Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

Nov 5, 2021

If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email.

[Automated transcript follows]

[00:00:16] Email is something that we've had for a long time.

[00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control.

[00:00:46] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and it gets sort of almost all of the fishing and a lot of the spam and other things that are coming.

[00:01:09] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it.

[00:01:34] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp.

[00:01:55] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail.

[00:02:20] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account.

[00:02:42] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular.

[00:03:10] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature.

[00:03:30] This lets you create random email addresses and those email addresses. And up in your regular, uh, or, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing.

[00:03:57] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I that doesn't tell anybody. Who you are, and you can put a label in there.

[00:04:21] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an

[00:04:45] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, and it's supposedly from bank of America, you instantly know that is spam.

[00:05:23] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it.

[00:05:53] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an and now emails that Libson wants to send me. I'll go to Craig. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right.

[00:06:28] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out.

[00:06:55] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy.

[00:07:17] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at is Firefox.

[00:07:37] Have a And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there.

[00:07:57] And then if you're interested, by the way, just send an email to me, me. Craig Please use that email address because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail.

[00:08:22] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage.

[00:08:45] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man.

[00:09:12] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail.

[00:09:35] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's Don't send anything. That is confidential on this.

[00:09:57] Don't include any credit card numbers, nothing. Okay. But will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool.

[00:10:22] It's quite simple. So I'm right there right now. And I said, okay, give me email address. So gave me one. Is this temporary email, so you can copy that address. Then you can come back into again, and read your email for a certain period of time. So it is free.

[00:10:48] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts.

[00:11:12] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig Make sure you subscribe to my newsletter.

[00:11:25] Well, you've all heard is up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed?

[00:11:42] Ransomware is terrible. It's crazy. Much of it comes in via email.

[00:11:49] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record.

[00:12:21] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year.

[00:12:50] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your.

[00:13:27] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case.

[00:13:55] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't productively like some friend, right. And you can go ahead and send them an email with a link in it.

[00:14:20] And they click the link and it installs ransomware and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig But this article goes through. What are some of the steps it's by Daniel Clayton?

[00:14:48] It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. You might want to check it out, but he's got a nice little list here of things that you want to do.

[00:15:13] So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving.

[00:15:47] And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years.

[00:16:27] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, and. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware.

[00:16:50] They had to shut down globally for. Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything.

[00:17:14] One of the ladies in one of my mastermind groups basically said that, right? Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling.

[00:17:37] So he was just kind of freaking out for good. But I explained, okay, so here's what you do. And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it.

[00:18:03] Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants.

[00:18:29] Turn it off one or more systems. I might've gotten ransomware. And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every.

[00:18:56] Not just pull the plug. I w I'm talking about the ethernet cable, right? Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has.

[00:19:18] Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense.

[00:19:40] You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing.

[00:20:00] You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away.

[00:20:25] But you got to figure that out. There's no one size fits all for all of this. At over $11,000 for an individual ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig and get my newsletter along with all of the free trainings.

[00:20:52] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of clever.

[00:21:08] By now you must've seen if not used QR codes.

[00:21:12] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using.

[00:21:35] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows.

[00:22:02] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day.

[00:22:39] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered?

[00:23:01] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now.

[00:23:26] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments.

[00:24:01] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code.

[00:24:26] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes.

[00:24:58] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all.

[00:25:21] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right?

[00:25:43] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to.

[00:26:15] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much.

[00:26:39] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code.

[00:27:05] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll?

[00:27:24] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe.

[00:27:50] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit.

[00:28:14] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations.

[00:28:43] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff.

[00:29:03] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my

[00:29:35] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we've started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right.

[00:30:07] Home users, small businesses, but you got to get the email first, Craig and signup.

[00:30:14] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why.

[00:30:31] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush.

[00:30:43] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down.

[00:31:13] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people.

[00:31:37] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with.

[00:31:57] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do.

[00:32:20] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center.

[00:32:39] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States.

[00:33:06] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano.

[00:33:38] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean?

[00:33:59] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas.

[00:34:25] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater.

[00:34:48] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out.

[00:35:11] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site.

[00:35:38] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem.

[00:35:57] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity.

[00:36:29] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens quite frequently. Where are we going to get our power? We have to get it from the same way we always have from maybe some, uh, some old hydro dams. Right. But really we got to start paying a lot more attention to nuclear.

[00:36:53] I saw a couple of more nuclear licenses were issued for these six gen nuclear plants that are green people. They are green, but back to our lithium mine. They're producing cobalt and nickel as well as the lithium. And they are ruined this to land, water, wildlife, and. Yeah. Yeah, absolutely. Uh, we have had wars over gold and oil before and now we're looking at minerals.

[00:37:27] In fact, there's a race underway between the United States, China, Europe, Russia, and others, looking for economic and technological dominance for decades to come by grabbing many of these precious minerals. So let's get into this a little bit further here. Okay. So they're trying to do good, but really they're not green.

[00:37:53] They're they're not doing good. And this is causing friction. Okay. Um, first three months of this year, us lithium miners raise nearly three and a half billion dollars from wall street, seven times the amount raised in the last six months or 36 months. Yeah, huge. Money's going into it. Okay. They're going after lithium from California's largest leak, the Salton sea.

[00:38:23] Yeah. Yeah. So they're going to use specially coded beads to extract lithium salt from the hot liquid pumped up from an aquifer more than 4,000 feet below the surface. Hmm. Sounds like drilling aren't they anti drilling to the self-contained systems connected to geothermal power plants generating emission free electricity.

[00:38:44] Oh, that's right. They don't have a problem with the ring of fire in California with earthquakes and things. Right. Ah, yeah. Drilling on that and using the, the, uh, It's not going to be a problem. Uh, so, um, yeah, so that you're hoping to generate revenue needed to restore the lake fouled by toxic runoff from area farms for decades.

[00:39:08] So they're looking to do more here. Lithium brine, Arkansas, Nevada, North Dakota, as I mentioned already, Maine. Uh, they're using it in every car that's out there, smartphones, et cetera. Uh, the us has some of the world's largest reserves, which is, I guess, a very good thing. Right? A silver peak mine in Nevada is producing 5,000 tons a year, which is less than 2% of the world's supply.

[00:39:40] Uh, this is just absolutely amazing going through this. Okay. Um, I know bomb administration official, Ben Steinberg said right now, China decided to cut off the U S for a variety of reasons. We're in trouble. Yeah. You think. Uh, the another thing here in the New York times article is from this rancher and it's a bit of a problem.

[00:40:06] He's got 500 cows and calves. Roaming is 50,000 acres and Nevada's high desert is going to have to start buying feed for. This local, mine's going to reach about 370 feet. Uh, here's another kind of interesting thing. This mine one mine is going to consume 3,200 gallons of water. Per minute. Yeah. In, in Baron Nevada, I I'm looking at a picture of this and it is just dead sagebrush.

[00:40:37] Oh my gosh. So they're expecting the water table will drop at least 12 feet. They're going to be producing 66,000 tons of battery grade, lithium carbonate a year. But, uh, here we go. They're digging out this mountain side and they're using 5,800 tons of so FERC acid per day. Yeah. They're mixing clay dug out from the ma from the Mount side with 5,800 tons of clay of sulfuric acid.

[00:41:10] I should say every day, they're also consuming 354 million cubic yards. Of mining waste. I'm not consuming creating 354 million cubic yards of mining waste loaded with, uh, discharged from this sulfuric acid treatment and may contain. Modest amounts of radioactive uranium. That's according to the permit documents, they're expecting it'll degrade quote unquote 5,000 acres of winter range used by the antelope herd, the habitat of the Sage groves nesting areas for Eagles.

[00:41:48] It just goes on and on. It is not. BLM is not, of course stumbled the bureau of land management, but I guess both PLMs are not, and this is a real problem and the tribes are trying to stop it. The farmers are trying to stop it, but Hey, California needs more lithium batteries for their electric cars.

[00:42:10] They're electric lawn mowers, leaf blowers, et cetera. So we've got to get that lithium. We've got to get it right away, uh, in order for their green appetite in. Hey get some sanity. Craig Sign up for my newsletter right now.

[00:42:28] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next.

[00:42:44] The next thing to look for when it comes to the emails and these fake log-in pages is a spelling mistake or grammatical errors.

[00:42:56] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the, the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. Right. That's why I use Grammarly.

[00:43:17] If you have to ever write anything or which includes anything from an email or a document, uh, you, you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, I guess, to the hackers out there, but the hackers will often use a URL that is very close to.

[00:43:41] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be a or a TD bank dash. Um,, something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well.

[00:44:16] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Uh, make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website.

[00:44:38] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security number. So I can validate the someone broke into your account. No, no, no, no, no, they don't. They don't just call you up like that nowadays. They'll send you a message in their app.

[00:44:55] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone now. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as you know, it not what's in the email and.

[00:45:32] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link.

[00:45:57] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left of your. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have not opened them in a while.

[00:46:25] And then I will drop you off the list. Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track who responded to.

[00:46:53] And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. Right. And I know I need to respond to.

[00:47:13] Well much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute.

[00:47:37] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake login. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious.

[00:48:13] So double-check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet.

[00:48:40] You might've noticed. There's a. And people might've told you do check for the lock. Well, that lock does not mean that you are saying. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right?

[00:49:07] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. Maybe secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail.

[00:49:32] So double-check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, you know, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing.

[00:49:51] If you go to Craig, for instance, it's going to say. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig It's not going to give a business name like it would probably do for a bank.

[00:50:17] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get.

[00:50:56] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time.

[00:51:26] Get an authorization. App like one password for instance, and you shouldn't be using one password anyways, for all of your password. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication.

[00:51:43] I've been warning about biometric databases. And I, I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks?

[00:52:00] Well, this " Clear"company uses biometrics. It's using your eye. Brent, if you will, it's using your Iris.

[00:52:08] Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. Right on through, but the problem here is that we're talking about biometrics.

[00:52:30] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, right.

[00:53:00] And it's impossible to replace your fingerprints. It's possible to replace your face print. Well, I guess you could, to a degree or another, right. Some fat injections or other things. Could it be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any.

[00:53:27] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves, or do any database at all. They are stored only on the device itself. And they're in this wonderful little piece of electronics that cannot be physically compromised.

[00:53:56] And to date has not been electronically compromised either. They've done a very, very good. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing.

[00:54:27] The office of personnel. Uh, for the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Uh, copies of all of the information that the officer personnel management had about people, including background checks and things.

[00:54:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan.

[00:55:19] We left in a hurry. We did some incredibly stupid things. I just, I can't believe a president of the United States would do what was done here. And now it's been coming out that president Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there.

[00:55:46] You have to limit your troops to this. And that's what causes them to close the airbase bog that we had had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half.

[00:56:05] Uh, it's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database.

[00:56:40] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military, and basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality.

[00:57:13] Uh, date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number, place of ISS. Date of ISS native language salary. Date of salary, group of salary, police of salary education.

[00:57:38] Father's named graduation date kind of weapon. And service number. These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers. The United States were paying the salaries of the Afghan military for quite some time.

[00:58:06] And we were thinking that about half of the. Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff.

[00:58:33] In the database, 36 pieces of information, just for police recruitment. Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the Teleman, the looking for the networks of their Poland supporters.

[00:59:07] This is just absolutely amazing. So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay.

[00:59:31] You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. And this whole hide thing was a biometric reader. Well, the military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, you know, they're friendly, they're an informant.

[01:00:08] Or we found them in this area or w you know, we're watching them. We have concerned about them, et cetera, et cetera. Right. All of their actions were in. Well turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that that a lot of this information cannot be easily extracted.

[01:00:40] So you're not going to get some regular run of the mill Taliban guide to pick one of these up and start using. But, uh, the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to bin Ladin and also Iran and China and Russia.

[01:01:13] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Faye on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse.

[01:01:38] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says, uh, not so fast. The Taliban may have used biometric information in the Coon dues attack. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul provided them.

[01:02:11] With databases as a military personnel against which they could verify prints. In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases.

[01:02:39] They are biometric. Many of these, they have geological information. They have information that can be used to round up and track down people. I'm not going to mention world war two, and I'm not going to mention what happened with the government before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan.

[01:03:13] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting new day. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out.

[01:03:50] Craig Craig Here I am. Cybersecurity strategist and available to you.