Apr 9, 2019
Craig is on with Jim Polito this morning. They talked about sextortion scams being circulated in the emails and about passwords and password managers you can use.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
Latest Tactics Used By Cybercriminals To Bypass Traditional Email Security
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 04/09/2019
Why Hackers Hack - Sextortion On The Rise And What To Do About It
Jim Polito 0:01
Welcome back. He's here and thank God because the cyber criminals
are out there. Still trying to get into your email. Well, how do
you protect yourself? Well you start with this man, our Tech Talk
guru Craig Peterson. Good morning, sir.
Craig Peterson 0:21
Hey, good morning, Jim.
Jim 0:22
How are you, buddy?
Craig 0:24
I'm doing great. We're just in a conference, in fact, out west and
now I'm trying to get used to the time zone again, back and forth,
back and forth. There's so much going on.
Jim 0:34
There is and they're relentless, the cyber criminals in wanting to
get into your email every time some other patches put up or some
other security measure, they figure a way around it. So what's the
latest that they're doing? And what can we do about it?
Craig 0:50
Well, if you don't mind you, and let me let me explain something to
the audience.
Jim 0:53
Explain, I like that. Explain.
Craig 0:58
Why are they doing it? And you get right down to it, you and I and
everybody else around here. We're living here in this first world
country. And we enjoy all kinds of things. At the conference, I
spent some time with a few ladies from Zimbabwe and South Africa.
And they're living there, this one lady is trying to help other
women who are in abusive relationships there. Get out of that learn
some skills. They make it $100 a month, in Zimbabwe. They do not
have running water. Most of the days of the week the pipes are
turned off, there's no water at all. They don't have the
electricity that we have. It's just amazing. And they were just
absolutely livid about what they called entitled, stupid people
worried about everything from the type of plastic bag all the
way on out.
Jim 2:03
Don't talk about plastic bags. You're going to get people
upset.
Craig 2:10
Total first world problems, okay, I'm helping them by getting some
use computers together, cleaning them up, I'm gonna be doing some
free training for them on cyber security. So consider that type of
person. And then then you can move on to Eastern Europe where it's
more than $100 a month that they're making but they're not making
very much.
Jim 2:28
They're not making very much.
Craig 2:31
So if they can somehow get their hands on your data, if they can,
you know, these people aren't stupid. They're just in a bad
financial circumstance. So if they can get their hands on your
data, let's say one, one of my new clients had $100,000 taken out
of their operating account, based on the technique we're going to
talk about, okay. $100,000, and this was an Eastern European, that
means they can not only support themselves for a year or two, but
they can support their brothers, their sisters, their parents,
their grandparents for a year or two. You know, the getting a
$500 from someone is a huge win. Again, these women in Zimbabwe,
that's five months worth of food and rent if they have to pay that.
That's huge, huge money. So we're sitting here with our first world
problems saying, well, why would anybody want to steal my credit
card or my identity? Or get into my business bank account?
Craig 3:40
Well that's why. Think think of the motivation of these people and
how many people there, they're going to be helping? So I had to say
that because.
Jim 3:48
It makes sense. I'm glad I'm glad you gave that perspective, I
mean, just about what they're dealing with. And and if they you
know, it drives people to some things. Drive people to crime.
Craig 3:59
They absolutely do and we just don't realize it so much of the time
zone, we have a very interesting conversation at dinner the night
before last, with these ladies talking about what's going on. So
when you were talking about here with email is absolutely huge.
Because again, these are just bad guys. And they are trying to get
some money out of you. And they're using some new strategies to get
past these email security gateways. You know, you have some of the
lower end ones that you might get from a Barracuda or an online
site, and there's ways to get past them. And that's what we're
talking about just for a minute here. I've had a lot of listeners,
contact me with these sextortion scams. Know, I've got them as
well, I don't know if you have. But what will happen with these
sextortion scams, which is a type of blackmail, and right now it's
making up 10% send of all of the spear phishing attacks and email,
and that number is rising. And if your employees are more than
twice as likely to be targeted blackmail, then standard business
email compromise. And so here's what happened. They send an email
that has in the subject line, security alerts type of message.
They'll include your email address, or even your password in the
subject line. And they'll say something like, Hey, you know, we
have video of you on this porn site. And they'll give you a
password. Now remember, Jim, we've talked many times about do not
put your password out on, you know, the same password on multiple
websites?
Jim 5:52
Yeah. Because once they get one, they get the others. Yeah.
Craig 5:57
They've got them all because it's the same one. So they'll either
put your email, your email address, they'll definitely put your
password into these things. And now all of a sudden, you say, Oh,
my gosh, what happened? And whether or not you were on that site,
you're questioning now wait a minute, they've got my password?
Well, of course they do. If you use the same password everywhere,
of course they do. And we're seeing brand impersonation is huge.
One out of three times a impersonate a financial institution.
Jim 6:34
And there is. Yeah.
Craig 6:35
There it is business email compromises and blackmail is on the
rebound right now. So one of the most common ones is impersonating
Microsoft and my dad fell victim to that one. Thank goodness, my
mom called me and said, you know, your dad's talking to
someone on Microsoft technical support? And I'm not sure. You know,
one in five is a financial institution, the majority them now are
sextortion emails with a security alert, subject lines and more
than 70% nowadays, are trying to establish some form of rapport.
Hey, we're trying to help you.
Craig 7:17
Yeah, sense of urgency. And we're using name spoofing techniques.
And it's getting past most of these lower end filters and gateways
out there. So if you're a business person, and this is, you know,
they're not all going to business email addresses, that's for sure.
And they are not all coming from them either. Right now, the number
one source of these sextortion and other emails, is Gmail. It's
Google. Google's not even able to stop them from going out okay.
Huge. So just stay ahead, you've got to have the right combination
of the right technology, which isn't the cheap stuff, I'm afraid to
say, you know. Look for something good look for Cisco's email
firewalls. Look for the higher end ones. You know, even a Barracuda
is better than nothing. Right? So have that, but also have training
for your people. You know what, I'm going to dig up, there is a
website that Google has put out, I've got the URL somewhere. I'll
dig it out. I'll text it out to our listeners here later on today,
once I figure it all out. But this is training. It's free, it takes
five to 10 minutes, 15 minutes at the most. And what it does is it
shows you on this website to type it asks for your name and email
address, okay, now, they don't use it in marketing or anything. But
the goal behind this is to embed it into these fake emails, they're
going to show you they're not going to send them to you, they're
just going to show you. And you'll see the email on a web browser,
just like it will be showing up in your normal email client. And
you can mouse over and over over so they teach you some techniques.
And with what's going on right now, Jim, this is going to be a
godsend. So I'll make sure I SMS them out. Probably this
afternoon.
Jim 9:13
All right. And it will tell you at the end of the segment, how to
get to that stuff. But it's very, very important. Craig, you've got
I guess the real tip here is you've got to make different passwords
for every single account. And you talked before about a password
storage system to help people with that.
Craig 9:38
Right, exactly. So go into Jim's archives, and you'll
find, here's what it is, okay, there's two password managers,
I highly recommend. If you are a business user, absolutely use
something called 1Password. So that's the digit one, followed by
the word password, 1Password is the way to go. And it's absolutely
phenomenal. And I've written this thing up about this, I'll try and
send that out later today too. I'll try and send them both out. And
then I use it for my family as well. But it does cost money to get
the family options and to get the group options. And 1Password has
multiple vaults so you can have a vault for your financial people,
a vault for your marketing people, etc, etc. So I love that. And
then the other one that is free, now 1Password does have free as
well. Okay, just let me have all the advanced features which you
don't need from normal, just normal use. LastPass is the other one.
LastPass as in last password. And both of these tie into your web
browsers, they'll create passwords, they will remember them, they
work across all of your devices. It's huge. So start today. Change
all your passwords and use one of these two password managers.
Jim 10:57
All right Craig big help. Craig Peterson everybody. Now here's how
you get all this information. This is how I know this stuff. And
you'll be in on it too. Text my name, Jim, to this number.
Craig 11:12
855-385-5553. So just text the word Jim to 855-385-5553 along with
any questions you might have.
Jim 11:26
Standard data and text rates apply. Craig will not sell your name
to somebody, he won't hack you. This is all free. There's there's
nothing, nothing you need to do about it. It's all free and he
won't pester you with incessant messages but he will alert you when
something big happens and tell you what you need to do. Craig
excellent segment. Thank you so much for the time.
---
Don't miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We're really hitting it out of the park. This will be a great year!
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553