Episode Transcript
[00:00:00] You're listening to Protect it all, where Aaron Crowe expands the conversation beyond just OT delving into the interconnected worlds of IT and OT cybersecurity.
[00:00:11] Get ready for essential strategies and insights.
[00:00:15] Here's your host, Aaron Crowe. Hey everyone. Welcome back to Protect it all podcast. I'm Aaron Crow. Today we're going to dive into critical topics. Cyber scams, attacks targeting your money and identity. These threats are everywhere. They're becoming more and more sophisticated by the day. I'm actually going to share some real life examples most recently, including a few that hit close to home. And if you.
[00:00:45] My point here today is to give you guys some actionable tips to protect yourselves and your loved ones. So let's get started.
[00:00:53] Jury duty scam just got hit with this actually this week. I was on vacation or not vacation but for Christmas. Went back to my, you know, where, where my family is and around Dallas and got a phone call Chris, day before Christmas eve. So the 23rd, it was, I don't ever answer phone calls that, that I don't know the, the numbers to and got a voicemail and it was, you know, with, with new iPhones it does the voice to text.
[00:01:22] So hey, this is so and so with, with the county that I live in, Sheriff's department. Give me a call back. As soon as you can, call that person back. They're posing in law enforcement. They claim that I missed jury duty.
[00:01:37] Don't know if they actually know the public records because I had received jury duty back in June, I think it was, but I had excused myself. I think I was traveling. I don't remember the details but I had, you know, filled the form back. I didn't forget anything but they claimed that I had not and that there had been a certified letter. Anyways, it was, it was this whole ordeal. They wouldn't let you off the phone because if, if you know what they tell you is, is I have to keep you on the phone. You have to go report to the sheriff's office to sign a bond.
[00:02:11] They don't overload you with all of the information right up front. That would be too damning for, for their piece. Obviously that my spidey senses were, were tingling the whole time. I even called them out on a couple. They called me, you know, when I told him it sounded like a scam.
[00:02:28] They called me from a number that was, you know, spoofing the actual county sheriff's office. My wife actually called it from another phone line.
[00:02:39] Of course we couldn't get him on the phone. That person they did have a Texas Southern accent, so it wasn't like, you know, a foreign accent. That would have been a little bit more obvious, you know, but they say there's a warrant out for your arrest and that you, you know, you have to avoid jail time and if you pay the fine immediately. Like, all of this stuff, they were going on. Again, I was fortunate that obviously, I do this for a living.
[00:03:05] All my spidey senses were going up. But I got as far. And to be really clear, I got as far as to take money out of the bank and was gonna go to the police department and, you know, pay my fine. And then they said, oh, well, you can't pay in person. You have to pay. You have to go to CVS and they'll give you a barcode and we'll send you four transactions. It was a $10,000 bond, and they wanted $2,000 to. To pay to, you know, to release it, but they were going to refund you the same day. And then again, they. They said that the CVS, $500 each, they would send me four barcodes. Go to CVS and tell them I'm doing a bill pay.
[00:03:47] And that's when it was just like, yeah, I don't think so. I'm not doing that. If you want me to go to the sheriff's office, I'll go to the sheriff's office. Oh, you can't do that. Well, I'm not doing this. I hung up on them. My wife had actually called the sheriff's department and asked him. The lady almost screamed through the phone, this is a fraud. Tell your husband not to do it. This is a fraud. This is a fraud. This is a fraud.
[00:04:11] After that happened, super frustrating. And we took money out. Luckily, there was no harm, no foul.
[00:04:18] But after they found out or after they, you know, knew that I wasn't there, they actually called me later and then threatened me, actually threatened my wife that they were going to, you know, come to my house and, you know, take actions.
[00:04:32] I don't really believe that's going to happen, obviously, but still, the point is, is. Is they're. They're. They're. They're scary. They scare people. And again, I do this for a living. So the fact that I got as far as to take money out of the bank, now, obviously I wasn't going to send it to cvs, but that they got me pretty far because they didn't just dump it on go Pay cvs. If they had done that from beginning, I wouldn't have gotten as far but, you know, they were saying the right things. When I, when I raised concerns, I talked about calling an attorney when I, you know, all these types of things. My wife called the, on the other line. You know, all these things. They had an answer for every question I had.
[00:05:07] You know, so the things to remember, you know, how to identify it as a scam. Law enforcement's never going to ask for payment. That was a spidey sense that came up. Again, they didn't ask for payment up front. They just said I had to pay my bond, which is not uncommon, and you can't pay. And they kept saying you can't pay with credit card. You have to use, you know, actual funds. Again, that's, that's not wrong. If you, if you pay a ticket, if you've ever, you know, had to do anything at the courts, they don't let you pay with credits. Like, you can't buy a, you know, a lottery ticket with, with credit. You have to pay cash again. But I'm not, you're not going to do it at a cvs. If, if law enforcement really wanted me, they would have, I would have gone to the court and done it. The other thing is, is that the law enforcement officer, a sheriff, is never going to take money ever in the United States.
[00:05:59] It's just not what they do. They, they, they, that's a whole different department. So when I called right after I hung up on the person my wife had called one county, I called, the one that we actually lived in, they actually pulled my name up. Um, so got gotten on the phone with the, with the clerk, which is the one that would actually take the money. And she pulled my name up and she said, yeah, I see that you had jury duty summons in June. She goes, but yeah, you sent the form back and you know, there's no warrant for your arrest and all that kind of stuff. So when it, when it, it sounds weird, you know, listen, stop, stop. When I'm sure they're going to threaten. They're very good at what they do. They've got this script, you know, you can, you can search jury, jury duty scam. You know, Sheriff, you can see it on Reddit. There's a hundred different places that have had posted about it. It is very, very, it's going around right now. This was, like I said, two days before Christmas.
[00:06:55] So, you know, they were threatening that I was going to not be at home for Christmas. And the, you know, the judge wouldn't get to me until, you know, two or three days after Christmas. So all the things that are like, oh my gosh, I don't want that go through your head, but I challenge you to just stop, think, breathe and call your local office. Like, don't accept the phone call from them because they can, they can, they can spoof those numbers to be whatever they want them to be. Call your local sheriff, call your, your local, you know, county clerk or whatever, because more than likely it's not real. If it is real. Again, if you miss jury duty, they're not going to arrest you and send an officer out of the blue, right? You will have gotten a notice, you will have gotten official documentation.
[00:07:46] And they're not, they're never going to ask for money. That's not what they do. So hang up, report the scam. I actually reported it to my local sheriff's office as well as the Federal Trade Commission. There's a place where you can actually go put in that phone number. Obviously with, you know, what I do for a living. I actually looked up the phone number. It's a spoof number, it's a voiceover IP number that, that it's coming through. So wasn't able to actually find out who they are, but actually have some, some, some folks searching, searching those as well. So that said, be careful, be careful where you use your information. Be careful what information is out there. And again, I know a lot of these scams come through and they're foreign. They're foreign people and they, you know, they speak with a funny accent and for a Texan at least. And you know, it kind of seems if they just said they were a sheriff and they had a, you know, an Indian accent or a Jamaican accent or, you know, Asian accent or something like that, it would have been a little bit, yeah, I'm not sure about that. But again, sound like a more know, good old Texas boy. So it was, it was a, a little more believable.
[00:08:58] Another one was that, that tipped me personally, not personally, but my, my family, I have a elderly family member who got caught in an investment scam. You know, they, they lure you in with promises of high guaranteed returns. They, they'll create professional websites with testimonials, stock, stock prices.
[00:09:19] You know, after investing, they saw returns in their online account which made them invest more. And then they, they started losing. And then the, the scammer starts texting and saying, hey, you have to continue to put money in to get it back.
[00:09:37] So it's this, this ploy. And now they're scared to not give it back because they keep promising next month you'll get it all back next month. You get, but only if you continue to pay. So they're paying. They, they emptied their retirements, they're, they're sending every bit of money, they're not able to pay their bills, all because they keep, they're, they're so terrified that they've been scammed and that they're, they're failing, that they're unwilling to see, that they've, they've got caught up in a scam and now it's impacting them, it's impacting their ability to live. Right. So be wary of guaranteed returns. There are no guaranteed returns.
[00:10:16] Stocks, investment portfolios, Bitcoin, crypto, like all investment carries some kind of risk and go through legitimate platforms. You can look those things up, you know, if you're, if you're unsure, ask friends, do a Google search on the website, you know, do a domain, you know, very simple tools you can use. And again, if it, if it seems too good to be true, you know, that was the, the thing my grandfather and my, and my parents always to tell me that seems too good to be true. It probably is. So start asking questions.
[00:10:52] Research your investments thoroughly. And obviously with investing beyond just anything like only invest money that you can, you can lose an investment should just be that right? Is, is you, you shouldn't be putting money into things that you can't, you can't potentially lose. It's like going to, to Vegas, you know, you shouldn't be gambling more, you know, your mortgage. But that's, that's a whole nother episode that I don't want to get into.
[00:11:17] Another one that, that has hit me. Family members is, you know, they got a tech support scam.
[00:11:26] They go to a website, they click a link or they get an email, they click a phishing thing and then they get all these pop ups showing up on their computer that say, hey, you've got a virus. Call this number, tech support for, for help. They call the number, very nice person on the air and oh yeah, we see this. Absolutely, absolutely I see it right now. Click this link. It'll give me remote access to your computer and I'll fix it for you. So they do. And then what happens? They're logged into their, their banking and they log in and they, they transfer money, they install malware, they do all the things this, this particular incident actually they got access to their bank account. They took out, you know, quite a bit of money and transferred it out of the account.
[00:12:08] And it, it happens a lot.
[00:12:11] Real antivirus companies don't display pop up warnings, ask you to call them. Legitimate companies will never ask for remote access unless you initiated the call.
[00:12:20] All of these themes really come down to the one thing, right? They're starting it the conversation meaning the call with, with the jury duty. The call, they initiated the call. Right. They didn't send me a letter and me call the actual sheriff's office. They called me claiming to be the sheriff. I actually saw news yesterday that there's, there's people dressing up in police uniform knocking on your door, telling you to open the door. They don't, they're not in a patrol car. They don't actually have a real office uniform, official uniform. And they're just claiming come outside, we talk to you, you know what it's for. They don't know who you are, they don't know your name. They're not telling you their, their, their badge number.
[00:13:02] Even if they do and you're not expecting them, call the police, call 911 and say hey, I have people claiming to be officers at my front door. I don't know what they're for. They're, they don't seem legit or I'm not sure if they're legit. Do you know if there's officers at my address right now and are they looking for me? Right, right. Or are they looking for someone? Right. So you have the power to make these conversations and call and, and ask when unsure, stop when unsure, ask these questions, call a friend, you know, call, you know, your, your local police department. A lot of times the police, like for instance in the, the, the jury duty one, they have no jurisdiction, they don't know where the people are so they can't really necessarily do anything. But it's still good to file the, the, the, the actual police report so that if something does come down they can actually link it to how many times it's been done or attempted to be done.
[00:13:59] Social media and data breaches are another very common one with folks. One of my clients had a, there, some confidential information, proprietary, you know, things that they were, you know, their, their personal information, not just information but their, their product was released before it was actual ready to be released.
[00:14:19] And you know, their, their social media accounts were taken over.
[00:14:25] Those breaches can, can lead to identity theft, reputation damage. I have another family member that, their, their actual kid took over their Facebook and started posting a whole bunch of, you know, negative propaganda towards that family member and the family member has not gotten access back to the Facebook account. Like all of these things are Easy to prevent. Easy is relative. I'm doing air quotes here for you guys listening on, on audio. But you know, use strong unique passwords for every account. Manage, you know, through a password manager. I know I've said this a hundred times, but I'll continue to say it. Enable dual factor authentication on all accounts. Regularly monitor your accounts. Don't use the same password ever. So no two places know Facebook and Twitter and Instagram and LinkedIn and your, your bank and your email. And you know, it shouldn't be the same password. It shouldn't be easy to remember. Like you should have a password vault, a password manager, you know, with, you know, multi factor authentication. We have, there's all sorts of different types. I'm trying to see if I have one right here on me.
[00:15:37] No, I don't. It's on my key ring. But you know, a Yubikey token, they're super cheap, they're super affordable. They have USB C, they have USB A, they have, you know, NFC and all these things. They'll work with your phone. What is that? It is a thing that you have. So multi factor, it goes back to a password, something you know, and biometrics your, your fingerprint, your facial recognition is something that you are and then the second factor can be something that you have again like a token. That token is a, is an encrypted unique thing that when you plug it in and hit the button, it gives you that thing. Right? It's, it's a, it's part of the encryption algorithm. And when you do that in linking that with your password, yes, somebody can steal your password, but if they don't have that token, then they're not going to be able to access that account. So same thing like you use your bank and it texts you or emails you. That's the other problem with using default multi factor in a lot of these times is like if you go to your bank, many times the primary multi factor is your, your email and, or your phone. The problem with that is if they get access to your email, then they have access to everything. If they get access to your phone, they get access to everything.
[00:16:55] So just be, be mindful of that.
[00:16:58] Protect yourself, you know, clean your information off the web. There are services out there that do this. You put in your phone number, email address, your date of birth, that kind of thing, your mailing address and they'll, they'll go out there and actually reduce the exposure on data brokers that have that information and kind of scrub those things out.
[00:17:19] Already mentioned password managers LastPass, first password KeePass. You know, there's numbers of those things. When you're online shopping, I highly recommend you not use your debit card.
[00:17:31] I know the Dave Ramsey folks out there will say, oh, I don't have credit cards. Even if you just get a credit card to do online shopping and you pay it off every month or as soon as you make a purchase, you pay that amount on your card, that's fine. The difference is, is with a credit card you have that fraud prevention and protection and it doesn't come out of your actual account, which is different than if you use your debit card and they take money out, it's coming out of your checking account, then you're fighting with your bank to get money put back in. Whereas when you go with American Express or Visa or MasterCard, that money never came out of your account. So when you dispute that charge, it's on them to fight it, but they're not having to refund you money. It's just a charge that's on your account and you just don't pay that right. It's complete. It's way easier to dispute those things when it's not actually coming out of your bank account.
[00:18:20] Anytime you're using public wi fi, make sure you're using vpn. First of all, don't use public wi fi. If you can, if you absolutely have to, make sure you do have a, a VPN of some kind. There's a lot of really great ones out there that are not super expensive.
[00:18:36] It's really just protecting your environment, protecting your device and, and your information. Even if you are on a WI fi, a public WI fi, I don't recommend doing any public shopping, you know, any online shopping, going to your bank, things like that. Those are just risky things to do on, on public WI fi. Phishing awareness. Man, phishing emails are getting so much better. AI is, AI has made it so, so hard to determine. You'll get emails that look legit and you really can't tell you if. But really, at the end of the day, if you didn't expect an email from someone, it's probably fake. Reach out to them separately. Don't reply to that email. Send a direct email. So if you got an email from me and it says, hey, Bob, I'd love for you to send me this file or open this file, I just got it right, and I didn't call you or you weren't expecting an email from me, reach out and say, hey, did you send me this email? Is this attachment real?
[00:19:34] It's hard to see, it's hard to spot, it's hard to be perfect.
[00:19:38] Back up your data because eventually you may get hit. Make sure you have backups, your important files, your photos. Obviously now with cloud services you can, you can back those things up to the cloud. But I also recommend having a physical device, USB drive network, attached storage, things like that in your, on your network. Even if those things get bad because again, if somebody hacks into your icloud account or your, you know, Dropbox and they delete all that stuff, it's gone and you don't have access to it. Whereas at least you want to have backups and tertiary backups of things, especially the super important things, photos that are unreplaceable, things like that. Obviously if you got in a fire, same thing like you don't want to just have it on a USB because if, if your house burned down, you don't have that stuff. I've, I've had laptops stolen in the past and there was files on those laptops that only were there and I couldn't get access to them anymore. So you know, regularly back up your files and then keep your software updated. Patching. Make sure you're updating your, your, you know, devices as well. We're bringing so much IoT Internet of things so your, all your devices are Internet connected. Make sure you're updating those things as well.
[00:20:52] I've said this before, I had a whole episode on it. You know, make sure that you're segmenting your network. You keep your IoT devices separate than your guest network, separate than your primary network, separate than your kids network. Like you can get really detailed there. I also don't recommend using the WI fi that or the router from your provider because they have access, they have a back door and it's not super secure. You know, you don't have to get super high end stuff. But I do recommend having a firewall between the cable, modem or DSL or whatever kind of router that you have directly from your main, your provider. Have it in between your environment and their hardware to protect from the inside.
[00:21:36] You know, scams and cyber attacks can happen to anyone. Again, I do this for a living and I got money out of the bank from that scam. I didn't actually send it fortunately. That would have been really frustrating. Even more frustrating. But it can happen to anyone. No one is immune to this. It can, they're really good at this.
[00:21:54] So stay vigilant, take proactive measures. You can protect yourself and your loved ones. Have conversations with your kids. Have conversations with your parents and your grandparents. The elderly.
[00:22:06] I hear way too many in A lot of the stories I talked about today were elderly folks. Right? But again, nobody's immune. If you've experienced a scam or have questions, reach out to me. Share your story. It could help someone avoid being a victim. Thanks for listening. Don't forget to subscribe. I'll see you next time. Stay safe out there. And, you know, make sure that you're implementing these changes and protecting yourself and your loved ones. Thanks a lot. Thanks for joining us on Protect it all, where we explore the crossroads of IT and open cybersecurity.
[00:22:39] Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field. Until next time.
