Episode Transcript
Speaker 1 00:00:04 Hello and welcome back to, uh, cyber Matters. Uh, I'm your host, Rus Dorsey, a principal and c i o at Caso and Company. Um, we've been speaking with our, with our guest, uh, Darren Mott, a retired F b I agent, and, uh, the host of the Cyber Guy, uh, podcast series. And, uh, in, in the prior segment we were talking about, uh, you know, the F B I, his migration from the F B I into, uh, into the private sector, and now the work he's doing with these podcasts and, and highlighting some of those. But we wanted to talk a little bit about, um, you know, personal protection and, and being cyber smart. And I, I think that's a, a great, um, you know, the, the, the Cyber Smart series that he's, he's tied in with this podcast actually just giving you practical tips. Again, enough reason to go find this series.
Speaker 1 00:00:48 But if we were to talk about some of the things that are, you know, are threats to, you know, individuals, uh, of, of any age, really in, in our homes. So, so Darren, let's, let's switch to that. But the, uh, you know, when, when, when you talk about, uh, the, the elderly and elder fraud, um, let me, let me bring myself back up here. Mm-hmm. <affirmative>, um, saw my parents this weekend. Thankfully. They're, they're, they're both still with us, both in their mid eighties, um, and both still very present in their mind about, about everything. I'm, I'm very fortunate, and so I, but I was talking to them and just about everything I started, 'cause again, I've been listening to yours, uh, and so I was getting over there and, and, and just kind of rattling some things, but Mom, mom was, oh, yeah, they talked about that on the Today Show yesterday. I, I hang up on those people or, yeah, we've got our, our, our, you know, we, we don't have our debit card. We don't even use our debit card. It's not tied to our bank account. Uh, we keep mm-hmm. <affirmative>, we keep the money moved outta the main checking account. Anyway, those kinds of things. Um, but, uh, then I was talking to him about the, uh, the, uh, uh, uh, kidnapping, uh, you know, uh, yeah,
Speaker 2 00:01:49 The a Yes. Yeah. Grand Grandmom. I got, I've been kidnapped or whatever. Yeah. Which
Speaker 1 00:01:53 You had something close happen to you. Uh, you know, I did with that. Um, which, uh, you know, was, uh, it's just having that conversation with our parents to say, Hey, look, if something's going on, like that call. 'cause I mean, our experience here, um, you know, has been, it's that same thing with the, with the elderly. Um, you know, these are people that we're very successful in life with slide rules. They're a lot smarter than we are in my mind. <laugh>, I mean, most of our parents. Sure. Yeah. Absolutely. And, and, and it's, it's such a matter of pride to them to remain independent and to remain mm-hmm. <affirmative>, uh, you know, savvy, if you will. You know, they, they want to be independent like that. And then, and so the, the bad guys play on that heavy, right? I mean, that's
Speaker 2 00:02:39 Right. So years, so the, the, the, the incident you're talking about years ago, um, I was sitting at, sitting at home with my kids and my wife and my mother calls me, um, and she says, Hey, I just got a call from Patrick and said, he's been arrested. It was an arrested, well, not a kidnapped when it was arrested, and he needed a thousand dollars. And I said, well, he's sitting right here next to me. So I'm pretty sure that's not enough. Fortunately, she on the only reason that that didn't work for the scammers was because she knew to call me, because I'd certainly talked a lot about this kind of scamming stuff with them. But, you know, what ended up happening is, is they called and said, grandma. And so she said, Patrick, because she has like four, it doesn't matter if she just said Will or Dean or any of her other nephews, they would've said, yeah, it is me and, you know, save my id.
Speaker 2 00:03:27 I've been, I've been arrested. I don't have my wallet. ID a thousand dollars wire transferred to me, whatever, that kind of thing. Um, and so course it didn't happen. But now the problem now is if, and there was a news report last week, and I'm guessing your mother probably sat on the Today Show where they're using AI to duplicate voices. So this lady got a call and it sounded like it was from her daughter that she had been kidnapped, uh, and they couldn't, for whatever reason, she couldn't reach, she couldn't get in contact with the daughter, so thought it had happened. Um, but this is, we all we're gonna see is a, is a evolution of these kinds of scams, especially with ai. I know ai, I like a ai, I'm a fan of ai. I use Chat g p T, but there, with every technology, the bad guys will figure out how to exploit it for, for nefarious reasons.
Speaker 2 00:04:09 We're already seeing that. The first thing we saw with Chat, G P t was using it to create malware and do all that kind of stuff. Now with, with digital AI being able to replicate voices and do all that kind of stuff. So, um, but again, it has to do a lot of it is awareness and just making your elderly friends and family just be aware of, of these things. And something I, on my podcast, I say three things, understand the threats, assess your risk, proceed wisely. If you don't understand the threats, the threat's gonna hit you 'cause you're not assessing your risk. So part of that understanding of threats is making people know what the, know, what the bad things are that are out there, but I don't think enough people know it themselves, um, to be able to tell enough people to do that.
Speaker 2 00:04:48 So I certainly try to do that in my life. But, um, you know, that's part of the reason I do the podcast. Hopefully, that's that some, somebody will listen to it and get a, get a nugget of information and go to, Hey, I heard this guy talking about this. Be on the lookout for that. Because I've certainly had plenty of people, family members, myself, who extended family members that are like, you know, mothers in-law or whatever, um, have been scammed or attempted to be scammed. Unfortunately, the kids got into it quicker and were able to reverse a lot of the stop a lot of the stuff. But certainly it's like you said, you know, this is a, an older generation that's very prideful. Um, and it's very hard for them to admit when something bad happens. It's human nature. It has to do with age. I'm sure if I became the victim of a cyber crime, I probably wouldn't go bragging about it. But I take that back, I probably would. 'cause it'd be good content for me to share. Actually, I did, I did. I shared that on LinkedIn. I got scammed by a resume thing online. I got my money back, but I still, I still was victimized. I didn't do my due diligence. It could happen to anybody.
Speaker 1 00:05:47 Yeah. When, when you talk about the, uh, you know, the AI and the voice, I mean, the, the, uh, are are, are they finding that the, the elderly victims, they're targeting 'em because their social media activity, they can tribute back? Or are they just doing robocalls knowing that at a certain time of the day, they're more than likely to get an elderly person at home? Uh, and, and then, and then they get lucky on the name. But you're talking about ai, they're duplicating the voices, so they have to be sampling the kids' voice or, or, or just getting our,
Speaker 2 00:06:16 Well, I think it's a little bit of both. So from a, from a sampling, I mean, certainly you can find people's voices on TikTok if they, I mean, if you know the kids have TikTok, you can go to TikTok, get a sample, you're good to go. You only need a couple seconds. And then tying it together to grandparents, if you go, if that kid has information on their parents, you can probably find the parents' Facebook, which will then have information on the grandparents. And then it's not very hard to take those couple steps and get contact information from for the grandparent. Um, it could also be the information on the grandparent is, is easily accessible on any of the online data breach databases that probably include true name, true address. 'cause you know, a lot of, you know, when you get to the, get to our elderly population, they've been at the same place for a while.
Speaker 2 00:07:00 Their phone number hasn't changed in a long time. My parents' phone number at the house I grew up in is still the same as it was 57 years ago. So that number has not changed. So you're gonna have those numbers that are part of data breach databases, because pretty much at this point, everybody in the world has had some kind of data compromise through some kind of data breach. Um, if you're, if you have any kind of credit profile in the us your stuff has been stolen through Equifax data breach. So certainly that information is out there and easily accessible. And then tying it together, you can just use, you could, I'm sure there's AI programs that allow you to very easily tie those things together, um, and create that intelligence platform to, to launch these attacks.
Speaker 1 00:07:41 Yeah. I mean, if, if, if you think about, and I, I, I don't even remember the stat on it, but, uh, I, our elderly, uh, and people that are 55 and above, uh, hold the, the large portion of, of the nation's retire of savings. Mm-hmm. <affirmative>. 'cause that's where they are in life. Sure. I mean, you're, when you get to that point, some of these people have net worths, these people, I mean, we're, I'm gonna be one soon, but I don't have the net worth. I mean, they've got more money than some small businesses do. And then, then it's just sitting in these retirement accounts and things. So it, it seems, it seems, you know, logical that Yeah. The, the bad guys are sitting there with algorithms and if they've got the social media information and they can start doing the reconnaissance, then find their way back then, then it, it becomes a, if you will, a target rich environment. Right? They,
Speaker 2 00:08:29 Yeah. And I think as soon as you start looking at smaller regional banking systems, small credit unions, their cybersecurity's gonna be less because they can't really afford to have robust cybersecurity like Bank of America per se. Um, so they're gonna be victimized, they're gonna have information stolen. And that's gonna tie you to, okay, here's, you know, here's Susan Turner at such and such address in Birmingham. Alright, how much information can I get from, from this? I have information on where she lives and that can tie it to all this other stuff. And, and, and making that daisy chain, um, to figure out relatives and social media accounts is these, these guys are, they're organized crime entities for a reason, because that's what they do. And they, they find the information, they gather intelligence, they collect it, they have, you know, stuff that can cu through it. So it's very, it's very simple and it all, it's still, it's all social engineering. Um, it's trying, it's relying on people's goodwill and turning it against them. Yeah.
Speaker 1 00:09:23 But it, but, but it's very targeted. These, these aren't the Oh, yeah,
Speaker 2 00:09:26 Yeah, sure.
Speaker 1 00:09:26 Just, just, just the drive-bys, uh, you know, are, are are the, the malware that pops up, they have identified through these other, right. These other pools of data. They've identified these targets to go after. Um, and, and, and, and then there's, uh, you know, an element of, of just randomness to, to this. Obviously I got a call, um, the other day. Uh, and I, I think these are like the robocalls and, and everything that, uh, you, they get either Social security administration's calling you and there's a problem. Mm-hmm. And we gotta get some gift cards or, you know. Yep. This is the F B I, I had a guy call me the other day on my phone. I wish I'd, I should've brought it up for the podcast. Um, and I, I may put it on here. This guy calls me, uh, hello Russ. Why are you calling my wife?
Speaker 1 00:10:10 You know, you need, I'm, I'm, I know who you're, I'm gonna come over there and man, what are you talking about? You know? Mm-hmm. <affirmative>, I haven't called your wife. You've called now three times. You're pretending to be the F B I I've got your phone number now, you know, and I'm gonna report you to law enforcement. It's like, man, first off, again, don't know what you're talking about, but why don't you send me the, the message. And he sends me and this, hello, this is David Dorsey. And, and the guy never says F B I in the recording mm-hmm. <affirmative>, but know this is David Dorsey. And uh, we want to, you know, we, we've been been gathering the case and uh, we, you can press one to tell your side of the story. It was that vague, you know, <laugh>. Yeah. Um, but this guy, apparently best I could gather was in Anniston. I'm from Anniston, and I guess he took the time to, to find me on the internet. I'm findable. And how he got my phone number 'cause he said it came from my phone number. Uh, maybe they spoofed my number. Um,
Speaker 2 00:11:01 Right. I, I guarantee you they did. I'm sure he had your number. They just, there's plenty of online, um, VoIP software that you can say I want, I want my phone number to appear to come from this area code. I've got, I've got phone calls from myself at least three times, but
Speaker 1 00:11:16 Yeah. But, well, I was gonna say, but the fact that they identified me by name and spoofed my number.
Speaker 2 00:11:21 Oh, right. Yeah. That's a, yeah, that's, it tells
Speaker 1 00:11:23 Me that, uh, perhaps, uh, you know, in recent breach, that information got out and I was trying to think of the one that's, uh, uh, that might be the one. I, I might have to edit that out, but,
Speaker 2 00:11:34 Oh, could be. Yeah. You know, I was trying to, I was trying to think. Probably not allowed to say that. Well, but,
Speaker 1 00:11:38 But I don't go by David. I mean, I'm Russ just about everywhere else, but I'm, I'm David legally, but yeah, this, this guy, like I said, you know, so it's out there, but then just the coincidence of it, um, you know, and, and that always plays into it. They're gonna catch you at a time that, uh, the, you know, somebody might be traveling or somebody might be going on and just, it's just luck that they, they hit on that. Right. Well,
Speaker 2 00:11:59 I'll tell you there, there are plenty of legitimate websites you can go to, put in a phone number, pay 20 bucks, it'll tell you who it belongs to. So he did. He probably didn't have to go that if he just wanted to spend the 20 bucks at SP or wherever he could have got your name and number. Oh, that's
Speaker 1 00:12:14 A good point. Point.
Speaker 2 00:12:15 Um,
Speaker 1 00:12:17 Well, you know, and, and, and again, I wanna stay, I guess in, in this segment, stay on the, on the, on the family. Mm-hmm. <affirmative>, you know, the family side of things. I think the, uh, you know, the other thing about elder fraud, um, I mean, this, this is just straight up theft by deception. Uh, it's, it's the hook, maybe cyber, but then it becomes a, a con game. It becomes, you know, the, that. And, uh, you know, I'm, I'm, I'm thinking of a, um, an incident that happened, um, with, uh, with a client. Uh, and, and they didn't tell us, and I, again, I'm gonna have to edit this out, but they didn't tell us till after the fact, but the, it was the, your computer's been infected, you know? Yep.
Speaker 2 00:12:54 Boom. Tech support, tech support one,
Speaker 1 00:12:56 Here's a number. Um, the, so this guy calls, and what struck me about this when I was, when we came to us after it was all over with, and there wasn't much else could be done, he'd taken such meticulous notes of who he was talking to through the whole thing. He had this person's name and their employee number, which by the way, I don't think we use employee numbers in this country. That's an odd thing. You know, 'cause, but he had everybody's name and employment number. You know, if my employee id, unless you're with the I R S, I've never, they've, nobody has ever given me their employer id. But beside the point. But they convinced him, once they got him on the phone, they convinced him that there was an inside job at the bank, uh, and that his money needed to be moved.
Speaker 1 00:13:38 But that was the story. Mm-hmm. They gave him the cover story so that when he went to the branch, as per their instructions, he wasn't supposed to talk to anybody 'cause they were trying to catch somebody at the branch. And he goes in there and wire transfers out x you know, X amount of dollars, um, and then goes back the next day. And that's when he realized, because they said, now we need to move the rest of your money. But the banks, um, kind of getting back to what you said earlier about, you know, most of that money's gone. Um, you know, there, there, there is a short window to get that back. Uh, yes. If, if people are aware of that, and I think that's a, that's an important message to get out there, is if you do fall victim to this, and especially if it's a wire transfer of a large amount, you can get with the F B I and IC three, which, you know, we'll need to plug later. Uh, and mm-hmm. <affirmative>, they can do what's called a, a, I think call it a kill chain within 72 hours. Yep.
Speaker 2 00:14:28 Does email compromise kill chain is what they call it. Exactly. Yep.
Speaker 1 00:14:30 Um, so, so that's something to make sure that, you know, we, we get out to, you know, to people. But what amazed me was the stories and, and pig butchering, you keep mentioning that. So I I'm going to throw it back over to you 'cause I've explained what that term is, but then explain kind of how those scams are working, because those, again, once they get 'em on the hook through technology, the rest of it's just a, a, a con game that they run, and then the money's gone.
Speaker 2 00:14:54 Right. So the newest, the newest evolution of the romance scam is what's being called pig butchering. And the, and the reason it comes from that term is there was a, there's a span, there's a Chinese phrase, Shana Zpa or something like that. I sh if I was smart, I would've had it pulled up here to look at. But it, in a, it's, it literally means pig butchering. And what they do is they, they, they, they pull you in as a typical romance scam, either through social media account, and you start a conversation and it goes for a long time. It's why it's called pig butchering. 'cause what I do is they fatten you fatten the, fatten the victim up before they take all their money. So essentially they'll convince you, Hey, I've got this great business opportunity. We can go into it together, download this cryptocurrency market app.
Speaker 2 00:15:37 So you download this app that, that, or you go to a website that appears to be a cryptocurrency exchange site. And, you know, cryptocurrency is, you know, one of those magical cyber buzzwords that people don't wanna be left behind. So they think it's a good idea. Uh, I'm not saying, you know, plus or minus to cryptocurrency. I invested it in previously, but I've cashed out of it all because it kind of all collapsed. But, um, so, but you go in and you'll invest a certain amount and they'll invest a certain amount. And there's a Ponzi scheme aspect to it where you'll watch the value of your investments go up. You can pull a little bit out of it, and then you'll invest more and more and more and more and more. And then six months down the road, you've invested hundreds of thousands of dollars.
Speaker 2 00:16:18 It looks like you've made hundreds of thousands of dollars. And then you come in the next day, the money's all gone. The website disappeared. The, your online paramore has disappeared. And you've basically been pig butchered at that, that particular point. I actually was doing a presentation, um, several months ago at a community college for some educators. Um, and a guy came, came up after me. And I didn't call it pig butchering, I don't think at the, I might have, I, I forget what I, but I mentioned that particular scam. And he said, yeah, you mentioned that scam. I was a victim of it. He goes, I, I'm embarrassed to tell you how much I lost, but it was, it was amazing how easy it was to get roped into it. And he had the whole text string of the conversations with the person, and he was asking me how, you know, is it possible? Gives money back? I said, when did you, when did it happen? He said, uh, two or three months ago. And I had to say, nah, I'm sorry that money is, is probably gone.
Speaker 1 00:17:10 Uh, you know, it doesn't take much to get somebody's life savings through one of those. Right. I mean, that's, that's, that's the sad part.
Speaker 2 00:17:15 Yeah. I was, I was talking to a local bank here, um, couple, uh, years ago when I was an agent. I was doing a briefing on cybersecurity stuff. Um, and they said they actually have a policy that if, if someone comes in to wire transfer money, they will ask them a bunch of different questions to make sure they're not being scammed. The problem is now with online stuff, you don't have to go into a bank. And so the bank can't really ask those questions, those probing questions as a buffer to try to protect you from it. So it's even easier now for the scammers, 'cause everything can be done online. You don't have that, that third party looking over the shoulder saying, Hmm, you sure you really wanna do this? This might be a scam. 'cause let me tell you my, the experience we've had with it. So it's, it's, you know, again, it's a benefit there, there's great things for being able to do stuff online, but there's always gonna be someone who figures out how to use it for elicit means.
Speaker 1 00:18:04 Yeah. And the, uh, you know, the, the, the, the, the, the robocalls, uh, you know, if you're not educated on those at this point, but again, it's just that, Hey, I, I want to, you know, I wanna listen. Uh, we, we fell victim to that. If my wife watches this she'll, she won't, uh, let, let me in the house for a while. But she called me one day because she'd got hit with the, um, uh, with, with a, a robocall, but it was American Express calling. Um, but for her to be as non-technical as she is, it was amazing how good these guys were at Tech Support because with just a few seconds, they had managed to get a, uh, a remote session up on an iPhone, which I can't even do. And we're shadowing her while she logged into American Express to, uh, to see the, uh, uh, if, if the, and I, I don't know, I think it was a gift certificate or something was the scam, but it was, you know, something they were having to lock down, but they were catching just that brief second that the password shows as you go across the screen mm-hmm.
Speaker 1 00:19:06 <affirmative>, you know, and Yeah. And catching that in real time. And, and then, and then what the, the other thing that struck me, and I think this is again, part of the insidious part of this is how ugly the guy got with her when she started not being non-cooperative, you know? Sure. Oh
Speaker 2 00:19:21 Yeah. Right. Yeah. And especially like when they're, when they're pretending to be law enforcement. Yeah. Because you can certainly, law enforcement guys may get mad and may you've seen good cop, bad cop, all that kind of stuff. So they kind of use that part to their advantage. It's Yeah. They're not stupid at what they're doing, that's for sure. Yeah. So,
Speaker 1 00:19:36 So exactly. You, you, you think about, you know, I think about my parents, or even my wife in this case, she was upset that, I mean, it was easy. It was an easy thing to call American Express and get it stopped. And they actually did have a, a test charge outta New York. By the time I even got on top of it, they'd already hit the card for $10 at a Walmart. Yeah. Big deal. But the emotional, uh, impact on that is she's still not over what that guy put her through. And I can't go to India and do nothing about it. Right. But
Speaker 2 00:20:03 <laugh>. Right. Exactly.
Speaker 1 00:20:05 But, you know, until she said, my husband's in cybersecurity, and then he hung up on her. But by that point, well,
Speaker 2 00:20:10 Well think about this. So you say can't go to India and do anything. 'cause he, I'm sure he had an Indian accent, right. Once AI kicks in mm-hmm. <affirmative>, and he sounds like he's from Birmingham or wherever he's got, you know, the right accent and everything. That sounds, it's gonna be even harder to stop it to, to disprove that. 'cause right now, certainly, you know, when you get a call from the Department of Internal Revenue Service, and he's cl I mean, clearly has an overseas accent. I don't want to pick on India specifically, but he's got an overseas accent. You know, he's not a federal official. It's easy to, to determine, but once AI kicks in and you're able to duplicate voices, I mean, shoot, what if, what if <laugh> you got a phone call and it sounded like a politician you love, like you love some particular politician.
Speaker 2 00:20:52 I'm not gonna pick one, one or the other on either side of the spectrum. 'cause I try to take, stay apolitical. But if you get a call from your favorite politician who's talking to you personally and ask you, Hey, can you donate a hundred bucks to my campaign? That'd be great. Who's not gonna donate the a hundred bucks if they had that 10, 15 minute conversation? Yeah. So that scam hasn't happened. I'm predicting, I'll predict it right here. It's for the 2024 cycle that's coming where someone thinks they're actually donating to their favorite politician. 'cause that politician called them personally, talked to them, built them up and, and convinced him to send the money.
Speaker 1 00:21:25 Oh, yeah. Especially if it's, if it's plausible, if it's if, if it's your local congressman, right. Who, who might actually have time to call. And obviously if, uh, you know, a, a presidential candidate's calling, you know, you got something going on. But if it's, if it's somebody at a who's
Speaker 2 00:21:37 Gonna believe, but there's people that will believe that're
Speaker 1 00:21:39 You're right. There're people that will believe that. Um, I mean, so, so if you were to, you know, I, I don't, I don't know what you do though, to turn, you know, to protect your family, you know, against that kind of thing. Other than what do you, do you have safe words? What do you, I mean, what, what, what is the Yes.
Speaker 2 00:21:57 Yeah. Right? For the, yeah, for the, like the, the kidnapping scams, you have to have, like, you have to have a safe word. So like, I would say like, so look, if you're, if you are ever in trouble, our safe word is avocado. Right? Whatever. So if someone calls and says, Hey, I've been kidnapped, what's your safe word? They don't know it. You know, it's not them. So that's, that's one way. But again, you have to, you have to, a, be aware of the threat. And B, take the ability, do the, have the capability to have that discussion and, and prep, prep people for that. And I would say, you know, unless you're in our profession, most, 99% of the world is not doing anything close to that or thinking about anything close to that. Even if, even if it becomes a big news article, really, who's really watching the news to that depth, that level of, of, um, understanding or, you know, application, I guess.
Speaker 1 00:22:48 No, I, I, I think that's, I think that's, that's, that's true. I mean, as Americans, we, um, you know, we, we, we, we, we, we follow this curve of here's, here's the news and then here's the permanent annoyance, and we're just gonna deal with it. Right? Right, right. But you know, the, the dark side of this that we haven't even talked about, and, and we don't need to get too far into it, but it does tie into this, is these same tactics and techniques are what are used, uh, the child predators used for, for, for, for grooming, uh, and mm-hmm. <affirmative> and cultivating targets that, uh, to, you know, they're trying to recruit people to a political ideology. The same social media mining that we're talking about, they're going after the elderly, they're also going after our kids. Right?
Speaker 2 00:23:30 Oh, absolutely. Yeah. Indoctrination, all that kinda stuff. Yep.
Speaker 1 00:23:33 Yeah. And so, and so they're using, you know, with, with, with the advent of ai, so, you know, and, and, and understanding that, you know, just to kind of tie this back a little bit to the F B I, uh, and understanding that as a resource, if somebody is, you know, victim to this, um, do you recommend local law enforcement? Do you recommend they go straight to the, the bureau? I mean, I, I, I was gonna put numbers up with this. Yeah,
Speaker 2 00:23:56 That's a, that's a rough one because it depends on, you know, obviously if you think someone's been kidnapped, you want to go to the F B I, but if it's a scam from kidnapping, you can report the F B I, they won't really do much. They'll ask you, they'll probably tell you to go to IC three and report it kind of thing. Um, local law enforcement really not gonna be much help. That's, and that is the big problem in the cyber world, is who has jurisdiction, who's willing to open a case and investigate it? How much loss was it? I mean, if you, let's say, you know, you got a call that you've been, your kid's been kidnapped and you end up wire transferring a thousand dollars. The F B I is unlikely to open that case because the loss amount is not enough. It's, it's certainly enough for the victim, but from an investigative perspective to put resources for that, you're not gonna get much help.
Speaker 2 00:24:47 Now, IC three is a benefit because if a thousand people lost a thousand dollars, that's a million dollars in lost total, then they'll start to do some, some intelligence and, and find a way to open a case from that perspective. So bulking it up kind of works out. And, you know, and you can certainly contact your local law enforcement if it's cyber related. If it's online, they'll probably refer you to your, to the federal authorities. Um, you know, you have the Secret Service does a little bit of stuff. CISA is more of a, the DH S'S cybersecurity infrastructure, whatever. They're, they're, they're more of a, they're more of a marketing arm of the DHS from a cyber perspective. But yeah,
Speaker 1 00:25:27 I think that's, that's a good way to put it. I mean, if, if you look at, um, a recommendation though was when I go back to this, this bank fraud case, the bank didn't do anything for this guy. Mm-hmm. <affirmative>, uh, and again, they, they, they missed the window to, to pull the money back. And I think that would be something that it's okay to go ahead and get the local F B I office numbers and have 'em Yeah. And have 'em written down someplace and understand that you can call, um, right. And there's, there's organizations too. Um, you know, uh, I always like to plug in for guard, but that's, that's for critical infrastructure stuff. But certainly, uh, you know, your accountant, uh, and, and other professionals that you work with might have a fast track to get you in to talk to somebody. 'cause in that particular case, we're talking, uh, tens of thousands of dollars through a bank fraud. Right. That would, that would be something that would merit an immediate action. Yes. But also absolutely be, be, uh, I think a better case for an investigation. But not if you go to the, the Mountain Brook police.
Speaker 2 00:26:24 Right. No, I, I agree. If it's bank, bank fraud related, certainly go to the Bureau. Go. You can go seek a service to, they can help a little bit. Uh, 'cause they're, they're more bank fraud oriented from a investigative standpoint, but from the bureau, like, especially business email compromise. Let's take that for example. If you are a victim once, chances are you're gonna be a victim again. Yeah. More than likely. So it is good, like you said, have a contact at, I say this all the time, know your local F B I because they're gonna be able to help you. Ultimately, if you need help with something, it's better to at least say, okay, I know I can contact this person and they can at least tell me where to go. Tell me what to do. Tell me how to report it. Tell me what to do, the right thing.
Speaker 2 00:27:02 If you're in the middle of an incident and you don't know who to re-con, you're just kind of flailing around aimlessly. And the longer it takes, the longer you're flailing around, the less likely it is, you'll have a chance to recover that money. The business email Compromise Skill Chain has an 87% success rate if you report it within 48 hours, roughly 40, 72, somewhere in there. 'cause what it does is, uh, the, the dirty little secret of the business email Compromise Kill chain is you get your money back depending on where you are in the queue. In other words. So you say, okay, I got hit with business email Compromise. They're able to tie it to a bank account at Bank of America. So it went from Regions Bank to Bank of America. The bad guy has to then move it from Bank of America somewhere else to get it overseas.
Speaker 2 00:27:43 So wherever it's sitting, he, the bad guy doesn't keep track of it in real time. He'll just, he'll go to that bank account at some point and see there's money in there and transfer it. So the, the, the beauty of the kill chain is they figure out where you wire transferred the money, um, and then if there's money there and you filed the complaint, you'll get the money. Now, let's say you lost $50,000, or there's only 20,000 in the account. In other words, you already pulled your 50, but somebody else put in 20 and they haven't, they haven't said they're a Vic and no one else has said they're a victim, you'll get to 20. But if it is, depending where you land in line. So it's kind of, that's kind of a first come, first serve for re for reimbursement or, um, not reimbursement, um, restitution.
Speaker 1 00:28:27 Okay. Well, that's kind of where I wanted to, to wrap on the individual side. Uh, again, you know, the, the, the threats are there. Um, but you know, on the proactive side, this information's out there like, like, like, like Darren, your, your podcast, uh, you know, the stuff Scott's putting out there, there's all kinds of information out there on what to do to, to be safer cyber wise, and then to prepare for the, you know, the, the eventual that you might need it. I mean, even if it's just, you know, if, if you've got a good relationship with your local, you know, your, your local police office like I do in Trussville here, I'm giving all this personal information out here on this podcast,
Speaker 2 00:29:01 <laugh> Yeah. Mountain Brook Trustful. Yeah.
Speaker 1 00:29:03 It's, it's perfectly okay to go to them and say, okay, I've got this going on. Can we contact, you know, the F B I rather than have it just sit there? 'cause time is of the essence and any of, of this stuff that's going on. Um, and understanding that, I mean, what I have seen, uh, you know, is this major surge in the last few years on the, uh, federal Agency's involvement, uh, you know, in, in getting ahead of these cases because they've become, they're, they're just so, you know, just so prevalent now. You're right. 98% of them, you know, you're just gonna report it and they're gonna, it's gonna gonna get thrown in the number pile. And unfortunately, you lost that $50, you lost that a thousand dollars. But if it's mm-hmm. <affirmative>, it's a more critical matter. Um, well, Darren, I wanna thank you very much for your time, uh, giving us this hour.
Speaker 1 00:29:47 Um, as we, as we wrap this, uh, if you're looking for more information, like I said, Darren's got over a hundred hours of, of material up on this, uh, cyber guy, C Y B U R guy, uh, wherever you get your podcast, um, look for the ones for family or for or for F B I. They're all very well labeled and he's got links to a lot of content behind that too. Um, and thank you for tuning in with us too. Uh, I'm your host, Russ Dorsey, with Cyber Matters, here with Kaso and the Kaso Podcast Network. And wishing you a good afternoon, and we will see you again soon.
