies will help them help

00:23:05.060 | people for free.

00:23:08.020 | So the Identity Theft Resource Center, ITRC, is very good.

00:23:13.040 | Thanks for giving some information that I know you've been giving a lot.

00:23:17.260 | Breaking the rule.

00:23:18.260 | Yeah.

00:23:19.260 | One thing I was just thinking about, with credit cards, I think a lot of the reason

00:23:23.580 | people are not too worried about just putting their credit card number online is that most,

00:23:28.360 | if not all credit card companies nowadays, take the burden of the risk of something happening

00:23:33.740 | and fraudulent charges.

00:23:35.700 | But one thing I don't think I know, so I'm assuming most people don't, if someone uses

00:23:39.420 | your social security number to open a bank account or take out a mortgage or a loan or

00:23:44.220 | buy a car, how much of the liability ends up falling on you?

00:23:49.760 | Is the risk all the hassle of cleaning it up?

00:23:52.580 | Or is there actually risk that you could be liable for what happens and someone else won't

00:23:56.740 | pick up the tab like they might with credit card fraud?

00:23:59.380 | Well, we've seen, for instance, situations where people have had their social security

00:24:05.020 | numbers used to take mortgages out on their homes.

00:24:10.260 | That becomes problematic because you really need attorneys for that and it's not a simple

00:24:17.720 | process to have a mortgage removed from your home when the money was actually taken using

00:24:24.820 | your information.

00:24:27.260 | Now your insurance company can be very helpful there.

00:24:31.280 | That's why check with your insurance company and find out if they have identity protection

00:24:36.220 | programs, if it's automatic or you need to bring it on as an endorsement to your insurance

00:24:42.220 | policy, oftentimes your homeowner's policy, your renter's policy, and now even they're

00:24:48.340 | offering identity theft services through auto owner policies.

00:24:54.340 | But you may need that insurance coverage for that.

00:24:57.780 | That you may pay for, but it's not a large sum of money.

00:25:01.900 | It's just generally a fee for an endorsement.

00:25:05.580 | But no, it can be a problem.

00:25:08.500 | We've seen cases, for instance, with Zelle.

00:25:11.340 | Now the Consumer Financial Protection Bureau just came out and kind of dropped the hammer

00:25:16.020 | on a number of those peer to peer payment apps because so many people have had their

00:25:22.340 | information stolen, the app used, or they in good faith used it because they thought

00:25:28.260 | they were dealing with somebody real and not an identity thief or a hacker or a scammer

00:25:33.340 | and the money's gone.

00:25:34.340 | And of course they do tell you before you hit that button, make sure you know who you're

00:25:39.980 | dealing with.

00:25:42.420 | But that's changing.

00:25:44.360 | But let me take you back to sort of the beginning of identity theft.

00:25:48.860 | And in the early days of dealing with identity theft issues, and even to a little bit today,

00:25:56.000 | the victim was guilty until proven innocent.

00:26:00.060 | And in fact, the consumer was considered collateral damage.

00:26:04.860 | It was viewed as the business was the victim of the identity theft or the fraud.

00:26:12.020 | Now with credit cards, you're right, banks, it used to be $50 liability.

00:26:16.380 | It's now down in most cases to zero.

00:26:19.940 | Debit cards, little different story.

00:26:22.680 | Many of them have good protections, but in some cases, the financial institution will

00:26:28.180 | say that before we return your money to you, we have to do an investigation and we have

00:26:34.140 | to feel comfortable that you didn't just do something dumb and you're trying to get us

00:26:39.420 | to cover your loss.

00:26:42.020 | Fortunately, most people listening here are a big fan of earning credit card points and

00:26:46.580 | aren't using their debit card much.

00:26:48.700 | But the identity theft, yeah, I'd love to go back.

00:26:50.900 | So to the beginning, you were the victim.

00:26:54.660 | How has that evolved?

00:26:55.660 | Well, it's evolved now that there is a greater understanding of the fact that millions upon

00:27:01.800 | millions of people have become victims of identity theft.

00:27:05.300 | And in many cases through no fault of their own, simply their information was on the wrong

00:27:09.780 | database at the wrong moment and the wrong person gained access.

00:27:13.780 | And now suddenly they're victims of identity theft.

00:27:16.700 | And you have so many different levels of identity theft.

00:27:20.740 | You have the low hanging fruit, which is account takeover, which has to do with credit cards

00:27:25.220 | and debit cards.

00:27:26.340 | Debit cards raise the food chain a little bit.

00:27:32.880 | Then you have new account identity theft.

00:27:35.100 | That's where someone using your information has gone about the countryside, happily opening

00:27:39.820 | accounts in your name with your information, running up the balances and then disappearing

00:27:44.980 | into the sunset.

00:27:47.060 | And then you get other forms of identity theft, like medical identity theft, where someone

00:27:52.360 | using your information gets medical treatment in your name, has a procedure in your name,

00:27:57.620 | has appointments in your name.

00:28:00.300 | In most cases, it's a fraud against the insurance company, but it could come back to haunt you

00:28:04.780 | depending upon your lifetime allowances.

00:28:10.380 | But in cases where insurance wasn't involved, you've had many situations where people get

00:28:16.740 | a bill that comes out of nowhere from a medical provider and it's huge.

00:28:22.220 | And they end up having problems with their credit reports and fighting with the medical

00:28:26.220 | provider and being sued.

00:28:29.340 | There is a greater understanding of that now.

00:28:32.740 | There's child-related identity theft, where kids have no idea because they don't check

00:28:39.060 | their credit.

00:28:40.060 | They don't even think they have a credit report.

00:28:42.180 | Most parents don't check their kid's credit reports, although that's changing.

00:28:47.200 | But in that case, I mean, we had one guest on What the Hack, Axan Betts-Hamilton, who's

00:28:53.100 | become a very famous expert on identity theft, where she was a victim and her mother was

00:29:00.060 | the thief.

00:29:01.700 | Her mother stole her identity, her father's identity, her grandfather's identity, had

00:29:06.940 | a second life.

00:29:07.940 | Oh my gosh.

00:29:08.940 | And as Axan said, I spent Thanksgiving sitting across the table for 19 years across from

00:29:15.820 | my identity thief.

00:29:17.820 | And there are a not insignificant number of identity theft victims where it occurs within

00:29:25.260 | the family.

00:29:27.220 | Foster children, for example, 10% are victims of identity theft because as they go through

00:29:32.980 | the foster system, they have a card with their information that's passed from family to family

00:29:38.620 | to family.

00:29:39.620 | And in many cases, that information is used to steal their identity.

00:29:44.660 | So you have that, and now the government's gotten involved and try to be more helpful

00:29:49.900 | in situations like that.

00:29:51.500 | Obviously, reporting agencies are much more understanding when it comes to this.

00:29:57.420 | But there is a process that you go through.

00:30:00.660 | And if you do it, it could take months, hours of your life.

00:30:07.700 | You could end up with no life and no job and no family because you're spending so much

00:30:13.420 | time focusing on resolving your identity theft issue.

00:30:18.100 | For instance, if you become a victim of criminal identity theft, that's a big problem.

00:30:23.860 | That's where someone using your information commits a crime.

00:30:27.620 | There was a movie, Identity Thief, that you may have seen, but they commit a crime.

00:30:33.900 | We had a case once, a fellow was driving through the Midwest.

00:30:37.820 | He gets pulled over for a busted taillight.

00:30:40.860 | All of a sudden, his car is surrounded by guys with guns.

00:30:46.100 | They make him get on the ground.

00:30:47.400 | They cuff him in front of his kids.

00:30:49.140 | They take him to jail, and he gets out in a couple days.

00:30:54.980 | But he needs to get a lawyer, and sometimes it takes a not insignificant amount of time

00:31:01.100 | to clear your name if you're a victim of criminal identity theft.

00:31:05.980 | Is there a way that he could have prevented that?

00:31:08.260 | Obviously, committing a crime isn't something that's necessarily going to show up on your

00:31:12.560 | credit report.

00:31:13.560 | But is there a similar thing that monitors, I don't know, I know every time you apply

00:31:18.460 | for a job, they run a background check.

00:31:20.200 | Is there like a background check monitoring service to see if things like that are happening

00:31:24.420 | before you're-

00:31:25.420 | Well, there are some of the services now that will monitor as part of their overall monitoring,

00:31:32.860 | whether you've had incidents of a criminal nature, or at least there are warrants out

00:31:39.020 | there for you that you might not know about.

00:31:43.280 | But criminal identity theft is something that you can almost do absolutely nothing about.

00:31:47.100 | I mean, it's just someone did it, used your information, committed the crime.

00:31:51.980 | It's not like, how do you prove you didn't commit a crime, right?

00:31:56.300 | That's a little more difficult than someone nailing you for committing a crime.

00:32:00.740 | So it becomes more complicated.

00:32:03.900 | That's why it's so important for people to be alert.

00:32:06.640 | If you get a notification about something, don't assume if you know nothing about it

00:32:12.620 | that it's a mistake.

00:32:14.480 | At the same point, don't immediately jump and try to do something about it because it

00:32:19.720 | could be somebody committing a fraudulent act and getting you to click on the wrong

00:32:24.560 | link or open the wrong attachment as well.

00:32:27.400 | I want to come back to a few things, but when you get that link, when you get that email,

00:32:31.300 | I think it's wild to me how many different examples I've seen recently of successfully

00:32:37.480 | convincing people that this is the right link, whether it's using some weird font that doesn't

00:32:42.440 | actually isn't actually the right font.

00:32:44.320 | I've seen one where someone had the domain register that was like mail.google.com.

00:32:50.640 | So it looks in a small window like it's correct, but then it's mail.google.com.someotheraddress.someotheraddress.

00:32:57.680 | So it actually looks like the right prefix, but it's not.

00:33:01.160 | So I always say, of course, look at the full URL, look at the full sender.

00:33:06.820 | Are there other things in those moments that are things people could quickly do just to

00:33:11.600 | make sure or validate that it's correct?

00:33:14.720 | If you get a notification from what appears to be an organization of authority, you have

00:33:23.480 | to think about it.

00:33:24.480 | First, the IRS doesn't email anybody.

00:33:27.280 | Police departments wouldn't normally send you an email and go, "Hey, by the way, we

00:33:32.140 | think you've committed a crime, so notify us here."

00:33:36.000 | What you should do, even if you get one that looks really, really official, contact the

00:33:41.380 | specific agency and independently confirm the contact information, and then reach out

00:33:47.720 | to them and say, "I got the strangest thing.

00:33:51.400 | Did you send me something?"

00:33:53.200 | Now most people don't like to red flag themselves with the IRS, but at the same point, you need

00:33:58.580 | to make sure that you're dealing with the IRS, and of course, generally, the only way

00:34:03.720 | they deal with you, initially, is you get a letter.

00:34:07.760 | Maybe not a letter you want to receive, but you will get a letter.

00:34:11.520 | They don't call you unless you owe them money.

00:34:15.120 | You've owed them money for a very long time.

00:34:17.560 | They've sent you notice after notice after notice.

00:34:20.420 | You didn't respond, and then you might, might get a call from a legitimate debt collector.

00:34:26.720 | There are about three or four that have been designated by the IRS.

00:34:31.320 | But again, generally, it's never something where you're asked to do something urgently.

00:34:39.820 | You never get something the IRS is saying, "Unless you pass right now, we're sending

00:34:45.280 | someone to arrest you," or even a phone call.

00:34:48.280 | They don't do that.

00:34:49.960 | You're always offered an opportunity to have a conversation with an agent and reach a settlement

00:34:56.480 | agreement with the IRS, for example.

00:35:01.020 | But that's what scams are based on, and a lot of the scams are very similar.

00:35:07.640 | It's like, think of it as the music is the same, but the lyrics change depending upon

00:35:12.160 | what's happening in the world or what the scammer or the hacker is trying to achieve.

00:35:17.440 | So you really need to set a list of protocols for yourself as to what you do, and protocol

00:35:24.540 | number one, stop, read it carefully, calm down, think about what it's saying, and think

00:35:33.040 | about whether or not it's logical that you would have received this communication by

00:35:38.060 | way of an email, and whether or not what they're asking you to do seems logical within the

00:35:43.680 | timeframe they're giving you to respond.

00:35:47.440 | Are there any new tactics?

00:35:49.480 | I know Sim Swapping made all the news years ago.

00:35:54.100 | Is there anything happening right now that you know about because you're in the industry

00:35:58.640 | that maybe other people will hear about over the next few years, but would be good to know

00:36:03.380 | now?

00:36:04.380 | Well, let's go through some of the scams that exist and sort of match them to what's going

00:36:09.820 | on.

00:36:10.820 | First of all, there are healthcare scams that have been going on forever, but in particular,

00:36:16.660 | COVID was a petri dish for them, and now monkeypox is becoming a problem as well.

00:36:23.300 | And that could be anything from updates, to tracking, to notifications, to here's where

00:36:32.100 | you get your vaccine, here's where you schedule your test, these kinds of things.

00:36:38.240 | So you have to be on the lookout for this.

00:36:40.540 | Again, as you said, run your cursor over the email address to make sure that where it's

00:36:46.860 | coming from looks legitimate.

00:36:49.380 | And even then, wherever it's coming from, even if it's a phone call from someone saying

00:36:55.660 | they're from the health department, thank them, hang up, independently confirm the right

00:37:01.000 | number for your county health department or your state health department, or even the

00:37:05.820 | CDC, if you think you're getting a call from the CDC, which I really haven't heard of too

00:37:10.540 | many calls coming from the CDC, and then call the real number and speak to somebody and

00:37:17.620 | confirm whatever that information that they're providing you.

00:37:23.900 | And remember, in most of these cases, they are never supposed to ask you what your social

00:37:30.540 | security number is or getting credit card information from you.

00:37:35.260 | You can't pay to get to the head of the line with these.

00:37:39.480 | If it's a legitimate government situation and it's involving healthcare, there is a

00:37:45.140 | protocol to use and in no protocol that I know of and have ever known of, are you paying

00:37:51.300 | something in advance in order to advance your prospects with that?

00:37:56.720 | So you have health, job scams all the time, especially during the great resignation and

00:38:03.940 | now with inflation and now with the concerns about whether or not there's going to be a

00:38:09.140 | recession.

00:38:10.140 | You know, people may be looking for additional jobs there.

00:38:14.700 | Go to legitimate, well-vetted websites and make sure that you're communicating with the

00:38:20.820 | right organization.

00:38:24.080 | If someone asks you to provide your social security number right off the bat, that's

00:38:29.140 | not legitimate.

00:38:30.860 | Don't walk, run.

00:38:31.860 | So this could be a job board, you see a job you're interested in, you're like, "Ooh,

00:38:37.060 | this company is interesting.

00:38:38.060 | Maybe I should apply for it."

00:38:39.580 | It could just be a totally a fake company that's leading you down a path of interviewing

00:38:44.200 | for a job with the purpose of just collecting information about you.

00:38:47.580 | Is that...

00:38:48.580 | Absolutely.

00:38:49.580 | Yeah.

00:38:50.580 | Or getting financial information by way of, you know, you giving them your credit card

00:38:54.580 | information.

00:38:55.580 | Let's say it's a secret shopper job and they say, "Well, you know, to get you started,

00:39:02.140 | you know, we're going to be laying out some money, but we'd like you to sort of reimburse

00:39:05.140 | us for this.

00:39:06.140 | So be careful.

00:39:07.140 | You don't want to get involved in anything like that unless you can confirm the legitimacy

00:39:10.980 | of it."

00:39:11.980 | So always independently confirm.

00:39:14.940 | Also confirm that that particular company is actually looking to hire people, which

00:39:21.260 | you can go by going to the real website of the organization and then calling the HR department

00:39:27.540 | of the company and asking them if they're conducting interviews.

00:39:30.740 | But you have to be very careful about job scams.

00:39:34.920 | There was a scam that was going around for a while, disappeared, came back again, the

00:39:38.540 | jury commission scam.

00:39:39.900 | That's where you get a phone call, someone represents themselves to be from the jury

00:39:43.780 | commission.

00:39:44.780 | They're polling "eligible jurors" in the district, and if you would be so kind as to

00:39:51.700 | provide them with your social security number, they'll be able to let you know whether or

00:39:56.220 | not you're eligible or not for the jury poll.

00:39:59.540 | There have been scams where police departments were supposedly calling people and asking

00:40:04.740 | them for specific information.

00:40:09.460 | Generally police departments just don't call people out of the blue, or if they do, it's

00:40:13.020 | a legitimate detective, they may be asking you questions, but they're not going to be

00:40:16.740 | asking for your social security number, your date of birth, or things like that.

00:40:24.260 | Unemployment scams, of course, have been a disaster during COVID.

00:40:27.380 | I mean, billions upon billions of dollars have been stolen.

00:40:30.660 | My own sister-in-law, who was on one of our episodes, was talking about the fact that

00:40:35.100 | she was legitimately notified by her home state of Colorado and by the state of Ohio

00:40:42.180 | that somebody using her information had applied for unemployment benefits.

00:40:46.620 | In one case, she found out simply because she received a debit card in the mail from

00:40:52.740 | the unemployment agency, which she said, "I'm not looking for a job.

00:40:58.940 | I'm fine.

00:40:59.940 | I'm not out of work."

00:41:02.060 | We've had cases where people found out because someone in their company walked up to their

00:41:07.060 | desk in the days when people were actually at their desk and said, "By the way, why did

00:41:13.940 | you apply for unemployment?

00:41:16.300 | You still have a job here."

00:41:18.340 | So that was going on.

00:41:21.180 | You have the tech scams, that's what you get a phone call from someone representing themselves

00:41:25.500 | to be from Apple or Microsoft saying that they've noticed that there's a problem with

00:41:30.740 | your computer, they are going to direct you to a site where you can download certain software,

00:41:38.900 | which will enable them to then come into your computer and check it out and solve whatever

00:41:43.860 | the problem is.

00:41:45.540 | Apple and Microsoft, they don't do that, but scammers certainly do that.

00:41:50.540 | So be on the lookout for tech scams.

00:41:53.900 | Then, of course, in the line of work that you've been talking about too, which is vacations

00:41:58.920 | and points and all of that, there have been theft of frequent fire miles, there have been

00:42:05.340 | all kinds of vacation scams, all kinds of rental scams that people have to be on the

00:42:12.340 | lookout for, which we can go into further depth if you'd like to do that.

00:42:16.420 | Then there's catfishing, which is huge.

00:42:21.860 | Whatever the theme may be, it's still a catfish.

00:42:26.780 | What people are trying to do is they're trying to tug on your heartstrings and get you to

00:42:31.140 | believe that they care about you, and the whole goal is to get into your life as quickly

00:42:37.220 | as possible and as authentically as possible, but yet you never really get to see them.

00:42:44.940 | You never get to really hear them.

00:42:47.380 | You may just be communicating with them by text or by email, and then at some point relatively

00:42:53.300 | quickly into this relationship, you're suddenly asked for a lot of personal information, or

00:43:02.980 | they send you a compromising picture and ask you to reciprocate, which you don't realize

00:43:09.460 | that's not their picture, but unfortunately that's your picture you just sent to them,

00:43:15.620 | and suddenly you can become a victim of extortion and blackmail.

00:43:22.260 | Or they ask you to provide credit card information so that you can help them get a plane ticket

00:43:27.800 | to come visit you.

00:43:29.500 | Or we've had cases.

00:43:30.500 | We had a woman on our show talking about the fact that she met someone online who even

00:43:36.060 | had a terrific LinkedIn profile as a very successful medical professional who had decided

00:43:43.160 | to dedicate part of his life to go to the Mideast and then open a clinic there, and

00:43:48.900 | somewhere in the first couple weeks that they were getting to know each other, he said,

00:43:52.980 | "You know, our equipment has come in.

00:43:54.740 | It's held up by customs at the airport.

00:43:57.660 | If there's any way that you could help me by sending me $30,000 so I can get the equipment

00:44:03.180 | out, that would be great."

00:44:05.460 | Of course, she didn't do it.

00:44:06.460 | She wouldn't fall for it, but unfortunately a lot of people do.

00:44:09.900 | I mean, we've seen cases where someone was taken to the tune of $2 million by someone

00:44:17.860 | who convinced them that he loved them.

00:44:22.740 | And the only way that they found out there was something wrong, which they should have

00:44:26.900 | known from the beginning, but was that a financial advisor notified members of their family and

00:44:33.220 | said, "Something's going on with your mom.

00:44:35.580 | She's taking a lot of money out and sending it overseas.

00:44:39.360 | You really need to look into this."

00:44:41.140 | And even after confronted with the reality of her situation, she said, "Okay, I understand

00:44:47.700 | it's a fraud, but in my heart, I still love him."

00:44:50.380 | I mean, this is how deeply they ingrain themselves into your life.

00:44:55.620 | And then another scam, and I won't go on forever, but another scam are charity scams.

00:45:02.260 | And this is where they'll take the issue of the day, whether it's the Ukraine, it's a

00:45:05.780 | natural disaster, it's a crisis somewhere in the world, it's children.

00:45:11.860 | Any one of those topics, whatever is in the news, they will use it.

00:45:16.300 | They will convince you that they are the newest, best, most successful, most respected organization

00:45:23.200 | in the space.

00:45:24.980 | And could you please give them credit card information or send money to this?

00:45:30.180 | And it's not real, it's a fraud.

00:45:33.640 | That's really interesting.

00:45:34.640 | So I've been a little familiar with some, not all the others.

00:45:38.140 | When it comes to the frequent flyer miles thing, if you Google my name, there's some

00:45:43.300 | articles about having a lot of points in miles.

00:45:45.340 | And so I have been a victim of, I guess, theft of points, I guess, which we talked about

00:45:53.300 | maybe coming on your show.

00:45:55.060 | And if that happens, definitely go check it out.

00:45:57.300 | I'll tell the full story.

00:45:58.300 | Absolutely.

00:45:59.300 | Absolutely.

00:46:00.300 | But in short, it led me to...

00:46:03.420 | That's what set me down a path of really locking down all these accounts, because someone was

00:46:07.660 | able to call Chase and get Chase to let them order things with points on the internet.

00:46:16.460 | The craziest thing, and I have still today don't understand it, was they ordered an Apple

00:46:21.000 | laptop using my points, but they shipped it to my house.

00:46:24.140 | Now, maybe the plan was to come to my house and kind of pick it up, but they never did.

00:46:29.900 | And I just...

00:46:30.900 | An Apple laptop showed up.

00:46:32.540 | So it was like the strangest fraud, because Chase refunded the points and I had a laptop.

00:46:38.980 | I asked Chase what they wanted me to do with it.

00:46:41.640 | And they said, "Try to take it to the Apple store."

00:46:43.900 | The Apple store didn't want it.

00:46:45.340 | So eventually, Chase said, "The best thing we can tell you is to keep it or donate it.

00:46:49.660 | We don't know what to do."

00:46:51.380 | Which ended up being a happy story for me, but it was probably payback for the hours

00:46:56.020 | of time to mitigate it.

00:46:58.760 | Which comes back to...

00:47:00.580 | I want to go back to your first M, which is about minimizing the risk and talk about some

00:47:06.100 | of the things people can be doing to prepare and plan in advance of any of this happening.

00:47:12.820 | There's a couple areas here I'll go to, but one is around information online.

00:47:17.180 | So I remember back when I was a venture capitalist, this company Fortalice, which I know you're

00:47:22.460 | familiar with, was raising money and they offered to run some reports on people in the

00:47:28.580 | investing group to show off their product.

00:47:31.700 | And they ran this report and I was like, "Wow."

00:47:34.000 | It's not that I didn't know there was information about me online.

00:47:37.040 | There's family tree websites, there's white page websites, there's my social media.

00:47:42.200 | But when someone pulls all that information together into one place, and you see a list

00:47:47.280 | of every address you've ever lived at, every job you've had, all of your phone numbers,

00:47:51.020 | all of your email addresses, and then the exact same set of information for your spouse,

00:47:55.820 | your siblings, your parents, and they put it all together, you're just a little bit

00:48:00.580 | taken aback.

00:48:02.960 | And it made me think, "Gosh, should I be getting rid of this?"

00:48:07.020 | Is there a way that consumers can just get a lot of this information off the internet?

00:48:13.280 | Or what goes into trying to mitigate this risk and minimize the risk and getting stuff

00:48:17.700 | taken away?

00:48:18.700 | Well, I could give you my favorite George Carlin line, which it's a mystery, but the

00:48:25.340 | truth is that there are things that can be done, but it is a long and arduous and time

00:48:33.980 | consuming process.

00:48:36.980 | Because you literally have to go from data broker to data broker and there are procedures

00:48:43.340 | you can use, and each one explains it to you, and of course the CFPB, Consumer Financial

00:48:48.560 | Protection Bureau, has advice on exactly how to do all of that.

00:48:54.940 | But just like when LifeLock started and someone said, "Well, isn't it true that a lot of this

00:49:02.340 | stuff people can do themselves?"

00:49:05.020 | And the answer, which I thought was a very interesting answer, and I've been a fan of

00:49:10.140 | LifeLock, is they said, "Well, sure, you can also change your own oil, and if you want

00:49:16.940 | you could maybe even change your own muffler.

00:49:19.300 | Do you want to?"

00:49:22.340 | So it really has to do with how much time you're willing to dedicate to it.

00:49:28.340 | Some people, it's a crusade, and they will do it because they don't want to pay anyone

00:49:33.100 | else to do it, and they will do it.

00:49:36.340 | Others will find companies like reputation.com, which is where they will work to get negative

00:49:41.780 | information about you offline, or companies like Abine, where they will work with you

00:49:49.900 | to actually delete information from the online world.

00:49:56.420 | And now that there is a right to forget in the GDPR, which is the General Data Protection

00:50:03.460 | Regulation in Europe, and it's incorporated to some extent in the California Consumer

00:50:09.780 | Protection Act, and it is hoped that maybe it will be also incorporated in the American

00:50:19.180 | Data Protection Act, which is kind of wending its way through Congress, assuming it can

00:50:23.540 | actually find its way through Congress, which is very difficult for us.

00:50:28.060 | As we've seen in the past years, it's very difficult for stuff to get through Congress

00:50:33.160 | while the interest is involved, but it still is a process.

00:50:38.340 | Now, you can contact Google, for instance, and ask them to remove certain information

00:50:42.860 | about you, which they're willing to do, but it's a process.

00:50:47.420 | And even if, you know, this is just like with a credit report, when people would go to credit

00:50:52.460 | repair companies, and some of them are good, and some of them are really, really not good,

00:50:58.420 | and they would say, "Okay, we will get this information off," and they do, but unfortunately,

00:51:05.260 | it was legitimate information, and as a result, when the particular subscribing retailer does

00:51:13.420 | an update, the information finds itself back onto your credit report again.

00:51:19.700 | So, you know, think of all of the millions of websites that are out there, and how, unfortunately,

00:51:28.180 | over the years, there's been this wholesale sharing of information, or selling information,

00:51:35.700 | or lending information, depending upon what the relationship was between these organizations,

00:51:42.880 | and it's going to be out there.

00:51:44.740 | And yeah, can you get it off, maybe, for a period of time?

00:51:48.940 | Can you get it everywhere?

00:51:51.240 | It may take you forever to find out where everywhere is, and there's a new part of everywhere

00:51:56.700 | that shows up every day.

00:51:59.220 | So that's why you have to say to yourself, "Look, the world I live in, it's a surveillance

00:52:05.260 | economy."

00:52:06.260 | It just is.

00:52:08.740 | We are surrounded by billions of Internet of Things devices, tracking, listening, sending

00:52:15.860 | data back to manufacturers, data then being shared, that information also being hacked

00:52:21.440 | by hackers.

00:52:23.100 | So that's why you need to really consider the three M's.

00:52:28.260 | And among the things you should be doing, assuming that your data is out there, even

00:52:33.140 | despite your best efforts to get it off the online world, is everything from long and

00:52:39.820 | strong passwords, not shared among websites or password managers, using two-factor authentication,

00:52:46.700 | which makes it, again, more difficult for someone to represent that they are you, because

00:52:54.020 | they do have to go through that extra layer of whether a code is sent to a cell phone,

00:52:59.100 | or you use biotech, not biotech, but you're using thumbprints, eye scans, depending upon

00:53:11.660 | the particular device you're using.

00:53:13.380 | I'm a particular fan of thumbprints.

00:53:17.200 | They also, multi-factor authentication can involve voice prints.

00:53:21.100 | Of course, the issue is what if, God forbid, someone steals a database of a company where

00:53:26.300 | they have your voice prints, that could be a problem, too.

00:53:29.660 | But again, any layer of additional authentication you can add is important.

00:53:34.980 | It also means you don't click on every link you see.

00:53:38.420 | You don't open every attachment, even if you think it's coming from someone you know.

00:53:43.820 | I mean, a perfect example, it's a buzzkill, but any time I get an e-card from someone,

00:53:49.940 | the first thing I do is I call that person and say, "I know this is a buzzkill, but did

00:53:55.060 | you just send...

00:53:56.060 | You don't have to tell me what it says.

00:53:57.340 | I'll go do it, provided you confirm you really did it."

00:54:01.900 | But again, with the malware that's out there and the ransomware attacks that are going

00:54:07.740 | on, you always run the risk that someone you know receives something that they opened that

00:54:14.340 | they thought was hysterically funny and terrific, and they're sending it to you, but they didn't

00:54:19.300 | realize that it had malware on it, and all they've done is they've shared the love and

00:54:25.400 | the hack with you.

00:54:28.340 | So you do run that risk.

00:54:30.440 | That's why it's really important to be very careful where you click, what you open.

00:54:34.920 | That means, as we talked about earlier, you lie like a superhero when you're sending up

00:54:39.660 | questions and answers.

00:54:41.500 | That means that you freeze your credit, which is, as we talked about, is free and you can

00:54:47.580 | do it.

00:54:48.580 | It means that even the humble shredder, and I don't mean a ribbon cut shredder, because

00:54:55.140 | for those of us who saw Argo, as an example, what happens is you can get kids or people

00:55:03.620 | hopped up on drugs who will sit there and meticulously tape back up things that have

00:55:10.060 | been cut by a ribbon cut shredder.

00:55:12.660 | That's why you need a confetti cut shredder or a cross cut shredder, which turns this

00:55:18.180 | into little useless pieces of confetti that no one can put back together again.

00:55:25.300 | So these are some of the things that you need to think about doing.

00:55:30.460 | Or as we also talked about earlier, that's where the third M comes in, and it's so important,

00:55:37.140 | and that is to contact your insurance agent, your financial services rep, or the HR department

00:55:45.300 | where you work and say, "If I become a victim of an identity incident, or if I'm worried

00:55:50.100 | about it, or I find out that an organization that I've had a relationship with has been

00:55:54.980 | hacked, are you going to help me through the incident?"

00:55:59.860 | And that's where it's really important.

00:56:02.100 | And a lot of these programs are free, deeply discounted, and worth you signing up for.

00:56:09.580 | I'll share a couple others that I've learned in the past, I don't know how many years,

00:56:14.460 | that some I've employed, some I plan to.

00:56:17.980 | I actually have multiple email addresses.

00:56:20.180 | So I have an email address that I just use for financial institutions.

00:56:24.340 | I have never shared that email with anyone.

00:56:28.020 | Only financial institutions know it.

00:56:29.700 | I've been recommended, though I haven't, to use a separate one for social media profiles.

00:56:34.700 | Yes.

00:56:35.700 | That was another recommendation, is to just have different email addresses.

00:56:39.300 | Look, if you don't have a password manager, I can only imagine how hard that is.

00:56:42.740 | So we're going to go back to your original recommendation, which is everyone needs a

00:56:45.980 | password manager.

00:56:46.980 | Everyone should be using two-factor authentication everywhere they can.

00:56:51.380 | Well, yeah.

00:56:52.380 | And you can use Google Authenticator.

00:56:54.780 | You can use some of the more, the hardware-oriented, you know, when we talked earlier, you had

00:57:00.500 | mentioned one of them, when we talked prior to that.

00:57:04.420 | Oh, yeah.

00:57:05.420 | Yeah.

00:57:06.420 | I'm a fan of all of my two-factor being one-time passwords that you can put in Google Authenticator,

00:57:10.220 | or Authy, or even 1Password.

00:57:12.420 | Though I had historically been putting all of my one-time passwords in 1Password, I am

00:57:18.460 | now realizing, as convenient as it is for them to copy and paste them, the fact that

00:57:23.580 | I'm storing my password in the exact same place I'm storing my two-factor Auth inherently

00:57:29.540 | makes it no longer two-factor, because they're in the same place.

00:57:33.860 | So that's the...

00:57:34.860 | That's like 1A factor.

00:57:35.860 | Yeah.

00:57:36.860 | So it's, yeah, I got two types of single-factor.

00:57:39.940 | So I'll probably actually be changing that.

00:57:41.460 | Do you have an opinion on using security keys versus, you know, like hardware, Yubico, plug-in

00:57:47.700 | security keys versus a Google Authenticator and Authy app?

00:57:51.900 | Well, you know, there are some people that like it, that like using security keys, but

00:57:56.900 | they're generally one-account related keys, as I believe.

00:58:02.300 | Yubico may be more than that, but I think it is one.

00:58:06.460 | Oh, so my Yubico key, I actually, I use it with Facebook, and with Google, and with different

00:58:14.020 | services.

00:58:15.020 | So I can sign into different services.

00:58:16.020 | Oh, good.

00:58:17.020 | All right.

00:58:18.020 | I just, it's such...

00:58:19.140 | It's not...

00:58:20.140 | It's a lot more hassle to have to carry this thing around and plug it in.

00:58:22.620 | Obviously that comes with security, but it's just one where I'm like, I haven't quite determined

00:58:27.420 | that it's worth it.

00:58:28.420 | Well, that's like, yeah, because that's the issue is that, you know, you may carry it

00:58:32.240 | with you, but then if one day it disappears, it's not helpful to you.

00:58:37.020 | Yeah.

00:58:38.020 | Just keep in mind, if you're using Google Authenticator, you lose your phone, you lose

00:58:42.020 | those passwords.

00:58:43.020 | Obviously, you can usually recover them with backup codes.

00:58:45.900 | I definitely recommend writing down those backup codes or using something like Authy,

00:58:50.620 | which is a competitor.

00:58:51.620 | But I know they actually store those so you can transfer them between devices.

00:58:55.460 | There might be better services.

00:58:56.500 | If anyone listening has, by the way, if anyone listening here has any recommendations that

00:59:01.080 | we didn't cover or anything, please send them to me because I'm actually, hopefully between

00:59:05.660 | now and the time this airs, I'm going to try to put a lot of these into place, test a lot

00:59:09.940 | of these services out, and maybe release another little bonus episode with my feedback from

00:59:14.520 | trying to do all of this.

00:59:15.940 | Oh, no, that would be great.

00:59:18.420 | Just remember, whenever you write down something, put it in some place secure.

00:59:22.340 | You always run the risk if you, you know, use a post-it on your computer and someone

00:59:26.900 | breaks in your house, you've just given away another key to the kingdom.

00:59:31.260 | So.

00:59:32.260 | Yep.

00:59:33.260 | I think I'm actually going to try.

00:59:34.260 | Well, another tip someone gave me is actually not just emailing these white pages directories

00:59:39.180 | online.

00:59:40.180 | So, you know, if you just Google your name or your last name and your address in quotes,

00:59:44.560 | you'll see the websites that are sharing your address.

00:59:46.980 | You can reach out to them and get them to remove things.

00:59:49.040 | A friend of mine recently told me another suggestion, which is to reach out to the MLS

00:59:54.840 | and have all of the, or have your real estate agent do it and have the photos of the house

00:59:59.640 | that you purchased whenever it was removed from the MLS.

01:00:03.560 | Otherwise someone has your address.

01:00:05.700 | They can also then just go look inside your house, understand the entire floor plan.

01:00:10.100 | You know, I'm not saying you're a target of someone understanding the layout of your house,

01:00:14.260 | but it seems like information that provides very little value to the world for people

01:00:19.200 | to be able to look inside every room of your house.

01:00:21.540 | Obviously it's not real time, it's not your cameras, but yeah, so that's something I'm

01:00:26.520 | going to be doing.

01:00:27.520 | No, that's important.

01:00:28.520 | The other thing is you can actually contact like Google and Apple and say, could you blur

01:00:33.240 | my house so that if someone's using maps or whatever, that they can blur it so it's not

01:00:41.920 | so easy to go, "Oh, I see.

01:00:44.000 | That's where Chris lives.

01:00:45.000 | Hmm.

01:00:46.000 | Well, that's interesting.

01:00:47.000 | I didn't realize he was as close as he is."

01:00:49.200 | So these are little tricks of the trade that you can do as well that is another step toward

01:00:58.160 | helping you get your stuff offline, or at least less accessible.

01:01:03.040 | I'm trying to think of any other ones that I've done or have thought about.

01:01:07.040 | I have a second phone number on Google Voice that if you're using, unfortunately, I don't

01:01:14.960 | know why, but it seems like every financial institution supports only text message or

01:01:21.600 | phone call-based two-factor auth.

01:01:23.920 | All of the tech companies seem to support using authenticator and one-time passwords,

01:01:30.200 | but all of my financial institutions, Chase, Vanguard, they're only text, and it's so frustrating.

01:01:37.860 | So I've got my Google Voice number that I can use.

01:01:40.800 | So I'm not using the number that I've given out to so many people, as you mentioned earlier.

01:01:46.120 | No.

01:01:47.120 | Listen, that's an excellent idea, is Google Voice for calls, so that if you leave...

01:01:54.280 | Because as we talked about, the ubiquity of your cell phone number, it's always good to

01:01:58.120 | have another phone number.

01:02:01.760 | Another scam that was going on is the Google Voice scam, and that's where you're supposedly

01:02:07.360 | doing business with someone online.

01:02:09.160 | They go, "Well, I don't really know if I can trust you.

01:02:13.200 | So I want to know that you're the real you, that this is really your phone number.

01:02:18.920 | So I'm going to send you a code, and then I want you to read me back the code."

01:02:25.560 | What they've actually done is they've applied for a Google Voice number using your phone

01:02:32.680 | as the point of authentication, and then they will have a code sent to you.

01:02:41.960 | And then they will ask you to read them the code, and that then enables them to contact

01:02:47.080 | Google Voice and represent themselves as if they're you.

01:02:50.120 | I've seen the same thing happen with sending an iCloud two-factor code.

01:02:56.680 | They just pretend that it's something else.

01:02:58.400 | They say, "Oh, I want to confirm it's your identity.

01:03:01.160 | Let me send you a code."

01:03:02.160 | And they go to Apple, and they go in and say, "Recover my password, send a code," and they

01:03:07.520 | just hope that you don't notice that that code actually is from Apple, or that code

01:03:11.880 | is from your bank, or something like that.

01:03:14.160 | So I'd say, if you're not dealing with a service where you're 100% sure it's the service,

01:03:21.320 | which means you called them.

01:03:23.400 | If Verizon calls you and says, "Hey, we'd love to talk to you about your account.

01:03:26.360 | We're going to send you a code right now, and then we can get in," I would say, "Thank

01:03:30.120 | you, but let me call 611 back and get a Verizon rep before proceeding."

01:03:35.720 | That goes into the category of, "No, no, no, no, no."

01:03:39.360 | Yes, exactly.

01:03:40.720 | A couple of quick questions just on the computer, while we're browsing the internet.

01:03:44.840 | Now that HTTPS is pretty ubiquitous, right?

01:03:47.920 | I think if you're not listening, or sorry, you're listening.

01:03:51.840 | If you don't already know to look for the secure lock, most browsers will throw off

01:03:57.040 | errors if they're not there.

01:03:59.000 | Do VPNs really matter in these days?

01:04:01.000 | I know I've heard plenty of ads for them, but I wonder if now that almost everything

01:04:06.420 | we do online is HTTPS, if having a VPN really provides a lot of value other than maybe like

01:04:13.680 | your browsing activity, what types of things you're doing, whether you're streaming from

01:04:17.600 | different services.

01:04:18.600 | Well, a VPN also is very helpful when you're, let's say you're connecting to your business

01:04:23.840 | network.

01:04:24.840 | Sure, sure.

01:04:25.840 | It's always good to use it.

01:04:26.840 | If your company has a VPN to get access things, yes, but the idea of, oh, if you're at a public

01:04:33.160 | Wi-Fi spot, you need a VPN to make sure people aren't stealing your information.

01:04:39.120 | My understanding is that with HTTPS being so prolific and secure certificates being

01:04:44.640 | free, that that's not really a thing people need to be worried about.

01:04:48.240 | Well, the only issue is that there have been cases of the secure certificates being stolen.

01:04:55.600 | As a result, a VPN is still a good way to go.

01:05:00.560 | I like DuckDuckGo, but there were people that will say to you that if you're going to get

01:05:04.000 | a VPN, use one you pay for because they're less likely to sell your information than

01:05:11.600 | ones that one day might share your information that are free.

01:05:20.720 | That goes back to another thing too, which is read privacy policies and understand what

01:05:27.360 | the privacy policy is, terms and conditions.

01:05:29.920 | Now I realize privacy policies in many cases are written in 27th grade English and they're

01:05:35.520 | presented to you in mouse print, and there are translators where you can actually go

01:05:42.680 | and it'll translate what a privacy policy is.

01:05:48.520 | The name of some of them escapes me right now, but this is something we could talk to

01:05:52.440 | Travis about, for example, that he might be able to give information on that.

01:05:58.520 | Again, anything that you can do to mask your identity is a good thing because just even

01:06:07.240 | something as simple as location services on your mobile device, many websites now scramble

01:06:17.680 | the things that would be identified by location services, but many of them don't.

01:06:23.760 | The last thing you want is you're publishing pictures and it shows when and where the picture

01:06:29.320 | was taken, especially if it involves people doing things they shouldn't do, like exposing

01:06:35.560 | their kids too much to people.

01:06:38.800 | Like an example, here we are at Sustance Hutchin Park and it's little Susie's second birthday,

01:06:46.200 | and if the location services are on and it's not a site that scrambles them, the issue

01:06:53.120 | you have is that somebody could show up one day at that park, find little Susie, and say,

01:07:00.000 | "I feel so terrible that I missed your birthday, and I told mommy that I'd be over the park

01:07:06.640 | today to see you because I have a present for you.

01:07:11.040 | If you just come with me over there, it's in my car."

01:07:14.800 | Then all of a sudden, you have a missing child.

01:07:20.720 | Location services, you should be discreet about when you use them, where you use them,

01:07:27.000 | and if you can disable them, you do it.

01:07:29.160 | Of course, I realize that your GPS system won't work in a few of them.

01:07:34.160 | So turn them on for that, but be careful.

01:07:37.240 | Know that they can come back to haunt you.

01:07:39.360 | When I got that Fortalis report, they looked at all the photos that had been published

01:07:43.920 | on social media by me, by others, around my home address, and all of a sudden there are

01:07:49.760 | photos that you didn't know of your friends and your family inside your house and all

01:07:53.560 | that kind of stuff.

01:07:55.120 | One of their recommendations was to go back and remove the geo tags from your photos from

01:08:01.120 | everything you've posted online.

01:08:03.400 | The only other thing that we didn't discuss from tips that I have are going in and doing

01:08:09.800 | an audit of things you've authed to your Google account or your Twitter account or your Facebook

01:08:14.520 | account.

01:08:16.080 | There are so many websites that say, "Oh, just auth your Gmail," or, "Oh, just auth

01:08:20.520 | your Facebook," and some of them, many of them are legitimate, right?

01:08:24.480 | I authed my Gmail to Calendly so I can schedule meetings.

01:08:28.200 | But doing an audit every so often of, are there services that you've given access to

01:08:32.920 | your email or to your social media profiles that you don't use anymore?

01:08:38.800 | Or even, I noticed that recently, I can't remember what service it was, but it's gotten

01:08:44.800 | a lot better, right?

01:08:45.800 | It used to be all or nothing authentication.

01:08:48.040 | Some of them now say, "What do you want to give information?

01:08:49.800 | Do you want to give your name, or do you want to give your email, or do you want to give

01:08:53.440 | full control to post, delete, and see everything?"

01:08:56.680 | And if you authenticated something five years ago, you might not have had the fine-grained

01:09:01.120 | detail to be able to choose what you give access to.

01:09:04.200 | So it could even be worth deleting all of them and redoing them to make sure that you're

01:09:08.280 | only authenticating the kinds of information you want to the parties you want.

01:09:12.240 | You're not wrong about that one at all.

01:09:15.520 | And you absolutely should do an audit because it's very important to figure out when you're

01:09:21.760 | on a particular site, where your information is going.

01:09:26.520 | I have a good friend who has a new company that he started, which is a privacy company.

01:09:32.160 | And what they do is they can scan a website and then show you all of the different places

01:09:39.720 | that your data is going, all the different companies that are sucking up your data that

01:09:43.960 | you had no idea.

01:09:45.560 | And by data, just to be clear, it's usually IP address and activity, not stealing information

01:09:51.440 | off your computer and your files and that kind of stuff.

01:09:54.600 | Right.

01:09:55.600 | But it's still IP address you can identify.

01:09:59.760 | And they once proved, many years ago, they did someone, they were able to identify specifically

01:10:09.000 | who they were through analyzing their AOL searches.

01:10:15.720 | And they were able to actually zero in on the individual.

01:10:18.860 | And today people will tell you, give me two or three social media entries and one receipt,

01:10:27.680 | and I'll be able to tell you who and where.

01:10:29.400 | Yep.

01:10:30.400 | I remember I worked at a company that was dealing with location data and we were talking

01:10:35.200 | to a cell phone carrier and you might not know that just from the towers you're on on

01:10:40.040 | your cell phone, the cell phone carriers are logging all of this data.

01:10:44.520 | And unfortunately at the time, maybe not now, they're willing to sell this data.

01:10:47.800 | It doesn't have anything to do with you.

01:10:49.480 | It's just, there is a device, it's here, but no one knows who.

01:10:53.800 | But I remember we did some analysis and it was something like, with a reasonable degree

01:10:58.720 | of accuracy, you could figure out where any given phone would be at any given time because

01:11:04.480 | you had the history of where it had been.

01:11:06.920 | Now, thankfully that information was anonymous to the person.

01:11:10.520 | But if you said, you could say this phone that's often at this address is likely to

01:11:16.400 | be here.

01:11:18.160 | It was just, it was a little too much.

01:11:20.160 | I don't want to get people too scared though.

01:11:23.000 | You could listen to this and say, oh my gosh, my kids are going to get abducted.

01:11:26.240 | People are going to find me.

01:11:27.240 | They're going to see everything in my house.

01:11:29.040 | What message do you have to people that are maybe will help them get out of that feeling

01:11:32.400 | of leaving this thinking everything's coming to an end, I should turn off all my technology

01:11:36.920 | and never leave the home?

01:11:38.280 | Well, interestingly enough, I've had someone say, well, thank you, Adam, now that I've

01:11:42.120 | listened to you, you speak, I'm going home, I'm going to disconnect everything, I'm going

01:11:47.560 | to burn off my fingerprints and I'm going to hide under my mattress.

01:11:51.400 | I said, but you can't do that.

01:11:52.600 | I mean, unless you're living under a bottle cap at the bottom of Loon Lake and you're

01:11:57.480 | completely off the grid, which nobody is, you're out there.

01:12:02.080 | So the question is just be alert, know what the threats are, know what the red flags are

01:12:12.160 | and then practice, for example, the three Ms.

01:12:15.400 | Do everything you can to minimize your risk of exposure.

01:12:19.760 | Like for example, when you get a new internet of things device, which most things are these

01:12:25.580 | days, change the password.

01:12:30.660 | Most of them come with manufactured default passwords and probably 98% of those passwords

01:12:37.420 | are for sale on the dark web.

01:12:40.640 | So change the password to something long and strong.

01:12:44.680 | Just read the manual, it'll tell you how to do it.

01:12:47.240 | Just like when you get your router in, make sure that the password is what you want it

01:12:52.200 | to be, not what someone else wants it to be and make it as complex as possible or use

01:12:58.680 | a password manager to help you with the whole thing.

01:13:03.680 | It's really all about two things that people have to understand.

01:13:08.120 | Number one, we all have day jobs.

01:13:11.620 | We work, we raise families, we're involved in educational activities, philanthropic activities,

01:13:16.640 | we own companies, we're busy.

01:13:20.760 | That keeps us excited, interested, but also diverted.

01:13:26.560 | To a hacker who's not diverted, we are their day job.

01:13:32.240 | This is what they do.

01:13:34.600 | Some countries, they come in at eight, they have their lunch break, they go home at 4.30

01:13:39.640 | or five o'clock in the afternoon, and it's a job and they're working for the government.

01:13:44.700 | That's how they raise money.

01:13:45.920 | That's how they conduct espionage.

01:13:48.280 | Others work around the clock and do what they do.

01:13:50.640 | But it is their day job.

01:13:53.160 | The second thing to understand is when you look in the mirror, you see you and you go,

01:13:58.700 | why would anyone in the world want to steal my identity?

01:14:02.440 | Why would anyone care?

01:14:05.440 | The answer is simple.

01:14:07.320 | You see you, but when they see you, a hacker, a scammer, an identity thief, they see Jay-Z,

01:14:13.600 | Beyonce, Adam Levine.

01:14:15.860 | They see somebody who's got something they want that can enrich their lives.

01:14:23.400 | This is not to offend anyone.

01:14:25.780 | It's not you they're after, but it's your spouse, your child, your parent, an organization

01:14:33.040 | that you're involved with, a company that you work for, and you are simply the conduit

01:14:38.520 | to get them to whoever or wherever they want to get to.

01:14:42.860 | This is why it's extremely important that you really focus on cyber hygiene.

01:14:48.840 | Just like you go to doctors, you go to dentists, you do things that you do to stay healthy,

01:14:54.260 | you have to maintain a healthy cyber environment because you're protecting yourself, your family,

01:15:02.200 | possibly your company, your coworkers, and millions of innocent consumers that may be

01:15:06.860 | doing business with your company.

01:15:10.440 | There was a concept that was raised a couple years ago by the CEO of Microsoft, and I think

01:15:15.120 | he was dead right.

01:15:16.120 | It's called shared responsibility.

01:15:18.320 | It's that we know that business hasn't done enough.

01:15:20.900 | We know that government hasn't done enough, and we know consumers haven't done enough

01:15:25.020 | to protect each and every one of us from the ravages of cyber issues or identity theft

01:15:30.980 | or ransomware.

01:15:33.540 | Each of us has a role to play.

01:15:36.500 | With consumers, we didn't ask for it.

01:15:39.500 | We're not trained for it.

01:15:41.580 | It's certainly not something we want, but it's a reality of where we are, what we do,

01:15:48.180 | who we are, and the world we live in.

01:15:49.580 | Therefore, it's incumbent upon each and every one of us to do our part because we could

01:15:56.360 | be protecting a whole lot more people than just ourselves by doing the right thing when

01:16:02.820 | it comes to cybersecurity.

01:16:05.620 | It's not something that you need to be terrified of because it's reality.

01:16:10.300 | You're not going to escape it.

01:16:12.480 | As a result, it's a question of, just like they say with COVID, we got to live with it.

01:16:17.340 | When it comes to cybersecurity, we have to live with it.

01:16:20.180 | It is not an individual sport.

01:16:22.580 | It is a group sport.

01:16:23.980 | It's a team.

01:16:25.700 | In addition to which, you can't take a victory lap for cybersecurity because you could be

01:16:30.220 | completely secure at 9 o'clock in the morning and suddenly exposed at 9.01 because somebody

01:16:37.460 | clicked the wrong link, opened the wrong attachment, gave the wrong information to somebody.

01:16:42.980 | If we stick together, work with each other, collaborate, communicate, cooperate, we're

01:16:48.540 | going to be better off for it.

01:16:50.140 | I think there's a much more collegial attitude now that it comes to cybersecurity than ever

01:16:55.260 | before.

01:16:56.540 | Like you said earlier, with all the information out there, it's only a matter of time before

01:17:01.980 | someone decides to pick you as a target.

01:17:05.020 | That's right.

01:17:06.020 | You win the lottery.

01:17:07.020 | One you didn't even enter.

01:17:08.020 | Yeah, but I'd say if you can make yourself a harder target by doing a lot of the stuff

01:17:13.180 | we talked about today, then you just move yourself further and further down that list

01:17:17.140 | where someone says, "Ah, this person's information isn't very easy to find online.

01:17:21.340 | Let's just skip to the next person where their address takes me a second to find."

01:17:25.420 | It's like the whole issue, if you're a burglar, do you break into the house where there's

01:17:29.100 | no dog or one where there is a dog where you might not be sure that you're going to come

01:17:34.460 | out with both legs?

01:17:37.780 | It's important to do that and a very important rule of thumb, anytime that anybody contacts

01:17:45.100 | you about anything and asks you to authenticate yourself for any reason, however plausible

01:17:53.180 | or logical it is, hang up.

01:17:57.620 | It's one thing if you contact them and they're an organization trying to do the right thing

01:18:04.060 | and they're asking you to authenticate yourself, but if they contact you, no good.

01:18:10.980 | Great parting advice.

01:18:13.580 | Thank you so much for being here.

01:18:14.740 | Where can people stay on top of everything you're learning, all of the latest conversations

01:18:18.940 | you're having?

01:18:19.940 | Well, come to adamlevin.com, which is where we put a lot of information about the newest,

01:18:28.180 | scariest, maybe not so scary, but things you need to know.

01:18:33.540 | We have that on the website.

01:18:36.600 | Come to What the Hack with Adam Levin.

01:18:38.100 | You can get it anywhere you get your podcasts.

01:18:43.340 | Think of it as car talk for cyber.

01:18:47.700 | There are three of us.

01:18:48.700 | We try to have a lot of fun with it.

01:18:50.500 | We focus on a lot of important issues.

01:18:53.280 | We bring people on who have either been victimized or have managed to avoid victimization when

01:18:59.500 | it comes to cyber or identity theft, and there are a lot of lessons to learn.

01:19:03.540 | The whole thing is that this is where scaring is caring and sharing is caring, is that the

01:19:10.100 | more people that are willing to tell their stories about what they went through and what

01:19:16.020 | the red flags were and how to avoid it, the better it is for you.

01:19:21.180 | We all gain.

01:19:22.180 | Well, I'm looking forward to joining you and talking about the fact that people always

01:19:26.500 | overlook their frequent flyer accounts.

01:19:28.820 | I think, "Let's lock down my bank account," but especially for this audience, you build

01:19:33.180 | up credit card points, you build up miles.

01:19:35.700 | To have someone go in and take a flight or drain them to buy a computer is the worst,

01:19:40.100 | and I've dealt with it.

01:19:41.100 | No, it's not fair.

01:19:42.940 | You did the work to get it.

01:19:44.620 | Why should somebody get the benefit of your effort?

01:19:49.140 | Thank you so much for being here.

01:19:50.380 | I really appreciate it, and I enjoyed the conversation.

01:19:52.700 | Well, thanks for inviting me.

01:19:54.580 | I enjoyed it very much.

01:19:55.580 | Let's do it again.

01:19:55.580 | - Thank you very much, let's do it again.