ATHLLC3608357084
00:00:00.000 | A quick word from our sponsor today.
00:00:01.700 | I love helping you answer all the toughest questions about life, money, and so much
00:00:08.060 | more, but sometimes it's helpful to talk to other people in your situation, which
00:00:12.880 | actually gets harder as you build your wealth.
00:00:14.940 | So I want to introduce you to today's sponsor, Longangle.
00:00:18.200 | Longangle is a community of high net worth individuals with backgrounds in
00:00:22.240 | everything from technology, finance, medicine, to real estate, law,
00:00:26.060 | manufacturing, and more.
00:00:27.620 | I'm a member of Longangle.
00:00:29.480 | I've loved being a part of the community, and I've even had one of the founders,
00:00:33.040 | Tad Fallows, join me on all the hacks in episode 87 to talk about alternative
00:00:37.200 | investments.
00:00:37.940 | Now, the majority of Longangle members are first generation wealth, young, highly
00:00:42.660 | successful individuals who join the community to share knowledge and learn
00:00:46.400 | from each other in a confidential, unbiased setting.
00:00:49.600 | On top of that, members also get access to some unique private market investment
00:00:54.400 | opportunities.
00:00:55.200 | Like I said, I'm a member and I've gotten so much value from the community
00:00:59.120 | because you're getting advice and feedback from people in a similar
00:01:02.300 | situation to you on everything from your investment portfolio, to your
00:01:06.280 | children's education, to finding a concierge doctor.
00:01:09.240 | So many of these conversations aren't happening anywhere else online.
00:01:13.160 | So if you have more than 2.2 million in investable assets, which is their
00:01:17.440 | minimum for membership, I encourage you to check out Longangle and it's totally
00:01:21.980 | free to join.
00:01:22.760 | Just go to longangle.com to learn more.
00:01:26.400 | And if you choose to apply, be sure to let them know you heard about it here.
00:01:30.000 | Again, that's longangle.com.
00:01:34.640 | Hello, and welcome to another episode of All The Hacks, a show about upgrading
00:01:41.760 | your life, money, and travel all while spending less and saving more.
00:01:45.280 | If you're new here, I'm your host, Chris Hutchins, and I'm excited to have you on
00:01:48.760 | my journey to optimize my own life by sitting down each week with the world's
00:01:52.520 | best experts to learn the strategies, tactics, and frameworks they use for
00:01:56.440 | their own lives and their success.
00:01:58.080 | Today, I'm talking with Adam Levin, who's an absolute expert on cybersecurity,
00:02:02.720 | privacy, identity theft, and fraud.
00:02:04.840 | At 27, he became the youngest director in the history of the New Jersey
00:02:08.940 | Division of Consumer Affairs.
00:02:10.440 | He later went on to found at least two companies, Credit.com, which focused on
00:02:15.160 | consumer credit building and was acquired in 2015, and CyberScout, a global
00:02:19.360 | identity and data protection company that helped pioneer the cyber insurance
00:02:23.000 | business and was acquired in 2021.
00:02:25.320 | On top of all that, he's the author of the critically acclaimed book, Swiped,
00:02:29.040 | How to Protect Yourself in a World Full of Scammers, Fishers, and Identity Thieves.
00:02:33.000 | And he hosts the weekly cybersecurity podcast, What the Hack.
00:02:36.040 | For many months, I've been wanting to do an episode on everything you need to
00:02:39.520 | know about cybersecurity, identity theft.
00:02:41.640 | So I'm really excited that I got connected with Adam.
00:02:43.920 | We're going to talk about how to protect yourself from all these threats, what
00:02:47.200 | kind of tools and services like VPNs, or security keys, or credit
00:02:50.560 | monitoring are actually worth using.
00:02:52.440 | Basically, I want to leave you with everything you need to
00:02:55.320 | know to protect yourself online.
00:02:57.200 | That is a lot to cover, so let's get started.
00:02:59.840 | Adam, welcome to the show.
00:03:02.880 | Chris, thanks so much for inviting me.
00:03:04.640 | So just to kick us off, I want to know, what do you think is the most
00:03:08.560 | common thing you see most people doing wrong when it comes to
00:03:11.880 | protecting themselves online?
00:03:13.480 | Well, I mean, password protocol is terrible with most people.
00:03:18.000 | Most people pick a easily decipherable, simple password because that's what
00:03:23.520 | they can remember, and they use it everywhere.
00:03:26.320 | And unfortunately, what you have to understand is that even assuming that
00:03:31.640 | you had the most indecipherable, sophisticated password possible, if
00:03:38.080 | it's been exposed as a result of a leak or a breach, then it's discovered.
00:03:43.920 | And a discovered password is no good to you anymore.
00:03:47.040 | And if it's through your entire universe of websites, it's going to
00:03:51.000 | come back and be a nightmare for you.
00:03:52.720 | So you really have to think hard about the kinds of passwords you're going to use.
00:03:57.520 | In fact, that's why most people use password managers that want to simplify
00:04:01.920 | their lives, but you need to do that because one ubiquitous password in your
00:04:06.520 | life is guaranteed to create a problem for you.
00:04:09.240 | Yep.
00:04:09.960 | Password managers often will tell you this password's been in a breach.
00:04:13.600 | There was a site that was like, "Have I been pawned?"
00:04:15.560 | Is that still like the gold standard of finding out what passwords of
00:04:19.080 | yours have been in a breach or what is...
00:04:20.640 | It pretty much is.
00:04:21.360 | Yeah.
00:04:21.640 | Yep.
00:04:22.160 | "Have I been pawned?"
00:04:23.240 | And it's not a happy place by any means.
00:04:26.480 | And you can also now track your phone number too, because the issue is that
00:04:32.200 | for years we've been told that the ultimate skeleton key to your life
00:04:36.240 | is your social security number.
00:04:37.760 | And that's pretty much true.
00:04:40.960 | But if you think about it now, everybody gives their cell phone
00:04:45.280 | number out to everybody.
00:04:46.960 | And on top of which it's not something, because they're now portable, nobody's
00:04:52.320 | going to change their cell phone number.
00:04:53.960 | So this is a number that's going to stick with you most of your
00:04:56.960 | life and it is everywhere.
00:05:00.280 | So that that's an issue as well.
00:05:03.720 | What's the risk of your phone number being out there?
00:05:06.320 | Obviously people can call you, but is it that they could know your number and
00:05:10.560 | spoof your number, calling customer service and pretend to be you with
00:05:14.200 | automated systems or why is having your number out there as bad or dangerous as
00:05:19.440 | maybe your email password, which makes more sense to me why that would be a bad
00:05:22.920 | thing.
00:05:23.120 | Well, the reason why having your number out there is a problem is because if you
00:05:26.840 | think about it, most people who use multi-factor authentication, the second
00:05:31.360 | factor tends to be a code sent to their phone number.
00:05:34.760 | If your phone number is stolen as a result of a SIM swap, which is not as
00:05:39.400 | difficult as one would think is for a few bucks.
00:05:43.240 | Unfortunately, people call people at mobile providers and get them to switch
00:05:50.000 | things based on the fact that they go, I'm sorry that I forgot my password.
00:05:54.960 | And this is my phone number and I just got a new device by the way.
00:05:59.080 | So can you please transfer to my new device?
00:06:01.720 | And then all of a sudden you don't get the code.
00:06:04.560 | We've had cases where people have lost millions in cryptocurrency because the
00:06:10.720 | code was sent to the phone number that had been stolen by a hacker.
00:06:14.440 | Now, I know five, 10 years ago, SIM swapping hit all the news, it was a big
00:06:20.200 | thing, is it still happening as much as it was or have the carriers gotten better
00:06:24.480 | about requiring more information to switch a phone number or is it still a
00:06:28.120 | really big concern?
00:06:28.960 | Well, again, if you pay somebody off, it doesn't matter what kind of protocols
00:06:32.760 | you have in place.
00:06:33.720 | The carriers are getting better.
00:06:35.280 | And of course, now you have the opportunity to use a PIN number as an
00:06:40.200 | additional layer of security for someone calling to find out more about your
00:06:44.480 | phone.
00:06:44.960 | The only problem is that a lot of people, just like we tend to use simple
00:06:48.360 | passwords, people use codes like 0 0 0 0 1 2 3 4 9 8 7 6.
00:06:55.360 | So it's not that difficult to guess for some of the bad guys.
00:07:00.280 | So it sounds like a quick thing everyone needs to do.
00:07:03.080 | If you're not already using a password manager, go back to basics.
00:07:05.920 | That's something you should do.
00:07:07.040 | I think most people here have probably heard me talk about password managers
00:07:10.440 | enough to hopefully have gotten on the board with that train, but calling your
00:07:15.160 | cell phone carrier and making sure you have that PIN set up.
00:07:18.240 | I know I called Verizon once and just said, Hey, can you put me in some sort of
00:07:22.520 | more secure version of an account that can work with some banks, financial
00:07:27.400 | institutions, some don't.
00:07:28.960 | I also like to change my mother's maiden name and give them a different word or
00:07:33.720 | number or any string of characters than an actual mother's maiden name, because
00:07:38.680 | that like your phone number is not too difficult to find online.
00:07:41.600 | Are there any other fundamental basics to protect yourself from SIM swapping
00:07:45.600 | that people should be doing?
00:07:46.480 | Just be very alert.
00:07:49.480 | And if all of a sudden you're not getting phone calls or you're not getting texts
00:07:55.600 | or something just doesn't feel right, immediately contact your mobile provider.
00:07:59.840 | But you also brought up an interesting thing too, when you talk about changing
00:08:02.880 | your mother's maiden name.
00:08:04.080 | I always say to people, listen, when you set up security questions and
00:08:07.080 | answers, lie like a superhero.
00:08:08.720 | Clark Kent is not going to tell people he's Superman.
00:08:11.000 | Bruce Wayne doesn't run around saying, Hey, I'm Batman.
00:08:13.760 | So if your mother's maiden name is Smith, tell people it's Jones.
00:08:19.120 | If you went to Ridgefield High School, tell them you went to Southwick.
00:08:23.280 | The key thing is consistency.
00:08:25.920 | It's not as if you were doing an interview to get a security
00:08:30.240 | clearance for national security.
00:08:32.080 | All you're trying to do is create something that will be a benchmark.
00:08:36.400 | So it's not about veracity.
00:08:38.720 | It's just about consistency.
00:08:40.480 | Sometimes I just have strings of numbers.
00:08:43.000 | I use one password and I generate a random string of characters.
00:08:46.520 | So it's like, what's your favorite book?
00:08:48.120 | It might be gobbledygook to me.
00:08:50.080 | Like it's just a bunch of numbers and symbols and letters, but it certainly
00:08:52.960 | isn't something anyone would guess.
00:08:54.320 | And the same goes for the high school I went to or my dog's name
00:08:57.400 | or things that you might actually be able to find out online.
00:08:59.600 | No, no, listen, that's a great idea.
00:09:01.680 | As they say, the algorithm.
00:09:03.680 | So so there's a lot of places we could take this, right?
00:09:08.400 | I think identity theft is a big area.
00:09:10.200 | Cybersecurity is a big area.
00:09:12.240 | Maybe we start with credit identity.
00:09:15.160 | You mentioned Social Security number is this protected thing
00:09:18.120 | with the Equifax breach.
00:09:20.600 | In my mind, it's like I'm kind of operating
00:09:22.880 | like my Social Security number is out there.
00:09:24.440 | I feel like for, I don't know, one in three Americans now,
00:09:27.680 | your Social Security number is out there.
00:09:29.720 | Is that still as easily accessible such that if someone wants
00:09:33.440 | your Social Security number and they try hard enough, they can probably get it?
00:09:36.520 | And if so, what do we do?
00:09:39.080 | Let's face it, not just Equifax.
00:09:40.920 | We're talking about over the past several years, billions.
00:09:45.320 | And that's Dr.
00:09:46.160 | Evil Pinky to the lip be billions, billions of files
00:09:51.280 | have been exposed through data leaks, breaches,
00:09:55.480 | people hitting the wrong key and information getting out there.
00:10:00.000 | People just giving out their Social Security number.
00:10:02.480 | I mean, think about every time you go to the doctor's office, the dentist's office.
00:10:06.080 | What do they have on the form?
00:10:07.560 | Your Social Security number, which, by the way, you can say, no,
00:10:10.520 | I'm not giving you my Social Security number.
00:10:12.960 | They're not going to throw you out because they're either operating
00:10:16.080 | with your insurance information
00:10:18.800 | or they're going to get a credit card before you ever get out the door.
00:10:22.680 | So you don't need to give them your Social Security number.
00:10:26.320 | We need to say, no, we have to have it for insurance purposes.
00:10:29.480 | No, they don't.
00:10:30.760 | They really don't.
00:10:31.440 | There have been stories about people at their children's Little League games.
00:10:35.760 | They were passing around these sheets and people were filling him out.
00:10:39.680 | It's like, yeah, let me have your Social Security numbers.
00:10:41.840 | Well, yeah, sure. Here it is.
00:10:43.760 | People don't really think about it.
00:10:45.200 | They kind of toss it out like you were tossing out rose petals.
00:10:48.880 | I think you have to assume your Social Security number is out there.
00:10:51.880 | You have to assume most of your information is out there.
00:10:54.680 | So it's really about something that I developed with my collaborator,
00:10:59.800 | Beau Friedlander, who's also my co-host on What the Hack with Adam Levin.
00:11:03.320 | We wrote a book called Swiped.
00:11:05.320 | How to Protect Yourself in a World Filled with Scammers,
00:11:07.520 | Fishers and Identity Thieves.
00:11:08.960 | And we came up with the framework.
00:11:12.120 | Three M's.
00:11:13.480 | How do you minimize your risk of exposure, reduce your attackable surface?
00:11:17.320 | How do you monitor it so you effectively know that there's a problem
00:11:21.680 | and that you have to do something about it?
00:11:24.040 | And then how do you manage the damage?
00:11:26.120 | So what you're raising right now with the fact that our information is out there
00:11:30.040 | is how do you effectively monitor so you know as quickly as possible
00:11:34.360 | that you have a problem?
00:11:36.120 | Well, one of the things you do is, as we mentioned earlier,
00:11:38.840 | you go to the site Have I Been Pawned and see whether or not your user ID
00:11:42.760 | and password has been exposed in a breach.
00:11:45.240 | And then looking at the particular breach where it was exposed,
00:11:49.560 | you're going to know, based on the information that has been provided
00:11:53.360 | by the companies that have been compromised,
00:11:55.800 | how much of your information is out there.
00:11:58.840 | And that's why monitoring is so important.
00:12:02.520 | Get your credit report.
00:12:04.760 | Look at your credit.
00:12:05.720 | Don't just say, I got my credit report.
00:12:07.720 | I did my good deed.
00:12:09.400 | Get it. Review it.
00:12:11.200 | Be serious about it.
00:12:12.560 | If something doesn't look right, contact the credit reporting agency.
00:12:16.720 | You need to be looking for things you didn't do,
00:12:20.320 | as well as things that you might have done that you forgot you did.
00:12:24.680 | But review it and make sure that it says what you think it should say.
00:12:29.400 | And if it has additional dates of birth out there for you
00:12:34.320 | or different places where you've never worked or different home addresses,
00:12:38.960 | these are red flags.
00:12:40.080 | So get your credit report, monitor your credit scores,
00:12:43.400 | because if your credit scores take a sudden precipitous drop
00:12:47.320 | that you can't explain, then it's either one of three reasons.
00:12:51.480 | You didn't pay a bill on time.
00:12:53.360 | Not good. You need to know that you're using too much of your available credit.
00:12:58.320 | Not so good. You need to know that.
00:13:01.280 | Or you're a victim of identity theft.
00:13:03.280 | Really not good. And you need to know that.
00:13:05.760 | Also sign up for what's called transactional monitoring alerts.
00:13:10.000 | This is from your financial institutions, your credit card companies.
00:13:14.760 | It's free and it notifies you any time there's any activity in your account.
00:13:19.960 | And if you see activities going on that do not look familiar,
00:13:24.640 | then you have to notify your financial institution or the credit card
00:13:28.600 | company immediately. But that's one of those red flags.
00:13:31.680 | Also, believe it or not, look at your explanation of benefits
00:13:36.160 | statements that you receive from your health insurance company,
00:13:39.040 | because a lot of people have discovered that they were victims
00:13:42.960 | of medical identity theft because there was a treatment on there
00:13:46.880 | or an appointment on there that they never had with a doctor
00:13:51.640 | they've never heard of.
00:13:53.440 | So look at that to make sure it was you.
00:13:57.000 | And then finally, there are much more sophisticated forms of monitoring
00:14:00.400 | that come from the three credit reporting agencies,
00:14:03.520 | as well as third party providers where they have a number of different things
00:14:08.680 | that they're monitoring.
00:14:09.720 | You need them to be monitoring your Social Security number
00:14:13.240 | and your most personal information.
00:14:15.640 | And then you need to get things like what's called instant alerts,
00:14:20.160 | which is not, hey, Chris, a few weeks ago,
00:14:22.640 | somebody using your information to open an account.
00:14:25.640 | But it's, hey, Chris, somebody is attempting to open an account right now.
00:14:30.160 | Is it you? Yes or no.
00:14:33.120 | And then you need to have monitoring that monitors the dark web,
00:14:37.840 | because if it shows up, that your information is out there
00:14:41.280 | and it will tell you what information has been discovered on the dark web,
00:14:46.000 | whether it's an email address, a password,
00:14:49.720 | a phone number, account information.
00:14:52.640 | That's why it's important to do that.
00:14:54.280 | So the second M, very important.
00:14:56.360 | So just to recap, so I know getting your credit report,
00:14:59.160 | free annual credit report dot com, you can get it for free.
00:15:02.160 | Yes, you do.
00:15:03.080 | I believe even right now, as a result of maybe the pandemic,
00:15:06.680 | you can get it more regularly than once a year.
00:15:09.080 | You were getting it in some cases either once a month or once a week,
00:15:12.680 | depending upon the credit reporting agency.
00:15:14.800 | And then a lot of the alerts you talked about are free.
00:15:18.520 | I have an account with Experian, Equifax and TransUnion.
00:15:21.160 | I get alerts. I don't pay for any of those premium services.
00:15:24.480 | I get my credit score.
00:15:26.720 | Gosh, I probably have five different ways to get it for free,
00:15:29.840 | whether it's Credit Karma, which isn't necessarily your FICO score,
00:15:32.800 | but it is a score or different credit card companies.
00:15:36.040 | Amex gives you a free credit score.
00:15:38.000 | I think Capital One gives you a free credit score.
00:15:40.480 | Are there any of the credit monitoring and reporting services
00:15:44.320 | that you actually should pay for, or are they a little bit
00:15:48.160 | fluffy products that people create for people who are worried?
00:15:50.920 | But you can kind of do all this on your own.
00:15:52.960 | I know you can freeze and lock your credit, which I do for free also.
00:15:56.880 | Yes. No, you can do that.
00:15:58.360 | That's as a result of an amendment to a banking law
00:16:01.520 | that was done a few years ago.
00:16:03.560 | But there are services that are worth it
00:16:06.760 | because you really need them to take in-depth dives.
00:16:11.200 | Whereas with free credit reports, you can get them
00:16:15.160 | frequently, although a little less frequently now.
00:16:18.200 | The important thing is you really need to keep up to date.
00:16:21.680 | And with that payment, you're not just paying for the monitoring,
00:16:26.680 | but you're also getting access to a professional
00:16:29.920 | that can help you through identity incidents.
00:16:33.040 | And that's really the third M is that how do you manage the damage?
00:16:37.040 | Now, a lot of people don't realize that through their insurance companies,
00:16:41.800 | some financial institutions, and now more and more through their employers,
00:16:46.400 | there are programs available to help you through identity incidents.
00:16:50.280 | In some cases, it's free as a perk of your relationship with the institution.
00:16:54.560 | In some cases, it's deeply discounted.
00:16:57.240 | In some cases, it may not be.
00:16:58.880 | But you have to really think about how important it is to know
00:17:03.600 | whether or not you've got a problem and have somebody
00:17:06.200 | who can help you through the problem.
00:17:09.200 | I get that if you are involved in an incident, it can be helpful
00:17:12.360 | to have an expert kind of manage the entire process.
00:17:14.960 | But for just monitoring, would you say everyone needs to be using
00:17:19.560 | a premium service or how do you kind of set the threshold for someone thinking,
00:17:22.800 | can I feel like I've got monitors?
00:17:24.080 | I get my alerts, I get my transaction alerts.
00:17:26.240 | I check my credit every so often when my score changes, I get an alert.
00:17:30.080 | Does the average person in that circumstance who hasn't yet been a victim
00:17:33.880 | of any fraud or theft need the premium services?
00:17:37.920 | Well, it depends how premium you want to go.
00:17:40.760 | And you have opportunities to select amongst those premium services.
00:17:46.040 | And even then, the level of premium service you wish to get.
00:17:50.720 | And it really has to do with your comfort level
00:17:54.760 | and how alert you are and how informed
00:17:59.000 | you think you are based on the alerts you're seeing.
00:18:02.480 | And the truth is, access to a professional
00:18:05.600 | to help you through incidents is priceless.
00:18:07.960 | It really is.
00:18:09.760 | And if you talk to a lot of the folks who have been on both sides
00:18:13.600 | of the cyber world, they will all tell you that so much information
00:18:18.920 | is out there about us right now, that the fact that each and every one of us
00:18:23.680 | hasn't become a victim of some form of identity theft
00:18:26.600 | is simply because they haven't gotten around to us yet.
00:18:29.480 | It's really a question of supply and demand.
00:18:32.600 | But I can tell you, having owned a company, well, first a company
00:18:35.640 | that was involved in monitoring and then a company that was involved
00:18:39.960 | in managing damage and taking care of people.
00:18:42.200 | It really depends on what you want to get out of it,
00:18:45.200 | how much you're willing to invest.
00:18:47.320 | It's not a criminally expensive amount
00:18:49.880 | if you get the more moderately priced monitoring programs.
00:18:53.400 | And you really need to know and you need to know as quickly as possible.
00:18:58.200 | And you have to pay attention.
00:19:00.600 | I imagine if I Google credit monitoring services, there's thousands.
00:19:04.000 | I imagine some are much worse
00:19:05.760 | and probably just repackaging what you can get for free for a fee. Right.
00:19:09.040 | Are there particular companies or services that you think
00:19:12.640 | are actually providing that added value for their fees?
00:19:15.480 | There are. I generally don't single out anybody specifically.
00:19:19.440 | And it's not because I'm being paid by anybody in particular.
00:19:22.760 | It's just I really feel like it's a function of
00:19:25.560 | you really need to do your research.
00:19:27.520 | Now, the Consumer Federation of America has a website.
00:19:32.520 | I think it's called ID Theft Info.
00:19:34.640 | I could be wrong, but it's just like a Consumer Federation of America.
00:19:39.000 | They actually have the majority of the major players
00:19:44.280 | in the identity monitoring service world.
00:19:47.680 | They signed up for best practices.
00:19:49.960 | And what they do at that website is they give you a list of questions
00:19:56.200 | and answers to think about when you're searching for someone
00:20:00.080 | to monitor your credit or to actually help you through a credit incident.
00:20:04.120 | And it's really worth it to go to that website.
00:20:07.440 | But there are a number of very good companies that have very good
00:20:11.840 | and thorough monitoring programs.
00:20:14.000 | But as with anything, take time and do your research.
00:20:17.960 | I was hoping I could skip a little of the research and get the answers from you.
00:20:22.160 | Are there any companies, you know, in the space that's like
00:20:24.680 | definitely avoid like companies that are on your blacklist
00:20:28.200 | of credit monitoring and identity theft protection?
00:20:30.440 | Are there services where you're like, no, I just skip over lifelock?
00:20:33.080 | They're the worst or something.
00:20:34.280 | Anyone in the space to avoid?
00:20:36.040 | Well, no, see, now you're getting me to actually recommend certain companies.
00:20:40.920 | I don't. First of all, OK, I'll give you some.
00:20:43.240 | Or is one that's very good.
00:20:45.320 | Lifelock is very good.
00:20:47.440 | I can tell you for years I've used the Experian
00:20:50.200 | and Protect My ID, their program, that's very good.
00:20:53.600 | My old company, Credit.com, we had a number of products and services
00:20:57.560 | that we matched people with that were very good.
00:21:00.320 | And I'm sure the folks at Credit Karma and other places
00:21:03.520 | can also give you recommendations.
00:21:05.200 | Another place to go just for just great advice
00:21:08.800 | in general is the Identity Theft Resource Center.
00:21:11.520 | They're out of San Diego.
00:21:13.320 | Eva Velasquez is the CEO.
00:21:15.400 | She's been CEO for a while.
00:21:17.280 | They're highly respected.
00:21:18.720 | And and for those people who who don't use paying services
00:21:22.680 | and are in trouble and need help and are victims of identity incidents,
00:21:26.280 | they actually work with some of the bigger companies
00:21:29.800 | and have a deal going on where these companies will help them
00:21:34.160 | help people for free.
00:21:36.320 | So the Identity Theft Resource Center, ITRC, OK, is is very good.
00:21:41.120 | Thanks for giving some information that I know you didn't want to.
00:21:44.720 | Yeah, science has shown that being charitable
00:21:48.760 | can actually have a huge impact on your happiness,
00:21:51.760 | which is why I'm excited to be partnering with Daffy today.
00:21:54.600 | They're a not for profit community built around a new modern way to give,
00:21:58.680 | and they have a mission I think we can all get behind,
00:22:01.400 | helping people be more generous more often.
00:22:04.280 | Amy and I use Daffy for all of our giving because they offer an account
00:22:08.440 | that makes it easy to put money aside for charity.
00:22:11.080 | You can make a one time contribution or you can set a little aside
00:22:14.720 | each week or month, and all your contributions are tax deductible,
00:22:19.160 | except you don't actually have to know exactly
00:22:21.800 | where you want to give the money right away.
00:22:23.880 | In fact, you can make your tax deductible contribution now
00:22:27.160 | and invest that money into stocks or even crypto
00:22:30.360 | so it can grow tax free and let you have more impact in the future.
00:22:34.360 | Then whenever you're ready, you can give to any of more than
00:22:38.320 | one and a half million charities, schools or faith based organizations
00:22:42.400 | in a matter of seconds.
00:22:44.240 | So head on over to all the hacks dot com slash Daffy
00:22:47.760 | if you want to start giving today and for a limited time.
00:22:51.040 | If you visit that link, you can get a free twenty five dollars
00:22:54.480 | to give to the charity of your choice.
00:22:56.760 | Again, that's all the hacks dot com slash Daffy.
00:23:02.280 | In today's Internet age, people's personal information
00:23:07.200 | is being shared online with the click of a button without their consent,
00:23:11.160 | and it happens all the time.
00:23:13.240 | But you can tackle this problem thanks to Delete Me from Abine,
00:23:16.880 | the company Adam just mentioned.
00:23:18.640 | And I am excited to be partnering with them for this episode.
00:23:21.400 | When I used to Google myself, I would find hundreds of detailed profiles
00:23:25.800 | sharing my cell phone number, address, email, family members and a lot more.
00:23:30.240 | At first, I actually tried to remove it all myself, which you can do.
00:23:34.080 | But after at least 10 hours, I signed up for Delete Me.
00:23:37.240 | And it was so much easier.
00:23:39.080 | Their software and team of experts will not just find and remove
00:23:42.640 | your personal information from hundreds of data broker websites,
00:23:46.280 | but they'll continuously scan for new data that shows up
00:23:49.880 | and get that removed as well.
00:23:52.080 | On average, Delete Me finds and removes over 2000 pieces of data
00:23:56.280 | for a customer in their first two years.
00:23:58.400 | So if you want to get your personal information removed from search results
00:24:02.160 | on the Web, go to all the hacks dot com slash Delete Me
00:24:06.240 | and get 20 percent off a plan for you or your entire family.
00:24:10.040 | Again, that's all the hacks dot com slash Delete Me with credit cards.
00:24:15.640 | I think a lot of the reason people are not too worried
00:24:18.240 | about just putting their credit card number online is that most,
00:24:21.200 | if not all credit card companies nowadays take the burden
00:24:24.360 | of the risk of something happening and fraudulent charges.
00:24:27.920 | But one thing I don't think I know, so I'm assuming most people don't.
00:24:31.040 | If someone uses your Social Security number to open a bank account
00:24:34.840 | or take out a mortgage or a loan or buy a car,
00:24:37.440 | how much of the liability ends up falling on you?
00:24:41.560 | Is the risk all the hassle of cleaning it up?
00:24:44.520 | Or is there actually risk that you could be liable for what happens
00:24:47.480 | and someone else won't pick up the tab like they might with credit card fraud?
00:24:50.760 | Well, we've seen, for instance, situations where people have had
00:24:54.920 | their Social Security numbers used to take mortgages out on their homes.
00:24:59.080 | That becomes problematic because you really need attorneys for that.
00:25:03.760 | And it's not a simple process to have
00:25:08.080 | a mortgage removed from your home when the money was actually taken
00:25:12.160 | using your information.
00:25:13.720 | Now, your insurance company can be very helpful there.
00:25:16.800 | Check with your insurance company and find out if they have identity
00:25:20.000 | protection programs, if it's automatic or you need to bring it on
00:25:24.080 | as an endorsement to your insurance policy.
00:25:26.520 | Oftentimes your homeowner's policy, your renter's policy.
00:25:30.160 | Now even they're offering identity theft services through auto owner policies.
00:25:35.520 | But you may need that insurance coverage for that that you may pay for.
00:25:39.960 | But it's not a large sum of money.
00:25:42.200 | It's just generally a fee for an endorsement.
00:25:44.440 | But no, it can be a problem.
00:25:46.560 | We've seen cases, for instance, with Zelle.
00:25:49.160 | Now, the Consumer Financial Protection Bureau just came out and kind of dropped
00:25:53.040 | the hammer on a number of those peer to peer payment apps
00:25:57.240 | because so many people have had their information stolen, the app used
00:26:01.800 | or they in good faith used it because they thought they were dealing
00:26:05.640 | with somebody real and not an identity thief or a hacker or a scammer.
00:26:09.200 | And the money's gone.
00:26:10.760 | And of course, they do tell you before you hit that button,
00:26:14.560 | make sure you know who you're dealing with.
00:26:17.560 | But that's changing.
00:26:19.080 | Let me take you back to sort of the beginning of identity theft.
00:26:22.280 | And in the early days of dealing with identity theft issues
00:26:27.080 | and even to a little bit today,
00:26:30.200 | the victim was guilty until proven innocent.
00:26:33.560 | And in fact, the consumer was considered collateral damage.
00:26:37.760 | It was viewed as the business was the victim
00:26:41.800 | of the identity theft or the fraud.
00:26:44.760 | Now, with credit cards, you're right. Banks.
00:26:46.960 | It used to be $50 liability.
00:26:49.000 | It's now down in most cases to zero debit cards.
00:26:53.320 | Little different story.
00:26:55.040 | Many of them have good protections.
00:26:57.640 | But in some cases, the financial institution will say that
00:27:01.600 | before we return your money to you, we have to do an investigation
00:27:06.000 | and we have to feel comfortable that you didn't just do something dumb
00:27:11.200 | and you're trying to get us to cover your loss.
00:27:13.840 | Fortunately, most people listening here are a big fan
00:27:17.520 | of earning credit card points and aren't using their debit card much.
00:27:20.480 | But the identity theft, I'd love to go back to the beginning.
00:27:23.440 | You were the victim. How has that evolved?
00:27:26.160 | Well, it's evolved now that there is a greater understanding of the fact
00:27:30.080 | that millions upon millions of people have become victims of identity theft.
00:27:33.880 | And in many cases, through no fault of their own, simply
00:27:37.120 | their information was on the wrong database at the wrong moment
00:27:40.600 | and the wrong person gained access.
00:27:42.800 | And now suddenly they're victims of identity theft.
00:27:45.280 | And you have so many different levels of identity theft.
00:27:49.920 | You have the low hanging fruit, which is account takeover,
00:27:53.040 | which has to do with credit cards and debit cards.
00:27:55.440 | Raise up the food chain a little bit.
00:27:58.040 | Then you have new account identity theft.
00:28:00.320 | That's where someone using your information has gone about the countryside,
00:28:04.040 | happily opening accounts in your name with your information,
00:28:07.640 | running up the balances and then disappearing into the sunset.
00:28:11.400 | And then you get other forms of identity theft, like medical identity theft,
00:28:16.640 | where someone using your information gets medical treatment in your name,
00:28:20.160 | has a procedure in your name, has appointments in your name.
00:28:23.960 | In most cases, it's a fraud against the insurance company,
00:28:27.040 | but it could come back to haunt you depending upon your lifetime allowances.
00:28:30.880 | But in cases where insurance wasn't involved,
00:28:34.560 | you've had many situations where people get a bill
00:28:38.120 | that comes out of nowhere from a medical provider.
00:28:40.880 | And it's huge.
00:28:42.480 | And they end up having problems with their credit reports
00:28:45.760 | and fighting with the medical provider and being sued.
00:28:49.000 | And there is a greater understanding of that now.
00:28:52.480 | There's child related identity theft.
00:28:55.120 | Kids have no idea because they don't check their credit.
00:28:58.320 | They don't even think they have a credit report.
00:29:00.560 | Most parents don't check their kid's credit reports, although that's changing.
00:29:04.760 | But in that case, we had one guest on What the Hack.
00:29:08.720 | Axon Betts Hamilton has become a very famous expert on identity theft
00:29:13.360 | where she was a victim and her mother was the thief.
00:29:17.640 | Her mother stole her identity, her father's identity.
00:29:20.720 | Her grandfather's identity had a second life.
00:29:24.000 | Oh, my gosh.
00:29:24.680 | And as Axton said, I spent Thanksgiving sitting across the table
00:29:29.000 | for 19 years across from my identity thief.
00:29:32.920 | And there are a not insignificant number
00:29:37.160 | of identity theft victims where it occurs within the family.
00:29:42.080 | Foster children, for example, 10% are victims of identity theft,
00:29:46.800 | because as they go through the foster system, they have a card
00:29:50.320 | with their information that's passed from family to family to family.
00:29:54.200 | And in many cases, that information is used to steal their identity.
00:29:58.320 | So you have that.
00:30:00.720 | And now the government's gotten involved and try to be more helpful
00:30:03.720 | in situations like that.
00:30:05.160 | The reporting agencies are much more understanding when it comes to this.
00:30:09.520 | But there is a process that you go through.
00:30:12.200 | And if you do it, it could take months,
00:30:16.440 | hours of your life.
00:30:19.400 | You could end up with no life and no job and no family
00:30:23.720 | because you're spending so much time focusing on resolving
00:30:26.960 | your identity theft issue.
00:30:28.520 | For instance, if you become a victim of criminal identity theft,
00:30:32.400 | that's a big problem.
00:30:34.200 | That's where someone using your information commits a crime.
00:30:37.640 | There was a movie Identity Thief that you may have seen,
00:30:40.880 | but they commit a crime.
00:30:42.160 | We had a case once a fellow was driving through the Midwest.
00:30:45.400 | He gets pulled over for a busted taillight.
00:30:47.800 | All of a sudden, his car is surrounded by guys with guns.
00:30:52.280 | They make him get on the ground.
00:30:53.880 | They cuff him in front of his kids.
00:30:55.600 | They take him to jail and he gets out in a couple of days.
00:31:00.160 | But he needs to get a lawyer.
00:31:02.520 | And sometimes it takes a not insignificant amount of time
00:31:05.960 | to clear your name if you're a victim of criminal identity theft.
00:31:09.760 | Is there a way that he could have prevented that?
00:31:11.640 | Obviously, committing a crime isn't something
00:31:13.800 | that's necessarily going to show up on your credit report.
00:31:16.840 | I know every time you apply for a job, they run a background check.
00:31:19.640 | Is there like a background check
00:31:21.440 | monitoring service to see if things like that are happening?
00:31:24.080 | There are some of the services now that will monitor
00:31:26.840 | as part of their overall monitoring,
00:31:30.360 | whether you've had incidents of a criminal nature
00:31:34.520 | or at least there are warrants out there for you and you might not know about.
00:31:39.240 | But criminal identity theft is something that you can almost do
00:31:42.080 | absolutely nothing about.
00:31:43.440 | It's just someone did it, used your information, committed the crime.
00:31:47.040 | How do you prove you didn't commit a crime, right?
00:31:50.000 | That's a little more difficult than someone nailing you for committing a crime.
00:31:54.040 | It becomes more complicated.
00:31:55.680 | That's why it's so important for people to be alert.
00:31:57.960 | If you get a notification about something, don't assume
00:32:02.160 | if you know nothing about it, that it's a mistake.
00:32:05.040 | At the same point, don't immediately jump
00:32:08.880 | and try to do something about it, because it could be somebody committing
00:32:12.480 | a fraudulent act and getting you to click on the wrong link
00:32:16.360 | or open the wrong attachment as well.
00:32:18.280 | I want to come back to a few things, but when you get that link,
00:32:22.000 | when you get that email, I think it's wild to me how many different examples
00:32:26.880 | I've seen recently of successfully convincing people that this is the right
00:32:31.640 | link, whether it's using some weird font that isn't actually the right font.
00:32:34.920 | I've seen one where someone had the domain registered
00:32:38.000 | that was like mail.google.com.
00:32:41.280 | So it looks in a small window like it's correct, but then it's mail.google.com
00:32:45.520 | dot some other address, dot some other address.
00:32:48.280 | And so it actually looks like the right prefix, but it's not.
00:32:51.680 | I always say, of course, look at the full URL, look at the full sender.
00:32:55.720 | Are there other things in those moments that people could quickly do
00:32:58.840 | just to make sure or validate that it's correct?
00:33:01.520 | Well, if you get a notification from what appears to be
00:33:06.440 | an organization of authority, first, you have to think about it.
00:33:09.760 | First, the IRS doesn't email anybody.
00:33:11.960 | Police departments wouldn't normally send you an email and go, Hey, by the way,
00:33:16.360 | we think you've committed a crime to notify us here.
00:33:18.640 | What you should do, even if you get one that looks really, really official,
00:33:22.120 | contact the specific agency
00:33:25.880 | and independently confirm the contact information
00:33:29.600 | and then reach out to them and say, I got the strangest thing.
00:33:32.760 | Did you send me something?
00:33:35.320 | Now, most people don't like to red flag themselves with the IRS.
00:33:38.920 | But at the same point, you need to make sure that you're dealing with the IRS.
00:33:44.440 | And of course, generally, the only way they deal with you
00:33:47.000 | initially is you get a letter, maybe not a letter you want to receive,
00:33:51.680 | but you will get a letter.
00:33:52.880 | They don't call you unless you owe them money.
00:33:56.440 | You've owed the money for a very long time.
00:33:58.880 | They've sent you notice after notice, after notice.
00:34:01.760 | You didn't respond.
00:34:03.360 | And then you might might get a call from a legitimate debt collector.
00:34:08.040 | There are about three or four that have been designated by the IRS.
00:34:12.520 | But again, generally, it's never something
00:34:16.120 | where you're asked to do something urgently.
00:34:19.160 | You never get something in the eyes of saying, unless you pass right now,
00:34:24.360 | we're sending someone to arrest you or even a phone call.
00:34:27.720 | They don't do that.
00:34:29.560 | You're always offered an opportunity to have a conversation with an agent
00:34:34.440 | and reach a settlement agreement with the IRS, for example.
00:34:38.800 | But that's what scams are based on.
00:34:41.000 | And a lot of the scams are very similar.
00:34:43.480 | Think of it as the music is the same, but the lyrics change
00:34:47.000 | depending upon what's happening in the world
00:34:49.520 | or what the scammer or the hacker is trying to achieve.
00:34:52.560 | So you really need to set a list of protocols for yourself
00:34:58.000 | as to what you do and protocol number one.
00:35:00.880 | Stop. Read it carefully.
00:35:04.720 | Calm down.
00:35:06.600 | Think about what it's saying and think about whether or not it's logical
00:35:11.040 | that you would have received this communication by way of an email
00:35:14.640 | and whether or not what they're asking you to do seems logical
00:35:18.760 | within the time frame they're giving you to respond.
00:35:22.040 | That's great advice.
00:35:23.840 | Are there any new tactics?
00:35:25.880 | I know SIM swapping made all the news years ago.
00:35:28.960 | Is there anything happening right now that you know about
00:35:32.560 | because you're in the industry that maybe other people will hear about
00:35:35.920 | over the next few years, but would be good to know now?
00:35:38.560 | Well, let's go through some of the scams that exist and sort of match them
00:35:43.760 | to what's going on.
00:35:45.120 | First of all, their health care scams that have been going on for forever.
00:35:48.880 | But in particular, COVID was a petri dish for them.
00:35:52.880 | And now monkeypox is becoming a problem as well.
00:35:56.000 | And that could be anything from updates
00:35:59.400 | to tracking to notifications
00:36:04.200 | to here's where you get your vaccine.
00:36:06.880 | Here's where your schedule, your test, these kinds of things.
00:36:10.600 | So you have to be on the lookout for this.
00:36:12.760 | Again, as you said, run your cursor over the email address
00:36:17.160 | to make sure that where it's coming from looks legitimate.
00:36:20.760 | And even then, wherever it's coming from,
00:36:23.600 | even if it's a phone calls from someone saying they're from the health department,
00:36:28.160 | thank them, hang up, independently confirm the right number
00:36:31.880 | for your county health department or your state health department or even the CDC.
00:36:36.760 | If you think you're getting a call from the CDC,
00:36:39.400 | which I really haven't heard of too many calls coming from the CDC,
00:36:42.760 | then then call the real number and speak to somebody
00:36:46.720 | and confirm whatever that information that they're providing you.
00:36:51.960 | And remember, in most of these cases, they are never supposed to ask you
00:36:57.200 | what your social security number is or getting credit card information from you.
00:37:02.040 | You can't pay to get to the head of the line with these.
00:37:05.440 | If it's a legitimate government situation and it's involving health care,
00:37:09.560 | there is a protocol to use and in no protocol that I know of
00:37:13.560 | and have ever known of, are you paying something in advance
00:37:17.320 | in order to advance your prospects with that?
00:37:20.720 | So you have job scams all the time, especially during the Great Resignation.
00:37:26.240 | And now with inflation and now with the concerns about whether or not
00:37:30.840 | there's going to be a recession, people may be looking for additional jobs.
00:37:35.320 | There go to legitimate, well-vetted websites
00:37:39.760 | and make sure that you're communicating with the right organization.
00:37:43.520 | If someone asks you to provide your social security number right off the bat,
00:37:48.040 | that's not legitimate.
00:37:50.240 | Don't walk, run.
00:37:52.320 | So this could be a job board.
00:37:54.040 | You see a job you're interested in.
00:37:56.040 | You're like, oh, this company is interesting.
00:37:57.600 | Maybe I should apply for it.
00:37:59.160 | It could just be a totally a fake company that's leading you down a path
00:38:02.400 | of interviewing for a job with the purpose of just collecting information about you.
00:38:06.440 | Is that absolutely or getting financial information
00:38:10.000 | by way of you giving them your credit card information?
00:38:12.960 | Let's say it's a secret shopper job.
00:38:15.600 | And they say, well, you know, to get you started,
00:38:18.120 | we're going to be laying out some money, but we'd like you to reimburse us for this.
00:38:21.360 | So be careful.
00:38:22.080 | You don't want to get involved in anything like that
00:38:24.360 | unless you can confirm the legitimacy of it.
00:38:26.480 | So always independently confirm.
00:38:28.960 | Also confirm that particular company is actually looking to hire people
00:38:33.600 | by going to the real website of the organization
00:38:37.000 | and then calling the HR department of the company
00:38:39.760 | and asking them if they're conducting interviews.
00:38:42.080 | But you have to be very careful about job scams.
00:38:44.680 | There was a scam that was going around for a while, disappeared,
00:38:47.760 | came back again, the jury commission scam.
00:38:49.880 | That's where you get a phone call.
00:38:51.280 | Someone represents themselves to be from the jury commission.
00:38:54.520 | They're polling, quote, eligible jurors in the district.
00:38:59.440 | And if you would be so kind as to provide them with your social security number,
00:39:03.800 | they will be able to let you know whether or not you're eligible
00:39:06.680 | or not for the jury poll.
00:39:08.080 | There have been scams where police departments were supposedly calling people
00:39:11.920 | and asking them for specific information.
00:39:15.480 | Generally, police departments just don't call people out of the blue.
00:39:18.640 | Or if they do, it's a legitimate detective.
00:39:20.800 | They may be asking you questions,
00:39:22.600 | but they're not going to be asking for your social security number,
00:39:25.440 | your date of birth or things like that.
00:39:27.840 | Unemployment scams, of course, have been a disaster during covid.
00:39:31.680 | Billions upon billions of dollars have been stolen.
00:39:34.400 | My own sister in law, who was on one of our episodes,
00:39:37.280 | was talking about the fact that she was legitimately notified
00:39:40.960 | by her home state of Colorado and by the state of Ohio
00:39:44.840 | that somebody using her information had applied for unemployment benefits.
00:39:49.280 | In one case, she found out simply because she received
00:39:52.360 | a debit card in the mail from the unemployment agency,
00:39:57.160 | which she said, I'm not looking for a job.
00:40:00.480 | I'm fine. I'm not out of work.
00:40:02.440 | We've had cases where people found out because someone in their company
00:40:06.440 | walked up to their desk in the days when people were actually at their desk
00:40:10.680 | and said, by the way, why did you apply for unemployment?
00:40:15.240 | You still have a job here.
00:40:17.760 | That was going on.
00:40:19.120 | You have the tech scams.
00:40:20.520 | That's what you get a phone call from someone representing themselves
00:40:23.640 | to be from Apple or Microsoft, saying that they've noticed
00:40:27.600 | that there's a problem with your computer.
00:40:29.680 | They are going to direct you to a site where you can download certain software,
00:40:34.720 | which will enable them to then come into your computer and check it out
00:40:39.200 | and solve whatever the problem is.
00:40:40.960 | Apple and Microsoft, they don't do that.
00:40:43.320 | But scammers certainly do that.
00:40:45.920 | Be on the lookout for tech scams.
00:40:48.560 | Then, of course, in the line of work that you've been talking about, too,
00:40:51.520 | which is vacations and points and all of that.
00:40:54.640 | There have been theft of frequent fire miles.
00:40:58.440 | There have been all kinds of vacations, all kinds of rental scams
00:41:02.120 | that people have to be on the lookout for, which we can go into further depth
00:41:06.200 | if you'd like to do that.
00:41:07.560 | And then there's catfishing, which is huge.
00:41:10.360 | Whatever the theme may be, it's still a catfish.
00:41:14.920 | And what people are trying to do is they're trying to tug on your heartstrings
00:41:19.760 | and get you to believe that they care about you.
00:41:22.520 | And the whole goal is to get into your life as quickly as possible
00:41:26.960 | and as authentically as possible.
00:41:30.280 | But yet you never really get to see them.
00:41:32.560 | You never get to really hear them.
00:41:34.400 | You may just be communicating with them by text or by email.
00:41:38.080 | And then at some point, relatively quickly into this relationship,
00:41:43.080 | you're suddenly asked for a lot of personal information
00:41:47.240 | or they send you a compromising picture and ask you to reciprocate.
00:41:53.080 | And what you don't realize, that's not their picture,
00:41:56.680 | but unfortunately, that's your picture you just sent to them.
00:42:00.640 | And suddenly you can become a victim of extortion and blackmail.
00:42:05.760 | Or they ask you to provide credit card information so that you can help them
00:42:10.000 | get a plane ticket to come visit you.
00:42:12.520 | Or we've had cases.
00:42:13.920 | We had a woman on our show talking about the fact that she met someone online
00:42:18.400 | who even had a terrific LinkedIn profile as a very successful
00:42:23.480 | medical professional who had decided to dedicate part of his life
00:42:27.760 | to go to the Mideast and open a clinic there.
00:42:29.920 | And somewhere in the first couple of weeks that they were getting to know
00:42:34.640 | each other, he said, our equipment has come in.
00:42:36.840 | It's held up by customs at the airport.
00:42:39.160 | If there's any way that you could help me by sending me 30,000
00:42:43.440 | so I can get the equipment out, that would be great.
00:42:45.840 | Of course, she didn't do it.
00:42:46.840 | She wouldn't fall for it.
00:42:47.920 | But unfortunately, a lot of people do.
00:42:50.520 | I mean, we've seen cases where someone was taken to the tune of two million
00:42:56.040 | dollars by someone who convinced them that he loved him.
00:43:01.040 | And the only way that they found out there was something wrong,
00:43:05.200 | which they should have known from the beginning, was that a financial advisor
00:43:09.920 | notified members of their family and said, something's going on with your mom.
00:43:13.560 | She's taking a lot of money out and sending it overseas.
00:43:17.320 | You really need to look into this.
00:43:19.080 | And even after confronted with the reality of her situation, she said, OK,
00:43:25.240 | I understand it's a fraud, but in my heart, I still love it. Wow.
00:43:29.000 | I mean, this is how deeply they ingrain themselves into your life.
00:43:33.120 | And then another scam are charity scams.
00:43:37.400 | And this is where they'll take the issue of the day,
00:43:39.600 | whether it's the Ukraine, it's a natural disaster.
00:43:42.720 | It's a crisis somewhere in the world.
00:43:45.400 | It's children.
00:43:46.240 | Any one of those topics, whatever is in the news, they will use it.
00:43:50.400 | They will convince you that they are the newest, best, most successful,
00:43:55.600 | most respected organization in the space.
00:43:58.640 | And could you please give them credit card information or send money to this?
00:44:03.400 | And it's not real. It's a fraud.
00:44:05.840 | That's really interesting.
00:44:06.920 | So I've been a little familiar with some, not all the others.
00:44:09.840 | When it comes to the frequent flyer miles thing, if you Google my name,
00:44:13.960 | there's some articles about having a lot of points in miles.
00:44:16.240 | And so I have been a victim of theft of points, I guess,
00:44:20.520 | which we talked about maybe coming on your show.
00:44:22.840 | And if that happens, definitely go check it out.
00:44:24.920 | I'll tell the full story.
00:44:26.280 | But in short, that's what sent me down a path of really locking down
00:44:30.720 | all these accounts, because someone was able to call Chase
00:44:35.400 | and get Chase to let them order things with points on the Internet.
00:44:40.880 | The craziest thing, and I'm still today don't understand it,
00:44:44.840 | was they ordered an Apple laptop using my points, but they shipped it to my house.
00:44:48.920 | Now, maybe the plan was to come to my house and pick it up, but they never did.
00:44:53.120 | Just an Apple laptop showed up.
00:44:54.840 | So it was like the strangest fraud because Chase refunded the points.
00:44:59.280 | And I had a laptop.
00:45:00.080 | I asked Chase what they wanted me to do with it.
00:45:01.600 | And they said, try to take it to the Apple store.
00:45:03.560 | The Apple store didn't want it.
00:45:04.880 | So eventually Chase said, the best thing we can tell you is to keep it or donate it.
00:45:09.080 | We don't know what to do.
00:45:09.960 | It ended up being a happy story for me,
00:45:11.840 | but it was probably payback for the hours of time to mitigate it.
00:45:15.160 | I want to go back to your first M, which is about minimizing the risk.
00:45:19.040 | Yes, yes.
00:45:19.600 | And talk about some of the things people can be doing
00:45:22.520 | to prepare and kind of plan in advance of any of this happening.
00:45:26.520 | And there's a couple areas here I'll go to.
00:45:29.240 | But one is around information online.
00:45:32.120 | So I remember back when I was a venture capitalist, this company, Fortalis,
00:45:36.120 | which I know you're familiar with, was raising money
00:45:38.440 | and they offered to run some reports on people in the investing group
00:45:42.160 | to show off their product.
00:45:43.840 | And they ran this report.
00:45:45.000 | And I was like, wow, it's not that I didn't know
00:45:47.480 | there was information about me online, right?
00:45:49.320 | There's family tree websites.
00:45:50.880 | There's white page websites.
00:45:52.320 | There's my social media.
00:45:53.800 | When someone pulls all of that information together into one place
00:45:57.080 | and you see a list of every address you've ever lived at, every job
00:46:00.360 | you've had, all of your phone numbers, all of your email addresses.
00:46:03.240 | And then the exact same set of information for your spouse,
00:46:06.560 | your siblings, your parents, and they put it all together.
00:46:09.440 | You're just a little bit taken aback.
00:46:11.400 | And it made me think, gosh, should I be getting rid of this?
00:46:14.680 | Is there a way that consumers can get a lot of this information off the Internet
00:46:19.760 | or what goes into trying to mitigate this risk and minimize the risk
00:46:23.800 | in getting stuff taken away?
00:46:26.000 | Well, I could give you my favorite George Carlin line, which it's a mystery.
00:46:30.400 | But the truth is that there are things that can be done.
00:46:33.720 | That is a long and arduous and time consuming process
00:46:38.840 | because you literally have to go from data broker to data broker.
00:46:42.840 | And there are procedures you can use.
00:46:46.040 | And each one explains it to you.
00:46:47.520 | And of course, the CFPB, Consumer Financial Protection Bureau,
00:46:51.480 | has advice on exactly how to do all of that.
00:46:54.960 | But just like when LifeLock started and someone said,
00:46:59.440 | wasn't it true that a lot of this stuff people can do themselves?
00:47:04.160 | And the answer, which I thought was a very interesting answer,
00:47:07.640 | and I've been a fan of LifeLock, is they said, well, sure,
00:47:11.040 | you can also change your own oil.
00:47:13.040 | And if you want, you could maybe even change your own muffler.
00:47:16.000 | Do you want to?
00:47:17.200 | So it really has to do with how much time you're willing to dedicate to it.
00:47:21.640 | Some people, it's a crusade and they will do it
00:47:24.960 | because they don't want to pay anyone else to do it and they will do it.
00:47:28.520 | Others will find companies like Reputation.com,
00:47:32.200 | which is where they will work to get negative information about you offline,
00:47:36.360 | or companies like ABINE, where they will work with you
00:47:40.600 | to actually delete information from the online world.
00:47:45.240 | And now that there is a right to forget in the GDPR,
00:47:50.040 | which is the General Data Protection Regulation in Europe,
00:47:53.200 | and it's incorporated to some extent
00:47:56.920 | in the California Consumer Protection Act,
00:47:59.040 | and it is hoped that maybe it will be also
00:48:04.120 | incorporated in the American Data Protection Act,
00:48:07.760 | which is kind of wending its way through Congress,
00:48:10.200 | assuming it can actually find its way through Congress,
00:48:13.640 | which is very difficult for us.
00:48:15.040 | As we've seen in the past, it's very difficult for stuff
00:48:17.560 | to get through Congress, all the interests involved.
00:48:20.160 | But it still is a process.
00:48:23.800 | Now, you can contact Google, for instance,
00:48:26.160 | and ask them to remove certain information about you,
00:48:28.720 | which they're willing to do.
00:48:29.880 | But it's a process.
00:48:31.000 | This is just like with a credit report,
00:48:33.160 | when people would go to credit repair companies
00:48:36.040 | and some of them are good and some of them are really, really not good.
00:48:39.440 | And they would say, OK, we will get this information off.
00:48:43.600 | And they do.
00:48:44.920 | But unfortunately, it was legitimate information.
00:48:49.080 | And as a result, when the particular subscribing retailer
00:48:54.360 | does an update, the information finds itself back
00:48:58.200 | onto your credit report again.
00:49:00.680 | Think of all of the millions of websites that are out there
00:49:04.840 | and how, unfortunately, over the years,
00:49:07.640 | there's been this wholesale sharing of information
00:49:11.720 | or selling information or lending information,
00:49:16.160 | depending upon what the relationship was between these organizations.
00:49:20.000 | And it's going to be out there.
00:49:22.240 | And can you get it off?
00:49:23.960 | Maybe for a period of time.
00:49:26.120 | Can you get it everywhere?
00:49:28.360 | It may take you forever to find out where everywhere is.
00:49:31.920 | And there's a new part of everywhere that shows up every day.
00:49:35.680 | So that's why you have to say to yourself, look, the world I live in,
00:49:40.640 | it's a surveillance economy.
00:49:43.320 | It just is.
00:49:44.920 | We are surrounded by billions of Internet of Things devices,
00:49:48.960 | tracking, listening, sending data back to manufacturers,
00:49:52.600 | data then being shared, that information also being hacked by hackers.
00:49:56.480 | So that's why you need to really consider the three M's.
00:50:01.520 | And among the things you should be doing, assuming that your data is out there,
00:50:07.040 | even despite your best efforts to get it off the online world,
00:50:11.360 | is everything from long and strong passwords
00:50:15.000 | not shared among websites or password managers using two factor
00:50:19.800 | authentication, which makes it, again, more difficult for someone to represent
00:50:26.120 | that they are you because they do have to go through that extra layer
00:50:30.360 | of whether a code is sent to a cell phone or you use thumbprints,
00:50:35.880 | eye scans, depending upon the particular device you're using.
00:50:39.600 | I'm a particular fan of thumbprints.
00:50:41.720 | They also multi-factor authentication can involve voice prints.
00:50:45.640 | Of course, the issue is what if, God forbid, someone steals a database
00:50:49.120 | of a company where they have your voice prints?
00:50:51.840 | That could be a problem, too.
00:50:52.920 | But again, any layer of additional authentication you can add is important.
00:50:57.880 | It also means you don't click on every link you see.
00:51:02.040 | You don't open every attachment, even if you think it's coming from someone,
00:51:06.160 | you know. I mean, a perfect example.
00:51:08.760 | It's a buzzkill.
00:51:09.800 | But any time I get an e-card from someone, the first thing I do is I call that person
00:51:14.360 | and say, I know this is a buzzkill, but did you just send
00:51:18.160 | it? You don't have to tell me what it says.
00:51:19.720 | I'll go do it, provided you confirm you really did it.
00:51:23.240 | But again, with the malware that's out there
00:51:27.480 | and the ransomware attacks that are going on, you always run the risk
00:51:31.760 | that someone receives something that they opened that they thought
00:51:36.320 | was hysterically funny and terrific, and they're sending it to you.
00:51:40.040 | But they didn't realize that it had malware on it.
00:51:43.560 | And all they've done is they've shared the love and the hack with you.
00:51:48.480 | You do run that risk.
00:51:49.520 | That's why it's really important to be very careful where you click, what you open.
00:51:53.600 | That means, as we talked about earlier, you lie like a superhero
00:51:57.680 | when you're sending up questions and answers.
00:52:00.200 | That means that you freeze your credit, which is, as we talked about, is free.
00:52:05.520 | And you can do it.
00:52:06.360 | That means that even the humble shredder, and I don't mean a ribbon cut shredder,
00:52:12.200 | because for those of us who saw Argo as an example,
00:52:15.720 | what happens is you can get kids or people hopped up on drugs
00:52:20.920 | who will sit there and meticulously tape back up
00:52:24.680 | things that have been cut by a ribbon cut shredder.
00:52:28.440 | That's why you need a confetti cut shredder or a cross cut shredder,
00:52:32.720 | which turns this into little useless pieces of confetti
00:52:37.520 | that no one can put back together again.
00:52:40.000 | These are some of the things that you need to think about doing.
00:52:43.720 | Or, as we also talked about earlier,
00:52:46.720 | that's where the third M comes in, and it's so important.
00:52:50.240 | And that is to contact your insurance agent, your financial services rep
00:52:55.520 | or the H.R. department where you work and say,
00:52:58.320 | if I become a victim of an identity incident or if I'm worried about it
00:53:02.400 | or I find out that an organization that I've had a relationship with has been hacked,
00:53:07.280 | are you going to help me through the incident?
00:53:09.200 | Yeah. And that's where it's really important.
00:53:11.680 | And a lot of these programs are free,
00:53:14.080 | deeply discounted and worth you signing up for.
00:53:17.320 | Getting the crew together isn't as easy as it used to be.
00:53:21.720 | I get it. Life comes at you fast.
00:53:24.240 | But trust me, your friends are probably desperate for a good hang.
00:53:28.000 | So kick 2024 off right by finally hosting that event.
00:53:32.080 | Just make sure you do it the easy way and let our sponsor Drizzly,
00:53:36.040 | the go to app for drink delivery, take care of the supplies.
00:53:39.920 | All you need to come up with is the excuse to get together.
00:53:42.560 | It doesn't even have to be a good one.
00:53:44.640 | It could be your dog's birthday that the sun finally came out.
00:53:47.800 | Or maybe you just want to celebrate that you got through another week.
00:53:51.280 | With Drizzly, you can make hosting easy by taking the drink run off your to do list,
00:53:55.960 | which means you can entice your friends to leave their houses
00:53:59.000 | without ever leaving yours.
00:54:01.040 | And since I know you like a good deal, Drizzly compares prices
00:54:04.080 | on their massive selection of beer, wine and spirits across multiple stores.
00:54:08.280 | So when I really wanted to make a few cocktails while we were hosting family
00:54:11.400 | last week, not only could I get an Italian Amaro delivered in less than an hour,
00:54:15.680 | but I found it for $15 less than my local liquor store.
00:54:19.040 | So whatever the occasion, download the Drizzly app or go to Drizzly.com.
00:54:24.040 | That's D-R-I-Z-L-Y.com today.
00:54:27.960 | Must be 21 plus, not available in all locations.
00:54:31.320 | I just want to thank you quick for listening to and supporting the show.
00:54:36.880 | Your support is what keeps this show going.
00:54:39.440 | To get all of the URLs, codes, deals and discounts from our partners,
00:54:44.160 | you can go to allthehacks.com/deals.
00:54:47.400 | So please consider supporting those who support us.
00:54:50.840 | I'll share a couple others that I've learned in the past.
00:54:53.920 | I don't know how many years.
00:54:54.960 | Some I've employed, some I plan to.
00:54:56.920 | I actually have multiple email addresses.
00:54:59.000 | So I have an email address that I just use for financial institutions.
00:55:02.840 | Good idea.
00:55:03.400 | I have never shared that email with anyone.
00:55:05.280 | Only financial institutions know it.
00:55:07.080 | I've been recommended, though
00:55:08.360 | I haven't, to use a separate one for social media profiles.
00:55:11.600 | Just yes, that was another recommendation is to just have different email addresses.
00:55:15.800 | Look, if you don't have a password manager, I can only imagine how hard that is.
00:55:19.200 | So we're going to go back to your original recommendation,
00:55:21.720 | which is everyone needs a password manager.
00:55:23.520 | Everyone should be using two factor authentication everywhere they can.
00:55:27.160 | I personally prefer and switch all of it
00:55:31.400 | as much as possible to be a one time password.
00:55:34.360 | Oh, yeah, one time.
00:55:35.440 | Well, yeah, and you can use Google Authenticator.
00:55:37.800 | You can use some of the more the hardware oriented.
00:55:41.720 | You know, when we talked earlier, you had mentioned one of them when we talked prior.
00:55:45.920 | I'm a fan of all of my two factor being one time passwords
00:55:49.800 | that you can put in Google Authenticator or Authy or even one password,
00:55:52.920 | though I had historically been putting all of my one time passwords in one password.
00:55:58.880 | I am now realizing as convenient as it is for them to copy and paste them.
00:56:04.040 | The fact that I'm storing my password in the exact same place
00:56:06.960 | I'm storing my two factor off inherently makes it no longer two factor
00:56:12.160 | because they're in the same place.
00:56:14.000 | It's like one a factor, you know, two types of single factor.
00:56:17.840 | So I'll probably actually be changing that.
00:56:19.600 | Do you have an opinion on using hardware?
00:56:21.800 | Yubico plug in security keys versus Google Authenticator and Authy app?
00:56:26.120 | You know, there are some people that like using security keys,
00:56:29.000 | but they're generally one account related keys, as I believe.
00:56:32.920 | Yubico may be more than that, but I think it is one.
00:56:35.640 | So my Yubico key, I use it with Facebook
00:56:39.920 | and with Google and with different services, so I can sign into different services.
00:56:43.840 | It's a lot more hassle to have to carry this thing around and plug it in.
00:56:47.280 | Obviously, that comes with security, but it's just one where I'm like,
00:56:50.560 | I haven't quite determined that it's worth it.
00:56:52.560 | Yeah, because that's the issue is that you may carry it with you.
00:56:55.880 | But then if one day it disappears, it's not helpful to you.
00:57:00.360 | Just keep in mind, if you're using Google Authenticator, you lose your phone,
00:57:04.080 | you lose those passwords.
00:57:05.440 | Obviously, you can usually recover them with backup codes.
00:57:07.960 | I definitely recommend writing down those backup codes or using something like Authy,
00:57:11.960 | which is a competitor.
00:57:13.160 | But I know they actually store those so you can transfer them between devices.
00:57:16.280 | There might be better services.
00:57:18.000 | By the way, if anyone listening here has any recommendations
00:57:20.440 | that we didn't cover or anything, please send them to me,
00:57:23.840 | because hopefully between now and the time this airs,
00:57:27.080 | I'm going to try to put a lot of these into place,
00:57:29.040 | test a lot of these services out and maybe release another little bonus episode
00:57:32.840 | with my feedback from trying to do all of this.
00:57:35.400 | That would be great.
00:57:36.960 | Just remember, whenever you write down something, put it in some place secure.
00:57:41.000 | You always run the risk if you use a Post-it on your computer
00:57:44.960 | and someone breaks in your house, you've just given away another key to the kingdom.
00:57:49.240 | So another tip someone gave me is actually not just
00:57:52.080 | emailing these white pages directories online.
00:57:55.520 | If you just Google your name or your last name and your address in quotes,
00:57:59.160 | you'll see the websites that are sharing your address.
00:58:01.640 | You can reach out to them and get them to remove things.
00:58:04.040 | A friend of mine recently told me another suggestion, which is to reach to the MLS
00:58:08.280 | or have your real estate agent do it and have the photos of the house
00:58:12.400 | that you purchased whenever it was removed from the MLS.
00:58:15.560 | Otherwise, someone has your address.
00:58:18.120 | They can also then just go look inside your house, understand the entire floor plan.
00:58:22.600 | I'm not saying you're a target of someone understanding the layout of your house,
00:58:26.000 | but it seems like information that provides very little value to the world
00:58:30.720 | for people to be able to look inside every room of your house.
00:58:33.280 | Obviously, it's not real time.
00:58:34.680 | It's not your cameras, but it's something I'm going to be doing.
00:58:37.080 | No, that's important.
00:58:38.200 | The other thing is you can actually contact like Google and Apple and say,
00:58:41.200 | could you blur my house so that if someone's using maps or whatever,
00:58:46.560 | it's not so easy to go, oh, I see.
00:58:49.320 | That's where Chris lives.
00:58:50.240 | Hmm. Well, that's interesting.
00:58:51.960 | I didn't realize he was as close as he is.
00:58:54.080 | So these are little tricks of the trade that you can do as well.
00:58:58.840 | That is another step toward helping you get your stuff
00:59:02.440 | offline or at least less accessible.
00:59:05.480 | I'm trying to think of any other ones that I've done or have thought about.
00:59:08.800 | I have a second phone number on Google Voice that I don't know why,
00:59:14.160 | but it seems like every financial institution supports only text message
00:59:17.880 | or phone call based two factor off.
00:59:19.840 | All of the tech companies seem to support using authenticator
00:59:23.160 | and one time passwords.
00:59:24.360 | Yeah, but all of my financial institutions, Chase Vanguard,
00:59:28.120 | they're only text and it's so frustrating.
00:59:30.400 | So I've got my Google Voice number that I can use.
00:59:32.720 | So I'm not using the number
00:59:34.160 | that I've given out to so many people, as you mentioned earlier.
00:59:37.080 | Listen, that's an excellent idea.
00:59:39.360 | Google Voice for calls, because as we talked about the ubiquity
00:59:42.840 | of your cell phone number, it's always good to have another phone number.
00:59:46.200 | Another scam that was going on is the Google Voice scam.
00:59:49.880 | And that's where you're supposedly doing business with someone online.
00:59:53.960 | They go, well, I don't really know if I can trust you.
00:59:56.640 | So I want to know that you're the real you, that this is really your phone number.
01:00:01.720 | So I'm going to send you a code and then I want you to read me back the code.
01:00:06.320 | And what they've actually done is they've applied for a Google Voice number
01:00:10.280 | using your phone as the point of authentication.
01:00:14.080 | And then they will have a code sent to you.
01:00:19.320 | And then they will ask you to read them the code.
01:00:22.200 | And that then enables them to contact Google Voice
01:00:25.360 | and represent themselves as if they're you.
01:00:27.880 | I've seen the same thing happen with sending an iCloud two factor code.
01:00:32.920 | They just pretend that it's something else.
01:00:35.080 | They say, oh, I want to confirm it's your identity.
01:00:37.760 | Let me send you a code.
01:00:38.720 | And they go to Apple and they go in and say, recover my password, send a code.
01:00:43.400 | And they just hope that you don't notice that code actually is from Apple
01:00:47.200 | or that code is from your bank or something like that.
01:00:50.000 | So I'd say if you're not dealing with a service where you're 100% sure
01:00:53.440 | it's the service, which means you called them, you know, if Verizon calls you
01:00:57.240 | and says, hey, we'd love to talk to you about your account,
01:00:59.120 | we're going to send you a code right now and then we can get in.
01:01:01.760 | I would say thank you.
01:01:03.240 | But let me call 611 back and get a Verizon rep before proceeding.
01:01:07.480 | That goes into the category of no, no, no, no, no, no.
01:01:10.520 | Yes, exactly.
01:01:11.520 | Now that HTTPS is pretty ubiquitous, right?
01:01:14.720 | If you don't already know to look for the secure lock,
01:01:17.480 | most browsers will throw off errors if they're not there.
01:01:20.600 | Do VPNs really matter in these days?
01:01:23.120 | I've heard plenty of ads for them.
01:01:25.040 | But I wonder if now that almost everything we do online is HTTPS,
01:01:29.160 | if having a VPN really provides a lot of value other than maybe
01:01:32.960 | like your browsing activity, what types of things you're doing,
01:01:36.040 | whether you're streaming from different services.
01:01:37.840 | Well, a VPN also is very helpful when let's say you're connecting
01:01:41.160 | to your business network.
01:01:43.400 | It's always good to use it if your company has a VPN to access things.
01:01:46.920 | Yes. But the idea of, oh, if you're at a public Wi-Fi spot,
01:01:50.920 | you need a VPN to make sure people aren't stealing your information.
01:01:54.720 | My understanding is that with HTTPS being so prolific
01:01:58.440 | and secure certificates being free, that's not really a thing
01:02:02.160 | people need to be worried about.
01:02:03.520 | Well, the only issue is that there have been cases
01:02:06.000 | of the secure certificates being stolen.
01:02:08.360 | OK, so as a result, a VPN is still a good way to go.
01:02:12.400 | And I like DuckDuckGo, but there were people that will say to you
01:02:15.400 | that if you're going to get a VPN, use one you pay for.
01:02:18.320 | Because they're less likely to sell your information than ones
01:02:23.480 | that one day might share your information that are free. Yeah.
01:02:28.360 | That goes back to another thing, too, which is read privacy policies
01:02:33.320 | and understand what the privacy policy is, terms and conditions.
01:02:37.880 | I realize privacy policies in many cases are written in 27th grade English
01:02:42.800 | and they're presented to you in mouse print.
01:02:45.000 | And there are translators where you can actually go
01:02:47.920 | and it'll translate what a privacy policy is.
01:02:50.920 | The name of some of them escapes me right now.
01:02:53.040 | But this is something we could talk to Travis about, for example,
01:02:56.680 | that he might be able to give information on that.
01:02:58.920 | But anything that you can do to mask your identity is a good thing.
01:03:03.880 | Even something as simple as location services on your mobile device.
01:03:08.960 | Many websites now scramble the things that would be identified
01:03:13.360 | by location services, but many of them don't.
01:03:16.760 | And the last thing you want is you're publishing pictures
01:03:20.520 | and it shows when and where the picture was taken,
01:03:23.880 | especially if it involves people doing things they shouldn't do,
01:03:28.080 | like exposing their kids too much to people.
01:03:32.160 | Like an example.
01:03:33.480 | Here we are at Sustance Hutcher Park and it's little Susie's second birthday.
01:03:38.120 | And if the location services are on and it's not a site that scrambles them,
01:03:44.200 | the issue you have is that somebody could show up one day at that park,
01:03:49.400 | find little Susie and say, I feel so terrible that I missed your birthday.
01:03:55.560 | And I told mommy that I'd be over the park today to see you
01:04:00.280 | because I have a present for you if you just come with me over there.
01:04:03.880 | It's in my car.
01:04:04.760 | And then all of a sudden you have a missing child.
01:04:09.120 | So, you know, location services, you should be discreet
01:04:13.160 | about when you use them, where you use them.
01:04:16.040 | And if you can disable them, you do it.
01:04:19.000 | Of course, I realize that your GPS system won't work and a few other things.
01:04:23.480 | So, you know, turn them on for that.
01:04:25.400 | But be careful, know that they can come back to haunt you.
01:04:29.200 | When I got that Fortalice report, they looked at all the photos
01:04:32.480 | that had been published on social media by me, by others around my home address.
01:04:37.720 | And all of a sudden there are photos that you didn't know of your friends
01:04:40.960 | and your family inside your house and all that kind of stuff.
01:04:43.280 | So one of their recommendations was to go back and remove the geo
01:04:47.520 | tags from your photos, from everything you've posted online.
01:04:50.600 | The only other thing we didn't discuss from tips that I have
01:04:54.200 | are going in and doing an audit of things you've offed to your Google account
01:04:59.400 | or your Twitter account or your Facebook account.
01:05:01.240 | Yeah, there are so many websites that say, oh, just off your Gmail
01:05:06.000 | or oh, just off your Facebook.
01:05:07.920 | And many of them are legitimate, right?
01:05:10.120 | I've offed my Gmail to Calendly so I can schedule meetings.
01:05:13.120 | But doing an audit every so often of are there services
01:05:17.360 | that you've given access to your email or to your social media
01:05:21.400 | profiles that you don't use anymore?
01:05:23.560 | Or even I noticed that recently I can't remember what service it was,
01:05:27.600 | but it's gotten a lot better, right?
01:05:29.600 | It used to be all or nothing authentication.
01:05:31.760 | Some of them now say, what do you want to give information?
01:05:34.000 | Do you want to give your name or do you want to give your email
01:05:36.960 | or do you want to give full control to post, delete and see everything?
01:05:40.000 | And if you authenticated something five years ago,
01:05:42.880 | you might not have had the fine grain detail to be able to choose
01:05:46.440 | what you give access to.
01:05:48.040 | So it could even be worth deleting all of them and redoing them
01:05:51.280 | to make sure that you're only authenticating the kinds of information
01:05:54.640 | you want to the parties you want.
01:05:56.080 | So that's another kind of audit that I plan on doing.
01:05:58.880 | You're not wrong about that one at all.
01:06:00.960 | And you absolutely should do an audit because it's very important
01:06:04.480 | to figure out when you're on a particular site where your information is going.
01:06:08.600 | I have a good friend who has a new company that he started,
01:06:11.760 | which is a privacy company.
01:06:13.720 | And what they do is they can scan a website
01:06:16.720 | and then show you all of the different places
01:06:21.120 | that your data is going, all the different companies
01:06:24.000 | that are sucking up your data that you had no idea.
01:06:26.560 | And by data, just to be clear, it's usually IP address and activity,
01:06:31.320 | not stealing information off your computer and your files and that kind of stuff.
01:06:35.240 | Right. But it's still IP address.
01:06:37.800 | You can identify. Yeah.
01:06:39.400 | And many years ago, they did a someone they were able to identify
01:06:45.000 | specifically who they were through analyzing their AOL searches.
01:06:50.400 | And they were able to actually zero in on the individual.
01:06:54.360 | And today, people will tell you, give me two or three social media entries
01:06:58.640 | and one one receipt.
01:07:01.080 | And I'll be able to tell you who and where.
01:07:04.520 | I worked at a company that was dealing with location data,
01:07:07.520 | and we were talking to a cell phone carrier.
01:07:10.240 | And you might not know that just from the towers you're on on your cell phone,
01:07:14.880 | the cell phone carriers are logging all of this data.
01:07:17.520 | And unfortunately, at the time, maybe not now, they're willing to sell this data.
01:07:21.000 | It doesn't have anything to do with you.
01:07:22.480 | It's just there is a device.
01:07:24.440 | It's here, but no one knows who.
01:07:26.560 | But I remember we did some analysis and it was something like
01:07:29.720 | with a reasonable degree of accuracy, you could figure out
01:07:33.560 | where any given phone would be at any given time
01:07:36.720 | because you had the history of where it had been.
01:07:38.960 | Now, thankfully, that information was anonymous to the person.
01:07:42.720 | But you could say this phone that's often at this address is likely to be here.
01:07:47.480 | It was a little too much.
01:07:48.480 | I don't want to get people too scared, though, right?
01:07:50.240 | You could listen to this and say, oh, my gosh, my kids are going to get abducted.
01:07:53.400 | People are going to find me.
01:07:54.360 | They're going to see everything in my house.
01:07:56.240 | What message do you have to people that will help them get out of that feeling
01:07:59.240 | of leaving this thinking everything's coming to an end?
01:08:01.880 | I should turn off all my technology and never leave the home.
01:08:04.840 | Well, interestingly enough, I've had someone say, well, thank you, Adam.
01:08:07.880 | Now that I've listened to you speak, I'm going home.
01:08:11.600 | I'm going to disconnect everything.
01:08:13.320 | I'm going to burn off my fingerprints and I'm going to hide under my mattress.
01:08:16.960 | I said, but you can't do that unless you're living under a bottle cap
01:08:21.080 | at the bottom of Loon Lake and you're completely off the grid, which nobody is.
01:08:24.960 | You're out there.
01:08:26.120 | So the question is, just be alert.
01:08:30.080 | Know what the threats are.
01:08:32.560 | Know what the red flags are.
01:08:34.800 | And then practice, for example, the three M's.
01:08:38.560 | Do everything you can to minimize your risk of exposure.
01:08:42.880 | Like, for example, when you get a new Internet of Things device,
01:08:47.120 | which most things are these days, change the password.
01:08:51.000 | Most of them come with manufactured default passwords,
01:08:55.000 | and probably 98% of those passwords are for sale on the dark web.
01:09:00.080 | So change the password to something long and strong.
01:09:03.960 | Just read the manual.
01:09:05.080 | It'll tell you how to do it.
01:09:06.520 | Just like when you get your router in, make sure that the password
01:09:10.400 | is what you want it to be, not what someone else wants it to be.
01:09:13.920 | And make it as complex as possible.
01:09:16.280 | Or use a password manager to help you with the whole thing.
01:09:18.840 | It's really all about two things that people have to understand.
01:09:22.320 | Number one, we all have day jobs.
01:09:25.960 | We work. We raise families.
01:09:28.520 | We're involved in educational activities, philanthropic activities.
01:09:31.840 | We own companies. We're busy.
01:09:33.640 | That keeps us excited, interested, but also diverted.
01:09:38.560 | And to a hacker who's not diverted, we are their day job.
01:09:44.080 | This is what they do.
01:09:46.840 | And in some countries, they come in at eight.
01:09:48.960 | They have their lunch break.
01:09:51.080 | They go home at 430 or five o'clock in the afternoon.
01:09:54.080 | And it's a job and they're working for the government.
01:09:57.120 | That's how they raise money.
01:09:58.560 | That's how they conduct espionage.
01:10:00.760 | Others work around the clock and do what they do.
01:10:03.400 | But it is their day job.
01:10:05.760 | And the second thing to understand is when you look in the mirror, you see you.
01:10:09.640 | And you go, why would anyone in the world want to steal my identity?
01:10:15.160 | Why would anyone care?
01:10:17.040 | And the answer is simple.
01:10:19.200 | You see you.
01:10:21.120 | But when they see you, a hacker, a scammer, an identity thief,
01:10:25.000 | they see Jay-Z, Beyonce, Adam Levine.
01:10:28.600 | They see somebody who's got something they want that can enrich their lives or.
01:10:34.920 | And this is not to offend anyone.
01:10:38.200 | It's not you thereafter, but it's your spouse, your child,
01:10:42.960 | your parent, an organization that you're involved with,
01:10:46.240 | a company that you work for, and you are simply the conduit
01:10:50.600 | to get them to whoever or wherever they want to get to.
01:10:54.480 | So this is why it's extremely important that you really focus on cyber hygiene,
01:10:59.400 | just like you go to doctors, you go to dentists,
01:11:02.360 | you do things that you do to stay healthy.
01:11:04.960 | You have to maintain a healthy cyber environment
01:11:08.400 | because you're protecting yourself, your family,
01:11:12.680 | possibly your company, your co-workers and millions of innocent consumers
01:11:17.880 | that may be doing business with your company.
01:11:20.520 | There was a concept that was raised a couple of years ago
01:11:23.640 | by the CEO of Microsoft, and I think he was dead right.
01:11:26.280 | It's called shared responsibility.
01:11:28.440 | It's that we know that business hasn't done enough.
01:11:31.200 | We know the government hasn't done enough.
01:11:32.920 | And we know consumers haven't done enough to protect each and every one of us
01:11:37.720 | from the ravages of cyber issues or identity theft or ransomware.
01:11:42.280 | And each of us has a role to play.
01:11:45.680 | And with consumers, we didn't ask for it.
01:11:49.400 | We're not trained for it.
01:11:51.240 | And it's certainly not something we want.
01:11:53.640 | But it's a reality of where we are, what we do, who we are in the world we live in.
01:11:59.720 | And therefore, it's incumbent upon each and every one of us to do our part
01:12:05.080 | because we could be protecting a whole lot more people than just ourselves
01:12:09.320 | by doing the right thing when it comes to cybersecurity.
01:12:12.880 | But it's not something that you need to be terrified of because it's reality.
01:12:17.880 | You're not going to escape it.
01:12:19.760 | So as a result, it's a question of just like they say with Covid,
01:12:23.120 | we've got to live with it.
01:12:24.560 | So when it comes to cybersecurity, we have to live with it.
01:12:27.200 | It is not an individual sport.
01:12:29.360 | It is a group sport. It's team.
01:12:31.600 | And in addition to which you can't take a victory lap for cybersecurity
01:12:36.520 | because you could be completely secure at nine o'clock in the morning
01:12:39.360 | and suddenly exposed at nine or one
01:12:43.360 | because somebody clicked the wrong link, opened the wrong attachment,
01:12:46.680 | gave the wrong information to somebody.
01:12:49.120 | So if we kind of stick together, work with each other, collaborate,
01:12:52.760 | communicate, cooperate, we're going to be better off for it.
01:12:55.720 | And I think there's a much more collegial attitude now
01:12:59.160 | that it comes to cybersecurity than ever before.
01:13:01.520 | And like you said earlier, with all the information out there,
01:13:05.240 | it's only a matter of time before someone decides to pick you as a target.
01:13:08.880 | That's right. You win the lottery, the one you didn't even enter.
01:13:12.160 | But I'd say if you can make yourself a harder target
01:13:15.600 | by doing a lot of the stuff we talked about today,
01:13:18.080 | then you just move yourself further and further down that list
01:13:20.800 | where someone says, ah, this person's information isn't very easy to find online.
01:13:24.320 | Let's just skip to the next person where their address takes me a second to find.
01:13:27.400 | So it's like the whole issue.
01:13:28.960 | If you're a burglar, do you break into the house where there's no dog
01:13:32.240 | or one where there is a dog where you might not be sure
01:13:36.120 | that you're going to come out with both legs?
01:13:38.480 | It's important to do that.
01:13:39.640 | And a very important rule of thumb.
01:13:42.560 | Any time that anybody contacts you about anything
01:13:47.440 | and asks you to authenticate yourself for any reason,
01:13:52.400 | however plausible or logical it is, hang up.
01:13:56.360 | It's one thing if you contact them
01:13:59.840 | and they're an organization trying to do the right thing
01:14:03.640 | and they're asking you to authenticate yourself.
01:14:05.920 | But if they contact you, no good.
01:14:10.080 | Great parting advice.
01:14:11.520 | Thank you so much for being here.
01:14:12.600 | Where can people stay on top of everything you're learning?
01:14:15.720 | All of the latest conversations you're having.
01:14:18.160 | Well, come to AdamLevin.com,
01:14:20.280 | which is where we put a lot of information about the newest,
01:14:25.480 | scariest, maybe not so scary, but things you need to know.
01:14:29.760 | We have that on the website.
01:14:31.160 | Come to What The Hack with Adam Levin.
01:14:32.840 | You can get it to anywhere you get your podcast.
01:14:35.360 | Think of it as car talk for cyber.
01:14:37.960 | There are three of us.
01:14:38.960 | We try to have a lot of fun with it.
01:14:40.520 | We focus on a lot of important issues.
01:14:42.920 | We bring people on who have either been victimized
01:14:46.960 | or have managed to avoid victimization
01:14:49.560 | when it comes to cyber or identity theft.
01:14:52.120 | And there are a lot of lessons to learn.
01:14:53.560 | And the whole thing is that
01:14:55.360 | this is where scaring is caring and sharing is caring
01:14:59.160 | is that the more people that are willing to tell their stories
01:15:03.040 | about what they went through and what the red flags were
01:15:07.520 | and how to avoid it, the better it is.
01:15:09.600 | We all gain by it.
01:15:11.480 | Well, I'm looking forward to joining you and talking about the fact
01:15:14.600 | that people always overlook their frequent flyer accounts.
01:15:17.840 | I think let's lock down my bank account.
01:15:19.800 | But especially for this audience, you build up credit card points.
01:15:22.800 | You build up miles to have someone go in and take a flight
01:15:25.440 | or drain them to buy a computer is the worst.
01:15:27.600 | And I've dealt with it.
01:15:28.400 | So no, it's not fair.
01:15:29.520 | You did the work to get it.
01:15:31.160 | Why should somebody get the benefit of your effort?
01:15:34.600 | Yeah. So thank you so much for being here.
01:15:37.480 | I really appreciate it.
01:15:38.480 | And I enjoyed the conversation.
01:15:39.960 | Well, thanks for inviting me.
01:15:41.360 | I enjoyed it very much. Let's do it again.
01:15:43.480 | I really hope you enjoyed this episode.
01:15:47.440 | Thank you so much for listening.
01:15:49.240 | If you haven't already left a rating and a review for the show
01:15:52.080 | in Apple Podcasts or Spotify, I would really appreciate it.
01:15:55.520 | And if you have any feedback on the show, questions for me or just want to say
01:15:59.120 | hi, I'm Chris at all the hacks dot com or at Hutchins on Twitter.
01:16:03.960 | That's it for this week. I'll see you next week.
01:16:05.880 | And I'm Chris.
01:16:06.880 | And I'm Chris.
01:16:08.600 | And I'm Chris.
01:16:09.600 | And I'm Chris.
01:16:10.600 | And I'm Chris.
01:16:11.600 | And I'm Chris.
01:16:12.600 | And I'm Chris.
01:16:13.600 | And I'm Chris.
01:16:14.600 | And I'm Chris.
01:16:15.600 | [BLANK_AUDIO]