December 22, 2025 • 45 mins
Cyber Security Expert
Cybersecurity is one of today's fastest-growing career opportunities, offering high earnings and strong job security as cybercrime continues to evolve.
Most cyberattacks don’t start with elite hackers—they start with your email address and phone number. We sit down with Rivka Tadjer, CEO and co-founder of Zero Hack, to break down how modern cybercrime really works—and how protecting people and companies has turned into a lucrative career path.
Rivka breaks down the most common attack paths—email compromise, phone number hijacking, and reused passwords—and walks through practical steps you should take to protect yourself. We unpack how organized cybercrime operates at scale, why email and phone takeovers are the #1 threat to your finance and identity, and what skills are actually valuable in the cybersecurity job market.
Rivka explians VPN and router security basics, travel-related risks, and how to create a “clean” financial identity that stays off public apps and social logins.
Whether you’re curious about cybersecurity careers, want to protect your money, or just want to stop feeling exposed online, this episode is your cybersecurity reset.
Connect with Rivka:
Linkedin - https://www.linkedin.com/in/rivkatadjer/
Website - https://cybercrimedispatchunit.com/
Want us to cover a specific job? Shoot us an email!
Music credit: Kate Pierson & Monica Nation
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_00 (00:03):
If you understand criminal behavior, you will
understand how not to be avictim.
And you actually know more thanyou think you know.
I promise you, incident responseand mitigation of identity theft
and breaches of your bankaccount will take forever.
It's expensive and it's verypainful.
And it's horrible to see.
And so much of it ispreventable.
SPEAKER_03 (00:23):
Hi, welcome back to How Much Can I Make?
I'm your host, Miravozeri, andtoday we're stepping into the
high-stake world ofcybersecurity.
Our guest is Rivka Tajra, CEOand co-founder of Zero Hack.
Rivka is a top cybersecurityexpert who worked with the White
House, major corporations, andprivate individuals to prevent
(00:47):
cyber attacks and identitytheft.
Let's tap into her expertise andfind out what we can and should
do to protect ourselves in thisdigital world.
Well, Rivka, thanks a lot forwilling to participate and
giving us your time.
I have millions of questions, ofcourse, because that totally
concerns me, security.
(01:08):
I was hacked.
So let's start by first tellingme how did you get into doing
cybersecurity?
SPEAKER_00 (01:15):
So, first of all, thank you for having me on.
And um, well, I started as ajournalist in the late 80s,
early 90s.
I was on the team with the WallStreet Journal, who put the Wall
Street Journal online in what wecall the OJ years in 1994.
And then I was covering privacy,security, identity theft, as
(01:36):
well as AI, machine learning,data mining, and supply chains.
SPEAKER_03 (01:40):
Already in 94, you would were dealing with AI?
SPEAKER_00 (01:42):
Well, because in AI, a lot of what is called AI now
is machine learning.
SPEAKER_03 (01:46):
Right.
SPEAKER_00 (01:46):
So that was the beginnings in data mining and
putting those systems together.
SPEAKER_03 (01:51):
Didn't know that.
So okay, so now you are anindependent contractor, right?
That deals with security.
Tell us what you do.
SPEAKER_00 (01:59):
So um we're actually going to celebrate our 10th
anniversary next month of ourconsultancy.
What we do is we protect peoplespecializing in financial
protection and securecommunication.
SPEAKER_03 (02:14):
Okay, what does it mean financial protection?
SPEAKER_00 (02:16):
Protecting the cyber equivalent of putting your banks
and brokerage in witnessprotection.
So I also worked in FinTech inbanking, and I was on the White
House National InfrastructureAdvisory Council for Critical
Infrastructure in the bankingindustry, appointed by Obama,
but worked through Trumpadministration.
So I have specialty in howpayments and banking work, and I
(02:41):
covered it a lot as ajournalist.
Then I moved to work for fintechand banking companies.
So what we do is we investigate.
Here you are, right?
Mirav, you have email addresses.
You've been online since we allgot this Steve Jobs remote
control of our planet in 2008,right?
SPEAKER_01 (02:59):
Everything was free.
SPEAKER_00 (03:00):
Free email, free this, you can get everything.
And so we ran for convenience.
And those email addresses andthe telephony side of your
phone, which I'll get into, arewide open doors.
Okay?
Everyone's heard about the termsphishing, okay?
If they hack into your email andcan impersonate you, that's
called an account takeover.
(03:21):
And then thanks to AT ⁇ T andVerizon last year, they breached
all of our data and socialsecurity numbers.
I can be Mirov.
So what we do is we use cyberthreat intel systems that are
closed systems.
We look anonymously in threatintel systems to see what of
yours has been exposed.
Can someone take your phone andforward authentication codes to
(03:43):
another phone?
Can someone be you with youremail address?
And what kinds of cyber criminalgroups are targeting you?
So first we do that.
I'm a data-driven person.
SPEAKER_02 (03:53):
Okay.
Okay?
SPEAKER_00 (03:54):
So first I get the data.
Okay.
I look it up.
And we need scary little to findthis out.
Literally, your name, middlename helps if you have a common
name, birth date, legal address,your IP addresses, phone number,
and your email addresses.
And that's it.
And I never look at anyone'sfinancial balance.
I don't look at sensitiveinformation, and we can see if
your social security number hasbeen texted to someone else.
(04:16):
But essentially, you you have toget the data and see where the
vulnerabilities are.
And if they are into your emailor your phone or your systems,
how they got in.
Once we know how they got in, wecan kick them out.
And one of the most importantthat's the service part.
If somebody has your socialsecurity number, they can't do
anything with it.
Or that they can't access yourbanks and brokerage because
(04:36):
we've created a new identity foryou with those.
Because once data's breached outthere, the toothpaste is out of
the tube.
You are never putting that back.
So sometimes it's a pain in theneck.
I might tell you, you know thatGmail you've had for a hundred
years?
You've got to get rid of it now.
Okay?
And then you have to migrate it,you have to move your contacts,
but you need encrypted secureemail for your bank and
(04:57):
brokerage that never sees thelight of day that you never use
for anything else.
How can I get the encryptedemail?
You can go to proton.me inSwitzerland and get a proton
mail.
Russian oligarchs use it toprotect their Swiss bank
accounts, and now so can you for$3.99 a month.
Think about it.
Proton mail for protecting Swissbank accounts.
Do you think somebody's using aGmail to protect a Swiss bank
(05:19):
account?
SPEAKER_03 (05:20):
Okay.
SPEAKER_00 (05:20):
No.
Actually, if somebody tries tocrack your password though, the
whole inbox turns to some pigLatin version of Cyrillic.
Even for you, if you lose it.
Okay?
It's designed to protect.
Other thing that you can do,depending on where your email is
hosted, is things like SpamAssassin, these little add-ons
that you can put on that reallydon't allow things into your
(05:43):
server, especially if you'reusing a Gmail and you haven't
gotten an encrypted secureemail.
Encrypted secure email willthrow that stuff and it won't
even let it on your server.
It's like a it's like a big gunkair filter.
Every infiltration and the newIBM research reports and the new
Verizon reports, read thoseyearly.
You can download them.
The FBI ICS unit, the InternetCrimes unit, read their reports.
(06:06):
Over 90%, no exaggeration,happens by human error with
their email credential.
I want to double checksomething.
SPEAKER_03 (06:14):
Yeah.
If I email my broker, if Idelete it and delete the trash,
I'm safe?
The inform no?
No.
SPEAKER_00 (06:20):
At Yahoo, they store all that crap on a server that
they've long abandoned.
If you didn't change over toOutlook mail and get encrypted
mail and Outlook, you know, theydo offer encrypted email servers
or your hot mail or that prodigything that ATT owns, okay?
Anyone with one of those Yahooaccounts that became a prodigy
(06:41):
account, that is all subject tothe ATT brief.
SPEAKER_03 (06:43):
So hold on a second.
If I communicate on WhatsApp,WhatsApp is encrypted.
SPEAKER_00 (06:47):
No, it's not.
Zuckerberg bought it, and noweverything meta is integrated
into it.
That's why the whole world movedto Signal.
SPEAKER_03 (06:55):
Signal.
SPEAKER_00 (06:55):
Yeah.
So now, and when that goes tohell, I can come back and tell
you what's new.
The cyber criminals is what youshould be worried about.
It's organized crime.
It's not a 40-year-old guy inhis bathrobe still living with
his mother.
These are well funded.
They have the best hackers inthe world, and they have
supercomputers.
They can run everything aboutyou in social media and in 10
seconds know the password toyour email if you have not
(07:19):
protected it.
Okay, this is very, verysophisticated.
So what you're looking at is thecyber criminals and protecting
yourself from those criminalgangs.
And you know, usually they don'thave ideology.
They just path of leastresistance, where can I break in
and get money?
How can I assume someone'sidentity?
There are six attack surfaces.
(07:40):
These are the high-riskbehaviors.
Crypto, activism, ancestry sitesget off of them all right now,
porn, gaming, and dating sites.
There are ways to do all ofthese safely, except for
ancestry.
And it's a shame because when23andMe was breached, okay, and
they only stole a database ofAshkenazi Jews.
SPEAKER_02 (08:02):
Really?
SPEAKER_00 (08:03):
Yep.
Alright, so why do they do that?
It could be someone who uh wantsto sell to Pfizer a database so
that they can make a drug toprevent Tay Sachs disease.
Or it could be someone who hatesAshkenazi Jews.
It could be anything on thatspectrum.
Class action suit, and now 23and me is gone.
SPEAKER_02 (08:21):
Right.
SPEAKER_00 (08:22):
But the data's not gone and it's in junkyards
somewhere.
And it's a shame becausesomething like 23 and me, so
many people, if they wereadopted, because it was
medical-based.
Right, right.
But it's in a magnet for hackersbecause they know there's all
kinds of data in there.
The other places to be supercareful, you're getting a
divorce.
What's not in a separationagreement?
Be careful how you communicateto your lawyer.
(08:43):
Not only do you know howeverything's divided, you know
who got what and where it is.
So think, you gotta learn tothink like a criminal.
And accountants, forensicaccounting, they're so good at
this.
Some of my best sources that Ibrainstorm with are forensic
accountants.
They get this immediately oncethey tune into it.
Because they know how moneyflows.
And the more you know aboutmoney flow, about accounting,
(09:06):
real estate lawyers are great atthis.
I have some great sources that Iuse who are realtors because
they know when something looksweird in MLS, and MLS was hacked
in 2023.
unknown (09:18):
Wow.
SPEAKER_00 (09:18):
Okay, so if you've ever bought a house or sold a
house or rented a house, do youknow what is stored in an
average real estate officeprinter?
In the why it's stored?
In the printer.
Because they're like, oh, I haveto print out the this person's
whole financial picture.
They sent me proof of income.
And it's stored?
It's it's stored.
Look at network printers and seehow often they're cleared.
(09:38):
Medical people know theconfluence of data and have
great aptitude for this.
Okay, and now with telemedicinethere, all of that, that's why
they keep getting breached.
There's juicy information thatgoes on for years to socially
engineer people.
What is this dark web?
SPEAKER_03 (09:54):
Can you actually see what's there?
SPEAKER_00 (09:55):
It's like a mall.
Of course you can see it.
So can I go in and see if myinformation is in there?
Well, you don't want to youdon't want to like be noticed in
there.
You want to go in anonymously orposing as a fraudster buying
stuff because you'll be seen amile away.
You need to be anonymous to godo it and watch what they're
doing to do it.
Do you do that?
Yeah, of course.
That's what threat intel systemsdo.
(10:17):
And we use one that's mirroredthe infrastructure of the dark
web.
And it's amazing.
SPEAKER_03 (10:20):
Oh my god.
SPEAKER_00 (10:21):
So we can watch what they're doing, and you query it
in many languages.
SPEAKER_03 (10:25):
You literally see people there buying and selling
information.
SPEAKER_00 (10:28):
Yes, there are trajectories where you can see,
sometimes you can place them bylongitude and latitude.
Trading data.
I mean, it's not a little avatarguy, but it's your identity.
Wow.
The problem with this crime isthat it pays, and there's only
0.05% of the time that anyone'sever caught because you don't
have to be seen.
SPEAKER_03 (10:47):
So you said secure password.
How can I secure my password?
SPEAKER_00 (10:52):
Well, first of all, never ever use an automated,
auto-generated password.
Two reasons why.
Whoever is offering toauto-generate your password is
keeping a database of thosepasswords.
SPEAKER_03 (11:03):
Even the very complicated, very long password
that it's AI.
SPEAKER_00 (11:07):
AI is not good at implementing ideas or being
creative, but if it's out there,they can grab it.
The other thing is it's ahacker's dream.
So let's say you have automatedpasswords generated in a
password manager.
Those are stored in a placebecause you can't have everybody
with the same passwords, right?
Right.
So if they get to that attacksurface and they say, Oh, who
(11:28):
has accounts here?
Great, let's go get the that'sthe first thing they'll go for.
Let's go get the database of theauto-generated passwords, run it
against the accounts and seewhere we get in.
You need a system where youcontrol things, where all the
locks are yours to put on andtake off.
Like freezing your creditreports.
Okay, once Equifax was hacked,people in my industry, we
(11:49):
lobbied, it became rule that youget to freeze your credit
report.
SPEAKER_03 (11:53):
Right, I did that, yeah.
SPEAKER_00 (11:54):
Right, and people are like, well, I don't have an
account there.
I was like, great, well, theyhave had a dossier on you for 50
years.
So you create that onlineexperience so you control
whether it's frozen or not.
You want to go for apply for aloan, you say, which one are you
looking at?
And you only unlock that one 24hours before, you let them do
it, and then you lock it backup.
Okay?
And the most important thingabout security is don't tell
(12:17):
someone what you're doing.
Misinformation is a good thing.
What do you mean by that?
When you create a new personafor your banks and brokerage,
and you have an encrypted email,you have two-factor
authentication, you have gooduser ID and password, you have
excellent hygiene when you doonline banking and where you do
your online banking and how youdelete your browsing data and
(12:39):
how you sign out instead of Xingout.
Your habits, how you call yourbank and brokerage and say, no
wires ever go out of my accountunless I'm in branch.
SPEAKER_03 (12:47):
Uh hold on a second, you said something important.
Deleting your browsing history,you said.
SPEAKER_00 (12:52):
Absolutely.
SPEAKER_03 (12:53):
On a daily basis?
SPEAKER_00 (12:55):
Absolutely.
When you can visualize how cybercriminals see what you're doing,
then you really tune in to theseprinciples, and then you just
apply the principles in yourlife once you click into it.
And you know, people tell me allthe time, you know, I I'm not
this is the era of the kids, I'mnot good at this.
I disagree.
I work with seniors, a lot ofseniors mostly, because they're
(13:19):
they're hard to protect and theyhave a lot to lose, and they're
main targets.
Actually, they're much better atthis than my 24-year-old
daughter.
Because you know crime and youknow criminals and you know
criminal minds.
But you have to know whatthey're seeing and how they
follow you.
You have to know what akeystroke logger is.
That's everywhere you browse onthe internet.
Little pieces of malware in thatbeautiful little Gmail of yours,
(13:41):
or Yahoo, or a Hotmail, or anyfree mail, AOL, that sells your
email to advertisers.
What is a keystroke logger?
Exactly what it sounds like.
It logs your keystrokes.
It's an info stealer, okay?
And you have to find out in allof your settings whether there's
anything on there.
On a PC, you go into your taskmanager.
In your Apple computer, you goto the activity monitor, and
(14:02):
look at all the crap running inthe background in your computer.
And if you see anything inChinese or Russian, you call me.
But if you see the words Zendesk, MSPY, like, um, or numbers
with KK.txt, those are infostealers.
What browser is the best one touse?
It doesn't matter.
They're all the same.
It's how you set them up thatmatters.
You set them up for zero trust.
(14:23):
What do you think that Googleand Microsoft and um Apple and
Firefox are doing with all thatdata if you don't set it?
How do you think they selladvertising?
They gather your analytics andthey sell it to each other.
SPEAKER_03 (14:35):
But how can I set it so they don't do it?
SPEAKER_00 (14:37):
It's all in settings.
This is what I encourage peopleto do.
Log on to any app that you useand click on that stupid little
gear shift or the three dots orthe three lines and go through
every single setting in there.
And anything that looks like,share my data, give analytics,
personalize, turn it off.
Anything that says, remember me,say no.
You do not want AI to grab thisinformation and sell it off into
(15:02):
the dark web.
The more information they haveabout you, and if you've ever
been hacked, you're worth moreon the dark web.
You go from being worth that 50cents to marketers to being
worth thousands.
And the other thing to rememberthat's super important is
everybody looks at their phone,they're like, I either have a
droid or an Apple.
Apple will say, nobody can bustour architecture.
I was like, who cares?
Nobody, you don't have thesecret sauce to Coca-Cola on
(15:23):
your computer.
That's not what I want.
I want the telephony side.
Your phone is Verizon or ATT orT-Mobile.
Apple is in the cloud.
How are you protecting thatApple ID?
With a Gmail?
All right?
If I go and hijack your AppleID, all right, and I change the
phone number and I change theemail address and I lock you
out.
I have everything in your cloud,I have the credit card you have
(15:44):
to store apps.
You call Apple, even with aserial number or an IMEI number
on your phone, and they will nothelp you.
So it doesn't matter what thearchitecture is, everything we
do is online and in the cloud.
And you have to have the samemantra of protection.
You have to protect thecredentials that guard the
accounts, and then you'll besafe.
SPEAKER_03 (16:04):
So, for example, people put credit cards in Apple
wallet.
Is that safe?
SPEAKER_00 (16:10):
It's as safe as how you guard your account.
Look, I am not willing to golive in the woods with a shotgun
on my porch, okay, and a roll ofbills under my mattress.
Okay.
You know, some people are, but Ilive in this world and I love to
shop and do everything else.
Right.
You have to protect the SIM,which is the telephony side of
your phone, so that no one cantake those authorization codes
(16:30):
to your bank and forward themsomewhere else.
And no phone company will evertell you the piece of advice I'm
going to give you right now.
You have to protect your AppleID by not allowing remote access
to it, and you have to have aVPN on your phone, and you have
to secure encrypted emails forany account that you have that
does payments.
And then you take your Gmailaddress and you leave your what
(16:52):
I call your trash persona outthere.
Let them pick at that until it'sjust bone.
Because it's already out there.
You change you surgically removewhat is financial from your
breached data that's out there.
You put it under a lock and keywhere it's not going to be sold,
and that's how you protectyourself.
SPEAKER_03 (17:09):
I have malware on my computer.
That doesn't give me really anysecurity except for virus,
right?
SPEAKER_00 (17:14):
No, no, anti-malware.
You mean malware bytes?
Yeah.
Something like that.
Okay, so this is a veryinteresting point.
You need a VPN with that.
So what malware bites does is itlooks on your hard drive.
Are there viruses or is theremalware on your hard drive?
Okay.
What a VPN does, it does twojobs.
(17:35):
One, it monitors your networktraffic.
The VPN, the mothership, itmonitors for keystroke loggers,
viruses, malware, um, adtrackers that track you and then
sell all your data.
VPNs are very powerful now.
It used to be for enterprises.
You can click on ad and trackingblocking, you can click on
(17:57):
anti-malware.
That is not something malwarebytes can do.
What that mothership does in aVPN is it prevents you from
downloading anything bad.
Most malware and stuff eithercomes through your email that
Google sells and promotionpeople can say they have to read
it before they delete it, andreading it can load the malware,
or they have to read it, theyhave to click on it three times,
(18:18):
or some crap, so it stays inyour computer, but it also will
quarantine any PDF orvirus-filled document.
Okay?
And so you can look at it, itkeeps it on a server.
The other part of a VPN that youembed in your browser and an
extension masks your IP address.
SPEAKER_03 (18:38):
Is there a particular VPN?
Because I looked into it oncewhen I got the paranoid hour
paranoid hour.
And there are so many to choosefrom.
How do I know what features are?
SPEAKER_00 (18:47):
It's a good question.
So I just want to preface thisby saying I take no referral
money, affiliate money, anyonefrom anyone I recommend or say
is bad.
Okay.
Because I have to stay clean.
SPEAKER_03 (18:56):
Yes, of course.
SPEAKER_00 (18:57):
Okay.
Right now we like Nord VPN.
We like Nord VPN for severalreasons.
When we look it up on our ThreatIntel systems, we don't see
infantry stealers on theirdomain.
We don't see a lot of employeeaddresses that have account
takeover.
Okay?
What if there's an employeewith, you know, they're looking
for that access to thoseaccounts?
(19:18):
We see very, very few.
Their parent company is based inAmsterdam, probably protecting
the de Beers, okay?
SPEAKER_02 (19:25):
Right.
SPEAKER_00 (19:26):
Remember, the people who really have the most money
in the world are not talkingabout it, okay?
So Europe's privacy laws are waymore developed than ours are.
They're stronger.
So this type of application grewup in an environment where it's
it's very, very careful.
If you keep it updated, they'reconstantly studying the
(19:47):
mutations of malware and thenbringing the inoculation.
That one thing to remember abouta VPN is definitely there's a
lot, there's a lot of good onesout there, but test your
internet speed with or withoutit.
One of the things we like.
About Nord, it doesn't degradeinternet speed.
SPEAKER_02 (20:02):
Okay.
SPEAKER_00 (20:02):
So sometimes, like Proton has a very good sister
application.
It's a great VPN if you live inSwitzerland.
But it's protocols here, yourzooms will freeze.
You'll turn it off.
It will drive you crazy.
So that's a big configuration.
It's overwhelming.
It is.
It's like taking a sip from afire hose, but the best thing to
do is not to think of it all atonce.
(20:24):
The first thing I do in a house,go change the Wi-Fi password on
your router.
Okay?
Many, many companies thatprovide your Wi-Fi service on
that router.
Right, spectrum provide money.
Okay, so my entire neighborhood,the first two words of the
password that's like imprintedon the router is the same for
(20:46):
everybody.
Okay, so if I'm smart enough andI shoulder surf on Wi-Fi, all I
have to do is run algorithmsaround against the last three
numbers.
I go anywhere and I can look upWi-Fi in your neighborhood, and
most people have not evenchanged the name from Spectrum
Setup F8.
Okay.
Oh, you have to change that too?
You can and you should changethat router password to
(21:08):
something Spectrum doesn't know.
Not because Spectrum is evil.
But Spectrum is a mobile virtualoperator of Verizon.
Verizon was breached last year,okay?
What's the first thing they'regonna do if they if they break
into Spectrum?
Let's go see all the passwordsthat they have stored, run them
against their list of accountsand see where we can hop in and
(21:28):
go take stuff.
So you gotta reduce your attacksurfaces and you have to think
like you're your own personalcorporation and who your
third-party risk is.
That's the first thing you do.
And you start here because yourIP address on every little
device is mapped to where youlive.
Right.
Okay?
So it's home invasion, it'sprotection against home
invasion, that router passwordand name.
SPEAKER_03 (21:50):
But you know what?
I was hacked through Chase.
I w they you know how they havedi double identification?
They never called me oranything.
Somebody got in a couple ofthings.
SPEAKER_01 (22:00):
Somebody turned it off.
SPEAKER_03 (22:01):
Right, and they took everything I had.
The bank gave it back to mebecause I was it a credit card
or a bank account?
SPEAKER_00 (22:08):
Bank account.
Were they did they wire you?
SPEAKER_03 (22:10):
They changed my address on my statements.
SPEAKER_00 (22:13):
Did they change your account number?
SPEAKER_03 (22:14):
No, they didn't change.
SPEAKER_00 (22:16):
Bad.
Bad.
They're gonna get a call from metomorrow.
That's very bad.
Chase has particularvulnerabilities to certain
organized crime groups that Iwill not mention on this because
we need to protect Chase thatare particularly good at the
code that iPhones are writtenin.
And after the ATT breach, thereason you never got the code is
(22:37):
because if you had not protectedyour SIM card or your eSIM on
your phone, SIM swapping iswhere they helped themselves to
that account, probably took yourSIM, forward that number to
somewhere else, and they got theauthorization.
Okay, ready?
SPEAKER_03 (22:51):
Yeah.
SPEAKER_00 (22:52):
All right, take out your phone and go to settings.
SPEAKER_03 (22:54):
Okay.
SPEAKER_00 (22:55):
This is what you want to do, folks.
All right, if you're on aniPhone, you want to go into
settings, that little gray gearthat you're gonna get really
familiar with.
You're gonna click on cellulardata.
Right.
You're going to scroll downuntil you see sim.
If you have an iPhone 15 orlater, you can put a pin even on
an eSIM.
Okay?
(23:15):
Okay.
You're gonna click on thatmanagement of pin.
SPEAKER_03 (23:17):
Oh, SINPIM.
SPEAKER_00 (23:18):
Yeah, you're gonna turn toggle it on.
Right.
Now, get this.
In their infinite wisdom, ATTand Verizon and therefore
Spectrum, the preset pin in yourphone is 1111.
Oh, okay.
T-Mobile's one, two, three,four.
Okay.
Google Pixel is one one one oneor zero zero zero zero.
There is not a fraudster on theplanet that doesn't know this.
(23:40):
Okay?
Has anyone ever put in yourstatement?
Then maybe you should go aheadand put this pin on.
No, never.
Okay, so you're gonna enter yourcurrent pin.
So it would be one one one.
Right.
Okay, hit done.
SPEAKER_03 (23:53):
Yeah.
SPEAKER_00 (23:54):
Okay.
Now does it say change pin?
Yes.
Click change pin.
Change pin.
Put in again the current pin.
One one one.
Hit done.
Does it say new pin?
Yes.
Okay, here's the drill.
Do not tell anyone your pin.
And by the way, if anybody insecurity ever asks you for a
bank balance or pin number, showthem the door.
Security is like a secret.
(24:15):
Only one person can keep it.
Okay?
Write this pin number downsomewhere.
Do not make it your cat'sbirthday, your birthday, your
favorite lucky numbers.
Okay?
None of that.
Random, random, random.
Look around a room.
Look at the clock.
Look at a thermostat.
Random that can't be sociallyengineered.
Put that darn thing on a stickynote.
(24:37):
Put it in your sock drawer,stick it on the butter dish in
your fridge, because you will begoing into ATT or T Mobile or
Spectrum to unlock it if youlose it.
SPEAKER_03 (24:46):
So it shouldn't be the same pin that I use for the
phone?
No.
No two pins should ever be thesame.
SPEAKER_00 (24:53):
Okay?
And if you don't want to put inan encrypted password manager,
you get yourself an address bookthat's alphabetized, okay?
And create redundancies.
And if you keep it on aspreadsheet, you password
protect that and you don't keepit in the cloud.
So you're gonna pick a new pinthat has four numbers, write it
down, and don't show it toanyone.
SPEAKER_03 (25:12):
Done.
SPEAKER_00 (25:13):
Okay, this alone has prevented what we call sim
swapping.
So that authorization code thatyou never got because someone
else did can't happen anymore.
SPEAKER_03 (25:22):
Oh, there was sim swapping?
SPEAKER_00 (25:24):
I'm guessing.
SPEAKER_03 (25:26):
Wow.
SPEAKER_00 (25:26):
I mean I'd have to look up your data, but if there
was authorization code.
So that means, so now, is thisfail-safe?
No.
Does she have to log into herSpectrum account?
Change the email address youstore on that account to a nice
encrypted email address, andthere are more than Proton.
PC Magazine has a great top 10list of encrypted secure emails,
(25:48):
different uses, business people,you know, it depends on what you
do.
Log out once you put in thatencrypted email, log back in,
then add your two-factorauthentication, change your
password, and if any accountwhere you store payment or make
monthly payments allows you tohave a user ID that is not your
(26:09):
email address, change it andmake it random.
No special interest, no cute um,you know, art figures, no
constellations you like, nothingto do with you.
Look around the room, pickrandom things.
All right?
And make sure that when it saysremember me, you do not.
Because all that informationstored in your browser, all you
(26:32):
need is one little info stealerin there, and all of that is
theirs.
But people forget that theirphone is actually the telephony
side.
And by the way, if you have adroid, just click on settings,
go to the search bar, and typein sim.
Same with Google Pixel phoneusers, okay?
And then the steps are the samefrom there.
And if you get locked out, if itsays one more try and you're
(26:54):
locked out, don't do it.
Go to the store where you payfor the telephony side and do it
there.
It could mean a couple ofthings.
It could mean outdated software.
It could be someone snorkingaround your phone in your um
account already.
Okay?
But if you are about to getlocked out, do not attempt it.
(27:16):
You will hate me and thispodcast forever, um, because
your phone won't work and yourtext won't work if you get
locked out of your SIM.
SPEAKER_03 (27:24):
Right.
You have to remember the code.
SPEAKER_00 (27:26):
Once you remember the code, you'll then once you
change your pin, here's the twotimes that you'll need it.
Okay?
If you turn off your phone allthe way and then turn it back
on, it'll say SIM pin locked.
You'll put in the password toyour phone and then it will
prompt you to enter that SIMpin.
The other time you're gonna needto enter that SIM pin is after
your iOS updates or yourSamsung, uh, you know, whatever
(27:49):
operating system are on otherphones.
Once it doesn't update, it willprompt you to have it.
Those are the only two times.
SPEAKER_03 (27:56):
I saw a documentary on HBO about cybersecurity, and
they recommend to turn off thephone every few days because
there are people out there thatcan get into your phone even
when you are out on the street.
SPEAKER_00 (28:07):
That's absolutely true.
And it depends if you're beingtargeted and by whom you're
being targeted.
Um, that's absolutely true.
So get yourself a Faraday pouch.
What is a Faraday pouch anddon't skimp on it?
Get that technology.
What is it?
Named after John Faraday, itblocks out all electrical
impulses.
Okay, so if your phone is offand in a Faraday pouch, it's
(28:31):
it's endless what we have to do.
But when you travel throughairports, throw it in that
Faraday pouch.
SPEAKER_03 (28:36):
Now, you told me a while ago that when I'm in
airport to turn off Bluetooth.
SPEAKER_00 (28:41):
Yes.
So here's an airdrop if you havean iPhone.
So here's why.
Bluetooth and airdrop are closeproximity theft mechanisms.
It's a backdoor into your phone.
So let's say you've changed yourSIM pin and you've you've
protected your Apple ID and youhave a VPN on, but your airdrop,
Bluetooth, location services areall on.
(29:02):
Backdoor.
So Bluetooth, I have to be nearyou to grab it.
Okay.
But it works just like if you'veever airdropped something.
Here, here's the password.
Okay?
So people, and by airports, Ialso mean Panera and Starbucks.
Okay, it's just airports areyummy and juicy because people
who have money to fly have moremoney than people who don't have
money to fly.
(29:22):
Right.
So they just like it and you'reon public Wi-Fi all the time,
and it's just a goodenvironment.
But somebody's sitting outsideof that Panera parking lot or in
that cafe, and anyone who'svulnerable, they're just looking
for them.
SPEAKER_03 (29:36):
When I'm in the city, all of a sudden I see that
I'm on Verizon Wi-Fi.
Should I get off of it?
SPEAKER_00 (29:42):
Uh yeah, make it your option.
You don't want anything to justmove your phone onto something.
Um, it's like on uh Spectrumrouters, there's a little
setting that's actually, if youlog into your account online and
go into a setting, you won'tfind it in as easily in the app,
and you log in, it's actuallyunder security.
It's actually under, you know,security shield.
(30:05):
But right next to securityshield, there's a little toggle
switch.
And that toggle switch isspectrum mobile access.
That means that anyone with aspectrum mobile phone can bypass
a lot of your security and logon.
SPEAKER_02 (30:20):
Oh my god.
SPEAKER_00 (30:20):
So that they can gather data analytics, okay?
I was a marketer for a long timeof who has a spectrum phone in
the area.
All right, they clusterneighborhoods with IP addresses,
they're doing data analysis allthe time, and some of it's for
good purposes, like outages.
You gotta turn that thing off,and no one's ever gonna tell
you, and its default is on.
(30:41):
So if you enter the city andthis default thing is that
you're on a Verizon Wi-Fibackbone, don't.
You have 5G and four bars, turnon your VPN and use it that way.
Any Wi-Fi that justautomatically happens because
you have an account, you want togo into settings and control it.
You do not want it to beautomated.
SPEAKER_03 (31:02):
Is Zell and PayPal and Venmo all of this?
Are those secure?
SPEAKER_00 (31:06):
Okay, so Zell is very secure now, but I'm again
the mantra, it is secure as howyou have protected your bank
account.
So when um Zell was sued, whenWells Fargo and JP Morgan Chase
and Bank of America were suedbecause of the Zell scams, okay,
in December 2024, that lawsuitwas dropped.
But part of what they did tomake it safer is there's no more
(31:30):
Zell app.
So you are putting in someone'sphone number or an email address
to send them Zell money, andit's going bank to bank.
And it's not a wire, it'sprotected under EFTA electric
funds transfer law.
So it's much more protectedunless you're using a Gmail
address for your Bank of Americaaccount and maybe two-factor
(31:50):
authentication to a phone thatdoesn't have a SIM pin, and a
crappy password, and a user IDthat's your your your favorite
pet of all time.
All right, so it's a secure, andyou should not have it sent to
email.
When you put that nice secureencrypted email on your bank,
you don't use that for Zell.
Nobody knows about that exceptthe bank of record.
(32:10):
So you but Zell is fine, andalso PayPal and Venmo if you
secure that account well.
Here's my thought about all ofthese things.
The credit card that's in yourApple ID that you buy apps with,
the card that you set up forPayPal if you're using a card,
the credit card that you keep onrecord for things like Apple Pay
(32:34):
and your Apple ID should be acredit card where you do not
have a checking account orbrokerage.
Because a fraudster lovesnothing more than when they go
in, you're like, oh, that's aCitibank card, and they have
city checking, they have citybrokerage, and off they go to
try and get into that account.
Because if they can impersonateyou and log in, they have
(32:55):
everything.
So when you're online, it's theopposite of what were raised.
Go get one of those pre-approvedcard offers of yours.
Do not have the credit card thatyou store for payments for
highly targeted things haveanything to do with your bank
and brokerage.
You see the pattern here, you'reremoving it from site.
SPEAKER_03 (33:16):
I I have a credit card like that.
I'm gonna do that.
SPEAKER_00 (33:18):
That's what you do.
And when you travel, that's theone you bring.
SPEAKER_03 (33:21):
Oh, really?
SPEAKER_00 (33:22):
Do not travel with a credit card that's also tied to
your brokerage account.
And try not to check bankbalances and all that when
you're traveling on vacation.
And I mentioned this becauseit's summer now.
SPEAKER_03 (33:32):
Why tr oh yeah, right.
By white traveling, is it more,am I more vulnerable when I
travel?
SPEAKER_00 (33:38):
Everything you do, yes.
Everything you do is public.
You're going from an airport ora train or whatever that's
public Wi-Fi, you're going to ahotel, another great target.
Okay?
Sit in a hotel lobby, have adrink, pick out the hacker.
Everybody's on public things allthe time.
All right, everyone has theirgeolocation on.
The other thing is, you know,here's mantra.
Post your pictures of Notre Damewhen you're already at the
(34:01):
Eiffel Tower.
Don't do it in real time, okay?
Don't Why?
Because you can turn a cyberattack into actual burglary and
take off your biometrics.
You know, when you're sittinghere at home and you have your
face ID that gets you in yourfingers, I don't want someone
punching you, putting your faceup and taking your phone, and it
happens all the time.
SPEAKER_03 (34:20):
Yeah, I took it from all the financial, but it opens
the phone.
SPEAKER_00 (34:24):
Okay, so that's bad when you travel or when you're
in the city.
Don't.
You know, if you're in a ruralenvironment in a low-risk
environment, it's fine,especially at home for your
convenience.
And older people who are goingto nice hotels, there's nothing
a hacker in Froster loves more.
It's like, let's follow them forthe airport.
They're dressed well, they looknice.
They just checked into afour-star or five-star.
Yay, let's go get them.
(34:45):
Let's go see what apps they haveopen, let's go see how much
they're protected.
And you can call Apple andthey're like, they can't break
into their architecture, butthey don't care about your
architecture.
They care about what you havegoing on in the cloud.
Okay?
They just want to know where youbank and if they can crack open
that Apple ID.
You know, and understand thatyou can be watched when you
don't think so.
SPEAKER_03 (35:05):
What is the biggest cyberattack you worked on?
SPEAKER_00 (35:08):
I can't name things.
No, not don't name the company.
Two things.
So in the White House and theNational Infrastructure Advisory
Council, we do look at criticalinfrastructure.
SPEAKER_02 (35:17):
Okay.
SPEAKER_00 (35:18):
Okay, so there were things that we looked in there,
like the grid and transportationand things like that.
Large nonprofit that wasbreached really badly.
SPEAKER_03 (35:28):
Um the donors' information was taken?
SPEAKER_00 (35:33):
And yeah, they love donor information.
And um, when you make adonation, please just go to the
website, do it there.
Don't use the apps, don't dolinks, even if you're a
long-standing member, never useGoFundMe.
You know, even Who and the RedCross were cloned during COVID.
If you think a ransomware attackis not stealing personal data,
(35:54):
you need to watch more gangstermovies.
They kill the guy and they storehim in a junkyard and they go
offshore for months until thingslay low.
There are literally junkyards inthe dark web.
They're called junkyards.
If they steal a lot of dataafter a ransomware attack, they
store it somewhere and they golay low.
And then six weeks to threemonths later, boom.
(36:18):
You're gonna see it.
In threat intel systems, you cansee this stuff happening.
The law and its mechanisms arejust a little behind the
criminals at this point.
SPEAKER_03 (36:27):
What's the most common hacking you see for
private people, not bigorganizations?
SPEAKER_00 (36:31):
Email, email account takeover.
SPEAKER_03 (36:33):
So they take over the email and then what?
SPEAKER_00 (36:35):
91% starts with an email account takeover.
And then I go look for all youraccounts with that email, and
I'm just you.
Hi, I forgot my password.
Reset.
Okay?
I just have the emails.
I can just impersonate you.
Email and spoofing on the phone.
What is spoofing?
That's what you just worked veryhard to oh, changing the SIM?
(36:58):
Right, where the authorizationcode is forwarded to another
phone from SIM swapping.
Just swaps up for another SIM.
Very, very, very common.
SPEAKER_03 (37:06):
Oh my god.
SPEAKER_00 (37:07):
And that's why the move you'll see in secure
environments, they use anauthenticator app instead of
text to your phone.
Because an authenticator appdoes not use sim technology.
Also, while traveling, when yourent a car and you're just like,
great plug in, Google Maps,delete your profile when you get
out of that car.
Because if I hop into youraccount, when was the last time
(37:29):
you logged out of a Gmail orYahoo?
You just open your computer andthere you are, isn't it?
Is that fun?
I've seen people go from theirGoogle Maps into their Google
account and then they're off tothe races.
Don't leave that stored in arent a car.
You'll notice that if youdownload Google Chrome and open
up settings, here's a littletest.
Okay, after two minutes on yourcomputer with Safari, all of
(37:50):
your passwords stored in Safariare magically going to appear in
Chrome because they'll make ahandshake unless you turn it all
off.
Export those things out of thebrowser.
That's a public space.
It's prevention, is what youwant.
You know, it's really funny.
In this culture, black cats areconsidered bad luck.
Right.
This is totally misunderstandingthe black cat.
(38:11):
If you go into ancient cultures,the black cat is good luck.
Why is that?
Because if a black cat crossyour path, it warns you that bad
luck is coming.
Warnings are good.
So it's very interesting inJapan.
When I was in Tokyo, I thoughtit was so cute.
Every security firm's logo,whether it's physical or cyber,
is all a black cat.
(38:32):
So think like that.
You want to be warned.
And then go look and shoreyourself up because I promise
you, incident response andmitigation of identity theft and
breaches of your bank accountwill take forever.
It's expensive and it's verypainful.
And it's horrible to see.
And so much of it ispreventable.
So much of it is preventable.
SPEAKER_03 (38:50):
Mostly via email, you said.
SPEAKER_00 (38:52):
Yes, and your phone.
SPEAKER_03 (38:54):
But in order to steal my identity, they need my
social security.
It's not stored on my phone.
SPEAKER_00 (38:59):
There's 200 million of them out there thanks to ATT
and Verizon last year.
SPEAKER_03 (39:03):
Okay, let's talk about money.
If somebody just starts in thecr cybercrime prevention uh
business, how much money canthey make?
SPEAKER_00 (39:11):
So it would depend on your education, like
anything.
Right.
If you come into a threat intelcompany and you're you just want
to get your foot in the door,you haven't studied any of this
in college, you know, lifedoesn't end after college, who
the heck cares?
Get in there in some way.
Okay, in whatever department,and then learn.
Okay.
So then you're looking atprobably lower end entry-level
(39:32):
salaries that are, you know,probably between 30 and 50,
depending on the company anddepending on your if you have a
law degree and you want to takea left, lawyers are very useful
because they know how to usethreat intel data on both sides.
It's on the prosecution anddefense.
Anyone who took accounting, begreat at this.
(39:54):
You know, get extra fraudcertificates and you, you know,
then you're and then you're insix figures.
Wow.
Six-figure industry becausethere's a shortage of people who
know how to do these things.
And you don't have to look twiceto see the need.
The need will always be there.
Yeah.
SPEAKER_03 (40:09):
And what kind of skill do you need to have in
order to be able to be a goodcybersecurity person?
SPEAKER_00 (40:14):
You need to be a good data analyst.
So you can take data analyticstoo.
What does the data mean?
How do you map it?
How do you see the matrix?
Okay.
Um, that definitely andpsychology, criminal psychology.
Yeah, you said that.
Go get a criminal justice degreeand learn how criminals behave.
Because there is no physicalcrime that happens anymore
(40:36):
without Intel.
SPEAKER_03 (40:37):
This is a lot to know.
My head has been blowing upalready.
SPEAKER_00 (40:40):
I've also been doing it for many, many years.
So what is very important is youstudy banking and payments.
Okay?
I worked in both of thosefields.
Okay.
Study how money moves.
And it's fascinating.
It's a super fun.
If you are interested inresearch and stuff, it's really
fun.
And then how it dovetails with acriminal mind.
(41:01):
Learn about white-collar crime.
Learn about the psychology ofdeviance.
Take psychology, take sociology,take pathology, accounting, and
your and your cybersecurity, andknow how things work, not just
not to click on something.
So you take those things, butyou focus really on the human
behavior part.
(41:22):
If you understand criminalbehavior, you will understand
how not to be a victim.
And you actually know more thanyou think you know.
You don't have to bemath-oriented as much as you
think.
A very good, like investigativereporting is very good to study
as well.
Because there aren't a lot ofpeople who do it.
It's a great field, it'scompletely understaffed, and
(41:43):
there's a lot of employment init.
SPEAKER_03 (41:44):
So you don't really need to have a tech background.
SPEAKER_00 (41:47):
It's very good to have a tech background.
It's good.
And hands-on tech.
Okay.
Yeah, and go.
SPEAKER_03 (41:51):
Do you need to know how to code also?
SPEAKER_00 (41:53):
Coding is very easy.
So when you learn Threat Intelsystems, you will have to learn
some coding languages.
There are also some great toolswhere you can go and learn to be
an analyst and take these onlinequizzes, like here's a malware
thing, here's the problem, andyou can work it out on these
little modules.
Learn what malware is and how itworks.
SPEAKER_03 (42:13):
I hear that seniors in particular are vulnerable to
attacks.
Why is that?
SPEAKER_00 (42:18):
When you are below the age, this is why seniors are
in danger.
When you are below the age tocollect Social Security or when
your IRA is locked up.
SPEAKER_02 (42:28):
Right.
SPEAKER_00 (42:28):
Right?
Like you have to have a penaltyand all the bank's protected,
and there's a moving things andthere's forms to fill out and
all that.
All that gets taken down whenyou're 59 and a half.
You can just go remove moneylike it's a checking account.
Easier to hack into.
When people collect SocialSecurity, that's why there's so
much emphasis on Social Securityfraud.
This is what happened duringCOVID is people use those
numbers to go collectunemployment or to divert social
(42:52):
security.
And then you have retirees,people who are over 60 have more
money than people who are 20.
Right.
If you have your mortgage paidoff, you're more vulnerable.
SPEAKER_03 (43:03):
Yeah, because they can take your property.
Yeah.
I heard that, yeah.
SPEAKER_00 (43:06):
Totally.
And but there's things that youcan do from all of it.
You just the vigilance there andthe senior attacks really make
me mad.
We focus a lot of our businesson making sure that doesn't
happen.
And then they sit around waitingfor trusts and wills and
financial transfers.
So those are important to put inplace.
SPEAKER_03 (43:25):
So most of the stuff that you deal with, is it
preventing uh hacking or is itrepairing?
SPEAKER_00 (43:33):
Unfortunately, we get a lot of incident response
and mitigation, which is reallypainful and expensive.
I if people have been on theirphones since 2008 and have never
gone through what we call breachdata cleanup, we highly advise
it.
We do run cybercrime boot campsat theaters and synagogues and
other places to show people whatthey need to do, and if they
(43:55):
need our help, we help them.
Because if you don't preventnow, it's kind of inevitable.
COVID overworked a lot ofnetworks.
So the IRS- What do you mean bythat?
So when when we were all inCOVID and everybody's online all
the time, there werevulnerabilities, and the hackers
got a lot more sophisticated,and the systems were burdened.
(44:16):
Okay?
So the IRS had breaches, the MLSsystem in real estate, the DMV,
even who and the Red Cross werecloned because it's just so much
traffic, and there wereopportunists.
So those things, and you coupledwith huge telephony breaches
from ATT and Verizon last year,there's a lot of stuff out
(44:36):
there.
And whatever your politics are,I would highly recommend
watching the 60-minute segmenton cybercrime and the dark web
that aired in May last month.
It explains a lot about cybercriminals.
Um, and you can also go to mywebsite at zerohacksecure.com
(44:58):
and hit play on the short videothat explains it.
SPEAKER_03 (45:02):
Rivka, thank you so much.
This is wealth of information.
I have to listen to the wholething again because I got a
headache from all thevulnerability I'm exposed to.
SPEAKER_00 (45:10):
But it's an exciting field and it's there's a lot of
opportunity in it.
SPEAKER_03 (45:17):
Okay, that's a wrap for today.
If you have a comment orquestion or would like us to
cover a certain job, please letus know.
Visit our website at how muchcani make that info.
We would love to hear from you.
And on your way out, don'tforget to subscribe and share
this episode with anyone who iscurious about their next job.
(45:37):
See you next time.
If you understand criminal behavior, you will
understand how not to be avictim.
And you actually know more thanyou think you know.
I promise you, incident responseand mitigation of identity theft
and breaches of your bankaccount will take forever.
It's expensive and it's verypainful.
And it's horrible to see.
And so much of it ispreventable.
SPEAKER_03 (00:23):
Hi, welcome back to How Much Can I Make?
I'm your host, Miravozeri, andtoday we're stepping into the
high-stake world ofcybersecurity.
Our guest is Rivka Tajra, CEOand co-founder of Zero Hack.
Rivka is a top cybersecurityexpert who worked with the White
House, major corporations, andprivate individuals to prevent
(00:47):
cyber attacks and identitytheft.
Let's tap into her expertise andfind out what we can and should
do to protect ourselves in thisdigital world.
Well, Rivka, thanks a lot forwilling to participate and
giving us your time.
I have millions of questions, ofcourse, because that totally
concerns me, security.
(01:08):
I was hacked.
So let's start by first tellingme how did you get into doing
cybersecurity?
SPEAKER_00 (01:15):
So, first of all, thank you for having me on.
And um, well, I started as ajournalist in the late 80s,
early 90s.
I was on the team with the WallStreet Journal, who put the Wall
Street Journal online in what wecall the OJ years in 1994.
And then I was covering privacy,security, identity theft, as
(01:36):
well as AI, machine learning,data mining, and supply chains.
SPEAKER_03 (01:40):
Already in 94, you would were dealing with AI?
SPEAKER_00 (01:42):
Well, because in AI, a lot of what is called AI now
is machine learning.
SPEAKER_03 (01:46):
Right.
SPEAKER_00 (01:46):
So that was the beginnings in data mining and
putting those systems together.
SPEAKER_03 (01:51):
Didn't know that.
So okay, so now you are anindependent contractor, right?
That deals with security.
Tell us what you do.
SPEAKER_00 (01:59):
So um we're actually going to celebrate our 10th
anniversary next month of ourconsultancy.
What we do is we protect peoplespecializing in financial
protection and securecommunication.
SPEAKER_03 (02:14):
Okay, what does it mean financial protection?
SPEAKER_00 (02:16):
Protecting the cyber equivalent of putting your banks
and brokerage in witnessprotection.
So I also worked in FinTech inbanking, and I was on the White
House National InfrastructureAdvisory Council for Critical
Infrastructure in the bankingindustry, appointed by Obama,
but worked through Trumpadministration.
So I have specialty in howpayments and banking work, and I
(02:41):
covered it a lot as ajournalist.
Then I moved to work for fintechand banking companies.
So what we do is we investigate.
Here you are, right?
Mirav, you have email addresses.
You've been online since we allgot this Steve Jobs remote
control of our planet in 2008,right?
SPEAKER_01 (02:59):
Everything was free.
SPEAKER_00 (03:00):
Free email, free this, you can get everything.
And so we ran for convenience.
And those email addresses andthe telephony side of your
phone, which I'll get into, arewide open doors.
Okay?
Everyone's heard about the termsphishing, okay?
If they hack into your email andcan impersonate you, that's
called an account takeover.
(03:21):
And then thanks to AT ⁇ T andVerizon last year, they breached
all of our data and socialsecurity numbers.
I can be Mirov.
So what we do is we use cyberthreat intel systems that are
closed systems.
We look anonymously in threatintel systems to see what of
yours has been exposed.
Can someone take your phone andforward authentication codes to
(03:43):
another phone?
Can someone be you with youremail address?
And what kinds of cyber criminalgroups are targeting you?
So first we do that.
I'm a data-driven person.
SPEAKER_02 (03:53):
Okay.
Okay?
SPEAKER_00 (03:54):
So first I get the data.
Okay.
I look it up.
And we need scary little to findthis out.
Literally, your name, middlename helps if you have a common
name, birth date, legal address,your IP addresses, phone number,
and your email addresses.
And that's it.
And I never look at anyone'sfinancial balance.
I don't look at sensitiveinformation, and we can see if
your social security number hasbeen texted to someone else.
(04:16):
But essentially, you you have toget the data and see where the
vulnerabilities are.
And if they are into your emailor your phone or your systems,
how they got in.
Once we know how they got in, wecan kick them out.
And one of the most importantthat's the service part.
If somebody has your socialsecurity number, they can't do
anything with it.
Or that they can't access yourbanks and brokerage because
(04:36):
we've created a new identity foryou with those.
Because once data's breached outthere, the toothpaste is out of
the tube.
You are never putting that back.
So sometimes it's a pain in theneck.
I might tell you, you know thatGmail you've had for a hundred
years?
You've got to get rid of it now.
Okay?
And then you have to migrate it,you have to move your contacts,
but you need encrypted secureemail for your bank and
(04:57):
brokerage that never sees thelight of day that you never use
for anything else.
How can I get the encryptedemail?
You can go to proton.me inSwitzerland and get a proton
mail.
Russian oligarchs use it toprotect their Swiss bank
accounts, and now so can you for$3.99 a month.
Think about it.
Proton mail for protecting Swissbank accounts.
Do you think somebody's using aGmail to protect a Swiss bank
(05:19):
account?
SPEAKER_03 (05:20):
Okay.
SPEAKER_00 (05:20):
No.
Actually, if somebody tries tocrack your password though, the
whole inbox turns to some pigLatin version of Cyrillic.
Even for you, if you lose it.
Okay?
It's designed to protect.
Other thing that you can do,depending on where your email is
hosted, is things like SpamAssassin, these little add-ons
that you can put on that reallydon't allow things into your
(05:43):
server, especially if you'reusing a Gmail and you haven't
gotten an encrypted secureemail.
Encrypted secure email willthrow that stuff and it won't
even let it on your server.
It's like a it's like a big gunkair filter.
Every infiltration and the newIBM research reports and the new
Verizon reports, read thoseyearly.
You can download them.
The FBI ICS unit, the InternetCrimes unit, read their reports.
(06:06):
Over 90%, no exaggeration,happens by human error with
their email credential.
I want to double checksomething.
SPEAKER_03 (06:14):
Yeah.
If I email my broker, if Idelete it and delete the trash,
I'm safe?
The inform no?
No.
SPEAKER_00 (06:20):
At Yahoo, they store all that crap on a server that
they've long abandoned.
If you didn't change over toOutlook mail and get encrypted
mail and Outlook, you know, theydo offer encrypted email servers
or your hot mail or that prodigything that ATT owns, okay?
Anyone with one of those Yahooaccounts that became a prodigy
(06:41):
account, that is all subject tothe ATT brief.
SPEAKER_03 (06:43):
So hold on a second.
If I communicate on WhatsApp,WhatsApp is encrypted.
SPEAKER_00 (06:47):
No, it's not.
Zuckerberg bought it, and noweverything meta is integrated
into it.
That's why the whole world movedto Signal.
SPEAKER_03 (06:55):
Signal.
SPEAKER_00 (06:55):
Yeah.
So now, and when that goes tohell, I can come back and tell
you what's new.
The cyber criminals is what youshould be worried about.
It's organized crime.
It's not a 40-year-old guy inhis bathrobe still living with
his mother.
These are well funded.
They have the best hackers inthe world, and they have
supercomputers.
They can run everything aboutyou in social media and in 10
seconds know the password toyour email if you have not
(07:19):
protected it.
Okay, this is very, verysophisticated.
So what you're looking at is thecyber criminals and protecting
yourself from those criminalgangs.
And you know, usually they don'thave ideology.
They just path of leastresistance, where can I break in
and get money?
How can I assume someone'sidentity?
There are six attack surfaces.
(07:40):
These are the high-riskbehaviors.
Crypto, activism, ancestry sitesget off of them all right now,
porn, gaming, and dating sites.
There are ways to do all ofthese safely, except for
ancestry.
And it's a shame because when23andMe was breached, okay, and
they only stole a database ofAshkenazi Jews.
SPEAKER_02 (08:02):
Really?
SPEAKER_00 (08:03):
Yep.
Alright, so why do they do that?
It could be someone who uh wantsto sell to Pfizer a database so
that they can make a drug toprevent Tay Sachs disease.
Or it could be someone who hatesAshkenazi Jews.
It could be anything on thatspectrum.
Class action suit, and now 23and me is gone.
SPEAKER_02 (08:21):
Right.
SPEAKER_00 (08:22):
But the data's not gone and it's in junkyards
somewhere.
And it's a shame becausesomething like 23 and me, so
many people, if they wereadopted, because it was
medical-based.
Right, right.
But it's in a magnet for hackersbecause they know there's all
kinds of data in there.
The other places to be supercareful, you're getting a
divorce.
What's not in a separationagreement?
Be careful how you communicateto your lawyer.
(08:43):
Not only do you know howeverything's divided, you know
who got what and where it is.
So think, you gotta learn tothink like a criminal.
And accountants, forensicaccounting, they're so good at
this.
Some of my best sources that Ibrainstorm with are forensic
accountants.
They get this immediately oncethey tune into it.
Because they know how moneyflows.
And the more you know aboutmoney flow, about accounting,
(09:06):
real estate lawyers are great atthis.
I have some great sources that Iuse who are realtors because
they know when something looksweird in MLS, and MLS was hacked
in 2023.
unknown (09:18):
Wow.
SPEAKER_00 (09:18):
Okay, so if you've ever bought a house or sold a
house or rented a house, do youknow what is stored in an
average real estate officeprinter?
In the why it's stored?
In the printer.
Because they're like, oh, I haveto print out the this person's
whole financial picture.
They sent me proof of income.
And it's stored?
It's it's stored.
Look at network printers and seehow often they're cleared.
(09:38):
Medical people know theconfluence of data and have
great aptitude for this.
Okay, and now with telemedicinethere, all of that, that's why
they keep getting breached.
There's juicy information thatgoes on for years to socially
engineer people.
What is this dark web?
SPEAKER_03 (09:54):
Can you actually see what's there?
SPEAKER_00 (09:55):
It's like a mall.
Of course you can see it.
So can I go in and see if myinformation is in there?
Well, you don't want to youdon't want to like be noticed in
there.
You want to go in anonymously orposing as a fraudster buying
stuff because you'll be seen amile away.
You need to be anonymous to godo it and watch what they're
doing to do it.
Do you do that?
Yeah, of course.
That's what threat intel systemsdo.
(10:17):
And we use one that's mirroredthe infrastructure of the dark
web.
And it's amazing.
SPEAKER_03 (10:20):
Oh my god.
SPEAKER_00 (10:21):
So we can watch what they're doing, and you query it
in many languages.
SPEAKER_03 (10:25):
You literally see people there buying and selling
information.
SPEAKER_00 (10:28):
Yes, there are trajectories where you can see,
sometimes you can place them bylongitude and latitude.
Trading data.
I mean, it's not a little avatarguy, but it's your identity.
Wow.
The problem with this crime isthat it pays, and there's only
0.05% of the time that anyone'sever caught because you don't
have to be seen.
SPEAKER_03 (10:47):
So you said secure password.
How can I secure my password?
SPEAKER_00 (10:52):
Well, first of all, never ever use an automated,
auto-generated password.
Two reasons why.
Whoever is offering toauto-generate your password is
keeping a database of thosepasswords.
SPEAKER_03 (11:03):
Even the very complicated, very long password
that it's AI.
SPEAKER_00 (11:07):
AI is not good at implementing ideas or being
creative, but if it's out there,they can grab it.
The other thing is it's ahacker's dream.
So let's say you have automatedpasswords generated in a
password manager.
Those are stored in a placebecause you can't have everybody
with the same passwords, right?
Right.
So if they get to that attacksurface and they say, Oh, who
(11:28):
has accounts here?
Great, let's go get the that'sthe first thing they'll go for.
Let's go get the database of theauto-generated passwords, run it
against the accounts and seewhere we get in.
You need a system where youcontrol things, where all the
locks are yours to put on andtake off.
Like freezing your creditreports.
Okay, once Equifax was hacked,people in my industry, we
(11:49):
lobbied, it became rule that youget to freeze your credit
report.
SPEAKER_03 (11:53):
Right, I did that, yeah.
SPEAKER_00 (11:54):
Right, and people are like, well, I don't have an
account there.
I was like, great, well, theyhave had a dossier on you for 50
years.
So you create that onlineexperience so you control
whether it's frozen or not.
You want to go for apply for aloan, you say, which one are you
looking at?
And you only unlock that one 24hours before, you let them do
it, and then you lock it backup.
Okay?
And the most important thingabout security is don't tell
(12:17):
someone what you're doing.
Misinformation is a good thing.
What do you mean by that?
When you create a new personafor your banks and brokerage,
and you have an encrypted email,you have two-factor
authentication, you have gooduser ID and password, you have
excellent hygiene when you doonline banking and where you do
your online banking and how youdelete your browsing data and
(12:39):
how you sign out instead of Xingout.
Your habits, how you call yourbank and brokerage and say, no
wires ever go out of my accountunless I'm in branch.
SPEAKER_03 (12:47):
Uh hold on a second, you said something important.
Deleting your browsing history,you said.
SPEAKER_00 (12:52):
Absolutely.
SPEAKER_03 (12:53):
On a daily basis?
SPEAKER_00 (12:55):
Absolutely.
When you can visualize how cybercriminals see what you're doing,
then you really tune in to theseprinciples, and then you just
apply the principles in yourlife once you click into it.
And you know, people tell me allthe time, you know, I I'm not
this is the era of the kids, I'mnot good at this.
I disagree.
I work with seniors, a lot ofseniors mostly, because they're
(13:19):
they're hard to protect and theyhave a lot to lose, and they're
main targets.
Actually, they're much better atthis than my 24-year-old
daughter.
Because you know crime and youknow criminals and you know
criminal minds.
But you have to know whatthey're seeing and how they
follow you.
You have to know what akeystroke logger is.
That's everywhere you browse onthe internet.
Little pieces of malware in thatbeautiful little Gmail of yours,
(13:41):
or Yahoo, or a Hotmail, or anyfree mail, AOL, that sells your
email to advertisers.
What is a keystroke logger?
Exactly what it sounds like.
It logs your keystrokes.
It's an info stealer, okay?
And you have to find out in allof your settings whether there's
anything on there.
On a PC, you go into your taskmanager.
In your Apple computer, you goto the activity monitor, and
(14:02):
look at all the crap running inthe background in your computer.
And if you see anything inChinese or Russian, you call me.
But if you see the words Zendesk, MSPY, like, um, or numbers
with KK.txt, those are infostealers.
What browser is the best one touse?
It doesn't matter.
They're all the same.
It's how you set them up thatmatters.
You set them up for zero trust.
(14:23):
What do you think that Googleand Microsoft and um Apple and
Firefox are doing with all thatdata if you don't set it?
How do you think they selladvertising?
They gather your analytics andthey sell it to each other.
SPEAKER_03 (14:35):
But how can I set it so they don't do it?
SPEAKER_00 (14:37):
It's all in settings.
This is what I encourage peopleto do.
Log on to any app that you useand click on that stupid little
gear shift or the three dots orthe three lines and go through
every single setting in there.
And anything that looks like,share my data, give analytics,
personalize, turn it off.
Anything that says, remember me,say no.
You do not want AI to grab thisinformation and sell it off into
(15:02):
the dark web.
The more information they haveabout you, and if you've ever
been hacked, you're worth moreon the dark web.
You go from being worth that 50cents to marketers to being
worth thousands.
And the other thing to rememberthat's super important is
everybody looks at their phone,they're like, I either have a
droid or an Apple.
Apple will say, nobody can bustour architecture.
I was like, who cares?
Nobody, you don't have thesecret sauce to Coca-Cola on
(15:23):
your computer.
That's not what I want.
I want the telephony side.
Your phone is Verizon or ATT orT-Mobile.
Apple is in the cloud.
How are you protecting thatApple ID?
With a Gmail?
All right?
If I go and hijack your AppleID, all right, and I change the
phone number and I change theemail address and I lock you
out.
I have everything in your cloud,I have the credit card you have
(15:44):
to store apps.
You call Apple, even with aserial number or an IMEI number
on your phone, and they will nothelp you.
So it doesn't matter what thearchitecture is, everything we
do is online and in the cloud.
And you have to have the samemantra of protection.
You have to protect thecredentials that guard the
accounts, and then you'll besafe.
SPEAKER_03 (16:04):
So, for example, people put credit cards in Apple
wallet.
Is that safe?
SPEAKER_00 (16:10):
It's as safe as how you guard your account.
Look, I am not willing to golive in the woods with a shotgun
on my porch, okay, and a roll ofbills under my mattress.
Okay.
You know, some people are, but Ilive in this world and I love to
shop and do everything else.
Right.
You have to protect the SIM,which is the telephony side of
your phone, so that no one cantake those authorization codes
(16:30):
to your bank and forward themsomewhere else.
And no phone company will evertell you the piece of advice I'm
going to give you right now.
You have to protect your AppleID by not allowing remote access
to it, and you have to have aVPN on your phone, and you have
to secure encrypted emails forany account that you have that
does payments.
And then you take your Gmailaddress and you leave your what
(16:52):
I call your trash persona outthere.
Let them pick at that until it'sjust bone.
Because it's already out there.
You change you surgically removewhat is financial from your
breached data that's out there.
You put it under a lock and keywhere it's not going to be sold,
and that's how you protectyourself.
SPEAKER_03 (17:09):
I have malware on my computer.
That doesn't give me really anysecurity except for virus,
right?
SPEAKER_00 (17:14):
No, no, anti-malware.
You mean malware bytes?
Yeah.
Something like that.
Okay, so this is a veryinteresting point.
You need a VPN with that.
So what malware bites does is itlooks on your hard drive.
Are there viruses or is theremalware on your hard drive?
Okay.
What a VPN does, it does twojobs.
(17:35):
One, it monitors your networktraffic.
The VPN, the mothership, itmonitors for keystroke loggers,
viruses, malware, um, adtrackers that track you and then
sell all your data.
VPNs are very powerful now.
It used to be for enterprises.
You can click on ad and trackingblocking, you can click on
(17:57):
anti-malware.
That is not something malwarebytes can do.
What that mothership does in aVPN is it prevents you from
downloading anything bad.
Most malware and stuff eithercomes through your email that
Google sells and promotionpeople can say they have to read
it before they delete it, andreading it can load the malware,
or they have to read it, theyhave to click on it three times,
(18:18):
or some crap, so it stays inyour computer, but it also will
quarantine any PDF orvirus-filled document.
Okay?
And so you can look at it, itkeeps it on a server.
The other part of a VPN that youembed in your browser and an
extension masks your IP address.
SPEAKER_03 (18:38):
Is there a particular VPN?
Because I looked into it oncewhen I got the paranoid hour
paranoid hour.
And there are so many to choosefrom.
How do I know what features are?
SPEAKER_00 (18:47):
It's a good question.
So I just want to preface thisby saying I take no referral
money, affiliate money, anyonefrom anyone I recommend or say
is bad.
Okay.
Because I have to stay clean.
SPEAKER_03 (18:56):
Yes, of course.
SPEAKER_00 (18:57):
Okay.
Right now we like Nord VPN.
We like Nord VPN for severalreasons.
When we look it up on our ThreatIntel systems, we don't see
infantry stealers on theirdomain.
We don't see a lot of employeeaddresses that have account
takeover.
Okay?
What if there's an employeewith, you know, they're looking
for that access to thoseaccounts?
(19:18):
We see very, very few.
Their parent company is based inAmsterdam, probably protecting
the de Beers, okay?
SPEAKER_02 (19:25):
Right.
SPEAKER_00 (19:26):
Remember, the people who really have the most money
in the world are not talkingabout it, okay?
So Europe's privacy laws are waymore developed than ours are.
They're stronger.
So this type of application grewup in an environment where it's
it's very, very careful.
If you keep it updated, they'reconstantly studying the
(19:47):
mutations of malware and thenbringing the inoculation.
That one thing to remember abouta VPN is definitely there's a
lot, there's a lot of good onesout there, but test your
internet speed with or withoutit.
One of the things we like.
About Nord, it doesn't degradeinternet speed.
SPEAKER_02 (20:02):
Okay.
SPEAKER_00 (20:02):
So sometimes, like Proton has a very good sister
application.
It's a great VPN if you live inSwitzerland.
But it's protocols here, yourzooms will freeze.
You'll turn it off.
It will drive you crazy.
So that's a big configuration.
It's overwhelming.
It is.
It's like taking a sip from afire hose, but the best thing to
do is not to think of it all atonce.
(20:24):
The first thing I do in a house,go change the Wi-Fi password on
your router.
Okay?
Many, many companies thatprovide your Wi-Fi service on
that router.
Right, spectrum provide money.
Okay, so my entire neighborhood,the first two words of the
password that's like imprintedon the router is the same for
(20:46):
everybody.
Okay, so if I'm smart enough andI shoulder surf on Wi-Fi, all I
have to do is run algorithmsaround against the last three
numbers.
I go anywhere and I can look upWi-Fi in your neighborhood, and
most people have not evenchanged the name from Spectrum
Setup F8.
Okay.
Oh, you have to change that too?
You can and you should changethat router password to
(21:08):
something Spectrum doesn't know.
Not because Spectrum is evil.
But Spectrum is a mobile virtualoperator of Verizon.
Verizon was breached last year,okay?
What's the first thing they'regonna do if they if they break
into Spectrum?
Let's go see all the passwordsthat they have stored, run them
against their list of accountsand see where we can hop in and
(21:28):
go take stuff.
So you gotta reduce your attacksurfaces and you have to think
like you're your own personalcorporation and who your
third-party risk is.
That's the first thing you do.
And you start here because yourIP address on every little
device is mapped to where youlive.
Right.
Okay?
So it's home invasion, it'sprotection against home
invasion, that router passwordand name.
SPEAKER_03 (21:50):
But you know what?
I was hacked through Chase.
I w they you know how they havedi double identification?
They never called me oranything.
Somebody got in a couple ofthings.
SPEAKER_01 (22:00):
Somebody turned it off.
SPEAKER_03 (22:01):
Right, and they took everything I had.
The bank gave it back to mebecause I was it a credit card
or a bank account?
SPEAKER_00 (22:08):
Bank account.
Were they did they wire you?
SPEAKER_03 (22:10):
They changed my address on my statements.
SPEAKER_00 (22:13):
Did they change your account number?
SPEAKER_03 (22:14):
No, they didn't change.
SPEAKER_00 (22:16):
Bad.
Bad.
They're gonna get a call from metomorrow.
That's very bad.
Chase has particularvulnerabilities to certain
organized crime groups that Iwill not mention on this because
we need to protect Chase thatare particularly good at the
code that iPhones are writtenin.
And after the ATT breach, thereason you never got the code is
(22:37):
because if you had not protectedyour SIM card or your eSIM on
your phone, SIM swapping iswhere they helped themselves to
that account, probably took yourSIM, forward that number to
somewhere else, and they got theauthorization.
Okay, ready?
SPEAKER_03 (22:51):
Yeah.
SPEAKER_00 (22:52):
All right, take out your phone and go to settings.
SPEAKER_03 (22:54):
Okay.
SPEAKER_00 (22:55):
This is what you want to do, folks.
All right, if you're on aniPhone, you want to go into
settings, that little gray gearthat you're gonna get really
familiar with.
You're gonna click on cellulardata.
Right.
You're going to scroll downuntil you see sim.
If you have an iPhone 15 orlater, you can put a pin even on
an eSIM.
Okay?
(23:15):
Okay.
You're gonna click on thatmanagement of pin.
SPEAKER_03 (23:17):
Oh, SINPIM.
SPEAKER_00 (23:18):
Yeah, you're gonna turn toggle it on.
Right.
Now, get this.
In their infinite wisdom, ATTand Verizon and therefore
Spectrum, the preset pin in yourphone is 1111.
Oh, okay.
T-Mobile's one, two, three,four.
Okay.
Google Pixel is one one one oneor zero zero zero zero.
There is not a fraudster on theplanet that doesn't know this.
(23:40):
Okay?
Has anyone ever put in yourstatement?
Then maybe you should go aheadand put this pin on.
No, never.
Okay, so you're gonna enter yourcurrent pin.
So it would be one one one.
Right.
Okay, hit done.
SPEAKER_03 (23:53):
Yeah.
SPEAKER_00 (23:54):
Okay.
Now does it say change pin?
Yes.
Click change pin.
Change pin.
Put in again the current pin.
One one one.
Hit done.
Does it say new pin?
Yes.
Okay, here's the drill.
Do not tell anyone your pin.
And by the way, if anybody insecurity ever asks you for a
bank balance or pin number, showthem the door.
Security is like a secret.
(24:15):
Only one person can keep it.
Okay?
Write this pin number downsomewhere.
Do not make it your cat'sbirthday, your birthday, your
favorite lucky numbers.
Okay?
None of that.
Random, random, random.
Look around a room.
Look at the clock.
Look at a thermostat.
Random that can't be sociallyengineered.
Put that darn thing on a stickynote.
(24:37):
Put it in your sock drawer,stick it on the butter dish in
your fridge, because you will begoing into ATT or T Mobile or
Spectrum to unlock it if youlose it.
SPEAKER_03 (24:46):
So it shouldn't be the same pin that I use for the
phone?
No.
No two pins should ever be thesame.
SPEAKER_00 (24:53):
Okay?
And if you don't want to put inan encrypted password manager,
you get yourself an address bookthat's alphabetized, okay?
And create redundancies.
And if you keep it on aspreadsheet, you password
protect that and you don't keepit in the cloud.
So you're gonna pick a new pinthat has four numbers, write it
down, and don't show it toanyone.
SPEAKER_03 (25:12):
Done.
SPEAKER_00 (25:13):
Okay, this alone has prevented what we call sim
swapping.
So that authorization code thatyou never got because someone
else did can't happen anymore.
SPEAKER_03 (25:22):
Oh, there was sim swapping?
SPEAKER_00 (25:24):
I'm guessing.
SPEAKER_03 (25:26):
Wow.
SPEAKER_00 (25:26):
I mean I'd have to look up your data, but if there
was authorization code.
So that means, so now, is thisfail-safe?
No.
Does she have to log into herSpectrum account?
Change the email address youstore on that account to a nice
encrypted email address, andthere are more than Proton.
PC Magazine has a great top 10list of encrypted secure emails,
(25:48):
different uses, business people,you know, it depends on what you
do.
Log out once you put in thatencrypted email, log back in,
then add your two-factorauthentication, change your
password, and if any accountwhere you store payment or make
monthly payments allows you tohave a user ID that is not your
(26:09):
email address, change it andmake it random.
No special interest, no cute um,you know, art figures, no
constellations you like, nothingto do with you.
Look around the room, pickrandom things.
All right?
And make sure that when it saysremember me, you do not.
Because all that informationstored in your browser, all you
(26:32):
need is one little info stealerin there, and all of that is
theirs.
But people forget that theirphone is actually the telephony
side.
And by the way, if you have adroid, just click on settings,
go to the search bar, and typein sim.
Same with Google Pixel phoneusers, okay?
And then the steps are the samefrom there.
And if you get locked out, if itsays one more try and you're
(26:54):
locked out, don't do it.
Go to the store where you payfor the telephony side and do it
there.
It could mean a couple ofthings.
It could mean outdated software.
It could be someone snorkingaround your phone in your um
account already.
Okay?
But if you are about to getlocked out, do not attempt it.
(27:16):
You will hate me and thispodcast forever, um, because
your phone won't work and yourtext won't work if you get
locked out of your SIM.
SPEAKER_03 (27:24):
Right.
You have to remember the code.
SPEAKER_00 (27:26):
Once you remember the code, you'll then once you
change your pin, here's the twotimes that you'll need it.
Okay?
If you turn off your phone allthe way and then turn it back
on, it'll say SIM pin locked.
You'll put in the password toyour phone and then it will
prompt you to enter that SIMpin.
The other time you're gonna needto enter that SIM pin is after
your iOS updates or yourSamsung, uh, you know, whatever
(27:49):
operating system are on otherphones.
Once it doesn't update, it willprompt you to have it.
Those are the only two times.
SPEAKER_03 (27:56):
I saw a documentary on HBO about cybersecurity, and
they recommend to turn off thephone every few days because
there are people out there thatcan get into your phone even
when you are out on the street.
SPEAKER_00 (28:07):
That's absolutely true.
And it depends if you're beingtargeted and by whom you're
being targeted.
Um, that's absolutely true.
So get yourself a Faraday pouch.
What is a Faraday pouch anddon't skimp on it?
Get that technology.
What is it?
Named after John Faraday, itblocks out all electrical
impulses.
Okay, so if your phone is offand in a Faraday pouch, it's
(28:31):
it's endless what we have to do.
But when you travel throughairports, throw it in that
Faraday pouch.
SPEAKER_03 (28:36):
Now, you told me a while ago that when I'm in
airport to turn off Bluetooth.
SPEAKER_00 (28:41):
Yes.
So here's an airdrop if you havean iPhone.
So here's why.
Bluetooth and airdrop are closeproximity theft mechanisms.
It's a backdoor into your phone.
So let's say you've changed yourSIM pin and you've you've
protected your Apple ID and youhave a VPN on, but your airdrop,
Bluetooth, location services areall on.
(29:02):
Backdoor.
So Bluetooth, I have to be nearyou to grab it.
Okay.
But it works just like if you'veever airdropped something.
Here, here's the password.
Okay?
So people, and by airports, Ialso mean Panera and Starbucks.
Okay, it's just airports areyummy and juicy because people
who have money to fly have moremoney than people who don't have
money to fly.
(29:22):
Right.
So they just like it and you'reon public Wi-Fi all the time,
and it's just a goodenvironment.
But somebody's sitting outsideof that Panera parking lot or in
that cafe, and anyone who'svulnerable, they're just looking
for them.
SPEAKER_03 (29:36):
When I'm in the city, all of a sudden I see that
I'm on Verizon Wi-Fi.
Should I get off of it?
SPEAKER_00 (29:42):
Uh yeah, make it your option.
You don't want anything to justmove your phone onto something.
Um, it's like on uh Spectrumrouters, there's a little
setting that's actually, if youlog into your account online and
go into a setting, you won'tfind it in as easily in the app,
and you log in, it's actuallyunder security.
It's actually under, you know,security shield.
(30:05):
But right next to securityshield, there's a little toggle
switch.
And that toggle switch isspectrum mobile access.
That means that anyone with aspectrum mobile phone can bypass
a lot of your security and logon.
SPEAKER_02 (30:20):
Oh my god.
SPEAKER_00 (30:20):
So that they can gather data analytics, okay?
I was a marketer for a long timeof who has a spectrum phone in
the area.
All right, they clusterneighborhoods with IP addresses,
they're doing data analysis allthe time, and some of it's for
good purposes, like outages.
You gotta turn that thing off,and no one's ever gonna tell
you, and its default is on.
(30:41):
So if you enter the city andthis default thing is that
you're on a Verizon Wi-Fibackbone, don't.
You have 5G and four bars, turnon your VPN and use it that way.
Any Wi-Fi that justautomatically happens because
you have an account, you want togo into settings and control it.
You do not want it to beautomated.
SPEAKER_03 (31:02):
Is Zell and PayPal and Venmo all of this?
Are those secure?
SPEAKER_00 (31:06):
Okay, so Zell is very secure now, but I'm again
the mantra, it is secure as howyou have protected your bank
account.
So when um Zell was sued, whenWells Fargo and JP Morgan Chase
and Bank of America were suedbecause of the Zell scams, okay,
in December 2024, that lawsuitwas dropped.
But part of what they did tomake it safer is there's no more
(31:30):
Zell app.
So you are putting in someone'sphone number or an email address
to send them Zell money, andit's going bank to bank.
And it's not a wire, it'sprotected under EFTA electric
funds transfer law.
So it's much more protectedunless you're using a Gmail
address for your Bank of Americaaccount and maybe two-factor
(31:50):
authentication to a phone thatdoesn't have a SIM pin, and a
crappy password, and a user IDthat's your your your favorite
pet of all time.
All right, so it's a secure, andyou should not have it sent to
email.
When you put that nice secureencrypted email on your bank,
you don't use that for Zell.
Nobody knows about that exceptthe bank of record.
(32:10):
So you but Zell is fine, andalso PayPal and Venmo if you
secure that account well.
Here's my thought about all ofthese things.
The credit card that's in yourApple ID that you buy apps with,
the card that you set up forPayPal if you're using a card,
the credit card that you keep onrecord for things like Apple Pay
(32:34):
and your Apple ID should be acredit card where you do not
have a checking account orbrokerage.
Because a fraudster lovesnothing more than when they go
in, you're like, oh, that's aCitibank card, and they have
city checking, they have citybrokerage, and off they go to
try and get into that account.
Because if they can impersonateyou and log in, they have
(32:55):
everything.
So when you're online, it's theopposite of what were raised.
Go get one of those pre-approvedcard offers of yours.
Do not have the credit card thatyou store for payments for
highly targeted things haveanything to do with your bank
and brokerage.
You see the pattern here, you'reremoving it from site.
SPEAKER_03 (33:16):
I I have a credit card like that.
I'm gonna do that.
SPEAKER_00 (33:18):
That's what you do.
And when you travel, that's theone you bring.
SPEAKER_03 (33:21):
Oh, really?
SPEAKER_00 (33:22):
Do not travel with a credit card that's also tied to
your brokerage account.
And try not to check bankbalances and all that when
you're traveling on vacation.
And I mentioned this becauseit's summer now.
SPEAKER_03 (33:32):
Why tr oh yeah, right.
By white traveling, is it more,am I more vulnerable when I
travel?
SPEAKER_00 (33:38):
Everything you do, yes.
Everything you do is public.
You're going from an airport ora train or whatever that's
public Wi-Fi, you're going to ahotel, another great target.
Okay?
Sit in a hotel lobby, have adrink, pick out the hacker.
Everybody's on public things allthe time.
All right, everyone has theirgeolocation on.
The other thing is, you know,here's mantra.
Post your pictures of Notre Damewhen you're already at the
(34:01):
Eiffel Tower.
Don't do it in real time, okay?
Don't Why?
Because you can turn a cyberattack into actual burglary and
take off your biometrics.
You know, when you're sittinghere at home and you have your
face ID that gets you in yourfingers, I don't want someone
punching you, putting your faceup and taking your phone, and it
happens all the time.
SPEAKER_03 (34:20):
Yeah, I took it from all the financial, but it opens
the phone.
SPEAKER_00 (34:24):
Okay, so that's bad when you travel or when you're
in the city.
Don't.
You know, if you're in a ruralenvironment in a low-risk
environment, it's fine,especially at home for your
convenience.
And older people who are goingto nice hotels, there's nothing
a hacker in Froster loves more.
It's like, let's follow them forthe airport.
They're dressed well, they looknice.
They just checked into afour-star or five-star.
Yay, let's go get them.
(34:45):
Let's go see what apps they haveopen, let's go see how much
they're protected.
And you can call Apple andthey're like, they can't break
into their architecture, butthey don't care about your
architecture.
They care about what you havegoing on in the cloud.
Okay?
They just want to know where youbank and if they can crack open
that Apple ID.
You know, and understand thatyou can be watched when you
don't think so.
SPEAKER_03 (35:05):
What is the biggest cyberattack you worked on?
SPEAKER_00 (35:08):
I can't name things.
No, not don't name the company.
Two things.
So in the White House and theNational Infrastructure Advisory
Council, we do look at criticalinfrastructure.
SPEAKER_02 (35:17):
Okay.
SPEAKER_00 (35:18):
Okay, so there were things that we looked in there,
like the grid and transportationand things like that.
Large nonprofit that wasbreached really badly.
SPEAKER_03 (35:28):
Um the donors' information was taken?
SPEAKER_00 (35:33):
And yeah, they love donor information.
And um, when you make adonation, please just go to the
website, do it there.
Don't use the apps, don't dolinks, even if you're a
long-standing member, never useGoFundMe.
You know, even Who and the RedCross were cloned during COVID.
If you think a ransomware attackis not stealing personal data,
(35:54):
you need to watch more gangstermovies.
They kill the guy and they storehim in a junkyard and they go
offshore for months until thingslay low.
There are literally junkyards inthe dark web.
They're called junkyards.
If they steal a lot of dataafter a ransomware attack, they
store it somewhere and they golay low.
And then six weeks to threemonths later, boom.
(36:18):
You're gonna see it.
In threat intel systems, you cansee this stuff happening.
The law and its mechanisms arejust a little behind the
criminals at this point.
SPEAKER_03 (36:27):
What's the most common hacking you see for
private people, not bigorganizations?
SPEAKER_00 (36:31):
Email, email account takeover.
SPEAKER_03 (36:33):
So they take over the email and then what?
SPEAKER_00 (36:35):
91% starts with an email account takeover.
And then I go look for all youraccounts with that email, and
I'm just you.
Hi, I forgot my password.
Reset.
Okay?
I just have the emails.
I can just impersonate you.
Email and spoofing on the phone.
What is spoofing?
That's what you just worked veryhard to oh, changing the SIM?
(36:58):
Right, where the authorizationcode is forwarded to another
phone from SIM swapping.
Just swaps up for another SIM.
Very, very, very common.
SPEAKER_03 (37:06):
Oh my god.
SPEAKER_00 (37:07):
And that's why the move you'll see in secure
environments, they use anauthenticator app instead of
text to your phone.
Because an authenticator appdoes not use sim technology.
Also, while traveling, when yourent a car and you're just like,
great plug in, Google Maps,delete your profile when you get
out of that car.
Because if I hop into youraccount, when was the last time
(37:29):
you logged out of a Gmail orYahoo?
You just open your computer andthere you are, isn't it?
Is that fun?
I've seen people go from theirGoogle Maps into their Google
account and then they're off tothe races.
Don't leave that stored in arent a car.
You'll notice that if youdownload Google Chrome and open
up settings, here's a littletest.
Okay, after two minutes on yourcomputer with Safari, all of
(37:50):
your passwords stored in Safariare magically going to appear in
Chrome because they'll make ahandshake unless you turn it all
off.
Export those things out of thebrowser.
That's a public space.
It's prevention, is what youwant.
You know, it's really funny.
In this culture, black cats areconsidered bad luck.
Right.
This is totally misunderstandingthe black cat.
(38:11):
If you go into ancient cultures,the black cat is good luck.
Why is that?
Because if a black cat crossyour path, it warns you that bad
luck is coming.
Warnings are good.
So it's very interesting inJapan.
When I was in Tokyo, I thoughtit was so cute.
Every security firm's logo,whether it's physical or cyber,
is all a black cat.
(38:32):
So think like that.
You want to be warned.
And then go look and shoreyourself up because I promise
you, incident response andmitigation of identity theft and
breaches of your bank accountwill take forever.
It's expensive and it's verypainful.
And it's horrible to see.
And so much of it ispreventable.
So much of it is preventable.
SPEAKER_03 (38:50):
Mostly via email, you said.
SPEAKER_00 (38:52):
Yes, and your phone.
SPEAKER_03 (38:54):
But in order to steal my identity, they need my
social security.
It's not stored on my phone.
SPEAKER_00 (38:59):
There's 200 million of them out there thanks to ATT
and Verizon last year.
SPEAKER_03 (39:03):
Okay, let's talk about money.
If somebody just starts in thecr cybercrime prevention uh
business, how much money canthey make?
SPEAKER_00 (39:11):
So it would depend on your education, like
anything.
Right.
If you come into a threat intelcompany and you're you just want
to get your foot in the door,you haven't studied any of this
in college, you know, lifedoesn't end after college, who
the heck cares?
Get in there in some way.
Okay, in whatever department,and then learn.
Okay.
So then you're looking atprobably lower end entry-level
(39:32):
salaries that are, you know,probably between 30 and 50,
depending on the company anddepending on your if you have a
law degree and you want to takea left, lawyers are very useful
because they know how to usethreat intel data on both sides.
It's on the prosecution anddefense.
Anyone who took accounting, begreat at this.
(39:54):
You know, get extra fraudcertificates and you, you know,
then you're and then you're insix figures.
Wow.
Six-figure industry becausethere's a shortage of people who
know how to do these things.
And you don't have to look twiceto see the need.
The need will always be there.
Yeah.
SPEAKER_03 (40:09):
And what kind of skill do you need to have in
order to be able to be a goodcybersecurity person?
SPEAKER_00 (40:14):
You need to be a good data analyst.
So you can take data analyticstoo.
What does the data mean?
How do you map it?
How do you see the matrix?
Okay.
Um, that definitely andpsychology, criminal psychology.
Yeah, you said that.
Go get a criminal justice degreeand learn how criminals behave.
Because there is no physicalcrime that happens anymore
(40:36):
without Intel.
SPEAKER_03 (40:37):
This is a lot to know.
My head has been blowing upalready.
SPEAKER_00 (40:40):
I've also been doing it for many, many years.
So what is very important is youstudy banking and payments.
Okay?
I worked in both of thosefields.
Okay.
Study how money moves.
And it's fascinating.
It's a super fun.
If you are interested inresearch and stuff, it's really
fun.
And then how it dovetails with acriminal mind.
(41:01):
Learn about white-collar crime.
Learn about the psychology ofdeviance.
Take psychology, take sociology,take pathology, accounting, and
your and your cybersecurity, andknow how things work, not just
not to click on something.
So you take those things, butyou focus really on the human
behavior part.
(41:22):
If you understand criminalbehavior, you will understand
how not to be a victim.
And you actually know more thanyou think you know.
You don't have to bemath-oriented as much as you
think.
A very good, like investigativereporting is very good to study
as well.
Because there aren't a lot ofpeople who do it.
It's a great field, it'scompletely understaffed, and
(41:43):
there's a lot of employment init.
SPEAKER_03 (41:44):
So you don't really need to have a tech background.
SPEAKER_00 (41:47):
It's very good to have a tech background.
It's good.
And hands-on tech.
Okay.
Yeah, and go.
SPEAKER_03 (41:51):
Do you need to know how to code also?
SPEAKER_00 (41:53):
Coding is very easy.
So when you learn Threat Intelsystems, you will have to learn
some coding languages.
There are also some great toolswhere you can go and learn to be
an analyst and take these onlinequizzes, like here's a malware
thing, here's the problem, andyou can work it out on these
little modules.
Learn what malware is and how itworks.
SPEAKER_03 (42:13):
I hear that seniors in particular are vulnerable to
attacks.
Why is that?
SPEAKER_00 (42:18):
When you are below the age, this is why seniors are
in danger.
When you are below the age tocollect Social Security or when
your IRA is locked up.
SPEAKER_02 (42:28):
Right.
SPEAKER_00 (42:28):
Right?
Like you have to have a penaltyand all the bank's protected,
and there's a moving things andthere's forms to fill out and
all that.
All that gets taken down whenyou're 59 and a half.
You can just go remove moneylike it's a checking account.
Easier to hack into.
When people collect SocialSecurity, that's why there's so
much emphasis on Social Securityfraud.
This is what happened duringCOVID is people use those
numbers to go collectunemployment or to divert social
(42:52):
security.
And then you have retirees,people who are over 60 have more
money than people who are 20.
Right.
If you have your mortgage paidoff, you're more vulnerable.
SPEAKER_03 (43:03):
Yeah, because they can take your property.
Yeah.
I heard that, yeah.
SPEAKER_00 (43:06):
Totally.
And but there's things that youcan do from all of it.
You just the vigilance there andthe senior attacks really make
me mad.
We focus a lot of our businesson making sure that doesn't
happen.
And then they sit around waitingfor trusts and wills and
financial transfers.
So those are important to put inplace.
SPEAKER_03 (43:25):
So most of the stuff that you deal with, is it
preventing uh hacking or is itrepairing?
SPEAKER_00 (43:33):
Unfortunately, we get a lot of incident response
and mitigation, which is reallypainful and expensive.
I if people have been on theirphones since 2008 and have never
gone through what we call breachdata cleanup, we highly advise
it.
We do run cybercrime boot campsat theaters and synagogues and
other places to show people whatthey need to do, and if they
(43:55):
need our help, we help them.
Because if you don't preventnow, it's kind of inevitable.
COVID overworked a lot ofnetworks.
So the IRS- What do you mean bythat?
So when when we were all inCOVID and everybody's online all
the time, there werevulnerabilities, and the hackers
got a lot more sophisticated,and the systems were burdened.
(44:16):
Okay?
So the IRS had breaches, the MLSsystem in real estate, the DMV,
even who and the Red Cross werecloned because it's just so much
traffic, and there wereopportunists.
So those things, and you coupledwith huge telephony breaches
from ATT and Verizon last year,there's a lot of stuff out
(44:36):
there.
And whatever your politics are,I would highly recommend
watching the 60-minute segmenton cybercrime and the dark web
that aired in May last month.
It explains a lot about cybercriminals.
Um, and you can also go to mywebsite at zerohacksecure.com
(44:58):
and hit play on the short videothat explains it.
SPEAKER_03 (45:02):
Rivka, thank you so much.
This is wealth of information.
I have to listen to the wholething again because I got a
headache from all thevulnerability I'm exposed to.
SPEAKER_00 (45:10):
But it's an exciting field and it's there's a lot of
opportunity in it.
SPEAKER_03 (45:17):
Okay, that's a wrap for today.
If you have a comment orquestion or would like us to
cover a certain job, please letus know.
Visit our website at how muchcani make that info.
We would love to hear from you.
And on your way out, don'tforget to subscribe and share
this episode with anyone who iscurious about their next job.
(45:37):
See you next time.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!