Oct 29, 2021
How Ransomware, Trojanware,
and Adware Hurt You.
And Why ExpressVPN Isn't Safe to Use.
Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most?
[Automated Transcript Follows]
[00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us.
[00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now that pretty much everybody is going to be facing a serious ransomware attack within the next 12 months. The numbers are staggering. And what are they doing while now they're getting you with the double whammy.
[00:00:50] The first whammy is they encrypt your data. Your computers are encrypted, everything on them. So you can't use them anymore. Bottom line. Yeah, they'll boot they'll run enough in order to be able for you to pay that ransom. But any document that you might care about, any PDF, any word doc, and the spreadsheet is going to be encrypted.
[00:01:14] And the idea behind that is. You have to pay in order to get that decryption key about 50% of the time. Yeah. About half of the time. Even if you pay the ransom, you'll get your data back the rest of the time. No, you you'll never see it again. So what do you do about that type of ransomware? Well, obviously most people just pay the rent.
[00:01:39] But that's gone up as well. We've seen over a hundred percent increase in the amount of ransom people happy. So what's the best thing to do. What's the easiest thing to do in order to help you with this type of ransomware while it's obviously to have good backups. Now I'm going to be doing a bootcamp.
[00:02:00] We're going to talk about this and a workshop. I really want to get going with these one week long workshops. So we'll do a, at least a couple of times a month in these boot camps that we'll do pretty much every week here, but they're coming up fairly soon. You'll only know about them. If you are on my email list, that is Craig peterson.com and the number one thing that you can do to.
[00:02:27] You when you're hit with this type of rent somewhere, because if you're not taking all of the other precautions, you should be digging under really good that you're going to get hit the better than 50%. And once you do is have a good backup, and I want to warn everybody because I've seen this again and against people just keep making this mistake, probably because they don't get it.
[00:02:51] They don't understand why and where and how, when it comes to ransom. The mistake is they do a backup to a local desk. Now, many times the backup is on a thumb drive or USB drive. So you just go to the big box store. You go to Amazon, you order an external drive. You're just amazed how cheap they are.
[00:03:16] Nowadays. Once you've got that drive, you plug it in. You turn on some backup software. Maybe it's something you've used for some years, maybe. If you have a Mac, you're just using the built-in backup software. Even the windows operating system now comes with some built-in backup and you think you're off and running because every so often it back.
[00:03:40] If we're using a Mac is smart enough to not only back up your whole machine, but as you're editing files, it's going to go ahead and make a backup of that file as you're editing it. So if there is a crash or something else, you're not going to lose much. I just love the way apple does that. Huge problem.
[00:03:59] Because if the disc is attached to your machine, or let's say that disc is on a file server, cause you're smart, right? You set up some network attached storage of some sort and your machine has access to it. And so you're sending it off of your machine to a central. Well, you still got a problem because if your machine can read or more particularly right to a location on your network or locally, that ransomware is going to also encrypt everything, it can find there.
[00:04:37] So, if you are sharing a network drive and you get ransomware, when you remember the odds are better than 50%, you're gonna get it. Then what happens? What would this type of ransomware it not only encrypts the files on your computer, but encrypts them on the backup as well. And it also encrypts them on any of the.
[00:04:58] File servers or network attached storage the, to have on your network. So now everything's encrypted. You wonder why someone and people pay the ransom? Oh, that's a large part of the reason right there. And I keep saying this type of ransomware because there isn't another type of ransomware and they usually go hand in hand.
[00:05:21] The bad guys were not making enough money off of holding your files. Rants. So the next thing the bad guys have done is they've gone to a different type of extortion. This one is, Hey, if you don't pay us, we are going to release your files to the world. Now they might do it on a dark website. They might do it on a publicly available site, which is what many of them are starting to do now.
[00:05:51] And you're going to either be embarrassed or subject to a lot of fines or both, because now if your files have. Confidential information. Let's say it's your intellectual property. Now, anybody who bothers to search online can find your intellectual property out there. If you have anything that's personally identifiable information.
[00:06:18] And it gets out. Now you are subject to major fines. In fact, in some states like California and Massachusetts, you are subject to fines. Even if the bad guys don't post it online. So that's the second type of ransomware and it's a bad type. And usually what'll happen is the bad guys, get their software on your machine and they can do it in a number of different ways.
[00:06:45] One of the popular ways to do it now is to just break in because. Our businesses, we've, we've set up something called remote desktop, and we're using remote desktop for our users to get in. And maybe we're using some form of a VPN to do it with, or maybe we've made the mistake of using express VPN. And, uh, we have that now connected up to our homes and we think that that's keeping us safe.
[00:07:13] And I got a few things to say about that as well. These VPN services. What happens now while Microsoft remote desktop has been under major attack and there are some major flaws. Some of these were patched more than a year ago now, but according to recent studies, 60%, almost two thirds of businesses have not applied the patches.
[00:07:42] You know, th this is basic stuff. And I understand how hard it can be and it can be confusing and you can break your systems, but you have to weigh that against well, what's going to happen if our systems are broken into, because we didn't apply the patch. So that's the second type of ransomware and that's what most people are afraid of and for good reason.
[00:08:07] And one of the things we do for businesses and we do ransomware audits, we have a look at your systems, your firewalls, et cetera, and make recommendations to. Man. I got to talk about this too, cause it really upset me this week. I signed up for a webinar just to see what was going on. There's a company out there that sells these marketing systems to managed services providers.
[00:08:33] And I, I, I had to turn it off like instantly because it was just such. Garbage that they were telling managed services providers MSPs to do. I couldn't believe it. So this guy was talking about how, again, I turned it back on and I said, Hey, I've got to watch us anyways, because I need to know what's going on.
[00:08:54] And this guy was telling these managed services providers, how they can double their clothes. I couldn't believe this guy. Cause he was saying that what they do is they offer to do a ransomware audit for businesses and they say, normally we charge $6,000 to do a ransomware audit, but I tell you what we'll do it for you for.
[00:09:20] Now, this is a guy that he had an MSP managed services provider. Apparently he had started it and he was bringing in more than $1 million per month in revenue. Can you imagine that monthly recurring revenue over a million dollars? And so he's telling people businesses, Hey, I have a $6,000 audit that we'll do.
[00:09:47] For free, Hey people, how long have we said, if you're not paying for something your, the product remember Facebook, right? Google, Instagram, all of those guys, Twitter, you don't pay for it, but your information is the product. So what's this guy doing well, guess what? His audit, it's going to show his audit.
[00:10:10] It's going to show that you need him. And he's sucked in hundreds of businesses and he didn't even know what he was doing when it came to the audits or protecting them. It is insane. What's going on out there. I am ashamed of my industry, absolutely ashamed of it. You know, I've got my first attack, successful attack against my company back in 91 92.
[00:10:42] And I learned this stuff because I had to, and I help you guys because I don't want you to get stuck. Like I was so important, important word of advice. If you want to nod it, go to someone that charges you for the audit. That's going to do a real one. It's going to give you real advice that you can really need and use rather than, Hey, you knew do use me.
[00:11:11] Because my free audit tells you so, so many scams.
[00:11:15] What is ad where in what is crypto, where these are two types of real, kind of bad things. Won't gray areas, things that are hurting us, our mobile devices, our businesses. And our homes.
[00:11:32] Adware is also a type of malware that's been around a long time. But it does live in a gray area.
[00:12:09] And then once it's in, in your browser, it sits there and it pops up things. So it'll pop up an ad for this, pop up an ad for that, even if it's. Uh, part of the site that you're on right now, and it can live for months or years on your computer. We've known for a long time about ad where on the windows environment and how it has just been just terribly annoying at the very least Microsoft and genetic Explorer.
[00:12:40] One of the worst web browsers ever. Perpetrated on humankind was well-known for this. And of course, Microsoft got rid of internet Explorer, and then they came up with her own symposer browser, the edge browser that was also openly scorned. And so Microsoft got rid of their edge browser and switched over to basically Google Chrome chromium, and then changed his name to the edge browser.
[00:13:11] And so you think you're running edge, but you're kind of not, you kind of are. So they did all of that in order to help with compatibility and also to help with some of these problems that people have had using that Microsoft browser online, very, very big problems. So what can you do about it and what does it do to you and where can be very.
[00:13:37] You might've had it before words always popping up again and again and again on your browser, just so crazy knowing it it's insane, but it can also be used to spy on where you're going online and potentially to, to infect you with something even worse. Sometimes some of this ad where we'll purposely click on ads, that the people who gave you the ad were, are using as kind of like a clickbait type thing.
[00:14:09] So you go to a website and it was. Automatically click certain ads and click on unbeknownst to you, right? It's as though you went there so that people have to pay for that ad. And sometimes aids are very, very complicated. Sometimes they'll use. In order to drive a competitor out of business or out of the market, because the ads are so expensive because so many people are supposedly clicking on the ads.
[00:14:40] But in reality, you didn't click on the ad. You're not going to see that page that you supposedly clicked on, and it's going to cost that advertiser money, whole bunch of money. You might not care. Right. But it is. Ad ware over on the Mac, however, is the only real malware menace at all I had to where is something that choosed fairly frequently on the Mac?
[00:15:09] It is pretty darn easy to get rid of. And as a general rule, it doesn't work very well on the Mac. Although I have seen some cases where it got very, very sticky. Where someone ended up installing it, it wasn't just running in the browser, but they installed it on their Mac, which is something you should never do.
[00:15:29] But apple has some things in place to help stop any of this from happening. And it's gotten a lot better. I haven't seen this problem in a couple of years, but apple is using the signature based blocking technology called export. They also have at apple, this developer based notarization of apps. And so the run of the mill malware, which includes most of this Al where really can't find a foothold.
[00:15:57] But I want to remind everybody that if they can get Al add where onto your computer, they might be able to get something worse. So you really got to keep an eye out for no two ways about it. There are some companies out there, for instance, there's this one. Parrot, which is a program linked to this Israeli marketing firm that gains persistence on your browser and potentially could gain root access to the Mac system.
[00:16:30] So careful, careful on all fronts now. Anti-malware stuff that we use for our clients is called amp, which is an advanced malware protection system. That's been developed by our friends over at Cisco it's amp is very, very good. Unfortunately, you cannot get it unless you buy it from somebody like us and you have to buy so many seats for some of this stuff, it gets gets expensive quickly.
[00:17:00] Um, if you can't do that much, a lot of people like Malwarebytes, there are some very good things about it, but be careful because in order for this to work, this is Railey parrot software to work. It has a fake install. So again, it's just be careful if you know how apple installed software, you know that unless you have instigated it, it's not going to be installed.
[00:17:30] You're not just going to see an installer. And say, Hey, we're apple install us. Right? Apple just does it in the background when it comes to updates patches. But they're very sneaky here trying to install things like the Adobe floor. Player, which has been deprecated. Deprecated is completely now gone from Mac systems and from windows systems, you should not be using flash at all anymore.
[00:18:02] It was very, very bad. So up becomes you, you go to wound stole the leaders flash player, or, and I'm sure they're going to change this or something else, right? It won't be flashed in a future. It'll be a Adobe. Would you also don't need on a Mac. So anyhow, that's what you got to be careful of ad were still a big problem in windows.
[00:18:25] Not much as much as it used to be. Uh, thanks to the change to Google Chrome, which Microsoft has rebranded as of course its own edge browser. Much of a problem at all on Macs, but be very, very careful in either platform about installing software that you did not start installing. Now earlier this year, there's a security firm called red Canary that found something that's been named silver Sparrow.
[00:18:58] That was on a. 30,000 Mac computers. And apparently the developers for this malware had already adapted it to apples and one chip architecture and have distributed this binary, this program as a universal binary. Now in the macro, the member doesn't just use Intel. It used to use power PCs and then it used Intel.
[00:19:21] And now it's using its own architecture for the chips themselves. So a universal binary is something that will run on Mac Intel based and Mac architecture base. But, uh, the bottom line is that this proof of concept. Malware, if you will had no payload. So we know it's out there, we seen it now on almost 30,000 Mac computers, but at this point it's not really doing much, much at all.
[00:19:53] So. These are malicious search engine results and they're directing victims to download these PKGs, which are Mac packaged format installers based on network connections from your browser shortly before download. So just be very careful about all of that. It can be something as annoying as malware or something as a malicious.
[00:20:17] Well, potentially as ransomware. Particularly if you're running windows, Hey, if you want to find out more about this, if you want to get into some of my free courses here, we got free boot camps coming up. Make sure you go to Craig peterson.com/subscribe. More than glad to send you my show notes, a little bit of training, and of course, let you attend these free bootcamps that are now to sell you stuff, but solve problems for you.
[00:20:49] Hey, if you use VPNs to try and keep yourself safe, particularly if you use express VPN. Wow. What just came out is incredible. It is anything but safe and secure.
[00:21:06] Express VPN was purchased by a company called Cape K A P E. Cape is a company that had changed its name because oh, things were bad.
[00:21:19] Right. It was originally founded under the name of cross writer. And you might've seen notices from your anti-malware software over the years for everything from Malwarebytes on saying that, oh, it blew up. To this cross writer piece of malware, most of the time it's ad ware, but it is really interesting to see because this company was founded by a person who was part of the Israeli secret service. Right? So it wasn't of course not. It's not called the secret service over there in Israel. And it, frankly, it compares to our NSA, you know, no such agency. Yeah. It's part of unit 8,200 in the Israeli intelligence military. And it's been dubbed, of course, Israel's NSA. Teddy Saggy, which was one of these investors also was mentioned in the Panama papers.
[00:22:24] Remember those? We talked about those back in 2016, those were leaked and that showed these law firm, this one particular law firm in panel. And that we're sheltering assets for people all over the world. And so now that express VPN is owned by this company that is, this company built entirely by intelligence agents for almost a billion.
[00:22:55] Dollars in cash and stock purchases. That's a much, they sold express VPN for almost a billion dollars, which is kind of crazy when you think of it as a VPN service, but makes a lot of sense. If you're going to want to monitor what people are doing, where they're going, maybe even break into their systems or better choice than a VPN provider and the.
[00:23:20] The company has been buying up VPN providers and is now the proud owner of express VPN. If you attended my VPN workshop that I had, oh, it's probably been a year and I'm going to start doing these again. I promise, I promise. I promise, but you know how much I just like VPNs. In fact, one of you guys, I'm sorry, I forgot your name.
[00:23:46] Send me. A couple of weeks ago now about VPNs and saying, I know how much you disliked VPN look at this article. And it was talking about this whole thing with express VPN. So they just now all over the place, the discussions online about what. Been to hear who the founder was, the CEO, the CTO, this growing portfolio that they have in Sunbrella of ownerships, that now is centralized in a multiple VPNs.
[00:24:15] Now, Cape technology only started acquiring VPN companies about four years ago. And they've been in business now for over a decade. And what were they doing before? They started buying VPN companies? While they own VPN companies. Oh, they were a major manufacturer and distributor of. Malware of varying types.
[00:24:40] Now the first part of the show today, of course, I was explaining some of the differences, like ad words, et cetera, so that you could understand this story. Right? Ghulja that? So you can understand this. That's what these guys have been doing. It's absolutely crazy. So the F the co-founder of Cape technology and former CEO started his career in information technologies while serving in the Israeli defense forces.
[00:25:08] As I mentioned, Israeli intelligence Corps under unit 8,200 it's that unit is responsible for. Dean what's called signal intelligence and data decryption. Now we have signal intelligence here as well, and that's basically intercepting signals, figuring out what's being said, what's going on? Where they are, the size of the forces, et cetera.
[00:25:32] I have a friend of mine, a young lady who is in signal intelligence in, I think it's the Navy, but every part of our military has it is. However, our military doesn't directly control VPM services like express VPN that can be used in a very big spike capacity. That's what I'm really concerned about. Now. I also, I found an interesting article on zero hedge about this, uh, you know, this company express, VPN being acquired.
[00:26:06] But they're also pointing out that companies that were founded by former operatives of unit 8,200. That again, the Israeli version of the NSA included. Ways Elbit systems, which is right in my hometown of Merrimack, New Hampshire and slews of other startups now ways. Right. I, I used ways I recommended people to use it and of course, Google bought it a few years back and that's when I stopped using it, but it was really nice.
[00:26:39] It worked really well. And I had no idea the information was likely going to. The Israeli defense Corps. Oh my goodness. There's spy agencies, uh, and a bunch of other startups, by the way. It's estimated that there have been over 1000 stack tech startups that came out of the people working at unit 8,208.
[00:27:07] Again, they're CIA NSA, uh, guys, their spine on everybody. You can, you believe that? And they've been bought by a mentioned Google, but other companies like Kodak, PayPal, Facebook, Microsoft have bought them. So in addition to the thousands of companies, according to zero. Uh, unit 8,200 has also fostered close working relationship with the U S government, which you would expect, right?
[00:27:33] Edward Snowden. You remember him? He disclosed leaked documents. He obtained, which included an agreement between the NSA and the Israeli defense force. The agreement showed that the U S intelligence. Agency would share information. It collected under domestic surveillance operations with it. Israeli counterpart.
[00:27:53] You remember we talked before about the five eyes, seven eyes searching eyes. It's up in the twenties. Now these countries that spy on each other citizens. For the other countries, right? Yeah. Your information might not be collected by the U S government, but the U S government gets it by buying it from private contractors, which it says it can do because we're only barred from collecting it ourselves.
[00:28:17] We can use private contractors that collected on you. And also by going in partnership with foreign government. Because again, we can't collect that information, but we can certainly have the Israelis or, or the Brits or the Australians or Canada. They could collect it from. Can you believe this, how they're just stretching these rules to fit in what they want to fit.
[00:28:39] Okay. Completely ignoring not only the constitution, but the laws of the United States. It's, it's just absolutely incredible. So critics of this unit, Eddy 200 attested that the Israeli intelligence outfit routinely uses the data received from the NSA by providing it to. Politicians Israeli politicians for the basics of blackmailing.
[00:29:06] Yes. Blackmailing others. Yes. Indeed. Other whistle blowers have revealed any two hundreds operations have been able to disrupt Syrian air defense systems, hack Russia. Cap Kaspersky labs. You remember I told you guys don't use Kaspersky antivirus and has outfitted several Israeli embassies with Glendale, seen surveillance systems, cleanse Stein.
[00:29:31] However you want to pronounce it. By the time Cape technologies acquired his first VPN company. Uh, the CE original CEO had left and he went on to found cup pie before leaving as it CEO in 2019, it goes on and on, uh, bottom line gas, SWAT express VPN, which is advertised by so many conservatives. Now looks like it is actually part of a spy operation.
[00:30:01] So sign up now. Craig peterson.com. Craig peterson.com/subscribe. You're going to want to attend my free VPN webinar. Hey, I don't have anything to sell you when it comes to VPNs. I just want you to know the truth.
[00:30:17] Labor shortages are making businesses turn direction. And now that we're laying off people or firing them because they didn't take the jab, what are businesses going to do? Well, I have news for you that reduced workforce, well, guess what?.
[00:30:34] U.S. Businesses are really seriously moving to automation.
[00:30:39] Now they've been doing this since the start of this whole lockdown. They were doing it even before then. I tell the story of when I was in France, a boom went four or five years ago now, and I stayed off the beaten path. I was not in the touristy areas. I speak French. So I went just where the. I decided to go, my wife and I, so we rented a car and we spent a month just kind of driving around where do we want to go next to, or do we want to go next?
[00:31:08] It was a whole lot of fun. And while we were there on a Sunday, I came to realize that these small French towns have no restaurants open on Sunday, nothing at all, talking about a bit of a culture shock. That's not true. There was one restaurant opened in the town and that restaurant was, and McDonald's.
[00:31:30] So when I go to McDonald's here a few years ago in France, central France. And when I walk in, there's nobody at the counter, but they're all. Oh, half a dozen kiosks out front. So you go and you order your hamburger, whatever might be, or your drinks, et cetera, right there in the kiosk, you pay for them riding the kiosk.
[00:31:53] And there's some people working out back that are then making the hamburgers or the milkshakes or coffee, whatever you ordered and bringing it up to the front. And then they just put her right there for you to grab that simple. And this was of course, pre. Down days, I assume that it has gone even more automated.
[00:32:14] Uh, they're in France, but hard to say. And I've seen the same thing here in the us. I was out in Vermont just about a month ago and I was riding with a buddy of mine, motorcycle riding, couple of buddies, actually. And we stopped in this small. Town. And we went to this little breasts, breakfast restaurant and the breakfast restaurant had maybe four or five tables inside.
[00:32:42] And you just sat at the table. No waitress came up, but there's little sign with the QR code. So it said a scan, the QR code to get started. So you scanned it, it knew based on the QR code, which table you were at, and it showed you the menu that was in effect right then and there. So the lunch menu or the breakfast or the all day, you got to pick it and then you selected what you wanted.
[00:33:08] It used whatever payment you wanted. I used apple pay. And in order to pay for my breakfast and my buddy ordered what he wanted. And then out came a waitress who delivered the food. Once it was already in the drinks, it was very automated. It allowed them to cut back on some people and others, this small restaurant, they probably had one last waitress, but when you kind of had in the shifts.
[00:33:33] Days and vacation days is probably two waitresses. So they're saving some serious money because a system like this that you just scan a QR code and do the order and it prints up in the kitchen is cheap compared to hiring. Well, of course, it's hard to hire people, especially in the restaurant industry nowadays heck and in my business where we go in and we do analysis of computer networks and systems, it's almost impossible to find people that are really well qualified that understand the regulations that apply to these different businesses.
[00:34:10] So it's like, forget about it. There's more than a million of these jobs open right now. And just in this cybersecurity. Well, September mark, the end of the real lockdown induced unemployment benefits workers. Didn't just flood the labor market as we kind of expected. And we have now few, we have more people now.
[00:34:38] Who are out of the workforce. Who've decided not to look for a job than we did in 2008. So that's telling you something 2008 during the great recession. Interesting things are about to happen, but there's a great little article that I found in. Times this week, and it's talking about this quality local products company out of Chicago, the prince logos on merchandise, like t-shirts water bottles, you know, the little stress balls, all of that sort of stuff.
[00:35:10] And he said prior to the pandemic, we had over 120 employees. That's the co-founder talk in there. And he said, Primary focus was on growth. We simply plugged any holes or any efficiencies that we could along the way with human capital, bringing people in. But once the lockdown happened, of course, all of a sudden now you don't have the access to employees you had before.
[00:35:36] So they had a huge decrease also in business. So those two went hand in hand. They let a lot of people go and they use the opportunity to program many of the previous manual and human controlled activities into computers. So now 18 months later, yeah, two weeks to flatten the curve. Right? 18 months later, the company employees, 83 workers.
[00:36:03] And as managing a workload, that's pretty much the same as pre lockdown. So they went from over 120 employees down to 83. So basically they cut 40 employees from the workforce. That's a whole lot of quarter of the workforce gone. They don't need them anymore. So that's going to help produce more profits for them.
[00:36:27] A lot more profits. Cause usually automating. Yeah, it can be painful, but it usually has major paybacks and that's exactly what it had for them. And they're saying that they anticipate that they can reduce employees even more by the end of this year and get their head count below. 50 now 50 is a magic number.
[00:36:48] So it was a hundred when it comes to employees. Well, one is like the biggest magic number because when, once you have one employee, you all of a sudden have to comply with all kinds of rules, regulations, state, local, federal. But if you hit 50 employees, you have the next step of major new regulations that are gonna affect your business.
[00:37:09] And then when you hit a hundred employees, Even more, so many people try and keep their businesses below 50 employees because it's just not worth it to have all of those regulations, additional regulation, taxes, and everything else. Another company, this is a California based property management. The managing more than 90,000 commercial and residential properties.
[00:37:33] And what they've done is they added a chat feature to the website, the company's called sea breeze. And he says, even though we have the live chat, you can still reach us outside of business hours. Well, You are using the chat or you can call us either way, but they're saying people like the simple form and someone gets back to them as soon as they can.
[00:37:57] So they're avoiding now having staff available 24 7 to respond to chat messages and to respond to the voicemails and phone calls that come in. So it's pretty good all the way around, frankly, new shopping models are in place. I'm looking at a picture of a business and it has. Of course, a window up front and in the window they have jewelry.
[00:38:21] This is a jewelry store and they've got QR codes in front of each of these pieces of jewelry right on the inside of the window. So if you're interested in finding out more about that piece of jewelry, Just scan the QR code. It'll take you to the right page on their website and we'll even let you buy the jewelry and they will mail it to you again.
[00:38:46] How's that for? Great. If you have a business in a tourist jury area and you don't want to be open until 11:00 PM at night, your story can keep selling for you. Even when you're close. This is window shopping, taken to an extreme, very simple. To do as well. This company is called full me waiter. Obviously they've got a bit of a sea theme here.
[00:39:10] So once someone orders the jewelry and the other merchandise sent right to them, or they can have it set for pickup in the store, when they next open it's phenomenal. They're calling. Alfresco shopping space, right from the sidewalk. So businesses again are returning to pre pandemic levels and he, this guy is available in the store by appointment only he's loving it.
[00:39:37] And he says that customers have been so satisfied with this QR code window shopping contract. That he wrote a guidebook. You can get firstname.lastname@example.org or excuse me, scan, just shop solution.com. I misread that. So any retailers who want to use this method, if you don't know what QR codes are, or you don't know how to code it into a website, et cetera, she's got webinars she's taught on it and she's got the guide book.
[00:40:05] I think this is great. Right? So she's now making some money on. Explain to other people, how she did this. It's phenomenal across industries. Epic times is saying the staffing shortages could be temporary, but as firms are further embracing, embracing automation and all of its benefits, some of these jobs that people just don't want anymore may actually be going away.
[00:40:33] And I think this is ultimately a problem. We had, uh, you know, again, I'm older generation, right? Us baby boomers. We had opportunities when we were younger. I had newspaper routes. I had the biggest drought in the area. I can't remember. It was like 120 homes. It was huge. It took me hours to do, but I made money.
[00:40:56] I learned how to interact with people. I knew, I learned how to do bill collection, how important it was not to let customers get too far behind on their bills. Although I have been slack on that one, I'm afraid, but it helped me out a lot. So, what are kids going to do that need to learn a work ethic that need to be able to have a job, make the mistakes, maybe get fired a once or twice or, or three times maybe learn how to interact with customers.
[00:41:27] Everyone, I think can benefit from some retail experience. Get that when you're young and if these jobs don't exist, then. Or the younger generations here, are they just going to be trying to find jobs they can do with Instagram? Right? They're all I know. A few kids who have said, well, I'm a social media influencer and you look them up and okay.
[00:41:50] So they got a thousand people following them. I have far more than that, but you know, it, that's not a job. It's not going to last. Your looks are only going to last so long. Right now you start having a family and you start working hard outdoors, et cetera. There's a lot of things that make that all go away.
[00:42:09] So I think many businesses now we're going to continue to accelerate our plans program out and. A lot of weld pain positions, as well as these entry-level positions in the next five or 10 years. Really? I don't even know if it's going to be 10 years retool retrain our workforce, or everyone's going to be in for a world of hurt.
[00:42:33] Hey, make sure you subscribe. So you're not in a world of hurt. Get my latest in news, especially tech news and cybersecurity. Craig peterson.com.
[00:42:46] In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business, email compromises. It's really crazy. That's what we're going to talk about.
[00:43:03] An important part of keeping ourselves safe in this day and age really is con to confuse the hackers. The hackers are out there. They're trying to do some things. For instance, like business, email compromise. It is one of the biggest crimes out there today. You know, you hear about ransomware and. It hits the news legitimately.
[00:43:26] It's very scary. It can really destroy your business and it can hurt you badly. If you're an individual you don't want ransomware. Well, how about those emails that come in? I just got an email in fact, from a listener this week and they got a phone call. His wife answered and it was Amazon on the phone and Amazon said, Hey, listen, your account's been hacked.
[00:43:54] We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. So she went ahead and did it.
[00:44:20] She went ahead and did all of the things that the hackers wanted and now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course this isn't a sex specific thing, right. It could have happened to either one. My dad fell for one of these scams as well.
[00:44:44] So she told her husband or her husband looked at what had happened and said, oh my gosh, I don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right. From their app, which is usually how I get notified about something.
[00:45:10] Or they will send an email to the registered to email that. Uh, that you set up on that account. So that email address then is used by them to contact you right. Pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS.
[00:45:35] I was at a trade show and I was on the floor. We were exhausted. And I got no less than six phone calls from a lady claiming to be from the IRS and I needed to pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do. Buy a gift card, a visa gift card, give her the number and she would use that to pay the taxes it and this lady had a, an American accent to one that you would recognize.
[00:46:10] I'm sure. And it's not something that they do now. They do send emails, as I said. So the part of the problem with sending emails is, is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Well, here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email?
[00:46:42] It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? Was it authenticated? Did we accept? Did the, uh, the provider use proper records in their DNS, the SPIF, et cetera, to make sure that it's legitimate. Right? How do you follow up on that?
[00:47:07] That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, making sure that the email came from a registered MX server from the, the real center. There is a way around this. And this has to do with the identities, having these fake burner identities.
[00:47:33] I've been doing this for decades myself, but now it's easy enough for anybody to be able to do. There are some services out there. And one of the more recommended ones. And this is even the New York times, they have an article about this. They prefer something called simple log-in. You can find them online.
[00:47:57] You can go to simple login dot I O. To get started now it's pretty darn cool. Cause they're using, what's called open source software it's software. Anybody can examine to figure out is this legitimate or not? And of course it is legitimate, but, uh, they it's, it's all out there for the whole world to see.
[00:48:17] And that means it's less likely in some ways to be hacked. There are people who argue that having open source software means even more. In some ways you are, but most ways you're not, anyways, it doesn't matter. Simple login.io. Now, why would you consider doing this? Uh, something like simple login? Well, simple login is nice because it allows you to create dozens and dozens of different email address.
[00:48:51] And the idea is with simple log-in it will forward the email to you at your real email address. So let's say you're doing some online shopping. You can go ahead and set up an email address for, you know, whatever it is, shopping company.com, uh, that you're going to use a shopping company.com. So you'd go there.
[00:49:13] You put in two simple log-in, uh, I want to create a new identity and you tag what it's for, and then you then go to some, um, you know, shopping company.com and use the email address that was generated for you by simple login. Now you're a simple login again. Is it going to be tied into your real email account, wherever that might be if using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you.
[00:49:52] You will be able to see that indeed that email was sent to your. Shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? In other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusive.
[00:50:22] For bank of America. In reality, you only have the one email box that is over there on wherever proton, mail, outlook, Gmail, your business. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create a, these alias email boxes. It will go ahead and forward.
[00:50:49] Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have the one email account. And by the way, you can respond to the email using that special aliased email address that you created for the shopping company or bank of America or TD or whomever.
[00:51:22] It might be, you can send from that address as well. So check it out online, simple log-in dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, right.
[00:51:56] pets.com, you name it. They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really, really hurt you.
[00:52:19] And it has, it's one of the worst things out there right now, dollar for dollar it's right up there. It, by the way is one of the ways they get ransomware into your systems. So be very careful about that. Always use a different email address for every. Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name.
[00:52:50] So it makes it pretty simple, pretty handy. There's other things you might want to do for instance, use virtual credit cards. And we'll talk about those a little bit. As well, because I, I think this is very important. Hey, I want to remind everybody that I have started putting together some trainings.
[00:53:12] You're going to get a little training at least once a week, and we're going to put all of that into. We have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on that email list. Go to Craig peterson.com/subscribe.
[00:53:35] Please do that right. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet. Marketers is sending you multiple dozens of emails a day, but I do want to keep you up to date. So stick around, we will be back here in just a couple of minutes. And of course you're listening to Craig Peterson.
[00:53:59] And again, the website, Craig peterson.com stick around because we'll be right back.
[00:54:05] One of the best ways to preserve your security on line is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right.
[00:54:20] We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it's something that might be kind of sketchy, but it is not to use fake identities in order to confuse the hackers in order to make it. So they really can't do the things that they.
[00:54:46] To do they can't send you fishing ear emails, particularly spear phishing emails. That'll catch you off guard because you're using a fake. How do you do that? Well, I mentioned to you before that I have a thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well.
[00:55:13] Right? There's a website out there called fake name a generator. You'll find it email@example.com. I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States.
[00:55:44] So it is applying both American and Hispanic names to this creative. And now remember it's doing the creation based on census data and some other public data, but it is not giving you one identity of any real. I think that's important to remember, and you're not going to use these identities for illegal purposes.
[00:56:11] And that includes, obviously when you set up a bank account, you have to use your real name. However, you don't have to use your. If you will real email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, then you know that it came from the bank or the email address was stolen from the bank.
[00:56:40] Right. All of that stuff. We've talked about that already. So in this case, The name has come up with for me is Maurice D St. George in Jacksonville, Florida even gives an address, uh, in this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now, Uh, two, I'm going to do use Google maps and I am going to put in that address.
[00:57:11] Here we go. Jacksonville willows avenue, all the guests. What there is a Willis avenue in Jacksonville, and it's showing hoes from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it gave me was 36 54, which does not exist.
[00:57:40] There is a 365, but anyways, so it is a fake street address. So that's good to know some, if I were to use this, then I'm going to get my. Uh, my mail saying why about I pass? So, uh, Maurissa tells you what Maurice means, which is kind of neat. It'll give you a mother's maiden name. Gremillion is what a gave me here, a social security number.
[00:58:06] So it creates one that passes what's called a check sum test. So that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks. To me. So it's was not just the right number of digits. It also passes the check, some tasks. Well-known how to do a check sum on their social security numbers.
[00:58:27] So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know, kind of give me a break. Why do you need all this information? It gives me a phone number with the right area code. Uh, and so I'm going to go ahead and look up this phone number right now.
[00:58:50] Remember, use duck, duck go. Some people will use Google search and it says the phone number gave me is a robo call. As I slide down, there's some complaints on that. Uh, so there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date.
[00:59:13] Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here and it's got a username and created for me a password, which is actually a pretty deep.
[00:59:41] The password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a CVC to code all of this stuff. My height is five six on kind of short for. Uh, my weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number.
[01:00:11] My favorite color is blue and I drive a 2004 Kia Sorento and it also has a unique ID. And, uh, you can use that wherever you want. So the reason I brought this up again, it's called fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the true.
[01:00:39] You can use this. And so I've, I've used it all over the place. For instance, get hub where you have, uh, it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. Well, they don't know to know, need to know who I really am. Now they have a credit card number for me.
[01:01:01] Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card. Number four, get hub doc. So just as an example, that's how I use it.
[01:01:24] So if get hub gets hacked, the hackers have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme.
[01:01:47] So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about and I'm talking about how you can create a burner identity. And let me tell you, it is more important today to create a burner identity. Then it has ever been at any point in the past because frankly burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers.
[01:02:24] And it's really the hackers that were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you?
[01:02:52] So we're going to get into all of that stuff. Stick around in the meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig peterson.com. And if you have any questions, just email me M firstname.lastname@example.org.
[01:03:20] Having your credit card stolen can be a real problem for any one of us. It gives the bad guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean?
[01:03:37] Virtual credit cards come in two basic forms.
[01:03:41] One is a single use credit card, which was quite popular back when these things first came out and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards.
[01:04:19] If your card is stolen or missing. Now that makes it quite easy. Doesn't it? I want to point out that if you're using a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my pain. And, uh, because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge.
[01:04:46] They can do an investigation find out. Yeah. I'm you probably were not at a bus terminal down in Mexico city, which happened to me. 'cause I was up here in New Hampshire, quite a ways down to Mexico city. And so they just reversed it out. That money never came out of my bank account because it was on a credit card.
[01:05:08] If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, and you're using a debit card, you got a problem because your check for, well, if you ever have to pay rent again, red check is going.
[01:05:38] Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will, they will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem.
[01:05:57] These, it could make them bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as a master credit card? Masked and may S K E D? Well, the main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every website online.
[01:06:29] And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all of the time. And part of the reason is let's say, I want to camp. Uh, service. Have you ever tried to cancel a service before and you have to call them many times, right. And so you're, you're arguing with somebody overseas somewhere who doesn't want you to close the account.
[01:06:53] And of course the. Bump you up to the next level person who also doesn't want you to close the account. And so you have to fuss fuss, fuss, fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, Well, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number.
[01:07:24] So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that makes my life pretty easy. Doesn't it? And so, because of that, I am now I think in a much better. Place, because it just, I don't have to fight with people anymore.
[01:07:43] So that's one of the reasons I used it. The other big reason is if it gets stolen, they can cause less harm. Some of these credit card it's virtual credit cards are set up in such a way that you can limit the amount that's charged on them. Do you like that? So if you are using it on a site that maybe is charging you $50 a month, no problem.
[01:08:09] $50 a month comes off of the credit card. And if someone tries to charge more bounces and then hopefully you find out, wait a minute, it just bounced on me right now. Then next step up is okay. It bounced and. Uh, I am just going to cancel the card and then you issue a new credit card number for that website.
[01:08:32] So an example. In my case has get hub.com. We keep software up there and they charge me every month if get hub were to get hacked and that credit card number stolen I'm I really don't care because there's almost nothing that can happen. And if good hub doesn't properly cancel. My account, I can just cancel the credit card and, you know, let them come after me.
[01:08:57] Right. This isn't going to happen. So then it's also called a master credit card number because it's a little safer than using your real credit card details. I also want to point out something about debit card. I went for years with no credit cards at all. Nowadays, many of my vendors will take a credit card for payment.
[01:09:20] And in fact, give me a bit of a better deal. And then with the credit card, I can get 2% cash back, which I use to pay down the credit card. Right. It couldn't get any better than that, but when you're using a debit card, what I always. Is I had two accounts that I could transfer money between at the bank.
[01:09:42] So I had one checking account. That was my main operating, if you will account. And then I had another checking account where I would be. Just moving money out of it. Or you could even do it with a savings account, but some banks, they only let you do so many transactions a month on a savings account. So the idea is I know that I have this much in credit card obligate while debit card obligations for this month, that money is going to be coming out.
[01:10:11] So I make sure that. In the debit card account to cover the legitimate transactions I know are coming up and then I keep everything else in the other account. And then I manually transferred over every month. So that's how I dealt with the whole debit card thing. And it worked really well for me. Bottom line.
[01:10:30] I think it's a really great. So there you go, who are the companies that you can use to do this? I've used some of these before all of them have worked really well. If you have a capital one credit card, they have something called Eno, E N O, and it's available to all capital one card. You know, even has an extension for your web browsers.
[01:10:59] So if it notices you're on a webpage, it's asking for credit card number, it'll pop up and say, do you want me to create a credit card number or a virtual one for this websites you can make your payment. Does it get much easier than that? Citibank has something they call a virtual credit cards available to all Citibank card holders, master pass by MasterCard.
[01:11:23] That's available to any MasterCard visa, American express discover Diner's club card holders, credit, debit, and prepaid cards by their way. So you might want to check that one out. Uh, yeah, so that's the only one I see on my list here. That will do it for debit cards, Masterpass by MasterCard American express checkouts, available to all American express card holders.
[01:11:51] Chase pay available to all chase card holders, Wells Fargo, wallet, uh, visa checkouts, available to all visa, MasterCard, and American express and discover color card holders, credit and debit cards. Plus. Prepaid cards. Okay. So it does do the debit cards as well. Final that's all owned by Goldman Sachs and is not accepting any new applicants and entro pay.
[01:12:19] Also not accepting new applicants. There's a couple online. You might also want to check out our Pyne. Premium Al buying. I'm buying a, B I N E blur premium. You might want to check that out as well. All right, everybody make sure you check me out. Craig peterson.com/subscribe.
[01:12:43] We're going to wrap up how you should be using these burner identities of few more tips and tricks that are going to help keep you safe from the hackers that are out there. So here we go.
[01:12:58] There are a lot of hackers out there.
[01:13:01] The numbers are just astounding. The cost of these hackers coming in and stealing our information is just unbelievable. And it goes all the way from big corporations, from things like the colonial pipeline, the U S government all the way on down through you and me. I want to tell you a little story about a friend of mine.
[01:13:28] He is about 75 years old and he supplements his income by driving for Uber eats and one other company. And so what he'll do is someone puts in an order for food somewhere. He'll go pick it up and then he'll drive it to where whoever wanted wanted, whoever ordered it. Now, there are. Pricing number of scams with this.
[01:13:55] So he's very careful about some of that orders, a cookie, for instance, because it's usually a bit of a scam anyways, we won't get into those, but I'll tell you what happened to him. His information was stolen online as it was probably yours. Mine I know was as well. So it's all stolen. What do you do? While in his case, what ended up happening is they managed to get into his email account.
[01:14:27] Once they're in his email account, they now had access to the emails he was getting from one of these companies. Now it wasn't the Uber eats guy. He was, there was another company. So let's just explain this a little bit. Uber eats sends him a request for him to go ahead and do a double. So, you know, go to the restaurant, pick it up and take it to this client's house.
[01:14:54] And in order for him to register, he had to register an email address. Now, of course, he uses the same email address for everything, all of the. Now, personally, that drives me a little bit insane, but that's what he does. And he has just a few passwords. Now. He writes them down a little book and heaven forbid he ever lose the book so that he can remember them.
[01:15:24] He just wants to keep his life simple. Right. He's 75. He's not technophobic, but you know, he's not up on all of this stuff. What he found was a paycheck didn't show. And it was an $800 paycheck. We're talking about real money that he should have had in his. It didn't show up. So he calls up the company and says what happened to my paycheck and their record show?
[01:15:53] Yes, indeed. It had been paid. We paid you, we deposited right into your account. Just like you asked. Yeah. You know, ACH into the account. Great. Wonderful. What had happened is bad guys had gone, gained control of his email address and use that now. Because they figured, well, I see some emails in his account from this food delivery service, so, well, let's try and see if this email address that we're looking at right now.
[01:16:26] All of his emails let's look and see. Okay. Yeah. Same. Email address and same password as a used ad at this email address. Yeah, it worked. Okay. Great. So now we have access to this guys food delivery account. So they changed. The bank account number now, easy enough to confirm, right. They change it and send you an email.
[01:16:54] Hey, I want to make sure that it was you until the bad guys, the hackers click out, yada yada. Yeah, it was me and then delete the email. So he doesn't see it. And now his $800 paycheck. In fact, I think there were a couple of different checks is deposited directly into the bad guy's bank account and. The money of course is transferred out pretty quickly.
[01:17:18] Now the, that guys, these hackers are using what are called mules. You might be familiar with that in the drug trade. They'll have a third party deliver the drugs just to mule. They don't know what all is going on. They probably know the delivering drugs in this case, most of the meals are useful idiots of which there are many in this country.
[01:17:43] Unfortunate. Uh, political and otherwise. And these people are convinced that all they need to do is transfer the money into this account so that the hackers can then pull it out. And you know, now they're going to take care of their grandmother who is stuck in the hospital and they have no way to pay for it.
[01:18:07] And they can't transfer the money out of the country during. That's one of the stories they use for people. And in many cases, these meals know what they're doing. The FBI earlier this year arrested a whole group of mules out in California that were purposefully transferring the money. They knew what they were doing.
[01:18:28] So his money was now out of the country. No way to get it. And this food delivery company was not about to pay him. So it, isn't just the big guys it's you and me as well. So what I want to talk about right now is multi-factor authentication. Now. You guys are the best and brightest. I hope you understand this.
[01:18:54] If you have questions, please reach out to me. I am more than glad to send you some good material on this. Just me. M E add Craig peterson.com. I am here to help. So. What multi-factor authentication does is allows you to not just log in by using an email address and a password, or maybe a username and a password.
[01:19:21] Which is much better by the way. I don't like it. When sites require an email address to log in. Although as you know, I use multiple email addresses and I think you should as well, a different email address for every site out there beyond question, you should be doing that. So anyways, this is. You should be doing with multifactor authentication, they will have you put in your email address, have you put in your password and then they'll do something that is supposedly something you have.
[01:19:56] So the best security is something, you know, along with something you physically have. So in most cases, they'll use two factor authentication by sending you a text message with a code. And then you type in that usually six digit code and now you're in, and it only does that. If it doesn't recognize the browser, are you using or in many cases, have it needs to be a little more secure that it's only good for 24 hours or maybe a week?
[01:20:26] That is not good enough. You should be using a code generator. Google has one for free, but I want you guys to use something called one password. That's the digit one past. You'll find it online. You'll find it in all the app stores. It is what we use for the most part. It's great for families. And it's great for businesses because you can have different vaults and you can share them and control access.
[01:20:58] Now there's a couple of reasons why that we're talking about multi-factor authentication right now. So the first reason kind of the biggest reason is you can use it for generating password. Fairly random ones or fairly memorable ones. And then when you go to a site, one password can pop up and give you the password for the site.
[01:21:22] So you don't even have to look it up. You don't have to remember it. You don't have to look it up. Isn't that phenomenal. And then it also has built into it. Token this, this, uh, six digit key generator. I'm trying to keep this simple. So you can then use that for the site. So it says, okay, so, uh, what's the code go to your, your code generator.
[01:21:47] So you just go to one password. There it is. Copy it and paste it right in. And you're in that alone would have prevented my buddy's account from getting there. It's that simple, one more thing that you want to use one password. And that is those questions that you're asked to verify. It's you many sites out there banks are really big into this and I don't get it cause it's not very good in most cases.
[01:22:16] So they'll ask you things like where were you born? What's your mother's maiden name? Where did you go on your first day too? What was the car that you owned first or, you know, your dog's name, et cetera. The reason, those things are so bad is because the hackers can go online, look at your social media and figure out the answers to a lot of those questions.
[01:22:42] Right? Bad, bad, bad, bad, bad. So what you should be doing is using one password and it allows you to put notes pretty much anything you want to in the record for that website. So you go to the website and you log in, create your account right. To log in. So you're going to give it your, probably your email address, which is a bad idea, but that's, what's required.
[01:23:11] Use one pass. To generate a strong password for you that you'll put in. You'll use one password. Hopefully they have multi factor authentication that allows you to use one of these code generators. Uh, Google has theirs is called Google authenticator, and one password is compatible with that. Microsoft has done.
[01:23:35] Own thing. And it's not compatible with almost any website online. So don't use a Microsoft authenticator other than for Microsoft products, like using the, a windows 365 thing that they have, uh, does use Microsoft authenticator, but you can also use the Google one and the one password one, and then in the notes section, make up answers to the questions.
[01:24:01] So it asks you, what was your mother's maiden? And say something different, like, uh, in security, where D was your high school? It was name of elementary school. Make something up on streaming. Okay. Use random answers. Record them in one password. You're going to have to look them up. If you ever on the phone with the bank or whomever, because you're not going to remember them, but that's good because they don't appear in your.
[01:24:32] Social media anywhere and they don't appear anywhere else other than your secured encrypted one password fault. Thanks for being with us. I appreciate you guys listening and you can find all of this. I'm going to turn all of these and did a little mini courses here over the next few weeks, and there's only one way you're going to get it.
[01:24:55] And that is by being on my email list. Craig peterson.com/subscribe. Go there right now. Craig peterson.com/subscribe.