Cyber Savvy
A successful cyber-attack has taken your company off-line. The FBI and CISA have been contacted. What now? As you know, if this hasn’t already impacted your business (either directly or indirectly), it will.
How can you make yourself a harder target, mitigating against cyber-attacks? What does all the terminology mean and why does it matter? What happens if an attack is successful?
Join DTC, Inc. as we outline, in a straight-forward manner, many of the issues surrounding cyber security which directly impact business owners. Our Cyber Savvy podcast episodes feature Mike Shelah as he brings in a new guest each month.
New episodes will be posted twice a month on the first and last Thursday, make sure to follow and subscribe wherever you listen to your podcasts, so you don't miss new content!
We would love to hear from you! Please send us your comments and questions to: AskUs@DTCtoday.com
Cyber Savvy
Identity Theft
Some cyber crimes are more relatable than others. Did you know that about 33% of people have been affected by identity theft crimes? Or that the majority of the exposures go unreported to law enforcement? On this episode of Cyber Savvy Mike and Andrew will be joined by a special guest that was recently affected by a compromise of their personal identifying information. Our guest will share their experience and some advisable steps they took to protect their personal data from this and future attacks.
Andrew Rose began a cybersecurity awareness program in 2016 while at a major agricultural bank after recognizing that the ag sector wasn’t getting the attention it needed about the risks posed by cybercriminals and other adversaries. He helped coordinate several symposiums and events focusing on the topic. He is now an independent contractor and volunteers his time to bringing cybersecurity awareness, education, mitigation, and response to the ag and food supply chain (and other special projects). His focus is on mitigating emerging threats. In addition to his experience in cybersecurity, he has a deep understanding of banking/finance, risk management, and other professional service sectors related to food, agriculture, and climate.
Michael Urbanik is an Account Executive with R.K Tongue Co., Inc. and is licensed in both Life & Health and Property & Casualty Insurance. He has experience working with both large and middle market commercial clients. He enjoys helping his clients understand the risks they face and develop cost effective plans to successfully mitigate and transfer these risks.
Did you enjoy today’s episode? Personal experience to share? We here at DTC, Inc. would love to hear from you! Please email us your comments and questions at AskUs@DTCtoday.com.
On the next episode of Cyber Savvy our hosts will dive into data breaches and the ripple affect they can have. Mike and Andrew will again be joined by a special guest to get into this important topic and discuss how businesses and owners can protect themselves before an attack.
Looking for more cybersecurity related content? Check out DTC’s blogspace to read more!
Want to hear more? Past episodes are all posted, including on YouTube! Follow and subscribe on your favorite podcast app to ensure you don’t miss out on the conversation!
[Intro Music]
[00:00:06 Andrew Rose] Welcome to Cyber Savvy. This podcast was created by DTC to bring awareness, mitigation, and response to cybersecurity threats companies and organizations face daily. Be prepared. Be Cyber Savvy.
Good morning, good afternoon, and good evening, depending upon where you are on the planet today and what time of day it is that you're listening to this podcast. My name is Andrew Rose, and I am your co-host for the Cyber Savvy Podcast. And today we're going to be talking about identity theft.
This is very hot topic right now in a multitude of ways. It's not only theft, but there are other aspects of the fraud that go along with it. We are very fortunate today to have not only Mike Urbanik from R.K. Tongue, who I’ll introduced the second, but we have an anonymous guest as well who has experienced firsthand identity theft, and she'll recount some of the things that occurred to her and some of the steps she took to mitigate against that. Also some fun facts that she can share with you about the experience as well.
But at this point, Mike, I'd like to turn the microphone over to you. Who are you and what is does R.K. Tongue do?
[00:01:13 Mike Urbanik] Thank you, Andrew. Again, my name is Mike Urbanik. I am an insurance agent with R.K. Tongue. We are an independent broker. Essentially, we work with clients to find carriers, insurance companies, to help them successfully transfer their business in risk that they deal with every day. We've been independent for over 100 years and proudly.
So, very happy to be here and talking about cyber security, cyber risk, and specifically identity theft and fraud. Obviously huge, huge issues in the industry and only-only becoming worse and worse. And I imagine many of our listeners today, their ears have probably perked up because statistically, pretty high chance that they have been a victim of identity theft or fraud.
[00:02:02 Andrew Rose] And also, I do want to add a note that our anonymous guest today was a victim of identity fraud. So, we're going to be interested to hear her perspective as well. But, Mike, I'll turn the microphone over to you and go for it.
[00:02:13 Mike Urbanik] Yeah, absolutely. And I'm also interested. I've had some minor cases, but from what I've heard, our anonymous guest had a much more wild experience than myself.
So, you know, as we talk about let's put some definitions out there, I'm going to divide this between theft and fraud. They're going to be two different things.
Theft is stealing Identification data from bank accounts, passports, birth certificates, social security, credit cards, debit cards, cell phone, driver's license. It is the actual collecting of other people's personal identifiable information.
So, if you, at your house have an Excel spreadsheet filled with all your neighbors, first name last name, addresses, bank accounts, you've committed identity theft. You're not supposed to have that information. It does not pertain with you. So, that is the crime in and of itself to seek out, collect and possess other people's personal identifiable information.
So, step one, if you've listened to any of our previous podcasts, we've talked about the myriad of ways people go about collecting this information. It can be from individuals. It can be through hitting corporations. This information's valuable and holding It is illegal and collecting it is illegal. So that is identity theft.
The second portion are pretty well related is the fraud portion. So, identity fraud is then using that identifiable information to open bank accounts, open fake credit cards, make false passports. Any type of official documentation, exploit Social Security, clone cell phones, you name it.
It's basically taking identifiable information that belongs to another real person, replicating it, duplicating it, or pretending to be that person and to commit crimes.
Typically, these are financial based crimes using their credit or their Social Security or their bank accounts to steal their money, make purchases on their behalf, you name it, but basically impersonating someone to commit crimes.
[00:04:21 Andrew Rose] And Mike, one thing I'll add to that. Sometimes when we talk to professionals, whether they're in the cybersecurity or the insurance world, they refer to that as PII. So, you might see that on, you know, a form or something like that. And that is that Personally Identifiable Information.
[00:04:38 Mike Urbanik] Yeah, absolutely.
So how big is identity theft? I was taking some look at some statistics, and I'm always a little hesitant to trust these statistics.
I think the reason why, we covered this in our previous podcast, is the vast majority of these crimes don't actually get reported. A lot of people just identify there's an issue, deal with them themselves, and never let any of these official government bodies know this event took place.
So, I've seen different takes on these numbers. Some of them say our statistical reports only capture 10% of what's actually happening out there. So, I think the numbers that we capture statistically are pretty big. And then just go ahead and imagine that this might only be 10% of what's actually occurring. So, quantifying and tracking these types of crimes is very difficult.
According to the 2023 Identitytheft.org, which is tied to the FTC, around 5.7 million cases were reported last year. Of those, 1.4 million were specific to identity theft and 2.7 million were specific to fraud. So, you know, those are significant numbers in and of themselves. That's a lot of crime. And then imagine if that's really only 10% of what's happening out there. So, it's a huge problem. Andrew It's a huge problem, so..
We've already talked about, it’s a big problem. How big is it in a dollar amount? We know the number of crimes or we think we know the number of crimes.
According to the FBI, total cybercrime losses last year were estimated to be 1.2 billion. Again, this is only an estimate because we don't have hard empirical facts because not everything is reported and this number is up from the previous year, 6.9 billion.
So, a huge number in and of itself. And then a huge jump year over year. And we've talked about this in some of our previous podcasts, but it just goes back to the message. It is the Internet of Things.
Everything we do is on a digital platform these days. You know, you might at one point given away your personal identifiable information to a tennis shoe company online or a defunct credit union, or maybe an online video game you played or a magazine subscription.
There are all these companies out there who collect information, and they are not necessarily the best stewards of this information. And maybe, maybe they had a leak. Maybe they didn't properly take care of their vaults of PII. And this makes it out into the world. So, this does happen pretty regularly.
A lot of companies will take great care of this information when they're active, let alone if they go out of business or they sell because, hey, that's no longer my problem. There's pretty savvy criminals out there who can sniff this stuff out and then boom, they have all the information they need to go ahead to open up some credit cards in your name.
So, these type of things are pretty easy. I mean, fraud is certainly not a new crime.
I'm going to say old crime, new tricks. You know, certainly there are people back in the day running around cashing big checks, moving from town to town, making false paperwork.
But I'm going to say you need kind of a skill set for that and some nuance. Today, you can probably just get this information and blanket all the credit card companies out there. Of course, there are mechanisms and measures that industry have put in place to prevent fraudulent activity, and we'll talk about that a little bit, but there are certainly a lot easier means to get this information and then attempt to commit fraud with it In today's digital era.
So that's why I think we see a huge job in this type of activity, in crime.
[00:08:26 Andrew Rose] And Mike, I'd like to add something there because I had the benefit of seeing the slide deck here. And if you look at the incidences of fraud, it is the proverbial hockey stick. It is spiking well beyond anything it has been in the past.
So, I think the ease which these miscreants are getting the information and then using it for fraudulent means is exponentially growing quickly. And then one other thing, too. You mentioned where you share information with a sneaker company.
A lot of people don't realize that they do have a legal form there and it's a little box you check saying you agree to the terms and conditions, or the end user licensing agreement called a EULA (End User License Agreement).
And in those EULA's sometimes is buried that if this company is ever sold or the assets go to someone else, that your information transfers to them. And in a sense, you have to legally given them the right to exploit your information for whatever purposes they want. I often equate that to the old adage that you never let a vampire into your house and oftentimes people are checking that box and letting the vampire into their personally identifiable information.
So, the fix there is to read all those legal documents carefully, see who the information is being shared with that I know that's going to get in the way of a lot of people wanting to access the sneakers or the app or whatever that thing is.
[00:09:47 Mike Urbanik] Yeah, we've certainly created a giant economy based on data, so there's no stopping it Andrew, and you know, if you want your data not to be out there, I think you might have to go live in a cave and go live off grid and make your own tennis shoes because that's just the world we live in.
These businesses are going to collect it to buy their product and they're going to use it to sell to other businesses because there's an entire marketplace surrounding that. And that's a whole other commentary. We're not talking about that. That's a smarter, wiser people than myself to understand and interpret.
But I'm just saying that these crimes are- have certainly benefited from that type of environment, your information getting out there into the public space. Without a doubt.
So, we've talked about how this type of crime is on the rise.
We've talked about some of the numbers behind it. And then interestingly enough, there are some figures going around, you know, who's affected and how much on an individual level. And I thought these were pretty interesting.
So, they say the median loss is typically around $500, which I thought was pretty low. I'm certain there's some whales in there where people get really taken pretty far. I'm sure there are some really petty crimes from my digging. The more the higher the fraudulent spends and more outlandish the activities are, the more likely they are to get caught.
But if they keep it pretty low and if you do any research here, they'll talk about how they might fish a credit card. They might use it once, see if anyone caught the fraudulent activity, they might do it a second time. Nope. Okay. So, two months have gone by, No one caught those. And then on that third time they've gone to Wal-Mart and they've bought $2,000 worth of electronics.
And that's typically the time that it might get noticed or it might not. And that's what some of these bad guys do. So, I bet there's an interesting analysis behind how you get to that median number.
But it looks like to me it is a large volume of small transactions is where these criminals typically profit. And then interestingly enough, the ages who are most victimized are between 30 and 39. So that's what I'm going to call the millennial age group, you know, the group that has grown up with the Internet, the ones who are supposed to be the most savvy. But I just think they were the earliest adopters. They put their information out on the Internet.
It's been circulated, tracked and abused the longest. And once it's out there, it's never going away. So, I just interpret that data as this is the age group that is the unsecured Internet the most and has their information taken and put out there.
So pretty interesting figures right there.
So how does identity theft happen?
I'll give a couple scenarios here and then I want to hear from our anonymous guest. But from my research and what we've seen, all of the mechanisms we've talked about in previous podcasts can be used to get a hold of this PII.
We've been saying it this whole time.
This personal identifiable information is valuable. Bad guys seek it out, and they will do all sorts of nefarious means to get it. Phishing, smishing fake websites, online scams, data breaches, malware, theft of actual paperwork, fake wifi networks purchasing it on the dark web.
There are numerous ways which bad guys can take your data. And again, what they're looking for is that PII and there's a market for them to sell it.
I've been lucky enough to work with some insurance carriers who have showed us photos of the dark web and you know, you can go online and it'll say, hey, for not a lot of money, maybe $500, would you like to purchase 2,000 first name, last name, home addresses and credit card numbers. And there is a secondary market for this information. So, market for the theft and market for the fraud.
And it exists. It's truly out there. And probably every time you hear about one of these big credit card companies or any of these banks or… shoot, Target or any large retailers getting hacked, that's the type of stuff they're going after. They're not going after probably corporate assets. They're going after this identifiable information that they've collected on their consumers.
So that's where we see this taking place.
I'm going to turn it over to our anonymous guest, and I want to hear your personal story of how you had your identity stolen and abused.
[00:14:12 Miss Anonymous Guest] Hello. I'm the anonymous guest for today, and I'm going to be going over the cyber-attacks that basically attacked the Louisiana DMV office.
So, it wasn't just an attack that happened specifically on that office. There was a broader cyber-attack that had hit dozens of companies and organizations. And the Louisiana DMV was just unfortunately, one of those victims that was attacked along the way.
So basically, these hackers exploited a vulnerability in a program called Move It, which is a managed file transfer software. And basically, they were able to get all of Louisiana residences, all their personal information if they were registered through the DMV.
So, if you have a driver's license that's out of the Louisiana state, they were able to get your information.
So, that's about 4.6 million people whose identity was basically stolen. Their name, their address, their Social Security number, their birth date, their height, their eye color, their vehicle registration information. All of these things were basically linked to these cyber attackers.
Now, they did say, I did read up and they did say that they don't believe that anything's been done with this information because they have not received any ransom. They haven't seen any movement with this. But that's not saying that some identities have not already been sold off on the dark Web.
So, of course, hearing this, I was like, oh, shoot, even though I live in Virginia now, I'm still registered as a Louisiana resident. My driver's license is still from Louisiana. So that means I am in that pool of people who had their stuff stolen. So, working in an I.T. company, I knew that I had to act really fast.
And apparently, I was the only one panicking because I did talk to my dad and I was like, “oh, my goodness, have you heard about this? Are you going to do something about this?” And he's like, “No.”
So, a lot of people don't take it as seriously, I guess, because for a lot of older people, I don't think they realize how anything that happens on the Internet is pretty real and can affect them. But for those of us who grew up with the Internet and have seen technology grow and evolve, we know how quickly this can turn for the worse.
So, what I did was I basically did my research on what steps needed to be taken in order to protect myself to the fullest.
And one of the first things that I did, which I didn't realize that I could do, I had to get in contact with all three major credit bureaus, which is Experian, Equifax, and TransUnion. And I could freeze my credit through all three of these. And I had no idea that I could do this until I actually began to research it once this attack happened.
So, I basically contacted all three. I was able to freeze my credit relatively easy so that no one could mess with my credit. No one could try to take out a loan under my name. No one could apply for any credit cards, anything like that.
And the second thing I did was I changed every single password that I could possibly think of, all my bank accounts, any account that had my card tied to it or my bank account, PayPal, Cash App, Venmo, Facebook, I changed all of my passwords and Andrew here was kind enough to give me a good idea to basically put commas in my password because how did you put it…
[00:17:57 Andrew Rose] So, when they did download your passwords and put it into an Excel spreadsheet, having a comma your password could separate the cells and invalidate that password usage. Now, certainly they're paying attention. They can rectify that. But as Mike said, if they're downloading 5000, 10,000 names and one password doesn't work, they're going to think someone's changed it.
[00:18:19 Miss Anonymous Guest] Correct, so that is what I did. I made sure there were commas in most all of my passwords just in case that were to happen. The next thing I did was I did and lock calls my credit cards and my cards, and I ordered new cards in case my old card numbers were already in the wrong hands. I wanted to make sure that I swapped that out as quickly as possible.
And then my last tip was to monitor any suspicious activity on my account. So, I am constantly keeping my eye on all of my cards, on my account, on my credit, making sure that there's no suspicious activity. No one's trying to take out a loans, no one's trying to get approved for something.
So I did write an article about my experience and the steps that I took to go through this. So, if you do go to DTCtoday.com com, and you go to the resources tab and hit blog, there is actually a blog called “Protecting Personal Information Louisiana DMV Cyber Attack”. And if you click on that, it will go into better detail about what I went through in the steps that you should take if something like this were to happen to you.
Because again, who doesn't have a driver's license right now? In this day and age? It can only happen to any state, to any person. So, I would recommend that you basically have a plan sought out. And if you're hearing this, I would go ahead and change my passwords.
Now, it's actually good for people to change their passwords every few weeks or so, every few months, because cyber-attacks are evolving and people can crack your passwords so quickly. So it's good to just go ahead and change it every so often, to just keep them on their toes and make it that much harder for them to get your personal info.
[00:20:02 Andrew Rose] That is awesome. I appreciate your sharing that with us some anonymous person. One other thing..
I actually had my identity stolen and how I found out about it was someone tried to file an unemployment claim using my information. And so I went through the steps that were outlined there, and I took the additional step of filing a police report. So, you can take your FTC report and give it to the police department and they will file that as well.
There is a time limit on these, so you will need to refresh your filings if indeed your information is still floating around out there and there are still people that are trying to access your information for malicious purposes. I think it was a year for the police report, if not maybe a few months, and that stayed in effect.
Mike, I'll turn the microphone back over to you.
[00:20:45 Mike Urbanik] Yeah, both of your stories are fascinating.
I mean, I also have been a victim of this. You know, I fall into that millennial age group where and when I had my information taken, I'm not sure…
Miss Anonymous Guest, I find it so interesting that you knew where yours got leak. You suspected. And my question to you is, how did you find out? Did someone from Louisiana let you know? Did you just happen to see a news article? Because I think a lot of people don't pick up on that. I would say the vast majority had no clue that some company they have been regularly using has been hit.
So how did you get lucky in finding that information?
[00:21:29 Miss Anonymous Guest] So, I'm an avid scroller. I love to browse Reddit and tech subreddits and it was something that popped up on there and I was like, Is this is this real? And then I went to my Twitter, and it was also trending on Twitter. And then I went to my Facebook, and I saw that other friends and family members of mine were also talking about this on Facebook.
And so, I was just a little taken aback, like, oh, my goodness, this is this is real. And I knew that I had to act quickly, of course, working here. But that's basically where I find out anything that happens. It's basically browsing Reddit.
[00:22:03 Mike Urbanik] The most verified news source there is out there. No I- And I'm going to say that's maybe some blind luck on your behalf that this got put up on your radar so quickly.
You know, for me, I have no idea where mine got leaked. I'm lying in bed one morning and my phone goes off and it says, “Hey, thank you for opening a Capital One credit account with us”. And of course, I have nothing against Capital One, but I do not bank with them. And I go, Great, you know what you want to see at 6:30 in the morning, your phone going off.
Luckily, I contacted Capital One, let them know it was not me. They advised me, “Hey, you need to call the credit bureaus.” They shut that account down. They gave me confirmation. And I've gone into that that credit monitoring phase and luckily nothing's come up.
But certainly, that's very hard for me to fight that. Like, yeah, I worked with the commercial entity, I contacted the credit bureaus to put my account on notice.
Unlike you, Andrew, I did not call the police. I support the police. I think they do great work every day. But my understanding in researching this is that they just do not have the means and tools necessary to track these criminals and bring them to justice. And, you know, I don't doubt that the criminals have that same understanding and that's one of the big reasons why we see this type of crime on the rise is it's hard to get your hands around it.
It's hard to track it and figure it all out. And I think you have to probably enter the phase of being a pretty prolific criminal, an abuser before you get on the radar of the police. And if you're a police officer or an FBI agent, you're listening to this podcast, and you can contradict us. Please do we’d love to hear from you.
But, you know, that's the reality. You know, and I think the FTC report, I looked at it, said one in three people have had their identity stolen. We have three people here on this podcast and all three. So, take that. You know, maybe we're a statistical anomaly, but take that with a grain of salt. So, it is definitely on the rise.
It's a huge problem. Our anonymous guest gave a great report on what to do, should it happen. And yeah, there are, there are things you can do to prevent it.
Simple stuff would be don't give out personal identifiable information for free. A lot of people like to do that on social media. Be smart. Don't give out anything that people can use to track you back.
Don't access personal accounts on public Wi-Fi or unsecure Wi-Fi.
Use good passwords. I love that comma idea.
If websites offer it more and more doing this multifactor identification.
Google is a great example. You know, if you change your password, it's going to send you a text message on your phone confirming, hey, you're accessing this from a new device.Or, you know, we've seen a request of change a password and you have to have your cell phone with you to read the past or the code they provide.
Stuff like that is great. It's a huge barrier for the bad guys on your computers work and personal antivirus firewalls. There's plenty of legit programs out there that can check for malware.
Speaking malware, you know, be careful about what links you click online and what you download for free. You know, the days of Tor and LimeWire have kind of gone away, but those systems still are out there and they're prevalent.
With that, I will say back to my previous comment old crime, new tricks, practice smart offline habits, review your bills, paper bills that you get, check for monitoring. I mean, certainly I've gotten notices like, “hey, did you buy this TV in Oregon”, or “did you purchase this soda at a gas station in Georgia?” And I'm like, yes, I'm traveling for that week. But you can't rely on these notifications to always put this information in front of you.
Protect paper documents. Certainly, we still get a lot of paper documents these days with critical information. Make sure you dispose of that correctly. Home shredder is a great idea. If you have a fire pit or fireplace. I mean, as simple as that sounds, get rid of that stuff. If it doesn't need to hang around, don't use credit cards at unsecure location.
Certainly, skimmers do exist. Go to YouTube and look up credit card skimmer. You can have a fun time looking at all these creative devices people put on front of credit card readers to yank your device. There's pretty bizarre systems. People will create and ride the subway trains with, with skimmers in their bags, and they'll bump into people and steal credit cards. So, there are creative people out there doing that.
But those are things you can do to be smart, both online and offline, to prevent these types of crimes. And ultimately, should they get- should you find yourself the victim of identity theft, contact the FTC identitytheft.gov, reach out to the defrauded company. A lot of them will work with you to get this account closed. No penalty to you. And then file fraud report with the credit bureaus to put your credit on monitoring.
[00:26:53 Andrew Rose] And Mike, I'm going to add a couple of points there to what I have seen for people with malicious intent to gather that PII, oftentimes there are fake jobs.
So, a fake recruiter will approach you with the dream job and they'll ask you a few questions and kind of -they won't ask for everything upfront. They'll keep on making it sound more and more legitimate, more and more wonderful, but needs a little bit more information from you.
And that's one way they get it. Another way of seeing is these fake prizes.
“Hey, do you want to enter this contest to win this thing? If so, answer a few quick questions.” And those few quick questions bring you down a rabbit hole where they gather more and more PII until you've gotten the point where you've shared too much. And now your information is out there.
One of the ones I'm seeing a lot of press about lately are fake beta testers.
So, there's a lot of different types of computer programs and apps out there. And legitimately, these companies would love to have users experiment, find holes, give them that feedback. And that's become almost ubiquitous now. And there are a lot of folks out there in that millennial age group that seek these beta test opportunities out. And a lot of the nefarious folks are injecting malware and other means into these fake beta tests in order to get into those devices.
So, for our audience out there listening, be wary of beta tests. Make sure that you know the company well that's offering this beta test. Don't be out there just trying to be the beta tester for everything. And finally, I do want to give a personal story about the skimmers.
I was getting gas in downtown Baltimore a few years ago and went to pay for my fuel at the pump. And it was weird because my credit card went in there, but it felt floppy. It didn't feel like a secure lock the way they have it now and it didn't register. And I tried it a few times and didn't register.
And I finally went to another gas station and got gas there. It was within it was either two or three days that the credit card company contacted me and said “We’ve discontinued that credit card, your new ones on the way”, without me even knowing that it had been compromised.
But it went back to it. There was a skimmer at that pump at the gas station, and not all skimmers are going to feel weird when you put the credit card in. Then, as you mentioned, with the chips in there now and the radio frequency, it's a lot easier for miscreant to come and bump into you or stand somewhere in your proximity and gain that information from your credit card.
[00:29:13 Mike Urbanik] Yeah, that's a great story. I watch some of these YouTube videos about the skimmers.
Every time I go to pump gas, I physically grab the credit card reader and give it a shake. I mean, watch some of those videos and you'll be pretty impressed how ingenious these guys can be and how they can replicate this technology effortlessly slide on top. And I'm sure somewhere, somehow along the way, I put my card into a few of those because they look identical.
And Andrew, you're right. You know, I'm going to say a lot of those schemes you talked about those scams that collect information. They follow legit business patterns.
I mean, how many times- I'm going to bring this up and I'm going to date myself- did you guys used to go to a mall and there used to be a brand new Mercedes Benz parked in the mall and it would say, “Hey, do you want a chance to win this Mercedes Benz? Fill out your information.”
And that was a business that people would collect that information, sell it to magazine companies, sell it to timeshare companies, And these bad guys said, “hey, we can do the same thing, and then just open credit cards in these people's names because they think they're going to win the Mercedes, but instead we're going to get ourselves Mercedes.”
So old tricks, new world. I mean, they're just kind of reinventing the same thing over and over again.
But, you know, just approach everything with a healthy level of skepticism. Certainly, if you're working with a legitimate company and they're saying something that sounds good, like a job offer. Say, “hey, you know, this sounds great. Can you verify your address? Can you give me your employee number? I can just speak with your manager before I give you all this information.”
I mean, I've certainly used that. And a legitimate company will have no problem accommodating that request. You secure email links before you send any documents. Most businesses these days could have the ability to encrypt emails. Employers can encrypt emails, so you're not just sending it unsecured.
So yes, live the life the way you're going to live it, but with a healthy level of skepticism would be my advice.
[00:31:10 Andrew Rose] And your advice is well-taken. I know my friends in law enforcement like to say it sounds too good to be true. It is.
I mean, it's so basic and simple, but we think, okay, my gosh, this time I won the lottery. This is this is my ticket to fame or wealth or success. And the criminals know that. And they play along that dream in that hope that we have as individuals, and they exploit that.
So, again, if it sounds too good to be true, I'm sorry to say it probably is.
[00:31:36 Mike Urbanik] Yeah, I would agree. Well, I think we've covered the topic of both theft and fraud. Anyone out there who would like to comment or share their story, we would love to hear it from our little anecdotal podcast here. I think we've all determined this is pretty widespread and prevalent, so we'd love to hear from you and hopefully everyone out there is a little bit more informed and can protect themselves a little better.
[00:31:58 Andrew Rose] And I want to go back to something you said before as well.
The FTC says about 33% of people have been victims of identity theft. But looking at our little tiny pool here, 100% have been affected by identity theft. And I think a lot of that is because it's not reported.
So, if you have been a victim, please don't feel any shame. Please report it. That way they can at least start establishing trend line.
So, if it was you, maybe someone else has been hit by the same way law enforcement persists like a $500 theft. They're probably not going to get as excited. But they can aggregate a bunch of those $500 thefts together and turn into a big number. Then they can dedicate their resources to going after these criminals and making sure that they pay the penalty for their deeds and their actions.
All right. Well, on that happy note, now that you are all much better prepared and aware of the things that could happen to you, what we like to call “Cyber Savvy”, please join us for our next podcast on data breach, which certainly segways very nicely from this one.
I'm not quite sure who the manager was in charge of putting all these topics and titles together, but they appropriately did so, and I'm happy to hear about that. I'm excited to hear about that.
And if you have further questions, please give us an email like Mike said, we would like to hear your story after you've reported appropriately to the FTC and other authorities, and you can reach us and askus@DTCToday.com and R.K. Tongue...
Mike, what is the website over there? If someone wants to reach you?
[00:33:26 Mike Urbanik] Yeah, they can reach us online. All our information's there. Not our PII, but our contact information at RKtongue and tongue is spelled T-O-N-G-U-E dot com (RKtongue.com).
[00:33:38 Andrew Rose]
Wonderful. Well, thank you very much for listening in today and we look forward to seeing your ears on our next podcast. Have a great day.
[Outro Music]
[00:33:52 Andrew Rose] We would love to hear from you. Please email us your questions or comments to askus@dtctoday.com. New episodes of Cyber Savvy are posted the second Tuesday of every month. For more detailed information, visit our website at DTCtoday.com Be prepared. Be Cyber Savvy.