Laura interviews Adam Levin, author, and host of the What the Hack podcast, about keeping your money safe from fraud and cybercrime.
In this episode, Money Girl's Laura Adams talks with Adam Levin to help you steer clear of fraud and cybercrimes.
Money Girl is hosted by Laura Adams. A transcript is available at Simplecast.
Have a money question? Send an email to money@quickanddirtytips.com or leave a voicemail at 302-365-0308.
Find Money Girl on Facebook and Twitter, or subscribe to the newsletter for more personal finance tips.
Money Girl is a part of Quick and Dirty Tips.
Links:
https://www.quickanddirtytips.com/
https://www.quickanddirtytips.com/money-girl-newsletter
https://www.facebook.com/MoneyGirlQDT
https://twitter.com/LauraAdams
Laura Adams:
Today, I'm excited to be joined by a special guest, Adam Levin. He's a consumer affairs advocate and nationally recognized expert on cybersecurity, identity theft, fraud, and personal finances. He's the author of Swiped, How to Protect Yourself in a World Full of Scammers, Fishers, and Identity Thieves. And he's the host of the podcast, What the Hack with Adam Levin.
As you'll hear in today's interview, Adam's mission is educating consumers, businesses, and government agencies about security issues. He graduated from Stanford and the University of Michigan School of Law, and his advice has been featured on most major broadcast and media networks. So, if you want to learn more about keeping your money safe, stay with me.
Hey friends, welcome back to the Money Girl Podcast! I'm Laura Adams, an award-winning author who's been bringing you personal finance tips and advice every week since 2008 with over 41 million downloads. I'm also a money speaker and work with select brands doing on-camera and writing work as a financial spokesperson and consumer advocate.
Please reach out if you're interested in collaborating for a speaking event or PR campaign.
As always, you can reach me using my contact page at LauraDAdams.com. That's also where you can learn more about my work, books and money courses. You can also leave me a message, an idea for a future show topic, or a money question by simply calling 302-364-0308.
In my interview with Adam, we talk about:
So here's my interview with Adam Levin.
Adam, I am so excited to have you on the show! Thank you for coming on Money Girl.
Adam Levin:
Well, thanks for having me, Laura. I appreciate it.
Laura Adams:
Tell us a little bit about your background. I'm really interested in how you got into cybersecurity in the first place.
Adam Levin:
Well, I kind of took almost a circuitous route. When I was very young, I was the Consumer Affairs Director for the state of New Jersey in the Attorney General's office. And so consumer protection and legitimate business protection has always been my agenda.
In the 90s, I started a company called Credit.com, which was one of the original online credit information, education products and services companies. So again, we were involved in things that would be consumer protection oriented. I used to kid with some of my friends that when the FTC called them, they had to lawyer up. When they called us at Credit.com, they were looking for advice.
And then in 2003, I started a company called Identity Theft 911. That was one of the first companies ever founded with resolution services at its core. There were a lot of companies out there that were doing insurance brokerage or some that were doing corporate espionage, things like that, and identity theft protection was sort of an add on as a revenue stream, but we were the first company really that made it our goal in life is to put people back together again after they were victims of identity theft. And that morphed over the years into IDT 911 and then Cyberscout when we went global. We were in the US, the EU, Canada, Asia, Malaysia, and Australia.
Laura Adams:
Wow. So you've got a long history in cyber, the cyber world and criminal activity. I'm really curious, what's maybe the most shocking or eye-opening incident you've encountered in all that time? There's probably been a bunch of them.
Adam Levin:
Oh, there have. I mean, you know, the one that jumps out immediately was the SolarWinds hack. And SolarWinds was a network performance monitoring platform. So how better to get access to a lot of companies is to go through the company that was monitoring their network performance? It was a Russian hack; they got in. SolarWinds had this incredibly sophisticated password, SolarWinds123. The simplicity of it made it easy for them to get in. Another was the breach of the Office of Personnel Management, where you had millions upon millions of people who worked in the government or had worked in the government, many of whom had top security clearances and they were exposed as a result of a Chinese hack. And then of course, can any of us forget the Equifax hack that exposed 150 million people? Again, a Chinese hack where there was a vulnerability discovered with software that they were using. A patch was issued by the software company. The security department of Equifax got the memo, but somehow the technology department didn't pay attention to it or they missed it and as a result all sorts of humans with all kinds of information were exposed.
Laura Adams:
Yeah, I remember all of those. It’s just so crazy. You know, I'm sure there's a lot of crime that's happening that’s not successful where the criminals are trying to steal money. But what's the most common threat we face where criminals are actually stealing money? What is the thing that people who have financial accounts online, what is it that really we need to be aware of in terms of keeping our personal finances safe?
Adam Levin:
Well, the most important thing to remember is that many people will take the position, nobody cares about me, I'm just a regular person. Because when you look in the mirror, you see you.
But when a hacker, a scammer, or an identity thief looks at you, they see Jay Z, Beyonce, Adam Levine, because you got what they want. We have data, financial information, and then sometimes it has absolutely nothing to do with us. We are the conduit to a larger river, and that larger river could be our spouse, our parents, our child, the company we work for, the educational institution we attend, or any one of a number of charitable organizations that we're affiliated with. So the common threat we face is that people aren't paying attention. And it's so important that you do pay attention, but you don't. Since you're in the money business and money education, finance education, this I think will resonate.
I call it the three portfolio theory, and that is that when you say the word portfolio, the Pavlovian response of most people is investments. But what we have to remember is we have a number of other portfolios in our lives, and in particular, two that relate directly to our money and our finances, and that is our credit and our identity. And whereas we'd hope that a professional manager would be managing our finances, we need to be the professional managers of our credit and our identity portfolios. We need to build them, nurture them, manage them, and protect them.
Laura Adams:
Yeah, that's a great way to look at it. What are the trends that you're seeing in cyber attacks? What's changed over the years and the decades that you've been in this business?
Adam Levin:
Well, one of the things that's changed is that it used to be that the victim was guilty. Everybody always blamed the victim. Nobody realized that there are all sorts of ways that people become victimized, oftentimes having nothing to do with themselves. But there are ways that we are responsible too, and the kinds of cyber attacks we're seeing are getting more and more difficult to actually determine whether or not it's a scam. I mean, the days of poorly written email from deposed Nigerian princes, those days are gone.
The colors are right, the logo is right, the grammar is right, the spelling is right. So between AI written email prompts and increasingly sophisticated cybercrime as service syndicates, you know, in the old days, if you were going to do something as a cyber criminal, you had to be smart, you had to do it yourself. Today, organizations are creating malware and ransomware and then making it available to less sophisticated organizations for an upfront fee and then a licensing fee. So like the difference between getting a legitimate email or an attachment or a malicious one, they're harder for people in automated cybersecurity systems alike to be able to identify, not to mention now deep fake audio and deep fake video.
Laura Adams:
You know, I still get those old school emails that are like, “Dear sirs, we need money.” And it's like, are people really being successful with these? They must be getting some good feedback from it if they're still sending these emails out. It's just crazy. It is.
Adam Levin:
And the other thing which is horrifying is one of the ways that criminal syndicates are raising money now is through these sextortion scams. And it used to be that they would just be notifying people that they had breached their computer system and they had videos of them going to inappropriate sites. And they had the video not only of the site that they were looking at, but also the response they were having to the site they were looking at. But what's happening now, and it's impacting more and more young people, and young men are the target of a lot of these, is that you'll think you're communicating with a young woman but you're actually communicating with a syndicate. And they get you to send a compromising picture and then immediately hit you with a DM telling you that unless you pay them a certain amount of money, they're gonna release it. We had an episode on our show not too long ago with the father of a young boy who fell for one of these things, sent them a little bit of money, they kept demanding more and more. He said he was gonna commit suicide. They said, go ahead and do it. And he did it.
Laura Adams:
Gosh, I'm such a suspicious person. Like, I don't trust people easily, but I know so many people, especially older people, have a tendency just to believe if something is in their email box, if it's online. You know, I've kind of tried to train my mother up for what to click on, what to delete, and she still really struggles with it. You know, is there anything that we should tell our parents if we're younger or middle age and you know we're trying to advise some older folks in the family, you know what are some ways that maybe they can protect themselves especially if they're dealing with email?
Adam Levin:
Well you know one of the other problems too is that when an older person is lonely and they want feedback and when they get feedback from people who seem to be very welcoming and understanding and empathetic. They sometimes fall for it and it can have horrendous consequences. I mean, we've seen case after case after case with, for instance, romance scams or romance scams to tie to cryptocurrency scams where people start getting close to another person and that's when they get the ask, which is either send me money, send me a ticket, help me. So message number one should always be never authenticate yourself to anyone who contacts you. Never provide information about your finances or sensitive personal information to anybody that you don't really know. Never send money to anybody that you don't know, regardless of how close that they seem to be getting to you. And take the Reagan phrase of trust, but verify an additional step–never trust, always question, always verify.
Laura Adams:
Yeah. Is there any seasonality that we should be aware of? Do we see more crime around the holidays that we should really be on, watch for some red flags?
Adam Levin:
Well, there are always holiday-related crimes, and they really ratchet up, whether it's Thanksgiving, Christmas, Cyber Monday, Black Friday, and then going into a Valentine's Day, Easter and things like that. But the truth is, today, scams operate 24-7-365. And it's a business. I mean, these folks have customer service departments, they have hours, they actually pay bonuses. I mean, it's amazing. There are buildings all over the world where people come in and there are three shifts, eight hour shifts. They do their thing, they run their scams and they go. And oftentimes you think you're talking to a person, but you're actually communicating with a team of people, each of whom has a specific script. And sometimes you may get conflicting messages from these people. But yes, there are discount scams and gift card scams and package delivery scams, technology scams, health-related scams, job scams, you name it, there's a scam.
Not to mention the fact now with the whole issue of student debt forgiveness, there are all sorts of scams springing up. And there are scams that are based on scams that have already happened to you, which is we understand the fact that you've been a victim of such and such a scam, but we can help you.
Laura Adams:
Wow, the scam layers. Very scary. Now you mentioned the rise of AI in this whole industry. Do you think AI is ultimately helping consumers protect themselves or hurting them? I mean, can't AI help us protect ourselves from some of these things if it's used in a good way?
Adam Levin:
That's correct, but you have to think of it as a double-edged sword. It's really good and bad, because AI and deep learning can help to identify potentially malicious activities online and suspicious behavior that even a well-trained IT guy or girl would miss. That being said, companies run the risk of being over-reliant on AI-enabled systems. It's like you think of it as an arms race–every time we think we've come up with something that will help us better identify and possibly even quarantine fake AI-related attacks, they come up with something to get around it.
Laura Adams:
What are some commonly overlooked, but simple security tips that we all should be doing?
Adam Levin:
Passwords, passwords, passwords. And we've had a lot of mega breaches. As a matter of fact, if you wanna find out if you've been exposed in any of these breaches, go to the website, haveibeenpwned.com. You can enter your email address or your cell phone number and it will actually show you every data breach that occurred with your information on it. And of course, the second that you see anything that relates to you, you immediately have to change your passwords. So passwords are critical, especially in a world where breaches have become the third certainty in life behind death and taxes.
And you have to assume the fact that any password you have is tied to some account that may have been breached. That's why I do not reuse passwords. Do not use simple passwords. Try to be discreet in the passwords you use. Get a password manager, which will help you create far more sophisticated passwords. Now, a lot of the sites like Chrome, Firefox and the others have
password management systems built into them. So you can use those as well.
Laura Adams:
All right, so we really need to create a different password for every online account. Is that what you're telling me?
Adam Levin:
Well, it's not a bad idea. Or at least create different passwords for groups of sites depending upon the level of sensitivity of the information that might be attached to those accounts, whether it's financial information, even if it's social networking. I mean, these are the kinds of things, you don't need people crawling into your social media accounts and you don't need situations where they are in a position to know more about you than you want anyone to know so that they can more effectively masquerade as if they're you.
Laura Adams:
Okay, you know a lot about credit. Can freezing your credit files prevent fraud?
Adam Levin:
It doesn't prevent it, but what it does is it makes you a harder target. And it also helps to keep your accounts and finances more secure. The thing about freezing credit is it means no one, including you, can gain access to your credit accounts without having it be thawed. Now in the old days, it used to cost you at least $10 to freeze it, $10 to thaw it. Today, especially in light of the Equifax breach and the OPM situation, it's free. And you should do it. And many states now allow you to freeze your kids' credit, which is also important to do, because you don't want to have them start behind the eight ball when they become 17, 18, and they start looking to be involved in credit transactions and find out their credit has been destroyed because someone got access to their accounts and have built them up and then run away.
Laura Adams:
Do you follow any routines that help keep your finances safe that you would recommend for other people?
Adam Levin:
I do, and it's something that I call the three M's, that I wrote about in my book, Swiped. And that's how do you minimize your risk of exposure, and reduce your attackable surface? How do you monitor so you effectively know you have a problem, and how do you manage the damage? Now, in terms of minimizing your risk of exposure, long and strong passwords not shared throughout your universe of accounts or a password manager. Do two-factor authentication so you know if someone is attempting to crawl into your accounts and you can do something about it. You don't click on links or open attachments that aren't something that looks right. And even sometimes if it does look right, it may not be right. And the problem is you may get a referral from a friend who goes, I just saw this thing, this is really great. You need to see it or horrible things are happening in the world, this just happened, or check it out. They didn't realize that the link they had was infected. So you have to be careful with that. Also, it's very important that when you set up questions and answers as part of your security questions and answers routine, lie like a superhero.
Laura Adams:
Oh, I love that!
Adam Levin:
Superman is not gonna tell anybody that he's Clark Kent, vice versa, nor is Batman gonna tell you he's Bruce Wayne. And the problem is the reason why you need to do this is because so much of our information is available online either because we posted it or someone we know posted it.
Laura Adams:
Right. Yeah, they can figure out your mother's maiden name or something that's pretty public. Yeah, that's a great idea.
Adam Levin:
Absolutely. Plus, also don't download apps just because they seem like the newest, coolest thing. I mean, read privacy policies. Nobody does, but you should try to. Read reviews because if somebody feels that they have been done wrong by an app, they're going to get loud about it. And the other thing is to only go to legitimate app stores. You may see a lot of apps out there, but as I like to say, if you don't want remorse, go to the source, which means go to Apple, go to Google Play, or if it's an app related to a financial institution, make sure you're on the site of that financial institution and they direct you to where you can get the app.
So do that, freeze your credit, and then don't underestimate the humble shredder. You would be surprised at the information that people just throw away. So that's the first thing. The second thing, monitor, get your credit report, and read it. And if you see something that doesn't look right, don't think it's a mistake. Do something about it. Monitor your credit scores.
Sign up for transaction alerts from your banks and credit card companies that notify you anytime there's activity in your accounts. When you get a notice from your health insurer, read it and make sure that it was really you. You'd be surprised. Also get more sophisticated forms of monitoring programs, which are available, that monitor your identity, that are dark web monitoring, that monitor your social security number.
And then the final M is to manage the damage. Don't try to do it yourself. And a lot of people don't realize that now through your insurance company, many financial institutions or where you work, there are programs available to help you through identity incidents. Many times it's a perk of your relationship with the institution. Many times it's deeply discounted. Sometimes it's not. But look into that because trust me.
Whatever it costs you to get these kinds of identity protection programs is nothing compared to what it's going to cost you in time, money, and emotional tumult if you become a victim of some form of identity theft.
Laura Adams:
Yeah, that's really good advice. And if you do suspect that you've become a victim or you know that you've become a victim, how far do you take it? Do you call the police? What steps should everybody take?
Adam Levin:
Well, depending upon what it is, you know, there's the food chain of identity theft. You know, one is that you notice that there's suspicious activity with your credit card. Just contact the financial institution or your credit card company and ask for a new credit card. They'll give you a new number. Just remember that you're going to have to notify anyone that direct debits the account. When you get to debit card compromise, it could be a little bit more dicey because there they could use that information to crawl into your bank account. So you certainly need to put your bank on alert. And even though you may not want to shut your accounts, you certainly want to get a new number. Once you get into new account creation, where they're using your information, open new accounts, you need to notify the police, you need to notify the credit reporting agencies, you need to put a fraud alert on your files, you need to make sure that you then freeze your credit if you haven't done it already. And you need to be monitoring your accounts and enable two-factor authentication.
Laura Adams:
Great advice. I have to ask you before we wrap up what you think about everything going on with FTX, Sam Bankman Fried. You know, I was really encouraged that all of that happened so quickly. It seemed like the FTC really jumped on that case and we saw it, I mean, I think it's been a year, which to me seemed really fast. Do you think they are just really trying to make a show of him? And of course, the dollar amount is huge that's involved. But it's happened much more quickly than I thought it would. That's not typical, right?
Adam Levin:
No, it's not necessarily typical. But we are seeing the law enforcement and the federal regulatory authorities move faster in a lot of areas. Just like as we talked about earlier, where the young man was a victim of sex extortion and killed himself, the family went to the FBI, the FBI went to Interpol, and working with Nigerian intelligence in a matter of months, they were actually able to identify the people that were behind the scam. They're prosecuting three over there in Nigeria, and they've extradited two who are being prosecuted in the Northern District of Michigan.
When it comes to these cryptocurrency scams, a lot of people are out of luck, but more and more regulatory agencies are taking a hard look at this, and they're all trying to move faster. Even in the case of one of the companies that got involved in a big breach, they went after the chief information security officer, they went after the company, and now the SEC is going after them for fraud. So, federal regulatory agencies, state agencies, and even foreign regulatory agencies and law enforcement agencies are now teaming up to do this, but it's very tough and people have to understand that at the end of the day, the ultimate guardian of your data and your money is you.. Because nobody knows what you do better than you know what you're doing, even though you may not know exactly what you're doing and you have to act accordingly. This is your money, this is your asset. If your identity is compromised, it could significantly impact your credit portfolio and your investment portfolio. And if your credit's compromised, it could at the very least affect your financial portfolio. So therefore, you have to be the professional manager of your credit and your identity, and you have to stay on it every day. This is not something like, I'll check my accounts at the end of the month. No, you have to have monitoring programs. You have to be looking at your accounts on a daily basis, even for a few minutes. And look at that in comparison to the amount of time you spend doing email and you're on social media, and realize it's a way better investment of your time.
Laura Adams:
Absolutely. Adam, thank you so much. I really appreciate all this great information, great reminders for everyone that are super important. As we leave, would you like to point our listeners to any resources you might have?
Adam Levin:
Yeah, well, at adamlevin.com we have a lot of information that can help people. The LoudTree Media account where we do our podcast, What the Hack is someplace where you have a lot of information available. Our podcasts certainly have that information. And, and the final note that I would leave with you is we all have day jobs, we work for people, we run businesses, we're raising families, we're getting an education, we're involved in philanthropic activities. That's our day job. To a hacker, a scammer, or an identity thief, we are their day job. And we have to keep that in mind in everything we do.
Laura Adams:
Thank you so much. I really appreciate your time.
Adam Levin:
No, it's been my pleasure and thank you so much for inviting me.
Laura Adams:
A big thanks to Adam for joining me on today's show. That's all for now. I'll talk to you next week. Until then, here's to living a richer life!