A quick word from our sponsor today. I love helping you answer all the toughest questions about life, money, and so much more, but sometimes it's helpful to talk to other people in your situation, which actually gets harder as you build your wealth. So I want to introduce you to today's sponsor, Longangle.

Longangle is a community of high net worth individuals with backgrounds in everything from technology, finance, medicine, to real estate, law, manufacturing, and more. I'm a member of Longangle. I've loved being a part of the community, and I've even had one of the founders, Tad Fallows, join me on all the hacks in episode 87 to talk about alternative investments.

Now, the majority of Longangle members are first generation wealth, young, highly successful individuals who join the community to share knowledge and learn from each other in a confidential, unbiased setting. On top of that, members also get access to some unique private market investment opportunities. Like I said, I'm a member and I've gotten so much value from the community because you're getting advice and feedback from people in a similar situation to you on everything from your investment portfolio, to your children's education, to finding a concierge doctor.

So many of these conversations aren't happening anywhere else online. So if you have more than 2.2 million in investable assets, which is their minimum for membership, I encourage you to check out Longangle and it's totally free to join. Just go to longangle.com to learn more. And if you choose to apply, be sure to let them know you heard about it here.

Again, that's longangle.com. Hello, and welcome to another episode of All The Hacks, a show about upgrading your life, money, and travel all while spending less and saving more. If you're new here, I'm your host, Chris Hutchins, and I'm excited to have you on my journey to optimize my own life by sitting down each week with the world's best experts to learn the strategies, tactics, and frameworks they use for their own lives and their success.

Today, I'm talking with Adam Levin, who's an absolute expert on cybersecurity, privacy, identity theft, and fraud. At 27, he became the youngest director in the history of the New Jersey Division of Consumer Affairs. He later went on to found at least two companies, Credit.com, which focused on consumer credit building and was acquired in 2015, and CyberScout, a global identity and data protection company that helped pioneer the cyber insurance business and was acquired in 2021.

On top of all that, he's the author of the critically acclaimed book, Swiped, How to Protect Yourself in a World Full of Scammers, Fishers, and Identity Thieves. And he hosts the weekly cybersecurity podcast, What the Hack. For many months, I've been wanting to do an episode on everything you need to know about cybersecurity, identity theft.

So I'm really excited that I got connected with Adam. We're going to talk about how to protect yourself from all these threats, what kind of tools and services like VPNs, or security keys, or credit monitoring are actually worth using. Basically, I want to leave you with everything you need to know to protect yourself online.

That is a lot to cover, so let's get started. Adam, welcome to the show. Chris, thanks so much for inviting me. So just to kick us off, I want to know, what do you think is the most common thing you see most people doing wrong when it comes to protecting themselves online?

Well, I mean, password protocol is terrible with most people. Most people pick a easily decipherable, simple password because that's what they can remember, and they use it everywhere. And unfortunately, what you have to understand is that even assuming that you had the most indecipherable, sophisticated password possible, if it's been exposed as a result of a leak or a breach, then it's discovered.

And a discovered password is no good to you anymore. And if it's through your entire universe of websites, it's going to come back and be a nightmare for you. So you really have to think hard about the kinds of passwords you're going to use. In fact, that's why most people use password managers that want to simplify their lives, but you need to do that because one ubiquitous password in your life is guaranteed to create a problem for you.

Yep. Password managers often will tell you this password's been in a breach. There was a site that was like, "Have I been pawned?" Is that still like the gold standard of finding out what passwords of yours have been in a breach or what is... It pretty much is. Yeah.

Yep. "Have I been pawned?" And it's not a happy place by any means. And you can also now track your phone number too, because the issue is that for years we've been told that the ultimate skeleton key to your life is your social security number. And that's pretty much true.

But if you think about it now, everybody gives their cell phone number out to everybody. And on top of which it's not something, because they're now portable, nobody's going to change their cell phone number. So this is a number that's going to stick with you most of your life and it is everywhere.

So that that's an issue as well. What's the risk of your phone number being out there? Obviously people can call you, but is it that they could know your number and spoof your number, calling customer service and pretend to be you with automated systems or why is having your number out there as bad or dangerous as maybe your email password, which makes more sense to me why that would be a bad thing.

Well, the reason why having your number out there is a problem is because if you think about it, most people who use multi-factor authentication, the second factor tends to be a code sent to their phone number. If your phone number is stolen as a result of a SIM swap, which is not as difficult as one would think is for a few bucks.

Unfortunately, people call people at mobile providers and get them to switch things based on the fact that they go, I'm sorry that I forgot my password. And this is my phone number and I just got a new device by the way. So can you please transfer to my new device?

And then all of a sudden you don't get the code. We've had cases where people have lost millions in cryptocurrency because the code was sent to the phone number that had been stolen by a hacker. Now, I know five, 10 years ago, SIM swapping hit all the news, it was a big thing, is it still happening as much as it was or have the carriers gotten better about requiring more information to switch a phone number or is it still a really big concern?

Well, again, if you pay somebody off, it doesn't matter what kind of protocols you have in place. The carriers are getting better. And of course, now you have the opportunity to use a PIN number as an additional layer of security for someone calling to find out more about your phone.

The only problem is that a lot of people, just like we tend to use simple passwords, people use codes like 0 0 0 0 1 2 3 4 9 8 7 6. So it's not that difficult to guess for some of the bad guys. So it sounds like a quick thing everyone needs to do.

If you're not already using a password manager, go back to basics. That's something you should do. I think most people here have probably heard me talk about password managers enough to hopefully have gotten on the board with that train, but calling your cell phone carrier and making sure you have that PIN set up.

I know I called Verizon once and just said, Hey, can you put me in some sort of more secure version of an account that can work with some banks, financial institutions, some don't. I also like to change my mother's maiden name and give them a different word or number or any string of characters than an actual mother's maiden name, because that like your phone number is not too difficult to find online.

Are there any other fundamental basics to protect yourself from SIM swapping that people should be doing? Just be very alert. And if all of a sudden you're not getting phone calls or you're not getting texts or something just doesn't feel right, immediately contact your mobile provider. But you also brought up an interesting thing too, when you talk about changing your mother's maiden name.

I always say to people, listen, when you set up security questions and answers, lie like a superhero. Clark Kent is not going to tell people he's Superman. Bruce Wayne doesn't run around saying, Hey, I'm Batman. So if your mother's maiden name is Smith, tell people it's Jones. If you went to Ridgefield High School, tell them you went to Southwick.

The key thing is consistency. It's not as if you were doing an interview to get a security clearance for national security. All you're trying to do is create something that will be a benchmark. So it's not about veracity. It's just about consistency. Sometimes I just have strings of numbers.

I use one password and I generate a random string of characters. So it's like, what's your favorite book? It might be gobbledygook to me. Like it's just a bunch of numbers and symbols and letters, but it certainly isn't something anyone would guess. And the same goes for the high school I went to or my dog's name or things that you might actually be able to find out online.

No, no, listen, that's a great idea. As they say, the algorithm. So so there's a lot of places we could take this, right? I think identity theft is a big area. Cybersecurity is a big area. Maybe we start with credit identity. You mentioned Social Security number is this protected thing with the Equifax breach.

In my mind, it's like I'm kind of operating like my Social Security number is out there. I feel like for, I don't know, one in three Americans now, your Social Security number is out there. Is that still as easily accessible such that if someone wants your Social Security number and they try hard enough, they can probably get it?

And if so, what do we do? Let's face it, not just Equifax. We're talking about over the past several years, billions. And that's Dr. Evil Pinky to the lip be billions, billions of files have been exposed through data leaks, breaches, people hitting the wrong key and information getting out there.

People just giving out their Social Security number. I mean, think about every time you go to the doctor's office, the dentist's office. What do they have on the form? Your Social Security number, which, by the way, you can say, no, I'm not giving you my Social Security number. They're not going to throw you out because they're either operating with your insurance information or they're going to get a credit card before you ever get out the door.

So you don't need to give them your Social Security number. We need to say, no, we have to have it for insurance purposes. No, they don't. They really don't. There have been stories about people at their children's Little League games. They were passing around these sheets and people were filling him out.

It's like, yeah, let me have your Social Security numbers. Well, yeah, sure. Here it is. People don't really think about it. They kind of toss it out like you were tossing out rose petals. I think you have to assume your Social Security number is out there. You have to assume most of your information is out there.

So it's really about something that I developed with my collaborator, Beau Friedlander, who's also my co-host on What the Hack with Adam Levin. We wrote a book called Swiped. How to Protect Yourself in a World Filled with Scammers, Fishers and Identity Thieves. And we came up with the framework.

Three M's. How do you minimize your risk of exposure, reduce your attackable surface? How do you monitor it so you effectively know that there's a problem and that you have to do something about it? And then how do you manage the damage? So what you're raising right now with the fact that our information is out there is how do you effectively monitor so you know as quickly as possible that you have a problem?

Well, one of the things you do is, as we mentioned earlier, you go to the site Have I Been Pawned and see whether or not your user ID and password has been exposed in a breach. And then looking at the particular breach where it was exposed, you're going to know, based on the information that has been provided by the companies that have been compromised, how much of your information is out there.

And that's why monitoring is so important. Get your credit report. Look at your credit. Don't just say, I got my credit report. I did my good deed. Get it. Review it. Be serious about it. If something doesn't look right, contact the credit reporting agency. You need to be looking for things you didn't do, as well as things that you might have done that you forgot you did.

But review it and make sure that it says what you think it should say. And if it has additional dates of birth out there for you or different places where you've never worked or different home addresses, these are red flags. So get your credit report, monitor your credit scores, because if your credit scores take a sudden precipitous drop that you can't explain, then it's either one of three reasons.

You didn't pay a bill on time. Not good. You need to know that you're using too much of your available credit. Not so good. You need to know that. Or you're a victim of identity theft. Really not good. And you need to know that. Also sign up for what's called transactional monitoring alerts.

This is from your financial institutions, your credit card companies. It's free and it notifies you any time there's any activity in your account. And if you see activities going on that do not look familiar, then you have to notify your financial institution or the credit card company immediately. But that's one of those red flags.

Also, believe it or not, look at your explanation of benefits statements that you receive from your health insurance company, because a lot of people have discovered that they were victims of medical identity theft because there was a treatment on there or an appointment on there that they never had with a doctor they've never heard of.

So look at that to make sure it was you. And then finally, there are much more sophisticated forms of monitoring that come from the three credit reporting agencies, as well as third party providers where they have a number of different things that they're monitoring. You need them to be monitoring your Social Security number and your most personal information.

And then you need to get things like what's called instant alerts, which is not, hey, Chris, a few weeks ago, somebody using your information to open an account. But it's, hey, Chris, somebody is attempting to open an account right now. Is it you? Yes or no. And then you need to have monitoring that monitors the dark web, because if it shows up, that your information is out there and it will tell you what information has been discovered on the dark web, whether it's an email address, a password, a phone number, account information.

That's why it's important to do that. So the second M, very important. So just to recap, so I know getting your credit report, free annual credit report dot com, you can get it for free. Yes, you do. I believe even right now, as a result of maybe the pandemic, you can get it more regularly than once a year.

You were getting it in some cases either once a month or once a week, depending upon the credit reporting agency. And then a lot of the alerts you talked about are free. I have an account with Experian, Equifax and TransUnion. I get alerts. I don't pay for any of those premium services.

I get my credit score. Gosh, I probably have five different ways to get it for free, whether it's Credit Karma, which isn't necessarily your FICO score, but it is a score or different credit card companies. Amex gives you a free credit score. I think Capital One gives you a free credit score.

Are there any of the credit monitoring and reporting services that you actually should pay for, or are they a little bit fluffy products that people create for people who are worried? But you can kind of do all this on your own. I know you can freeze and lock your credit, which I do for free also.

Yes. No, you can do that. That's as a result of an amendment to a banking law that was done a few years ago. But there are services that are worth it because you really need them to take in-depth dives. Whereas with free credit reports, you can get them frequently, although a little less frequently now.

The important thing is you really need to keep up to date. And with that payment, you're not just paying for the monitoring, but you're also getting access to a professional that can help you through identity incidents. And that's really the third M is that how do you manage the damage?

Now, a lot of people don't realize that through their insurance companies, some financial institutions, and now more and more through their employers, there are programs available to help you through identity incidents. In some cases, it's free as a perk of your relationship with the institution. In some cases, it's deeply discounted.

In some cases, it may not be. But you have to really think about how important it is to know whether or not you've got a problem and have somebody who can help you through the problem. I get that if you are involved in an incident, it can be helpful to have an expert kind of manage the entire process.

But for just monitoring, would you say everyone needs to be using a premium service or how do you kind of set the threshold for someone thinking, can I feel like I've got monitors? I get my alerts, I get my transaction alerts. I check my credit every so often when my score changes, I get an alert.

Does the average person in that circumstance who hasn't yet been a victim of any fraud or theft need the premium services? Well, it depends how premium you want to go. And you have opportunities to select amongst those premium services. And even then, the level of premium service you wish to get.

And it really has to do with your comfort level and how alert you are and how informed you think you are based on the alerts you're seeing. And the truth is, access to a professional to help you through incidents is priceless. It really is. And if you talk to a lot of the folks who have been on both sides of the cyber world, they will all tell you that so much information is out there about us right now, that the fact that each and every one of us hasn't become a victim of some form of identity theft is simply because they haven't gotten around to us yet.

It's really a question of supply and demand. But I can tell you, having owned a company, well, first a company that was involved in monitoring and then a company that was involved in managing damage and taking care of people. It really depends on what you want to get out of it, how much you're willing to invest.

It's not a criminally expensive amount if you get the more moderately priced monitoring programs. And you really need to know and you need to know as quickly as possible. And you have to pay attention. I imagine if I Google credit monitoring services, there's thousands. I imagine some are much worse and probably just repackaging what you can get for free for a fee.

Right. Are there particular companies or services that you think are actually providing that added value for their fees? There are. I generally don't single out anybody specifically. And it's not because I'm being paid by anybody in particular. It's just I really feel like it's a function of you really need to do your research.

Now, the Consumer Federation of America has a website. I think it's called ID Theft Info. I could be wrong, but it's just like a Consumer Federation of America. They actually have the majority of the major players in the identity monitoring service world. They signed up for best practices. And what they do at that website is they give you a list of questions and answers to think about when you're searching for someone to monitor your credit or to actually help you through a credit incident.

And it's really worth it to go to that website. But there are a number of very good companies that have very good and thorough monitoring programs. But as with anything, take time and do your research. I was hoping I could skip a little of the research and get the answers from you.

Are there any companies, you know, in the space that's like definitely avoid like companies that are on your blacklist of credit monitoring and identity theft protection? Are there services where you're like, no, I just skip over lifelock? They're the worst or something. Anyone in the space to avoid? Well, no, see, now you're getting me to actually recommend certain companies.

I don't. First of all, OK, I'll give you some. Or is one that's very good. Lifelock is very good. I can tell you for years I've used the Experian and Protect My ID, their program, that's very good. My old company, Credit.com, we had a number of products and services that we matched people with that were very good.

And I'm sure the folks at Credit Karma and other places can also give you recommendations. Another place to go just for just great advice in general is the Identity Theft Resource Center. They're out of San Diego. Eva Velasquez is the CEO. She's been CEO for a while. They're highly respected.

And and for those people who who don't use paying services and are in trouble and need help and are victims of identity incidents, they actually work with some of the bigger companies and have a deal going on where these companies will help them help people for free. So the Identity Theft Resource Center, ITRC, OK, is is very good.

Thanks for giving some information that I know you didn't want to. Yeah, science has shown that being charitable can actually have a huge impact on your happiness, which is why I'm excited to be partnering with Daffy today. They're a not for profit community built around a new modern way to give, and they have a mission I think we can all get behind, helping people be more generous more often.

Amy and I use Daffy for all of our giving because they offer an account that makes it easy to put money aside for charity. You can make a one time contribution or you can set a little aside each week or month, and all your contributions are tax deductible, except you don't actually have to know exactly where you want to give the money right away.

In fact, you can make your tax deductible contribution now and invest that money into stocks or even crypto so it can grow tax free and let you have more impact in the future. Then whenever you're ready, you can give to any of more than one and a half million charities, schools or faith based organizations in a matter of seconds.

So head on over to all the hacks dot com slash Daffy if you want to start giving today and for a limited time. If you visit that link, you can get a free twenty five dollars to give to the charity of your choice. Again, that's all the hacks dot com slash Daffy.

In today's Internet age, people's personal information is being shared online with the click of a button without their consent, and it happens all the time. But you can tackle this problem thanks to Delete Me from Abine, the company Adam just mentioned. And I am excited to be partnering with them for this episode.

When I used to Google myself, I would find hundreds of detailed profiles sharing my cell phone number, address, email, family members and a lot more. At first, I actually tried to remove it all myself, which you can do. But after at least 10 hours, I signed up for Delete Me.

And it was so much easier. Their software and team of experts will not just find and remove your personal information from hundreds of data broker websites, but they'll continuously scan for new data that shows up and get that removed as well. On average, Delete Me finds and removes over 2000 pieces of data for a customer in their first two years.

So if you want to get your personal information removed from search results on the Web, go to all the hacks dot com slash Delete Me and get 20 percent off a plan for you or your entire family. Again, that's all the hacks dot com slash Delete Me with credit cards.

I think a lot of the reason people are not too worried about just putting their credit card number online is that most, if not all credit card companies nowadays take the burden of the risk of something happening and fraudulent charges. But one thing I don't think I know, so I'm assuming most people don't.

If someone uses your Social Security number to open a bank account or take out a mortgage or a loan or buy a car, how much of the liability ends up falling on you? Is the risk all the hassle of cleaning it up? Or is there actually risk that you could be liable for what happens and someone else won't pick up the tab like they might with credit card fraud?

Well, we've seen, for instance, situations where people have had their Social Security numbers used to take mortgages out on their homes. That becomes problematic because you really need attorneys for that. And it's not a simple process to have a mortgage removed from your home when the money was actually taken using your information.

Now, your insurance company can be very helpful there. Check with your insurance company and find out if they have identity protection programs, if it's automatic or you need to bring it on as an endorsement to your insurance policy. Oftentimes your homeowner's policy, your renter's policy. Now even they're offering identity theft services through auto owner policies.

But you may need that insurance coverage for that that you may pay for. But it's not a large sum of money. It's just generally a fee for an endorsement. But no, it can be a problem. We've seen cases, for instance, with Zelle. Now, the Consumer Financial Protection Bureau just came out and kind of dropped the hammer on a number of those peer to peer payment apps because so many people have had their information stolen, the app used or they in good faith used it because they thought they were dealing with somebody real and not an identity thief or a hacker or a scammer.

And the money's gone. And of course, they do tell you before you hit that button, make sure you know who you're dealing with. But that's changing. Let me take you back to sort of the beginning of identity theft. And in the early days of dealing with identity theft issues and even to a little bit today, the victim was guilty until proven innocent.

And in fact, the consumer was considered collateral damage. It was viewed as the business was the victim of the identity theft or the fraud. Now, with credit cards, you're right. Banks. It used to be $50 liability. It's now down in most cases to zero debit cards. Little different story.

Many of them have good protections. But in some cases, the financial institution will say that before we return your money to you, we have to do an investigation and we have to feel comfortable that you didn't just do something dumb and you're trying to get us to cover your loss.

Fortunately, most people listening here are a big fan of earning credit card points and aren't using their debit card much. But the identity theft, I'd love to go back to the beginning. You were the victim. How has that evolved? Well, it's evolved now that there is a greater understanding of the fact that millions upon millions of people have become victims of identity theft.

And in many cases, through no fault of their own, simply their information was on the wrong database at the wrong moment and the wrong person gained access. And now suddenly they're victims of identity theft. And you have so many different levels of identity theft. You have the low hanging fruit, which is account takeover, which has to do with credit cards and debit cards.

Raise up the food chain a little bit. Then you have new account identity theft. That's where someone using your information has gone about the countryside, happily opening accounts in your name with your information, running up the balances and then disappearing into the sunset. And then you get other forms of identity theft, like medical identity theft, where someone using your information gets medical treatment in your name, has a procedure in your name, has appointments in your name.

In most cases, it's a fraud against the insurance company, but it could come back to haunt you depending upon your lifetime allowances. But in cases where insurance wasn't involved, you've had many situations where people get a bill that comes out of nowhere from a medical provider. And it's huge.

And they end up having problems with their credit reports and fighting with the medical provider and being sued. And there is a greater understanding of that now. There's child related identity theft. Kids have no idea because they don't check their credit. They don't even think they have a credit report.

Most parents don't check their kid's credit reports, although that's changing. But in that case, we had one guest on What the Hack. Axon Betts Hamilton has become a very famous expert on identity theft where she was a victim and her mother was the thief. Her mother stole her identity, her father's identity.

Her grandfather's identity had a second life. Oh, my gosh. And as Axton said, I spent Thanksgiving sitting across the table for 19 years across from my identity thief. And there are a not insignificant number of identity theft victims where it occurs within the family. Foster children, for example, 10% are victims of identity theft, because as they go through the foster system, they have a card with their information that's passed from family to family to family.

And in many cases, that information is used to steal their identity. So you have that. And now the government's gotten involved and try to be more helpful in situations like that. The reporting agencies are much more understanding when it comes to this. But there is a process that you go through.

And if you do it, it could take months, hours of your life. You could end up with no life and no job and no family because you're spending so much time focusing on resolving your identity theft issue. For instance, if you become a victim of criminal identity theft, that's a big problem.

That's where someone using your information commits a crime. There was a movie Identity Thief that you may have seen, but they commit a crime. We had a case once a fellow was driving through the Midwest. He gets pulled over for a busted taillight. All of a sudden, his car is surrounded by guys with guns.

They make him get on the ground. They cuff him in front of his kids. They take him to jail and he gets out in a couple of days. But he needs to get a lawyer. And sometimes it takes a not insignificant amount of time to clear your name if you're a victim of criminal identity theft.

Is there a way that he could have prevented that? Obviously, committing a crime isn't something that's necessarily going to show up on your credit report. I know every time you apply for a job, they run a background check. Is there like a background check monitoring service to see if things like that are happening?

There are some of the services now that will monitor as part of their overall monitoring, whether you've had incidents of a criminal nature or at least there are warrants out there for you and you might not know about. But criminal identity theft is something that you can almost do absolutely nothing about.

It's just someone did it, used your information, committed the crime. How do you prove you didn't commit a crime, right? That's a little more difficult than someone nailing you for committing a crime. It becomes more complicated. That's why it's so important for people to be alert. If you get a notification about something, don't assume if you know nothing about it, that it's a mistake.

At the same point, don't immediately jump and try to do something about it, because it could be somebody committing a fraudulent act and getting you to click on the wrong link or open the wrong attachment as well. I want to come back to a few things, but when you get that link, when you get that email, I think it's wild to me how many different examples I've seen recently of successfully convincing people that this is the right link, whether it's using some weird font that isn't actually the right font.

I've seen one where someone had the domain registered that was like mail.google.com. So it looks in a small window like it's correct, but then it's mail.google.com dot some other address, dot some other address. And so it actually looks like the right prefix, but it's not. I always say, of course, look at the full URL, look at the full sender.

Are there other things in those moments that people could quickly do just to make sure or validate that it's correct? Well, if you get a notification from what appears to be an organization of authority, first, you have to think about it. First, the IRS doesn't email anybody. Police departments wouldn't normally send you an email and go, Hey, by the way, we think you've committed a crime to notify us here.

What you should do, even if you get one that looks really, really official, contact the specific agency and independently confirm the contact information and then reach out to them and say, I got the strangest thing. Did you send me something? Now, most people don't like to red flag themselves with the IRS.

But at the same point, you need to make sure that you're dealing with the IRS. And of course, generally, the only way they deal with you initially is you get a letter, maybe not a letter you want to receive, but you will get a letter. They don't call you unless you owe them money.

You've owed the money for a very long time. They've sent you notice after notice, after notice. You didn't respond. And then you might might get a call from a legitimate debt collector. There are about three or four that have been designated by the IRS. But again, generally, it's never something where you're asked to do something urgently.

You never get something in the eyes of saying, unless you pass right now, we're sending someone to arrest you or even a phone call. They don't do that. You're always offered an opportunity to have a conversation with an agent and reach a settlement agreement with the IRS, for example.

But that's what scams are based on. And a lot of the scams are very similar. Think of it as the music is the same, but the lyrics change depending upon what's happening in the world or what the scammer or the hacker is trying to achieve. So you really need to set a list of protocols for yourself as to what you do and protocol number one.

Stop. Read it carefully. Calm down. Think about what it's saying and think about whether or not it's logical that you would have received this communication by way of an email and whether or not what they're asking you to do seems logical within the time frame they're giving you to respond.

That's great advice. Are there any new tactics? I know SIM swapping made all the news years ago. Is there anything happening right now that you know about because you're in the industry that maybe other people will hear about over the next few years, but would be good to know now?

Well, let's go through some of the scams that exist and sort of match them to what's going on. First of all, their health care scams that have been going on for forever. But in particular, COVID was a petri dish for them. And now monkeypox is becoming a problem as well.

And that could be anything from updates to tracking to notifications to here's where you get your vaccine. Here's where your schedule, your test, these kinds of things. So you have to be on the lookout for this. Again, as you said, run your cursor over the email address to make sure that where it's coming from looks legitimate.

And even then, wherever it's coming from, even if it's a phone calls from someone saying they're from the health department, thank them, hang up, independently confirm the right number for your county health department or your state health department or even the CDC. If you think you're getting a call from the CDC, which I really haven't heard of too many calls coming from the CDC, then then call the real number and speak to somebody and confirm whatever that information that they're providing you.

And remember, in most of these cases, they are never supposed to ask you what your social security number is or getting credit card information from you. You can't pay to get to the head of the line with these. If it's a legitimate government situation and it's involving health care, there is a protocol to use and in no protocol that I know of and have ever known of, are you paying something in advance in order to advance your prospects with that?

So you have job scams all the time, especially during the Great Resignation. And now with inflation and now with the concerns about whether or not there's going to be a recession, people may be looking for additional jobs. There go to legitimate, well-vetted websites and make sure that you're communicating with the right organization.

If someone asks you to provide your social security number right off the bat, that's not legitimate. Don't walk, run. So this could be a job board. You see a job you're interested in. You're like, oh, this company is interesting. Maybe I should apply for it. It could just be a totally a fake company that's leading you down a path of interviewing for a job with the purpose of just collecting information about you.

Is that absolutely or getting financial information by way of you giving them your credit card information? Let's say it's a secret shopper job. And they say, well, you know, to get you started, we're going to be laying out some money, but we'd like you to reimburse us for this.

So be careful. You don't want to get involved in anything like that unless you can confirm the legitimacy of it. So always independently confirm. Also confirm that particular company is actually looking to hire people by going to the real website of the organization and then calling the HR department of the company and asking them if they're conducting interviews.

But you have to be very careful about job scams. There was a scam that was going around for a while, disappeared, came back again, the jury commission scam. That's where you get a phone call. Someone represents themselves to be from the jury commission. They're polling, quote, eligible jurors in the district.

And if you would be so kind as to provide them with your social security number, they will be able to let you know whether or not you're eligible or not for the jury poll. There have been scams where police departments were supposedly calling people and asking them for specific information.

Generally, police departments just don't call people out of the blue. Or if they do, it's a legitimate detective. They may be asking you questions, but they're not going to be asking for your social security number, your date of birth or things like that. Unemployment scams, of course, have been a disaster during covid.

Billions upon billions of dollars have been stolen. My own sister in law, who was on one of our episodes, was talking about the fact that she was legitimately notified by her home state of Colorado and by the state of Ohio that somebody using her information had applied for unemployment benefits.

In one case, she found out simply because she received a debit card in the mail from the unemployment agency, which she said, I'm not looking for a job. I'm fine. I'm not out of work. We've had cases where people found out because someone in their company walked up to their desk in the days when people were actually at their desk and said, by the way, why did you apply for unemployment?

You still have a job here. That was going on. You have the tech scams. That's what you get a phone call from someone representing themselves to be from Apple or Microsoft, saying that they've noticed that there's a problem with your computer. They are going to direct you to a site where you can download certain software, which will enable them to then come into your computer and check it out and solve whatever the problem is.

Apple and Microsoft, they don't do that. But scammers certainly do that. Be on the lookout for tech scams. Then, of course, in the line of work that you've been talking about, too, which is vacations and points and all of that. There have been theft of frequent fire miles. There have been all kinds of vacations, all kinds of rental scams that people have to be on the lookout for, which we can go into further depth if you'd like to do that.

And then there's catfishing, which is huge. Whatever the theme may be, it's still a catfish. And what people are trying to do is they're trying to tug on your heartstrings and get you to believe that they care about you. And the whole goal is to get into your life as quickly as possible and as authentically as possible.

But yet you never really get to see them. You never get to really hear them. You may just be communicating with them by text or by email. And then at some point, relatively quickly into this relationship, you're suddenly asked for a lot of personal information or they send you a compromising picture and ask you to reciprocate.

And what you don't realize, that's not their picture, but unfortunately, that's your picture you just sent to them. And suddenly you can become a victim of extortion and blackmail. Or they ask you to provide credit card information so that you can help them get a plane ticket to come visit you.

Or we've had cases. We had a woman on our show talking about the fact that she met someone online who even had a terrific LinkedIn profile as a very successful medical professional who had decided to dedicate part of his life to go to the Mideast and open a clinic there.

And somewhere in the first couple of weeks that they were getting to know each other, he said, our equipment has come in. It's held up by customs at the airport. If there's any way that you could help me by sending me 30,000 so I can get the equipment out, that would be great.

Of course, she didn't do it. She wouldn't fall for it. But unfortunately, a lot of people do. I mean, we've seen cases where someone was taken to the tune of two million dollars by someone who convinced them that he loved him. And the only way that they found out there was something wrong, which they should have known from the beginning, was that a financial advisor notified members of their family and said, something's going on with your mom.

She's taking a lot of money out and sending it overseas. You really need to look into this. And even after confronted with the reality of her situation, she said, OK, I understand it's a fraud, but in my heart, I still love it. Wow. I mean, this is how deeply they ingrain themselves into your life.

And then another scam are charity scams. And this is where they'll take the issue of the day, whether it's the Ukraine, it's a natural disaster. It's a crisis somewhere in the world. It's children. Any one of those topics, whatever is in the news, they will use it. They will convince you that they are the newest, best, most successful, most respected organization in the space.

And could you please give them credit card information or send money to this? And it's not real. It's a fraud. That's really interesting. So I've been a little familiar with some, not all the others. When it comes to the frequent flyer miles thing, if you Google my name, there's some articles about having a lot of points in miles.

And so I have been a victim of theft of points, I guess, which we talked about maybe coming on your show. And if that happens, definitely go check it out. I'll tell the full story. But in short, that's what sent me down a path of really locking down all these accounts, because someone was able to call Chase and get Chase to let them order things with points on the Internet.

The craziest thing, and I'm still today don't understand it, was they ordered an Apple laptop using my points, but they shipped it to my house. Now, maybe the plan was to come to my house and pick it up, but they never did. Just an Apple laptop showed up. So it was like the strangest fraud because Chase refunded the points.

And I had a laptop. I asked Chase what they wanted me to do with it. And they said, try to take it to the Apple store. The Apple store didn't want it. So eventually Chase said, the best thing we can tell you is to keep it or donate it.

We don't know what to do. It ended up being a happy story for me, but it was probably payback for the hours of time to mitigate it. I want to go back to your first M, which is about minimizing the risk. Yes, yes. And talk about some of the things people can be doing to prepare and kind of plan in advance of any of this happening.

And there's a couple areas here I'll go to. But one is around information online. So I remember back when I was a venture capitalist, this company, Fortalis, which I know you're familiar with, was raising money and they offered to run some reports on people in the investing group to show off their product.

And they ran this report. And I was like, wow, it's not that I didn't know there was information about me online, right? There's family tree websites. There's white page websites. There's my social media. When someone pulls all of that information together into one place and you see a list of every address you've ever lived at, every job you've had, all of your phone numbers, all of your email addresses.

And then the exact same set of information for your spouse, your siblings, your parents, and they put it all together. You're just a little bit taken aback. And it made me think, gosh, should I be getting rid of this? Is there a way that consumers can get a lot of this information off the Internet or what goes into trying to mitigate this risk and minimize the risk in getting stuff taken away?

Well, I could give you my favorite George Carlin line, which it's a mystery. But the truth is that there are things that can be done. That is a long and arduous and time consuming process because you literally have to go from data broker to data broker. And there are procedures you can use.

And each one explains it to you. And of course, the CFPB, Consumer Financial Protection Bureau, has advice on exactly how to do all of that. But just like when LifeLock started and someone said, wasn't it true that a lot of this stuff people can do themselves? And the answer, which I thought was a very interesting answer, and I've been a fan of LifeLock, is they said, well, sure, you can also change your own oil.

And if you want, you could maybe even change your own muffler. Do you want to? So it really has to do with how much time you're willing to dedicate to it. Some people, it's a crusade and they will do it because they don't want to pay anyone else to do it and they will do it.

Others will find companies like Reputation.com, which is where they will work to get negative information about you offline, or companies like ABINE, where they will work with you to actually delete information from the online world. And now that there is a right to forget in the GDPR, which is the General Data Protection Regulation in Europe, and it's incorporated to some extent in the California Consumer Protection Act, and it is hoped that maybe it will be also incorporated in the American Data Protection Act, which is kind of wending its way through Congress, assuming it can actually find its way through Congress, which is very difficult for us.

As we've seen in the past, it's very difficult for stuff to get through Congress, all the interests involved. But it still is a process. Now, you can contact Google, for instance, and ask them to remove certain information about you, which they're willing to do. But it's a process. This is just like with a credit report, when people would go to credit repair companies and some of them are good and some of them are really, really not good.

And they would say, OK, we will get this information off. And they do. But unfortunately, it was legitimate information. And as a result, when the particular subscribing retailer does an update, the information finds itself back onto your credit report again. Think of all of the millions of websites that are out there and how, unfortunately, over the years, there's been this wholesale sharing of information or selling information or lending information, depending upon what the relationship was between these organizations.

And it's going to be out there. And can you get it off? Maybe for a period of time. Can you get it everywhere? It may take you forever to find out where everywhere is. And there's a new part of everywhere that shows up every day. So that's why you have to say to yourself, look, the world I live in, it's a surveillance economy.

It just is. We are surrounded by billions of Internet of Things devices, tracking, listening, sending data back to manufacturers, data then being shared, that information also being hacked by hackers. So that's why you need to really consider the three M's. And among the things you should be doing, assuming that your data is out there, even despite your best efforts to get it off the online world, is everything from long and strong passwords not shared among websites or password managers using two factor authentication, which makes it, again, more difficult for someone to represent that they are you because they do have to go through that extra layer of whether a code is sent to a cell phone or you use thumbprints, eye scans, depending upon the particular device you're using.

I'm a particular fan of thumbprints. They also multi-factor authentication can involve voice prints. Of course, the issue is what if, God forbid, someone steals a database of a company where they have your voice prints? That could be a problem, too. But again, any layer of additional authentication you can add is important.

It also means you don't click on every link you see. You don't open every attachment, even if you think it's coming from someone, you know. I mean, a perfect example. It's a buzzkill. But any time I get an e-card from someone, the first thing I do is I call that person and say, I know this is a buzzkill, but did you just send it?

You don't have to tell me what it says. I'll go do it, provided you confirm you really did it. But again, with the malware that's out there and the ransomware attacks that are going on, you always run the risk that someone receives something that they opened that they thought was hysterically funny and terrific, and they're sending it to you.

But they didn't realize that it had malware on it. And all they've done is they've shared the love and the hack with you. You do run that risk. That's why it's really important to be very careful where you click, what you open. That means, as we talked about earlier, you lie like a superhero when you're sending up questions and answers.

That means that you freeze your credit, which is, as we talked about, is free. And you can do it. That means that even the humble shredder, and I don't mean a ribbon cut shredder, because for those of us who saw Argo as an example, what happens is you can get kids or people hopped up on drugs who will sit there and meticulously tape back up things that have been cut by a ribbon cut shredder.

That's why you need a confetti cut shredder or a cross cut shredder, which turns this into little useless pieces of confetti that no one can put back together again. These are some of the things that you need to think about doing. Or, as we also talked about earlier, that's where the third M comes in, and it's so important.

And that is to contact your insurance agent, your financial services rep or the H.R. department where you work and say, if I become a victim of an identity incident or if I'm worried about it or I find out that an organization that I've had a relationship with has been hacked, are you going to help me through the incident?

Yeah. And that's where it's really important. And a lot of these programs are free, deeply discounted and worth you signing up for. Getting the crew together isn't as easy as it used to be. I get it. Life comes at you fast. But trust me, your friends are probably desperate for a good hang.

So kick 2024 off right by finally hosting that event. Just make sure you do it the easy way and let our sponsor Drizzly, the go to app for drink delivery, take care of the supplies. All you need to come up with is the excuse to get together. It doesn't even have to be a good one.

It could be your dog's birthday that the sun finally came out. Or maybe you just want to celebrate that you got through another week. With Drizzly, you can make hosting easy by taking the drink run off your to do list, which means you can entice your friends to leave their houses without ever leaving yours.

And since I know you like a good deal, Drizzly compares prices on their massive selection of beer, wine and spirits across multiple stores. So when I really wanted to make a few cocktails while we were hosting family last week, not only could I get an Italian Amaro delivered in less than an hour, but I found it for $15 less than my local liquor store.

So whatever the occasion, download the Drizzly app or go to Drizzly.com. That's D-R-I-Z-L-Y.com today. Must be 21 plus, not available in all locations. I just want to thank you quick for listening to and supporting the show. Your support is what keeps this show going. To get all of the URLs, codes, deals and discounts from our partners, you can go to allthehacks.com/deals.

So please consider supporting those who support us. I'll share a couple others that I've learned in the past. I don't know how many years. Some I've employed, some I plan to. I actually have multiple email addresses. So I have an email address that I just use for financial institutions.

Good idea. I have never shared that email with anyone. Only financial institutions know it. I've been recommended, though I haven't, to use a separate one for social media profiles. Just yes, that was another recommendation is to just have different email addresses. Look, if you don't have a password manager, I can only imagine how hard that is.

So we're going to go back to your original recommendation, which is everyone needs a password manager. Everyone should be using two factor authentication everywhere they can. I personally prefer and switch all of it as much as possible to be a one time password. Oh, yeah, one time. Well, yeah, and you can use Google Authenticator.

You can use some of the more the hardware oriented. You know, when we talked earlier, you had mentioned one of them when we talked prior. I'm a fan of all of my two factor being one time passwords that you can put in Google Authenticator or Authy or even one password, though I had historically been putting all of my one time passwords in one password.

I am now realizing as convenient as it is for them to copy and paste them. The fact that I'm storing my password in the exact same place I'm storing my two factor off inherently makes it no longer two factor because they're in the same place. It's like one a factor, you know, two types of single factor.

So I'll probably actually be changing that. Do you have an opinion on using hardware? Yubico plug in security keys versus Google Authenticator and Authy app? You know, there are some people that like using security keys, but they're generally one account related keys, as I believe. Yubico may be more than that, but I think it is one.

So my Yubico key, I use it with Facebook and with Google and with different services, so I can sign into different services. It's a lot more hassle to have to carry this thing around and plug it in. Obviously, that comes with security, but it's just one where I'm like, I haven't quite determined that it's worth it.

Yeah, because that's the issue is that you may carry it with you. But then if one day it disappears, it's not helpful to you. Just keep in mind, if you're using Google Authenticator, you lose your phone, you lose those passwords. Obviously, you can usually recover them with backup codes.

I definitely recommend writing down those backup codes or using something like Authy, which is a competitor. But I know they actually store those so you can transfer them between devices. There might be better services. By the way, if anyone listening here has any recommendations that we didn't cover or anything, please send them to me, because hopefully between now and the time this airs, I'm going to try to put a lot of these into place, test a lot of these services out and maybe release another little bonus episode with my feedback from trying to do all of this.

That would be great. Just remember, whenever you write down something, put it in some place secure. You always run the risk if you use a Post-it on your computer and someone breaks in your house, you've just given away another key to the kingdom. So another tip someone gave me is actually not just emailing these white pages directories online.

If you just Google your name or your last name and your address in quotes, you'll see the websites that are sharing your address. You can reach out to them and get them to remove things. A friend of mine recently told me another suggestion, which is to reach to the MLS or have your real estate agent do it and have the photos of the house that you purchased whenever it was removed from the MLS.

Otherwise, someone has your address. They can also then just go look inside your house, understand the entire floor plan. I'm not saying you're a target of someone understanding the layout of your house, but it seems like information that provides very little value to the world for people to be able to look inside every room of your house.

Obviously, it's not real time. It's not your cameras, but it's something I'm going to be doing. No, that's important. The other thing is you can actually contact like Google and Apple and say, could you blur my house so that if someone's using maps or whatever, it's not so easy to go, oh, I see.

That's where Chris lives. Hmm. Well, that's interesting. I didn't realize he was as close as he is. So these are little tricks of the trade that you can do as well. That is another step toward helping you get your stuff offline or at least less accessible. I'm trying to think of any other ones that I've done or have thought about.

I have a second phone number on Google Voice that I don't know why, but it seems like every financial institution supports only text message or phone call based two factor off. All of the tech companies seem to support using authenticator and one time passwords. Yeah, but all of my financial institutions, Chase Vanguard, they're only text and it's so frustrating.

So I've got my Google Voice number that I can use. So I'm not using the number that I've given out to so many people, as you mentioned earlier. Listen, that's an excellent idea. Google Voice for calls, because as we talked about the ubiquity of your cell phone number, it's always good to have another phone number.

Another scam that was going on is the Google Voice scam. And that's where you're supposedly doing business with someone online. They go, well, I don't really know if I can trust you. So I want to know that you're the real you, that this is really your phone number. So I'm going to send you a code and then I want you to read me back the code.

And what they've actually done is they've applied for a Google Voice number using your phone as the point of authentication. And then they will have a code sent to you. And then they will ask you to read them the code. And that then enables them to contact Google Voice and represent themselves as if they're you.

I've seen the same thing happen with sending an iCloud two factor code. They just pretend that it's something else. They say, oh, I want to confirm it's your identity. Let me send you a code. And they go to Apple and they go in and say, recover my password, send a code.

And they just hope that you don't notice that code actually is from Apple or that code is from your bank or something like that. So I'd say if you're not dealing with a service where you're 100% sure it's the service, which means you called them, you know, if Verizon calls you and says, hey, we'd love to talk to you about your account, we're going to send you a code right now and then we can get in.

I would say thank you. But let me call 611 back and get a Verizon rep before proceeding. That goes into the category of no, no, no, no, no, no. Yes, exactly. Now that HTTPS is pretty ubiquitous, right? If you don't already know to look for the secure lock, most browsers will throw off errors if they're not there.

Do VPNs really matter in these days? I've heard plenty of ads for them. But I wonder if now that almost everything we do online is HTTPS, if having a VPN really provides a lot of value other than maybe like your browsing activity, what types of things you're doing, whether you're streaming from different services.

Well, a VPN also is very helpful when let's say you're connecting to your business network. It's always good to use it if your company has a VPN to access things. Yes. But the idea of, oh, if you're at a public Wi-Fi spot, you need a VPN to make sure people aren't stealing your information.

My understanding is that with HTTPS being so prolific and secure certificates being free, that's not really a thing people need to be worried about. Well, the only issue is that there have been cases of the secure certificates being stolen. OK, so as a result, a VPN is still a good way to go.

And I like DuckDuckGo, but there were people that will say to you that if you're going to get a VPN, use one you pay for. Because they're less likely to sell your information than ones that one day might share your information that are free. Yeah. That goes back to another thing, too, which is read privacy policies and understand what the privacy policy is, terms and conditions.

I realize privacy policies in many cases are written in 27th grade English and they're presented to you in mouse print. And there are translators where you can actually go and it'll translate what a privacy policy is. The name of some of them escapes me right now. But this is something we could talk to Travis about, for example, that he might be able to give information on that.

But anything that you can do to mask your identity is a good thing. Even something as simple as location services on your mobile device. Many websites now scramble the things that would be identified by location services, but many of them don't. And the last thing you want is you're publishing pictures and it shows when and where the picture was taken, especially if it involves people doing things they shouldn't do, like exposing their kids too much to people.

Like an example. Here we are at Sustance Hutcher Park and it's little Susie's second birthday. And if the location services are on and it's not a site that scrambles them, the issue you have is that somebody could show up one day at that park, find little Susie and say, I feel so terrible that I missed your birthday.

And I told mommy that I'd be over the park today to see you because I have a present for you if you just come with me over there. It's in my car. And then all of a sudden you have a missing child. So, you know, location services, you should be discreet about when you use them, where you use them.

And if you can disable them, you do it. Of course, I realize that your GPS system won't work and a few other things. So, you know, turn them on for that. But be careful, know that they can come back to haunt you. When I got that Fortalice report, they looked at all the photos that had been published on social media by me, by others around my home address.

And all of a sudden there are photos that you didn't know of your friends and your family inside your house and all that kind of stuff. So one of their recommendations was to go back and remove the geo tags from your photos, from everything you've posted online. The only other thing we didn't discuss from tips that I have are going in and doing an audit of things you've offed to your Google account or your Twitter account or your Facebook account.

Yeah, there are so many websites that say, oh, just off your Gmail or oh, just off your Facebook. And many of them are legitimate, right? I've offed my Gmail to Calendly so I can schedule meetings. But doing an audit every so often of are there services that you've given access to your email or to your social media profiles that you don't use anymore?

Or even I noticed that recently I can't remember what service it was, but it's gotten a lot better, right? It used to be all or nothing authentication. Some of them now say, what do you want to give information? Do you want to give your name or do you want to give your email or do you want to give full control to post, delete and see everything?

And if you authenticated something five years ago, you might not have had the fine grain detail to be able to choose what you give access to. So it could even be worth deleting all of them and redoing them to make sure that you're only authenticating the kinds of information you want to the parties you want.

So that's another kind of audit that I plan on doing. You're not wrong about that one at all. And you absolutely should do an audit because it's very important to figure out when you're on a particular site where your information is going. I have a good friend who has a new company that he started, which is a privacy company.

And what they do is they can scan a website and then show you all of the different places that your data is going, all the different companies that are sucking up your data that you had no idea. And by data, just to be clear, it's usually IP address and activity, not stealing information off your computer and your files and that kind of stuff.

Right. But it's still IP address. You can identify. Yeah. And many years ago, they did a someone they were able to identify specifically who they were through analyzing their AOL searches. And they were able to actually zero in on the individual. And today, people will tell you, give me two or three social media entries and one one receipt.

And I'll be able to tell you who and where. I worked at a company that was dealing with location data, and we were talking to a cell phone carrier. And you might not know that just from the towers you're on on your cell phone, the cell phone carriers are logging all of this data.

And unfortunately, at the time, maybe not now, they're willing to sell this data. It doesn't have anything to do with you. It's just there is a device. It's here, but no one knows who. But I remember we did some analysis and it was something like with a reasonable degree of accuracy, you could figure out where any given phone would be at any given time because you had the history of where it had been.

Now, thankfully, that information was anonymous to the person. But you could say this phone that's often at this address is likely to be here. It was a little too much. I don't want to get people too scared, though, right? You could listen to this and say, oh, my gosh, my kids are going to get abducted.

People are going to find me. They're going to see everything in my house. What message do you have to people that will help them get out of that feeling of leaving this thinking everything's coming to an end? I should turn off all my technology and never leave the home.

Well, interestingly enough, I've had someone say, well, thank you, Adam. Now that I've listened to you speak, I'm going home. I'm going to disconnect everything. I'm going to burn off my fingerprints and I'm going to hide under my mattress. I said, but you can't do that unless you're living under a bottle cap at the bottom of Loon Lake and you're completely off the grid, which nobody is.

You're out there. So the question is, just be alert. Know what the threats are. Know what the red flags are. And then practice, for example, the three M's. Do everything you can to minimize your risk of exposure. Like, for example, when you get a new Internet of Things device, which most things are these days, change the password.

Most of them come with manufactured default passwords, and probably 98% of those passwords are for sale on the dark web. So change the password to something long and strong. Just read the manual. It'll tell you how to do it. Just like when you get your router in, make sure that the password is what you want it to be, not what someone else wants it to be.

And make it as complex as possible. Or use a password manager to help you with the whole thing. It's really all about two things that people have to understand. Number one, we all have day jobs. We work. We raise families. We're involved in educational activities, philanthropic activities. We own companies.

We're busy. That keeps us excited, interested, but also diverted. And to a hacker who's not diverted, we are their day job. This is what they do. And in some countries, they come in at eight. They have their lunch break. They go home at 430 or five o'clock in the afternoon.

And it's a job and they're working for the government. That's how they raise money. That's how they conduct espionage. Others work around the clock and do what they do. But it is their day job. And the second thing to understand is when you look in the mirror, you see you.

And you go, why would anyone in the world want to steal my identity? Why would anyone care? And the answer is simple. You see you. But when they see you, a hacker, a scammer, an identity thief, they see Jay-Z, Beyonce, Adam Levine. They see somebody who's got something they want that can enrich their lives or.

And this is not to offend anyone. It's not you thereafter, but it's your spouse, your child, your parent, an organization that you're involved with, a company that you work for, and you are simply the conduit to get them to whoever or wherever they want to get to. So this is why it's extremely important that you really focus on cyber hygiene, just like you go to doctors, you go to dentists, you do things that you do to stay healthy.

You have to maintain a healthy cyber environment because you're protecting yourself, your family, possibly your company, your co-workers and millions of innocent consumers that may be doing business with your company. There was a concept that was raised a couple of years ago by the CEO of Microsoft, and I think he was dead right.

It's called shared responsibility. It's that we know that business hasn't done enough. We know the government hasn't done enough. And we know consumers haven't done enough to protect each and every one of us from the ravages of cyber issues or identity theft or ransomware. And each of us has a role to play.

And with consumers, we didn't ask for it. We're not trained for it. And it's certainly not something we want. But it's a reality of where we are, what we do, who we are in the world we live in. And therefore, it's incumbent upon each and every one of us to do our part because we could be protecting a whole lot more people than just ourselves by doing the right thing when it comes to cybersecurity.

But it's not something that you need to be terrified of because it's reality. You're not going to escape it. So as a result, it's a question of just like they say with Covid, we've got to live with it. So when it comes to cybersecurity, we have to live with it.

It is not an individual sport. It is a group sport. It's team. And in addition to which you can't take a victory lap for cybersecurity because you could be completely secure at nine o'clock in the morning and suddenly exposed at nine or one because somebody clicked the wrong link, opened the wrong attachment, gave the wrong information to somebody.

So if we kind of stick together, work with each other, collaborate, communicate, cooperate, we're going to be better off for it. And I think there's a much more collegial attitude now that it comes to cybersecurity than ever before. And like you said earlier, with all the information out there, it's only a matter of time before someone decides to pick you as a target.

That's right. You win the lottery, the one you didn't even enter. But I'd say if you can make yourself a harder target by doing a lot of the stuff we talked about today, then you just move yourself further and further down that list where someone says, ah, this person's information isn't very easy to find online.

Let's just skip to the next person where their address takes me a second to find. So it's like the whole issue. If you're a burglar, do you break into the house where there's no dog or one where there is a dog where you might not be sure that you're going to come out with both legs?

It's important to do that. And a very important rule of thumb. Any time that anybody contacts you about anything and asks you to authenticate yourself for any reason, however plausible or logical it is, hang up. It's one thing if you contact them and they're an organization trying to do the right thing and they're asking you to authenticate yourself.

But if they contact you, no good. Great parting advice. Thank you so much for being here. Where can people stay on top of everything you're learning? All of the latest conversations you're having. Well, come to AdamLevin.com, which is where we put a lot of information about the newest, scariest, maybe not so scary, but things you need to know.

We have that on the website. Come to What The Hack with Adam Levin. You can get it to anywhere you get your podcast. Think of it as car talk for cyber. There are three of us. We try to have a lot of fun with it. We focus on a lot of important issues.

We bring people on who have either been victimized or have managed to avoid victimization when it comes to cyber or identity theft. And there are a lot of lessons to learn. And the whole thing is that this is where scaring is caring and sharing is caring is that the more people that are willing to tell their stories about what they went through and what the red flags were and how to avoid it, the better it is.

We all gain by it. Well, I'm looking forward to joining you and talking about the fact that people always overlook their frequent flyer accounts. I think let's lock down my bank account. But especially for this audience, you build up credit card points. You build up miles to have someone go in and take a flight or drain them to buy a computer is the worst.

And I've dealt with it. So no, it's not fair. You did the work to get it. Why should somebody get the benefit of your effort? Yeah. So thank you so much for being here. I really appreciate it. And I enjoyed the conversation. Well, thanks for inviting me. I enjoyed it very much.

Let's do it again. I really hope you enjoyed this episode. Thank you so much for listening. If you haven't already left a rating and a review for the show in Apple Podcasts or Spotify, I would really appreciate it. And if you have any feedback on the show, questions for me or just want to say hi, I'm Chris at all the hacks dot com or at Hutchins on Twitter.

That's it for this week. I'll see you next week. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris. And I'm Chris.