Live Blissed Out

042 - Cyber Security

June 23, 2020 Marisa Huston & Clint Larson Episode 42
Live Blissed Out
042 - Cyber Security
Show Notes Transcript Chapter Markers

Joining me is Clint Larson, Director of Information Technology at 303 Tech.

Clint has grown up in the IT industry, working on computers in one form or another for more than 30 years.

The goal at 303tech is to help you meet your IT needs in a cost-effective and efficient manner so you can spend time focusing on what really matters.

They are a recognized Microsoft Partner serving clients across the nation, from single user companies to organizations of up to 250 users.

They specialize in Office 365 integration and migration, as well as attentive desktop support, enabling you to establish an IT infrastructure that supports and enhances your business operations.

To find out how Cloud services have changed the business world visit https://303tech.com

In this episode we will cover:

  • Difference Between Hacking & Scamming
  • Prevalence
  • Most Popular Threat
  • 3 Basic Email Rules
  • Signs
  • Email Security
  • Passwords
  • Colorado Bureau Of Investigations

Thanks so much for tuning in again this week. I appreciate you 🙂

Have some feedback you’d like to share? Leave a note in the Feedback section.

Special thanks to Clint Larson for being on the show.

Searching for a minimal, versatile, handheld tripod? Look no further! SwitchPod works with any camera, from a phone to a DSLR, and simplifies video making. SwitchPod is lightweight, compact, and nearly indestructible. It will save you time between shots so you can focus more on shooting and less on messing with your gear. Click on this Switchpod link to let them know I sent you and help support the show.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Support the show 

So long for now and remember to keep moving forward!

Also, don’t forget to Subscribe for FREE: Apple Podcasts | Android 

Marisa Huston: This is Episode 42 on the Live Blissed Out Podcast. Did you know that hacking attempts are typically registered every 39 seconds? Unsecured usernames and weak passwords are two contributors. Hello, action takers! Welcome to Live Blissed Out. A podcast where I have authentic conversations with business owners and subject matter experts to help us get the scoop, the 411 and the low down on a variety of topics. Tired of hesitating or making decisions without having the big picture? Wanna be in the know? Then this is the place to go. I'm your host, Marisa Huston. Helping achieve bliss through awareness and action. Thanks for joining me. The information opinions and recommendations presented in this podcast are for general information only, and any reliance on the information provided in this podcast is done at your own risk. This podcast should not be considered professional advice. Sending a Ko-Fi mugshot shout out to Julie K. in Lone Tree, Colorado. Thanks for filling my coffee cup, Julie, and being such a cool bean. If you'd like to help keep me fueled head over to  www.liveblissedout.com and click on the Caffeinate Me tab to give me a boost and redeem your bonus as a thank you for supporting the show. Joining me is Clint Larson, Director of Information Technology at 303tech. Clint has grown up in the it industry, working on computers in one form or another for more than 30 years. The goal of 303tech is to help you meet your IT needs in a cost effective and efficient manner, so you can spend time focusing on what really matters. They are a recognized Microsoft partner, serving clients across the nation from single user companies to organizations of up to 250 users. They specialize in Office365 integration and migration, as well as attentive, desktop support, enabling you to establish an IT infrastructure that supports and enhances your business operations. To find out how cloud services have changed the business world, visit www.303tech.com. Searching for a minimal versatile handheld tripod? Look, no further. Switchpod works with any camera from a phone to a DSLR and simplifies video making. Switchpod is lightweight, compact, and nearly indestructible. It will save you time between shots so you can focus more on shooting and less on messing with your gear. Just head over to the partners tab at  www.liveblissedout.com and  click on the Switchpod link to let them know I sent you and help support the show. Hey Clint. Thanks for being here. Appreciate having you on the show. 

Clint Larson: Thanks Marisa, for having us. 

Marisa Huston: I'm looking forward to talking to you today about cyber security, because I know it's a topic that a lot of people are confused about and want to learn about, given the fact that we use a lot of technology today.

What exactly is the difference between hacking and scamming? 

Clint Larson: Glad you asked. Hacking, you really don't have a whole lot of control over. It's like sitting your computer down connected to the internet, and then they, the bad guys, the bad actors, they hack through your internet provider, your firewalls, your computer system. That's how they get in is hacking. That's why it's called hacking. They dig through and get access. So you don't have to do anything and I can still get access to your computer. Now, scamming on the other hand typically requires you to do something, whether it's clicking on a link in an email, whether it's opening an attachment in email, whether it's replying to a text, whether it's calling a phone number that pops up on your screen. That's typically where scamming is, is because you have to do something in order to get connected with the bad guys. And so scamming is a lot more prevalent these days than actual hacking. 

Marisa Huston: Hacking is more like somebody getting in a back door and proactively getting into your computer on their own without you necessarily doing anything. Whereas with scamming, you're giving them an entry. You're almost like giving them a passage and the way they get to that is through an email or some source that you click on that enables them to get in. 

Clint Larson: Exactly.

Marisa Huston: In today's world then, do you feel like this is getting more prevalent? 

Clint Larson: The hacking part isn't as prevalent as it used to be, just because there's a number of pieces that people have to go through. They have to go through your internet providers, firewall. They have to get through your desktop firewall. There's passwords. There's all kinds of additional security measures. I mean, that's why we have updates to our operating system or updates to programs because they found a vulnerability. And so actual hacking is a lot harder to do for a lot of people and so they typically don't do it. Whereas scamming or fishing is more easily accessible because they prey on human nature. We're curious. So when we get an email that says, hey, you've been charged $250 for this item, click here to verify. We as a human being, look at that email and go, well, I didn't charge that. What in the heck are they talking about? So we want to click on that link to see what they're talking about. And that's exactly what they want us to do is click on that link because we really weren't charged. And if we were charged and it was fraudulent, we can call a credit card company and say, hey, look, that was a fraudulent charge and they'll take care of it. But we think that we need to address it, right this instance. So the second I get the email, I need to click on that link and we really don't. And so those types of socially engineered attacks or phishing or scams, they are a lot more prevalent and they're getting a lot more sophisticated these days. 

Marisa Huston: And as you mentioned, it's instinctual. I think that it's just so easy to check because you're absolutely right. You're saying to yourself, This couldn't have happened. So let me see. And then you click rather than pausing thinking about it and going, wait a minute. This does not sound right. Let me call the source. Let me call my credit card company or my bank or whoever else might be involved first to find out if this is legitimate before I take action. And I think that's a distinction. 

Clint Larson: Yes, it is.

Marisa Huston: What do you feel are the most popular types of security threats that we're  dealing with today? 

Clint Larson: It all comes down to compromising somebody's email account. So I'm going to get your email and their password. And a lot of people are like, well, why does that matter? Who cares? They see that I email my friends. They don't think about what happens next. We work with Colorado Bureau of Investigations on helping our customers recover from attacks or email that they've sent out or money that they've sent out and they trained us. We're just gonna take a quick scenario here. So we're going to have Joe, who's a recent widower. He's lonely. And one day he receives a text on his phone. The text on his phone says, you know, sorry for your loss. If you'd like to talk about it, send me an email here. It gives them an email address. Well, it's just an email, right? So he emails and finds out that this girl's name's Jen and she just has a conversation with him about life in general. I mean, everything's innocent. Everything looks legitimate. Well then a few days past, maybe a week or so. And all of a sudden, Jen needs help. She's $50 short on rent. Joe, can you please just help me? Send me a gift card or something so that I can pay for rent or buy food for my kids or whatever. So he's a nice guy. He wants to help her out. She's a nice girl. He knows that she's real because she sent him pictures and videos. So he sends her $50. Well, a couple of days later, now it's a hundred dollars a few more days later at a thousand dollars. And Joe might be getting a little bit worried, maybe not because he enjoys talking to Jen and pretty soon, Joe doesn't have any more money in his bank account. It's been wiped out...savings, checking everything. He doesn't have any more money. He tells Jen. I'm sorry. I don't have anything. I'm wiped out. Have to wait for my social security check to come in. So she says, that's fine. I tell you what, when that social security check comes in, I want you to go open up a new bank account for me and send me the information. So then I can send you some money, Joe. Now, Joe is excited. She's going to send him some money. Well, a few weeks past he gets the check, gives the account information over to Jen and then she changes it so only she has access. Joe no longer has access. And now she, Jen, uses that account that Joe set up to start transferring fraudulent funds through that account. Joe has no idea. Hundreds of thousands of dollars, millions of dollars start going through that account. And Joe doesn't have a clue, until the FBI show up on his doorstep, that account gets closed. He gets thrown in jail for wire fraud, even though he had nothing to do with it, all they did was set up the account. And this kind of activity you would think, okay, that doesn't happen very often. That's farfetched. Whatever you want. But the Colorado Bureau of investigation, they deal with this stuff all the time. These types of people are called Money Mules. They set up accounts, they're unwittingly used by these people to set up these accounts because you have to be here in person now to set up an account. They transfer this money in and out, so they will scam somebody. And the way they're scamming people is they will take a business's email account. They compromise it. I know what I mean by compromises, they get the email address and the password to that particular email account. And then they'll sit on it. These bad actors, bad people will sit on it for days, weeks, even months watching what's going on waiting until there's a financial transaction that's about to take place. Then they will redirect the emails to them, have that money redirected instead of to the business's account, to one of these money mule accounts. So then the money gets diverted to this account as soon as it hits the account and they transfer the money out of the country. So, this is the most prevalent attack that has been going on that I've seen in several years. And it's so easy to manipulate these people and they tend to be praying on the elderly to get them to set up these money mule accounts and it's really sad because the more that we can educate not only our customers, but then have them talk to their parents and their parents' parents. I mean talk to it generationally because it only takes a little bit of time for these people to manipulate somebody into setting up an account for them, Marisa. 

Marisa Huston: This is just the particular scenario that we're dealing with. What are some best practices or things that we can do, given the fact that we use technology every day? What are some habits that we can start to incorporate to make us aware so that we can avoid being victimized?

Clint Larson: Let's just start with this, the email stuff. So any email and I kind of have three basic rules on email. The number one rule is, are you expecting this email? I don't care if it's from your best friend. I don't care if it's from your bank. I don't care if it's from your boss, are you expecting this email? That's rule number one. Number two, does this email sound like something that they would typically send you? Because a lot of times when these people generate these emails, it's broken English, they don't have the correct conjugation of verbs. They don't have the correct sentence structure. And it sounds a little off. I mean, that's a huge red flag. And then are they asking you to do something with urgency, click on this link now, open up this invoice. Oh my gosh, there's a been a problem. You've got to take care of this right away. So those are kind of my three things. And if you kind of follow those three rules, it'll really help you sift through a lot of the garbage and recognize right away. Hey, this is something that's bad. And if you recognize it as bad, don't even read the rest of the email, don't even worry about anything else. It's bad. There's not anything in it. That's good. If there's any one part that's bad, those are kind of the email side of things. The other side would be to talk to your friends and your family and your parents and your aunts and uncles, or whoever about online friends. I mean, it's not just kids. I'm a father of five kids, but I used to worry about how my kids were actually interacting online. Well, now I need to worry about how my mom, who's older is interacting online. Does she interact with people online that she's never met? That's a problem if they are so be careful with those types of things.

Marisa Huston: I know that all of us have at one point or another received an email, just like you described. And I think one of the other things to look at is the address that it comes from. Cause a lot of times they copy the images so well that it looks legitimate, but then when you dig deep into it, as you mentioned in the language, but also the source you'll realize that the email source that it's coming from does not sound like it came from the actual place that it's supposed to be coming from. So it's those little things that you mentioned along with just verifying the source before you even bothered to do anything with the information don't click on it. Don't read it. If you're questioning whether or not  it's legitimate, just look at the source and then go ahead and contact the people that you think are going to be able to answer those questions for you and verify. And I personally have had situations where it looks so real, but I know better than to click on it and I call the source and they confirm that these were not legitimate emails and to just delete them. 

Clint Larson: You brought up a couple points. I mean, number one, people for whatever reason are afraid to pick up the phone and call anytime there's a money transaction, in my opinion, you ought to pick up and call. Hey, if you're going to wire me money, pick up and call the source. The other thing that you mentioned was where it's coming from. And I used to have that in high regard as to where it's coming from, but there's so many email accounts that have been compromised and people don't even know it. So that from email address is going to probably be an legitimate email account from whoever, but you still can't trust that anymore because they can direct the emails that are coming from you to you, whatever and that person still is getting emails from everybody else, but your emails are not getting redirected to somebody else just because of the way that the rules can be created. So even if that from line is absolutely perfect, still don't trust the email. 

Marisa Huston: That's a really good point. If you see right off the bat that the email seem suspicious, then that's kind of a red flag right there. But even if it does come from the right source, if the email itself, the nature of what is being asked sounds suspicious then when, in doubt, always call whoever your bank is or your credit card company, or whoever needs to be notified first to confirm before you do anything with that information, correct?

Clint Larson: Absolutely. 

Marisa Huston: Let's say that you're plugging along on your laptop, everything seems fine. A lot of times we don't even know that somebody either has access to our computer or that we've been scammed. So what are some signs? Are there things that will be able to tell us, whether or not our computer is safe to work on?

Clint Larson: On a compromised email account it's pretty difficult to tell. For business accounts we're recommending what's called multifactor authentication. So even if you get my email and my password, If you try to log in through the portal or through another computer, it's going to come back and say, Hey, what's the pin code. We just texted you on your phone or that we sent to your alternate email accounts. So it becomes harder for people to compromise your email account. But if you don't have that set up, you may not know for a long time that you have a compromised email account. But some of the things you can look for is mails that you know, that you've received all of a sudden don't show up in your inbox or they've disappeared, or people that you correspond on a regular basis, those emails don't seem to be showing up in your inbox anymore. If you're we're about ready to close on a house and you're talking about financial information and all of a sudden that person doesn't seem to be responding as quickly as they were. That could also be signs. I mean, it's really hard to determine that because we get so much email all the time, every day. So it's important to stay diligent on that. Make sure that your inboxes are cleaned up, make sure you know who you're corresponding with because they can get passed to you. I mean, I have a company that they got past them for months, and I finally had a financial transaction start happen [00:15:00] and all of a sudden, they didn't talk to 'em anymore. And nobody said anything for a week. And then finally somebody picked up the phone and said, hey, did you get that money that I wired to you? Well, no, we didn't. We didn't know that you were doing anything. Well, I've been getting emails from you all week long and I transferred it to this account number. Well, that's not our account number, so don't be afraid to pick up the phone and call somebody, I guess that's the bottom line. 

Marisa Huston: And when you say secure your email, exactly how do you do that? Is that a piece of software that you get? Is that something special that you have to install on your computer?

Clint Larson: Depending on who you are using for your email provider, you may have to install additional software. Most larger email providers have these secondary security mechanisms already built into their platform. I know Google does. I know Microsoft does. Apple with their big security piece, I'm sure they do it. So you just need to talk to somebody whoever's providing you your email and ask them if they have this multifactor authentication. And if so, how do they get it enabled on their accounts? 

Marisa Huston: So let's say that after listening to this, they discover that I think that my security has indeed been compromised. Some of the signs that Clint was mentioning, apply to me. And so I need to do something to make sure that my computer is secure. What are some things they need to do if they find that their security on their computer has been compromised? 

Clint Larson: Number one, change your password. Make sure that you don't use the same password for multiple accounts. Once you change some of these passwords, make sure the, uh, secondary information, in other words, if I'm resetting my password, is it going to text me? Is that phone number correct? Is my secondary email account, correct? The number one thing is to change your password and then kind of go from there. 

Marisa Huston: So always keeping your password updated, changed, secure is one of the best practices that we can apply then to keeping our information safe. 

Clint Larson: Yup.

Marisa Huston: Well, this has been so educational, Clint!  Would you remind the listeners exactly how to get information about you and your company? 

Clint Larson: Yeah, they can go to our website, www. 303tech.com. So that's 303tech.com. Another place if they feel that they have been victimized or they are a victim of wire fraud is to go out to the Colorado Bureau of investigations website, which is www.reportwirefraud.com. That's kind of like their hotline. So you can submit this stuff there and somebody will be getting back to you very quickly. Most of the time, it's less than an hour when I submit stuff to them, but they have all kinds of resources on there for everybody. 

Marisa Huston: Thank you so much, Clint. This has really been helpful information. I appreciate you being on the show. 

Clint Larson: Thanks Marisa for having us. I hope this helps. 

Marisa Huston: That's all for this episode of Live Blissed Out. Thanks for listening and thanks to Clint Larson for being my guest. If you find value in our show, please visit  www.liveblissedout.com to reach out, subscribe and share on social media. This show is made possible through listeners like you. Thank you. So long for now and remember to keep [moving forward.

 

Difference Between Hacking & Scamming
Prevalence
Most Popular Threat
3 Basic Email Rules
Signs
Email Security
Passwords
Colorado Bureau Of Investigations