00:00:11.017 –> 00:00:15.497
Hello, and welcome to another episode of the Self-Initiative Project Podcast.

00:00:15.937 –> 00:00:17.797
I’m your host, Jim O’Brien.

00:00:18.457 –> 00:00:22.137
Hello, and welcome back to another episode. This episode, we’re going to be

00:00:22.137 –> 00:00:28.057
covering the topic of cybersecurity and things that we can do to make ourselves

00:00:28.057 –> 00:00:30.617
safer, more secure while we’re connected.

00:00:30.937 –> 00:00:33.497
You know, we live in a connected world today.

00:00:33.957 –> 00:00:38.977
Everything from our computers, networks, our smartphones, you name it,

00:00:39.137 –> 00:00:42.177
and technology has permeated everything we do.

00:00:42.317 –> 00:00:44.837
And it’s made a lot of things more convenient.

00:00:45.077 –> 00:00:47.777
I mean, just look at the smartphone, right?

00:00:48.297 –> 00:00:53.037
But with that convenience and with that technology and with that connectivity,

00:00:53.397 –> 00:00:59.617
there comes an added risk of security and in some cases our personal safety.

00:00:59.797 –> 00:01:04.877
And so it’s incumbent upon us to take the responsibility and initiative to ensure

00:01:04.877 –> 00:01:09.837
that we’re as safe as we possibly can be when we are using those devices and

00:01:09.837 –> 00:01:11.697
we are online and connected.

00:01:12.337 –> 00:01:17.357
So I thought I would spend an episode talking about cybersecurity and things

00:01:17.357 –> 00:01:19.637
that we can do to make ourselves more secure.

00:01:19.937 –> 00:01:24.957
I don’t think anything in here is going to be anything new, but hopefully it’ll

00:01:24.957 –> 00:01:29.997
serve as a go-to place perhaps for you to reference some things you haven’t

00:01:29.997 –> 00:01:34.597
thought about in a while or things you haven’t considered doing before now. You know.

00:01:35.265 –> 00:01:41.765
Hackers are successful because they’re still able to do things they do and people

00:01:41.765 –> 00:01:46.705
fall for it or people get trapped or people aren’t paying attention as they should.

00:01:47.225 –> 00:01:51.345
So things that have been talked about for a while and that we should all know,

00:01:51.345 –> 00:01:57.325
we still need to be reminded about and still consider because they still go on.

00:01:57.445 –> 00:02:00.685
It’s still happening out there and people are still falling for it.

00:02:00.685 –> 00:02:07.365
And I’ll give you a perfect example of that before we get into this episode more deeply.

00:02:07.825 –> 00:02:15.265
Back in the mid-late 90s, I guess probably the 96-97 time frame,

00:02:15.265 –> 00:02:21.865
I can remember the first time I got an email from Nigeria.

00:02:22.485 –> 00:02:27.365
And specifically now I think they refer to these things as the Nigerian email

00:02:27.365 –> 00:02:33.285
or letter scam. But basically, it was an email that got sent to individuals.

00:02:33.365 –> 00:02:37.645
It seemed at the time that it was targeting businesses of various sizes,

00:02:37.645 –> 00:02:40.625
but I guess anyone could have been on the receiving end of one.

00:02:40.625 –> 00:02:45.905
But these emails apparently were coming from some prints in Nigeria,

00:02:45.905 –> 00:02:52.725
and it went some variation hereof where they would say they would introduce themselves,

00:02:52.725 –> 00:02:58.065
and then they would give you some sub story about how they were having difficulty

00:02:58.065 –> 00:03:00.965
with transferring some funds that they had.

00:03:00.965 –> 00:03:05.485
And they offered, they came to you with their story and they said something

00:03:05.485 –> 00:03:11.105
to the effect of, well, you know, I need to, I’ve got this $14 million or whatever

00:03:11.105 –> 00:03:13.465
amount it was. I’m sure it didn’t matter.

00:03:14.405 –> 00:03:19.525
And if you let me put this into your bank account as a safekeeping place for

00:03:19.525 –> 00:03:26.965
short term, when I extract the funds, I will leave you $4 million or whatever it is.

00:03:28.327 –> 00:03:34.067
And evidently this worked. And so the scam was, you know, you would grant them

00:03:34.067 –> 00:03:38.487
access, transactional access to your bank accounts. And then when they would

00:03:38.487 –> 00:03:42.467
go to take, you know, get that access, they’d clean your funds out.

00:03:43.187 –> 00:03:49.087
And so that was the earliest form of scamming, online scamming that I can remember.

00:03:49.347 –> 00:03:53.747
And we used to get this little sales company I’ve worked for back in the day,

00:03:53.787 –> 00:03:59.007
we used to get so many that I finally called the FBI to have them investigated.

00:03:59.427 –> 00:04:05.727
And as it turns out, the FBI at the time seemed very laid back and nonchalant about it.

00:04:05.847 –> 00:04:11.307
And I got it right. It was because a, the scammers were working and operating

00:04:11.307 –> 00:04:15.127
from the other side of the world, obviously.

00:04:16.187 –> 00:04:20.507
And this agent, special agent that I talked to just indicated that,

00:04:20.507 –> 00:04:23.307
hey, you know, it’s very tough to track these people down,

00:04:23.507 –> 00:04:26.787
A, because they are on the other side of the world, and B, usually by the time

00:04:26.787 –> 00:04:32.207
we get to them or find out where they were at the time that they sent those emails or whatever.

00:04:32.647 –> 00:04:34.787
They were long since gone, right?

00:04:35.047 –> 00:04:38.867
So even for them, it was hard to track and catch up with these guys.

00:04:39.027 –> 00:04:44.507
And I have no idea what their success rate is for tracking down some of these hackers and scammers.

00:04:44.747 –> 00:04:49.427
But nonetheless, that was my earliest memories of such a thing.

00:04:49.627 –> 00:04:54.447
And interestingly enough, these letters and emails, where it seems like they’re

00:04:54.447 –> 00:04:58.767
fewer and further between, they still do happen.

00:04:58.767 –> 00:05:05.567
I think just in the last, I’ll say 12 months, I’ve probably gotten no less than two.

00:05:05.987 –> 00:05:11.207
And while it’s not the Nigerian prince, it’s, I think the most recent one I

00:05:11.207 –> 00:05:15.647
got just within the last couple of months was some queen of some country or

00:05:15.647 –> 00:05:18.767
space province I’d never heard of before.

00:05:18.987 –> 00:05:24.747
And basically the scam remains the same. Hey, I’ve got this large sum of money, really in with that.

00:05:25.119 –> 00:05:30.759
And if you let me use your account or however it’s worded, I’ll leave behind,

00:05:30.759 –> 00:05:35.639
you know, $2 million plus for you, whatever, whatever their story is.

00:05:35.819 –> 00:05:42.559
And as best I can tell, either the scammers haven’t caught on yet or people

00:05:42.559 –> 00:05:45.459
still fall for this stuff. So it’s very legit.

00:05:45.719 –> 00:05:50.039
And again, it’s our responsibility to take initiative to help make ourselves

00:05:50.039 –> 00:05:53.399
and our families more secure, especially when they’re online.

00:05:54.519 –> 00:05:58.259
So I thought we would start by talking about some things we can do.

00:05:58.479 –> 00:06:03.959
And again, nothing really is new here, but I want to put it all in one place for you.

00:06:04.979 –> 00:06:06.919
And just starting with the smartphones,

00:06:07.119 –> 00:06:11.099
you know, smartphones have really infiltrated everything we do.

00:06:11.279 –> 00:06:15.959
They’re so convenient. You know, they make us available at any given time, day or night.

00:06:16.239 –> 00:06:20.199
We’ve got all of our apps. We’ve got our social media. We can get to the news.

00:06:20.399 –> 00:06:22.399
We can read blogs. We can read podcasts.

00:06:22.878 –> 00:06:27.078
Books online. We can do it all, all from this little tiny device.

00:06:27.938 –> 00:06:34.058
But with that device and with that convenience comes some potential vulnerabilities.

00:06:34.758 –> 00:06:39.618
First of all, we’re all being tracked. If you’re online in any capacity whatsoever,

00:06:39.618 –> 00:06:41.278
you can bet you’re being tracked.

00:06:41.538 –> 00:06:45.858
Now, do they know who it is all the time and what the personal information is

00:06:45.858 –> 00:06:48.518
behind what it is you do all the time? Not necessarily.

00:06:49.238 –> 00:06:54.738
But the smartphone is convenient for us, but it’s also convenient for the government

00:06:54.738 –> 00:06:59.898
and hackers and anything else because they have direct access to us at any given time.

00:07:00.338 –> 00:07:04.138
And with that convenience, what I’m trying to say is we’re giving up a little

00:07:04.138 –> 00:07:05.758
privacy and a little security.

00:07:06.638 –> 00:07:10.338
One of the things that we can do, which has been talked about recently on other

00:07:10.338 –> 00:07:15.638
podcast is making sure our phones are tracking us as little as possible.

00:07:16.098 –> 00:07:22.218
And I’ve come to learn that a lot of these phone companies or carriers track

00:07:22.218 –> 00:07:27.358
us by default, and then it’s up to us to go in and find the switches to turn that tracking off.

00:07:27.958 –> 00:07:31.418
And so I’m not going to do a deep dive on how that gets done.

00:07:31.638 –> 00:07:33.918
You can look up information about your

00:07:33.918 –> 00:07:39.238
phone specifically or your carrier specifically to see how you can do it.

00:07:39.658 –> 00:07:43.558
They generally all allow the consumers to turn those switches off,

00:07:43.758 –> 00:07:46.738
but they’re generally on by default.

00:07:46.918 –> 00:07:49.518
Depending on the carrier, depending on the phone manufacturer,

00:07:49.878 –> 00:07:52.038
they’re likely to be on by default.

00:07:52.298 –> 00:07:58.278
So I would encourage you to turn off those extra tracking items as you can.

00:07:58.478 –> 00:08:02.698
One of the other things that we need to be cognizant of when we’re on our smartphones

00:08:02.698 –> 00:08:08.738
is how much time we spend on Wi-Fi and or on Bluetooth connectivity when we’re out in public.

00:08:09.078 –> 00:08:13.058
These are potential security holes for these devices. And so,

00:08:13.651 –> 00:08:19.251
While it’s convenient to use Bluetooth and or Wi-Fi in public,

00:08:19.251 –> 00:08:25.291
I would recommend only using it when absolutely necessary because they can offer

00:08:25.291 –> 00:08:28.931
pathways for the bad guys to get into your device.

00:08:29.211 –> 00:08:32.751
And if they get into your device, then potentially have access to all of your

00:08:32.751 –> 00:08:36.571
personal information, all of your pictures, all your contacts,

00:08:36.831 –> 00:08:41.051
all your social media, all your access to other things, etc., etc., etc.

00:08:41.051 –> 00:08:47.151
So when you’re in public, use caution when using both Bluetooth or Wi-Fi.

00:08:47.871 –> 00:08:54.431
Ideally, you should not use free public Wi-Fi because there’s all types of potential

00:08:54.431 –> 00:08:57.071
security holes and hackers waiting on you there.

00:08:57.071 –> 00:09:02.491
If you absolutely are insistent upon using public Wi-Fi for yourself,

00:09:02.711 –> 00:09:07.751
then consider installing and running a VPN, a virtual private network on your machine,

00:09:07.991 –> 00:09:14.431
on your phone, or on your tablet to make your surfing as safe as possible.

00:09:14.771 –> 00:09:21.011
But ideally, don’t use public free Wi-Fi and especially Wi-Fi that doesn’t require passwords.

00:09:22.111 –> 00:09:27.091
When we’re at home, we have as many potential holes with our Wi-Fi.

00:09:27.391 –> 00:09:32.791
You might be familiar with the term SSID. It stands for Service Set Identifier.

00:09:33.071 –> 00:09:36.191
It’s basically the name of your home network.

00:09:36.551 –> 00:09:41.151
Whatever your provider is, when you’re connected online, you generally have an SSID.

00:09:41.491 –> 00:09:45.851
If you want to think of the SSID in another way, it’s basically your user ID,

00:09:45.851 –> 00:09:49.711
which is half of the credentials you need to get into your system, right?

00:09:49.811 –> 00:09:53.351
You typically need a user ID and password to log on to your computer,

00:09:53.651 –> 00:09:56.071
your network, your bank, other apps.

00:09:56.411 –> 00:09:58.771
Same holds true for your Wi-Fi at home.

00:09:59.671 –> 00:10:03.931
And by default, and it depends on your service provider, but by default,

00:10:04.271 –> 00:10:08.171
most, if not all the time, that service ID is being broadcast.

00:10:08.291 –> 00:10:11.691
And what that means is that when you go to find your network,

00:10:11.691 –> 00:10:15.231
and if you have home networks, you know exactly what I’m talking about.

00:10:15.971 –> 00:10:20.131
When you go to look up what networks are available in an area,

00:10:20.411 –> 00:10:26.711
usually the SSID is what gets broadcast, which makes it very easy and convenient

00:10:26.711 –> 00:10:29.331
for you to select your network to then connect to.

00:10:30.314 –> 00:10:34.014
And then usually, you know, and hopefully you’re having to enter in a password.

00:10:34.234 –> 00:10:36.774
You definitely want to keep your network password protected.

00:10:37.234 –> 00:10:42.494
And while it’s convenient to see the SSID being broadcast so you don’t have

00:10:42.494 –> 00:10:46.814
to remember your SSID, it’s potentially a security hole.

00:10:46.954 –> 00:10:51.834
And the reason is, is because you’re giving away essentially half of the credentials

00:10:51.834 –> 00:10:58.434
that it takes to log into your network and get onto your Wi-Fi network. And that’s not good.

00:10:59.134 –> 00:11:05.074
So depending on your carrier and how their routers and their wireless APs are

00:11:05.074 –> 00:11:10.474
set up, et cetera, et cetera, you want to take the initiative to get in there, log into the router.

00:11:11.194 –> 00:11:15.974
Usually there’s a default IP, for example, that your service provider can get

00:11:15.974 –> 00:11:18.714
to you if you don’t know it or don’t have it offhand.

00:11:19.034 –> 00:11:23.694
And you want to turn off or disable SSID broadcast.

00:11:24.134 –> 00:11:29.094
Now, what does that mean? Well, if someone looks for available networks in the

00:11:29.094 –> 00:11:34.074
area that you’re in or your neighborhood, for example, they won’t see your network anymore.

00:11:34.294 –> 00:11:40.574
And so for you needing to reconnect a new device or reconnect an existing device,

00:11:40.574 –> 00:11:45.814
that means you’ve got to know what your SSID is in order to be able to enter it, right?

00:11:45.814 –> 00:11:50.754
So you give up a little bit of convenience for yourself, but you’re really making

00:11:50.754 –> 00:11:56.754
it that much more difficult for the bad guys to have access to your system and potentially log in.

00:11:57.254 –> 00:12:02.474
And the other thing that you want to do is look to change that default password.

00:12:02.834 –> 00:12:06.274
I don’t know how the service providers come up with their passwords.

00:12:06.274 –> 00:12:10.274
They’re usually a string of crazy characters and numbers and maybe,

00:12:10.274 –> 00:12:13.334
you know, capital letters along the mix.

00:12:13.334 –> 00:12:17.174
You know, they do pretty good in creating strong passwords, but I would recommend

00:12:17.174 –> 00:12:22.074
changing that and then ensuring that you’re using strong passwords that you

00:12:22.074 –> 00:12:24.794
don’t share out with the world, right? Some basic standards.

00:12:24.974 –> 00:12:27.334
So when it comes to our home networks.

00:12:28.145 –> 00:12:34.825
Turning off or disabling that SSID is really taking a major step to making your

00:12:34.825 –> 00:12:37.125
home network that much more secure.

00:12:37.485 –> 00:12:43.645
Now, we’ve talked about some of these email scams and even letters in some cases,

00:12:43.645 –> 00:12:47.885
but what’s really going on out there in the hacking world and what are we seeing

00:12:47.885 –> 00:12:53.265
happening on almost a daily basis, especially in the corporate world where it

00:12:53.265 –> 00:12:57.525
can be a really big issue, but even for us in our personal lives, right?

00:12:58.225 –> 00:13:03.545
So I want to throw out some terminology and then tell you how it all comes together

00:13:03.545 –> 00:13:07.405
and then give you some tips on how to avoid it.

00:13:07.605 –> 00:13:12.245
We all think in terms of our businesses and ourselves, but the two larger,

00:13:12.645 –> 00:13:18.065
I don’t want to say from a population size, actual size perspective,

00:13:18.325 –> 00:13:23.485
but just from a larger concern perspective, we have two groups of people that

00:13:23.485 –> 00:13:26.785
may or may not be so savvy that depend on us to help them.

00:13:26.785 –> 00:13:32.405
And that’s kids who are very much connected these days and the aging population.

00:13:32.705 –> 00:13:38.405
Most recently, I’ll give you an example. Most recently, my father contacted me. He’s 80 now.

00:13:39.038 –> 00:13:44.798
And he’s pretty tech savvy for an 80-year-old, I think, but he’s not aware of everything.

00:13:45.038 –> 00:13:50.598
And he calls me a few weeks ago and tells me that he’s gotten this email and

00:13:50.598 –> 00:13:55.578
it looks legit. He had recently been online shopping for some new watches for himself.

00:13:55.778 –> 00:13:58.938
He wanted to treat himself to a nice watch upgrade, I guess.

00:13:59.438 –> 00:14:05.518
And this email had indicated that he had made a purchase from the watch company

00:14:05.518 –> 00:14:07.198
that he had recently been surfing.

00:14:07.938 –> 00:14:14.378
And that PayPal had a charge of $900 and something dollars on it associated.

00:14:14.598 –> 00:14:19.158
And I forget what the ask of the email was, but my dad was concerned because

00:14:19.158 –> 00:14:23.738
he couldn’t remember making the transaction, which could become a point of concern,

00:14:23.738 –> 00:14:25.498
but that’s separate for now, right?

00:14:25.618 –> 00:14:29.518
You may not, if you’re not remembering major purchases like that,

00:14:29.658 –> 00:14:32.898
there may be other things going on that need to be addressed by family.

00:14:33.418 –> 00:14:37.758
But in his case, he was concerned because he wasn’t quite sure how he got this

00:14:37.758 –> 00:14:40.258
and what it came through and what it was.

00:14:40.378 –> 00:14:42.518
And I just said, dad, immediately delete it.

00:14:42.658 –> 00:14:45.158
I said, just delete it. I said, clearly it’s a scam.

00:14:45.358 –> 00:14:48.998
And I said, there’s ways that you could look to make sure or double check.

00:14:49.138 –> 00:14:54.038
But I said, if you’re not familiar with yourself making this purchase or you’re

00:14:54.038 –> 00:14:59.458
not or you’re hearing from companies that you haven’t interacted with directly

00:14:59.458 –> 00:15:04.078
and you don’t remember making transactions or don’t remember interacting directly

00:15:04.078 –> 00:15:07.938
with the entities that are mentioned in these emails, I said, just delete it.

00:15:08.619 –> 00:15:14.039
And I said, if you have any doubts, don’t reference the contact information in that email.

00:15:14.299 –> 00:15:19.739
I said, just reach out to those companies directly and ask them if these things

00:15:19.739 –> 00:15:21.659
happened or if they’re aware of them.

00:15:21.759 –> 00:15:24.179
And that’ll tell you pretty much what you want to know.

00:15:24.319 –> 00:15:27.439
But the easiest thing is to delete it. And so he did.

00:15:27.739 –> 00:15:32.499
And, you know, I think my dad was really, really, I won’t say upset,

00:15:32.519 –> 00:15:37.979
but he was concerned that it wasn’t readily apparent to him that this may be something that was.

00:15:38.619 –> 00:15:40.819
Not legitimate and a scam.

00:15:41.631 –> 00:15:45.551
And so that’s why I say for kids that may not be so tech savvy,

00:15:45.711 –> 00:15:49.451
and of course they are more tech savvy, more so than some of us adults,

00:15:49.631 –> 00:15:54.291
but they may not be aware of scams and how hackers operate, right?

00:15:54.591 –> 00:15:57.731
And same with the aging population like my father.

00:15:58.031 –> 00:16:01.791
So let’s talk about some of the things that are going on and some of the terminology.

00:16:02.011 –> 00:16:05.991
So you may or may not have heard of phishing.

00:16:06.191 –> 00:16:11.711
It’s phishing but with a PH. and basically this is when hackers try,

00:16:12.191 –> 00:16:17.431
like what happened to my father, to reach out to you through email and try to

00:16:17.431 –> 00:16:19.631
take action of different sorts.

00:16:20.091 –> 00:16:23.631
Sometimes it looks like it’s from legitimate businesses, and we’ll talk more

00:16:23.631 –> 00:16:26.971
about this here in a minute. Sometimes these look like from legitimate businesses.

00:16:27.451 –> 00:16:31.551
Sometimes they’re just directly from the hackers themselves demanding money

00:16:31.551 –> 00:16:32.871
or something from you, right?

00:16:33.411 –> 00:16:35.771
Of course, we’ve talked about the emails and letters.

00:16:36.371 –> 00:16:41.931
Another concept is smishing, which is just like phishing, but with an SM instead.

00:16:42.071 –> 00:16:46.631
And it’s essentially the same thing, except when it’s conducted through text.

00:16:46.891 –> 00:16:51.711
And I don’t know about you, but I’ve been getting a lot of unsolicited text

00:16:51.711 –> 00:16:53.691
lately for the last couple of years.

00:16:53.851 –> 00:16:56.911
And they’re mostly all politically motivated, it seems.

00:16:57.311 –> 00:17:03.511
And I can’t say that I have picked up on any scams coming through these that

00:17:03.511 –> 00:17:09.251
I’ve received, at least. But smishing does happen, and it is the equivalent

00:17:09.251 –> 00:17:10.751
of phishing but through text.

00:17:11.571 –> 00:17:17.231
There’s also the notion of spoofing, which comes into play when hackers and

00:17:17.231 –> 00:17:24.011
those with malicious intent are trying to disguise or emulate or come off as

00:17:24.011 –> 00:17:26.651
representing an entity that they’re not.

00:17:26.651 –> 00:17:32.831
And so spoofing takes place in the form of emails that kind of look like legitimate

00:17:32.831 –> 00:17:34.011
emails, but they’re not.

00:17:34.211 –> 00:17:36.951
And again, we’ll talk about more what to look for there.

00:17:37.562 –> 00:17:42.142
And they also will spoof the websites and the companies that they’re trying

00:17:42.142 –> 00:17:46.842
to get you to believe that they represent, right? So that’s the term spoofing.

00:17:47.062 –> 00:17:53.962
And between one more concept to talk about is vishing, which is like phishing

00:17:53.962 –> 00:17:55.462
and smishing, but with a V.

00:17:55.882 –> 00:17:59.422
And it’s, I don’t know who comes up with all these crazy terms. It’s not me.

00:17:59.602 –> 00:18:05.862
But vishing is basically the same sorts of scams, but when they’re done over

00:18:05.862 –> 00:18:11.662
the phone. And so I think we’re all familiar with robocalls and how much we despise those.

00:18:11.942 –> 00:18:16.582
And my personal opinion about robocalls is if it is a robocall,

00:18:16.722 –> 00:18:19.342
it is a scam. So I simply don’t deal with it.

00:18:19.442 –> 00:18:27.242
The moment that I pick up that it’s a robocall, I delete it and hang up or don’t

00:18:27.242 –> 00:18:28.362
answer in the first place.

00:18:28.722 –> 00:18:32.982
So those three terms are important. Four terms are important.

00:18:33.202 –> 00:18:34.722
Phishing through emails.

00:18:36.522 –> 00:18:43.062
Smishing through text, vishing through over the phone or VOIP, and spoofing.

00:18:43.542 –> 00:18:48.422
There’s a concept that businesses work out, which can make a huge financial

00:18:48.422 –> 00:18:54.562
impact in a negative way for corporations, businesses,

00:18:54.882 –> 00:18:59.942
and that’s BEC, you may have heard of, which is business email compromise.

00:19:00.382 –> 00:19:05.722
And basically, it’s pretty much the same thing that we experience in phishing emails, etc.

00:19:06.362 –> 00:19:13.742
But business email compromise is basically made up of both phishing and spoofing

00:19:13.742 –> 00:19:18.142
to get an employee or someone inside the company to take action.

00:19:18.782 –> 00:19:25.562
And that might be something like a hacker gets a hold of a CEO’s email address,

00:19:25.562 –> 00:19:32.262
and that hacker then tries to send emails into contacts inside the company to,

00:19:32.638 –> 00:19:41.538
Posing as that executive, as in this example, to tell them to transfer money immediately.

00:19:42.618 –> 00:19:46.358
And so this is a very real threat for businesses today, too.

00:19:46.538 –> 00:19:50.198
So those are just some high-level concepts I wanted to mention.

00:19:50.498 –> 00:19:55.018
You’ve probably also heard the terminology of malware. And basically,

00:19:55.298 –> 00:20:01.798
this is malicious software that gets installed or run when you fall victim to

00:20:01.798 –> 00:20:03.798
phishing or smishing or anything else.

00:20:03.958 –> 00:20:10.118
If you ever click on a link that you don’t know what it is or open an attachment

00:20:10.118 –> 00:20:13.458
to an email that you don’t know who it’s from or why you’re getting it,

00:20:13.718 –> 00:20:21.258
there can be malicious software or malware put on your computer that can do all kinds of bad stuff.

00:20:21.258 –> 00:20:23.498
Tap into your personal information.

00:20:24.598 –> 00:20:28.158
A type of malware you may have heard of is ransomware.

00:20:28.178 –> 00:20:32.398
And it is a specific type of malware where your computer,

00:20:32.798 –> 00:20:39.238
your smartphone, maybe your network, any number of devices, they may blackmail

00:20:39.238 –> 00:20:43.218
you to pay them money or they’re going to lock you out of your machine,

00:20:43.218 –> 00:20:47.378
your network, which for companies can be devastating, right?

00:20:47.378 –> 00:20:57.418
Where they basically hold ransom your access to your computers and your networks.

00:20:58.578 –> 00:21:02.698
So those are some things we all need to be aware of and be on the lookout for.

00:21:03.258 –> 00:21:08.678
So what do you do? Well, let’s just take the case of phishing emails because

00:21:08.678 –> 00:21:14.238
I don’t know what the ratio is or the number, But I get the sense that there’s

00:21:14.238 –> 00:21:17.538
a lot of phishing going on out there, especially in the business world.

00:21:17.658 –> 00:21:21.278
But also personally, I mean, as I mentioned, I just got hit up with another

00:21:21.278 –> 00:21:26.598
scam email just a few weeks ago from that very nice queen that wanted to give

00:21:26.598 –> 00:21:29.478
me lots of money. But let’s talk about this. So…

00:21:29.964 –> 00:21:36.364
Phishing is really a combination of spoofing and then these hackers trying to

00:21:36.364 –> 00:21:38.904
get you to provide them with information.

00:21:39.144 –> 00:21:45.544
And so a phishing email has some telltale signs, whether it’s a smishing text or a phishing email.

00:21:46.024 –> 00:21:50.544
You want to look for things like and sometimes you can tell it right off the

00:21:50.544 –> 00:21:52.944
bat because the subject line is screwy.

00:21:53.204 –> 00:21:57.624
There’ll be no spaces between words where you know there should be.

00:21:58.164 –> 00:22:03.564
There’ll be a very bizarre mixture of capital and lowercase letters being used.

00:22:04.364 –> 00:22:09.504
And so, you know, a very suspicious subject line is pretty easy to pick out.

00:22:09.684 –> 00:22:14.064
Plus, if it mentions or talks about something, assuming you can read it with

00:22:14.064 –> 00:22:18.984
the spacing and capitalization being funky, you can usually tell if you read

00:22:18.984 –> 00:22:22.284
it and you don’t recognize what in the world it could possibly be about.

00:22:22.544 –> 00:22:27.164
So that’s sometimes a very good way of picking out phishing emails.

00:22:27.624 –> 00:22:30.724
Another way might be looking more closely at the email.

00:22:31.064 –> 00:22:35.264
The email may not even look like it’s from the company that the hackers,

00:22:35.544 –> 00:22:37.624
the scammers are trying to represent, right?

00:22:37.784 –> 00:22:43.124
Like it just may be some combination of characters after the at symbol, right?

00:22:43.244 –> 00:22:47.604
And it doesn’t even look like, like the email says it’s from Wells Fargo is

00:22:47.604 –> 00:22:55.844
just one example, but the email is like alphabetzoo92.123.com or something like that.

00:22:55.844 –> 00:23:03.004
So sometimes the emails are just dead giveaways for bogus, bogus inquiries and emails.

00:23:03.584 –> 00:23:05.944
Sometimes they’re better done.

00:23:06.564 –> 00:23:10.984
Sometimes they’ll be the word of the company like, you know,

00:23:11.144 –> 00:23:13.484
PayPal.com. We all know that one.

00:23:14.148 –> 00:23:18.168
Sometimes an email, just using PayPal as an example, PayPal,

00:23:18.468 –> 00:23:20.568
it might look like a legitimate email.

00:23:20.848 –> 00:23:25.428
And when you look at the email address, it might be something at info at PayPal.

00:23:25.868 –> 00:23:32.348
But if you look closely, the A in PAL, I mean the L in PAL might be a capital I.

00:23:32.748 –> 00:23:37.268
And so some are much better at taking the time to be trickery about it,

00:23:37.368 –> 00:23:39.348
which means you’ve got to pay closer attention.

00:23:40.088 –> 00:23:43.428
So subject line and the from email are two things.

00:23:43.988 –> 00:23:48.688
The next is what’s actually in the email or in the text. And I think this holds

00:23:48.688 –> 00:23:51.108
true. This holds true for both emails and texts.

00:23:51.588 –> 00:23:57.548
If this email or text is talking about something that you don’t recall offhand

00:23:57.548 –> 00:24:02.968
or can’t remember or makes no sense at all, you’ve probably got a potential

00:24:02.968 –> 00:24:04.428
scam on your hands, right?

00:24:04.568 –> 00:24:07.608
So you can skim over the body of the email.

00:24:08.288 –> 00:24:13.728
If you notice the email address, the from email address, or the subject is wonky

00:24:13.728 –> 00:24:17.828
to begin with, I’d recommend just deleting it at that point because you know

00:24:17.828 –> 00:24:19.848
more than likely what you’re dealing with.

00:24:19.948 –> 00:24:23.108
But sometimes, you know, Outlook, for example, has a preview.

00:24:23.368 –> 00:24:29.628
So just selecting on the incoming email will show and provide the preview.

00:24:30.068 –> 00:24:34.108
Sometimes it’s really easy. I saw a scam more recently.

00:24:34.508 –> 00:24:39.988
I actually got through Gmail and I don’t even remember the company that they

00:24:39.988 –> 00:24:41.868
were trying to disguise themselves out.

00:24:42.148 –> 00:24:44.888
But the body of the email was so bad

00:24:44.888 –> 00:24:49.248
that it looked like they had taken a screenshot from some other person.

00:24:49.653 –> 00:24:54.133
Email, maybe the legit email to try to make one up themselves.

00:24:54.473 –> 00:24:58.813
And then they just, it looked like it was just an embedded image as the body

00:24:58.813 –> 00:25:02.213
of the email. So that was a dead giveaway for me. So again, delete.

00:25:02.973 –> 00:25:06.933
But the messaging, right? If you don’t recognize the company,

00:25:07.173 –> 00:25:10.633
especially if you’ve not done business with them or you’re not familiar with

00:25:10.633 –> 00:25:13.313
them at all, that’s probably a pretty good sign.

00:25:13.453 –> 00:25:18.253
But if the message and what they’re asking you for or talking to you about doesn’t

00:25:18.253 –> 00:25:21.193
make sense or you don’t remember, that’s also a pretty good sign.

00:25:21.373 –> 00:25:25.473
So sometimes this is doing due diligence and looking at the details,

00:25:25.473 –> 00:25:29.733
and sometimes it’s just this doesn’t feel right, that gut, that intuition.

00:25:29.733 –> 00:25:32.673
And in these cases, you want to listen to that. It’s important.

00:25:33.431 –> 00:25:38.031
Two things you want to remember at all costs when it comes to whether it’s phishing

00:25:38.031 –> 00:25:44.511
emails or smishing text, and that is never click on any links contained within

00:25:44.511 –> 00:25:47.571
that text or in that email. Let me say that again.

00:25:47.891 –> 00:25:53.331
Never click on any links contained inside that email or in that text. Why?

00:25:53.931 –> 00:25:59.351
Because they can leave you to farming websites, and farming websites are fake

00:25:59.351 –> 00:26:04.571
websites that are created and designed to look just like the real thing.

00:26:04.851 –> 00:26:09.911
And because they look like the real thing, you might have a tendency to enter

00:26:09.911 –> 00:26:14.411
in your credentials to access and gain access to your account.

00:26:14.591 –> 00:26:18.831
And when you do that, they capture that information and now they’ve got access

00:26:18.831 –> 00:26:21.551
to your account, just as one example.

00:26:21.811 –> 00:26:26.131
Another example, as we mentioned earlier, in addition to the farming websites,

00:26:26.411 –> 00:26:30.171
the fake websites, is the malware.

00:26:30.551 –> 00:26:35.091
You can launch malicious software and applications to your device and not even

00:26:35.091 –> 00:26:40.091
be aware of it because it happens behind the scene and it happens when you click on those links.

00:26:40.271 –> 00:26:42.311
So again, just as a couple of examples.

00:26:42.711 –> 00:26:46.731
So again, never click on a link inside those emails or those texts.

00:26:47.231 –> 00:26:52.571
The other thing that you never want to do is open any attachment that comes

00:26:52.571 –> 00:26:56.371
in that you don’t know, why are they sending you this?

00:26:56.591 –> 00:26:59.771
What is it? Now, a lot of these hackers will play on your strings,

00:27:00.011 –> 00:27:04.851
your concern strings of being a good citizens or your heartstrings or whatever,

00:27:04.871 –> 00:27:11.151
and it’ll be an invoice or it’ll be a letter of some sort asking for help, whatever it is.

00:27:11.491 –> 00:27:16.291
Again, by now you probably are questioning this email or this text or.

00:27:16.633 –> 00:27:22.113
Don’t click on the links and do not open, ever open any attachments because again,

00:27:22.353 –> 00:27:28.313
those attachments could contain malicious software that gets initiated and triggered

00:27:28.313 –> 00:27:32.593
and maybe it locks you out of your computer from that point forward until you

00:27:32.593 –> 00:27:34.233
pay some sort of ransom, right?

00:27:34.333 –> 00:27:40.353
So all sorts of bad things can happen when you click on those links or attachments. So don’t do it.

00:27:40.473 –> 00:27:43.913
That’s the simple. So there’s some telltale signs.

00:27:44.073 –> 00:27:51.053
If the email looks wrong, it probably is a bogus attempt, a scam.

00:27:51.253 –> 00:27:58.053
If the subject line looks wonky, scrambled up, spacing between basic words are

00:27:58.053 –> 00:28:02.213
missing, sloppy, basically, it’s probably a scam.

00:28:02.213 –> 00:28:07.833
If it’s a topic, if it’s a company you don’t recognize or you’ve not ever done

00:28:07.833 –> 00:28:11.753
business with, and the letter is talking about the business you’ve conducted

00:28:11.753 –> 00:28:16.533
or your account needs updating, it’s probably bogus, right? It’s probably bad.

00:28:17.913 –> 00:28:23.313
If it talks about a transaction or something you’re not familiar with or can’t

00:28:23.313 –> 00:28:25.393
remember, it’s probably bogus.

00:28:25.393 –> 00:28:32.073
If ever it asks you for your credentials directly or your password you can bet

00:28:32.073 –> 00:28:36.473
that’s anybody that’s asking you for your password any shape form or fashion

00:28:36.473 –> 00:28:42.333
over the phone through text through email you might have a scam or hacker on

00:28:42.333 –> 00:28:44.473
your hands don’t do it don’t give it out,

00:28:45.170 –> 00:28:51.110
So what do you do? Well, if you’re in your company, you probably have protocols.

00:28:51.390 –> 00:28:55.750
Most IT security teams and service desk, help desk, whatever you refer to it

00:28:55.750 –> 00:28:58.270
as, they have protocols for how to handle those things.

00:28:58.430 –> 00:29:00.770
But for you, the principles apply.

00:29:01.130 –> 00:29:04.770
Don’t click on links and don’t open attachments you don’t know.

00:29:05.410 –> 00:29:09.310
In the business world, another thing that you can look for that’s probably a

00:29:09.310 –> 00:29:14.270
pretty good sign in those emails or texts or even phone calls is if they’re

00:29:14.270 –> 00:29:19.030
asking you to break your company’s protocols, processes, and procedures.

00:29:19.310 –> 00:29:22.430
And again, if they’re asking for passwords, don’t do it.

00:29:22.970 –> 00:29:27.710
If they’re telling you that we’ve got to bypass the normal process and procedures

00:29:27.710 –> 00:29:30.890
because of time is of the urgency, don’t do it.

00:29:31.210 –> 00:29:35.590
So again, there’s probably some SOP, some standard operating procedures your

00:29:35.590 –> 00:29:37.930
company has in place for handling these emails.

00:29:38.650 –> 00:29:44.190
They might ask you to forward them along. They might ask you to simply delete them.

00:29:44.450 –> 00:29:49.650
But whether you’re in business or your personal life, the best policies is leave

00:29:49.650 –> 00:29:53.670
them alone, block them if you can, report them if you need to,

00:29:53.670 –> 00:29:55.110
and then simply delete them.

00:29:55.690 –> 00:29:59.030
So let’s say it’s questionable, right? You’re on the border.

00:29:59.170 –> 00:30:02.590
Is this real or not? The best thing you can do, because again,

00:30:02.790 –> 00:30:05.150
you don’t want to click on the links or open the attachments,

00:30:05.190 –> 00:30:09.370
and yes, I’m saying that a lot because those two things are very important for you to remember.

00:30:10.630 –> 00:30:15.390
Is if you want to confirm because you’re not sure or you’re worried that something

00:30:15.390 –> 00:30:19.610
might be amiss, that you don’t remember something and you want to get it squared away,

00:30:20.414 –> 00:30:26.434
Contact the companies directly and do not use any contact information,

00:30:26.754 –> 00:30:30.034
any phone numbers, any URLs or web addresses,

00:30:30.454 –> 00:30:34.414
any email addresses contained in the correspondence that you received,

00:30:34.534 –> 00:30:36.234
because, again, you’re suspicious, right?

00:30:36.234 –> 00:30:38.954
The best course of best course of

00:30:38.954 –> 00:30:42.634
action if you’re really concerned and you want to double check don’t

00:30:42.634 –> 00:30:46.314
use anything sent through the email or the

00:30:46.314 –> 00:30:51.734
text simply go look up the company’s information get online look up their website

00:30:51.734 –> 00:30:56.454
directly again don’t click on any links from the emails if you’ve had business

00:30:56.454 –> 00:31:01.094
with them you’ll know where to go contact their customer service directly and

00:31:01.094 –> 00:31:04.254
ask them if the correspondence is legitimate or not.

00:31:04.374 –> 00:31:09.694
That’s the simplest course of action you can take to avoid any sort of trouble for yourself.

00:31:09.974 –> 00:31:16.254
Because again, we’re not only protecting our access to our computers and our

00:31:16.254 –> 00:31:21.674
devices, which we need on a daily basis, we’re protecting our finances.

00:31:22.214 –> 00:31:24.714
Bank accounts, our investment accounts.

00:31:24.874 –> 00:31:31.674
We’re protecting our applications to keep people from accessing things we don’t want them to see.

00:31:31.994 –> 00:31:36.034
And we’re protecting our PI or personal information.

00:31:36.234 –> 00:31:41.574
Now, not that long ago, it was called PII, personal identifiable information,

00:31:41.574 –> 00:31:44.994
but now they’ve shortened that up to PI or personal information.

00:31:45.154 –> 00:31:49.914
And that’s name, address, phone numbers, social security, financials,

00:31:50.174 –> 00:31:52.194
credit reports, things of that nature.

00:31:52.434 –> 00:31:57.714
That is your personal information. You want to protect that at all costs because

00:31:57.714 –> 00:32:03.174
you do not want to be financially devastated and you don’t even want to have your theft stolen,

00:32:03.374 –> 00:32:08.514
your identity stolen because identity theft these days is real and it’s very

00:32:08.514 –> 00:32:10.694
difficult to clean up and recover from.

00:32:11.358 –> 00:32:15.478
One of the other things that you can do if you feel you’ve been hacked,

00:32:15.758 –> 00:32:21.278
if you feel you’ve been spammed or not spammed, sorry, if you feel you’ve received

00:32:21.278 –> 00:32:23.278
a phishing or smishing text or email,

00:32:23.558 –> 00:32:31.058
the FBI has the Internet Crime Compliance Center or the IC3.

00:32:31.578 –> 00:32:37.778
So you can reach out to the FBI to report, to form a formal report to the FBI.

00:32:38.078 –> 00:32:42.478
Again, that’s the Internet Crime Compliance Center, IC3 as they call it.

00:32:42.818 –> 00:32:49.698
So at the end of the day, it is all about us taking the initiative and the responsibility

00:32:49.698 –> 00:32:53.338
to look out for ourselves and be alert and stay alert.

00:32:53.378 –> 00:32:58.218
We’re in such a connected time and world with all of our devices we have,

00:32:58.358 –> 00:33:03.518
whether it’s our laptops or tablets or smartphones, we have this responsibility

00:33:03.518 –> 00:33:08.198
to do extra due diligence to make sure we’re not setting ourselves up.

00:33:08.318 –> 00:33:11.938
It’s the same as locking your doors at night for those that do that, right?

00:33:12.358 –> 00:33:17.038
You want to take the extra steps. Sure, it’s a little extra time.

00:33:17.218 –> 00:33:22.538
Sure, it may not be convenient all the time, but taking a few little easy extra

00:33:22.538 –> 00:33:26.118
steps means we’re better protected, We’re better secure.

00:33:26.338 –> 00:33:28.358
We’re better safe. And that’s what it’s all about.

00:33:28.618 –> 00:33:32.838
When it comes to our kids and the aging population, you know,

00:33:32.958 –> 00:33:36.178
if you have parents that are aging like I do, if you have children,

00:33:36.418 –> 00:33:39.078
you know, they all have smartphones, it seems now.

00:33:39.798 –> 00:33:45.298
Talk to them, you know, talk to your aging family members or friends.

00:33:45.638 –> 00:33:48.758
Let them know what they need to do to protect themselves.

00:33:49.298 –> 00:33:53.638
You don’t have to do a technical deep dive they won’t understand or appreciate

00:33:53.638 –> 00:33:57.678
it anyway just make sure they’re clear on what they should and should not do

00:33:57.678 –> 00:34:01.678
to handle those situations and then if you need to make yourself available to

00:34:01.678 –> 00:34:06.338
answer questions they have as it comes up when it comes to kids,

00:34:06.983 –> 00:34:12.443
I won’t pretend to sit here and tell you what to do, but just some tips with your kids.

00:34:12.863 –> 00:34:18.423
Let them know they too need to protect their access credentials.

00:34:18.543 –> 00:34:20.663
They need to use strong passwords.

00:34:20.963 –> 00:34:25.903
They don’t need to leave those passwords out in public. They don’t need to share those passwords.

00:34:27.526 –> 00:34:32.806
Anytime that someone that they’ve never met or don’t know before asks to meet

00:34:32.806 –> 00:34:35.826
them, they need to understand what to do in those cases.

00:34:36.326 –> 00:34:41.206
Anyone that’s being solicited for sexual pictures or otherwise sexting,

00:34:41.326 –> 00:34:42.726
they should know what to do there.

00:34:43.046 –> 00:34:48.486
You need to look at their social media accounts to make sure the security there

00:34:48.486 –> 00:34:53.166
is shut down and they don’t have public accounts. They’re not allowed to be searched.

00:34:53.366 –> 00:34:56.986
Strangers can’t contact them. Strangers can’t befriend them.

00:34:56.986 –> 00:35:01.726
Whatever it is, be proactive, get in there and protect your kids.

00:35:01.866 –> 00:35:05.686
Our kids today are more connected and more accessible than ever.

00:35:06.046 –> 00:35:10.486
This is just one more way. Again, it’s like locking the doors and turning on

00:35:10.486 –> 00:35:11.966
the security system at night.

00:35:12.126 –> 00:35:18.266
This is all just one more or a few more things we’ve got to do to make sure the kids are safe.

00:35:19.346 –> 00:35:23.846
If you have more questions, the FBI has a great cybersecurity spot.

00:35:23.846 –> 00:35:28.966
I believe it’s fbi.gov forward slash investigate forward slash cyber.

00:35:29.246 –> 00:35:33.686
There’s a lot of great information there. In any of these terms that we’ve talked

00:35:33.686 –> 00:35:37.306
about today, it’s very easy to go online and search for more information.

00:35:37.766 –> 00:35:41.446
But it’s important. I wanted to get the message out. It’s important that we

00:35:41.446 –> 00:35:45.466
can continue acknowledging the fact that scamming is very real.

00:35:45.606 –> 00:35:48.026
Hackers are out there. They’re trying to get our information.

00:35:48.026 –> 00:35:50.486
They’re trying to get access to everything about us.

00:35:50.586 –> 00:35:54.306
They’re trying to take our money. They’re trying to lock us out of our systems.

00:35:54.386 –> 00:35:57.486
It’s ongoing every day, all the time.

00:35:57.706 –> 00:36:03.086
They’re trying to scam the aging population out of their money in any which way they can.

00:36:03.446 –> 00:36:08.966
And it is on us to do as best we can to mitigate that before it happens to us.

00:36:09.346 –> 00:36:13.746
So with that, I’m going to end this episode. I hope you’ve gotten a lot out of that.

00:36:13.906 –> 00:36:17.566
You know, any of these podcasts we’ve done, this is, I think, 47 now.

00:36:17.786 –> 00:36:22.026
We put this out there for informational purposes only. We hope you know that

00:36:22.026 –> 00:36:25.126
it’s up to you to decide what you want.

00:36:25.627 –> 00:36:28.327
Want to do what you should do for yourself and your

00:36:28.327 –> 00:36:31.067
loved ones but we hope you listen and get something out of this

00:36:31.067 –> 00:36:34.027
and we hope that if you take at least one bit

00:36:34.027 –> 00:36:39.687
of information away that’s a that’s a win for us and if you find this information

00:36:39.687 –> 00:36:44.427
helpful across the course of our podcast please be sure to share it with your

00:36:44.427 –> 00:36:48.407
friends and family we would greatly appreciate it and we look forward to having

00:36:48.407 –> 00:36:51.367
you back listening to us the next time thanks so much for.