November 7, 2025
Helpful episodes to listen to first
Even a Security Expert Can Get Phished
Episode summaryToday's priority for our email workshop is learning how to dodge the phishers. Too often the only advice we hear is: don't click the wrong thing. While true, that also means living in a state of what Mad-Eye Moody calls constant vigilance! That sounds exhausting.
The real problem is that email was never designed with strong safeguards against impersonation. I still remember, as a teenager, emailing my friends - pretending to be Santa. Email has gotten better in the last 30 years, but not by much.
In the workshop, you’ll learn two extra layers of phishing protection that almost nobody uses. First, use a unique email address for with each website that sends you email. I'll show you how to make this simple.
Second, only allow approved senders into your inbox. This provides a specific trigger to raise your caution level when it's needed the most.
Join me if you're ready to stop being an easy phish to catch.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Super Simple Security Principles, where you learn how to think, not just what to do.
I'm Nick Jackson, here to learn along with my good buddy, Makani Mason.
Woo, do it that way.
And he's our master guardian.
He keeps us safe.
He's awesome.
(00:21):
Thank you, Makani.
This is episode 88, Email Workshop Priority.
And this is dodge fissures.
So dodging those fissures.
I love this episode.
So Makani, I'm super pumped, but I'm going to take the reins for a minute from you.
Are you okay with that?
(00:41):
Sure.
Hey, all right.
To our listeners out there, I have got a really, really good friend that works in cybersecurity besides Makani, but he works in the corporate world.
He goes around to people, selling them tools, corporations, tools to help them avoid phishing and things like that.
(01:03):
One of the companies out there that does a fantastic job, and I'll just say this company, is Proofpoint.
They absolutely do a great job with corporate phishing.
However, Makani, we've been talking to the individuals.
We're talking to the people like me and you.
So we've got these huge, awesome tools that are built for corporations, but the individuals who log into our email every night, we're still without a guide.
(01:35):
So that's why this episode and taking the time to learn this is so important for the individuals.
So with no further ado, Master Guardian, let's go, man.
How do we start dodging phishing as email, like as individuals?
(01:56):
Yeah.
No, thank you.
That's a great introduction.
I agree.
That's why we're doing this space is there's a lot of work going on in the corporate world,
but not very much for individuals, families, even small businesses, really, or very underserved still.
So, yeah.
So we're not going to talk too much.
(02:16):
Well, we are going to talk some specifics about how to dodge phishing,
but this is giving kind of a preview of what we're going to be covering in the workshop.
Oh, I like it.
So we're going to see some with what they're going to learn.
Sort of.
Yeah.
So that's why the title is, you know, email workshop priority, because this is the, we've
(02:36):
taught, we've had two previous episodes.
This is the third.
We're going to be having six total priorities that we're focusing on, and we may break it
down in individual segments.
Like I talked about before, this is an exploration of the concepts to figure out.
We want to, we want to streamline this and make this as fast as possible, but we're just
kind of talking through what these priorities are going to look like.
(02:57):
And obviously, dodging phishing, you know, some of the priorities are going to be a little
more, maybe some people prioritize it more or not, but I would be shocked if this is not
going to be top of the priority list for everyone.
Right.
The only case, actually, when I've talked with people is sometimes there are people I've run
into that think they're, you know, maybe they're not susceptible, right?
(03:21):
They're just like, oh, phishing's just for the idiot, you know, you just don't click on
the wrong thing or whatever, right?
Right.
Yeah.
Right.
And right, my response, of course, is if you think you're not susceptible, then you aren't
paying close enough attention.
Right.
We've even talked about people that have gotten gamed at their own game on our episodes before.
(03:41):
Yeah, exactly.
Right.
Go back and listen to episode 62.
Go read Cory Doctorow's blog.
So, yeah.
But, so like with spam, I feel like the general response to this problem, though, is somewhat
disappointing.
There's these corporate solutions, and there's so many statistics about how many, you know,
(04:04):
phishing attacks start in email.
But, like, mostly the only advice I hear, well, actually, I'd be curious to hear from you.
You know, what advice do you feel like you have seen you get out there, Nick, in terms
of how you avoid phishing?
That's a funny thing.
(04:25):
Everybody says, kind of what you said earlier that I talked to you.
Well, just don't click on the bad emails.
Yeah.
You know?
And it's like, well, that sounds fine in principle, but they're not all junky.
Granted, yeah, some phishing ones are easy to spot, right?
Right.
But there are other times to where it's not, and it's done very, very well.
(04:50):
Yeah.
Yeah, exactly.
Well, and, you know, this will, when I hear that, too, I kind of, I hear the voice of,
like, Mad-Eyed Moody from Harry Potter.
Constant vigilance!
Right, right.
Like, and that just feels like a really big ask, and the evidence, I think, shows that
(05:15):
it's too much of an ask to be hyper-paranoid about every email that you're ever looking at.
Yeah.
So, but the good news is, I think we can do better.
And, as with most email problems, the ideal solution, of course, is at the system level.
And that's my big long-term dream we've talked about.
(05:37):
But, in the interim, there is more we can do.
Okay.
So, here's the kind of high level.
And, again, we'll get into the details on how to implement this in the workshop, but just
to give you kind of an idea is, well, the first overall thing is what you do when the
phishing email arrives is important, right?
(05:59):
The not clicking, the looking at stuff.
But you might be tired when that happens.
You might be stressed, right?
And the whole point of the problem is, like, you don't know when it's a phishing email,
so it's hard to trigger a different behavior automatically.
So, again, you're going back to that advice of the constant vigilance.
(06:23):
You have to be super paranoid about every single email.
Which is why it's so exhausting and why we still fail at it so much.
Right.
And so, my focus is, okay, those are all good things to talk about.
We'll talk about those.
We'll keep emphasizing those.
But let's also, let's add some other layers of things we can do before the email arrives
(06:45):
to make it easier, right?
So, that's kind of one of the big focus is, what can we do before the emails arrives?
Yeah.
And there's really, and I think we've talked probably both about these to some degree in
different episodes.
But there's two more kind of strong layers that we can add.
(07:05):
And you can use them both together or just one or the other.
Okay.
The one is unique aliases.
Right?
So, we've talked about this.
And maybe that name doesn't ring a bell, but we'll walk through this.
Okay.
Let's walk through it.
The reason phishing exists is because impersonation is so easy with email.
(07:30):
Right.
Right?
And so, one of the things that helps with this is if you give out a unique email address
to every website you go to.
Yeah.
That's what I mean by aliases.
In the world of email, it's like a forwarding mailbox or a forwarding phone number or a privacy
card like we've talked about.
In the world of email, they call them aliases.
(07:53):
Because you only have one email box, but you have aliases.
Multiple.
Yeah.
Just like pseudonym writing aliases.
Yeah.
And so, they all go to the same place.
But, so, when you have that, then it makes it so when you get an email, it's going to
(08:13):
be coming to one of those aliases.
And so, you know, say you set up an email address for Amazon.
Yeah.
And an email comes into that Amazon address, but it's pretending to be from PayPal.
Okay.
So, you know, it's a very clear sign.
Right?
(08:34):
Like, you know, immediately, you don't have, I mean, it's, it's a very clear sign.
That emails are compromised.
Yeah, exactly.
Yep.
So, obviously, this is making sense to you.
Yeah.
And so, one of the things that we'll be talking about is the fact that, like, so how do you
(08:54):
do this?
Because there's a lot of ways to do it.
But with some email providers, it's, it's easy.
Some, you have to add on layers.
Some, it's just kind of impossible.
But, and the one we'll most talk about is going to be Fastmail.
Okay.
That's my, that's my provider of choice.
And the one we'll mostly kind of be pitching.
(09:17):
Yeah.
Not because we, I get anything out of it, just because it's one that I've been using
since 2013.
And it's the thing that makes all the things I talk about in the workshop the easiest to
do out of all the email providers.
All right.
Okay.
So, but the, the, the tie it back is the most important thing about this strategy is that
(09:41):
you can do it ahead of time.
Like we talked about before the phishing email arrives and you can be tired or stressed when
you create the alias.
Fastmail will just generate an alias for you and you just put it in.
So you don't even have to think of a good one either.
I like that.
Make it simple.
Yeah.
Okay.
And with the way they do it too, it, like there are some places where you have, you can
(10:05):
generate like these junk email addresses, throw away email addresses, but some websites
detect those ones.
But with Fastmail, they're all mixed in with regular real domains.
So they.
So they go through.
Yeah.
They go through.
I've never had a problem with that.
Excellent.
Okay.
(10:27):
So that's one of the big, one of the big layers, right?
Is the unique email addresses.
Right.
And again, this is going to be something we cover in the workshop, right?
Yeah, exactly.
This is just kind of give you an example of the main ways we're going to focus on adding
to our toolbox to fight phishing.
(10:48):
That really is just, it's just not much utilized out there.
Yeah.
So the other one is, and again, this goes back to the impersonation problem that is really
the root cause of phishing.
And so that's going to be an allow list or a whitelist approach.
And so what that looks like is you add a step for an email where you review the sender.
(11:14):
So if it comes in and if an email comes in, you have the system built in such a way that
it knows, is this a sender that I recognize that I have approved to send me email?
Okay.
So think of it kind of like if, you know, you're on Facebook or other places before they can
just send you messages, they have to do a friend request.
(11:37):
Right.
Okay.
Okay.
And that's a very different process than just reading a message from an existing friend.
Those are two distinct processes, right?
Yeah.
And so email doesn't have that notion inherently, but we can kind of simulate it with fast mail
or other tools.
Okay.
(11:57):
And so then this helps with the constant vigilance problem where this provides a specific trigger
where when we're reviewing a new sender, we can have, you know, a higher paranoia level.
Right.
And with our approved senders, we can just have our normal paranoia level.
Right.
Right.
(12:18):
So again, this takes some work.
Sorry, go ahead.
I was going to say, it's just senders you start to trust, essentially, is what you're
doing.
Yeah.
Yeah.
And, you know, it's some work, of course, but it's doable when you, you know, ahead of
time.
(12:38):
Again.
Right.
But I mean, at least building this system beforehand, essentially.
Yeah.
Well, and you know, when it comes in, obviously at that time you might be stressed, but I
still feel like that's much more doable when you have these specific buckets than just the
constant vigilance idea.
Right.
Oh, absolutely.
Oh, absolutely.
(12:59):
Yeah.
And again, Fastmail is really good at this, but there are this one, there are some other
good tools as well, but it is noticeably absent from most, if not all free email providers.
Right.
So just a little, little plug there and we'll get more into that in the workshop.
(13:21):
But nice.
So that's all I've got for today on, on that.
Okay.
So what's your takeaway, Nick?
So my takeaway is we've got, in this workshop, we're going to be diving into deeper details
in the two forms of protection against dodging phishing for starts.
(13:41):
You know, we're going to walk them through how to create unique emails so that they could
do a better job of eliminating that.
And then we're going to also walk through and basically do some work a little bit beforehand.
When we get something come in, we're going to categorize it as this person I know.
(14:04):
Again, I'm, I'm using Nick's terms, but we're going to do just a little legwork up front.
Not, it doesn't seem like a ton, but then it will easily start to distinguish who's a
legitimate sender or who's not.
Yeah.
Yeah.
And when I feel like the, the time investment, it's a proactive upfront time investment, but
(14:27):
you know, if you think about the time and energy wasted on spam, I feel like it's going to be,
I mean, I certainly feel like that for myself, that it's, it is, it's a time investment, but
you get it back.
It's not just time wasted.
It's not just time spent, but it's time invested and you get a good reward on your investment.
(14:49):
So absolutely.
And, you know, the other kind of way to think about it is just, is a trade-off and, you
know, everything is trade-offs.
Do we want to do a little bit of work up front or do we want to have that risk in the work
later?
Um, you know, seeing the ugly phishing, uh, stuff, you know, ounce of prevention is worth
(15:12):
a pound of cure.
Those kinds of ideas.
Absolutely.
Absolutely.
So, and just a little reminder, we've got corporations that are spending thousands upon
thousands of dollars to get these type of features, essentially.
Yeah.
I don't actually know what the, what the, uh, all the things that look like that, um, like
(15:36):
Proofpoint and stuff do exactly.
I'd be curious to know what they do and how I could improve it.
But one day, one day.
Shout out to Proofpoint.
Yeah.
So.
Okay.
That was a good one.
(15:56):
Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to BulletproofMyID.com and enter your name and email and I will send you the first
(16:20):
step.
Again, that's BulletproofMyID.com.
Welcome to Super Simple Security Principles, where you learn how to think, not just what to do.
I'm Nick Jackson, here to learn along with my good buddy, Makani Mason.
Woo, do it that way.
And he's our master guardian.
He keeps us safe.
He's awesome.
(00:21):
Thank you, Makani.
This is episode 88, Email Workshop Priority.
And this is dodge fissures.
So dodging those fissures.
I love this episode.
So Makani, I'm super pumped, but I'm going to take the reins for a minute from you.
Are you okay with that?
(00:41):
Sure.
Hey, all right.
To our listeners out there, I have got a really, really good friend that works in cybersecurity besides Makani, but he works in the corporate world.
He goes around to people, selling them tools, corporations, tools to help them avoid phishing and things like that.
(01:03):
One of the companies out there that does a fantastic job, and I'll just say this company, is Proofpoint.
They absolutely do a great job with corporate phishing.
However, Makani, we've been talking to the individuals.
We're talking to the people like me and you.
So we've got these huge, awesome tools that are built for corporations, but the individuals who log into our email every night, we're still without a guide.
(01:35):
So that's why this episode and taking the time to learn this is so important for the individuals.
So with no further ado, Master Guardian, let's go, man.
How do we start dodging phishing as email, like as individuals?
(01:56):
Yeah.
No, thank you.
That's a great introduction.
I agree.
That's why we're doing this space is there's a lot of work going on in the corporate world,
but not very much for individuals, families, even small businesses, really, or very underserved still.
So, yeah.
So we're not going to talk too much.
(02:16):
Well, we are going to talk some specifics about how to dodge phishing,
but this is giving kind of a preview of what we're going to be covering in the workshop.
Oh, I like it.
So we're going to see some with what they're going to learn.
Sort of.
Yeah.
So that's why the title is, you know, email workshop priority, because this is the, we've
(02:36):
taught, we've had two previous episodes.
This is the third.
We're going to be having six total priorities that we're focusing on, and we may break it
down in individual segments.
Like I talked about before, this is an exploration of the concepts to figure out.
We want to, we want to streamline this and make this as fast as possible, but we're just
kind of talking through what these priorities are going to look like.
(02:57):
And obviously, dodging phishing, you know, some of the priorities are going to be a little
more, maybe some people prioritize it more or not, but I would be shocked if this is not
going to be top of the priority list for everyone.
Right.
The only case, actually, when I've talked with people is sometimes there are people I've run
into that think they're, you know, maybe they're not susceptible, right?
(03:21):
They're just like, oh, phishing's just for the idiot, you know, you just don't click on
the wrong thing or whatever, right?
Right.
Yeah.
Right.
And right, my response, of course, is if you think you're not susceptible, then you aren't
paying close enough attention.
Right.
We've even talked about people that have gotten gamed at their own game on our episodes before.
(03:41):
Yeah, exactly.
Right.
Go back and listen to episode 62.
Go read Cory Doctorow's blog.
So, yeah.
But, so like with spam, I feel like the general response to this problem, though, is somewhat
disappointing.
There's these corporate solutions, and there's so many statistics about how many, you know,
(04:04):
phishing attacks start in email.
But, like, mostly the only advice I hear, well, actually, I'd be curious to hear from you.
You know, what advice do you feel like you have seen you get out there, Nick, in terms
of how you avoid phishing?
That's a funny thing.
(04:25):
Everybody says, kind of what you said earlier that I talked to you.
Well, just don't click on the bad emails.
Yeah.
You know?
And it's like, well, that sounds fine in principle, but they're not all junky.
Granted, yeah, some phishing ones are easy to spot, right?
Right.
But there are other times to where it's not, and it's done very, very well.
(04:50):
Yeah.
Yeah, exactly.
Well, and, you know, this will, when I hear that, too, I kind of, I hear the voice of,
like, Mad-Eyed Moody from Harry Potter.
Constant vigilance!
Right, right.
Like, and that just feels like a really big ask, and the evidence, I think, shows that
(05:15):
it's too much of an ask to be hyper-paranoid about every email that you're ever looking at.
Yeah.
So, but the good news is, I think we can do better.
And, as with most email problems, the ideal solution, of course, is at the system level.
And that's my big long-term dream we've talked about.
(05:37):
But, in the interim, there is more we can do.
Okay.
So, here's the kind of high level.
And, again, we'll get into the details on how to implement this in the workshop, but just
to give you kind of an idea is, well, the first overall thing is what you do when the
phishing email arrives is important, right?
(05:59):
The not clicking, the looking at stuff.
But you might be tired when that happens.
You might be stressed, right?
And the whole point of the problem is, like, you don't know when it's a phishing email,
so it's hard to trigger a different behavior automatically.
So, again, you're going back to that advice of the constant vigilance.
(06:23):
You have to be super paranoid about every single email.
Which is why it's so exhausting and why we still fail at it so much.
Right.
And so, my focus is, okay, those are all good things to talk about.
We'll talk about those.
We'll keep emphasizing those.
But let's also, let's add some other layers of things we can do before the email arrives
(06:45):
to make it easier, right?
So, that's kind of one of the big focus is, what can we do before the emails arrives?
Yeah.
And there's really, and I think we've talked probably both about these to some degree in
different episodes.
But there's two more kind of strong layers that we can add.
(07:05):
And you can use them both together or just one or the other.
Okay.
The one is unique aliases.
Right?
So, we've talked about this.
And maybe that name doesn't ring a bell, but we'll walk through this.
Okay.
Let's walk through it.
The reason phishing exists is because impersonation is so easy with email.
(07:30):
Right.
Right?
And so, one of the things that helps with this is if you give out a unique email address
to every website you go to.
Yeah.
That's what I mean by aliases.
In the world of email, it's like a forwarding mailbox or a forwarding phone number or a privacy
card like we've talked about.
In the world of email, they call them aliases.
(07:53):
Because you only have one email box, but you have aliases.
Multiple.
Yeah.
Just like pseudonym writing aliases.
Yeah.
And so, they all go to the same place.
But, so, when you have that, then it makes it so when you get an email, it's going to
(08:13):
be coming to one of those aliases.
And so, you know, say you set up an email address for Amazon.
Yeah.
And an email comes into that Amazon address, but it's pretending to be from PayPal.
Okay.
So, you know, it's a very clear sign.
Right?
(08:34):
Like, you know, immediately, you don't have, I mean, it's, it's a very clear sign.
That emails are compromised.
Yeah, exactly.
Yep.
So, obviously, this is making sense to you.
Yeah.
And so, one of the things that we'll be talking about is the fact that, like, so how do you
(08:54):
do this?
Because there's a lot of ways to do it.
But with some email providers, it's, it's easy.
Some, you have to add on layers.
Some, it's just kind of impossible.
But, and the one we'll most talk about is going to be Fastmail.
Okay.
That's my, that's my provider of choice.
And the one we'll mostly kind of be pitching.
(09:17):
Yeah.
Not because we, I get anything out of it, just because it's one that I've been using
since 2013.
And it's the thing that makes all the things I talk about in the workshop the easiest to
do out of all the email providers.
All right.
Okay.
So, but the, the, the tie it back is the most important thing about this strategy is that
(09:41):
you can do it ahead of time.
Like we talked about before the phishing email arrives and you can be tired or stressed when
you create the alias.
Fastmail will just generate an alias for you and you just put it in.
So you don't even have to think of a good one either.
I like that.
Make it simple.
Yeah.
Okay.
And with the way they do it too, it, like there are some places where you have, you can
(10:05):
generate like these junk email addresses, throw away email addresses, but some websites
detect those ones.
But with Fastmail, they're all mixed in with regular real domains.
So they.
So they go through.
Yeah.
They go through.
I've never had a problem with that.
Excellent.
Okay.
(10:27):
So that's one of the big, one of the big layers, right?
Is the unique email addresses.
Right.
And again, this is going to be something we cover in the workshop, right?
Yeah, exactly.
This is just kind of give you an example of the main ways we're going to focus on adding
to our toolbox to fight phishing.
(10:48):
That really is just, it's just not much utilized out there.
Yeah.
So the other one is, and again, this goes back to the impersonation problem that is really
the root cause of phishing.
And so that's going to be an allow list or a whitelist approach.
And so what that looks like is you add a step for an email where you review the sender.
(11:14):
So if it comes in and if an email comes in, you have the system built in such a way that
it knows, is this a sender that I recognize that I have approved to send me email?
Okay.
So think of it kind of like if, you know, you're on Facebook or other places before they can
just send you messages, they have to do a friend request.
(11:37):
Right.
Okay.
Okay.
And that's a very different process than just reading a message from an existing friend.
Those are two distinct processes, right?
Yeah.
And so email doesn't have that notion inherently, but we can kind of simulate it with fast mail
or other tools.
Okay.
(11:57):
And so then this helps with the constant vigilance problem where this provides a specific trigger
where when we're reviewing a new sender, we can have, you know, a higher paranoia level.
Right.
And with our approved senders, we can just have our normal paranoia level.
Right.
Right.
(12:18):
So again, this takes some work.
Sorry, go ahead.
I was going to say, it's just senders you start to trust, essentially, is what you're
doing.
Yeah.
Yeah.
And, you know, it's some work, of course, but it's doable when you, you know, ahead of
time.
(12:38):
Again.
Right.
But I mean, at least building this system beforehand, essentially.
Yeah.
Well, and you know, when it comes in, obviously at that time you might be stressed, but I
still feel like that's much more doable when you have these specific buckets than just the
constant vigilance idea.
Right.
Oh, absolutely.
Oh, absolutely.
(12:59):
Yeah.
And again, Fastmail is really good at this, but there are this one, there are some other
good tools as well, but it is noticeably absent from most, if not all free email providers.
Right.
So just a little, little plug there and we'll get more into that in the workshop.
(13:21):
But nice.
So that's all I've got for today on, on that.
Okay.
So what's your takeaway, Nick?
So my takeaway is we've got, in this workshop, we're going to be diving into deeper details
in the two forms of protection against dodging phishing for starts.
(13:41):
You know, we're going to walk them through how to create unique emails so that they could
do a better job of eliminating that.
And then we're going to also walk through and basically do some work a little bit beforehand.
When we get something come in, we're going to categorize it as this person I know.
(14:04):
Again, I'm, I'm using Nick's terms, but we're going to do just a little legwork up front.
Not, it doesn't seem like a ton, but then it will easily start to distinguish who's a
legitimate sender or who's not.
Yeah.
Yeah.
And when I feel like the, the time investment, it's a proactive upfront time investment, but
(14:27):
you know, if you think about the time and energy wasted on spam, I feel like it's going to be,
I mean, I certainly feel like that for myself, that it's, it is, it's a time investment, but
you get it back.
It's not just time wasted.
It's not just time spent, but it's time invested and you get a good reward on your investment.
(14:49):
So absolutely.
And, you know, the other kind of way to think about it is just, is a trade-off and, you
know, everything is trade-offs.
Do we want to do a little bit of work up front or do we want to have that risk in the work
later?
Um, you know, seeing the ugly phishing, uh, stuff, you know, ounce of prevention is worth
(15:12):
a pound of cure.
Those kinds of ideas.
Absolutely.
Absolutely.
So, and just a little reminder, we've got corporations that are spending thousands upon
thousands of dollars to get these type of features, essentially.
Yeah.
I don't actually know what the, what the, uh, all the things that look like that, um, like
(15:36):
Proofpoint and stuff do exactly.
I'd be curious to know what they do and how I could improve it.
But one day, one day.
Shout out to Proofpoint.
Yeah.
So.
Okay.
That was a good one.
(15:56):
Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to BulletproofMyID.com and enter your name and email and I will send you the first
(16:20):
step.
Again, that's BulletproofMyID.com.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Paper Ghosts: The Texas Teen Murders
Paper Ghosts: The Texas Teen Murders takes you back to 1983, when two teenagers were found murdered, execution-style, on a quiet Texas hill. What followed was decades of rumors, false leads, and a case that law enforcement could never seem to close. Now, veteran investigative journalist M. William Phelps reopens the file — uncovering new witnesses, hidden evidence, and a shocking web of deaths that may all be connected. Over nine gripping episodes, Paper Ghosts: The Texas Teen Murders unravels a story 42 years in the making… and asks the question: who’s really been hiding the truth?
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com