Ep. 219: 3 Ways Not to Lose Everything

“What the Hack?” is DeleteMe’s true cybercrime podcast hosted by Beau Friedlander

Beau:  One of your most valuable assets is probably on the internet for anyone to see. It’s basically you, or a version of you that criminals can piece together.

Tom: But if you’re the victim of identity theft and a criminal’s taken out an account in your name, you are presumed guilty by the creditors until you prove your innocence that they gave the loan to the criminal.

Beau:  That’s Tom O’Malley, a former federal prosecutor who once hunted drug cartels, and now he chases cybercriminals. He knows firsthand how horrible these crimes can be, and these days he spends all his time doing deep dives in the ever-growing swill of scams, exploring everything from the most ham-fisted fraudsters to ultra-sophisticated crime syndicates.

Tom: You know, what are you doing taking out this amount of money? I’ve seen the numbers, six, $700,000 in these gold bar scams.

Beau:  Okay. So for starters, who knew there were gold bar scams out there? I don’t even have any gold bars. I would like to have gold bars. If you have any gold bars, and you have extra ones, feel free to send me one or two. This week, we’re gonna learn about fighting back in a world that doesn’t make it easy. I’m Beau Friedlander, and this is “What the Hack?,” the show that asks, in a world where your data is everywhere, how do you stay safe online? Tom O’Malley is a former prosecutor and current identity protection zealot. And I’ve seen Tom around for years. We have a lot of friends in common, but this is the first time we’ve ever actually hung out. So welcome, Tom. 

Tom: Thank you. Glad to be here.

Beau: Glad to have you. So Tom, take me back a ways. You’re the only person I know who goes back to the beginning, really. So you were interested…

Tom: All right, you can say “you’re ancient.”

Beau: You’re older than identity. No, but you have been working on the problem of PII (personally identifiable information) and the internet since pretty much the very beginning of it being a problem online. How did you get interested in it?

Tom: Well, first of all, it was part of my job description, but it became personal when my personnel file was stolen in the OPM hack in 2015. I started worrying about, what are they gonna do with my top secret clearance background-check file?

Beau: Why did you need to have clearance? I assume it had something to do with you being a prosecutor.

Tom: Yes, through the types of cases that I handled over time, particularly organized crime, drug enforcement task force. And then cyber crimes that I need to have top secret clearance to look at classified materials and investigations.

Beau: So, how did Tom end up in this world of hackers and stolen data, and well, even data that hasn’t been stolen, just scraped, and it’s being sold by data brokers? Well, in 2009, Tom O’Malley went from chasing violent offenders and drug dealers to chasing a different kind of criminal: online criminals, cybercriminals.

Tom: When I first started there was a prosecutor who was doing the CH part, the computer hacking, and then there was a separate prosecutor who was doing the intellectual property prosecutions. And so I said, Hey, I’ll do both of them. I’ll be the chip. And they were happy to get rid of it. So that was in 2009. And cybercrime is from a law enforcement standpoint just started becoming more high profile starting in that time period.

Beau: Tom, you volunteered to do this. What jurisdiction were you in? Where were you a prosecutor?

Tom: So at that time I had moved up to North Carolina in the Western district, which is based in Charlotte,.

Beau: And what kind of cases were you getting at the time?

Tom: Computer hacking, breaches, business email compromise, account takeovers. A couple organized cases where they were getting mules, unwitting mules to process wire fraud payments and account takeover payments.

Beau: So you were a prosecutor. Your focus was on computer hacking and identity theft and other cybercrime. And then the OPM breach happened. 

PBS NewsHour: More than 21 million Americans had personal information stolen from government files in a data breach that was six times as large as originally disclosed. The information was hacked from the Office of Personnel Management or OPM, which said today it is highly likely that anyone who went through background checks to apply for a government position since 2000 was affected. 

PBS NewsHour: What we’re finding out now, is not only were many more Americans affected than we previously knew, but just what kinds of data? We’re talking about very personal data that most people will be very uncomfortable knowing is out there. We’re talking about people’s health histories, their criminal histories, their educational and residency backgrounds.

PBS NewsHour: in fact, all the kinds of information that we’re warned to protect with our lives: social security numbers. Biometric fingerprints. 

PBS NewsHour: That’s right. As well as usernames and passwords that a lot of these applicants used as they were trying to get their applications.

PBS NewsHour: How was this discovered?

Beau: Where were you when you got the news? 

Tom: Out in the West coast. I was invited to an identity scholar conference and it was during that privacy conference that I learned of the breach in the news.

Beau: And did that breach just travel through the conference like wildfire? Did people just start talking the minute they found out?

Tom: Oh, yes. Well, there were some who were surprised and some who were not surprised. And part of the people who weren’t surprised, it was because there had been GAO Reports About how bad the security was for that division.

Beau: Yeah. I mean, the GAO reports were essentially advertisements saying, hack us please now.

Tom: Yeah, that’s funny.

Beau: It would be funny if it weren’t true. All right. So for years the GAO, the Government Accountability Office had been flagging OPM’s terrible, abysmal, really bad cybersecurity. Basically putting out reports that might as well have read something like, if you need any data to steal that’s really, really sensitive belonging to people who have top, you know, secret clearance, you should totally do it at the OPM because they suck at protecting their data. And surprise, surprise, someone actually did it.

Tom: So it was the highest level, top secret is because of the work I did in organized crime, drug enforcement task force, computer hacking, intellectual property prosecutor, and it’s just the nature that of the cases that I was involved in.

Beau: As I remember, Tom, OPM was maybe one of the watershed moments, not the first, but one of the big ones where the general population got the memo, our personally identifiable information is out there and it is putting us at risk. What did the government offer you in exchange for you being forever compromised?

Tom: So they passed legislation which is now the standard. This free quote “credit monitoring protection,” for I think initially it was like for three years and then they passed the laws for 10 years. That 10 years I think is gonna be up in 2025, 2026. And I don’t know the status of them extending it.

Beau: So tell me about credit freezes and I am assuming when you started to learn about credit freezes, they were not free everywhere and they were not as easy as they probably are now.

Tom: Right, there had been a battle since California first passed the credit freeze laws in 2003, I believe it was. And by 2007 or 2008, every state had a credit freeze law and the credit bureaus would lobby each legislature trying to get them to let them impose a fee. And those fees range from $5 to $15 per agency to freeze, unfreeze, and refreeze.

Beau: This is serious. Like, so the credit bureaus, they were making basically 30 bucks every time you needed to do a transaction if you were a person who froze your identity?

Tom: Well, 45 if you wanted to refreeze it. So per agency. Per agency. So it was incredibly expensive if you wanted to do it in some states

Beau: So $135 if you needed to open everything up and close it again.

Tom: Approximately.

Beau: Did you do that in the beginning after OPM?

Tom: I didn’t need to pay for it ’cause North Carolina, North Carolina is one of only two states. I think it was South Carolina, where you did not need to be a victim of identity theft to get a put a credit freeze on your files. You could do it for free. So. North Carolina, South Carolina were free. So then I just had dug around and found out where that freeze page was and found the link

Beau:  Here is where Tom got creative, because after his own top secret clearance file was stolen, he didn’t just sit back and wait for the government’s free credit monitoring. No, he got some pie. Frozen Pie.

Tom: That was the beginning of Frozen Pie. I started it as a .net, to give people in my office links to where they can go freeze their credit.

Beau: Frozen pie. Not an app, not a product. Just a funny little internet site where Tom pasted the links that the credit bureaus didn’t want you to find, and then hit publish; the pages that let you freeze your credit without paying their $15 fee or signing up for some expensive monitoring plan.

Tom: It was just a website and it just contained links, got around all the advertising where they’re trying to upsell you to monitoring and free credit bureau reporting, all this BS. And you know, they try to sell you the product before giving you what you’re entitled to free by law. So I’d find that page where you could start the freeze process. And so basically Frozen Pie was just links. You know, this is your right and click here to start exercising your right.

Beau:  And that is the bigger point, right? At a time when billion dollar agencies and corporations couldn’t protect our most sensitive information or the sensitive information of our most strategically important folks working for them. One former prosecutor spun up a website from his office, just from his own little computer to help regular people freeze their credit. So if the question is do you really need to freeze your credit when you could just monitor it instead, do those monitoring services actually work? The answer is: no. No. Tom said it best.

Tom: The more I read about [Credit] monitoring, to me it was like having a burglar alarm in your house and not locking the doors and then you just get alerted the fact that stuff has been taken from your house and you may never get it back. You need to lock it. 

Beau:  Credit monitoring doesn’t stop anyone from opening a fake account in your name. It just lets you know when it happened. 

Tom: Obviously I knew from the types of cases that I had that some people could have their financial accounts and identity wrecked. And it’s very difficult to recover from when your identity is used to open up a new account. 

Beau: And Tom would know. As a prosecutor, he had to prove identity theft cases beyond a reasonable doubt.

Tom: The 12 jurors convict somebody of the crime of an identity theft, fraud, or aggravated identity theft. But if you’re the victim of identity theft and a criminal’s taken out an account in your name, you are presumed guilty by the creditors until you prove your innocence that they gave the loan to the criminal. It’s a really screwed up system. So I just wanted people to be able to protect themselves. I knew the tools were there and I was just trying to find shortcuts to get people to those tools.

Beau:  That solution, freezing your credit was Tom’s first project, but he didn’t stop there because once his own data had been stolen, he started paying attention to the bigger picture as one does. Not just how individuals get hacked, but how entire generations are getting scammed out of their wealth, out of generational wealth in a lot of cases. And that’s where we head next.

Tom: And now that I’m older than the Pope, I figured I’d start working on this problem.

Beau: From pig butchering schemes to romance scams from laptop farms to something called the gold bar scam, which we’ve already mentioned; still kind of fascinating, this is the new economy of fraud. I don’t know. The new threatscape. The new constellation of scumbaggery: a system that doesn’t just steal money from individuals. It reroutes generational wealth into criminal compounds half a world away, right next door, who cares? It’s doing bad stuff to good people all the time. I’m sure you’ve seen these stories about laptop farms and you probably know that there are criminal operations and state sponsored hacker groups where they will actually rent the identity of a person. There are people in this country who will rent out their identity to somebody they know to be a threat actor for whatever the money is that they’re being offered or run a laptop farm for whatever percentage runs through that laptop farm. What’s the concern when it comes to criminal identity theft? Is it still a very real thing? And does freezing your personal information have anything to do with protecting yourself from that kind of situation?

Tom: I don’t think it will protect you from that standpoint. There are some cases, like I remember a case where this woman’s identity was stolen and used to open up checking accounts at four different banks, and they go ahead and submit counterfeit checks or insufficient fund checks. The business practice is to release those funds before the check clears the Federal reserve and the identity thief who had been used in the victim’s name had rung up about $104,000 worth of worthless checks that she cashed out from the banks. So when they pulled the information, who do you think they went to arrest each time? The victim. And she had to explain to them what happened to her. And finally they were able to identify the identity thief by matching or the surveillance video from one of the transactions with the picture of that person’s photo in the DMV and their driver’s license. So…

Beau:  We gotta figure out here the bigger picture, like what’s it come down to? 

Tom: All identity really comes down to personally identifiable information, and your email account is personally identifiable information because unless somebody’s hacked into your email, that goes right to you. So I wanted to expand it from the credit protection to solve the problem of my generation now, which is, and I read about it all the time, is people losing a lot of money, and in my generation, some of them lose life savings to pig butchering and other scams. And I started researching that and seeing that’s a real problem.

Beau: Now older adults are an attack surface that just keeps getting bigger and more vulnerable by the day. 34% of the population is 50 and older right now. That’s not a majority. But that same group of people hold the majority of wealth compared to all other generations in the United States, which makes them a really good target for criminal activity. It doesn’t explain to me why they’re vulnerable. It just explains to me why they’re targeted.

Tom: Well, you’re not 70. I am.

Beau: Enlighten me. Enlighten me. How do you know? I might just be a very, very- I could be 70. I’m not.

Tom: Well, a couple things, like how many times a day do I need to check with my Apple Watch to find where my iPhone is? Little things like that. Or in particular when I’m watching a, a series of something on one of the streaming channels and I go, I think I saw that. I’m not really sure. And like, it’s not till I’m halfway into the film I go, okay, I remember I did see this, but I still can’t remember the ending. So…

Beau: But not all older adults have any form of cognitive decline. I’ve had the same experience watching a show streaming. Is it really just, is it that, or is life just lifeing and we’re doing it whether that means we’re looking for our phone or trying to remember what we saw last night on our favorite series, and then we are approached by a scammer? Because when the scammer comes at a person, if they’re good at their job, it makes you stop everything. And well, not just something that makes you stop everything, but also gets you talking. That’s the real trick, is to get you talking.

Tom: Well, you know, with all the money being lost to scams, the first step to any scam is the scammer being able to talk to that person. And my practice is, I don’t answer the phone. If my phone rings and it’s not somebody in my contact list, I’m not gonna answer it. It’ll get a voicemail, and if it’s a doctor’s office or somebody important, they’re gonna leave a message. And nine times out of 10, I’ve never had any scammer yet leave a message, but I believe that’s coming with AI, with generated voices and you know, a nice-sounding person. So that may be the next step, but you know, I can tell if somebody does leave a message, if it’s a scam call, a spam call, or if it’s somebody I know I need to get in touch with. So, that to me is the most effective way to protect yourself from scams is don’t answer the phone. And the same thing goes for text. Don’t click on any link. If any text causes some concern, go right to that account, whether it’s a bank account, credit card account, Amazon account, or whatever. Never respond to those texts that say, do you want to be deleted from here? Because every time you say No, that’s a confirmation that this is a working number.

Beau:  They’ll always send snail mail. And if there’s a problem with this or that account, you’re not gonna get a phone call. You’re gonna get an email maybe, but it’s not gonna be a phone call. And everything can move very slowly, as it does if you’ve ever not paid a bill. It’s slow. No urgency.

Tom: The government’s never gonna ask you to take all the cash outta your bank, turn it into gold and give it to some courier. That’s never gonna happen.

Beau: And does that happen in actual…

Tom: Oh, there have been reports of people who’ve lost life savings to that scam. And, you know, part of the problem was they were taking money out in three separate transactions that the daughter never knew about. But, you know, had she been, you know, using this platform, she would’ve been alerted to the first time that money came out and tried to stop the transaction. Like, you know, what are you doing taking out this amount of money? I’ve seen the numbers, six, $700,000 in these gold bar scams.

Beau:  Gift cards, wire transfers, fake IRS calls. Those are all, you know, pretty much classics now. They’re scams. We know. Yada, yada, yada. But so what’s this about gold bars? I used to drink at a place called the Gold Bar, and that is not it. The gold bar scam is sort of new and it’s a doozy. The scammer poses as a government official or a bank security officer of some kind, and they basically convince generally an older adult, they convince ’em that their money is at risk like now, or that their account is gonna be seized or emptied and they need to do something like a minute ago. Like really, really, really, come on now, now, now, now, now. It’s super, super important. The only solution is to withdraw all your cash and convert it into a secure untraceable asset. Yeah. I kid you not actual gold bars. Yep. And so who am I talking to? Doesn’t matter. Anyway, people have drained their entire life savings. Sometimes it’s a slow roll, which sort of beggars the imagination that we’re talking about people who’ve been targeted, who are walking into a bank repeatedly like three times in a single week to make massive withdrawals. I’m talking hundreds of thousands of dollars. And there’s also a variant involving fake gold, but we’re not gonna talk about that right now. So it gets even weirder. So the people doing this aren’t gonna actually meet the people they’re stealing from. So they hire couriers through gig work sites to pick up this gold. They have no idea they’re transporting tons of gold. ‘Cause I’m sure they would- Well, I’m sure there’s plenty of honest people there, but I would take it. Anyway, would I? I don’t know. They make the operation harder to track that way. The gold is melted down right and turned into a Lamborghini, or, I don’t know, a truck full of Vitamixes, whatever else. You get the picture. So older adults are uniquely vulnerable? Yeah, they are. But it’s for a very specific reason. Younger adults are also super vulnerable, but they don’t have as much money. So they’re not targeted as much.

Kathy Stokes:  The Federal Trade Commission has told us for years that more younger people report being defrauded than older people. However, it’s where the money is, as Willie Sutton said, right?

Beau:  That was Kathy Stokes, Director Fraud Prevention Programs at the AARP. She was on the podcast a while back, and she talked about exactly that, but well, it’s different. We’re not repeating ourselves here, but a lot of this bears repeating.

Kathy:  If you get the older adult on the hook, you have a much bigger payout. So there’s much more activity going after the money, and that happens to be where the older adults are. It doesn’t have anything to do with the tropes that we’ve allowed ourselves to think.

Beau:  When older adults get hit, the losses are way bigger, right? Sometimes it’s their entire nest egg. So you do need to get this right, and that’s why I’m saying it again: older adults are not falling for scams because they’re clueless. They’re targeted more because they’ve got the dire ducats. You know, they’re targeted more because that’s where the money is. So what do we do about it? Tom O’Malley has been digging into solutions, not just for credit freezes, but new tools designed to give people and their families a fighting chance.

Tom: You have to think of it this way: if your parents lose their life savings, right, that means they can’t go on vacations. They can’t go to assisted living when they need to. Guess what? They’re moving in your house. So it’s your problem too, because now you’ve got the burden of taking care of your parents who are gonna be despondent from having lost their decades worth of savings to a scam. The fact that the generational wealth that should be going down to the next generations are going to these transnational organized crime organizations and that they are using it to build scam compounds, human trafficking, and it’s a vicious cycle. We have to make more people aware of this, and it’s not just generations, but I think besides the generation, my generation, the baby boomer generation, there’s Gen X, which is the sandwich generation. They have to protect their own identity, their aging parents, and their children. And that’s a lot. So I think there has to be more family oversight of financial situations. And there are some companies that have products where you can- and some banks allow a financial caregiver to be in an account. So I’m looking at exploring into some solutions that way, because I think everybody needs a second set of eyes, whether it’s a family member and or you know, afinancial advisor.

Beau: Well, my feeling here is that everyone needs more than a second pair of eyes. That staying safe in this threat environment involves a multi-layered approach. For me, one is for freezing your identity, and another one that I do, and this is show and tell, Tom, is I lock my ATM card. So in an app, the only way that you can use my ATM card is if you have my face and you have my phone. Or if you know some of my codes and you can get into my password manager. It’s pretty secure. And the reason I do that is because, I, you know, for ages worked with Adam Levin at- you know, where I think you knew him before when it was Identity 911.

Tom: Right.

Beau: And then it was CyberScout where it was high-touch identity theft resolution. And it just got driven home ’cause I was there for so many years that your debit card is a direct line to cash, and that’s cash that can be stolen and gone. Nowadays you can get it back, but it’s just a pain. So when it comes to the money in my checking account, I lock it. I absolutely lock it, and every time I go to an ATM I unlock that card and re-lock that card. That was me doing the show and tell. Now you do the show and tell. What do you do? What do you have that, what do you, what protocol do you have in place that you don’t mind saying what it is because it keeps you safe and it could help other people stay safe, but it’s not gonna help you get hacked?

Tom: So I’ve been using the institutions or the credit card issuers own apps. You know, they have their own tools. Each one has their own tools and alerts. And I have my activity monitored at the end of the day daily. But I’m also exploring some other options to put it, you know, to take all these different things that you can do if you have your money in multiple accounts or you have a bank account, maybe you have a savings account somewhere else, an investment account. And those are all individual apps, is to put ’em on a dashboard to be able to see that and monitor the activity. And there’d be alerts of suspicious activity. For example, if you never do a wire and all of a sudden there’s a wire, it would send you an alert and send your, you know, your financial caregivers an order. ‘Cause you may not recognize the significance of it ’cause you’re going down that path of a scam, but your family members might, or the financial advisor might and they’ll intercede because a lot of banks aren’t set up for that. I know the AARP is trying to do it with a bank safety program, but you know, how many banks out of the thousands of banks are actually doing that?

Beau: So in an ideal world, would it be that every transaction alert would go to a, like my elder account and also to me, ’cause I’m Gen X, so I’m thinking about older relatives and friends who may not have a good protection game in place. And then I’m thinking about my children who are in their twenties, who definitely do not have a good game in place. You know, my kids are Gen Z. I’m Gen X. I have actually a sibling who’s a millennial, and then our folks are boomers or even silent generation. You know, some people have parents who are pre-boomer. So what does a multi-generational plan of attack look like? What is- PIIdentity.com is doing it. What is… Somebody, please. You know, I feel like standing out in my yard looking up the sky and say, Superman. I mean Batman. Somebody come help. What do we do, Tom?

Tom: So we need to make more people aware of this and it’s not gonna come through Facebook ads. I mean those, those things, Facebook and Google is really for the credit monitoring business where they scare you to lock you into like a $40 a month plan to tell you if your identity’s been used to open an account when you can freeze your accounts for free. I mean, that’s crazy. But you know, there just needs to be a more oversight of the financial assets, and you also have to recognize that physical assets, like houses, can be converted to digital assets, right? Go out, get a loan on your house, get a home equity, and put that in a crypto machine. So I think we need to… and this software I’ve been looking at, look at something that gives alerts to family members who are financial caregivers to intercede before that generational wealth is lost to a scam. 

Beau:  Because once that money’s gone, it’s gone. It’s really gone. I’m reminded of my friend’s son Gus, who’s now in his thirties, who dropped his fishing rod in the middle of a lake. And I watched it. I watched it just circle in beautiful loops down and away, and then disappear into the murk. It was gone, and that’s what he said. I think it’s gone. It’s like blowing the seeds of a dandelion. They scatter everywhere and you’re not gonna be able to catch ’em all. You’re not gonna be able to get any of ’em in most days, especially if it’s windy. Can you imagine? Like, okay, go ahead. Stand downwind for me and catch every single dandelion seed that I just blew off the head of this spent flower. No, you can’t. But what you can do is you can reduce your attack surface, and that does mean not picking up the phone when you don’t recognize the number, that means not answering a text or an email that you’re not expecting about a topic that doesn’t seem right. Taking that pause and saying, okay, I have been told this before. I heard Beau talk about it. I heard Tom talk about it. I am going to call the bank. Hello bank. Yes? Did I do this? No, that’s a scam. Cool. Next. So that reduces your attack surface, right? The attack surface is your brain and you know, you have to be thinking constantly. Sad as it is, it’s like crossing the street. You’re not gonna cross the street without looking. Well, we can’t interact with data, especially things that are financially related, without looking both ways.

Tom: Right. I mean, look, it boils down to, you know, it’s ironic that when you’re growing up, your parents told you don’t talk to strangers, right? But they’re talking to strangers all the time in the internet and on their telephone. And so the dangers that you face as a child with strangers is exponential when it comes to financial crimes with people of my generation or any generation around the world. It’s not just a U.S. problem.

Beau: Right. And you know, in the world of today, everyone’s a third party and the question is, do you want to be best third parties? Well, no, I want a best friend and I want, you know, a relative I love or whatever. And there is a difference. And so when you are out there in the wild, you know, think about that. Is this someone I know? Is this someone who knows me? You know, and act accordingly. And the other things that I think are super important is, you know, are freeze your credit. Monitor your accounts. Feel free to ignore what’s on the dark web because it doesn’t matter. It’s already-

Tom: It’s already out.

Beau: It’s out there. There’s not, there’s no getting that genie back in the bottle. You can’t turn a pickle back into a cucumber. That’s out there, but there are a lot of things that you can do, and all of them can be reduced to be aware that there’s a problem and that it’s a constant threat and act accordingly, and that means stick with the people you know.

Tom: Yeah, and I mean, look, the bottom line is, if you’re sending money, you should, you know, be confident of what it’s for and who you’re sending it to. And if that whole relationship starts with a stranger, you have problems.

Beau: Now it also, one final thought: in this threat environment with AI improving every day, if you have a grandchild, a sibling, a parent asking you for money, maybe in video, maybe actually in a video call, ’cause there are now filters. I can change my face while I’m talking to you with a perfect lip sync. I can do it in Spanish, and an AI is capable. If you don’t think it can do that, you’re wrong. It can, so the issue here is if Tom, you know, right now were to say, Hey Beau, I need you to, I don’t know if you realize this, but when I got on this call, I accidentally sent you $10,000. I need you to send it back. I’m not sending it to Tom ’cause he’s not even a family member. But if my daughter got in touch with me and was like, dad, I really need a thousand bucks.

Tom: Your response should be, what’s the safe word?

Beau: Okay, great. Talk to me about that, ’cause that is probably a great response.

Tom: So, recognizing that people can get scammed with these grandparent scams, parent scams, every family should have a safe word, like Billy Bob, you know, something that the family’s gonna remember that’s unique. And so if a scammer calls up and is pretending to be one of your children, or a parent or another family member, in urgent need of money because they crashed into a car and there was a pregnant woman inside and the child- you know, all that crazy stuff, you can say, what’s the safe word? If they don’t know the safe word, which they don’t, then you know, obviously it’s a scam. But even then, you could always hang up the phone and call your kids, right?

Beau: All right. So that to me is the best tip of the day. So get a safe word. And if you’re listening today and you really thought Billy Bob was charming, ’cause Tom has a good accent and stuff, don’t use Billy Bob, but find something that works and yeah. And communicate. What I was getting at, ’cause I love the safe word thing, but I was also trying to get across that communication is key. So if one of my kids asks me for a thousand dollars, I’m gonna call my ex-wife. We’re friends and I’m gonna say, Hey, what’s going on with Beelzebub? They asked me for a thousand bucks and be like, oh, Beelzebub asked me for a thousand bucks. And be like, well, that’s 2000 bucks. Let’s get Beelzebub on the phone and then Beelzebub gets on the phone and says, I didn’t ask either of you for money.

Tom: Right.

Beau: You know, so communication can save a lot of problems.

Tom: Definitely

Beau: All right, Tom, thanks again for joining us. Really appreciate your time.

Tom: Thanks.

Beau: So what’s the takeaway this week? No tinfoil swan. This one’s really easy. Freeze your credit. Lock down your ATM card, your debit card. Don’t answer stranger’s calls. Right? Set up a family safe word. Family safe word. Maybe it’s what the hack, whatever. Set up a safe word and add transactional alerts too, because they do help. Oh. And claim your government accounts before someone else does and get your pin code from the IRS. And remember if it sounds official, but it feels icky, it is icky, and run. No one accepts those gift cards as payment. The IRS is not calling you out of the blue, like we said. And if someone tells you to buy gold bars in a Walmart parking lot, tell ’em to BLEEEEEEEEEEEEP. Thanks for listening. See you next week, but hold on. I need your help here. What the Hack was nominated for a Signal Award. We’re in the thought leadership bucket and we’re up against some cool podcasts. I’m even gonna name them ’cause they are cool: Things that Go Boom, the Weekly Show with John Stewart and a couple of others, and we’re in the running. We’re just behind John Stewart, and we need you to vote. So what you do is you go to the Signal Awards. That’s vote.signalaward.com, and then if you click on categories and you then go to genre, which you’ll see after you click on categories just below with a little arrow next to it, you’ll find thought leadership. Mine’s crossed out ’cause I’ve already voted. Yours is not crossed out ’cause you have not voted. Please do it. Help us win and have a great week. Thanks for listening. See you next week. What the Hack is brought to you by DeleteMe. DeleteMe makes it quick and easy and safe to remove your personal data online and was recently named the #1 pick by New York Times’ Wirecutter for personal information removal. You can learn more if you go to joindeleteme.com/wth. That’s joindeleteme.com/wth, and if you go there now, you will be able to get a free scan, so go check it out. That’s deleteme.com/wth. Do the free scan. It’ll tell you exactly what’s out there and then you can decide for yourself what you want to do next. Stay safe out there. Thanks for listening.

Learn more: 

• See where your data is exposed with our free scan.
• Cut your digital footprint with these five-minute privacy tips. 
• Read more about how to avoid scams