Uncorrected transcript:

WTH – Marc R v01

Cold Open

PICKUP: A friend of mine recently installed one of those modern electronic locks on their front door, sleek, solid, heavy. The kind that lights up when you touch it, the kind that makes a very satisfying click when it locks. They showed it to me, proud of it. Typed in the code, pulled on the handle, locked, or at least it felt locked.

A few days later, they realized something. The lock was installed correctly, the deadbolt was engaged, but the hole it slid into, the part inside the doorframe wasn’t reinforced properly. So with one solid pole, the door could be opened. No key, no code. Deadbolt still technically locked if you were just looking at it, everything seemed fine, safe, even.

Behind the drywall and the paneling hidden from view was the part that actually mattered. And that’s the thing, sometimes you can’t believe your eyes.

Sometimes the vulnerability is what you DON’T know: Who knows what. This works for personal data and for doors. What’s going on in the wall where that door was installed? The danger isn’t only what you’re looking at, it’s what you’re not seeing. Do you know who has access? Define access.  

I’m Beau Freelander and this is what the hack the show that asks, in a world where your data is everywhere, how do you stay safe online?

Intro

Marc: Give me one second.

Marc: Yes. And let’s see. I do have a flag now. I do have more lighting.

Beau: Well, we don’t know. We don’t, I mean, we might not even use the video, but it’s nice to have like I, so I guess the first question is, are you anonymous because you have, your name is Mark R. Do you like to stay anonymous just so that you don’t open yourself up to attack or.

Beau: I know this is gonna sound crazy, but I’m looking at something behind my computer that’s crooked and the whole time I look at it, it’s gonna make me not think straight. So let me just make it not crooked and then I know it doesn’t look like I

Marc: Don’t worry, don’t worry. I’m also like that. I’m,

Beau: One second.

Marc: Okay.

Beau: So, um, that is, that is actually what we were talking about is I noticed like, isn’t that a big part of what we do notice noticing things.

Marc: definitely because when you don’t pay attention, a lot may be happening, if you are not paying attention for too long and bad things will happen. 

Fadeout

PICKUP: Okay, so we’re all set now, and today we’re talking with…

Beau: Mark Raphael, CEO of 9 1 1 cyber. He is no stranger to all the danger and, um, he actually came across my radar, uh, uh, because he likes the show. So welcome to the show, mark Raphael.

Marc: Thank you for having me, Bo, and it’s a pleasure. I’ve been following your work and it’s absolutely a pleasure to share with you some thoughts, but most importantly, to listen and to see what’s going on out there.

Beau: I understand that you have an interesting origin story. How did you become interested in cyber crime?

Marc: This is crazy. I, at the very beginning when I was finishing high school, I had the possibility of studying computer science, but I said, you know what? I want something when I’m not stuck with a computer and I can work with people and processes and systems. And I went for industrial engineering.

Marc: But the thing is, I ended up in cyber security, which is where I was avoiding. Of course, cyber was not a thing at the time, but the idea was not being stuck with a computer. And the truth is. I got dragged in cybersecurity by circumstances like first I had the opportunity to work for Microsoft Xbox support, and I was seeing firsthand how hacking was operated as a massive scale. 

Beau: On, on gaming platforms.

Marc: On gaming platforms where people were stealing, accounts and taking over and destroying other people’s lives because you may not think it’s a big deal, but for a gamer after several years and they lose access to their account, they were able, they were actually wanted to do anything to get their account back.

Marc: And sometime it was painful to see that.

Beau: Can you explain to somebody who plays checkers and chess why that would be the case?

Marc: Yeah. ’cause you get a track record, you get a reputation, and that’s your passion. That’s what you do. It’s like we’re moving something that, is part of your life and lose access entirely.

Beau: And I assume you also have to play all the games and level up everywhere where you were already leveled up. Is that right?

Marc: Yes. That’s painful. That’s absolutely painful. And they, they, they actually thought like their life was destroyed. Just because they lost access to that.

Marc: And the second part, I was also working at IBM, uh, as a storage administrator in managing multiple, but that was a backend, uh, work, managing servers and storage devices.

Marc: And I got to understand identity management was a nightmare. I’m telling you, professionals, cyber professionals or IT professionals working and that’s their daily life working to get access to all the stuff and making sure everything is secure. They were actually storing passwords in Google spreadsheet or in notes.

Marc: And the problem was, uh, yeah, there was no tool at that time. And on top of that, this was becoming very complicated to manage. And then from there I said, you know what? This or somebody needs to do something about it.

PICKUP: For years, mark was trying to fix what he saw as a basic flaw in the internet. The way we prove who we are online still depends on shared secrets, passwords, codes, things that can be copied, stolen, or intercepted. So he tried to build something different, a way to verify identity without ever exchanging a secret at all.

He patented the idea, spent years working overseas. And even lined up a pilot with a major bank. Then the pandemic hit, travel stopped. The project collapsed. As the world rushed online, security problems exploded. So Mark built something else instead, A free website and daily newsletter, tracking cyber threats in real time.

And people didn’t just read it, they asked for help.

Marc: Somebody in Kosovo in Europe, they reach out where a website in the US because they couldn’t get help. The lady, she was in a remote relationship with somebody in the Philippine. And they were dating kind of, and then they exchanged naked pictures.

Marc: The problem was the guy was using the pictures to blackmail the lady. So she was sending money every week, month, and when she couldn’t, she was trying to find help. She went to the police, nobody could help. And then she reached out and we said, okay, let’s try to help. So what we did, we worked with her. We tried to trace back the individual in the Philippines.

Marc: We reach out to the police over there in the Philippines. We provided the information. They explained the case, we help, and then they managed to get him to stop, and that’s it. The case was solved. We figured that Kosovo didn’t have a diplomatic relationship with the Philippines. So that was a case where there would never be a solution for this lady because the police in her country couldn’t help. Nobody could help.

Marc: So that’s how nine one one Cyber is born. Basically trying to help solving issues that already exist of people not being able to, to, to, to get help. 

PICKUP: But nice as Marc may or may not be, he isn’t just a people-pleasing do-gooder. Spiderman was bitten by a radioactive spider. Adam West had PTSD, a ton of dough and a predisposition for fascism, the Hulk got caught in a gamma ray. Marc got hacked.

Marc: I was a big fan of team teamViewer, because mostly I, I travel a lot and I ac I use teamViewer, I use TeamViewer to get access to my other computers. And on top of that, sometimes I used to help family and friends trying to solve whatever IT issues they had.

Beau: now, If you don’t know what TeamViewer is, it is a remote access tool that you’ve seen it before. It’s where somebody takes over your computer. So your mouse, you know, your cursor’s moving around and you’re not doing it.

Beau: It’s, they are,

Marc: Correct,

Beau: And it’s an extremely common vector for hackers to use, especially to empty out people’s accounts ’cause they get passwords that way.

Marc: And yeah, I got hacked with TeamViewer where I let. The app running on my computer, on my laptop at that time, and then logged in and probably with remote access enabled. And then one day I woke up, I think at 2:00 AM and then I saw somebody using files on my computer and doing a lot of stuff like extracting data and managing my computer while I wasn’t doing absolutely anything.

Beau: Oh my gosh. It’s like a horror movie

Marc: Yes, it was

Beau: and this is in the middle of the night.

Marc: yes, in the middle of the night. So I quickly understood that it was through TeamViewer because I saw the app running and I saw the activities, and I actually saw somebody, uh, logged in. So I managed to, of course, killed it and then try to, uh, shut down the computer. And reboot, and then tried to trace him back.

Marc: But the problem was, uh, the damage was already done. So of course since this day I’ve stopped, uh, with TeamViewer forever. But the truth is, is that, I recognize that there was a big issue there. And then of course, that’s how I learn to always try to log out when I’m not using whatever type of, of software. 

Beau: Now, did you lose anything substantial in that attack?

Marc: I believe they were getting started at that time. Maybe some files, but nothing too relevant that could have impacted me personally. But yeah, still I, I felt like violated, I felt like, and on top of that, I, I was working in it. You don’t want to feel that way when you are a tech guy and you get hacked.

Marc: That’s the ultimate shame. So, yeah, I, I was very frustrated and upset, but still I’ve learned my lesson there.

Data brokers 

Marc: Earlier this year I wrote, a article on LinkedIn about the data brokers. And my main question was, isn’t it the exact same thing as the cyber criminals just the way they are, like moving your data around. Of course it’s official, they get licenses, some of them, they get licenses in different states.

Marc: But yeah, that’s basically, uh, your data. You can start from one small startup that you’re using your demo for, you know, you want to try this specific product and it end up giving, information about you, or whatever.

Beau: Now the data brokers, um. are not breaking the law. We should be clear about that. But I had the same thought when I first saw my information on a, on a people search site, I thought, how can that be legal? The reason is that the internet grew a lot faster than regulation could, follow it.

PICKUP:It reminds me of kratom—the herbal supplement that somehow became a gas-station staple. It’s a plant-based drug sold openly in head shops and convenience stores, right next to the energy drinks. Because it’s legal and over the counter, people assume it’s benign. It isn’t. It can be genuinely destructive.

That this stuff is legal makes me want to ask the powers that be a pointed question: What are you high on? 

That’s the data brokers in people search occupy. They provide the legal highs of the surveillance economy—permitted, normalized, sold in plain sight—capable of real-world harm that we collectively ignore, even as the consequences pile up, simply because regulation hasn’t caught up to the speed or scale of the predation on our digital lives.

Marc: and the lack of regulations, the lack of oversight. Is mostly the main reason why, even though I do understand that they got like at least some semblance of legality there, I do understand that this should not be the way, and we manage, we manipulate people’s data and right now, companies like private companies, enterprises, they benefit from it.

Marc: So there is no incentive for anybody to do anything specific to, to help. And they say that, uh, regulating that will kind of, uh, put a net into innovation, which I completely don’t agree with.

Beau: That’s always gonna be the argument that we need. We need to have all, everything, we want all the resources, and we don’t even know what we need, but we want all of them.

Marc: Yeah. And that’s a fallacy. That’s a

Beau: tell? But what’s the harm in having, I mean, from your point of view, given what you do for a living, helping people manage, their cybersecurity and navigate, situations where their cybersecurity has been compromised.

Beau: Why is the data on a people search site particularly an issue? Why is it that the people search data, you know, address, email address, phone number, you know, 40% of that information I think is old. You know, so you have to figure out what’s working, what’s new, what’s actual, why is that data. Important in cybersecurity circles.

Marc: It can be used to do harm in real life. We have seen an increasing numbers of. People committing suicide. We have seen cyber harassment. We have seen, cyber stalking. We have seen, all types of cyber attacks now taking place into the real world, like doing harm, like overwhelming people. So just an example, let’s say that you put on Facebook, I’m traveling, I’m going to Arizona, and I’ll be at this Airbnb or stuff like that. And you just, all your information are online on Facebook, and people can see that you’re not home. So you open yourself to burglary and it can happen and it has happened.

Beau: And people can use the people search site to figure out what your address is.

Marc: Yeah. Yeah. 

Beau: I see your name is Mark. I know that you are Mark, but I don’t know where you live. But then you can cross correlate and that open source intelligence is, is the problem I think that people are starting to understand.

Marc: It’s available to anyone We’re not talking about you need to be a super hacker. You need to be a government agency. That means any individual with a little bit of of time and poor resources will say they can actually figure this out. Yeah.

PICKUP: That’s the unsettling part. None of this requires elite hacking skills, just time after the break. The very tools being built to save us time to make our work easier are available to threat actors too.

C Break

PICKUP: Okay, so generative ai, this is the part that keeps me up at night: The same tools helping us write faster and sound smarter are doing the exact same thing for scammers. The tells we used to rely on are disappearing the bad grammar, the awkward phrasing, the obvious red flags.

Marc: Yesterday, my partner sent me a text. I almost got fished. This is, was absolutely too good to be true and definitely it was a fishing. She has been trained. She definitely knows a lot about phishing, and the problem was the main vectors people used to look for, to identify if it’s a phishing email, they have been removed entirely.

Marc: That means, This is gone right now with ai, but that also, helps the hacker produce in a very fast way. Right now, you can do it with the tools and the ability to produce content very fast, and you can change, you can iterate very quickly. The problem is, yeah, we’re gonna have to find other ways to recognize not only phishing, but there are a lot of other, other, other tools there. Enabling cyber criminals to, to actually hack people all different ways. Not only in phishing. Like I’ve, I’ve tested recently some voice to voice agents.

Marc: That means. If somebody wants to reproduce your podcast the same way with your overall manners, expressions, ideas, and everything, it’s gonna take them a few weeks to actually get that done so they could totally replicate what you’re doing, and it’s not.

Beau: So you can use it for good or you can use it for evil. And, and the giveaways in fishing now are, also gone in the realm of design.

Marc: Totally. Absolutely, like deep fakes. Uh, good luck finding them.

Beau: You know, sure. Deep fakes are a thing, and I’ve played around with Sora enough to know that, I can live my best life there.

Marc: Yeah. Yeah, it’s fun. It’s

Beau: I’ve, I’ve, I have hung out, you know, and you can tell a lot about somebody from the sora videos. They prompt I,

Marc: Behavioral, behavioral analysis. Yeah,

Beau: I mean, absolutely true. Mark, what is your, let’s, I’ll, I’ll tell you about mine.

Beau: If you tell me about yours. What, tell me about a funny prompt that you did.

Marc: I try to get, uh, Sam Altman to actually, uh, play soccer.

Beau: Oh, you tried to get Sam Altman to play soccer.

Marc: Yeah.

Beau: Did you do any featuring yourself? Had you made, or would you not upload your image because you didn’t

Marc: don’t. I don’t upload my image.

Beau: I love that. I, I did. I uploaded my image and I made a whole series of videos featuring me with a polar bear, a brown bear, and two Great Dane dogs. And all we did was we went to the supermarket, we.

Marc: that’s, no, that’s fun. That’s the

Beau: And, and, and it was just like, what? You know, tell me, tell me who you, you know, show me who you are without telling me anything. And you know, I was like, oh, I, if you left me alone, I’d probably just hang out with Bears.

Marc: And that’s the danger of it, right? That means if they leave you alone with it.

Beau: A hundred percent. No. And I

Marc: think about it.

Beau: work. I’d just be like, oh, what are we gonna do today? Bears.

Marc: Yeah. And you are very knowledgeable, you know, about the dangers of, of privacy and everything, but you know, think about the regular people, like people will never think or care about that.

Marc: Yeah.

Beau: Well, mark, here’s the thing is when I get a spam phone call, I sometimes pick up just for fun and to hear what’s going on, and I used to answer the phone and say, what? And the reason I did that was because I didn’t want them to catch a voice print. Now. Tell me in your own words how absurd that is, given the fact that I do a podcast.

Marc: Yeah. Right. But maybe, uh, okay. There may be a good, uh, a silver lining here. I would say people, that are targeting you at home, they may not be the same people targeting you using your podcast. So that means at least there are a lot of cyber criminals. So think about it, you probably get some state actors or big actors maybe coming after you, either for the company, work for or for your status and whatever.

Marc: So they may come after your podcast, but the people reaching out, they are like low level scammers, even if they’re organized. Usually they are targeting anybody. I think if they knew it was you, they would not even dial your phone. So that means maybe there’s something good there that you, you use, you try to, to talk to them and try to, to have fun with that.

Marc: Yeah.

Beau: No, and I’ll tell you something, I get a warm feeling inside when I realize that there are low level hackers out there and, an ocean of hackers out there who have no idea who they’re calling because those phone numbers have just been scraped from people, search sites and breaches.

Marc: Absolutely. And they do it, uh, at a level of, at a scale where they need as to reach as many people as possible to increase the probability of actually success and getting somebody to send them money or whatever they’re looking for. So yeah, they probably not targeting you. As an individual knowing that it’s you and some of them, as of now, I’m not aware of them using the voice spread to actually find you online and look after you seriously.

Marc: But I think we don’t want to give them

Beau: Oh my gosh. Don’t, that’s a bad idea to,

Marc: give them ideas.

Beau: thing I always wonder is are we actually just teaching criminals how to do crime better?

Marc: And sometimes yes, because, we have to disclose vulnerabilities. We have to talk about the, the flaws when we see them. But yeah, sometimes we need to do it in a very responsible manner because that definite, ah, they listen. They listen. They actually, eh, sometimes. I think what we do is exposing those inf uh, those vulnerabilities or flaws, disinformation to more people. Some people, they are just listening to a podcast and say, oh, I didn’t have this idea. That may be something I can try. Yeah.

Beau: so we did an episode with a, uh, a gentleman who flew to Cameroon to, meet somebody about an inheritance he didn’t know about. And that person he was supposed to meet had to leave last minute for Rome and they left their suitcase. And so the gentleman was given a suitcase to bring to Rome

Marc: Hmm.

Beau: and the suitcase was filled with heroin

Marc: Oh my God.

Beau: and he went to prison in Cameroon.

Marc: Yeah.

Beau: Now I spoke to a Secret service agent in South Africa. Whose job was to close down Black Acts operations, the con fraternity from Nigeria, and he, it was a good show, whatever. We had an interesting interview. The next week I got email bombed and I got email bombed hard by somebody who knew what they were doing because it was like, Hmm, I’m gonna say 2000 emails a minute.

Marc: Wow.

Beau: Um, and a year and a half later, I’m still getting emails from that email bombing.

Marc: Yeah, they won’t give up. Uh, thanks to automation. They don’t even have to do anything. They just script it and let it go.

Beau: You’ve seen these, these sim farms where they have phones just on racks and they’re making phone calls. Now a lot of that is toll scams, and a lot of that is coming outta China, or it’s based in, it’s coming out of China originally.

Beau: The, and there’s very specific scams where they’re loading credit card information and they just need, they need, you know, they’re, they’re, they’re phishing for the codes. Let’s play this game. My fantasy is that those, and I want to hear yours. My fantasy is that those sim farms are being used make scam calls and, and, and they actually are designed, I’m sure, probably I’m just like, duh, I’m not in it enough to know as a prosecutor and an investigator, but that, that they’re used to make lead calls and they don’t even kick it to somebody at the call center until somebody answers and says, hello.

Beau: Which is why you get that little hiccup when you, when you do pick up a scam call, that it’s actually coming from a sim farm, which means that they’re making an unimaginable number of phone calls. That’s my one. That’s the thing I imagine. I don’t know if it’s true or not. What’s the thing that you imagine?

Marc: And I definitely. Leave, that’s the case. So they work like we actually work with CRM, so you get a lot of leads so you actually can capture everything possible. And then you get humans following up on the most likely to become a customer in this case. So yeah, definitely. I think it’s not a fantasy actually.

Marc: They operate like this, not for everything like the sim forms sometimes they’re used for in, in social media. Influencing that means. Trying to change people’s mind, and this is a little bit more, more, I would say, effective the way they use them. But yeah, in the call centers, actually it was not a long time ago, they had like full call centers with.

Marc: Thousand of individuals working, trying to do those things. But now we have a lot of automation, so they are quite improving the system, so they’re becoming more efficient and, uh, the efficiency is coming Exactly the way you describe it, that means they make a lot of phone calls and then if you answer or you leave, you actually, sometimes they leave messages, you text back, or actually, we, we, we, the other, the other day we have been playing with.

Marc: With a case like that, it was about like when we were doing a piece about, uh, fake job postings and, and then we ended up on a, on a group, I think they were based in Thailand, and then they actually were behaving like they were in Queens in, in, in New York City. So they basically, uh, they. Reach out via text to a lot of people.

Marc: And then when you text back and somebody, because different time zones and stuff like that have to, uh, answer and then depending on the person, that means you may answer two, three people may answer and get different people. But it depends on, on the time zone, on, on when you are reaching out back. Yeah, definitely.

Marc: Your description makes sense. And I think that’s the way they’re operating right now. Yeah.

Beau: I hate it. I, I really, I mean, I, I. I like it the way that I liked Breaking Bad and The Wire and the Sopranos. I mean, I like it because I’m like, oh, that’s interesting, but I hate it ’cause it affects real people and it doesn’t just affect real people. On the targeting side, there are real people in those call centers who are human trafficked and they don’t want to be there.

Marc: And that’s the saddest part of it because you are committing a crime and being a victim at the same time.

Beau: Yeah.

Marc: without you knowing.

Marc: It’s very sad because, you know, lack of opportunities or resources get people to do whatever they can to survive. And sometimes people get dragged into like nefarious activities without even thinking some, it’s like when they get out, that’s when they figure, oh, I was in a very bad situation.

Marc: I was involved in something that I would never be involved if. Definitely I was aware, but it’s too late now. The truth is, uh, the trafficking part is where I believe government institutions and the entire world, we can do better. We can do better because with, uh, a little bit of information exposing those people, uh, exposing the bad guys and because they get networks, and then making sure everybody get access.

Marc: So this basic information, you know, and I think we can do a lot, and mostly I’m talking about kids, about like young people that get dragged without knowing it. They think I, I’ve heard of, of, of cases where people that think they’re gonna be working for agencies, you know, and then they get opportunities to travel to do all the stuff.

Marc: And then they ended up being like that. They think they’re gonna be working offshore for a company in the US or for stuff like that. And then. Yeah, they got dragged into the stuff. So I believe there is a lot that can be done, but still we are far, far from solving it entirely.

Beau: it’s easy to point your finger at somebody who’s driving a Lamborghini and wearing a $300,000 watch. And say you’ve taken not having opportunities to the opposite polar extreme. It’s not as easy when you talk about the lack of opportunity where a lot of this stuff takes root and starts.

Marc: Yeah. And I would say this is like the configuration of the world. It’s not like, uh, because of cyber at it’s rooted in social, conventions. That means. We will always have a issue with distribution of wealth or access to wealth or to opportunities. This is the way we have seen it for decades, millennia, I can say from now.

Marc: I believe with the resources we have right now, we can at least. Make it available, make information available so people can kind of sort out the different opportunities. So I’m thinking mostly about how come right now in 2025, almost 2026. People are getting scam about the Nigerian scams, like, okay, I’m gonna, uh, send you an inheritance and stuff like that.

Marc: That means this shouldn’t be possible. I do believe that social engineering is the most powerful tool hackers get in their hands right now,

Beau: And it’s amplified with AI now.

Marc: Yes, but there are like some basic stuff that we definitely can do. I’m not sure if, at school, like high school, elementary school, college people are learning that, uh, you know, there is a pattern.

Marc: This is the way to identify these patterns. And once you know that you can almost rule out like several, like big percentage of those scams. We are not doing this, and that’s the part.

Beau: The place where this has to happen is in middle school and elementary school in the United States and in primary education elsewhere in the world.

Beau: It has to happen. And when people are young and they be, they’re introduced to the idea that our digital lives have a built-in opacity. And that opacity can be used neutrally, but it can also be used for bad. There’s no good really in it. It’s just it is what it is. But the But that opacity can be used by criminals and they use it.

Beau: So the, the awareness that there are no free rides in life. I mean, it’s kind of like, it’s always the same old advice. I’ve never ever met a cyber expert who doesn’t say about scams and fraud. If it sounds too good to be true, it is.

Marc: It is unfortunately, and the truth is, it’s not that difficult right now. Uh, one thing I’m trying to do mostly with the cyber hygiene is trying to get people to understand that it’s inevitable. And it’s for sure inevitable when you see the sheer volume of hacks of cyber attacks of incidents occurring on a daily basis and to actually anybody that means it doesn’t discriminate if you are rich, poor, or your working for an enterprise or even your location.

Marc: Yes.

Beau: survive it.

Marc: Exactly, and, and not even location. That means I, I’ve seen you, you see right now, Europe and the eu, they have been doing a lot of efforts and with like pushing and companies like the corporations to, to take privacy a little bit more seriously. To not be that open with people’s data, but still.

Marc: People are getting hacked because they got like the same underlying issues. Like I got a case particularly, uh, where, ’cause a lady, she is in college, I think sophomore. She was planning on attending a concert and they created a WhatsApp group. Somebody infiltrated the WhatsApp group with a number actually just to, for the location we’re talking about the Netherlands.

Marc: And then the person received a message from somebody from the group, selling them the tickets and stuff like that. And then I think they got hacked. Basically, they got the identity information and the credit cards, and they actually did the payments, so they got. They get like, uh, take some money out of it and, from the group.

Marc: Now it’s a young person, very smart, actually understands a lot about those things, but it, it was not that simple for this person to identify that, that there was a scam there. You understand? And when I see it, I say, what are we doing? That means if people at this level. In a country where they try to push companies to put barriers to help people with security and privacy, and we still couldn’t actually even prevent that.

Marc: Very low levels come, what are we doing? So the idea is just first we, I think we need to accept and understand that this is inevitable. And second, we need to work our way back to teaching the basics to. Help people, understand and get this to become a second nature, like a habit where you always think, oh, I’m gonna get hacked.

Marc: That’s the first thing you need to think about, and then you start acting.

PICKUP: This is something I think about a lot with the show. I don’t know you, when you first joined, the video wasn’t quite working. Mine wasn’t great either. We’d only talked over email. So how do I actually know you’re who you say you are?

Beau: How do I know Mark R is not an avatar created by a scammer

Marc: Yeah.

Beau: and he’s not even real. How do I know I’m not talking to an ai?

Marc: you. You got me to move around.

Beau: So I got you to move around. Yeah, I got you to like, let me see you actually move that computer and see what happens.

Beau: Because one of the nice things about where we are with the technologies, it’s not good enough. Like if you, if you make it run through the paces. It’s gonna fail at some point, and you’re going to see, and I hope that’s always the case. I doubt it will be.

Marc: That’s the second nature we are talking about and, and definitely I a hundred percent agree and we try this every time and make sure that like, because we know you should, it’s not a lot. I can name like maybe 10. Potential hacks that we really need to be really careful with every time, and people can kind of memorize that and say, you know what, let me, it’s just like a checklist, this check, check, check.

Marc: Okay, now I can’t relax. You can never relax a hundred percent,

Beau: No, you can’t. But here’s the thing. Do you know what I did, mark? All I did was I looked when you turned your head,

Marc: Yeah.

Beau: and I wanted to see what happened

Marc: Yeah.

Beau: on the other side of your glasses.

Marc: Yeah,

Beau: And once I saw that that was happening, and that was why I got you moving was I just wanted to see now, is that habit? Yeah, a hundred percent.

Beau: Now you know what people don’t know is that you are actually an extremely skilled social engineer. So you agreed to be on the podcast ’cause your goal is really to breach. Delete me.

Marc: No. You know what? Seriously. Seriously, I’m more looking forward to partner with, uh, to partnering with Delete Me, just because I, uh, really seriously think they’re doing a good job. And I, I’m gonna tell you, if I, I had enough time, I would be a competitor. But, uh, just because what they’re doing is so important, but I do believe that what they’re doing is great.

PICKUP: Well, thank you. That’s very nice of you to say after I just accused you of being an AI hacker.

Laugh – Fade out into C BREAK

PICKUP: We just were talking about awareness and the way that it needs to become hardwired in our minds. What are some of the most common attacks we need to be looking out for?

Marc: The first one that comes to mind, it’s the easiest one, like people still account. So that means account takeover and either it’s email, it’s social media. And I would say that’s the number one complaint we see right now because people can notice it right away because sometimes you get hacked. You are not even aware you get hacked.

Marc: And then the second one is basically cyber harass. Right now, which is during the rounds, um, line for kids, teenagers, and almost everybody because there are a lot of bullies, a lot of trolls, and people can easily find you, they can easily find your email address, your, your address and everything.

Marc: So they try to overwhelm or make fun. So this is something very serious and people can remember that very easily. Now you get all type of scams. It depends on your age, and you’ll see that, all a lot older, people, they are exposed to a bunch of those scams because they are not really thinking about getting scam or digital security most of the time.

Beau: Alright, so fishing is just a vector. Meaning it’s a delivery system?

Marc: Exactly. But like in, uh, social engineering is what they do. They call you either on the phone or We, we see a lot of SMS, uh, like, uh, sing or they call it,.

PICKUP: What else?

Marc: deep fakes, which is impersonation. Impersonation. This is a.

Beau: that’s a vector too, right?

Marc: but the impact impersonation is mostly the consequence right now. That means they can do deep fix to try to replicate either your voice or your, your, your image, but your likeliness.

Marc: But you do have like people acting like it was you. Creating accounts online and putting you in trouble. I’ve seen people trying to, uh, damage other people’s reputation by just doing that. That means somebody hits you. They don’t even have to, uh, do something, uh, directly to you. They just create your, your, uh, your videos and then they get you to say weird things and then you are land in trouble directly.

Beau: So, a, a pretty famous reporter, had said some insensitive, homophobic things on Twitter like 10 years before they got famous. And, it hit the news and it, and they swore up and down that their account had been hacked and everyone said That is impossible to backdate a tweet.

Marc: Yeah.

Beau: went in and we found out it was totally possible, and they had not posted those things.

Marc: Wow.

Beau: We proved it forensically. So there, there is, there is like, damage to reputation is a real thing. Now on the deep fake front, mark, we do have a thing at my, in my family, which I recommend to everybody, which is we have a safe word. So if a deep fake of me gets pointed at one of my kids or my partner, they can say, what’s the safe word? But that only keeps you from getting, used as a vector. It doesn’t keep you from getting abused by a technology.

Marc: Absolutely. That’s the part used and abuse. So for the abuse part, I can tell you we got a long way to go as defenders because it’s not easy, it’s not easy, to fight back and we don’t have the tools yet. We don’t have the tools. I know that there are like a lot of advanced projects in term in Google.

Marc: They had one trying to help identify fake images. But no, it’s complicated. Very complicated, and so far nobody has a tool that you can say for sure. Okay. This is generated by AI or deep fake, and this is not the person you’ll have to do a lot

Beau: out there. They don’t work though, and they’re, they’re not reliable. So what else you got?

Marc: Yeah. And then you get like, uh, uh, some scams, like, uh, now we are in the holiday season.

Marc: You’ll see, uh, gift cards and like the basic stuff like when people are buying online. And when I say 10 things, I was thinking of 10 things you do regularly, and then if you are aware, you can prevent yourself from. Being in trouble. It is like, like gift cards or when you are buying online where you are putting, so everybody knows now to look for the SSL sign in the URL to see if the site is supposedly secure.

Marc: And I think the, the browsers, they’re doing a good job trying to at least give you a warning. But the problem is most of the time. People don’t even pay attention if this is the real enterprise, the real site, because you know, we got a lot of domains. It can be that com, that io, that me, that whatever. So people, they just land on the website and they say, okay, I’m putting the credit card.

Marc: And it’s way later they figure out, oh wow, this is not the website I was trying to use to buy this stuff. And hackers, they do that a lot. They do that a lot and then later on, one big deal I’ve seen a lot and mostly this year is. About and, uh, the instant messaging apps, so almost everybody is that I’ve been preaching against some of them personally, I just don’t use them because they’re like too difficult to, to, to control or to actually secure yourself.

Marc: But people, they say, you know, I don’t have anything to lose, or I’m not a target, so let’s just. I just do it because everybody else around me is using this. So that’s a problem. The messaging apps, they are absolutely useful. When you are traveling, you can stay in touch with friends, with families and stuff like that, but you definitely need to pay attention to a home you are sharing this with.

Marc: And on top of that, when you receive a message, you need to talk because with just one link. They send you on a text message or a WhatsApp and you can get in trouble. You, you install a a a a tracker or a spyware on your device. And some people, they actually even use a, a, a WhatsApp on the computers, on the laptops.

Marc: So imagine the way they enable hackers to take over, right? I’ve seen, uh, those messaging apps being completely, useful, but at the same time, that’s where they reach out because they get a lot of users. So it’s definitely, uh, and now everybody should know that whatever you put out online is being recorded, stored forever, not okay. I can delete it now. It will be there. Mostly somebody will have it and almost a hundred percent of the time you don’t have control of it.

Marc: Because once somebody take a screenshot or. Is in the archives or whatever website or this website you use. It’s not out of, it’s not in business anymore. It’s not out of, it’s out of sight. So you lose it forever. You can’t even sue the company because they don’t have it. So you have to be very careful.

Marc: Thank before you act or you say whatever that means. It’s important not only because you are spreading your personal information, but it’s also because you are living details of your behavior of how you think. That can be used against you.

Beau: Thank you for so much for joining. What the heck, mark Raphael, the company is 9 1 1 Cyber. Thank you so much.

Marc: Thank you for having me, Bo, and happy holidays to your audience.

Beau: And now it’s time for the Tinfoil Swan, our paranoid takeaway to keep you safe on and offline.

Marc Raphael’s story about waking up to a moving cursor on his monitor is a nightmare. Here’s what waking up looks like, realizing that hacks are inevitable. Whether you think you have it all figured out or scared shitless, the scale of automated crime means eventually you’ll be targeted.

Here’s the deal. You cannot stay safe by playing a 24/7 game of whack-a-mole. You’re going to let your guard down, and that should be a part of your approach to securing your digital life.

One way to relax a little is to make yourself harder to hit.

Stop being a “lead” on a scammer’s spreadsheet. You can do this by using a service like DeleteMe, which the NYT Wirecutter picked as the best in class–and given the right criteria (we’ve been doing this longer than anyone else) is the right conclusion. When you scrub your PII from the web, you aren’t just locking the doors and windows at home; you’re literally making your house harder to find–like on an actual map.

Scammers and SIM farms are efficient—they want the easy win. When you remove the data that fuels their attacks, you become too expensive to target. You raise the friction until they move on to someone else. And it’s nice to get a break from spam and scam calls. 

Secure your accounts to stop the break-in, but scrub your data to make the house hard to find.