July 11, 2025 • 30 mins
Episode summary
Kem humbly shares his "epic fail" (his words, not mine!) story so we can all learn from his mistakes. As the story opens, Kem searches for a nice picture of Wellington, New Zealand for his wife's computer wallpaper.
As he was speeding along, he accidentally clicked yes on a popup he shouldn't have, giving some malware backdoor access to his computer. As it tried to spread farther through another popup, he realized his mistake.
Thankfully at that point with just a few minutes of effort, he was able to kick the malware out and shut the door. I love happy endings! A couple of days later, he took the time to document his story here to share with the world. Thank you, Kem!
This was a powerful reminder that we all need to take time to Read the Signs. When we're driving, road signs are vital to our safety.
On a computer, signs are also vital to our safety, including popups. We need to take time to learn what the signs mean so we can avoid the hidden dangers.
Call to actionTake time to read popups, and especially learn what they mean so you can respond to them wisely. If you don't know what one means, please come to the forum and ask!
LinksKem's story with all the details
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
welcome to super simple security principles i'm Nick Jackson and i want to love computers
(00:06):
but they don't love me back i'm learning how to stay safe from my good buddy master
master guardian i choked on that one master guardian Makani Mason let's go he wrote his
first computer program at the age of six it sealed his fate really like he's a computer
you nothing shy of that he knows his stuff so trust me he spends his time now teaching people
(00:34):
like me and you how to stay safe ahead of the digital threats and those bad guys
the best part is he keeps it simple and we love it learn along with me each week i'll ask the
questions and make sure he keeps it simple and relevant and guess what if i can do it you can
(00:56):
do it here we go
all right man we're gonna start into episode 71 this is
him oh we never crossed the path how do i answer or say this all
(01:16):
oods group alludesgroup is how i would pronounce it like that's what i was going with i thought it
was funny though like you paused a long time between the intro and the start of this episode
there i'm so used to mccati stopping the recording i know we're changing we're changing the format to
(01:39):
potentially to just have it be live every time from the beginning so there won't be a pause right so
yeah exactly you would just run to give you a little bit of a hard time
because that's my this intro is going to be awesome this intro is going to be awesome like
if our folks aren't rolling by now they will be so because i've mispronounced i paused they're like
(02:04):
oh my god he's about to pull his hair out this is a professional polish that we're going for
okay so this is Kem's alludesgroup.com adware fail so yeah he's going to be sharing his story with
(02:26):
us today's episode will be a little bit different format no opening questions we're joined by our
very own Kem Mason our master tech geek so he is our tech geek he geeks out for us
um he works behind the scenes to keep you safe look Kem's a child prodigy too like don't let him fool
(02:52):
you like his skill set might be a little different than Makani's but this dude's a child prodigy too
man i don't know what your parents produced but it was awesome my my goodness you've got a writer as
a sister too don't you like goodness gracious where does the talent end in this family so you don't get
(03:15):
to see or hear from him much but but trust me trust me from from a non-techie we need Kem we love Kem
we would not be here without him so Kem thank you for joining us today
i don't usually refer to myself in the third person but it's weird hearing you talk about me too
(03:41):
right right Makani hates it he hates it so so i'm glad to see that there are some similarities
yeah yeah all right well we're going to be asking questions and some answers but should we get them
(04:02):
along the way and get to your story what where should we start i'm kind of pumped right so uh go ahead mac
yeah well my my thought is we'll let Kem ramble for a bit we'll interrupt him with questions and
any place where you feel like there's a good point for pausing but you know be ready for me to interrupt
and be like hey you know so we can because we want to call out lessons or you know points to emphasize
(04:27):
or whatever along the way yeah that that makes me feel a little bit better because i was like wait
you're wanting me to call him out not yeah well i mean just like you do with me right same thing like
if you have point of confusion try to you know get your confused look on your face
hopefully he'll notice exactly you know whatever make sure we signal him so he's not as used to
(04:51):
uh being with us so we'll have to might be more interrupty but anyway yeah right yeah so um
um so i've been you know like Makani programming not quite from quite as young of an age but for a
little bit longer because i'm a little bit older wiser better looking you know whatever um
(05:17):
uh no so uh yeah i've been i've been working with computers for a very long time and uh
um so i've grown up with having to deal with malware and viruses and all of that so i haven't
actually encountered too many issues in a very very very long time um because i have a pretty good
(05:42):
way of protecting myself at this point but about a year ago i was my wife uh had got a new laptop and
i was helping her set it up and um she wanted to have a a picture of wellington new zealand on her
desktop and that's where we live um and uh so i was searching the web looking for a picture and
(06:09):
you know and google did this image search and it had a bunch of pictures and one of them looked good and i
clicked on it went to the site and uh
it popped up a little message that said that what i read was the standard captcha like click here if
(06:29):
you're human right and so i was in a hurry trying to get this done for because we had something else we
needed to do and um clicked on it and a few minutes later started getting pop-ups in the browser saying
(06:49):
your computer's been compromised like click here to get rid of it and you know um
if i hadn't been aware that there was no chance that my computer had legitimately been compromised i
might have actually been inclined to click on something there um although you always want to be
(07:11):
careful about that sort of thing um i mean i i wouldn't have been inclined to actually click on install
this secure our security software certainly but but i might have sorry go ahead i think you yeah i just
think you were thinking of somebody else might have been inclined to click on that you wouldn't but the
(07:32):
average user might have right yeah i know i was going to say a lot of people is because you do
everybody's got a virus scanner on your computer that could potentially say you know we found a virus
right yeah and the pop-up would look different than this but um and if you want to see what the actual
(07:57):
pop-ups look like uh we've got a post on the forum and i'm going to put it um i'm going to make a shortcut
link as well it'll be at makanimason.com slash kemsfail and Kem is spelled k-e-m like mike kilo echo mike
um anyway there will be a link in the show notes too i'm sure Makani will create those yeah i like to
(08:25):
make work for Makani um and um so anyway so as soon as i saw these pop-ups i'm like okay so what did i do
like what have i done i went to a site that i didn't know to try and find this image right this is
and so i knew that there was something related to going to that site i wasn't sure what it was yet
(08:50):
um in the pop-up it it there was some text there were actually two different
types of pop-ups that were showing up and one of them had alludesgroup.com and the other had the
name of a virus or what they were purporting to be the name of a virus um and googling either one of
(09:11):
them came up with some information about exactly what had happened here there was basically the pop-up
that i thought was a captcha where it was saying click this if you're a computer or if you're not a
computer if you're a human like the i'm not a robot pop-up right right right right what it actually said
and which i didn't notice in my hurry was this site wants to show notifications allow or block
(09:40):
and in my hurry i clicked allow and so it was the the browser was allowing notifications from this website
to and it allows them whether you're actually on that website at that point or not
it can send notifications to your browser and which are in the form of actual like little pop-ups
(10:03):
yeah so let me jump in on a on a on a couple things here yeah all right so you know on the post it'll
be easier to see it's a little bit hard to describe you know just with audio but in the initial thing when
that pop-up kind of the trick they did i mean it was a combination of being in a hurry there was a
little bit of a visual trick because what they did was they had kind of these pictures of robots like
(10:27):
you'd you know saying i'm trying to describe it but like to give you the idea that it was checking
to see if you were a robot right right we've seen them like identify all the pictures that have bicycles
or identify all the traffic lights or identify well it wasn't it wasn't an actual capsule no it it's not
(10:50):
anything you normally seen before but it was robots and anyway the the pop-up clearly stated just
notifications but the association you know how like you can read the text and have missing letters and
fill in the blanks like it felt like one of those kind of things to me where the robots were there and
(11:10):
even though it wasn't a real capture because that you know it like your brain associated with capture
we expected a capture we saw a robot that puts you in mind of capture boom i'd say yes i want to be
allowed through does that make sense yep okay they've been a little bit smarter about this and rather than
(11:34):
popping up the notifications right away waited a day or two
then it would have caught you less likely would have been less likely to make the the link between
the fact that i went to this website and
then this thing started happening but well worse it could have been your wife right because didn't you
(11:57):
say it was your wife's computer yeah so like imagine if she had gotten the pop-ups the next day and been
like you know because so she would have talked to me knowing that that uh she wouldn't have installed
something herself like that without talking to me because she knows that that's sort of my
expertise right not as much as with makani but uh it's certainly something that i'm very familiar with
(12:27):
it's something he's more studied studied over the last i don't know because he likes to help people i
don't
no i do i just my tolerance my tolerance for customer service is lower i think like it's hard i have a
hard time my my patience is not not as high something i'm not sure exactly what my problem is
(12:51):
so the the the one thing i wanted to mention though with that uh the confusion with the pop-ups that he
got so you talked about two kinds of pop-ups Kem but wasn't there just i thought there was just one
there was because what happens is so when he allowed on that very first pop-up and he said allow
(13:12):
it allowed notifications so what that the key thing that that allows you to do then is when you're
browsing elsewhere on the web it will allow a website to send you a pop-up even when you're on
somebody else's website oh oh gotcha i didn't connect that it's sort of like your email app can
(13:34):
like let you know that you've got new or chat apps whatever like yeah it's a very general purpose
but they can make it look like whatever they want okay and it does identify it like it'll put in there
a little bit of you know the website that it comes from the alludesgroup.com so that's where
(13:56):
you'll see in the screenshots it does say a little it doesn't always though i'm looking at my post and
refreshing my memory on what it actually there were two different things that popped up one of them
said windows security center alert with alludesgroup.com the other just said threat detected the
name of the virus there is no reference to alludesgroup at all hmm and we i then there's got to do
(14:23):
we got to do some more research on this because that seems strange that it would let it be a pop-up
without identifying the source so we'll have to look in that more but that's so that we'll do a
continuation on this or in the forum post or whatever yeah well you can you can easily go and
(14:44):
see what websites are allowed pop-ups yeah i know but that's not how it's disabled so yeah no which
is good but i don't know man i hope that's i hope hope you're wrong about that that's what i have to
say i know we have the screenshots but that would be bad yeah um if that was the premise i was going off
of is uh and i did not double check that but because whenever you get a pop-up you want to know
(15:11):
you got to like so we talk about reading the signs i talk about that you know paying attention close to
pop-ups and you know especially with this one i realized that the absolute first thing you got to
do is make sure you identify where that's coming from and obviously that first pop-up that Kem came
from got came from the browser itself asking for permissions yeah right and anytime there's
(15:36):
permissions you want to be very careful and even something as innocuous as seemingly innocent as you
know getting notifications can be a problem because it then gives them this kind of little back door
into your computer where then it can send you a pop-up at random times when you're browsing
and if you accidentally click on one of those you might actually get in trouble
(16:00):
like yeah at the point that i got to it was safe enough that i was just thinking when you were
talking about this that maybe what i should do as an action item is go out see if i can find
someplace else that does this yeah install myself a little bit of adware like allow notifications and
see what it looks like and see how i can tell for sure where it's coming from because yeah i'm i'm
(16:25):
positive that the one does not say alludesgroup.com but i'm equally certain that there's probably a
simple way to actually tell on a given notification where it came from maybe clicking on it right
clicking on it whatever there will be a way to do that i'm sure yeah that's what i'm thinking too i agree
yeah that's why we love you too see
(16:50):
not sad like that was that was awesome okay
yeah so the the to recap some of the things so far make sure you identify the source and we're
going to get some more information on identifying that source when you're in a browser
right okay because within the browser it can be either from the browser itself asking for permissions
(17:11):
is the main one that it might do not only notifications but it asks for um like for what
we're doing right now for example it asks you if uh has access to your video or to your microphone and
your camera right right right right yeah so and then websites individually can give notifications and
(17:32):
website there are a lot of i've had a lot of websites ask for notification permissions and i say
no unless i have some very very specific reason it's a website i know and trust so even notifications
like just default that i allow it for yeah i'm not sure actually i have any either i have notification
with apps and stuff but websites i don't know that i do so okay so from two two security experts
(17:58):
they're they're both saying the same thing they don't allow notifications you want to but i just
don't think there's any there's no significant benefit from my perspective for email i have an app
that'll notify me on my phone and for anything else people do don't they like even them asking you to
spam you is is the way i look at it like can we spam you a little bit i got enough spam in my life
(18:24):
without my web web browser spamming me too right yeah exactly that's that's the other aspect is just
simply the the spam for sure my daughter does love spam it turns out though i found out after a recent
trip to hawaii we had uh spam musubi she did spam on rice
(18:44):
how lovely uh good times spam is always better in hawaii
probably probably
so the other thing i would say is even with um the signs that like we've talked about obviously
(19:09):
captchas are ones we know we're going to interact with generally and accept
yeah cookie cookie pop-ups we're gonna you know ignore whatever but we're not worried about
so but we just want to be careful that we actually identify them properly as that right like because
that first pop-up his brain said it was a captcha wasn't a captcha right right it allowed pop-ups
(19:34):
yeah and certainly if you're allowing notifications you need to be extra careful about pop-ups in your
browser because if the site that you're allowing notifications on turns out to be mostly legit
then they could potentially do something or if they get compromised and you're allowing notifications
(19:57):
like it's a website that asks for notifications and so hackers are like this website has like three
million visitors and lots of them allow notifications let's see if we can hack them because then we have
a whole bunch of juicy victims i mean okay gotcha that's the sort of thing that that hackers are
(20:19):
looking for when they're looking for targets gotcha well and one thing when Kem and i we talked about this
most of this we talked about it beforehand but a couple things we did talk about
because when he was doing and he didn't mention this in the story but when he was he did a search
on malware removal of that one of something right you search something related to malware removal right
(20:44):
and i thought that was kind of interesting because i'm thinking well there's no malware installed
but in a way there really was because so if you look at the alludesgroup.com
as essentially a malware site right it's no longer by the way it has been well yeah that's good
year right yeah so you gave that malware site just a tiny bit of permissions to interact on your computer
(21:14):
like proactively on its own like you gave it a little just a tiny back door onto your computer so
even though you didn't actually install any malware on your computer by virtue of having the browser
installed you gave that the malware on that website a tiny back door does that make sense so so he in
(21:35):
essence opened up i'm thinking of it in my terms right that you've tried to describe to me before
in essence he allowed an incoming call through
or an incoming text yeah no i mean sort of sort of yeah i mean it's not was it it's thankfully not
(21:57):
quite as broad as a like in this tense of you know when we're talking about networking a call like it
was a call with a very specific limited purpose of doing that notification right but yes i mean like
an incoming threat is what i what i saw that as not necessarily like a phone call per se but like
(22:20):
yeah no i mean it's the right idea it's just limited it's thankfully limited in scope that's all okay
i mean sort of allowing a kind of call regularly through though not not just a single call but
allowing a class of calls exactly okay yep so yeah no you're i think it's arguably i think i think
(22:43):
you know Makani is saying it's not technically malware but it's i think there's a argument to be
made there it's doing something i don't want on my computer it's not doing anything specifically
you already convinced me of that before i agreed with you that's what i was saying what i said is
it wasn't technically installing malware but you were giving the malware on that website a backdoor
so yeah right whatever i mean we're in agreement on it that's right yeah okay yeah no you already
(23:09):
convinced me of that so so the the last thing the and again this was something you brought up before
today but i just wanted to emphasize because i think it's kind of the at least the final thing
that i'm thinking about is um if something weird starts happening right in this case that weird thing
(23:32):
was all of a sudden you have a threat or you know these pop-ups claiming that your computer is infected
with a virus right yeah obviously the first thing to do is not you know not panic like because one of
those things they always want you to panic and immediately click on oh i've got a virus i want
to make sure it doesn't do anything i've got to act immediately right that's kind of the idea
(23:57):
which but anyway but what you did your brain went to okay what what has happened recently that might
have changed right what what might have i done recently and your brain was able to connect the dots
back to the source ultimately right so right okay can i point out something that that was
(24:23):
alluded to but i i think emphasizes something of of relevance um Kem talked about his wife
wouldn't install anything unless she came to him and so uh again even a security expert's wife who you
think would be a little more capable of doing certain things on her own has a protection partner
(24:49):
she she she goes to that person and i that's what i thought of so obviously for me i might not have
been able to identify like like Kem did and say oh man this is where it came from this was because i i
wouldn't have caught that to be frank i probably wouldn't have caught that but i i would thanks to
(25:10):
what we've talked about on the podcast at least have had enough sense before i went and installed something
to ask aaron you know and to get that second opinion or to ask Makani or or whomever i reached out
to at that point in time so that was my one thing no that makes sense right well and even ask right
i got this pop-up is this legitimate do is it you know where is it coming from because the thing is if
(25:34):
you have an antivirus scanner you know then you then that's where you should be going to
see if a virus was really detected right not just yeah this random pop-up and clicking on it like if that
pops up you either say okay either i don't have an antivirus scanner like me i'm like okay that's
clearly a red flag right right or i do i make sure i go and open the antivirus scanner app and see
(26:03):
if that's where the detection is coming from right okay
okay so um yeah because your point about not catching it is really really good one um and
there was something else i was going to say about that um
(26:28):
yeah you well oh i guess right you can you could check the antivirus scanner but also you could ask just
ask about that pop-up right you may not connect the dots you may have no way to trace that back
just because it's you know a little bit more technically tricky right right you can always come
ask us on the forum forum.makanimason.com that'd be nice yeah um yeah i think that's
(26:57):
protection partners episode episode four if you haven't before it's yeah super crucial
to everybody and super simple look at that that was a plug for the name of the podcast i didn't even
think of that
(27:18):
oh man i liked it well done so so i don't have do i get a tease them well uh you know you
not any other thoughts Kem sounds like Nick wrapped up his thoughts no no i think that's pretty much it
great so any call to action Kem would you would you have us do anything call to action you want
(27:43):
action from me uh for us the listeners pay attention and close attention to pop-ups don't just click on
don't click on them that's what i would say that's not a specific call to action it's a call to inaction
i'm going to call to action paying attention looking at it closely before you click yeah just
(28:06):
there's almost nothing more critical with computer security than than taking a beat before you click
on something that's unexpected or or expected for that matter like you're expecting pop-ups all the time
because that's just the way the world we live in you're getting pop-ups all the time you should look
(28:29):
at them all which is not easy to do because we're trained to ignore things that are regular and common
and that's how our brains work all right exactly call to action pay attention to the road signs we've
talked about this before really pay attention to the signs that are being given right yep okay
(28:54):
so in next week's episode Makani do you have anything can i can i steal some thunder sure absolutely yes
hey Kem thank you for joining us you're amazing love it next week guess what we're going to talk about
we're going to go back to our series on shopping security stack so we'll be asking or answering
(29:18):
excuse me some frequently asked questions about website safety so look don't miss this one
like most people shop online now like don't miss it
enough said amen that's good that was a good episode
(29:43):
oh my hand disappeared though what oh man
all right oh are you ready to take action and wondering where to start get my bulletproof my
identity starter kit for free the seven most vital layers of protection everyone needs i'll send you
(30:04):
one step at a time and help you if you get stuck just go to bulletproofmyid.com and enter your name
an email and i will send you the first step again that's bulletproofmyid.com
welcome to super simple security principles i'm Nick Jackson and i want to love computers
(00:06):
but they don't love me back i'm learning how to stay safe from my good buddy master
master guardian i choked on that one master guardian Makani Mason let's go he wrote his
first computer program at the age of six it sealed his fate really like he's a computer
you nothing shy of that he knows his stuff so trust me he spends his time now teaching people
(00:34):
like me and you how to stay safe ahead of the digital threats and those bad guys
the best part is he keeps it simple and we love it learn along with me each week i'll ask the
questions and make sure he keeps it simple and relevant and guess what if i can do it you can
(00:56):
do it here we go
all right man we're gonna start into episode 71 this is
him oh we never crossed the path how do i answer or say this all
(01:16):
oods group alludesgroup is how i would pronounce it like that's what i was going with i thought it
was funny though like you paused a long time between the intro and the start of this episode
there i'm so used to mccati stopping the recording i know we're changing we're changing the format to
(01:39):
potentially to just have it be live every time from the beginning so there won't be a pause right so
yeah exactly you would just run to give you a little bit of a hard time
because that's my this intro is going to be awesome this intro is going to be awesome like
if our folks aren't rolling by now they will be so because i've mispronounced i paused they're like
(02:04):
oh my god he's about to pull his hair out this is a professional polish that we're going for
okay so this is Kem's alludesgroup.com adware fail so yeah he's going to be sharing his story with
(02:26):
us today's episode will be a little bit different format no opening questions we're joined by our
very own Kem Mason our master tech geek so he is our tech geek he geeks out for us
um he works behind the scenes to keep you safe look Kem's a child prodigy too like don't let him fool
(02:52):
you like his skill set might be a little different than Makani's but this dude's a child prodigy too
man i don't know what your parents produced but it was awesome my my goodness you've got a writer as
a sister too don't you like goodness gracious where does the talent end in this family so you don't get
(03:15):
to see or hear from him much but but trust me trust me from from a non-techie we need Kem we love Kem
we would not be here without him so Kem thank you for joining us today
i don't usually refer to myself in the third person but it's weird hearing you talk about me too
(03:41):
right right Makani hates it he hates it so so i'm glad to see that there are some similarities
yeah yeah all right well we're going to be asking questions and some answers but should we get them
(04:02):
along the way and get to your story what where should we start i'm kind of pumped right so uh go ahead mac
yeah well my my thought is we'll let Kem ramble for a bit we'll interrupt him with questions and
any place where you feel like there's a good point for pausing but you know be ready for me to interrupt
and be like hey you know so we can because we want to call out lessons or you know points to emphasize
(04:27):
or whatever along the way yeah that that makes me feel a little bit better because i was like wait
you're wanting me to call him out not yeah well i mean just like you do with me right same thing like
if you have point of confusion try to you know get your confused look on your face
hopefully he'll notice exactly you know whatever make sure we signal him so he's not as used to
(04:51):
uh being with us so we'll have to might be more interrupty but anyway yeah right yeah so um
um so i've been you know like Makani programming not quite from quite as young of an age but for a
little bit longer because i'm a little bit older wiser better looking you know whatever um
(05:17):
uh no so uh yeah i've been i've been working with computers for a very long time and uh
um so i've grown up with having to deal with malware and viruses and all of that so i haven't
actually encountered too many issues in a very very very long time um because i have a pretty good
(05:42):
way of protecting myself at this point but about a year ago i was my wife uh had got a new laptop and
i was helping her set it up and um she wanted to have a a picture of wellington new zealand on her
desktop and that's where we live um and uh so i was searching the web looking for a picture and
(06:09):
you know and google did this image search and it had a bunch of pictures and one of them looked good and i
clicked on it went to the site and uh
it popped up a little message that said that what i read was the standard captcha like click here if
(06:29):
you're human right and so i was in a hurry trying to get this done for because we had something else we
needed to do and um clicked on it and a few minutes later started getting pop-ups in the browser saying
(06:49):
your computer's been compromised like click here to get rid of it and you know um
if i hadn't been aware that there was no chance that my computer had legitimately been compromised i
might have actually been inclined to click on something there um although you always want to be
(07:11):
careful about that sort of thing um i mean i i wouldn't have been inclined to actually click on install
this secure our security software certainly but but i might have sorry go ahead i think you yeah i just
think you were thinking of somebody else might have been inclined to click on that you wouldn't but the
(07:32):
average user might have right yeah i know i was going to say a lot of people is because you do
everybody's got a virus scanner on your computer that could potentially say you know we found a virus
right yeah and the pop-up would look different than this but um and if you want to see what the actual
(07:57):
pop-ups look like uh we've got a post on the forum and i'm going to put it um i'm going to make a shortcut
link as well it'll be at makanimason.com slash kemsfail and Kem is spelled k-e-m like mike kilo echo mike
um anyway there will be a link in the show notes too i'm sure Makani will create those yeah i like to
(08:25):
make work for Makani um and um so anyway so as soon as i saw these pop-ups i'm like okay so what did i do
like what have i done i went to a site that i didn't know to try and find this image right this is
and so i knew that there was something related to going to that site i wasn't sure what it was yet
(08:50):
um in the pop-up it it there was some text there were actually two different
types of pop-ups that were showing up and one of them had alludesgroup.com and the other had the
name of a virus or what they were purporting to be the name of a virus um and googling either one of
(09:11):
them came up with some information about exactly what had happened here there was basically the pop-up
that i thought was a captcha where it was saying click this if you're a computer or if you're not a
computer if you're a human like the i'm not a robot pop-up right right right right what it actually said
and which i didn't notice in my hurry was this site wants to show notifications allow or block
(09:40):
and in my hurry i clicked allow and so it was the the browser was allowing notifications from this website
to and it allows them whether you're actually on that website at that point or not
it can send notifications to your browser and which are in the form of actual like little pop-ups
(10:03):
yeah so let me jump in on a on a on a couple things here yeah all right so you know on the post it'll
be easier to see it's a little bit hard to describe you know just with audio but in the initial thing when
that pop-up kind of the trick they did i mean it was a combination of being in a hurry there was a
little bit of a visual trick because what they did was they had kind of these pictures of robots like
(10:27):
you'd you know saying i'm trying to describe it but like to give you the idea that it was checking
to see if you were a robot right right we've seen them like identify all the pictures that have bicycles
or identify all the traffic lights or identify well it wasn't it wasn't an actual capsule no it it's not
(10:50):
anything you normally seen before but it was robots and anyway the the pop-up clearly stated just
notifications but the association you know how like you can read the text and have missing letters and
fill in the blanks like it felt like one of those kind of things to me where the robots were there and
(11:10):
even though it wasn't a real capture because that you know it like your brain associated with capture
we expected a capture we saw a robot that puts you in mind of capture boom i'd say yes i want to be
allowed through does that make sense yep okay they've been a little bit smarter about this and rather than
(11:34):
popping up the notifications right away waited a day or two
then it would have caught you less likely would have been less likely to make the the link between
the fact that i went to this website and
then this thing started happening but well worse it could have been your wife right because didn't you
(11:57):
say it was your wife's computer yeah so like imagine if she had gotten the pop-ups the next day and been
like you know because so she would have talked to me knowing that that uh she wouldn't have installed
something herself like that without talking to me because she knows that that's sort of my
expertise right not as much as with makani but uh it's certainly something that i'm very familiar with
(12:27):
it's something he's more studied studied over the last i don't know because he likes to help people i
don't
no i do i just my tolerance my tolerance for customer service is lower i think like it's hard i have a
hard time my my patience is not not as high something i'm not sure exactly what my problem is
(12:51):
so the the the one thing i wanted to mention though with that uh the confusion with the pop-ups that he
got so you talked about two kinds of pop-ups Kem but wasn't there just i thought there was just one
there was because what happens is so when he allowed on that very first pop-up and he said allow
(13:12):
it allowed notifications so what that the key thing that that allows you to do then is when you're
browsing elsewhere on the web it will allow a website to send you a pop-up even when you're on
somebody else's website oh oh gotcha i didn't connect that it's sort of like your email app can
(13:34):
like let you know that you've got new or chat apps whatever like yeah it's a very general purpose
but they can make it look like whatever they want okay and it does identify it like it'll put in there
a little bit of you know the website that it comes from the alludesgroup.com so that's where
(13:56):
you'll see in the screenshots it does say a little it doesn't always though i'm looking at my post and
refreshing my memory on what it actually there were two different things that popped up one of them
said windows security center alert with alludesgroup.com the other just said threat detected the
name of the virus there is no reference to alludesgroup at all hmm and we i then there's got to do
(14:23):
we got to do some more research on this because that seems strange that it would let it be a pop-up
without identifying the source so we'll have to look in that more but that's so that we'll do a
continuation on this or in the forum post or whatever yeah well you can you can easily go and
(14:44):
see what websites are allowed pop-ups yeah i know but that's not how it's disabled so yeah no which
is good but i don't know man i hope that's i hope hope you're wrong about that that's what i have to
say i know we have the screenshots but that would be bad yeah um if that was the premise i was going off
of is uh and i did not double check that but because whenever you get a pop-up you want to know
(15:11):
you got to like so we talk about reading the signs i talk about that you know paying attention close to
pop-ups and you know especially with this one i realized that the absolute first thing you got to
do is make sure you identify where that's coming from and obviously that first pop-up that Kem came
from got came from the browser itself asking for permissions yeah right and anytime there's
(15:36):
permissions you want to be very careful and even something as innocuous as seemingly innocent as you
know getting notifications can be a problem because it then gives them this kind of little back door
into your computer where then it can send you a pop-up at random times when you're browsing
and if you accidentally click on one of those you might actually get in trouble
(16:00):
like yeah at the point that i got to it was safe enough that i was just thinking when you were
talking about this that maybe what i should do as an action item is go out see if i can find
someplace else that does this yeah install myself a little bit of adware like allow notifications and
see what it looks like and see how i can tell for sure where it's coming from because yeah i'm i'm
(16:25):
positive that the one does not say alludesgroup.com but i'm equally certain that there's probably a
simple way to actually tell on a given notification where it came from maybe clicking on it right
clicking on it whatever there will be a way to do that i'm sure yeah that's what i'm thinking too i agree
yeah that's why we love you too see
(16:50):
not sad like that was that was awesome okay
yeah so the the to recap some of the things so far make sure you identify the source and we're
going to get some more information on identifying that source when you're in a browser
right okay because within the browser it can be either from the browser itself asking for permissions
(17:11):
is the main one that it might do not only notifications but it asks for um like for what
we're doing right now for example it asks you if uh has access to your video or to your microphone and
your camera right right right right yeah so and then websites individually can give notifications and
(17:32):
website there are a lot of i've had a lot of websites ask for notification permissions and i say
no unless i have some very very specific reason it's a website i know and trust so even notifications
like just default that i allow it for yeah i'm not sure actually i have any either i have notification
with apps and stuff but websites i don't know that i do so okay so from two two security experts
(17:58):
they're they're both saying the same thing they don't allow notifications you want to but i just
don't think there's any there's no significant benefit from my perspective for email i have an app
that'll notify me on my phone and for anything else people do don't they like even them asking you to
spam you is is the way i look at it like can we spam you a little bit i got enough spam in my life
(18:24):
without my web web browser spamming me too right yeah exactly that's that's the other aspect is just
simply the the spam for sure my daughter does love spam it turns out though i found out after a recent
trip to hawaii we had uh spam musubi she did spam on rice
(18:44):
how lovely uh good times spam is always better in hawaii
probably probably
so the other thing i would say is even with um the signs that like we've talked about obviously
(19:09):
captchas are ones we know we're going to interact with generally and accept
yeah cookie cookie pop-ups we're gonna you know ignore whatever but we're not worried about
so but we just want to be careful that we actually identify them properly as that right like because
that first pop-up his brain said it was a captcha wasn't a captcha right right it allowed pop-ups
(19:34):
yeah and certainly if you're allowing notifications you need to be extra careful about pop-ups in your
browser because if the site that you're allowing notifications on turns out to be mostly legit
then they could potentially do something or if they get compromised and you're allowing notifications
(19:57):
like it's a website that asks for notifications and so hackers are like this website has like three
million visitors and lots of them allow notifications let's see if we can hack them because then we have
a whole bunch of juicy victims i mean okay gotcha that's the sort of thing that that hackers are
(20:19):
looking for when they're looking for targets gotcha well and one thing when Kem and i we talked about this
most of this we talked about it beforehand but a couple things we did talk about
because when he was doing and he didn't mention this in the story but when he was he did a search
on malware removal of that one of something right you search something related to malware removal right
(20:44):
and i thought that was kind of interesting because i'm thinking well there's no malware installed
but in a way there really was because so if you look at the alludesgroup.com
as essentially a malware site right it's no longer by the way it has been well yeah that's good
year right yeah so you gave that malware site just a tiny bit of permissions to interact on your computer
(21:14):
like proactively on its own like you gave it a little just a tiny back door onto your computer so
even though you didn't actually install any malware on your computer by virtue of having the browser
installed you gave that the malware on that website a tiny back door does that make sense so so he in
(21:35):
essence opened up i'm thinking of it in my terms right that you've tried to describe to me before
in essence he allowed an incoming call through
or an incoming text yeah no i mean sort of sort of yeah i mean it's not was it it's thankfully not
(21:57):
quite as broad as a like in this tense of you know when we're talking about networking a call like it
was a call with a very specific limited purpose of doing that notification right but yes i mean like
an incoming threat is what i what i saw that as not necessarily like a phone call per se but like
(22:20):
yeah no i mean it's the right idea it's just limited it's thankfully limited in scope that's all okay
i mean sort of allowing a kind of call regularly through though not not just a single call but
allowing a class of calls exactly okay yep so yeah no you're i think it's arguably i think i think
(22:43):
you know Makani is saying it's not technically malware but it's i think there's a argument to be
made there it's doing something i don't want on my computer it's not doing anything specifically
you already convinced me of that before i agreed with you that's what i was saying what i said is
it wasn't technically installing malware but you were giving the malware on that website a backdoor
so yeah right whatever i mean we're in agreement on it that's right yeah okay yeah no you already
(23:09):
convinced me of that so so the the last thing the and again this was something you brought up before
today but i just wanted to emphasize because i think it's kind of the at least the final thing
that i'm thinking about is um if something weird starts happening right in this case that weird thing
(23:32):
was all of a sudden you have a threat or you know these pop-ups claiming that your computer is infected
with a virus right yeah obviously the first thing to do is not you know not panic like because one of
those things they always want you to panic and immediately click on oh i've got a virus i want
to make sure it doesn't do anything i've got to act immediately right that's kind of the idea
(23:57):
which but anyway but what you did your brain went to okay what what has happened recently that might
have changed right what what might have i done recently and your brain was able to connect the dots
back to the source ultimately right so right okay can i point out something that that was
(24:23):
alluded to but i i think emphasizes something of of relevance um Kem talked about his wife
wouldn't install anything unless she came to him and so uh again even a security expert's wife who you
think would be a little more capable of doing certain things on her own has a protection partner
(24:49):
she she she goes to that person and i that's what i thought of so obviously for me i might not have
been able to identify like like Kem did and say oh man this is where it came from this was because i i
wouldn't have caught that to be frank i probably wouldn't have caught that but i i would thanks to
(25:10):
what we've talked about on the podcast at least have had enough sense before i went and installed something
to ask aaron you know and to get that second opinion or to ask Makani or or whomever i reached out
to at that point in time so that was my one thing no that makes sense right well and even ask right
i got this pop-up is this legitimate do is it you know where is it coming from because the thing is if
(25:34):
you have an antivirus scanner you know then you then that's where you should be going to
see if a virus was really detected right not just yeah this random pop-up and clicking on it like if that
pops up you either say okay either i don't have an antivirus scanner like me i'm like okay that's
clearly a red flag right right or i do i make sure i go and open the antivirus scanner app and see
(26:03):
if that's where the detection is coming from right okay
okay so um yeah because your point about not catching it is really really good one um and
there was something else i was going to say about that um
(26:28):
yeah you well oh i guess right you can you could check the antivirus scanner but also you could ask just
ask about that pop-up right you may not connect the dots you may have no way to trace that back
just because it's you know a little bit more technically tricky right right you can always come
ask us on the forum forum.makanimason.com that'd be nice yeah um yeah i think that's
(26:57):
protection partners episode episode four if you haven't before it's yeah super crucial
to everybody and super simple look at that that was a plug for the name of the podcast i didn't even
think of that
(27:18):
oh man i liked it well done so so i don't have do i get a tease them well uh you know you
not any other thoughts Kem sounds like Nick wrapped up his thoughts no no i think that's pretty much it
great so any call to action Kem would you would you have us do anything call to action you want
(27:43):
action from me uh for us the listeners pay attention and close attention to pop-ups don't just click on
don't click on them that's what i would say that's not a specific call to action it's a call to inaction
i'm going to call to action paying attention looking at it closely before you click yeah just
(28:06):
there's almost nothing more critical with computer security than than taking a beat before you click
on something that's unexpected or or expected for that matter like you're expecting pop-ups all the time
because that's just the way the world we live in you're getting pop-ups all the time you should look
(28:29):
at them all which is not easy to do because we're trained to ignore things that are regular and common
and that's how our brains work all right exactly call to action pay attention to the road signs we've
talked about this before really pay attention to the signs that are being given right yep okay
(28:54):
so in next week's episode Makani do you have anything can i can i steal some thunder sure absolutely yes
hey Kem thank you for joining us you're amazing love it next week guess what we're going to talk about
we're going to go back to our series on shopping security stack so we'll be asking or answering
(29:18):
excuse me some frequently asked questions about website safety so look don't miss this one
like most people shop online now like don't miss it
enough said amen that's good that was a good episode
(29:43):
oh my hand disappeared though what oh man
all right oh are you ready to take action and wondering where to start get my bulletproof my
identity starter kit for free the seven most vital layers of protection everyone needs i'll send you
(30:04):
one step at a time and help you if you get stuck just go to bulletproofmyid.com and enter your name
an email and i will send you the first step again that's bulletproofmyid.com
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.