November 28, 2025 • 38 mins
Don’t get scammed this holiday season! Tune in tonight as Bradley talks with noted cyber security expert and trainer Robert Siciliano who will help you spot those Black Friday scams, fake websites, fake package delivery notifications, and more. Get your questions ready now!
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
It's Nice Eyes with Dan Ray ongoing Easy Boston's news radio.
I'm Breda Jay for Dan tonight.
Speaker 2 (00:09):
If I am, if I said, hey, we're going to
talk about cybersecurity, you would say, But if I phrased
it differently, if I told you tonight, I'm going to
tell you how to decrease your chances of having your
ID stolen, your credit ruined, your bank account wiped out,
and becoming a totally broken person, you'd pay attention. Well,
(00:32):
then then go with the latter, because that's what we're
going to talk about, and we have a super duper
expert in here to give us well to let us
know the dangers and to give us actionable stuff that
we can do to protect ourselves. I've already done a
bunch of them, and you really need you need to
know this stuff. So I'm very happy to introduce our guest,
(00:53):
Robert Ciciliano, a cybersecurity expert. Hi.
Speaker 1 (00:56):
Robert, Hey buddy, you are iconic.
Speaker 2 (00:58):
By the way, Well, thank you very much much. I
have spoken to you a number of times way back.
It almost seems, you know, when the Internet was first
starting out. It's not really that way, but things have
come a long way since we used to speak, so
I'm anxious to catch up.
Speaker 1 (01:14):
Yeah, there's a lot to talk about.
Speaker 2 (01:16):
You know. One thing I can do is start with
a story. I have a friend who was just living
her life, living in actually Florida at the time, and
put her iPhone and her scooter not you know, the
little pack on the back there, whatever you call it,
(01:36):
and walked away and somebody, I don't know what she
was doing, but somebody went in there and stole it,
and somehow through that her life was ruined. Her apple
id her, she couldn't, you know, the access to her
stuff on the cloud was blocked, and on and on
and on. Her life was living hell for months and
months and months. And this could happen to you. It
(02:00):
could happen to any one of you anytime, and so
we need to address that. First of all, Robert, tell
us about you, and tell us how people can contact
you if they should need more personal advice or have
further questions after you're gone.
Speaker 1 (02:18):
Yeah, easy enough. So by trade, I provide a security
awareness training, which basically means I head into organizations, corporations
at their conferences and so forth, and get in front
of their people and provide awareness training, giving them what
they need to know in regards to who the bad
guys are, what the motivations are, and what you as
a consumer, as an employee, what systems need to put
(02:39):
in place to reduce that risk, to make sure that
when the bad guys send you an email, send you
a text message, call you, or show up to your
place of business, that you become a tougher target. I'm
available online at protect NOWLLC dot com. Again, protect NOWLLC
dot com.
Speaker 2 (02:56):
Okay, you know we go through all this, I guess
for the sake of convenience, But look at all the
hoops we have to jump through for convenience. I wonder
if it is all worth it. I talk to people,
most Knights, who don't have computers and don't want computers
because they want no part of this risk that we're
talking about. It's fairly interesting. And speaking of you listening,
(03:18):
have you been acted? Have you had your identity stolen?
Have you been scammed? Do you wonder if you're being scammed?
Have you had you know? Questionable things happen? And in general,
does it bother you that strangers, some who many who
want to steal from you may already have your information.
(03:40):
We'd like to hear from you at six point seven
two five ten thirty. Now, first let's talk about devices, phone, laptop.
What can we do to protect ourselves regarding these devices?
Speaker 1 (03:56):
Well, first and foremost, your friend whose mobile was stolen
out for a scooter, there's a one hundred percent chance
that her life was ruined as a result of that,
that her mobile phone was not password protected. That's like
the first thing I thought.
Speaker 2 (04:12):
That I would imagine that everyone would know to do that.
But is that you find that's not the case.
Speaker 1 (04:17):
You'd be surprised how many people do not password protect
their mobile device. If your mobile device is lost or
or worse stolen and it's not password protected, you know,
the question is what do they have access to? And
the answer is always everything, right, And once they're on
your device, they not only have access to your Apple ID,
generally your whatever that email associated email addresses, they all
(04:41):
also have access to your email, right, so they're logged
into your Gmail once they are on your phone, and
if in fact you use email. But once they're in
your Gmail, from there, they can reset your Apple ID,
they can reset your Apple passcode. From there, they can
reset the passcode to your banking to your credit cards,
to pretty much everything. Guys say, if you own the
(05:02):
person's email, you own the person because that's where everything resides.
That's where all the transactions begin and passwords are changed.
And so password protecting your devices, laptops, desktops, mobile phones,
in your house, and of course the portable devices is
absolutely necessary, and too many people don't do it.
Speaker 2 (05:23):
So you're telling me that there are people currently with
where anyone can go into their phone if they get
the phone. Yeah, and it's not locked. So people, right
away you need to figure out how to password protect
your phone. If you don't know how, call If you
have an Apple device, you can call Apple tech Support.
(05:44):
I don't know how it works with other phones, but
figure it out.
Speaker 1 (05:47):
Just google it. Just ask Google's Gemini how to password
protect my mobile device. It'll walk you through exactly how
to do that, whether it's Chatch ept, Google Gemini, step
by step. It's such a simple thing. And that's just
one thing. Password management, access control for all your devices
is the most overlooked risk reduction strategy that too many
(06:08):
people don't engage in.
Speaker 2 (06:09):
Oh yeah, and also, if you're a person like I
am here, I'm a visual person. I love getting tutorials
on YouTube. That's that's how I get things done. That
works for me. Yeah, So use the technology in your
favor friends. So that goes for the phone and the laptop.
Now they're trying to circumvent password at least part of
(06:31):
the time with your fingerprint on, Like my laptop, it
does shut down, but if I just touch it with
my fingerprint, it opens up. Is that okay? Or is
somebody going to cut my finger off to get into
my computer?
Speaker 1 (06:45):
So I make sure to incorporate biometric technologies into all
my hardware as a form of access control, whether it's
my mobile device, my laptop. That's fine. You know, passwords, biometrics, fingerprint,
iris scan, facial recognition, all that stuff is really good
as long as it's locked down so that it's not
easy for somebody to get it if you lose it
(07:07):
or if they steal it. Generally you're going to be
in pretty good shape.
Speaker 2 (07:10):
Okay, we're gonna break and then we're gonna get to
some other must do things to protect you from becoming
a cyber broken person. Coming up on WBZ.
Speaker 1 (07:22):
It's Night Side with Dan Ray on.
Speaker 2 (07:26):
Boston's news radio Bradley for Dan tonight. I'd love to
hear from you six one, seven, two, five, four, ten thirty.
Have you had any issues cybersecurity wise? Have you been hacked?
Have you been fooled? Have you had attempts? Have you
had do you have questions? Was was that legit? If
you have questions, it probably wasn't. Uh, And we have
a number of things, but definitely get to gonna get
(07:47):
to Robert Ciciliano. But one we're going to add on
is every email, every phone call, every text you get,
you got to take a look at what's going on here?
Speaker 1 (07:58):
Who is that?
Speaker 2 (07:59):
What are they doing?
Speaker 1 (08:00):
What's the motivation? Why are they contacting me that? Well,
what's the motivation? Why are they contacting me? Like?
Speaker 2 (08:04):
What?
Speaker 1 (08:04):
What is what? What are they trying to get out
of me? You know? And and and be suspect. Don't
just automatically trust, you know, today, I don't know anybody
that does not get bombarded with the inbound communications that
are meant to you know, steale from us. And so
if you're cognizant of that, and you're not just by
default trusting every inbound communication, being suspect, especially when your
(08:26):
blood pressure goes up and there's some type of a
threat and there's any form of money that needs to
be transacted. Oh god, no, you need to be suspect.
You can't just automatically say, oh, my loved one is
in danger, therefore I must act. No, I mean, how
likely is it that that is actually happening? That's you love?
Speaker 2 (08:43):
What is that that's a particular scam? We'll get to
there's so many, I am. We'll get to that in
the scam department. But I am so senative sensitive to
it that there I'm aware of these simple hey, how
are you doing?
Speaker 1 (08:56):
Texts?
Speaker 2 (08:56):
How do you that? That are not from any you know?
And the sender is hoping you'll, you know, say ah, good,
who's this? Or oh and they say, well, I'm sorry,
wrong thing, but how you doing anyway? And they try
to strike up a relationship.
Speaker 1 (09:12):
It's the wrong number scam.
Speaker 2 (09:13):
I guess we were into scams, so we might as
well do scams. How about how about the grand the grandmother,
little Timmy's in trouble, we need money right now? Scam?
And add into that mix in that type of scam
AI and how much more effective these scams become.
Speaker 1 (09:30):
Sure, So when we receive the wrong number of text messages.
Most of us, you know, delete it market. I spam.
I respond to all of them, right because I want
to know who's on the other end of line, and
I engage. I want and I scam bait them to
a certain degree, and I actually have dialogue with them.
And generally when I do this, within a week, they
(09:51):
want to get on WhatsApp video like, they want to
actually have do a video call with me, and they
want face to face. And when I do get face
to face with them, it's usually generally a female, a
Southeast Asian female. However, she has a generally like a
Russian woman's complexion that is generated via artificial intelligence. Okay,
(10:15):
so the woman that I'm actually speaking to is likely
a victim of human trafficking based in Southeast Asia. The
United Nations says this is probably about three hundred thousand
victims of human trafficking right now in the world, most
of them in Southeast Asia. That they are eighteen hours
a day scamming us because they're being forced to gun
(10:40):
to their head scamming us. And when I communicate with them,
I understand what they're going through. I'm not trying to
trip them up. I want to understand their scam, and
generally within a week after the video, it's from there.
It's about trust, it's about building relationships. It's not so
much about romance, but it can be. And what they
want is primarily is for me to engage in cryptocurren right.
(11:00):
They want me to download apps, they show me how
to do it right. They send me off screenshots of
all that, and I'll go back and forth with them,
showing them the screen shots. And then they want to
take over my accounts. And then they want me to invest,
you know, from my bank account, from my credit card,
and they'll show you, you know, like sixty eighty percent
you know, returns in your money in a week. And
it's exactly like a Ponzi scheme where you can actually
(11:23):
take the money out. But what they want is they
want you to invest and reinvest and invest and reinvest.
I met a couple down in Florida that lost six
hundred thousand dollars to the exact same scam. They thought
they had made two point two million and they lost everything.
And that is so easy because AI makes it easy,
because it's scalable. They can change the voice, they can
(11:44):
change the face, and they are believable. And what they
really pray upon is our loneliness, because one out of
four of us, twenty five percent, our default every day
is that we have a sense and feeling of loneliness.
And it's normal and it's natural, and it's unfortunate. And
that pain and ache of loneliness is no different than
hunger pains, you know, like we need to eat, therefore
(12:07):
we have hunger pains. We need to procreate, therefore we
have lonely Like that's evolutionary. And so as a result
of that, they prey upon those people who are lonely
and they hook them.
Speaker 2 (12:17):
Okay, Next, beware of anything that involves gift cards.
Speaker 1 (12:21):
Correct gift comment payment pay me in gift.
Speaker 2 (12:24):
Cards is a huge giant red flag.
Speaker 1 (12:27):
Yeah, anytime there's any type of a ruse where someone
emails you, text you say hey, go out and buy
me five gift cards or pay with gift cards, this
and that, that's always going to be a scam. Just don't.
Speaker 2 (12:40):
Okay, other scams, well.
Speaker 1 (12:42):
You know, I would say more than anything like the
grandparent scam. And look at Timmy, who you know, got
in a bar fight in New Orleans and needs his
grandparent to bail them out and just wire him two
thousand dollars to pay for his lawyer. Like, that's just
not going to happen. I mean, the story might sound feasible.
Timmy might actually sound like Timmy, but they got Timmy's
(13:04):
voice off of Snapchat or you know, Facebook rails or
he posted a video with him and his buddies and
they used artificial intelligence to clone his voice. But really,
what you need to do is call your son, call
your daughter, say hey, is Timmy? Okay? Or call Timmy directly.
Don't just wire the money. Because you wire the money,
you're just giving money to bad guys to support their
drug habit. Okay.
Speaker 2 (13:27):
Next up, Oh, let's talk about freezing credit.
Speaker 1 (13:31):
So credit freeze has been around since two thousand and
eight as.
Speaker 2 (13:35):
A way to protect yourself. Everyone should freeze your credit.
Speaker 1 (13:39):
Yeah, so, freezing your credit does not affect your credit rating,
It doesn't affect your credit score, it doesn't affect your
ability to get credit, it doesn't damage your credit. What
it does is, it's plain and simple. It's a lock
on your credit on your credit bureau. So experience TransUnion
Echo factor with the three major credit bureaus. When a
lender gets an application for credit, the first thing they're
(14:02):
gonna do is is contact the credit buros to check
your credit score and immediately if your credit's frozen, right,
they're locked out. They can't They're not going to issue
a line of credit under your name. Therefore, you right
now freezing your credit is the best thing that you
could do to reduce that risk. All you've got to
do is go to TransUnion experience echofax, search out eat
the three names of the credit bureaus the words credit freeze.
(14:23):
You'll find the page on each of the buros to
freeze your credit.
Speaker 2 (14:28):
I guess before we go on and talk about things
you can do to protect yourself, let's spend a little
time talking about what you're protecting yourself from. How bad
could things get? What could you know? What could happen
to you?
Speaker 1 (14:43):
You know, if you are not doing the basic things,
like you know, freezing your credit, your Social Security number
ends up in the hands of a criminal. They're gonna
essentially open up as many possible lines of credit under
your name as quickly as they can, tens of thousands
of dollars. You don't even have to have good credit.
You just have to have decent cred And once they
open up lines of credit under your name as much
as six figures, they're going to cash out, not pay
(15:05):
the bill. Now you're saddled with that debt until you
realize it, and then you can actually get the debt expunge. However,
your credit is still going to be bad and that
process can take years before your credit actually gets good again.
So not freezing your credit today puts you at risk.
To freeze your credit now you eliminate that problem, right,
(15:26):
and a big one. I mean, do you have time
for this right now?
Speaker 2 (15:28):
Password management actually more more dangerous I wanted to cover.
I ask you a question about what can happen regarding
your bank account? Can they clean out your bank account?
Speaker 1 (15:40):
Generally, the cleaning out of a bank account occurs when
your hardware, your devices, your mobile, your laptop, your desktop
is older, outdated, not password protected, old browser, old operating system.
You're functioning in Windows seven, you're functioning in Windows eight.
You're not updating your critical security patches, you don't have
(16:01):
anti virus, your devices are riddled with with with you know, vulnerabilities, right,
and so once the bad guy remotely gets on your machine,
they can get into your online banking like your like
like they're sitting in front of the computer from anywhere
in the world. Remote access technologies facilitate that process. So
(16:21):
if you're updating your hardware, updating your software, updating your passcodes,
generally you become a tougher target. It's harder for the
bad guy to get access to your bank account.
Speaker 2 (16:30):
Okay, I guess we get to pass goes.
Speaker 3 (16:32):
Now.
Speaker 2 (16:32):
You mentioned having to update them.
Speaker 1 (16:35):
I'm bad about that. I shouldn't.
Speaker 2 (16:37):
I shouldn't tell the public that I'm bad about updating
my pass goes. I have really good ones. They're all different,
But why is it important to change them? What a pain?
Speaker 1 (16:45):
So so I I don't necessarily change my passcodes. But
here's the thing. I don't have the same passcode on
any two accounts. I have hundreds of accounts and hundreds
of different passcodes. I don't know more than just a
couple of them. I know my Google password, I know
my Apple password. I know the password to my mobile
(17:06):
phone and my laptop.
Speaker 2 (17:07):
If you know your password, it's probably a weak password.
Your password should be so strong enough you could never
remember it.
Speaker 1 (17:12):
So uppercase lowercase phrases. All of that stuff is fine
for the accounts that you want to or need to remember, right,
the critical accounts, but like for the majority of them
that you don't necessarily need to remember your password manager.
Do you have a password manager?
Speaker 2 (17:29):
Yeah?
Speaker 1 (17:29):
So a password manager is one of the best tools
that people can use in the first question that people
have is, well, what if the password manager gets hacked.
I'm not worried about that. The reality of it is,
this has been about fifteen billion passwords compromised in the
past fifteen twenty years. Fifteen billion. That means pretty much
all of our passwords at some point have been compromised. Okay,
(17:50):
now that in and of itself. The problem there is
that ninety six percent of those passes, actually ninety four
percent of those pass codes, people are pretty much using
the same passcode across multiple accounts. That's the danger because
if you're using the same passcode for Facebook as you
are for Email, and your Facebook account gets compromised, then
they can get into your email because you're using the
(18:11):
same credentials across multiple accounts. See how that works, And
so is if you're using a different passcode everywhere. Uppercase
lowercase numbers, characters, and the password manager generates the passcode.
You're not going to be able to remember that passcode
because it's essentially like six uppercase f ampersand exclamation.
Speaker 2 (18:31):
You copy it, you can copy it, you don't need
to really remember it. You go to your manager reveal
copy and you're paste.
Speaker 1 (18:39):
It in or your password manager automatically plugs it in
for you. That's what this, that's what the that's what
a password managers generally want to do. So there's so
many out there. There's there's there's one password like the
number one password. Uh this uh this last pass. Last
pass got hacked a few years back, but they're in
pretty good shape now.
Speaker 2 (18:57):
So we were just talking about how we should get one.
And you're not worried about them getting hacked, I'm.
Speaker 1 (19:04):
Not at all. Well, but they're a security company. Their
servers were accessed, but the information that they had on
their files was not compromised because it was encrypted, right,
so they know what they're doing. It's like you have
your money in a bank. Banks get hacked, right, but
no banks have been hacked at the degree where you
know they no longer exist.
Speaker 2 (19:23):
Right.
Speaker 1 (19:23):
Let me, there's no such thing as one hundred percent security.
There's always going to be vulnerabilities. But you know, in
order to engage in commerce at some level, you've got
a bank online to to a certain degree, you've got
to have a password manager, you know, with with a
different passcode across multiple accounts. So one password is good,
last pass is good, roboform is good, Apple's password manager
(19:44):
is good. They're all pretty good.
Speaker 2 (19:45):
Okay, more on password protection on this really important topic.
We're trying to keep you from having your life destroyed
by you by hackers.
Speaker 1 (19:54):
On WBZ It's Night Side with Dan Ray on w
Austin's News Radio. Randy J.
Speaker 2 (20:01):
Forb Dan WBZ guest Robert Ciciliano, he is a cybersecurity expert.
To break that down. Really, what we're trying to do
is save you from a horror story of being hacked
to death in the cyber world. And we're talking about
password protection now, and that's no small thing. And I'm
going to pick up on this, asking you the question,
(20:24):
what about folks who have mostly the same password for
everything only with a slight variation. For example, dog's name
thirty two, same dog's name forty seven.
Speaker 1 (20:39):
Does that make it.
Speaker 2 (20:39):
Easier for somebody with some sort of AI machine that's
or a computer to sift through a million numbers and
get your you get in or is that a fine
thing to do? Well?
Speaker 1 (20:53):
See, I'm pretty confident that someone who's using like a
very similar password with slight variation, they're probably using like
a handful of passwords for multiple accounts, right, which means
that they're pretty much still kind of using same or
similar passcodes across multiple accounts, and that they're kind of
(21:15):
in the dark ages and no offense to anybody. I mean,
it's just you know, that's just the nature of it, right.
If you're not using that password manager like I suggested,
then if you then you don't either you either only
have like like a very small handful of accounts or
you're just simply using the same passcode across multiple accounts
with billions and billions of passcodes being compromised. Look at
on my own laptop that's sitting in front of me
(21:36):
on the desk right now, I've got twenty million email
addresses along with their associated passcodes. And how did you
get the Dark Web? I just downloaded it from the
Dark Web.
Speaker 2 (21:45):
You did not pay for them, and you got them free.
Speaker 1 (21:47):
Anybody can do the same exact thing. And with those credentials,
I can log into these people's accounts. Do you have
in there? Actually twenty one million you could.
Speaker 2 (21:56):
Pick one and you have an email? You have them
and password?
Speaker 1 (22:02):
Yeah, and that's all. Look at there are.
Speaker 2 (22:05):
Have you ever done it? Just to look to peak.
I'll take that as a can't say.
Speaker 1 (22:11):
And I will neither confirm nor deny it. All right,
let's just say it's possible, all right, Okay, Look, there
have been as many as one hundred and seventy five
billion records of our records, our information, names, addresses, phone numbers,
email addresses, past codes, right bank account numbers, credit card numbers, everything,
one hundred and seventy five billion records compromised in the
(22:32):
past fifteen twenty years. That's like the world's population, multiple
multiple times. What's that mean? It means the bad guys
have access to almost everything. Does that mean you just
give up?
Speaker 4 (22:41):
Know?
Speaker 1 (22:42):
What it does mean is that you make the data
that the bad guys have about you useless to the thief.
So how do you make the data that the bad
guys have useless? Well, as far as passwords go, you
don't use the same passcode twice. You change up your
passcodes that you've been using for years and years and
years that are the same that are on the dark way.
So once you have the passwordvantage, you set that up
(23:02):
and then two factor authentication. Two factor authentication makes the
passwords that are out there useless to the thief. Explain
what that is for folks. Okay, so two factor authentication
is easy enough. You know, you have your mobile device
in your possession. You plug in your username, which might
be an email addressed, You plug in your passcode, and
then it sends you a text message for a one
time passcode usually like six to eight digits, and the
(23:25):
second factor is your mobile device. It's that second factor
the bad guy would have to have your mobile device
in their possession in order to get into your account.
So two factor authentication isn't bulletproof, but it is one
of the best tools that we have right now to
prevent the bad guys from accessing your accounts with the
data that they have at their fingertips that they download
(23:46):
it from the dark web.
Speaker 2 (23:48):
How is it not bulletproof if you have the phone
and there's nobody peaking.
Speaker 1 (23:52):
So this is what's called a man in the middle attack.
A man in the middle attack could be somebody posing
as say your bank, and they say, hey, you know,
we at what we had a you know, our service
went down and we need to actually your account because
we think it might be compromised. We're going to send
you a text message with a one time passcode. So
they're socially engineering you. They're they're they're they're in the middle,
(24:13):
a man in the middle, and they're they're posing and
functioning as the bank, but convincing you to give up
that one time passcode via two factor authentication.
Speaker 2 (24:23):
So yeah, you would never ever they would never ever
ever ask you to do this ever.
Speaker 1 (24:28):
But look at that's we as human beings trust by default.
Speaker 2 (24:32):
Oh that's your particular theory and that it hasn't it
had an evolutionary evolutionary value.
Speaker 1 (24:40):
Yeah, man, think about it.
Speaker 2 (24:41):
Maybe that has become obsolete. Maybe maybe in order to
survive you kind of had to trust each other against
the other species that we're trying to eat us. Maybe
that is now an obsolete thing, that trust thing.
Speaker 1 (24:51):
Look at when you come out of your mama, you
just trust and you go throughout life trusting pretty much
everybody you meet pretty much, which all the time.
Speaker 2 (25:01):
That's that's another topic. But maybe that's now counterproductive.
Speaker 1 (25:05):
Well it is. I think trust is overrated. We trust
too much. We give the benefit of the doubt all
the time every day. And some people say, I don't
trust anybody? What they do? You do? You do it?
You do? I mean we have to look at we
just want to. We need to. Without trust, we would
fail as a species, we wouldn't procreate, right, but we trust.
(25:29):
Look at ninety seven percent of all people are really
good about two How.
Speaker 2 (25:33):
Do you would you arrive at that figure? By the way,
I think it's closer to.
Speaker 1 (25:37):
Forty. I think it's about ninety seven percent of all
people a worthy of your trust. But that means two
to three percent are not. They are sociopaths, psychopaths, and
hard core narcissists by their nature, and they are not
worthy of our trust. They don't they don't possess empathy, sympathy, remorse,
or guilt. Those are the bad guys. Those are the hackers.
(25:59):
Those look they look at you and I as our
as their natural prey. Right all right, back to nuts
and bulls.
Speaker 2 (26:07):
Sometimes you could ask, hey, do you want us to
generate a password for you, or do you want to
make up your own. I always make up my own
because I figure if they somebody made it up, then somebody,
some machine knows it and can't I can't trust that machine.
Speaker 1 (26:20):
Yeah, So I have access to tools. We all have
access to tools that can search out compromise passcodes. So
like I, I like on my website protect now LLC
dot com. If you scroll down in the first page
of search, you could plug in email addresses, and you
could plug in passwords and search basically fifteen billion records
that you have access to on my website that let
you see if any passcodes or email addresses have been
(26:41):
part of any specific data breaches, right, And you could
take like the word password and plug that in.
Speaker 2 (26:48):
Probably like one hundred one billion people, like one hundred.
Speaker 1 (26:51):
And twenty million people using password as a password. You know, uh, one, two, three, four, five, six, seven, eight,
Like you know sixty six million people using one through
eight as a passcode and so on. But if you
take any passcode from a password manager that's generated from
a passport board manager, plug that into the tool. Ah zero,
(27:11):
I'm good to know zero, Okay, Yeah, because the password
managers they know what they're doing. It's like ten fifteen
upper case lower case numbers, characters. It's just it's undecipherable.
Speaker 2 (27:22):
Okay, this doctor Rick and Bill Rica, thanks for calling
six months, seven, two, five, four, ten thirty.
Speaker 1 (27:27):
Rick, you're on busy.
Speaker 3 (27:29):
All right, Thanks guys, I really appreciate. I'm going to
try to organize my thoughts and say it quickly. Bradley,
Happy Thanksgiving. And Robert two and I heard you guys
driving and I said, my god, I got to tell
him most So I have this whole pallet us to
work with. He was my manager. He's retired now, he's
seventy five. And I recently saw him and he was
(27:51):
telling me how he was making money in the stock
market through e trade and he shows me this beautiful
Singapore girl or something, and he goes, yes, she's she's
explaining and she's helping me to make a lot of
profit off it. And I said, all right, that's cool.
And so I recently called them to talk with them,
(28:13):
and he tells me I'm doing okay. You know. I
was just getting an update from him and well, actually
he said, yeah, I had a cancer scare and being
treated for it. But I made two hundred and forty
thousand dollars profit this summer. What do you think of that?
And I said, two hundred and forty thousand dollars? How
(28:37):
did you make that? He said, well, I make these
deposits to this girl who invests the money through E trade,
and I get the money and I can take it out.
And I said, well, you got to pay capital games.
He didn't even know what Capitol Games was, and I said,
you're going to have to pay taxes. But it was
good to know that it was E trade and not
(28:57):
I didn't know what it was, what country it was,
if it was a cyber so we said it was
E trade and so I was thinking of maybe doing
some of these deposits. Thatsader's two hundred. My friend I
won't say his name, but my friend put he like
invested one hundred thousand dollars to.
Speaker 2 (29:15):
Make up let us know, you know, cut to the
chase and how did it turn out? Did you invest?
Speaker 1 (29:22):
Anny? No? I did not.
Speaker 3 (29:25):
I'm sorry, I'm beating around the bush, but but but
the chase is just is he being scammed?
Speaker 1 (29:32):
All right, let's worry.
Speaker 2 (29:33):
About I appreciate the call.
Speaker 1 (29:35):
That was a great call.
Speaker 3 (29:36):
Robert, I'm sorry, Yeah, Robert, this this to.
Speaker 2 (29:38):
You, perfect call Rick, Okay, right up to the mic.
Speaker 1 (29:41):
The likelihood of making two hundred and forty grand over
the course of a summer for some girl you met
on e trade is probably slim to none.
Speaker 2 (29:48):
It's just somebody that said they're on the trade.
Speaker 1 (29:50):
Yeah, And you can easily create an e trade looking
website with a basic web management software web developing software,
you know, AI tools will create a live looking ticker
that looks like it's coming from e trade and like
everything is at the bad guy's fingertips to make the
scam as rare as possible. So the only people that
(30:13):
you should be engaging with in regards to any legit
trades are your financial service professionals, like real legit financial
service professionals. Yeah, because you either set up an e
trade account with e trade, you meet with e trade,
like you sit down with e trade. It's you know,
brick and mortar buildings that you're sitting down with like
legit people. That's the only investments that you should be making.
(30:36):
If you're not because some woman contacted you with the
wrong number of text message ever.
Speaker 2 (30:41):
Yeah, Oh so, okay, many of us will say, that's obvious.
How many people you know in a hundred would make
the mistake of getting falling for that?
Speaker 1 (30:52):
The problem is too many? How many? Park I would
say probably about ten percent? Okay, yeah, yeah, look at it,
because like you know, we we we're just gullible and vulnerable.
But that doesn't make us dumb, It doesn't make us stupid.
It just makes us normal. Like we just want to
trust others.
Speaker 2 (31:12):
Okay, we're gonna break. But when it comes to trust,
perhaps in person, maybe these days, in person trust and
maybe the default if you can't see their online, the
default might be don't trust.
Speaker 1 (31:24):
Is WBZ you're on Night Side with Dan Ray. I'm
WBZ Boston's news Radio.
Speaker 2 (31:31):
Bradley Jay Vidan tonight and we're with Robert Csile. I'm
trying to save you from having your identity stolen and
your money stolen. And we have quite a short time
to burn through a few important things. And Angelo and
Newton we're gonna get to you as well. But I
need to address this urgency. Always a red flag. Anything
(31:52):
anybody contacting you in any way trying to convince you
to do something quickly, must do now, is a red flag.
Speaker 1 (32:01):
Correct especially when the voice is like your your loved ones,
often a female in the background screaming for help. Right
you hear her voice in the background screaming for help.
That happen actually happens, oh all the time. Yeah, even
if you don't hear that. Though, if somebody says contact
us immediately. For example, you were mentioning someone who uh
(32:22):
got an Apple message from Apple, contact us right away.
My dad gotta pop up on his computer that had
the Apple logo with the Apple phone with a phone number,
saying it's Apple. There's a problem the computer. Call us.
And he called the number, and and he's a smart guy.
Speaker 2 (32:40):
You know, he's a you know what makes me worry
about me? I think I'm a smart guy. But well,
just people who think they're smart guys get get fooled.
Speaker 1 (32:48):
It's because we trust by default. But what do we
trust have that going forward? We trust Apple, we trust
e Trade, we trust fidelity, we.
Speaker 2 (32:57):
Trust familiar websites. Of course, we do whatever you do.
Just because a website looks familiar, Like if it looks
like your bank website, it doesn't mean it is. It
might not be.
Speaker 1 (33:08):
I would say, the majority of the people that are
listening to the show. Grew up trusting the written word. First, Okay,
Wall Street Journal, New York Times, Time Magazine. You trusted
the written world, the written word, and then radio you
trust what you hear in the radio. Television you trust
what you see on television. So Internet, it's a form
of media. We trust what we see in the Internet
(33:29):
via email, text messages. We trust all these inbound communications,
and we have been doing it for all of our lives.
You can't just by default do that any longer.
Speaker 2 (33:38):
Should you use a VP and a virtual private network,
you recommend it, explain what it is quickly and briefly,
I should say, not necessarily quickly. What's a VPN? When
would you use it? When would it be legit?
Speaker 1 (33:50):
So just google VPN virtual Private network the software you're
downloading your mobile phone and or your laptop. So when
you're at the airport the hotel and you're on free
Wi Fi, the VPN encrypt your data on that open
free Wi Fi on a on an encrypted tunnel, preventing
bad guys from seeing your information on free open Wi Fi.
Speaker 2 (34:08):
If you're a person who used has to use Wi
Fi at the airport, don't use the public Wi Fi,
especially for financial transactions. Look into virtual private network. A
lot of them have a monthly fee, and they can
slow your computer down. But unless you're streaming, you know
it will be as you explained to me earlier, it
will be faster than what's no, it will be faster
(34:28):
than your cell service at the airport because a lot
of times that slows down, but it will be safe.
It won't be maybe as fast as the airport, but
it will be safe VPN check it out. What about
speaking of the airport, I heard a rumor that it's
bad idea to plug in to their phone charges juicing.
Speaker 1 (34:49):
What is that? That's called juice jashu jackie where the
actual outlet is compromised, and so once you plug ins,
it's it basically downloads your data off through the wire
from your device. Look At that's a that is a scam.
That is a that is out there. I'm not worried
about it. It's look at certain scams are probable and
(35:10):
possible and out there and discovered. But that doesn't mean
that you shouldn't plug in in judge.
Speaker 2 (35:15):
Especially if you need your phone charts. I'm gonna whip
through this thing that happened to a friend of mine.
Just so you're aware that it can happen. And this
was an in person thing, it wasn't online.
Speaker 1 (35:25):
Uh.
Speaker 2 (35:26):
I know a person whose friend went to it an
ATM comes away from the ATM. Man comes up to
her says, oh, you forget ten bucks. You left ten
bucks at the ATM. And and by the way, your
your your window is still open, your kind still open.
You gotta go close it. So she goes over to it,
to the ATM machine and tries to like figure out
(35:47):
what he's talking about. And he goes, no, no, no,
just I'll do it for you.
Speaker 1 (35:52):
And he took her card.
Speaker 2 (35:53):
He does something he did a little slight of hand
did and gave her back different card that looked the
same in the same bank. Then took it to a
it took it in person two banks to withdraw three
different banks under a certain amount and cleaned out, you.
Speaker 1 (36:16):
Know, double digit thousands of bucks.
Speaker 2 (36:19):
Ye, So again default trust default, no trust. Now we
go to alec Angelo and Newton, perfect timing, Angela, what's
going on here on WBZ with Robert Ciciliano and.
Speaker 4 (36:32):
I you doing, Bradley, thank you for taking my call,
and rob It I got a question to ask you.
I have been hacked nine times and I had a
person called me and was reading all my identification to
me in my credit cards that one that even activated. Ye,
how do they do that?
Speaker 1 (36:52):
So chances are they've got access to various accounts because
you might be using the same pass quote across multiple accounts.
That's usually has to like that happens. And if they're
inside your email, they can see everything, right, So it's
important to change up your passcodes and set up two
factor authentication to lock them out, and make sure that
you have a credit freeze so that your socialist credit
number is also protected. The majority of the hacks that
(37:16):
I hear about our as a result of poor password
management and unprotected identities. And once you do these basic
things that you become a tougher target and the bad
guy is going to lay off you. They're going to
find somebody else.
Speaker 2 (37:29):
That's a good That's a perfect place to stop because
I'm so we're so short a time, you know, after
thank you Angela, you know have to go in through
this hour. It almost seems like the folks that I
used to try to convince get a computer, you know,
the folks listening to me now without computers, I would
try to convince them.
Speaker 1 (37:46):
You get a computer, you gotta get online. You're missing out.
Speaker 2 (37:49):
I feel like, whoa, maybe they're right all along to
be you know, offline. I know there's certain things that
just can't do, and even there will be soon more
than you just can't do. But it's staying safe is
kind of exhausting.
Speaker 1 (38:03):
OK a minute, Yeah it can be, but listen, it's
not about first of all, don't worry about any of
this stuff. Just do something about it. It's like anything else.
You know, you you you learn basic you know, risk
reduction strategies. You're gonna be online pretty much for the
rest of your life. So you do these basic things.
Speaker 2 (38:20):
It's just gotta do it.
Speaker 1 (38:20):
You become a tougher target. It's like anything else. It's
worth the effort. Right, you gotta go to the doctor.
You gotta do this stuff. Yeah.
Speaker 2 (38:27):
Right, We had a wonderful hour everyone. You should probably
share this if you want to get this podcast. But
tomorrow go to night Side on demand and you can
get this podcast shareable link and everything and you can
do the same. Robert Ciciliano, thank you so much for coming.
And this is a great, great hour, Thank you, Yeah.
Speaker 1 (38:45):
And see me online to protect now LLC dot com
perfect Now This on night Side on WBZ
It's Nice Eyes with Dan Ray ongoing Easy Boston's news radio.
I'm Breda Jay for Dan tonight.
Speaker 2 (00:09):
If I am, if I said, hey, we're going to
talk about cybersecurity, you would say, But if I phrased
it differently, if I told you tonight, I'm going to
tell you how to decrease your chances of having your
ID stolen, your credit ruined, your bank account wiped out,
and becoming a totally broken person, you'd pay attention. Well,
(00:32):
then then go with the latter, because that's what we're
going to talk about, and we have a super duper
expert in here to give us well to let us
know the dangers and to give us actionable stuff that
we can do to protect ourselves. I've already done a
bunch of them, and you really need you need to
know this stuff. So I'm very happy to introduce our guest,
(00:53):
Robert Ciciliano, a cybersecurity expert. Hi.
Speaker 1 (00:56):
Robert, Hey buddy, you are iconic.
Speaker 2 (00:58):
By the way, Well, thank you very much much. I
have spoken to you a number of times way back.
It almost seems, you know, when the Internet was first
starting out. It's not really that way, but things have
come a long way since we used to speak, so
I'm anxious to catch up.
Speaker 1 (01:14):
Yeah, there's a lot to talk about.
Speaker 2 (01:16):
You know. One thing I can do is start with
a story. I have a friend who was just living
her life, living in actually Florida at the time, and
put her iPhone and her scooter not you know, the
little pack on the back there, whatever you call it,
(01:36):
and walked away and somebody, I don't know what she
was doing, but somebody went in there and stole it,
and somehow through that her life was ruined. Her apple
id her, she couldn't, you know, the access to her
stuff on the cloud was blocked, and on and on
and on. Her life was living hell for months and
months and months. And this could happen to you. It
(02:00):
could happen to any one of you anytime, and so
we need to address that. First of all, Robert, tell
us about you, and tell us how people can contact
you if they should need more personal advice or have
further questions after you're gone.
Speaker 1 (02:18):
Yeah, easy enough. So by trade, I provide a security
awareness training, which basically means I head into organizations, corporations
at their conferences and so forth, and get in front
of their people and provide awareness training, giving them what
they need to know in regards to who the bad
guys are, what the motivations are, and what you as
a consumer, as an employee, what systems need to put
(02:39):
in place to reduce that risk, to make sure that
when the bad guys send you an email, send you
a text message, call you, or show up to your
place of business, that you become a tougher target. I'm
available online at protect NOWLLC dot com. Again, protect NOWLLC
dot com.
Speaker 2 (02:56):
Okay, you know we go through all this, I guess
for the sake of convenience, But look at all the
hoops we have to jump through for convenience. I wonder
if it is all worth it. I talk to people,
most Knights, who don't have computers and don't want computers
because they want no part of this risk that we're
talking about. It's fairly interesting. And speaking of you listening,
(03:18):
have you been acted? Have you had your identity stolen?
Have you been scammed? Do you wonder if you're being scammed?
Have you had you know? Questionable things happen? And in general,
does it bother you that strangers, some who many who
want to steal from you may already have your information.
(03:40):
We'd like to hear from you at six point seven
two five ten thirty. Now, first let's talk about devices, phone, laptop.
What can we do to protect ourselves regarding these devices?
Speaker 1 (03:56):
Well, first and foremost, your friend whose mobile was stolen
out for a scooter, there's a one hundred percent chance
that her life was ruined as a result of that,
that her mobile phone was not password protected. That's like
the first thing I thought.
Speaker 2 (04:12):
That I would imagine that everyone would know to do that.
But is that you find that's not the case.
Speaker 1 (04:17):
You'd be surprised how many people do not password protect
their mobile device. If your mobile device is lost or
or worse stolen and it's not password protected, you know,
the question is what do they have access to? And
the answer is always everything, right, And once they're on
your device, they not only have access to your Apple ID,
generally your whatever that email associated email addresses, they all
(04:41):
also have access to your email, right, so they're logged
into your Gmail once they are on your phone, and
if in fact you use email. But once they're in
your Gmail, from there, they can reset your Apple ID,
they can reset your Apple passcode. From there, they can
reset the passcode to your banking to your credit cards,
to pretty much everything. Guys say, if you own the
(05:02):
person's email, you own the person because that's where everything resides.
That's where all the transactions begin and passwords are changed.
And so password protecting your devices, laptops, desktops, mobile phones,
in your house, and of course the portable devices is
absolutely necessary, and too many people don't do it.
Speaker 2 (05:23):
So you're telling me that there are people currently with
where anyone can go into their phone if they get
the phone. Yeah, and it's not locked. So people, right
away you need to figure out how to password protect
your phone. If you don't know how, call If you
have an Apple device, you can call Apple tech Support.
(05:44):
I don't know how it works with other phones, but
figure it out.
Speaker 1 (05:47):
Just google it. Just ask Google's Gemini how to password
protect my mobile device. It'll walk you through exactly how
to do that, whether it's Chatch ept, Google Gemini, step
by step. It's such a simple thing. And that's just
one thing. Password management, access control for all your devices
is the most overlooked risk reduction strategy that too many
(06:08):
people don't engage in.
Speaker 2 (06:09):
Oh yeah, and also, if you're a person like I
am here, I'm a visual person. I love getting tutorials
on YouTube. That's that's how I get things done. That
works for me. Yeah, So use the technology in your
favor friends. So that goes for the phone and the laptop.
Now they're trying to circumvent password at least part of
(06:31):
the time with your fingerprint on, Like my laptop, it
does shut down, but if I just touch it with
my fingerprint, it opens up. Is that okay? Or is
somebody going to cut my finger off to get into
my computer?
Speaker 1 (06:45):
So I make sure to incorporate biometric technologies into all
my hardware as a form of access control, whether it's
my mobile device, my laptop. That's fine. You know, passwords, biometrics, fingerprint,
iris scan, facial recognition, all that stuff is really good
as long as it's locked down so that it's not
easy for somebody to get it if you lose it
(07:07):
or if they steal it. Generally you're going to be
in pretty good shape.
Speaker 2 (07:10):
Okay, we're gonna break and then we're gonna get to
some other must do things to protect you from becoming
a cyber broken person. Coming up on WBZ.
Speaker 1 (07:22):
It's Night Side with Dan Ray on.
Speaker 2 (07:26):
Boston's news radio Bradley for Dan tonight. I'd love to
hear from you six one, seven, two, five, four, ten thirty.
Have you had any issues cybersecurity wise? Have you been hacked?
Have you been fooled? Have you had attempts? Have you
had do you have questions? Was was that legit? If
you have questions, it probably wasn't. Uh, And we have
a number of things, but definitely get to gonna get
(07:47):
to Robert Ciciliano. But one we're going to add on
is every email, every phone call, every text you get,
you got to take a look at what's going on here?
Speaker 1 (07:58):
Who is that?
Speaker 2 (07:59):
What are they doing?
Speaker 1 (08:00):
What's the motivation? Why are they contacting me that? Well,
what's the motivation? Why are they contacting me? Like?
Speaker 2 (08:04):
What?
Speaker 1 (08:04):
What is what? What are they trying to get out
of me? You know? And and and be suspect. Don't
just automatically trust, you know, today, I don't know anybody
that does not get bombarded with the inbound communications that
are meant to you know, steale from us. And so
if you're cognizant of that, and you're not just by
default trusting every inbound communication, being suspect, especially when your
(08:26):
blood pressure goes up and there's some type of a
threat and there's any form of money that needs to
be transacted. Oh god, no, you need to be suspect.
You can't just automatically say, oh, my loved one is
in danger, therefore I must act. No, I mean, how
likely is it that that is actually happening? That's you love?
Speaker 2 (08:43):
What is that that's a particular scam? We'll get to
there's so many, I am. We'll get to that in
the scam department. But I am so senative sensitive to
it that there I'm aware of these simple hey, how
are you doing?
Speaker 1 (08:56):
Texts?
Speaker 2 (08:56):
How do you that? That are not from any you know?
And the sender is hoping you'll, you know, say ah, good,
who's this? Or oh and they say, well, I'm sorry,
wrong thing, but how you doing anyway? And they try
to strike up a relationship.
Speaker 1 (09:12):
It's the wrong number scam.
Speaker 2 (09:13):
I guess we were into scams, so we might as
well do scams. How about how about the grand the grandmother,
little Timmy's in trouble, we need money right now? Scam?
And add into that mix in that type of scam
AI and how much more effective these scams become.
Speaker 1 (09:30):
Sure, So when we receive the wrong number of text messages.
Most of us, you know, delete it market. I spam.
I respond to all of them, right because I want
to know who's on the other end of line, and
I engage. I want and I scam bait them to
a certain degree, and I actually have dialogue with them.
And generally when I do this, within a week, they
(09:51):
want to get on WhatsApp video like, they want to
actually have do a video call with me, and they
want face to face. And when I do get face
to face with them, it's usually generally a female, a
Southeast Asian female. However, she has a generally like a
Russian woman's complexion that is generated via artificial intelligence. Okay,
(10:15):
so the woman that I'm actually speaking to is likely
a victim of human trafficking based in Southeast Asia. The
United Nations says this is probably about three hundred thousand
victims of human trafficking right now in the world, most
of them in Southeast Asia. That they are eighteen hours
a day scamming us because they're being forced to gun
(10:40):
to their head scamming us. And when I communicate with them,
I understand what they're going through. I'm not trying to
trip them up. I want to understand their scam, and
generally within a week after the video, it's from there.
It's about trust, it's about building relationships. It's not so
much about romance, but it can be. And what they
want is primarily is for me to engage in cryptocurren right.
(11:00):
They want me to download apps, they show me how
to do it right. They send me off screenshots of
all that, and I'll go back and forth with them,
showing them the screen shots. And then they want to
take over my accounts. And then they want me to invest,
you know, from my bank account, from my credit card,
and they'll show you, you know, like sixty eighty percent
you know, returns in your money in a week. And
it's exactly like a Ponzi scheme where you can actually
(11:23):
take the money out. But what they want is they
want you to invest and reinvest and invest and reinvest.
I met a couple down in Florida that lost six
hundred thousand dollars to the exact same scam. They thought
they had made two point two million and they lost everything.
And that is so easy because AI makes it easy,
because it's scalable. They can change the voice, they can
(11:44):
change the face, and they are believable. And what they
really pray upon is our loneliness, because one out of
four of us, twenty five percent, our default every day
is that we have a sense and feeling of loneliness.
And it's normal and it's natural, and it's unfortunate. And
that pain and ache of loneliness is no different than
hunger pains, you know, like we need to eat, therefore
(12:07):
we have hunger pains. We need to procreate, therefore we
have lonely Like that's evolutionary. And so as a result
of that, they prey upon those people who are lonely
and they hook them.
Speaker 2 (12:17):
Okay, Next, beware of anything that involves gift cards.
Speaker 1 (12:21):
Correct gift comment payment pay me in gift.
Speaker 2 (12:24):
Cards is a huge giant red flag.
Speaker 1 (12:27):
Yeah, anytime there's any type of a ruse where someone
emails you, text you say hey, go out and buy
me five gift cards or pay with gift cards, this
and that, that's always going to be a scam. Just don't.
Speaker 2 (12:40):
Okay, other scams, well.
Speaker 1 (12:42):
You know, I would say more than anything like the
grandparent scam. And look at Timmy, who you know, got
in a bar fight in New Orleans and needs his
grandparent to bail them out and just wire him two
thousand dollars to pay for his lawyer. Like, that's just
not going to happen. I mean, the story might sound feasible.
Timmy might actually sound like Timmy, but they got Timmy's
(13:04):
voice off of Snapchat or you know, Facebook rails or
he posted a video with him and his buddies and
they used artificial intelligence to clone his voice. But really,
what you need to do is call your son, call
your daughter, say hey, is Timmy? Okay? Or call Timmy directly.
Don't just wire the money. Because you wire the money,
you're just giving money to bad guys to support their
drug habit. Okay.
Speaker 2 (13:27):
Next up, Oh, let's talk about freezing credit.
Speaker 1 (13:31):
So credit freeze has been around since two thousand and
eight as.
Speaker 2 (13:35):
A way to protect yourself. Everyone should freeze your credit.
Speaker 1 (13:39):
Yeah, so, freezing your credit does not affect your credit rating,
It doesn't affect your credit score, it doesn't affect your
ability to get credit, it doesn't damage your credit. What
it does is, it's plain and simple. It's a lock
on your credit on your credit bureau. So experience TransUnion
Echo factor with the three major credit bureaus. When a
lender gets an application for credit, the first thing they're
(14:02):
gonna do is is contact the credit buros to check
your credit score and immediately if your credit's frozen, right,
they're locked out. They can't They're not going to issue
a line of credit under your name. Therefore, you right
now freezing your credit is the best thing that you
could do to reduce that risk. All you've got to
do is go to TransUnion experience echofax, search out eat
the three names of the credit bureaus the words credit freeze.
(14:23):
You'll find the page on each of the buros to
freeze your credit.
Speaker 2 (14:28):
I guess before we go on and talk about things
you can do to protect yourself, let's spend a little
time talking about what you're protecting yourself from. How bad
could things get? What could you know? What could happen
to you?
Speaker 1 (14:43):
You know, if you are not doing the basic things,
like you know, freezing your credit, your Social Security number
ends up in the hands of a criminal. They're gonna
essentially open up as many possible lines of credit under
your name as quickly as they can, tens of thousands
of dollars. You don't even have to have good credit.
You just have to have decent cred And once they
open up lines of credit under your name as much
as six figures, they're going to cash out, not pay
(15:05):
the bill. Now you're saddled with that debt until you
realize it, and then you can actually get the debt expunge. However,
your credit is still going to be bad and that
process can take years before your credit actually gets good again.
So not freezing your credit today puts you at risk.
To freeze your credit now you eliminate that problem, right,
(15:26):
and a big one. I mean, do you have time
for this right now?
Speaker 2 (15:28):
Password management actually more more dangerous I wanted to cover.
I ask you a question about what can happen regarding
your bank account? Can they clean out your bank account?
Speaker 1 (15:40):
Generally, the cleaning out of a bank account occurs when
your hardware, your devices, your mobile, your laptop, your desktop
is older, outdated, not password protected, old browser, old operating system.
You're functioning in Windows seven, you're functioning in Windows eight.
You're not updating your critical security patches, you don't have
(16:01):
anti virus, your devices are riddled with with with you know, vulnerabilities, right,
and so once the bad guy remotely gets on your machine,
they can get into your online banking like your like
like they're sitting in front of the computer from anywhere
in the world. Remote access technologies facilitate that process. So
(16:21):
if you're updating your hardware, updating your software, updating your passcodes,
generally you become a tougher target. It's harder for the
bad guy to get access to your bank account.
Speaker 2 (16:30):
Okay, I guess we get to pass goes.
Speaker 3 (16:32):
Now.
Speaker 2 (16:32):
You mentioned having to update them.
Speaker 1 (16:35):
I'm bad about that. I shouldn't.
Speaker 2 (16:37):
I shouldn't tell the public that I'm bad about updating
my pass goes. I have really good ones. They're all different,
But why is it important to change them? What a pain?
Speaker 1 (16:45):
So so I I don't necessarily change my passcodes. But
here's the thing. I don't have the same passcode on
any two accounts. I have hundreds of accounts and hundreds
of different passcodes. I don't know more than just a
couple of them. I know my Google password, I know
my Apple password. I know the password to my mobile
(17:06):
phone and my laptop.
Speaker 2 (17:07):
If you know your password, it's probably a weak password.
Your password should be so strong enough you could never
remember it.
Speaker 1 (17:12):
So uppercase lowercase phrases. All of that stuff is fine
for the accounts that you want to or need to remember, right,
the critical accounts, but like for the majority of them
that you don't necessarily need to remember your password manager.
Do you have a password manager?
Speaker 2 (17:29):
Yeah?
Speaker 1 (17:29):
So a password manager is one of the best tools
that people can use in the first question that people
have is, well, what if the password manager gets hacked.
I'm not worried about that. The reality of it is,
this has been about fifteen billion passwords compromised in the
past fifteen twenty years. Fifteen billion. That means pretty much
all of our passwords at some point have been compromised. Okay,
(17:50):
now that in and of itself. The problem there is
that ninety six percent of those passes, actually ninety four
percent of those pass codes, people are pretty much using
the same passcode across multiple accounts. That's the danger because
if you're using the same passcode for Facebook as you
are for Email, and your Facebook account gets compromised, then
they can get into your email because you're using the
(18:11):
same credentials across multiple accounts. See how that works, And
so is if you're using a different passcode everywhere. Uppercase
lowercase numbers, characters, and the password manager generates the passcode.
You're not going to be able to remember that passcode
because it's essentially like six uppercase f ampersand exclamation.
Speaker 2 (18:31):
You copy it, you can copy it, you don't need
to really remember it. You go to your manager reveal
copy and you're paste.
Speaker 1 (18:39):
It in or your password manager automatically plugs it in
for you. That's what this, that's what the that's what
a password managers generally want to do. So there's so
many out there. There's there's there's one password like the
number one password. Uh this uh this last pass. Last
pass got hacked a few years back, but they're in
pretty good shape now.
Speaker 2 (18:57):
So we were just talking about how we should get one.
And you're not worried about them getting hacked, I'm.
Speaker 1 (19:04):
Not at all. Well, but they're a security company. Their
servers were accessed, but the information that they had on
their files was not compromised because it was encrypted, right,
so they know what they're doing. It's like you have
your money in a bank. Banks get hacked, right, but
no banks have been hacked at the degree where you
know they no longer exist.
Speaker 2 (19:23):
Right.
Speaker 1 (19:23):
Let me, there's no such thing as one hundred percent security.
There's always going to be vulnerabilities. But you know, in
order to engage in commerce at some level, you've got
a bank online to to a certain degree, you've got
to have a password manager, you know, with with a
different passcode across multiple accounts. So one password is good,
last pass is good, roboform is good, Apple's password manager
(19:44):
is good. They're all pretty good.
Speaker 2 (19:45):
Okay, more on password protection on this really important topic.
We're trying to keep you from having your life destroyed
by you by hackers.
Speaker 1 (19:54):
On WBZ It's Night Side with Dan Ray on w
Austin's News Radio. Randy J.
Speaker 2 (20:01):
Forb Dan WBZ guest Robert Ciciliano, he is a cybersecurity expert.
To break that down. Really, what we're trying to do
is save you from a horror story of being hacked
to death in the cyber world. And we're talking about
password protection now, and that's no small thing. And I'm
going to pick up on this, asking you the question,
(20:24):
what about folks who have mostly the same password for
everything only with a slight variation. For example, dog's name
thirty two, same dog's name forty seven.
Speaker 1 (20:39):
Does that make it.
Speaker 2 (20:39):
Easier for somebody with some sort of AI machine that's
or a computer to sift through a million numbers and
get your you get in or is that a fine
thing to do? Well?
Speaker 1 (20:53):
See, I'm pretty confident that someone who's using like a
very similar password with slight variation, they're probably using like
a handful of passwords for multiple accounts, right, which means
that they're pretty much still kind of using same or
similar passcodes across multiple accounts, and that they're kind of
(21:15):
in the dark ages and no offense to anybody. I mean,
it's just you know, that's just the nature of it, right.
If you're not using that password manager like I suggested,
then if you then you don't either you either only
have like like a very small handful of accounts or
you're just simply using the same passcode across multiple accounts
with billions and billions of passcodes being compromised. Look at
on my own laptop that's sitting in front of me
(21:36):
on the desk right now, I've got twenty million email
addresses along with their associated passcodes. And how did you
get the Dark Web? I just downloaded it from the
Dark Web.
Speaker 2 (21:45):
You did not pay for them, and you got them free.
Speaker 1 (21:47):
Anybody can do the same exact thing. And with those credentials,
I can log into these people's accounts. Do you have
in there? Actually twenty one million you could.
Speaker 2 (21:56):
Pick one and you have an email? You have them
and password?
Speaker 1 (22:02):
Yeah, and that's all. Look at there are.
Speaker 2 (22:05):
Have you ever done it? Just to look to peak.
I'll take that as a can't say.
Speaker 1 (22:11):
And I will neither confirm nor deny it. All right,
let's just say it's possible, all right, Okay, Look, there
have been as many as one hundred and seventy five
billion records of our records, our information, names, addresses, phone numbers,
email addresses, past codes, right bank account numbers, credit card numbers, everything,
one hundred and seventy five billion records compromised in the
(22:32):
past fifteen twenty years. That's like the world's population, multiple
multiple times. What's that mean? It means the bad guys
have access to almost everything. Does that mean you just
give up?
Speaker 4 (22:41):
Know?
Speaker 1 (22:42):
What it does mean is that you make the data
that the bad guys have about you useless to the thief.
So how do you make the data that the bad
guys have useless? Well, as far as passwords go, you
don't use the same passcode twice. You change up your
passcodes that you've been using for years and years and
years that are the same that are on the dark way.
So once you have the passwordvantage, you set that up
(23:02):
and then two factor authentication. Two factor authentication makes the
passwords that are out there useless to the thief. Explain
what that is for folks. Okay, so two factor authentication
is easy enough. You know, you have your mobile device
in your possession. You plug in your username, which might
be an email addressed, You plug in your passcode, and
then it sends you a text message for a one
time passcode usually like six to eight digits, and the
(23:25):
second factor is your mobile device. It's that second factor
the bad guy would have to have your mobile device
in their possession in order to get into your account.
So two factor authentication isn't bulletproof, but it is one
of the best tools that we have right now to
prevent the bad guys from accessing your accounts with the
data that they have at their fingertips that they download
(23:46):
it from the dark web.
Speaker 2 (23:48):
How is it not bulletproof if you have the phone
and there's nobody peaking.
Speaker 1 (23:52):
So this is what's called a man in the middle attack.
A man in the middle attack could be somebody posing
as say your bank, and they say, hey, you know,
we at what we had a you know, our service
went down and we need to actually your account because
we think it might be compromised. We're going to send
you a text message with a one time passcode. So
they're socially engineering you. They're they're they're they're in the middle,
(24:13):
a man in the middle, and they're they're posing and
functioning as the bank, but convincing you to give up
that one time passcode via two factor authentication.
Speaker 2 (24:23):
So yeah, you would never ever they would never ever
ever ask you to do this ever.
Speaker 1 (24:28):
But look at that's we as human beings trust by default.
Speaker 2 (24:32):
Oh that's your particular theory and that it hasn't it
had an evolutionary evolutionary value.
Speaker 1 (24:40):
Yeah, man, think about it.
Speaker 2 (24:41):
Maybe that has become obsolete. Maybe maybe in order to
survive you kind of had to trust each other against
the other species that we're trying to eat us. Maybe
that is now an obsolete thing, that trust thing.
Speaker 1 (24:51):
Look at when you come out of your mama, you
just trust and you go throughout life trusting pretty much
everybody you meet pretty much, which all the time.
Speaker 2 (25:01):
That's that's another topic. But maybe that's now counterproductive.
Speaker 1 (25:05):
Well it is. I think trust is overrated. We trust
too much. We give the benefit of the doubt all
the time every day. And some people say, I don't
trust anybody? What they do? You do? You do it?
You do? I mean we have to look at we
just want to. We need to. Without trust, we would
fail as a species, we wouldn't procreate, right, but we trust.
(25:29):
Look at ninety seven percent of all people are really
good about two How.
Speaker 2 (25:33):
Do you would you arrive at that figure? By the way,
I think it's closer to.
Speaker 1 (25:37):
Forty. I think it's about ninety seven percent of all
people a worthy of your trust. But that means two
to three percent are not. They are sociopaths, psychopaths, and
hard core narcissists by their nature, and they are not
worthy of our trust. They don't they don't possess empathy, sympathy, remorse,
or guilt. Those are the bad guys. Those are the hackers.
(25:59):
Those look they look at you and I as our
as their natural prey. Right all right, back to nuts
and bulls.
Speaker 2 (26:07):
Sometimes you could ask, hey, do you want us to
generate a password for you, or do you want to
make up your own. I always make up my own
because I figure if they somebody made it up, then somebody,
some machine knows it and can't I can't trust that machine.
Speaker 1 (26:20):
Yeah, So I have access to tools. We all have
access to tools that can search out compromise passcodes. So
like I, I like on my website protect now LLC
dot com. If you scroll down in the first page
of search, you could plug in email addresses, and you
could plug in passwords and search basically fifteen billion records
that you have access to on my website that let
you see if any passcodes or email addresses have been
(26:41):
part of any specific data breaches, right, And you could
take like the word password and plug that in.
Speaker 2 (26:48):
Probably like one hundred one billion people, like one hundred.
Speaker 1 (26:51):
And twenty million people using password as a password. You know, uh, one, two, three, four, five, six, seven, eight,
Like you know sixty six million people using one through
eight as a passcode and so on. But if you
take any passcode from a password manager that's generated from
a passport board manager, plug that into the tool. Ah zero,
(27:11):
I'm good to know zero, Okay, Yeah, because the password
managers they know what they're doing. It's like ten fifteen
upper case lower case numbers, characters. It's just it's undecipherable.
Speaker 2 (27:22):
Okay, this doctor Rick and Bill Rica, thanks for calling
six months, seven, two, five, four, ten thirty.
Speaker 1 (27:27):
Rick, you're on busy.
Speaker 3 (27:29):
All right, Thanks guys, I really appreciate. I'm going to
try to organize my thoughts and say it quickly. Bradley,
Happy Thanksgiving. And Robert two and I heard you guys
driving and I said, my god, I got to tell
him most So I have this whole pallet us to
work with. He was my manager. He's retired now, he's
seventy five. And I recently saw him and he was
(27:51):
telling me how he was making money in the stock
market through e trade and he shows me this beautiful
Singapore girl or something, and he goes, yes, she's she's
explaining and she's helping me to make a lot of
profit off it. And I said, all right, that's cool.
And so I recently called them to talk with them,
(28:13):
and he tells me I'm doing okay. You know. I
was just getting an update from him and well, actually
he said, yeah, I had a cancer scare and being
treated for it. But I made two hundred and forty
thousand dollars profit this summer. What do you think of that?
And I said, two hundred and forty thousand dollars? How
(28:37):
did you make that? He said, well, I make these
deposits to this girl who invests the money through E trade,
and I get the money and I can take it out.
And I said, well, you got to pay capital games.
He didn't even know what Capitol Games was, and I said,
you're going to have to pay taxes. But it was
good to know that it was E trade and not
(28:57):
I didn't know what it was, what country it was,
if it was a cyber so we said it was
E trade and so I was thinking of maybe doing
some of these deposits. Thatsader's two hundred. My friend I
won't say his name, but my friend put he like
invested one hundred thousand dollars to.
Speaker 2 (29:15):
Make up let us know, you know, cut to the
chase and how did it turn out? Did you invest?
Speaker 1 (29:22):
Anny? No? I did not.
Speaker 3 (29:25):
I'm sorry, I'm beating around the bush, but but but
the chase is just is he being scammed?
Speaker 1 (29:32):
All right, let's worry.
Speaker 2 (29:33):
About I appreciate the call.
Speaker 1 (29:35):
That was a great call.
Speaker 3 (29:36):
Robert, I'm sorry, Yeah, Robert, this this to.
Speaker 2 (29:38):
You, perfect call Rick, Okay, right up to the mic.
Speaker 1 (29:41):
The likelihood of making two hundred and forty grand over
the course of a summer for some girl you met
on e trade is probably slim to none.
Speaker 2 (29:48):
It's just somebody that said they're on the trade.
Speaker 1 (29:50):
Yeah, And you can easily create an e trade looking
website with a basic web management software web developing software,
you know, AI tools will create a live looking ticker
that looks like it's coming from e trade and like
everything is at the bad guy's fingertips to make the
scam as rare as possible. So the only people that
(30:13):
you should be engaging with in regards to any legit
trades are your financial service professionals, like real legit financial
service professionals. Yeah, because you either set up an e
trade account with e trade, you meet with e trade,
like you sit down with e trade. It's you know,
brick and mortar buildings that you're sitting down with like
legit people. That's the only investments that you should be making.
(30:36):
If you're not because some woman contacted you with the
wrong number of text message ever.
Speaker 2 (30:41):
Yeah, Oh so, okay, many of us will say, that's obvious.
How many people you know in a hundred would make
the mistake of getting falling for that?
Speaker 1 (30:52):
The problem is too many? How many? Park I would
say probably about ten percent? Okay, yeah, yeah, look at it,
because like you know, we we we're just gullible and vulnerable.
But that doesn't make us dumb, It doesn't make us stupid.
It just makes us normal. Like we just want to
trust others.
Speaker 2 (31:12):
Okay, we're gonna break. But when it comes to trust,
perhaps in person, maybe these days, in person trust and
maybe the default if you can't see their online, the
default might be don't trust.
Speaker 1 (31:24):
Is WBZ you're on Night Side with Dan Ray. I'm
WBZ Boston's news Radio.
Speaker 2 (31:31):
Bradley Jay Vidan tonight and we're with Robert Csile. I'm
trying to save you from having your identity stolen and
your money stolen. And we have quite a short time
to burn through a few important things. And Angelo and
Newton we're gonna get to you as well. But I
need to address this urgency. Always a red flag. Anything
(31:52):
anybody contacting you in any way trying to convince you
to do something quickly, must do now, is a red flag.
Speaker 1 (32:01):
Correct especially when the voice is like your your loved ones,
often a female in the background screaming for help. Right
you hear her voice in the background screaming for help.
That happen actually happens, oh all the time. Yeah, even
if you don't hear that. Though, if somebody says contact
us immediately. For example, you were mentioning someone who uh
(32:22):
got an Apple message from Apple, contact us right away.
My dad gotta pop up on his computer that had
the Apple logo with the Apple phone with a phone number,
saying it's Apple. There's a problem the computer. Call us.
And he called the number, and and he's a smart guy.
Speaker 2 (32:40):
You know, he's a you know what makes me worry
about me? I think I'm a smart guy. But well,
just people who think they're smart guys get get fooled.
Speaker 1 (32:48):
It's because we trust by default. But what do we
trust have that going forward? We trust Apple, we trust
e Trade, we trust fidelity, we.
Speaker 2 (32:57):
Trust familiar websites. Of course, we do whatever you do.
Just because a website looks familiar, Like if it looks
like your bank website, it doesn't mean it is. It
might not be.
Speaker 1 (33:08):
I would say, the majority of the people that are
listening to the show. Grew up trusting the written word. First, Okay,
Wall Street Journal, New York Times, Time Magazine. You trusted
the written world, the written word, and then radio you
trust what you hear in the radio. Television you trust
what you see on television. So Internet, it's a form
of media. We trust what we see in the Internet
(33:29):
via email, text messages. We trust all these inbound communications,
and we have been doing it for all of our lives.
You can't just by default do that any longer.
Speaker 2 (33:38):
Should you use a VP and a virtual private network,
you recommend it, explain what it is quickly and briefly,
I should say, not necessarily quickly. What's a VPN? When
would you use it? When would it be legit?
Speaker 1 (33:50):
So just google VPN virtual Private network the software you're
downloading your mobile phone and or your laptop. So when
you're at the airport the hotel and you're on free
Wi Fi, the VPN encrypt your data on that open
free Wi Fi on a on an encrypted tunnel, preventing
bad guys from seeing your information on free open Wi Fi.
Speaker 2 (34:08):
If you're a person who used has to use Wi
Fi at the airport, don't use the public Wi Fi,
especially for financial transactions. Look into virtual private network. A
lot of them have a monthly fee, and they can
slow your computer down. But unless you're streaming, you know
it will be as you explained to me earlier, it
will be faster than what's no, it will be faster
(34:28):
than your cell service at the airport because a lot
of times that slows down, but it will be safe.
It won't be maybe as fast as the airport, but
it will be safe VPN check it out. What about
speaking of the airport, I heard a rumor that it's
bad idea to plug in to their phone charges juicing.
Speaker 1 (34:49):
What is that? That's called juice jashu jackie where the
actual outlet is compromised, and so once you plug ins,
it's it basically downloads your data off through the wire
from your device. Look At that's a that is a scam.
That is a that is out there. I'm not worried
about it. It's look at certain scams are probable and
(35:10):
possible and out there and discovered. But that doesn't mean
that you shouldn't plug in in judge.
Speaker 2 (35:15):
Especially if you need your phone charts. I'm gonna whip
through this thing that happened to a friend of mine.
Just so you're aware that it can happen. And this
was an in person thing, it wasn't online.
Speaker 1 (35:25):
Uh.
Speaker 2 (35:26):
I know a person whose friend went to it an
ATM comes away from the ATM. Man comes up to
her says, oh, you forget ten bucks. You left ten
bucks at the ATM. And and by the way, your
your your window is still open, your kind still open.
You gotta go close it. So she goes over to it,
to the ATM machine and tries to like figure out
(35:47):
what he's talking about. And he goes, no, no, no,
just I'll do it for you.
Speaker 1 (35:52):
And he took her card.
Speaker 2 (35:53):
He does something he did a little slight of hand
did and gave her back different card that looked the
same in the same bank. Then took it to a
it took it in person two banks to withdraw three
different banks under a certain amount and cleaned out, you.
Speaker 1 (36:16):
Know, double digit thousands of bucks.
Speaker 2 (36:19):
Ye, So again default trust default, no trust. Now we
go to alec Angelo and Newton, perfect timing, Angela, what's
going on here on WBZ with Robert Ciciliano and.
Speaker 4 (36:32):
I you doing, Bradley, thank you for taking my call,
and rob It I got a question to ask you.
I have been hacked nine times and I had a
person called me and was reading all my identification to
me in my credit cards that one that even activated. Ye,
how do they do that?
Speaker 1 (36:52):
So chances are they've got access to various accounts because
you might be using the same pass quote across multiple accounts.
That's usually has to like that happens. And if they're
inside your email, they can see everything, right, So it's
important to change up your passcodes and set up two
factor authentication to lock them out, and make sure that
you have a credit freeze so that your socialist credit
number is also protected. The majority of the hacks that
(37:16):
I hear about our as a result of poor password
management and unprotected identities. And once you do these basic
things that you become a tougher target and the bad
guy is going to lay off you. They're going to
find somebody else.
Speaker 2 (37:29):
That's a good That's a perfect place to stop because
I'm so we're so short a time, you know, after
thank you Angela, you know have to go in through
this hour. It almost seems like the folks that I
used to try to convince get a computer, you know,
the folks listening to me now without computers, I would
try to convince them.
Speaker 1 (37:46):
You get a computer, you gotta get online. You're missing out.
Speaker 2 (37:49):
I feel like, whoa, maybe they're right all along to
be you know, offline. I know there's certain things that
just can't do, and even there will be soon more
than you just can't do. But it's staying safe is
kind of exhausting.
Speaker 1 (38:03):
OK a minute, Yeah it can be, but listen, it's
not about first of all, don't worry about any of
this stuff. Just do something about it. It's like anything else.
You know, you you you learn basic you know, risk
reduction strategies. You're gonna be online pretty much for the
rest of your life. So you do these basic things.
Speaker 2 (38:20):
It's just gotta do it.
Speaker 1 (38:20):
You become a tougher target. It's like anything else. It's
worth the effort. Right, you gotta go to the doctor.
You gotta do this stuff. Yeah.
Speaker 2 (38:27):
Right, We had a wonderful hour everyone. You should probably
share this if you want to get this podcast. But
tomorrow go to night Side on demand and you can
get this podcast shareable link and everything and you can
do the same. Robert Ciciliano, thank you so much for coming.
And this is a great, great hour, Thank you, Yeah.
Speaker 1 (38:45):
And see me online to protect now LLC dot com
perfect Now This on night Side on WBZ
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.