In this episode, Frank and Andy interview Dana Mantilia on Why Humans are the Weakest Link in CyberSecurity.
Hello and welcome to data driven.
The podcast where we explore the emerging fields of data science, machine learning and artificial intelligence.
In this episode, Frank and Andy speak to Dana Mantilia about cybersecurity and why companies are not investing their time and attention where they should be.
This episode was originally recorded on a live stream and this was the first time we had a guest join us on the life stream for a show.
Season 4 just keeps the innovations coming.
Without further ado, here are your hosts Frank Lavigna and Andy Leonard.
Alright, thanks for tuning into data driven. If you're watching this live, thank you for taking time out of your day. I realize this being the lead up to the Holidays. Things are kind of hectic. I know in Chateau Lavigna things are very hectic today.
Andy and I are happy to announce a new guest that we have with us. I first saw her on LinkedIn when she would do these really cool training videos.
On basically security topics.
An with with Black Friday, literally a week from now Cyber Monday and the just the The Creativity alarmingly creative and flexibility of scammers that we've had in light of the kovid, pandemic etc etc.
I figured it would be worth having kind of a good discussion about just the basics of cyber security and why it's important my wife happens to be in the cyber security field, so I'd like to think that I'm better prepared, but I know if you think you're better prepared, that's probably a vulnerability.
So welcome to the show, Dana.
Well, thank you for having me nice to be here.
So this is you are actually the 1st guest. We're going to have on the show that we interviewed live on a live stream first on video.
Very honored, very.
Honored so awesome. We're trying to push the boundaries for season four, so tell us a little bit about you and your company for those that haven't seen your videos on LinkedIn.
OK sure yeah. My name is Dana Mantilia an I am the founder of identity Protection Planning an we tried to help educate people in very layman's terms on how they can protect themselves from identity thieves and cybercriminals. And so we have a variety of different kinds of training. Either you know, training data, webinars, some videos or we have an on line.
Platform that's short little videos that everyone is required to watch.
And just to kind of start spreading the word, I mean cybersecurity is not going away and unfortunately the the frontline workers are the people that really are maybe not educated on it and they also are the ones that are clicking on things they shouldn't be clicking on so.
No, so that's a good point. So one of your most recent videos, and this is the one that made me think we should have her on the show.
Was the one the gift card scam and how?
Somebody in your organization got snared up in this.
Yeah, I mean it's.
It's crazy, I mean that the way that I did that little video is how exactly how it happened. She came to my office door with her codon and I said, well, why do you have your code on and she said, oh I'm going to get that stuff you need and I said well, what stuff are you talking about? And she said this stuff, we were just messaging back and forth about. I said I was. I've been sitting here at my office just doing work I didn't.
Message you about anything.
So then she showed me and they they person initially sent an email that looked like it was kind of from my email very similar, which is always usually what they do. And then you know the urgency factor. I always tell people when there's a sense of urgency. We have to stop and say, is this really a big big emergency here to go buy gift cards? But people want to please their boss so they get these emails and they act upon them.
So she then then the person said, can you give me your email? I mean your cell phone. I wanted to text you this. So then the conversation jumped over to her cell phone and now they're texting back and forth and she said, well, how am I going to pay for these?
And then he said, well, you know what? Just when you get to the store, read off the numbers in the back of the card and then when you get back I'll reimburse you. So they were. I mean, it was just back and forth and back, but anybody would have fallen for this anybody.
Wow, the thing that struck me is the most insidious part.
It's how they moved away from email pretty early in the process, because maybe I mean it was a good. I mean, there's a I don't know. As a data scientist, I I hate giving out statistics, but let's say it was a 5050 chance that that person had your cell.
Millimeter like an an. It's a good gambit for them because I guess they didn't have your number already saved in their phone, so they could have this whole conversation with you, right? Yeah, an I would assume that folks in your organization are well trained.
Well, we're at least talking about this stuff right times. That's that's a startling factor, is that?
You know we're talking about all these things all the time and we we totally almost fell for it so.
Well, I never disclosed this publicly.
Until I'll do it now is that one time Microsoft? I work for Microsoft, they they pay the mortgage, they pay for the electricity and it goes through the my little monitor display there.
But they will routinely send out kind of phishing emails.
And it will be like urgent you have to, like, you know, do this because your expense report or something like this. And I shouldn't admit this publicly, but I did I was driving. I see this like emergency thing come through. I'm like the screen and I'm like.
So I didn't think I clicked on it and it it got it. It it it got a there was there was there should have been an animated GIF of like somebody?
At the company doing this, but it was like this. It was this like badge of shame of like hey you fell for this uh huh.
You know, and I was like crap and I was like I learned. 2 lessons one.
Pull over first.
If I can't mouse over the link.
Probably shouldn't click on it, right?
And three is just.
That sense of urgency.
Um was what really like, and maybe there's a psychological thing to this where it just tricks off like this. The primordial brain, or I know there's the three brain model and Andy and I go off on tangents a lot. Dan, I should warn you, but not us. Ultimately the idea is that once you're kind of anxious about something right, your higher brain functions are going, if not shut off kind of be pushed aside.
And all you have to do is click the link to get your answer or whatever I mean.
It seems like these folks are well versed in this type of psychology.
Yeah, and they also know too that you know every when you're on your mobile, everybody is rush rush rush rush rush for rushing on the mobile phone all the time and that is a little scary because sometimes even when you look on the mobile you can't even see who it's from. It'll it'll you know. Just say a name or something like even some of the Apple ones that come out. Don't say oh it's from Apple, but that's not the exact. Doesn't show you the phone number or whatever it is. It's just.
Summer has put up there. As you know The Who it's from kind of thing, so yeah.
There's a lot of things we need to all.
Start doing or not doing.
Right, it's it's an interesting. It's just fascinating that with all this advances in cybersecurity, and I've seen a lot of the things that the technical we're not going to go into.
Humans are like the weak link.
Yeah, definitely, and that's the frontline to most of the stuff and you know the urgency factor just to go back to that real quick one. Scam that that that is targeted at seniors.
Is the grandparent scam, and So what they do is they will call up and pretend that there's someone's grandson or granddaughter and something crazy happened like there's held hostage in a Mexican jail or something and they need to have money right away wired to them so that they can, you know, get out of there. So then to make it even sound more valid, they put the prison guard on the phone and they say, you know who?
This is the information. This is where you need to send it to, and he's a very stern person and these people really do fall for this and a lot of the people Western unions around the country. They they know that this.
Time is running rampant, so they'll try to stop people. I did a speech to speech the other day or whatever. I talked the other day and they were about probably about 1000 people on there and nobody said anything when I brought this up. And then at the end when we had the Q&A, there had to at least be 25 to 50 people. That said, my my mother fell for this and she would not believe that it wasn't my son. You know another one.
Edit There there there's a scam was that they said that their grandson was had drugs in the car and was with some guy that he was going fishing with and it was just one after the.
And a lot of the time that seniors won't even admit that this happens because they're embarrassed by it, and then they're afraid that their children, their adult children are not going to let them manage their finances. So again, it's a whole play. An urgency plan, emotion, and you're not even thinking straight. I mean, if somebody came up to you and said your grandson is in a Mexican jail right now.
And we need to give money. You do stop and think a little bit, but the way we act on line is very different than the way we act when we're here. We act on the phone when somebody calls, we want to believe them. Then we would act.
As if they were standing in front of us, so that's kind of some of the awareness that I like to to spread is safe. Just ask yourself if this person was standing here and this conversation was happening, would it sound crazy, you know?
So Dana, we talked a lot about the problem and how do we make ourselves shift gears like that? How do we engage, you know, Mentale in a way that maybe defeats the Sergeant.
Well, you know cybersecurity training has been, you know, going on over the years. The problem is getting bigger and bigger and bigger and we're throwing more and more money at it. And it's not getting any better, right? Yeah, so I say we need to approach it. I look at things a little bit differently, so usually it's the IT department that's responsible for putting together a program to teach the regular, non technical people.
What they need to do and not do so, they're forced to sit through an hours worth of training. They're about to fall asleep. All they want to do is be able to get through it so they can check off the box that they actually went. They did it, that's it, and I don't think that's the best way to teach people what I think we should do is we should start teaching them how they can protect themselves, their families, their homes. There's going to get some interests are going to say hey, you know that's.
I better call my mother and tell her to watch out for that, or I better make sure my son's not doing that and there's a there's a buy in there. So now once you get that buy in, there's an awareness that we need to start protecting things.
And then when you're talking about the at the company, you've already educated them on how they should be looking at their emails. Then now they know how that they need to be looking at the emails with the company, 'cause emails is pretty much where most of the problems are starting from, so so I just think it's if we looked at it a little bit differently, maybe we would be getting through to people a little bit different.
Well, I like your approach because we've already kind of walked through a lot of this, and we've said that it's not a technical issue at all, an.
Being a night person and Frank just Frank admitted earlier that were high functioning. You know, savants. Basically Frank and I were both 80 D and you know. And it's.
A normal account cards in Vegas though, which I totally feel shaded. I'm sorry, alright cut off, that's OK, it was funny.
Yeah, but you know it.
Having the app when you were just describing that I was imagining people that you know, even my you know my cellphone Frank doing this and we're like I said kind of high functioning but normal IT people and nothing against normal IT people I love you, I mean it but having them try to explain something nontechnical. 'cause if if we've identified that the issue is not really a technical.
Problem and we throw money at it and bought deer. Develop software that others have built and all of that really what's happening here is very psychological.
So I would. I would think that that that approach you just described having a non technical person walk through this, which sounds to me very emotional scenario that comes at you. You know on.
People you love an urgency and it's on your phone. And it's like every card that the scammers have is being played against. Especially older people who are not familiar but not as familiar with the technology as some of us.
Uh-huh absolutely absolutely. So I just think it's a different way to approach things and it it comes across as if you're giving the employee a benefit as opposed to forcing them to sit down because you need to protect the company.
Yeah OK, great.
So that's what I have to do, you know, kind of thing.
So we'll just envision mandatory training. Sorry, I just had a vision of office space of.
Well, you know, is this good for the company that banner?
Friday is Crazy shirt day.
There's a movie reference for the show, Andy, that could you?
I don't have my sound board.
You don't have your sound.
Now that's one of the disadvantages of switching to LinkedIn. Live will fix it. You know us where engineers Andy?
So the the question I guess is.
How do so? Yeah, I mean I think it was really insightful. Was you know my wife bought a bunch of studies of books to study for the CI, SSP and all that. And it's like a I mean, it's a it's a book and.
It's not technical, you're right. I mean, people are the weak link and I think.
People, and then that whole like you brought out the whole shame factor. Like I'm not going to admit like I mean that thing would happen to me. I got caught by our internal team, right? I was a year ago and I'm just admitting it now. Like you know. And and I did that on purpose because, well, I didn't hide it on purpose. Well, I guess I did, but I wanted to.
To point out is that there's not a lot of shame. I mean, the shame of this, I think is a big barrier, isn't it? To protection, isn't it?
Yeah, definitely it is. Yeah, we all have to get over that. Oh my goodness, I don't wanna be the one that you know.
Took the company down. I don't want to be the one that you know did this or let this in or what you know, whatever. Whatever the case may be, it's definitely a shame factor is is a big thing and and recognizing that the people are the biggest thing and one thing is that cyber security training, right? So it's going on a little bit here and there. The big companies much more so some of the smaller companies and medium size companies. There is nothing. It's like the Wild West going on out there so you know whatever you think your secretary is comfortable clicking on.
That's what she's clicking on.
So that's where we need to say, OK, this is a whole new industry and it's you know, it's it's it's it's. It's exploding right now and I think over the next three to five years cybersecurity training is going to be. It's going to be everywhere and everybody. Even the small companies are going to have to going to have to do something along those lines, but.
That being said, so because it's so new again, going back to the IT department, if you said to anybody five years ago, you know something about cybersecurity, they probably don't even really know what you're talking about. They say you need to talk to the IT department.
So we always just that pass up. Oh, that's a night thing we don't get involved in that. It's a night thing and like you we've all just been talking about it's not it's it's the people that IT thing might be perfect. You know maybe they have at the firewall or whatever all that stuff they need to do. But it's the people are just clicking on it, downloading things, you're going nowhere.
No, that's true. I mean, you can have the best firewall and all that packets like lock down to the teeth, but I mean if if somebody behind the firewall clicks on the.
Clicks on the link.
It's kind of like if you want to imagine like this is. This is the image I have is well, First off. I think the problem might be the term cyber security, right? 'cause when you hear the term cyber security I think of like somebody like with this type of monitor setup. You know like yeah right. You know like hacking away at the matrix or something like that like yeah.
No, it's not. It doesn't have to be. I mean, there's a. There's a whole cottage industry of folks an I don't think people realize I mean.
Bad actors are everywhere, but the phone connects you to the people down the street, but it connects you to the people on the other side of the planet.
And the the cost to send out these emails is nothing. The cost to make a phone call these days even internationally low. There was a story I heard about a bunch of folks had.
Basically, pull up the largest bank heist in history and I don't know the details. Maybe you do.
Maybe don't, but basically it was involved about coordinated attack of 50 people.
With cloned ATM cards.
And they hit all the banks in about the span of like 2030 minutes like Max out each card and they had like 5 different cards. Wow an I forget what their ultimate take was, but I mean it was like it was maybe not the large.
Bank heist in history, but I mean it was. It was respectable, like 24 million.
No alarms went off, no sirens went off by the time that they had realized that they were robbed.
It already happened, uh huh.
Yeah, and even with like this you know some of the social engineering that goes on with, let's say an office manager or somebody who's in charge of cutting the checks. You know that person they're getting an email This happened to Barbara Corcoran from Shark Tank, so you know they were doing business with this company in Germany, building some hotels and somebody was in there. Some scammer got into the system was just.
Watching the communications back and forth, they start to pick up on the type of language.
You use the way you.
You type your emails. What logos look like? What emails look like and then at the very right time they send an invoice for $400,000 for a quote, unquote furniture. So the office manager paid it and then contacted Barbara's assistant to let her know. And it turned out that it was Chinese IP address and that the email address was.
Off by 1 little digit.
So I wow a video. I think I did a video or a post on that. I'm not sure which one but.
Somebody did say to me that they they were able to get that money back. I was very surprised at that. I didn't. I thought the impression that they lost it, but it's it's stuff like that too. That's just this. You know somebody shooting an email. Hey, by the way, you know here's the invoice for that. Looks like the same invoices. You're not even questioning it. You know you're doing business with this company, so.
That's another thing too.
That's that's a nefarious.
It's just amazing that that I mean the ingenuity that.
Deploy, it's not, maybe maybe the problems in I mean well the problem is in our heads, but in the sense that you know we can fall for these things, but in the sense of when you think cyber security, I instantly think of the hacker and like securing the firewall in the packets. But if you run an organization or even just in your family.
You know my mom.
My mom is not adabelle, right? That's not her thing.
And she would you know she's fallen for stuff and an one of the one of the one of the tactics that's fallen out of favor lately was a random call where they call from they call from the support desk they call from Microsoft. That's one of my favorite ones.
Because I can mess with them.
I was, you know, and and there's lots of stories about you know people call, you know the call and say you know I need to basically pull up a part of your computer. That's going to throw a lot of errors anyway, right? Just.
And they say you know you're infected with the virus. You gotta do this and.
I remember the one time I messed with them, they're like they're like, Oh yeah. Well, like well. I don't have a Windows PC. You know like Oh well, it must have been your Mac.
It's like, well, I don't have a Mac either, and then he was like he's like, yeah, you're lying. You have to have a macro PC. I was like he goes. What computer do you have? And I said I have Linux.
And then he hung up immediately. I guess the assumption is if you know how to run Linux.
Let's see what you're talking about.
Yeah, yeah, you should probably run away. He probably had like a sheet on his thing. Like if they say this say this and like.
I'm doing some research right now. There's a guy on YouTube. His name is Jim Browning and he has a page called Tech support scams. He's got millions and millions of followers and everything.
And he is really, really a technical person, so he can do the same thing as you guys can do. He can play with those scammers and actually like get into the system. He was able to hack into.
The The circuit, the closed circuit TV of where in India that they were. They were all in there and he could see exactly what they were doing. It was crazy. So if anybody gets a chance you might want to take a look at that on YouTube. I'm going to definitely be incorporating that. I'm putting together some courses. Oh cool people to go look at that because he's got hands on like really and you can hear exactly what they're saying. Same thing you just said Microsoft is there.
Playing around and they put something on the screen so that you're seeing a black screen and they're seeing everything on your screen that you don't even know what's happening so regular people don't. They just don't don't understand all that stuff so.
That's another reason why I try to make sure all my videos are very, very plain language because.
All of us. As soon as we start getting overwhelmed or intimidated by by language, we just shut down. So now we're not learning anything. 'cause now we have, this one is going to be over. That's all we're thinking of so. But if you can kind of process it, visualize something along the way that I could see that happening. OK, I could see that solution working.
Well, start sounding like Charlie Brown's parents, you know.
Yeah, first you know.
So once I was working at their desk and then.
Want want, want, want, want, want, want?
Right, you know?
Shout out to the the Charlie Brown Thanksgiving special and figure I'd make it timely.
Um, so you mentioned courses. So like what? What do you do specifically to kind of like combat? This 'cause it seems like that's your mission.
Yeah, so it's it started out with the employee training which would do some of the employee training. But also I've had a lot of people sending me requests for just some regular people training that maybe they could have their parent watch and maybe they could have, you know, I talk about kids and social media safety and all that kind of stuff. That's just another disaster that's going on. But you know some people, they just want to know how do.
Kind of somehow navigate these waters. I don't know anything and I need to learn a little bit about something right? But you know, organizing your documents, even the mailbox. I talk about the mailbox you need to empty the mailbox and you know, see what know what's going on in there and know something's missing. So there's free tools that you can use and stop getting pre approved credit card. You can get rid of that and then if you ever need a credit card you can always.
To get went back on, turn it back on so that you'll start receiving AM.
Pretty clear when you say mailbox, you mean the actual physical mailbox that snail Mail good.
OK 'cause most of our audience are engineers and they're immediately from outlook email, right? 'cause?
The old fashion one at the end of the driveway. That one that people really oh I don't need to empty it every single day. Oh, you know a big deal. It is a big deal. So we start talking about that and going into some of these phone scams that are happening emails what to look for in some of those emails. You know, a lot of people don't know if you hover over the link, it's gonna show you. You know where it's going.
Making sure you're looking at the email if you have a email says it's from Amazon or FedEx and then.
You look up there and the email address is Comcast. I mean, these are little things that normal people they just don't know to look for. So it's it's basic stuff about that. And then even, you know, look at everybody's always logged into Google right? Most of us right now we're probably logged into Google on our phone an on our desktop, and most people don't know that the three little dots on the right hand side of the browser. If you click on that, you can see all the autofilled pre saved passwords.
And all the autofill pre saved credit card payments or debit card payments so you know you get Gmail 20 years ago.
Or whatever 15 years ago, and you made some password up is probably the same password that you have for every single other thing that's out there and use the same email and the same password for every account. So if that's been involved in a data breach, someone can get into your Gmail and that's a little bit scary.
There was a yeah, the password seems like the necklace, so if you wanted to draw like a diagram and I don't have my fancy little drawing thing here, so people seem to be the first line of defense and the second one would be. I guess it's people related so.
You know, like it's, it's easy to figure out. You know, you know that it was a. Was it the movie sneakers or hackers where they were like? Well, what's his anniversary? Like what's what's his birthday? What's his kids birthday like? It's easy to figure that stuff out but I mean with some of these password breaches they can just kind of do that and figure out.
Password and the chances are like you said, and this is a big no no. This at least that's where I'm taking away. The Big Nono is don't have the same password for all.
These different things because you basically expose yourself.
Right exactly so I always use this little example. You know, this is the other thing that's very sad. We are. There's huge data breaches, millions and millions of bits of records or data or whatever every single day. This is happening and we're numb to them. Like, oh, another day, another data breach, another data breach. And that's a lot of personal information that's now out there for anybody to get their hands on.
I use Grubhub, for example. It's a small food delivery service, so they got hacked username, password. So people think about what's the big deal. It's just my username and password.
But if you're using the same email as your username and the same password for all of your accounts, your Facebook account, your Chase Bank, your your Bank of America or whatever, and they can just and they do, they try and they try and they try and they try and eventually they can get in. So that's the number one danger with making sure that the password is the same. You definitely want to have that. I try to suggest to people 'cause they freak out when I tell them they should have a different password for every account. That's just like the cool light goes off.
So I think we'll have a pass phrase.
And then remember the passphrase and then the only thing that changes in every single password is the last bit. So let's say it's Mary had a little lamb linked in 1985 exclamation point, and then my chase was going to be very had a little lamb Chase 1985 exclamation point. So now the only thing you need to remember is what account it is and whatever that extra little jazz you put at the end of it.
Makes it a little bit easier to kind of, say, OK, I can do this. I can do this.
What are your thoughts on like password managers? I'm sorry I didn't catch that.
No, I was gonna ask the exact same question.
Well, I think I think it's the comfort level of people.
I mean, you're taking somebody that's had the same password for 15 years, and now you're telling him that they're going to send it off to somebody else, and the first thing they typically think is well, now, what if they get hacked? You know what am I going to do right with a lot of different different password managers? Some store the information on the device, some stored. I have like this one stash pass. They want me to try this out. It's like a little extra card that you just touch the phone.
And then it will give you the password. Some of them send it to the cloud, but so again, they're they're great if you're comfortable with them.
But a lot of people like you know it's like, OK, let's do something versus oh wait, now I gotta go figure out which one to sign up for and they overcomplicated everything. So now they're just not doing it and done is better than perfect. So we stay with this.
That's true, I like. I like that mentality. Because you're right, I mean perfect is is is an excuse not to get anything done really is the end result? Yeah yeah, that's that's interesting. So we actually have some comments. This is one of the advantage.
I don't know if you could see that data so you you are the first. Yes, we've done this live. Yeah, I know.
Yeah, this is crazy. That Nigerian Prince scam, the 419 and some of them have actually gotten more outlandish overtime there's.
There was a.
There was a story about an email going around that there was a Nigerian Prince stuck on the International Space Station and had to.
Not picking this off.
You had a wire money to the Russian government or to get him down or something like that and and your first reaction is like that's ridiculous, Yep, but then somebody I was talking to who is in this field. He's like, no, it's brilliant because you've already isolated people who are going to or not going to fall for it. They're just going to laugh but.
You know, it's one in a million and if you send an email out to 10,000,000 people.
If 10 people send you $250,000 or.
Or whatever it is you walk away with a nice chunk of change.
Yeah, and you know what else is really sad too? Is that when people do fall for these scams, either the phone scams or the email scams then they get put on a list. A list of suckers, that's the list there on and then that's really all over the place. So then they're gonna get scanned again 'cause everyones like when we got one here and then they had not. Someone else is going to try their whatever stick is.
And the shame, I guess, because it's just so ridiculous.
Shame is a big part of their mechanism, isn't it?
Yeah definitely yeah, definitely. Especially with the seniors, which is just so sad. It really is so so sad.
That is a shame so.
Your opinion then about people who do mess with. I've seen some YouTube videos where someone gets called and it's an IRS game and they're about to come and arrest under warrant has been issued and there's two or three people involved. What do you think of of those people that kind of play along and draw him out?
Well, I mean I.
Guess if you want if you want to, you know if you're savvy enough to be able to play with them and you know kind of do that. You know we want to have fun with them. Have fun with them. You know, some people tell me they do shoot air horns into the thing. They just put the phone down for hours. You know whatever. But when it comes to the real people that are really at risk, they really just need to, you know, get off the phone and they also need to understand to the government agencies are not going to call you.
Not going to call you, but these these scammers. They'll spoof the phone number so it does, says the IRS. So you're looking, you're saying? Oh, the IRS is calling. And then you answer the phone and then they're telling you all this crazy talk and then they actually believe them. I had one guy who messaged me. He said that his mom got a call from the IRS right and said that she was going to jail. She had gonna pack her suitcase and was calling her son to say I'm going to be down.
At the at the prison, you need to come pick me up or or help me get out and the son was at work like what Mom? What are you talking about? Wow wow.
So the there's some I've heard the FCC is looking into some legislation, especially about the spoofing an for calls like that. Any any thoughts on that? Or any updates on it? I just kind of heard it in past.
Well, I think the issue is that these phone numbers. They go through phone numbers, you know like water. So it's it's not like they have one line that they're calling over and over and over again, I mean.
That number most of the times if you ever tried to call it back it just goes to nowhere now.
Well, there's also the matter of if they're out of the country like what can they do I mean?
It becomes like this. Whack a mole like like you said, like shut down his phone number. Yeah, 10 minutes later they run the number. I mean, it just seems like the best. The best offense is a good defense I guess. And flipping that flipping that phrase around in this century, well trained people. So what types of organizations do you work with? Obviously I work for.
A large I work for a large company and you know we have.
There's a whole video on YouTube about the Red team and Blue Team and what they do and all that, but.
And it looks like you're in the Witness protection program.
So yes, I'm hiding out.
But what were like, you know, the plumber down the street or like you know, the the small business. And I really wonder like God bless Barbara Corcoran for getting her money back, but if she wasn't Barbara Corcoran right? Yeah what would the banks have said that banks would have been like?
Not our problem.
Yep, there was a company in Connecticut and they were building things for this company out in Colorado, so they're building it. They're sending and same thing communicating back and forth so the Colorado company somebody sent a fake invoice so they paid, it was $70,000 and these were both, you know, smaller sized businesses. That's a lot of money for a smaller size business.
So they had paid it.
It was gone, so now the people who were doing the building, they're like, well, you still owe us $70,000, and that's what you have to be careful of looking into your insurance policies as to what's going to be covered and what's not going to be covered, because that's a very sensitive area. Right now they're trying to toss it off into. Well, that's just going to be under the cyber liability insurance policy instead of just your regular insurance policy, so I would suggest any small business look into that.
And see what effect did happen. What would be covered and then also just make sure you open up the lines of communication with whoever is sending money. You know you need to double check somehow someway, every time you're going to wire money.
With someone else through a secure way, and then make sure that it's legitimate request that someone is sending.
Interesting, well, I notice that whenever you see a Western Union sign or Western Union office, there's a huge sign in multiple languages saying you know, don't send money to people you don't know and you know, like I wonder how effective that signage has been because at that point if you're scared and you're thinking about your loved one, that's trapped.
You know, in a foreign country, in a foreign jail like do you realize, like I mean I, this is really kind of a I guess a question. Don't really answer. Do people look at that and think? Well, that's not happening here like I mean I don't know.
Rationale is completely out the window. I mean another thing is like these romance scams. This is really sad, so you know these poor people. Online dating is kind of a new thing. Maybe they somehow start communicating with somebody.
And you know, everybody's little only these.
Days with this whole kovid thing and everybody being isolated, so that's really not helped anything, so they're typing away and you go back and forth communication. They feel like they're establishing a relationship with somebody for whatever reason that other person is never able to go on at like a zoom or, uh, FaceTime or anything like that. They can, only they can only type, they can't. They can't talk on the phone, they can just just type.
So these poor people when they when they fall victim to this day message me and I feel terrible for them. I sometimes get on the phone with them and I'm like listen, you can't beat yourself up. This happened to quite a few people.
And some of the stories are so ridiculous to me. They are so ridiculous. But this person is emotionally invested in this relationship that they had an, then it will typically go. You know whatever is going on great, they check in every day. One lady had prayer time every day with this person and then all of a sudden it's cool. Can you do me a favor? Of course I can do you a favor. You know we have this relationship. Now I want to help you.
And then it's some financial request that they're asking, and then they promised or so embarrassed. And I promise I'll pay you back. You know, as soon as I can, and.
And the person takes the money and is never to be found again. So that's really, really sad because the person is not only heartbroken and mortified, they're out there money. And those are a lot of work that they don't tell people about, because they really are just so embarrassed by the whole.
Thing that's a really, I mean, that's a shame. Like you said, shame on more than one level. So you mentioned covid.
Covid has been.
And we were talking in the virtual Green Room Cove. It has been a big boom for these folks, right? I mean like they, they've done pretty well.
And that sounds terrible, the way I say that I.
Mean right now, but I get it.
Yeah, they really are. They really monetized kovid or just took advantage of that. So So what?
And again, the same thing with those poor people that fell victim to the romance scams there. Now on the list of the romance scam suckers. So now they somebody else is, you know, tries to create a creative relationship with them and nobody ever thinks that's going to happen twice to them.
Wow, I mean that's just crazy. I mean like.
So, So what can? What can the average person do, particularly in line of like all the online shopping that's going to take place in the next?
Three to four weeks. What an anan. There's a lot of DL sites. There's a lot of plugins that are you installing the browser to get a better deal on Amazon or this or that?
Some of those plugins could be sketchy.
Yeah, and you gotta remember, every time you're doing one of these, it's data they're collecting from you. That is, that's what everybody wants. Is your data so that they can go, turn around and send and sell that data so those plugins that you know they're under the guise of who we're going to save you money. We're gonna give you extra coupons, you know, happy, happy, and every regular person is just like, oh, this sounds good. Let me put it on there so.
There are cleaners on there, but as far as holiday shopping, my biggest thing is is you know they get delivered to the house right? Everyone shopping on line now so now.
These emails, these scam emails that are coming in. They look really good. The days of the text of the Nigerian Prince. Those are out the window. These are ones that are coming from FedEx or Amazon or UPS and they look good and it's about your delivery or it's about you need to update your payment information so they want you somehow be clicking on something and then entering in some kind of personal information. So I always suggest to people if you ordered something let's say it is from Amazon.
Go to your Amazon account, not through the not the clicking. Go to Amazon.com, log into your account and then you can see if there really is a situation that's happening.
You know it's funny you mentioned that actually happened to me. I got this email that look very legit look like in an Amazon kind of order confirmation that I sent somebody ATI bought somebody atede in Florida.
Like a $6000 TV in a PlayStation and Xbox in Florida and I'm like Oh no, I didn't write and I don't buy that for myself right now.
For anyone else.
So then my first, my first instinct was to click on the thing and I'm like no wait a minute now.
And then I hovered over it 'cause I was on my laptop, not driving and I was like it went to something. It was like something something amazon.somethingsomethingsomethingelse.com.
And I was like, oh, look at this look at this. But the first thing I did just to be safe as I go to another browser, looked at my real Amazon account and it's like there's nothing in my order history. Alright then, my heart rate went down, and then I called over my. My older son was like hey, let me show you something you gotta see this.
Yeah, and if your audience.
Is all very technical people.
They probably do know a lot of these things, but that doesn't mean that their kids or their spouses, or their parents or whatever. So you know, even if you know it, you know help. Let's get the conversations going so people more people are talking about this stuff.
Yeah, I know I like that I like that yeah, so that kind of grassroots education if you will and.
I think it's the only way this is going to be able to spread itself, unless you get you know.
100 million of me that are regular people that are going around and just talking talking to everybody in very non technical terms we have to help each other learn.
I like that that's something Andy and I do a lot with. With that like you know, helping each other right? 'cause I mean, that's just helping educate and stuff like that. Yeah, so you did mention you have courses like So what? What do you? What do you do like what? What sorts of organizations do you work with? I might have asked you this already.
As far as the on line webinars and stuff like that, those are personal for a lot of big big corporations that again is their regular people. They may be a tech.
People company, but their regular staff. They're the ones and it's all the stuff we've just been talking about that will sit down and we'll do a web and R and then have a nice question answer session afterwards and then it's recorded. If other employees want to watch it. The courses I was talking about those are those are the ones that I'm putting together for the regular people not supposed to talk about it 'cause it's supposed to be. My big announcement for the end of the month, but.
OK, there it is.
We won't tell anybody. It's our something that's right. So how can people learn more about about you and what you do and how can they find your bill?
The senior services.
Well, I'm always on LinkedIn. I celebrate that and I'd love to connect with you. So if you're on LinkedIn, just send a connection request and and then you can see all my crazy videos and then they can also go to my website.
Which is on their fun. You totally do watch them. It's like it's like I never thought cybersecurity analyte, although that term.
I didn't think it would be funny and entertaining like she makes a funny.
Well, and that's the thing.
That people say, oh, you have such a fun topic. I'm like no, I don't invite.
I recruited so you.
So like you made something that most people they they have to go to. Security training. I mean, I'm sure every large Fortune 500 has this whole security thing and like no one looks.
I mean no. I mean the technology industry and I.
I don't look forward to that right? Like no but yeah, but but you make little videos that are like they. I don't know what your traffic numbers, but I'm assuming they go viral of some in some degree.
Yeah, identified a little audience and it's funny because when I first started doing them, you know this was a big leap. This is a very serious business identity theft.
Private so I didn't watch the videos to come up as people looking at saying what's wrong with this woman? What is she doing? You know, right? But what I wanted to do was take one specific topic that I breakdown and then try to add a little humor and then off it goes. So at the beginning it really didn't get a lot of traction.
Right? Well, if you're not, is it? I mean, there's something to be said for like you know, if you're if you're not getting that kind of reaction first, you're not being innovative enough.
I mean, there's a.
People we listen to.
United listen to kind of, maybe even obsessively like the grant cardone's of the world that I Lopez is of the world. Each one of those guys is an acquired taste, but they they? That's kind of their core. Their core message is on point.
So we had a comment from Thomas what are your thoughts about you think?
Credit providers that provided to protect their service.
That was a follow up from his previous.
Oh OK, got it, OK.
I I don't know if this is what Thomas meant, but I think.
It's the first one. It looks like it's the first one said.
You if this is the first one, usually my credit card is calling me on charges like that American Express USA have been really good about this.
And then and then it looks like it was.
Aligning credit providers. I don't really understand that part of the question, but.
As I understood it, it seems like it, if it's in the best interest of the credit card companies and insurance companies to make this education more widely known.
Yes, and this is what I always talk about when I talk about a credit card versus a debit card. And I tell people you should use a credit card as much as you possibly can and use that debit card as little as possible because.
The credit card company. That's why they're watching out for that, because that's their money that's being spent in the fraudulently charged or whatever. So the quicker that they can detect it, and maybe undo something the better off they are. But when you have a debit card, if there's fraudulent activity that's coming right out of your account.
And depending upon your bank, which everybody should check to see what the policy is with how many days have gone, by how much, they'll reimburse reimburse that. And sometimes after, let's say 60 days that you're not getting that money back, so it's a line of defense. And I know people get a little upset with me saying, oh, if all people are not disciplined enough to use credit cards, and if you are an you pay that off every single month that you could stay in that that.
Discipline. You're much safer having a credit card than using a debit card.
Interesting, yeah, and a lot of the fraud detection algorithms and stuff like that were pioneered at a lot of these credit card companies. Some of the best data scientists in the world.
They work at these credit card companies, look for fraudulent transactions, and they're pretty good. I mean, they only. I mean I've.
I've had them call me. I've had them lock out the card. They were wrong once.
Uh, huh, yeah it is. Most of the time I have one time I had to go buy a whole bunch of iPads which I never do. This is a few years ago so I got a call on that which that made sense to. I get a call on that. 'cause that's not something I would normally do.
Was interesting for me. It was a vending machine that I.
Kia that triggered the thing.
Because it didn't work. I don't know what happened. I part of it was my one of my kids was swiping it and it was swiped multiple times or something like that. I think that's what triggered it but.
Yeah, sidetrack. It's what we do, Dana. What we do? OK, and your URL is what?
OK, cool, we'll definitely make sure that's in the show notes. One of the things we
Ask is do you listen to audiobooks?
Yes I do.
Cool, do you have a recommendation of a favorite book?
I do, but I also have an old book. I'm sure it's not audible somewhere, but I think it's very appropriate for everything that we're all going through with Kovid is The Who moved my cheese book, which at least 15 years old. But just talking about adapting to a whole new circumstance that you wanted to go back to the way that it was as much as you possibly can, but it's not going to, so it's all about learning how to force yourself to adapt to the new in.
Apartment, so if that was not on there but I also like Gary B having Gary below. Yes yeah, so it should and crushing it in all the ones that he's got on that level.
With your content I see it now I see it now, that's brilliant. I was going to say like it's some of the things you said about doing the content and kind of breaking it down. I'm like that's very Gary Vish.
Yeah, and even just.
Throwing yourself out there. I mean, for you know months, I went back on LinkedIn 'cause he said oh, you know LinkedIn is gonna be kind of a new big thing for businesses, which made sense because every.
We signed up for about 15 years ago and then nobody went went on, it until we all kind of came back or we're starting to come back over the last couple of years. So then I watched people stuff and I watch a Rowbotham, who I love love. Love Shea and he was the only one doing videos on there. This is about two years ago and he was like listen. You guys you gotta throw yourselves out there, you're not going to know unless you actually do.
And then I said, alright? Well, I gotta give this a whirl. And then it was even worse because I did. And then I didn't get any like.
I thought, alright well, I'm gonna keep going on this for six months.
And if I don't get any traction, then I'm probably going to pack it up here.
Right, but it you know how long did it take to get traction?
I would say.
I would say probably about about about six months is when it when it did and then a little bit after that is when I went through Shays Boot camp and that was very very helpful to to really set up videos and ways to lay them out. So then I really.
Videos, I think that a little bit more professional looking so that that was very, very helpful. So that was about a year and a half ago I think so.
Cool, no that's definitely that's definitely good to know Cheryl bottom stuff is also very entertaining on on LinkedIn as well.
It's a it's a. It's interesting to see. Kind of the the medium of LinkedIn. Again, Full disclosure. They're owned by Microsoft to my mortgage, yeah, but no, I've noticed that too. Like I've been on YouTube since 2013. One of my I'll come out there with my other big shame, right like?
Is like how horrible my subscription numbers are right? I have now I'm at like 350 subscribers right? Yeah me but that.
I miss you too. I have, I don't. I think I have 3 subscribers. I you.
Know I'll make sure to subscribe to you there, but no. I mean like just I I.
Actually the ironic thing is that because we do these livestreams because I get more engagement on on LinkedIn.
I would do more live streams which using either re stream or the one with the Duck Stream yard. Yeah, I would just just oh hey why not right?
Yeah, an. I'm actually seeing my YouTube numbers go up and then maybe maybe. I mean, the problem probably was me. I wasn't publishing enough, it wasn't publishing enough interesting stuff. And you know, I think.
Uh, just fascinating, we could sidetrack on this all day, but we want to be respectful of your time. Definitely definitely wanna talk to you offline about kind of the shade Rowbotham stuff 'cause she's crushing it.
Yep, and Audible is a sponsor of the show, so if you go to the data drivenbook.com it will route you to audible and if you get a subscription we get a bit of a cut. We get a bit of a a little.
You know enough to buy a Starbucks, probably, but we do. We're looking for creative ways to monetize the show. We have a couple other projects coming in the pipeline, new shirt design Andy New T shirt design? Yes, solve that that data. Lord Loreon yes so.
I know, right?
So we have a. We have a T search merch shop on Amazon and one of the designs actually was a guy fishing.
And it was like I changed the I bought like a bunch of pre made designs for some of them and I changed it to from fishing to pH fishing.
Funny story, so my one of my kids, my older. He's now 10 but when he was like three or four I'm not an outdoorsy guy. I grew up in New York City.
Right, he comes to me and says Daddy I want to go fishing.
I don't think in.
Dude, stealing money from people is.
Oh, you meant OK?
That's funny. And then when my when my younger now my my my now my younger son he was about the same age now he's like hey I wanna go fishing I wanna get him like I want to go fishing and I just start to myself I was like that's funny I know what he's talking about now.
Again, with the sidetrack, I've started listening to a new audio book is what we usually do at the end of the thing. We'll talk about already about this, called the Mathematics of Life and Death. Very fascinating discussion on.
False positives false negatives cancer screenings.
It's just like it's very thought provoking there was this whole chapter about how cancer screenings like you know if you do kind of this mass market of like as many people as possible.
A false positive.
Is very nerve wracking for the person, but if it brings in more people to get more advanced diagnostic testing.
That's a good thing, and talks with the ethics of it. It's very fascinating in terms of how the numbers can be, yeah.
And it was on sale for on for like $3 one day.
So it's like nice.
I'm listening to green lights. Matthew McConaughey.
Oh, I'll check that out.
Cool awesome. Well thank you Dana for being on the show and will definitely make sure we get all the information we put in the show notes and everyone out there. Thanks for joining. I see Thomas has said thank you and have a happy Turkey Day. Same to you. Same to you everyone out there and LinkedIn land, YouTube land.
I think we're an everywhere but Instagram, but.
We'll fix that at some point in the future.
Thanks for your time and if you were listening to this on the recording will let the British Lady end the show.
Thanks for listening to data driven.
I have to say that I do not find it at all surprising that humans are the weakest link in the security chain.
I have a lot of human friends.
Now heading back to business.
We know you're busy and we appreciate you. Listening to our podcast.
But we have a favor to ask. Please rate and review our podcast on iTunes, Amazon Music, Stitcher or wherever you subscribe to us.
You have subscribed to us, haven't you?
Having high ratings and reviews helps us improve the quality of our show and rank us more favorably with the search algorithms.
That means more people listen to us spreading the joy and can't the world use a little more joy, these days.
Now go do your part to make the world just a little better and be sure to rate and review the show.