June 17, 2025 • 45 mins
Cybersecurity
Cybersecurity expert Rivka Tadjer reveals how criminals target our digital world. She draws on her extensive job experience in the White House, major corporations, and private individuals to explain some easy steps we can take to prevent cyber attacks and identity theft.
You'll discover why your Gmail account might be putting your retirement savings at risk, how criminals can intercept text message verification codes, and why the default settings on your home router are practically rolling out the welcome mat for hackers.
Listen now and transform your understanding of cybersecurity from overwhelming technical jargon into practical wisdom that could save you thousands of dollars and countless hours of heartache.
Topics
1:15 From Journalism to Cybersecurity Expert
2:50 What is Cybersecurity
7:38 Most Vulnerable Websites and Places
9:53 What is the "Dark Web"?
15:29 Secure Communications and Password Protection
21:46 Banking Security and SIM Protection - Must Know!
28:38 Bluetooth, Wi-Fi, and Travel Safety
31:12 Secure Your Banking and Credit Cards
35:39 Ransomware Attacks
36:32 Identity Theft and Common Attacks
39:04 Career Opportunities in Cybersecurity
42:14 Why Seniors Are Prime Targets
Resources
zerohacksecure.com
Nordvpn.com
Follow us for more conversation like this one.
Want us to cover a specific job? Shoot us an email!
Music credit: Kate Pierson & Monica Nation
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:03):
If you understand criminal behavior, you will
understand how not to be avictim and you actually know
more than you think you know, Ipromise you, incident response
and mitigation of identity theftand breaches of your bank
account will take forever.
It's expensive and it's verypainful and it's horrible to see
, and so much of it ispreventable.
Speaker 2 (00:24):
Hi, welcome back to how Much Can I Make.
I'm your host, merav Ozeri, andtoday we're stepping into the
high-stake world ofcybersecurity.
Our guest is Rivka Tadger, ceoand co-founder of ZeroHack.
Rivka is a top cybersecurityexpert who worked with the White
House, major corporations andprivate individuals to prevent
(00:47):
cyber attacks and identity theft.
Let's step into her expertiseand find out what we can and
should do to protect ourselvesin this digital world.
Well, rivka, thanks a lot forwilling to participate and
giving us your time.
I have millions of questions,of course, because that totally
concerns me security.
(01:08):
I was hacked, so let's start byfirst telling me how did you
get into doing cybersecurity?
Speaker 1 (01:15):
So, first of all, thank you for having me on.
And well, I started as ajournalist in the late 80s,
early 90s.
I was on the team with the WallStreet Journal who put the Wall
Street Journal online in whatwe call the OJ years 1994.
And then I was covering privacysecurity, identity theft, as
(01:35):
well as AI, machine learning,data mining and supply chains.
Already in 94, you were dealingwith AI Well because AI a lot of
what is called AI now ismachine learning Right.
So that was the beginnings indata mining and putting those
systems together.
Speaker 2 (01:51):
Didn't know that, so okay, so now you're an
independent contractor, right?
That deals with security.
Tell us what you do.
Speaker 1 (02:00):
So we're actually going to celebrate our 10th
anniversary next month of ourconsultancy.
What we do is we protect peoplespecializing in financial
protection and securecommunication.
Speaker 2 (02:14):
Okay, what does it mean?
Financial?
Speaker 1 (02:16):
protection, protecting the cyber equivalent
of putting your banks andbrokerage in witness protection.
So I also worked in fintech, inbanking, and I was on the White
House National InfrastructureAdvisory Council for Critical
Infrastructure in the bankingindustry, appointed by Obama,
but worked through Trumpadministration.
(02:36):
So I have specialty in howpayments and banking work and I
covered it a lot as a journalist.
Then I moved to work forfintech and banking companies,
so what we do is we investigatehere you are right, mirav, you
have email addresses.
You've been online since we allgot this Steve Jobs remote
(02:57):
control of our planet in 2008,right?
Speaker 2 (02:59):
Everything was free free email free, this you can
get everything.
Speaker 1 (03:01):
It was free, free email free, this, you can get
everything.
And so we ran for convenience.
And those email addresses andthe telephony side of your phone
, which I'll get into, are wideopen doors.
Okay, everyone's heard aboutthe terms phishing.
Okay, if they hack into youremail and can impersonate you,
that's called an accounttakeover.
And then, thanks to AT&T andVerizon, last year they breached
(03:24):
all of our data and socialsecurity numbers.
I can be Mirov.
So what we do is we use cyberthreat intel systems that are
closed systems.
We look anonymously in threatintel systems to see what of
yours has been exposed.
Can someone take your phone andforward authentication codes to
another phone?
Can someone be you with youremail address and what kinds of
(03:48):
cyber criminal groups aretargeting you?
So first, we do that.
I'm a data driven person.
Speaker 2 (03:53):
Okay.
Speaker 1 (03:54):
So first I get the data.
Speaker 2 (03:55):
Okay.
Speaker 1 (03:56):
And we need scary little to find this out.
Literally your name, middlename, helps if you have a common
name, birth date, legal address, your IP addresses, phone
number and your email addressesand that's it.
And I never look at anyone'sfinancial balance.
I don't look at sensitiveinformation and we can see if
your social security number hasbeen texted to someone else, but
(04:16):
essentially you have to get thedata and see what the
vulnerabilities are and, if theyare into your email or your
phone or your systems, how theygot in.
Once we know how they got in,we can kick them out.
And one of the most important,and that's the service part, If
somebody has your socialsecurity number, they can't do
anything with it, or that theycan't access your banks and
brokerage, because we've createda new identity for you with
(04:38):
those.
Because, once data is breachedout there, the toothpaste is out
of the tube.
You are never putting that back, so sometimes it's a pain in
the neck, I might tell you.
You know that Gmail you've hadfor 100 years.
You've got to get rid of it now, okay, and then you have to
migrate it.
You have to move your contacts,but you need encrypted, secure
email for your bank andbrokerage that never sees the
light of day, that you never usefor anything else, how can I
(05:01):
get encrypted email?
You can go to protonme inSwitzerland and geta ProtonMail.
Russian oligarchs use it toprotect their Swiss bank
accounts.
And now so can you, for $3.99 amonth.
Think about it ProtonMail forprotecting Swiss bank accounts.
Do you think somebody's using aGmail to protect a Swiss bank
account?
No, actually, if somebody triesto crack your password, the
(05:23):
whole inbox turns to some pigLatin version of Cyrillic.
Even for you.
If you lose it, it's designedto protect.
Other thing that you can do,depending on where your email is
hosted, is things like SpamAssassin, these little add-ons
that you can put on that reallydon't allow things into your
server, especially if you'reusing a Gmail and you haven't
(05:45):
gotten an encrypted secure email.
An encrypted secure email willthrow that stuff and it won't
even let it on your server.
It's like a big gunk air filter.
Every infiltration.
And the new IBM researchreports and the new Verizon
reports read those yearly.
You can download them.
The FBI ICS unit, the InternetCrimes Unit, read their reports.
(06:06):
Over 90%, no exaggerationhappens by human error with
their email credential.
Speaker 2 (06:13):
I want to double check something.
Yeah, if I email my broker, ifI delete it and delete the trash
, I'm safe.
No, no, no.
Speaker 1 (06:20):
At Yahoo.
They store all that crap on aserver that they've long
abandoned.
If you didn't change over toOutlook Mail and get encrypted
mail and Outlook, you know theydo offer encrypted email servers
, or your Hotmail, or thatProdigy thing that AT&T owns.
Okay, anyone with one of thoseYahoo accounts that became a
Prodigy account, that is allsubject to the.
Speaker 2 (06:42):
AT&T breach, so hold on a second.
If I communicate on WhatsApp,whatsapp is encrypted.
No, no, it's not.
Speaker 1 (06:48):
Zuckerberg bought it and now everything meta is
integrated into it.
That's why the whole worldmoved to Signal.
Speaker 2 (06:55):
Signal.
Speaker 1 (06:55):
Yeah.
So now and when that goes tohell, I can come back and tell
you what's new.
The cyber criminals is what youshould be worried about.
Cyber criminals is what youshould be worried about.
It's organized crime.
It's not a 40-year-old guy inhis bathrobe still living with
his mother.
These are well-funded, theyhave the best hackers in the
world and they havesupercomputers.
They can run everything aboutyou in social media and, in 10
seconds, know the password toyour email if you have not
(07:19):
protected it.
Okay, this is very, verysophisticated.
So what you're looking at isthe cyber criminals and
protecting yourself from thosecriminal gangs.
And you know, usually theydon't have ideology, they just
path of least resistance.
Where can I break in and getmoney?
How can I assume someone'sidentity?
There are six attack surfaces.
(07:40):
These are the high riskbehaviors Crypto activism,
ancestry sites get off of themall right now Porn, gaming and
dating sites.
There are ways to do all ofthese safely, except for
ancestry, and it's a shame,because when 23andMe was
breached, okay, and they onlystole a database of Ashkenazi
(08:02):
Jews, really, yep, all right.
So why do they do that?
It could be someone who wantsto sell to Pfizer a database so
that they can make a drug toprevent Tay-Sachs disease, or it
could be someone who hatesAshkenazi Jews.
It could be anything on thatspectrum.
Class action suit.
And now 23andMe is gone Right,but the data's not gone and it's
(08:23):
in junkyards somewhere.
And it's a shame becausesomething like 23andMe so many
people if they were adoptedbecause it was medical based,
right right.
But it's in the magnet forhackers because they know
there's all kinds of data inthere.
The other place is to be supercareful.
You're getting a divorce.
What's not in a separationagreement?
Be careful how you communicateto your lawyer.
Not only do you know howeverything's divided, you know
(08:46):
who got what and where it is.
So think you got to learn tothink like a criminal.
And accountants forensicaccounting they're so good at
this.
Some of my best sources that Ibrainstorm with are forensic
accountants.
They get this immediately oncethey tune into it because they
know how money flows and themore you know about money flow,
about accounting.
(09:06):
Real estate lawyers are greatat this.
I have some great sources thatI use who are realtors, because
they know when something looksweird in MLS and MLS was hacked
in 2023.
Wow, okay.
So if you've ever bought ahouse or sold a house or rented
a house, do you know what isstored in an average real estate
office printer In the printerit's stored In the printer
(09:29):
because they're like oh, I haveto print out this person's whole
financial picture.
They sent me proof of income andit's stored.
It's stored.
Look at network printers andsee how often they're cleared.
Medical people know theconfluence of data and have
great aptitude for this.
Okay, and now with telemedicinethere, all of that, that's why
they keep getting breached.
There's juicy information thatgoes on for years to socially
(09:51):
engineer people.
Speaker 2 (09:53):
What is this dark web ?
Can you actually see what'sthere?
It's like a mall.
Speaker 1 (09:56):
Of course you can see it.
Speaker 2 (09:57):
So can I go in and see if my information is in
there?
Speaker 1 (10:01):
Well, you don't want to be noticed in there.
You is in there.
Well, you don't want to benoticed in there.
You want to go in anonymouslyor posing as a fraudster buying
stuff, because you'll be seen amile away.
You need to be anonymous to godo it and watch what they're
doing, to do it.
Do you do that?
Yeah, of course that's whatthreat intel systems do, and we
use one that's mirrored theinfrastructure of the dark web,
and it's amazing.
Speaker 2 (10:21):
Oh my God, so we?
Speaker 1 (10:21):
can watch what they're doing and you query it
in many languages.
Speaker 2 (10:25):
You literally see people there buying and selling
information.
Speaker 1 (10:28):
Yes, there are trajectories where you can see.
Sometimes you can place them bylongitude and latitude.
Trading data.
Speaker 2 (10:35):
I mean, it's not a little avatar guy, but it's
their identity.
Speaker 1 (10:39):
Wow.
The problem with this crime isthat it pays and there's only
0.05% of the time that anyone'sever caught, because you don't
have to be seen.
Speaker 2 (10:47):
So you said secure password.
How can I secure my password?
Speaker 1 (10:52):
Well, first of all, never, ever, use an automated,
auto-generated password.
Two reasons why Whoever isoffering to auto-generate your
password is keeping a databaseof those passwords.
Speaker 2 (11:03):
Even the very complicated, very long password,
it's AI.
Speaker 1 (11:07):
AI is not good at implementing ideas or being
creative, but if it's out therethey can grab it.
The other thing is it's ahacker's dream.
So let's say you have automatedpasswords generated in a
password manager.
Those are stored in a placebecause you can't have everybody
with the same passwords, right,right?
So if they get to that attacksurface and they say, oh, who
(11:28):
has accounts here?
Great, let's go get the.
That's the first thing they'llgo for.
Let's go get the database ofthe auto-generated passwords,
run it against the accounts andsee where we get in.
You need a system where youcontrol things, where all the
locks are yours to put on andtake off, like freezing your
credit reports.
Okay, once Equifax was hacked,people in my industry we lobbied
(11:50):
it became rule that you get tofreeze your credit report.
Speaker 2 (11:53):
Right, I did that, yeah.
Speaker 1 (11:54):
Right and people are like, well, I don't have an
account there.
I was like great, well, theyhave had a dossier on you for 50
years.
So you create that onlineexperience so you control
whether it's frozen or not.
You want to go for, apply for aloan.
You say which one are youlooking at and you only unlock
that one 24 hours before you letthem do it, and then you lock
it back up.
Okay, and the most importantthing about security is don't
(12:17):
tell someone what you're doing.
Misinformation is a good thing.
What do you mean by that?
When you create a new personafor your banks and brokerage and
you have an encrypted email,you have two-factor
authentication, you have gooduser ID and password, you have
excellent hygiene when you doonline banking and where you do
your online banking and how youdelete your browsing data and
(12:38):
how you sign out instead ofX-ing out your habits.
How you call your bank andbrokerage and say no wires ever
go out of my account unless I'min branch.
Speaker 2 (12:48):
Hold on a second.
You said something importantDeleting your browsing history.
You said Absolutely.
On a daily basis.
Speaker 1 (12:55):
Absolutely.
When you can visualize howcyber criminals see what you're
doing, then you really tune into these principles and then you
just apply the principles inyour life.
Once you click into it and youknow, people tell me all the
time you know I'm not, this isthe era of the kids.
I'm not good at this.
I disagree.
I work with seniors, a lot ofseniors mostly because they're
(13:19):
hard to protect and they have alot to lose and they're main
targets.
Actually, they're much betterat this than my 24-year-old
daughter, because you know crimeand you know criminals and you
know criminal minds.
But you have to know whatthey're seeing and how they
follow you.
You have to know what akeystroke logger is.
That's everywhere you browse onthe internet Little pieces of
malware in that beautiful littleGmail of yours or Yahoo or
(13:42):
Hotmail or any free mail AOLthat sells your email to
advertisers.
What is a keystroke logger?
Exactly what it sounds like.
It logs your keystrokes.
It's an info stealer.
Okay, and you have to find outin all of your settings whether
there's anything on there.
On a PC, you go into your taskmanager In your Apple computer.
You go to the activity monitor.
Look at all the crap running inthe background in your computer
(14:05):
and if you see anything inChinese or Russian, you call me.
But if you see the wordsZendesk, MSpy or numbers with
KKEtxt, those are info stealers.
Speaker 2 (14:15):
What browser is the best one to use?
Speaker 1 (14:17):
It doesn't matter, they're all the same.
It's how you set them up thatmatters.
You set them up for zero trust.
What do you think that Googleand Microsoft and Apple and
Firefox are doing with all thatdata if you don't set it?
How do you think they selladvertising?
They gather your analytics andthey sell it to each other.
Speaker 2 (14:35):
But how can I set it so they?
Speaker 1 (14:36):
don't do it.
It's all in settings.
This is what I encourage peopleto do Log on to any app that
you use and click on that stupidlittle gear shift or the three
dots or the three lines and gothrough every single setting in
there and anything that lookslike share my data, give
analytics, personalize, turn itoff.
Anything that says remember me,say no.
(14:57):
You do not want AI to grab thisinformation and sell it off
into the dark web.
The more information they haveabout you and if you've ever
been hacked, you're worth moreinto the dark web the more
information they have about youand if you've ever been hacked,
you're worth more on the darkweb.
You go from being worth that 50cents to marketers to being
worth thousands.
And the other thing to rememberthat's super important is
everybody looks at their phone.
They're like I either have aDroid or an Apple.
(15:18):
Apple will say nobody can bustour architecture.
I was like who cares?
Nobody, you don't have thesecret sauce to Coca-Cola on
your computer.
That's not what I want.
I want the telephony side.
Your phone is Verizon or AT&Tor T-Mobile.
Apple is in the cloud.
How are you protecting thatApple ID With a Gmail?
All right If I go and hijackyour Apple ID all right, and I
change the phone number and Ichange the email address and I
(15:40):
lock you out.
I have everything in your cloud.
I have the credit card.
You have to store apps.
You call Apple, even with aserial number or an IMEI number
on your phone, and they will nothelp you.
So it doesn't matter what thearchitecture is, everything we
do is online in the cloud, andyou have to have the same mantra
of protection.
You have to protect thecredentials that guard the
(16:02):
accounts, and then you'll besafe.
Speaker 2 (16:04):
So, for example, people put credit cards in Apple
Wallet.
Is that safe?
Speaker 1 (16:10):
It's as safe as how you guard your account.
Look, I am not willing to golive in the woods with a shotgun
on my porch okay, and a roll ofbills under my mattress okay.
Right, you know some people are,but I live in this world and I
love to shop and do everythingelse.
Right, you have to protect theSIM, which is the telephony side
of your phone, so that no onecan take those authorization
(16:30):
codes to your bank and forwardthem somewhere else and no phone
company will ever tell you thepiece of advice I'm going to
give you right now you have toprotect your Apple ID by not
allowing remote access to it andyou have to have a VPN on your
phone.
And you have to have a VPN onyour phone and you have to
secure encrypted emails for anyaccount that you have that does
payments.
And then you take your Gmailaddress and you leave what I
(16:52):
call your trash persona outthere.
Let them pick at that untilit's just bone, because it's
already out there.
You surgically remove what isfinancial from your breach data.
That's out there.
You put it under lock and keywhere it's not going to be sold,
and that's how you protectyourself.
Speaker 2 (17:09):
I have malware on my computer that doesn't give me
really any security, except forvirus, right.
Speaker 1 (17:15):
No, no, anti-malware, you mean malware bytes.
Speaker 2 (17:17):
Yes.
Speaker 1 (17:17):
Something like that.
Yes, okay.
So this is a very interestingpoint.
You need a VPN with that.
So what malware bytes does?
Is it looks on your hard drive.
Are there viruses or is theremalware on your hard drive?
Okay, what a VPN does?
It does two jobs.
One it monitors your networktraffic.
The VPN, the mothership.
(17:39):
It monitors for keystrokeloggers, viruses, malware, ad
trackers that track you and thensell all your data.
Vpns are very powerful now.
It used to be for enterprises.
You can click on ad andtracking blocking.
You can click on anti-malware.
That is not somethingMalwarebytes can do.
(18:00):
What that mothership does in aVPN is it prevents you from
downloading anything bad.
Most malware and stuff eithercomes through your email that
Google sells and promotion.
People can say they have toread it before they delete it,
and reading it can load themalware.
Or they have to read it.
They have to click on it threetimes or some crap, so it stays
in your computer.
But it also will quarantine anyPDF or virus filled document.
(18:26):
Okay, and so you can look at it.
It keeps it on a server and soyou can look at it.
It keeps it on a server theother part of a VPN that you
embed in your browser and anextension masks your IP address.
Speaker 2 (18:38):
Is there a particular VPN?
Because I looked into it oncewhen I got the paranoid hour and
there are so many to choosefrom, how do I know what VPN
it's?
Speaker 1 (18:47):
a good question.
So I just want to preface thisby saying I take no referral
money, affiliate money anyonefrom anyone I recommend or say
is bad.
Speaker 2 (18:55):
Okay.
Speaker 1 (18:55):
Because I have to stay clean.
Speaker 2 (18:56):
Yes, of course Okay.
Speaker 1 (18:57):
Right now.
We like NordVPN.
We like NordVPN for severalreasons.
When we look it up on ourthreat intel systems, we don't
see infant stealers on theirdomain.
We don't see a lot of employeeaddresses that have account
takeover.
Okay, what if there's anemployee with you know they're
looking for that access to thoseaccounts?
We see very, very few.
(19:19):
Their parent company is basedin Amsterdam, probably
protecting the De Beers.
Okay, right, remember, thepeople who really have the most
money in the world are nottalking about it.
Okay, so Europe's privacy lawsare way more developed.
The world are not talking aboutit.
Okay, so Europe's privacy lawsare way more developed than ours
are.
They're stronger.
So this type of application grewup in an environment where it's
(19:42):
very, very careful If you keepit updated.
They're constantly studying themutations of malware and then
bringing the inoculation.
One thing to remember about aVPN is definitely there's a lot
of good ones out there, but testyour internet speed with or
without it.
One of the things we like aboutNord is it doesn't degrade
internet speed, so sometimes,like Proton, has a very good
(20:05):
sister application.
It's a great VPN if you live inSwitzerland, but its protocols
protocols here.
Your Zooms will freeze.
You'll turn it off, it willdrive you crazy.
So that's a big configuration.
It's overwhelming, it is it'slike taking a sip from a fire
hose, but the best thing to dois not to think of it all at
once.
The first thing I do in a housego change the Wi-Fi password on
(20:30):
your router, okay.
Go change the Wi-Fi password onyour router, okay.
Many, many companies thatprovide your Wi-Fi service on
that router, right.
Speaker 2 (20:38):
Spectrum provides mine Okay.
Speaker 1 (20:40):
So my entire neighborhood.
The first two words of thepassword.
That's like imprinted on therouter is the same for everybody
.
Okay, so if I'm smart enough andI shoulder surf on Wi-Fi, all I
have to do is run algorithmsagainst the last three numbers.
I go anywhere and I can look upWi-Fi in your neighborhood and
most people have not evenchanged the name from Spectrum
(21:01):
Setup F8.
Oh, you have to change that too.
You can and you should changethat router password to
something Spectrum doesn't know,not because Spectrum is evil,
but Spectrum is a mobile virtualoperator of Verizon.
Verizon was breached last year.
Okay, what's the first thingthey're going to do if they
break into Spectrum?
(21:22):
Let's go see all the passwordsthat they have stored, run them
against their list of accountsand see where we can hop in and
go take stuff.
So you've got to reduce yourattack surfaces and you have to
think like you're your ownpersonal corporation and who
your third party risk is.
That's the first thing you do.
And you start here, becauseyour IP address on every little
(21:42):
device is mapped to where youlive, right?
Okay, so it's home invasion,it's protection against home
invasion, that router passwordand name.
Speaker 2 (21:50):
But you know what?
I was hacked through Chase.
You know how they have doubleidentification.
They never called me oranything.
Somebody got in the back door.
Speaker 1 (22:00):
Somebody turned it off.
Speaker 2 (22:02):
Right and they took everything I had.
The bank gave it back to mebecause I Was it a credit card
or a bank account.
Bank account.
Speaker 1 (22:09):
Did they wire you?
Speaker 2 (22:10):
They changed my address on my statements.
Did they change your account?
Number no, they didn't change.
Speaker 1 (22:15):
Bad, bad, bad.
They're going to get a callfrom me tomorrow.
That's very bad.
Chase has particularvulnerabilities to certain
organized crime groups that Iwill not mention on this because
we need to protect Chase thatare particularly good at the
code that iPhones are written inand after the AT&T breach.
The reason you never got thecode is because if you had not
(22:38):
protected your SIM card or youreSIM on your phone SIM swapping
is where they helped themselvesto.
That account probably took yourSIM, forwarded that number to
somewhere else and they got theauthorized subject how can I
protect my SIM?
Okay, ready.
Speaker 2 (22:51):
Yeah.
Speaker 1 (22:52):
All right, take out your phone and go to settings.
Okay, this is what you want todo, folks.
All right, if you're on aniPhone, you want to go into
settings, that little gray gearthat you're going to get really
familiar with.
You're going to click oncellular data, right.
You're going to scroll downuntil you see SIM.
If you have an iPhone 15 or orlater, you can put a pin even on
(23:13):
an e-sim.
Okay, okay you're gonna clickon that management of pin oh sin
pin yeah, you're gonna toggleit on right now.
Get this in their infinitewisdom at&t and verizon, and
therefore spectrum.
The preset pin in your phone is0 0 1 1 1 oh okay t-mobile's 1,
2, 3, 4.
Okay, google pixel is 1 1, 1, 1or 0, 0, 0, 0.
(23:37):
There is not a fraudster on theplanet that doesn't know this.
Okay, has anyone ever put inyour statement?
Then maybe you should go aheadand put this pin on no, never.
Okay, so you're going to enteryour current pin, so it would be
1 1, 1, right, okay, hit, done.
Speaker 2 (23:53):
Yeah.
Speaker 1 (23:54):
Okay, now does it say change PIN.
Yes, click change PIN.
Speaker 2 (23:57):
Change PIN.
Speaker 1 (23:58):
Put it in again, the current PIN, 1111.
Hit done.
Does it say new PIN?
Yes, Okay, here's the drill.
Do not tell anyone your PIN.
And, by the way, if anybody insecurity ever asks you for a
bank balance or PIN number, showthem the door.
Security is like a secret.
Only one person can keep it.
Okay, write this pin numberdown somewhere.
(24:21):
Do not make it your cat'sbirthday, your birthday, your
favorite lucky numbers Okay,none of that.
Random, random.
Random.
Look around the room.
Look at the clock.
Look at a thermostat.
Random that can't be sociallyengineered.
Put that darn thing on a stickynote.
Put it in your sock drawer.
Stick it on the butter dish inyour fridge, because you will be
(24:42):
going into AT&T or T-Mobile orSpectrum to unlock it if you
lose it.
Speaker 2 (24:46):
So it shouldn't be the same PIN that I use for the
phone.
Speaker 1 (24:49):
No, same pin that I use for the phone.
No, no, two pins should ever bethe same Okay, and if you don't
want to put in an encryptedpassword manager, you get
yourself an address book that'salphabetized Okay, and create
redundancies.
And if you keep it on aspreadsheet, you password
protect that and you don't keepit in the cloud, so you're going
to pick a new pin that has fournumbers write it down and don't
(25:11):
show it to anyone.
Done okay.
This alone has prevented whatwe call sim swapping, so that
authorization code that younever got because someone else
did can't happen anymore oh,there was sim swapping, I'm
guessing.
Wow, I mean I'd have to look upyour data.
Speaker 2 (25:28):
But if yeah, because they're always asked double
identification, so that means.
Speaker 1 (25:31):
So now, is this fail safe?
No, does she have to log intoher spectrum account?
Change the email address youstore on that account to a nice
encrypted email address andthere are more than proton.
Pc magazine has a great top 10list of encrypted, secure emails
.
Different uses, business,business people.
You know it depends on what youdo.
Log out once you put in thatencrypted email.
(25:55):
Log back in Then add yourtwo-factor authentication,
change your password and if anyaccount where you store payment
or make monthly payments allowsyou to have a user ID that is
not your email address, changeit and make it random no special
interests, no cute art figures,no constellations you like,
(26:19):
nothing to do with you.
Look around the room, pickrandom things and make sure that
when it says remember me, youdo not, because all that
information stored in yourbrowser, all you need is one
little info stealer in there andall of that is theirs.
But people forget that theirphone is actually the telephony
(26:40):
side.
And, by the way, if you have aDroid, just click on settings,
go to the search bar and type inSIM.
Same with Google Pixel phoneusers.
Okay, and then the steps arethe same from there and if you
get locked out.
If it says one more try andyou're locked out, don't do it.
Go to the store where you payfor the telephony side and do it
(27:01):
there.
It could mean a couple ofthings.
It could mean outdated software.
It could be someone snorkingaround your phone in your
account already Okay.
But if you were about to getlocked out, do not attempt it.
You will hate me and thispodcast forever.
Um, because your phone won'twork and your texts won't work
(27:22):
if you get locked out of yoursim right, you have to remember
the code once you you rememberthe code once you change your
pin.
Here's the two times that you'llneed it.
Okay, if you turn off yourphone all the way and then turn
it back on, it'll say SIM PINlocked.
You'll put in the password toyour phone and then it will
prompt you to enter that SIM PIN.
The other time you're going toneed to enter that SIM PIN is
(27:45):
after your iOS updates or yourSamsung, you know whatever
operating system or on otherphones.
Once it doesn't update, it willprompt you to have it.
Speaker 2 (27:55):
Now I saw a documentary on HBO about
cybersecurity and they recommendto turn off the phone every few
days because there are peopleout there that can get into your
phone even when you're out onthe street.
Speaker 1 (28:07):
That's absolutely true.
And it depends if you're beingtargeted and by whom you're
being targeted.
That's absolutely true.
So get depends if you're beingtargeted and by whom you're
being targeted.
That's absolutely true.
So get yourself a Faraday pouch.
What is a Faraday pouch?
And don't skimp on it.
Get that technology.
Speaker 2 (28:20):
What is it?
Speaker 1 (28:21):
Named after John Faraday.
It blocks out all electricalimpulses.
Okay, so if your phone is offand in a Faraday pouch, it's
endless what we have to do, butwhen?
You travel through airports.
Throw it in that Faraday pouch.
Speaker 2 (28:36):
Now you told me a while ago that when I'm in
airport to turn off Bluetooth,yes.
Speaker 1 (28:42):
So here's an AirDrop if you have an iPhone.
So here's why Bluetooth andAirDrop are close proximity
theft mechanisms.
It's a backdoor into your phone.
So let's say you've changedyour SIM pin and you've
protected your Apple ID and youhave a VPN on, but your AirDrop
Bluetooth location services areall on Backdoor.
So Bluetooth I have to be nearyou to grab it.
(29:05):
Okay, but it works just like ifyou've ever AirDropped
something here.
Here's the password.
Okay, so people, and byairports I also mean Panera and
Starbucks okay.
It's just airports are yummy andjuicy because people who have
money to fly have more moneythan people who don't have money
to fly, so they just like itand you're on public Wi-Fi all
the time and it's just a goodenvironment.
(29:26):
But somebody sitting outside ofthat Panera parking lot or in
that cafe and anyone who'svulnerable they're just looking
for them.
Speaker 2 (29:36):
When I'm in the city.
All of a sudden I see that I'mon Verizon Wi-Fi.
Should I get off of it?
Speaker 1 (29:42):
Yeah, make it your option.
You don't want anything to justmove your phone onto something.
It's like on spectrum routersthere's a little setting.
That's actually.
If you log into your accountonline and go into a setting,
you won't find it as easily inthe app and you log in, it's
actually under security.
It's actually under, you know,security shield.
(30:04):
But right next to securityshield there's a little toggle
switch and that toggle switch isSpectrum mobile access.
That means that anyone with aSpectrum mobile phone can bypass
a lot of your security and logon.
Speaker 2 (30:20):
Oh, my God, so that they can gather data analytics.
Speaker 1 (30:24):
Okay, I was a marketer for a long time of who
has a Spectrum phone in the area.
All right, they clusterneighborhoods with IP addresses.
They're doing data analysis allthe time and some of it's for
good purposes, like outages.
You got to turn that thing offand no one's ever going to tell
you and its default is on.
So if you enter the city andthis default thing is that
(30:45):
you're on a Verizon Wi-Fibackbone, don't you have 5G and
four bars?
Turn on your VPN and use itthat way.
Any Wi-Fi that justautomatically happens because
you have an account.
You want to go into settingsand control it.
You do not want it to beautomated.
Speaker 2 (31:02):
Is Zelle and PayPal and Venmo, all of this are those
secure.
Speaker 1 (31:06):
Okay, so Zelle is very secure now, but again, the
mantra it is secure as how youhave protected your bank account
.
So when Zelle was sued, whenWells Fargo and JPMorgan Chase
and Bank of America were suedbecause of the Zelle scams, okay
, in December 2024, that lawsuitwas dropped.
But part of what they did tomake it safer is there's no more
(31:30):
Zelle app.
So you are putting in someone'sphone number or an email
address to send them Zelle moneyand it's going bank to bank and
it's not a wire.
It's protected under EFTAelectric funds transfer law.
So it's much more protected,unless you're using a Gmail
address for your Bank of Americaaccount and maybe two back to
(31:50):
authentication to a phone thatdoesn't have a SIM pin and a
crappy password and a user IDthat's your favorite pet of all
time.
All right, so it's a secure andyou should not have it sent to
email.
When you put that nice secure,encrypted email on your bank,
you don't use that for Zelle.
Nobody knows about that exceptthe bank of record.
(32:10):
Oh my God.
But Zelle is fine, and alsoPayPal and Venmo if you secure
that account.
Well, here's my thought aboutall of these things the credit
card that's in your Apple IDthat you buy apps with the card
that you set up for PayPal.
If you're using a card, thecredit card that you keep on
(32:31):
record for things like Apple Payand your Apple ID should be a
credit card where you do nothave a checking account or
brokerage.
Because a fraudster lovesnothing more than when they go
in and you're like, oh, that's aCitibank card and they have
city checking, they have citybrokerage and off they go to try
and get into that accountBecause if they can impersonate
(32:53):
you and log in, they haveeverything.
So when you're online, it's theopposite of what we're raised.
Go get one of thosepre-approved card offers of
yours.
Do not have the credit cardthat you store for payments for
highly targeted things.
Have anything to do with yourbank and brokerage.
You see the pattern here.
(33:14):
You're removing it from sight.
Speaker 2 (33:16):
I have a credit card like that.
I'm going to do that.
Speaker 1 (33:18):
That's what you do, and when you travel, that's the
one you bring.
Oh, really Do not travel with acredit card that's also tied to
your brokerage account and trynot to check bank balances and
all that when you're travelingon vacation.
And I mentioned this becauseit's summer now.
Speaker 2 (33:33):
Why?
Oh yeah, right by why travelingIs it more?
Am I more vulnerable when Itravel?
Speaker 1 (33:38):
Because everything you do yes, everything you do is
public.
You're going from an airport ora train or whatever.
That's public Wi-Fi.
You're going to a hotel anothergreat target.
Okay, sit in a hotel lobby,have a drink, pick out the
hacker.
Everybody's on public thingsall the time.
All right, everyone has theirgeolocation on.
The other thing is you knowhere's mantra post your pictures
(33:58):
of Notre Dame when you'realready at the Eiffel Tower.
Don't do it in real time.
Okay, don't why?
Because you can turn a cyberattack into actual burglary and
take off your biometrics.
You know, when you're sittinghere at home and you have your
face ID, that gets you in yourfingers.
I don't want someone punchingyou, putting your face up and
(34:18):
taking your phone and it happensall the time.
Speaker 2 (34:20):
Yeah, I took it from all the financial, but it opens
the phone.
Speaker 1 (34:24):
Okay, so that's bad when you travel or when you're
in the city, don't you know?
If you're in a ruralenvironment, in a low-risk
environment, it's fine,especially at home, for your
convenience.
And older people who are goingto nice hotels.
There's nothing a hacker inFraudster loves more.
It's like let's follow them forthe airport.
They're dressed well, they looknice.
They just checked into afour-star or five-star Yay, hey,
(34:49):
let's go get them.
Let's go see what apps theyhave open.
Let's go see how much they'reprotected and you can call Apple
and they're like they can'tbreak into their architecture.
But they don't care about yourarchitecture.
They care about what you havegoing on in the cloud, Okay,
they just want to know where youbank and if they can crack open
that Apple ID.
You know and understand thatyou can be watched when you
don't think so what is thebiggest cyber attack you worked
on?
Speaker 2 (35:08):
I can't name things no, not, don't name the company.
Speaker 1 (35:11):
Two two things.
So in the white house, in thenational infrastructure advisory
council, we do look at criticalinfrastructure okay okay.
So there were things that welooked in there, like the grid
and transportation and thingslike that large non-profit that
was breached really badly.
Speaker 2 (35:29):
So all the donors' information was taken.
Speaker 1 (35:36):
Yeah, they love donor information and when you make a
donation, please just go to thewebsite.
Do it there.
Don't use the apps.
Don't do links, even if you'rea longstanding member.
Never use GoFundMe.
You know even who and the RedCross were cloned during COVID.
If you think a ransomwareattack is not stealing personal
data, you need to watch moregangster movies.
(35:56):
They kill the guy and theystore him in a junkyard and they
go offshore for months untilthings lay low.
There are literally junkyardsin the dark web.
They're called junkyards.
If they steal a lot of dataafter a ransomware attack, they
store it somewhere and they golay low and then six weeks to
three months later, boom, you'regoing to see it and threat
(36:19):
intel systems.
You can see this stuffhappening.
The law and its mechanisms arejust a little behind the
criminals at this point.
Speaker 2 (36:27):
What's the most common?
Hacking, you see, for privatepeople, not big organizations.
Speaker 1 (36:31):
Email email account takeover.
Speaker 2 (36:33):
So they take over the email.
And then what?
Speaker 1 (36:35):
91% starts with an email account takeover.
And then I go look for all youraccounts with that email and
I'm just you.
Hi, I forgot my password Reset.
Okay, I just have the emails.
I can just impersonate you,email and spoofing on the phone.
What is spoofing?
That's what you just workedvery hard to.
Speaker 2 (36:56):
Oh, changing the eSIM .
Speaker 1 (36:58):
Right when the authorization code is forwarded
to another phone from SIMswapping, just swaps out for
another SIM.
Speaker 2 (37:03):
So that's a common thing, Very, very very common,
oh, very common thing.
Very, very, very common.
Oh, my God.
Speaker 1 (37:07):
And that's why the move you'll see in secure
environments, they use anauthenticator app instead of
text to your phone, because anauthenticator app does not use
SIM technology.
Also, while traveling, when yourent a car and you're just like
great plug in Google Maps,delete your profile when you get
out of that car.
Because if I hop into youraccount, when was the last time
(37:29):
you get out of that car?
Because if I hop into youraccount, when was the last time
you logged out of a Gmail orYahoo?
You just open your computer andthere you are.
Isn't it that fun.
I've seen people go from theirGoogle Maps into their Google
account and then they're off tothe races.
Don't leave that stored in arent-a-car.
You'll notice that if youdownload Google Chrome and open
up settings.
Here's a little test.
Okay, after two minutes on yourcomputer with Safari, all of
(37:50):
your passwords stored in Safariare magically going to appear in
Chrome because they'll make ahandshake unless you turn it all
off.
Export those things out of thebrowser.
That's a public space.
It's prevention.
Is what you want.
You know it's really funny.
In this culture, black cats areconsidered bad luck Right.
This is totallymisunderstanding the black cat.
Speaker 2 (38:11):
Why you have a black cat.
Speaker 1 (38:12):
If you go into ancient cultures, the black cat
is good luck.
Why is that?
Because if a black cat crossesyour path, it warns you that bad
luck is coming.
Warnings are good, so it's veryinteresting in Japan when I was
in Tokyo I thought it was socute Every security firm's logo,
whether it's physical or cyber,is all a black cat.
So think like that you want tobe warned and then go look and
(38:36):
shore yourself up because Ipromise you incident response
and mitigation of identity theftand breaches of your bank
account will take forever.
It's expensive and it's verypainful and it's horrible to see
, and so much of it ispreventable, so much of it is
preventable Mostly via email.
Speaker 2 (38:51):
You said.
Speaker 1 (38:53):
Yes, and your phone, but in order to steal my
identity.
Speaker 2 (38:56):
They need my social security.
It's not stored on my phone.
Speaker 1 (38:59):
There's 200 million of them out there, thanks to
AT&T and Verizon.
Speaker 2 (39:02):
last year, Okay, let's talk about money.
If somebody just starts in thecybercrime prevention business,
how much money can they?
Speaker 1 (39:10):
make, so it would depend on your education, like
anything right If you come intoa threat Intel company and
you're, you just want to getyour foot in the door.
You haven't studied any of thisin college.
You know life doesn't end aftercollege.
Who the heck cares?
Get in there in some way, rightIn whatever department, and
then learn okay.
So then you're looking atprobably lower end entry level
(39:33):
salaries that are, you know,probably between 30 and 50,
depending on the company anddepending on your thing, If you
have a law degree and you wantto take a left, lawyers are very
useful because they know how touse threat intel data on both
sides.
It's on the prosecution anddefense.
Lawyers are very useful becausethey know how to use threat
intel data on both sides on theprosecution and defense.
(39:53):
Anyone who took accounting begreat at this.
You know, get extra fraudcertificates and you, you know,
then you're, and then you're insix figures.
Wow, it's a six figure industrybecause there's a shortage of
people who know how to do thesethings and you don't have to
look twice to see the need.
Speaker 2 (40:08):
The need will always be there, yeah, and what kind of
skill do you need to have inorder to be able to be a good
cybersecurity person?
Speaker 1 (40:14):
You need to be a good data analyst, so you can take
data analytics too.
What does the data mean?
How do you map it?
How do you see the matrix?
Okay, that definitely.
And psychology criminalpsychology.
Speaker 2 (40:28):
Yeah, you said that.
Speaker 1 (40:29):
Go get a criminal justice degree and learn how
criminals behave, because thereis no physical crime that
happens anymore without intel.
Speaker 2 (40:37):
This is a lot to know .
I mean, my head is blowing upalready.
Speaker 1 (40:40):
I've also been doing it for many, many years.
So what is very important isyou study banking and payments I
worked in both of those fieldsOkay, study how money moves and
it's fascinating.
It's a super fun.
If you are interested inresearch and stuff, it's really
fun.
And then how it dovetails withthe criminal mind, learn about
(41:02):
white collar climb.
Learn about the psychology ofdeviance.
Take psychology, take sociology, take pathology, accounting and
your cybersecurity and know howthings work, not just not to
click on something.
So you take those things butyou focus really on the human
(41:24):
behavior part.
If you understand criminalbehavior, you will understand
how not to be a victim and youactually know more than you
think you know.
You don't have to be mathoriented as much as you think.
A very good like investigativereporting is very good to study
as well, because there aren't alot of people who do it.
It's a great field.
It's completely understaffedand there's a lot of employment
in it.
Speaker 2 (41:44):
So you don't really need to have a tech background.
Speaker 1 (41:47):
It's very good to have a tech background.
It's good and hands-on tech.
Speaker 2 (41:50):
Okay, yeah and go.
Do you need to know how to codealso?
Speaker 1 (41:53):
Coding is very easy, so when you learn threat intel
systems, you will have to learnsome coding languages.
There are also some great toolswhere you can go and learn to
be an analyst and take theseonline quizzes Like here's a
malware thing, here's theproblem, and you can work it out
on these little modules.
Learn what malware is and howit works.
Speaker 2 (42:13):
I hear that seniors in particular are vulnerable to
attacks.
Why is that?
Speaker 1 (42:18):
When you are below the age.
This is why seniors are indanger when you are below the
age to collect social securityor when your IRA is locked up
right, like you have to have apenalty and all the banks
protect it and there's thingsand there's forms to fill out
and all that.
All that gets taken down.
When you're 59 and a half, youcan just go remove money, like
(42:38):
it's a checking account Easierto hack into when people collect
social security.
That's why there's so muchemphasis on social security
fraud.
This is what happened duringCOVID is people use those
numbers to go collectunemployment or to divert social
security?
And then you have retireespeople who are over 60, have
more money than people who are20.
Right, if you have yourmortgage paid off, you're more
(43:02):
vulnerable.
Speaker 2 (43:03):
Yeah, because they can take your property.
Yeah, I heard that.
Speaker 1 (43:06):
Yeah totally, but there's things that you can do
from all of it.
You just the vigilance thereand the senior attacks really
make me mad.
We focus a lot of our businesson making sure that doesn't
happen and then they sit aroundwaiting for trusts and wills and
financial transfers.
So those are important to putin place.
Speaker 2 (43:25):
So most of the stuff that you deal with is it
preventing a hacking or is itrepairing?
Speaker 1 (43:32):
Well, unfortunately, we get a lot of incident
response and mitigation, whichis really painful and expensive
If people have been on theirphone since 2008, and they've
never gone through what we callbreach data cleanup.
We highly advise it.
We do run cyber crime bootcamps at theaters and synagogues
and other places to show peoplewhat they need to do and if
(43:55):
they need our help, we help them, because if you don't prevent
now it's kind of inevitable.
Covid overworked a lot ofnetworks, so the IRS what do you
mean by that?
So when we were all in COVID andeverybody's online all the time
, there were vulnerabilities andthe hackers got a lot more
sophisticated and the systemswere burdened.
(44:15):
Okay, so the IRS had breaches,the MLS system in real estate,
the DMV, even who and the RedCross were cloned because it's
just so much traffic and therewere opportunists.
So those things and you coupledwith huge telephony breaches
from AT&T and Verizon last year.
There's a lot of stuff outthere and, whatever your
(44:38):
politics are, I would highlyrecommend watching the 60-minute
segment on cyber crime and thedark web that aired in May last
month.
It explains a lot about cybercriminals and you can also go to
my website at zerohacksecurecomand hit play on the short video
(45:01):
that explains it.
Speaker 2 (45:02):
Rivka.
Thank you so much.
This is wealth of information.
I have to listen to the wholething again because I got a
headache from all thevulnerability I'm exposed to.
Speaker 1 (45:11):
But it's an exciting field and there's a lot of
opportunity in it.
Speaker 2 (45:17):
Okay, that's a wrap for today.
If you have a comment orquestion or would like us to
cover a certain job, please letus know.
Visit our website athowmuchcanimakeinfo.
We would love to hear from you.
And, on your way out, don'tforget to subscribe and share
this episode with anyone who iscurious about their next job.
See you next time.
If you understand criminal behavior, you will
understand how not to be avictim and you actually know
more than you think you know, Ipromise you, incident response
and mitigation of identity theftand breaches of your bank
account will take forever.
It's expensive and it's verypainful and it's horrible to see
, and so much of it ispreventable.
Speaker 2 (00:24):
Hi, welcome back to how Much Can I Make.
I'm your host, merav Ozeri, andtoday we're stepping into the
high-stake world ofcybersecurity.
Our guest is Rivka Tadger, ceoand co-founder of ZeroHack.
Rivka is a top cybersecurityexpert who worked with the White
House, major corporations andprivate individuals to prevent
(00:47):
cyber attacks and identity theft.
Let's step into her expertiseand find out what we can and
should do to protect ourselvesin this digital world.
Well, rivka, thanks a lot forwilling to participate and
giving us your time.
I have millions of questions,of course, because that totally
concerns me security.
(01:08):
I was hacked, so let's start byfirst telling me how did you
get into doing cybersecurity?
Speaker 1 (01:15):
So, first of all, thank you for having me on.
And well, I started as ajournalist in the late 80s,
early 90s.
I was on the team with the WallStreet Journal who put the Wall
Street Journal online in whatwe call the OJ years 1994.
And then I was covering privacysecurity, identity theft, as
(01:35):
well as AI, machine learning,data mining and supply chains.
Already in 94, you were dealingwith AI Well because AI a lot of
what is called AI now ismachine learning Right.
So that was the beginnings indata mining and putting those
systems together.
Speaker 2 (01:51):
Didn't know that, so okay, so now you're an
independent contractor, right?
That deals with security.
Tell us what you do.
Speaker 1 (02:00):
So we're actually going to celebrate our 10th
anniversary next month of ourconsultancy.
What we do is we protect peoplespecializing in financial
protection and securecommunication.
Speaker 2 (02:14):
Okay, what does it mean?
Financial?
Speaker 1 (02:16):
protection, protecting the cyber equivalent
of putting your banks andbrokerage in witness protection.
So I also worked in fintech, inbanking, and I was on the White
House National InfrastructureAdvisory Council for Critical
Infrastructure in the bankingindustry, appointed by Obama,
but worked through Trumpadministration.
(02:36):
So I have specialty in howpayments and banking work and I
covered it a lot as a journalist.
Then I moved to work forfintech and banking companies,
so what we do is we investigatehere you are right, mirav, you
have email addresses.
You've been online since we allgot this Steve Jobs remote
(02:57):
control of our planet in 2008,right?
Speaker 2 (02:59):
Everything was free free email free, this you can
get everything.
Speaker 1 (03:01):
It was free, free email free, this, you can get
everything.
And so we ran for convenience.
And those email addresses andthe telephony side of your phone
, which I'll get into, are wideopen doors.
Okay, everyone's heard aboutthe terms phishing.
Okay, if they hack into youremail and can impersonate you,
that's called an accounttakeover.
And then, thanks to AT&T andVerizon, last year they breached
(03:24):
all of our data and socialsecurity numbers.
I can be Mirov.
So what we do is we use cyberthreat intel systems that are
closed systems.
We look anonymously in threatintel systems to see what of
yours has been exposed.
Can someone take your phone andforward authentication codes to
another phone?
Can someone be you with youremail address and what kinds of
(03:48):
cyber criminal groups aretargeting you?
So first, we do that.
I'm a data driven person.
Speaker 2 (03:53):
Okay.
Speaker 1 (03:54):
So first I get the data.
Speaker 2 (03:55):
Okay.
Speaker 1 (03:56):
And we need scary little to find this out.
Literally your name, middlename, helps if you have a common
name, birth date, legal address, your IP addresses, phone
number and your email addressesand that's it.
And I never look at anyone'sfinancial balance.
I don't look at sensitiveinformation and we can see if
your social security number hasbeen texted to someone else, but
(04:16):
essentially you have to get thedata and see what the
vulnerabilities are and, if theyare into your email or your
phone or your systems, how theygot in.
Once we know how they got in,we can kick them out.
And one of the most important,and that's the service part, If
somebody has your socialsecurity number, they can't do
anything with it, or that theycan't access your banks and
brokerage, because we've createda new identity for you with
(04:38):
those.
Because, once data is breachedout there, the toothpaste is out
of the tube.
You are never putting that back, so sometimes it's a pain in
the neck, I might tell you.
You know that Gmail you've hadfor 100 years.
You've got to get rid of it now, okay, and then you have to
migrate it.
You have to move your contacts,but you need encrypted, secure
email for your bank andbrokerage that never sees the
light of day, that you never usefor anything else, how can I
(05:01):
get encrypted email?
You can go to protonme inSwitzerland and geta ProtonMail.
Russian oligarchs use it toprotect their Swiss bank
accounts.
And now so can you, for $3.99 amonth.
Think about it ProtonMail forprotecting Swiss bank accounts.
Do you think somebody's using aGmail to protect a Swiss bank
account?
No, actually, if somebody triesto crack your password, the
(05:23):
whole inbox turns to some pigLatin version of Cyrillic.
Even for you.
If you lose it, it's designedto protect.
Other thing that you can do,depending on where your email is
hosted, is things like SpamAssassin, these little add-ons
that you can put on that reallydon't allow things into your
server, especially if you'reusing a Gmail and you haven't
(05:45):
gotten an encrypted secure email.
An encrypted secure email willthrow that stuff and it won't
even let it on your server.
It's like a big gunk air filter.
Every infiltration.
And the new IBM researchreports and the new Verizon
reports read those yearly.
You can download them.
The FBI ICS unit, the InternetCrimes Unit, read their reports.
(06:06):
Over 90%, no exaggerationhappens by human error with
their email credential.
Speaker 2 (06:13):
I want to double check something.
Yeah, if I email my broker, ifI delete it and delete the trash
, I'm safe.
No, no, no.
Speaker 1 (06:20):
At Yahoo.
They store all that crap on aserver that they've long
abandoned.
If you didn't change over toOutlook Mail and get encrypted
mail and Outlook, you know theydo offer encrypted email servers
, or your Hotmail, or thatProdigy thing that AT&T owns.
Okay, anyone with one of thoseYahoo accounts that became a
Prodigy account, that is allsubject to the.
Speaker 2 (06:42):
AT&T breach, so hold on a second.
If I communicate on WhatsApp,whatsapp is encrypted.
No, no, it's not.
Speaker 1 (06:48):
Zuckerberg bought it and now everything meta is
integrated into it.
That's why the whole worldmoved to Signal.
Speaker 2 (06:55):
Signal.
Speaker 1 (06:55):
Yeah.
So now and when that goes tohell, I can come back and tell
you what's new.
The cyber criminals is what youshould be worried about.
Cyber criminals is what youshould be worried about.
It's organized crime.
It's not a 40-year-old guy inhis bathrobe still living with
his mother.
These are well-funded, theyhave the best hackers in the
world and they havesupercomputers.
They can run everything aboutyou in social media and, in 10
seconds, know the password toyour email if you have not
(07:19):
protected it.
Okay, this is very, verysophisticated.
So what you're looking at isthe cyber criminals and
protecting yourself from thosecriminal gangs.
And you know, usually theydon't have ideology, they just
path of least resistance.
Where can I break in and getmoney?
How can I assume someone'sidentity?
There are six attack surfaces.
(07:40):
These are the high riskbehaviors Crypto activism,
ancestry sites get off of themall right now Porn, gaming and
dating sites.
There are ways to do all ofthese safely, except for
ancestry, and it's a shame,because when 23andMe was
breached, okay, and they onlystole a database of Ashkenazi
(08:02):
Jews, really, yep, all right.
So why do they do that?
It could be someone who wantsto sell to Pfizer a database so
that they can make a drug toprevent Tay-Sachs disease, or it
could be someone who hatesAshkenazi Jews.
It could be anything on thatspectrum.
Class action suit.
And now 23andMe is gone Right,but the data's not gone and it's
(08:23):
in junkyards somewhere.
And it's a shame becausesomething like 23andMe so many
people if they were adoptedbecause it was medical based,
right right.
But it's in the magnet forhackers because they know
there's all kinds of data inthere.
The other place is to be supercareful.
You're getting a divorce.
What's not in a separationagreement?
Be careful how you communicateto your lawyer.
Not only do you know howeverything's divided, you know
(08:46):
who got what and where it is.
So think you got to learn tothink like a criminal.
And accountants forensicaccounting they're so good at
this.
Some of my best sources that Ibrainstorm with are forensic
accountants.
They get this immediately oncethey tune into it because they
know how money flows and themore you know about money flow,
about accounting.
(09:06):
Real estate lawyers are greatat this.
I have some great sources thatI use who are realtors, because
they know when something looksweird in MLS and MLS was hacked
in 2023.
Wow, okay.
So if you've ever bought ahouse or sold a house or rented
a house, do you know what isstored in an average real estate
office printer In the printerit's stored In the printer
(09:29):
because they're like oh, I haveto print out this person's whole
financial picture.
They sent me proof of income andit's stored.
It's stored.
Look at network printers andsee how often they're cleared.
Medical people know theconfluence of data and have
great aptitude for this.
Okay, and now with telemedicinethere, all of that, that's why
they keep getting breached.
There's juicy information thatgoes on for years to socially
(09:51):
engineer people.
Speaker 2 (09:53):
What is this dark web ?
Can you actually see what'sthere?
It's like a mall.
Speaker 1 (09:56):
Of course you can see it.
Speaker 2 (09:57):
So can I go in and see if my information is in
there?
Speaker 1 (10:01):
Well, you don't want to be noticed in there.
You is in there.
Well, you don't want to benoticed in there.
You want to go in anonymouslyor posing as a fraudster buying
stuff, because you'll be seen amile away.
You need to be anonymous to godo it and watch what they're
doing, to do it.
Do you do that?
Yeah, of course that's whatthreat intel systems do, and we
use one that's mirrored theinfrastructure of the dark web,
and it's amazing.
Speaker 2 (10:21):
Oh my God, so we?
Speaker 1 (10:21):
can watch what they're doing and you query it
in many languages.
Speaker 2 (10:25):
You literally see people there buying and selling
information.
Speaker 1 (10:28):
Yes, there are trajectories where you can see.
Sometimes you can place them bylongitude and latitude.
Trading data.
Speaker 2 (10:35):
I mean, it's not a little avatar guy, but it's
their identity.
Speaker 1 (10:39):
Wow.
The problem with this crime isthat it pays and there's only
0.05% of the time that anyone'sever caught, because you don't
have to be seen.
Speaker 2 (10:47):
So you said secure password.
How can I secure my password?
Speaker 1 (10:52):
Well, first of all, never, ever, use an automated,
auto-generated password.
Two reasons why Whoever isoffering to auto-generate your
password is keeping a databaseof those passwords.
Speaker 2 (11:03):
Even the very complicated, very long password,
it's AI.
Speaker 1 (11:07):
AI is not good at implementing ideas or being
creative, but if it's out therethey can grab it.
The other thing is it's ahacker's dream.
So let's say you have automatedpasswords generated in a
password manager.
Those are stored in a placebecause you can't have everybody
with the same passwords, right,right?
So if they get to that attacksurface and they say, oh, who
(11:28):
has accounts here?
Great, let's go get the.
That's the first thing they'llgo for.
Let's go get the database ofthe auto-generated passwords,
run it against the accounts andsee where we get in.
You need a system where youcontrol things, where all the
locks are yours to put on andtake off, like freezing your
credit reports.
Okay, once Equifax was hacked,people in my industry we lobbied
(11:50):
it became rule that you get tofreeze your credit report.
Speaker 2 (11:53):
Right, I did that, yeah.
Speaker 1 (11:54):
Right and people are like, well, I don't have an
account there.
I was like great, well, theyhave had a dossier on you for 50
years.
So you create that onlineexperience so you control
whether it's frozen or not.
You want to go for, apply for aloan.
You say which one are youlooking at and you only unlock
that one 24 hours before you letthem do it, and then you lock
it back up.
Okay, and the most importantthing about security is don't
(12:17):
tell someone what you're doing.
Misinformation is a good thing.
What do you mean by that?
When you create a new personafor your banks and brokerage and
you have an encrypted email,you have two-factor
authentication, you have gooduser ID and password, you have
excellent hygiene when you doonline banking and where you do
your online banking and how youdelete your browsing data and
(12:38):
how you sign out instead ofX-ing out your habits.
How you call your bank andbrokerage and say no wires ever
go out of my account unless I'min branch.
Speaker 2 (12:48):
Hold on a second.
You said something importantDeleting your browsing history.
You said Absolutely.
On a daily basis.
Speaker 1 (12:55):
Absolutely.
When you can visualize howcyber criminals see what you're
doing, then you really tune into these principles and then you
just apply the principles inyour life.
Once you click into it and youknow, people tell me all the
time you know I'm not, this isthe era of the kids.
I'm not good at this.
I disagree.
I work with seniors, a lot ofseniors mostly because they're
(13:19):
hard to protect and they have alot to lose and they're main
targets.
Actually, they're much betterat this than my 24-year-old
daughter, because you know crimeand you know criminals and you
know criminal minds.
But you have to know whatthey're seeing and how they
follow you.
You have to know what akeystroke logger is.
That's everywhere you browse onthe internet Little pieces of
malware in that beautiful littleGmail of yours or Yahoo or
(13:42):
Hotmail or any free mail AOLthat sells your email to
advertisers.
What is a keystroke logger?
Exactly what it sounds like.
It logs your keystrokes.
It's an info stealer.
Okay, and you have to find outin all of your settings whether
there's anything on there.
On a PC, you go into your taskmanager In your Apple computer.
You go to the activity monitor.
Look at all the crap running inthe background in your computer
(14:05):
and if you see anything inChinese or Russian, you call me.
But if you see the wordsZendesk, MSpy or numbers with
KKEtxt, those are info stealers.
Speaker 2 (14:15):
What browser is the best one to use?
Speaker 1 (14:17):
It doesn't matter, they're all the same.
It's how you set them up thatmatters.
You set them up for zero trust.
What do you think that Googleand Microsoft and Apple and
Firefox are doing with all thatdata if you don't set it?
How do you think they selladvertising?
They gather your analytics andthey sell it to each other.
Speaker 2 (14:35):
But how can I set it so they?
Speaker 1 (14:36):
don't do it.
It's all in settings.
This is what I encourage peopleto do Log on to any app that
you use and click on that stupidlittle gear shift or the three
dots or the three lines and gothrough every single setting in
there and anything that lookslike share my data, give
analytics, personalize, turn itoff.
Anything that says remember me,say no.
(14:57):
You do not want AI to grab thisinformation and sell it off
into the dark web.
The more information they haveabout you and if you've ever
been hacked, you're worth moreinto the dark web the more
information they have about youand if you've ever been hacked,
you're worth more on the darkweb.
You go from being worth that 50cents to marketers to being
worth thousands.
And the other thing to rememberthat's super important is
everybody looks at their phone.
They're like I either have aDroid or an Apple.
(15:18):
Apple will say nobody can bustour architecture.
I was like who cares?
Nobody, you don't have thesecret sauce to Coca-Cola on
your computer.
That's not what I want.
I want the telephony side.
Your phone is Verizon or AT&Tor T-Mobile.
Apple is in the cloud.
How are you protecting thatApple ID With a Gmail?
All right If I go and hijackyour Apple ID all right, and I
change the phone number and Ichange the email address and I
(15:40):
lock you out.
I have everything in your cloud.
I have the credit card.
You have to store apps.
You call Apple, even with aserial number or an IMEI number
on your phone, and they will nothelp you.
So it doesn't matter what thearchitecture is, everything we
do is online in the cloud, andyou have to have the same mantra
of protection.
You have to protect thecredentials that guard the
(16:02):
accounts, and then you'll besafe.
Speaker 2 (16:04):
So, for example, people put credit cards in Apple
Wallet.
Is that safe?
Speaker 1 (16:10):
It's as safe as how you guard your account.
Look, I am not willing to golive in the woods with a shotgun
on my porch okay, and a roll ofbills under my mattress okay.
Right, you know some people are,but I live in this world and I
love to shop and do everythingelse.
Right, you have to protect theSIM, which is the telephony side
of your phone, so that no onecan take those authorization
(16:30):
codes to your bank and forwardthem somewhere else and no phone
company will ever tell you thepiece of advice I'm going to
give you right now you have toprotect your Apple ID by not
allowing remote access to it andyou have to have a VPN on your
phone.
And you have to have a VPN onyour phone and you have to
secure encrypted emails for anyaccount that you have that does
payments.
And then you take your Gmailaddress and you leave what I
(16:52):
call your trash persona outthere.
Let them pick at that untilit's just bone, because it's
already out there.
You surgically remove what isfinancial from your breach data.
That's out there.
You put it under lock and keywhere it's not going to be sold,
and that's how you protectyourself.
Speaker 2 (17:09):
I have malware on my computer that doesn't give me
really any security, except forvirus, right.
Speaker 1 (17:15):
No, no, anti-malware, you mean malware bytes.
Speaker 2 (17:17):
Yes.
Speaker 1 (17:17):
Something like that.
Yes, okay.
So this is a very interestingpoint.
You need a VPN with that.
So what malware bytes does?
Is it looks on your hard drive.
Are there viruses or is theremalware on your hard drive?
Okay, what a VPN does?
It does two jobs.
One it monitors your networktraffic.
The VPN, the mothership.
(17:39):
It monitors for keystrokeloggers, viruses, malware, ad
trackers that track you and thensell all your data.
Vpns are very powerful now.
It used to be for enterprises.
You can click on ad andtracking blocking.
You can click on anti-malware.
That is not somethingMalwarebytes can do.
(18:00):
What that mothership does in aVPN is it prevents you from
downloading anything bad.
Most malware and stuff eithercomes through your email that
Google sells and promotion.
People can say they have toread it before they delete it,
and reading it can load themalware.
Or they have to read it.
They have to click on it threetimes or some crap, so it stays
in your computer.
But it also will quarantine anyPDF or virus filled document.
(18:26):
Okay, and so you can look at it.
It keeps it on a server and soyou can look at it.
It keeps it on a server theother part of a VPN that you
embed in your browser and anextension masks your IP address.
Speaker 2 (18:38):
Is there a particular VPN?
Because I looked into it oncewhen I got the paranoid hour and
there are so many to choosefrom, how do I know what VPN
it's?
Speaker 1 (18:47):
a good question.
So I just want to preface thisby saying I take no referral
money, affiliate money anyonefrom anyone I recommend or say
is bad.
Speaker 2 (18:55):
Okay.
Speaker 1 (18:55):
Because I have to stay clean.
Speaker 2 (18:56):
Yes, of course Okay.
Speaker 1 (18:57):
Right now.
We like NordVPN.
We like NordVPN for severalreasons.
When we look it up on ourthreat intel systems, we don't
see infant stealers on theirdomain.
We don't see a lot of employeeaddresses that have account
takeover.
Okay, what if there's anemployee with you know they're
looking for that access to thoseaccounts?
We see very, very few.
(19:19):
Their parent company is basedin Amsterdam, probably
protecting the De Beers.
Okay, right, remember, thepeople who really have the most
money in the world are nottalking about it.
Okay, so Europe's privacy lawsare way more developed.
The world are not talking aboutit.
Okay, so Europe's privacy lawsare way more developed than ours
are.
They're stronger.
So this type of application grewup in an environment where it's
(19:42):
very, very careful If you keepit updated.
They're constantly studying themutations of malware and then
bringing the inoculation.
One thing to remember about aVPN is definitely there's a lot
of good ones out there, but testyour internet speed with or
without it.
One of the things we like aboutNord is it doesn't degrade
internet speed, so sometimes,like Proton, has a very good
(20:05):
sister application.
It's a great VPN if you live inSwitzerland, but its protocols
protocols here.
Your Zooms will freeze.
You'll turn it off, it willdrive you crazy.
So that's a big configuration.
It's overwhelming, it is it'slike taking a sip from a fire
hose, but the best thing to dois not to think of it all at
once.
The first thing I do in a housego change the Wi-Fi password on
(20:30):
your router, okay.
Go change the Wi-Fi password onyour router, okay.
Many, many companies thatprovide your Wi-Fi service on
that router, right.
Speaker 2 (20:38):
Spectrum provides mine Okay.
Speaker 1 (20:40):
So my entire neighborhood.
The first two words of thepassword.
That's like imprinted on therouter is the same for everybody
.
Okay, so if I'm smart enough andI shoulder surf on Wi-Fi, all I
have to do is run algorithmsagainst the last three numbers.
I go anywhere and I can look upWi-Fi in your neighborhood and
most people have not evenchanged the name from Spectrum
(21:01):
Setup F8.
Oh, you have to change that too.
You can and you should changethat router password to
something Spectrum doesn't know,not because Spectrum is evil,
but Spectrum is a mobile virtualoperator of Verizon.
Verizon was breached last year.
Okay, what's the first thingthey're going to do if they
break into Spectrum?
(21:22):
Let's go see all the passwordsthat they have stored, run them
against their list of accountsand see where we can hop in and
go take stuff.
So you've got to reduce yourattack surfaces and you have to
think like you're your ownpersonal corporation and who
your third party risk is.
That's the first thing you do.
And you start here, becauseyour IP address on every little
(21:42):
device is mapped to where youlive, right?
Okay, so it's home invasion,it's protection against home
invasion, that router passwordand name.
Speaker 2 (21:50):
But you know what?
I was hacked through Chase.
You know how they have doubleidentification.
They never called me oranything.
Somebody got in the back door.
Speaker 1 (22:00):
Somebody turned it off.
Speaker 2 (22:02):
Right and they took everything I had.
The bank gave it back to mebecause I Was it a credit card
or a bank account.
Bank account.
Speaker 1 (22:09):
Did they wire you?
Speaker 2 (22:10):
They changed my address on my statements.
Did they change your account?
Number no, they didn't change.
Speaker 1 (22:15):
Bad, bad, bad.
They're going to get a callfrom me tomorrow.
That's very bad.
Chase has particularvulnerabilities to certain
organized crime groups that Iwill not mention on this because
we need to protect Chase thatare particularly good at the
code that iPhones are written inand after the AT&T breach.
The reason you never got thecode is because if you had not
(22:38):
protected your SIM card or youreSIM on your phone SIM swapping
is where they helped themselvesto.
That account probably took yourSIM, forwarded that number to
somewhere else and they got theauthorized subject how can I
protect my SIM?
Okay, ready.
Speaker 2 (22:51):
Yeah.
Speaker 1 (22:52):
All right, take out your phone and go to settings.
Okay, this is what you want todo, folks.
All right, if you're on aniPhone, you want to go into
settings, that little gray gearthat you're going to get really
familiar with.
You're going to click oncellular data, right.
You're going to scroll downuntil you see SIM.
If you have an iPhone 15 or orlater, you can put a pin even on
(23:13):
an e-sim.
Okay, okay you're gonna clickon that management of pin oh sin
pin yeah, you're gonna toggleit on right now.
Get this in their infinitewisdom at&t and verizon, and
therefore spectrum.
The preset pin in your phone is0 0 1 1 1 oh okay t-mobile's 1,
2, 3, 4.
Okay, google pixel is 1 1, 1, 1or 0, 0, 0, 0.
(23:37):
There is not a fraudster on theplanet that doesn't know this.
Okay, has anyone ever put inyour statement?
Then maybe you should go aheadand put this pin on no, never.
Okay, so you're going to enteryour current pin, so it would be
1 1, 1, right, okay, hit, done.
Speaker 2 (23:53):
Yeah.
Speaker 1 (23:54):
Okay, now does it say change PIN.
Yes, click change PIN.
Speaker 2 (23:57):
Change PIN.
Speaker 1 (23:58):
Put it in again, the current PIN, 1111.
Hit done.
Does it say new PIN?
Yes, Okay, here's the drill.
Do not tell anyone your PIN.
And, by the way, if anybody insecurity ever asks you for a
bank balance or PIN number, showthem the door.
Security is like a secret.
Only one person can keep it.
Okay, write this pin numberdown somewhere.
(24:21):
Do not make it your cat'sbirthday, your birthday, your
favorite lucky numbers Okay,none of that.
Random, random.
Random.
Look around the room.
Look at the clock.
Look at a thermostat.
Random that can't be sociallyengineered.
Put that darn thing on a stickynote.
Put it in your sock drawer.
Stick it on the butter dish inyour fridge, because you will be
(24:42):
going into AT&T or T-Mobile orSpectrum to unlock it if you
lose it.
Speaker 2 (24:46):
So it shouldn't be the same PIN that I use for the
phone.
Speaker 1 (24:49):
No, same pin that I use for the phone.
No, no, two pins should ever bethe same Okay, and if you don't
want to put in an encryptedpassword manager, you get
yourself an address book that'salphabetized Okay, and create
redundancies.
And if you keep it on aspreadsheet, you password
protect that and you don't keepit in the cloud, so you're going
to pick a new pin that has fournumbers write it down and don't
(25:11):
show it to anyone.
Done okay.
This alone has prevented whatwe call sim swapping, so that
authorization code that younever got because someone else
did can't happen anymore oh,there was sim swapping, I'm
guessing.
Wow, I mean I'd have to look upyour data.
Speaker 2 (25:28):
But if yeah, because they're always asked double
identification, so that means.
Speaker 1 (25:31):
So now, is this fail safe?
No, does she have to log intoher spectrum account?
Change the email address youstore on that account to a nice
encrypted email address andthere are more than proton.
Pc magazine has a great top 10list of encrypted, secure emails
.
Different uses, business,business people.
You know it depends on what youdo.
Log out once you put in thatencrypted email.
(25:55):
Log back in Then add yourtwo-factor authentication,
change your password and if anyaccount where you store payment
or make monthly payments allowsyou to have a user ID that is
not your email address, changeit and make it random no special
interests, no cute art figures,no constellations you like,
(26:19):
nothing to do with you.
Look around the room, pickrandom things and make sure that
when it says remember me, youdo not, because all that
information stored in yourbrowser, all you need is one
little info stealer in there andall of that is theirs.
But people forget that theirphone is actually the telephony
(26:40):
side.
And, by the way, if you have aDroid, just click on settings,
go to the search bar and type inSIM.
Same with Google Pixel phoneusers.
Okay, and then the steps arethe same from there and if you
get locked out.
If it says one more try andyou're locked out, don't do it.
Go to the store where you payfor the telephony side and do it
(27:01):
there.
It could mean a couple ofthings.
It could mean outdated software.
It could be someone snorkingaround your phone in your
account already Okay.
But if you were about to getlocked out, do not attempt it.
You will hate me and thispodcast forever.
Um, because your phone won'twork and your texts won't work
(27:22):
if you get locked out of yoursim right, you have to remember
the code once you you rememberthe code once you change your
pin.
Here's the two times that you'llneed it.
Okay, if you turn off yourphone all the way and then turn
it back on, it'll say SIM PINlocked.
You'll put in the password toyour phone and then it will
prompt you to enter that SIM PIN.
The other time you're going toneed to enter that SIM PIN is
(27:45):
after your iOS updates or yourSamsung, you know whatever
operating system or on otherphones.
Once it doesn't update, it willprompt you to have it.
Speaker 2 (27:55):
Now I saw a documentary on HBO about
cybersecurity and they recommendto turn off the phone every few
days because there are peopleout there that can get into your
phone even when you're out onthe street.
Speaker 1 (28:07):
That's absolutely true.
And it depends if you're beingtargeted and by whom you're
being targeted.
That's absolutely true.
So get depends if you're beingtargeted and by whom you're
being targeted.
That's absolutely true.
So get yourself a Faraday pouch.
What is a Faraday pouch?
And don't skimp on it.
Get that technology.
Speaker 2 (28:20):
What is it?
Speaker 1 (28:21):
Named after John Faraday.
It blocks out all electricalimpulses.
Okay, so if your phone is offand in a Faraday pouch, it's
endless what we have to do, butwhen?
You travel through airports.
Throw it in that Faraday pouch.
Speaker 2 (28:36):
Now you told me a while ago that when I'm in
airport to turn off Bluetooth,yes.
Speaker 1 (28:42):
So here's an AirDrop if you have an iPhone.
So here's why Bluetooth andAirDrop are close proximity
theft mechanisms.
It's a backdoor into your phone.
So let's say you've changedyour SIM pin and you've
protected your Apple ID and youhave a VPN on, but your AirDrop
Bluetooth location services areall on Backdoor.
So Bluetooth I have to be nearyou to grab it.
(29:05):
Okay, but it works just like ifyou've ever AirDropped
something here.
Here's the password.
Okay, so people, and byairports I also mean Panera and
Starbucks okay.
It's just airports are yummy andjuicy because people who have
money to fly have more moneythan people who don't have money
to fly, so they just like itand you're on public Wi-Fi all
the time and it's just a goodenvironment.
(29:26):
But somebody sitting outside ofthat Panera parking lot or in
that cafe and anyone who'svulnerable they're just looking
for them.
Speaker 2 (29:36):
When I'm in the city.
All of a sudden I see that I'mon Verizon Wi-Fi.
Should I get off of it?
Speaker 1 (29:42):
Yeah, make it your option.
You don't want anything to justmove your phone onto something.
It's like on spectrum routersthere's a little setting.
That's actually.
If you log into your accountonline and go into a setting,
you won't find it as easily inthe app and you log in, it's
actually under security.
It's actually under, you know,security shield.
(30:04):
But right next to securityshield there's a little toggle
switch and that toggle switch isSpectrum mobile access.
That means that anyone with aSpectrum mobile phone can bypass
a lot of your security and logon.
Speaker 2 (30:20):
Oh, my God, so that they can gather data analytics.
Speaker 1 (30:24):
Okay, I was a marketer for a long time of who
has a Spectrum phone in the area.
All right, they clusterneighborhoods with IP addresses.
They're doing data analysis allthe time and some of it's for
good purposes, like outages.
You got to turn that thing offand no one's ever going to tell
you and its default is on.
So if you enter the city andthis default thing is that
(30:45):
you're on a Verizon Wi-Fibackbone, don't you have 5G and
four bars?
Turn on your VPN and use itthat way.
Any Wi-Fi that justautomatically happens because
you have an account.
You want to go into settingsand control it.
You do not want it to beautomated.
Speaker 2 (31:02):
Is Zelle and PayPal and Venmo, all of this are those
secure.
Speaker 1 (31:06):
Okay, so Zelle is very secure now, but again, the
mantra it is secure as how youhave protected your bank account
.
So when Zelle was sued, whenWells Fargo and JPMorgan Chase
and Bank of America were suedbecause of the Zelle scams, okay
, in December 2024, that lawsuitwas dropped.
But part of what they did tomake it safer is there's no more
(31:30):
Zelle app.
So you are putting in someone'sphone number or an email
address to send them Zelle moneyand it's going bank to bank and
it's not a wire.
It's protected under EFTAelectric funds transfer law.
So it's much more protected,unless you're using a Gmail
address for your Bank of Americaaccount and maybe two back to
(31:50):
authentication to a phone thatdoesn't have a SIM pin and a
crappy password and a user IDthat's your favorite pet of all
time.
All right, so it's a secure andyou should not have it sent to
email.
When you put that nice secure,encrypted email on your bank,
you don't use that for Zelle.
Nobody knows about that exceptthe bank of record.
(32:10):
Oh my God.
But Zelle is fine, and alsoPayPal and Venmo if you secure
that account.
Well, here's my thought aboutall of these things the credit
card that's in your Apple IDthat you buy apps with the card
that you set up for PayPal.
If you're using a card, thecredit card that you keep on
(32:31):
record for things like Apple Payand your Apple ID should be a
credit card where you do nothave a checking account or
brokerage.
Because a fraudster lovesnothing more than when they go
in and you're like, oh, that's aCitibank card and they have
city checking, they have citybrokerage and off they go to try
and get into that accountBecause if they can impersonate
(32:53):
you and log in, they haveeverything.
So when you're online, it's theopposite of what we're raised.
Go get one of thosepre-approved card offers of
yours.
Do not have the credit cardthat you store for payments for
highly targeted things.
Have anything to do with yourbank and brokerage.
You see the pattern here.
(33:14):
You're removing it from sight.
Speaker 2 (33:16):
I have a credit card like that.
I'm going to do that.
Speaker 1 (33:18):
That's what you do, and when you travel, that's the
one you bring.
Oh, really Do not travel with acredit card that's also tied to
your brokerage account and trynot to check bank balances and
all that when you're travelingon vacation.
And I mentioned this becauseit's summer now.
Speaker 2 (33:33):
Why?
Oh yeah, right by why travelingIs it more?
Am I more vulnerable when Itravel?
Speaker 1 (33:38):
Because everything you do yes, everything you do is
public.
You're going from an airport ora train or whatever.
That's public Wi-Fi.
You're going to a hotel anothergreat target.
Okay, sit in a hotel lobby,have a drink, pick out the
hacker.
Everybody's on public thingsall the time.
All right, everyone has theirgeolocation on.
The other thing is you knowhere's mantra post your pictures
(33:58):
of Notre Dame when you'realready at the Eiffel Tower.
Don't do it in real time.
Okay, don't why?
Because you can turn a cyberattack into actual burglary and
take off your biometrics.
You know, when you're sittinghere at home and you have your
face ID, that gets you in yourfingers.
I don't want someone punchingyou, putting your face up and
(34:18):
taking your phone and it happensall the time.
Speaker 2 (34:20):
Yeah, I took it from all the financial, but it opens
the phone.
Speaker 1 (34:24):
Okay, so that's bad when you travel or when you're
in the city, don't you know?
If you're in a ruralenvironment, in a low-risk
environment, it's fine,especially at home, for your
convenience.
And older people who are goingto nice hotels.
There's nothing a hacker inFraudster loves more.
It's like let's follow them forthe airport.
They're dressed well, they looknice.
They just checked into afour-star or five-star Yay, hey,
(34:49):
let's go get them.
Let's go see what apps theyhave open.
Let's go see how much they'reprotected and you can call Apple
and they're like they can'tbreak into their architecture.
But they don't care about yourarchitecture.
They care about what you havegoing on in the cloud, Okay,
they just want to know where youbank and if they can crack open
that Apple ID.
You know and understand thatyou can be watched when you
don't think so what is thebiggest cyber attack you worked
on?
Speaker 2 (35:08):
I can't name things no, not, don't name the company.
Speaker 1 (35:11):
Two two things.
So in the white house, in thenational infrastructure advisory
council, we do look at criticalinfrastructure okay okay.
So there were things that welooked in there, like the grid
and transportation and thingslike that large non-profit that
was breached really badly.
Speaker 2 (35:29):
So all the donors' information was taken.
Speaker 1 (35:36):
Yeah, they love donor information and when you make a
donation, please just go to thewebsite.
Do it there.
Don't use the apps.
Don't do links, even if you'rea longstanding member.
Never use GoFundMe.
You know even who and the RedCross were cloned during COVID.
If you think a ransomwareattack is not stealing personal
data, you need to watch moregangster movies.
(35:56):
They kill the guy and theystore him in a junkyard and they
go offshore for months untilthings lay low.
There are literally junkyardsin the dark web.
They're called junkyards.
If they steal a lot of dataafter a ransomware attack, they
store it somewhere and they golay low and then six weeks to
three months later, boom, you'regoing to see it and threat
(36:19):
intel systems.
You can see this stuffhappening.
The law and its mechanisms arejust a little behind the
criminals at this point.
Speaker 2 (36:27):
What's the most common?
Hacking, you see, for privatepeople, not big organizations.
Speaker 1 (36:31):
Email email account takeover.
Speaker 2 (36:33):
So they take over the email.
And then what?
Speaker 1 (36:35):
91% starts with an email account takeover.
And then I go look for all youraccounts with that email and
I'm just you.
Hi, I forgot my password Reset.
Okay, I just have the emails.
I can just impersonate you,email and spoofing on the phone.
What is spoofing?
That's what you just workedvery hard to.
Speaker 2 (36:56):
Oh, changing the eSIM .
Speaker 1 (36:58):
Right when the authorization code is forwarded
to another phone from SIMswapping, just swaps out for
another SIM.
Speaker 2 (37:03):
So that's a common thing, Very, very very common,
oh, very common thing.
Very, very, very common.
Oh, my God.
Speaker 1 (37:07):
And that's why the move you'll see in secure
environments, they use anauthenticator app instead of
text to your phone, because anauthenticator app does not use
SIM technology.
Also, while traveling, when yourent a car and you're just like
great plug in Google Maps,delete your profile when you get
out of that car.
Because if I hop into youraccount, when was the last time
(37:29):
you get out of that car?
Because if I hop into youraccount, when was the last time
you logged out of a Gmail orYahoo?
You just open your computer andthere you are.
Isn't it that fun.
I've seen people go from theirGoogle Maps into their Google
account and then they're off tothe races.
Don't leave that stored in arent-a-car.
You'll notice that if youdownload Google Chrome and open
up settings.
Here's a little test.
Okay, after two minutes on yourcomputer with Safari, all of
(37:50):
your passwords stored in Safariare magically going to appear in
Chrome because they'll make ahandshake unless you turn it all
off.
Export those things out of thebrowser.
That's a public space.
It's prevention.
Is what you want.
You know it's really funny.
In this culture, black cats areconsidered bad luck Right.
This is totallymisunderstanding the black cat.
Speaker 2 (38:11):
Why you have a black cat.
Speaker 1 (38:12):
If you go into ancient cultures, the black cat
is good luck.
Why is that?
Because if a black cat crossesyour path, it warns you that bad
luck is coming.
Warnings are good, so it's veryinteresting in Japan when I was
in Tokyo I thought it was socute Every security firm's logo,
whether it's physical or cyber,is all a black cat.
So think like that you want tobe warned and then go look and
(38:36):
shore yourself up because Ipromise you incident response
and mitigation of identity theftand breaches of your bank
account will take forever.
It's expensive and it's verypainful and it's horrible to see
, and so much of it ispreventable, so much of it is
preventable Mostly via email.
Speaker 2 (38:51):
You said.
Speaker 1 (38:53):
Yes, and your phone, but in order to steal my
identity.
Speaker 2 (38:56):
They need my social security.
It's not stored on my phone.
Speaker 1 (38:59):
There's 200 million of them out there, thanks to
AT&T and Verizon.
Speaker 2 (39:02):
last year, Okay, let's talk about money.
If somebody just starts in thecybercrime prevention business,
how much money can they?
Speaker 1 (39:10):
make, so it would depend on your education, like
anything right If you come intoa threat Intel company and
you're, you just want to getyour foot in the door.
You haven't studied any of thisin college.
You know life doesn't end aftercollege.
Who the heck cares?
Get in there in some way, rightIn whatever department, and
then learn okay.
So then you're looking atprobably lower end entry level
(39:33):
salaries that are, you know,probably between 30 and 50,
depending on the company anddepending on your thing, If you
have a law degree and you wantto take a left, lawyers are very
useful because they know how touse threat intel data on both
sides.
It's on the prosecution anddefense.
Lawyers are very useful becausethey know how to use threat
intel data on both sides on theprosecution and defense.
(39:53):
Anyone who took accounting begreat at this.
You know, get extra fraudcertificates and you, you know,
then you're, and then you're insix figures.
Wow, it's a six figure industrybecause there's a shortage of
people who know how to do thesethings and you don't have to
look twice to see the need.
Speaker 2 (40:08):
The need will always be there, yeah, and what kind of
skill do you need to have inorder to be able to be a good
cybersecurity person?
Speaker 1 (40:14):
You need to be a good data analyst, so you can take
data analytics too.
What does the data mean?
How do you map it?
How do you see the matrix?
Okay, that definitely.
And psychology criminalpsychology.
Speaker 2 (40:28):
Yeah, you said that.
Speaker 1 (40:29):
Go get a criminal justice degree and learn how
criminals behave, because thereis no physical crime that
happens anymore without intel.
Speaker 2 (40:37):
This is a lot to know .
I mean, my head is blowing upalready.
Speaker 1 (40:40):
I've also been doing it for many, many years.
So what is very important isyou study banking and payments I
worked in both of those fieldsOkay, study how money moves and
it's fascinating.
It's a super fun.
If you are interested inresearch and stuff, it's really
fun.
And then how it dovetails withthe criminal mind, learn about
(41:02):
white collar climb.
Learn about the psychology ofdeviance.
Take psychology, take sociology, take pathology, accounting and
your cybersecurity and know howthings work, not just not to
click on something.
So you take those things butyou focus really on the human
(41:24):
behavior part.
If you understand criminalbehavior, you will understand
how not to be a victim and youactually know more than you
think you know.
You don't have to be mathoriented as much as you think.
A very good like investigativereporting is very good to study
as well, because there aren't alot of people who do it.
It's a great field.
It's completely understaffedand there's a lot of employment
in it.
Speaker 2 (41:44):
So you don't really need to have a tech background.
Speaker 1 (41:47):
It's very good to have a tech background.
It's good and hands-on tech.
Speaker 2 (41:50):
Okay, yeah and go.
Do you need to know how to codealso?
Speaker 1 (41:53):
Coding is very easy, so when you learn threat intel
systems, you will have to learnsome coding languages.
There are also some great toolswhere you can go and learn to
be an analyst and take theseonline quizzes Like here's a
malware thing, here's theproblem, and you can work it out
on these little modules.
Learn what malware is and howit works.
Speaker 2 (42:13):
I hear that seniors in particular are vulnerable to
attacks.
Why is that?
Speaker 1 (42:18):
When you are below the age.
This is why seniors are indanger when you are below the
age to collect social securityor when your IRA is locked up
right, like you have to have apenalty and all the banks
protect it and there's thingsand there's forms to fill out
and all that.
All that gets taken down.
When you're 59 and a half, youcan just go remove money, like
(42:38):
it's a checking account Easierto hack into when people collect
social security.
That's why there's so muchemphasis on social security
fraud.
This is what happened duringCOVID is people use those
numbers to go collectunemployment or to divert social
security?
And then you have retireespeople who are over 60, have
more money than people who are20.
Right, if you have yourmortgage paid off, you're more
(43:02):
vulnerable.
Speaker 2 (43:03):
Yeah, because they can take your property.
Yeah, I heard that.
Speaker 1 (43:06):
Yeah totally, but there's things that you can do
from all of it.
You just the vigilance thereand the senior attacks really
make me mad.
We focus a lot of our businesson making sure that doesn't
happen and then they sit aroundwaiting for trusts and wills and
financial transfers.
So those are important to putin place.
Speaker 2 (43:25):
So most of the stuff that you deal with is it
preventing a hacking or is itrepairing?
Speaker 1 (43:32):
Well, unfortunately, we get a lot of incident
response and mitigation, whichis really painful and expensive
If people have been on theirphone since 2008, and they've
never gone through what we callbreach data cleanup.
We highly advise it.
We do run cyber crime bootcamps at theaters and synagogues
and other places to show peoplewhat they need to do and if
(43:55):
they need our help, we help them, because if you don't prevent
now it's kind of inevitable.
Covid overworked a lot ofnetworks, so the IRS what do you
mean by that?
So when we were all in COVID andeverybody's online all the time
, there were vulnerabilities andthe hackers got a lot more
sophisticated and the systemswere burdened.
(44:15):
Okay, so the IRS had breaches,the MLS system in real estate,
the DMV, even who and the RedCross were cloned because it's
just so much traffic and therewere opportunists.
So those things and you coupledwith huge telephony breaches
from AT&T and Verizon last year.
There's a lot of stuff outthere and, whatever your
(44:38):
politics are, I would highlyrecommend watching the 60-minute
segment on cyber crime and thedark web that aired in May last
month.
It explains a lot about cybercriminals and you can also go to
my website at zerohacksecurecomand hit play on the short video
(45:01):
that explains it.
Speaker 2 (45:02):
Rivka.
Thank you so much.
This is wealth of information.
I have to listen to the wholething again because I got a
headache from all thevulnerability I'm exposed to.
Speaker 1 (45:11):
But it's an exciting field and there's a lot of
opportunity in it.
Speaker 2 (45:17):
Okay, that's a wrap for today.
If you have a comment orquestion or would like us to
cover a certain job, please letus know.
Visit our website athowmuchcanimakeinfo.
We would love to hear from you.
And, on your way out, don'tforget to subscribe and share
this episode with anyone who iscurious about their next job.
See you next time.
Popular Podcasts
Cold Case Files: Miami
Joyce Sapp, 76; Bryan Herrera, 16; and Laurance Webb, 32—three Miami residents whose lives were stolen in brutal, unsolved homicides. Cold Case Files: Miami follows award‑winning radio host and City of Miami Police reserve officer Enrique Santos as he partners with the department’s Cold Case Homicide Unit, determined family members, and the advocates who spend their lives fighting for justice for the victims who can no longer fight for themselves.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.