Site icon Easy Prey Podcast

Cyber Security for Seniors with Scott Schober

Easy Prey
“We all have some level of vulnerability and risk out there. It is really important that all of us get the message, but especially to help the senior population who is often neglected and not helped as much as they should be.” -… Click To Tweet

Seniors are prime targets for cybercrime because many of them have been preparing for retirement and have sizable savings. Their lack of familiarity with technology can set them up to be deceived or hacked. Scammers are going to elaborate lengths to hide their deception. It's important to be aware of their schemes.

Today’s guest is Scott Schober. Scott is the CEO of Berkeley Varitronics Systems. As a cybersecurity and wireless technology expert, Scott has had regular appearances on Bloomberg TV, ABC, CBS, FOX News, Good Morning America, CNN, CNBC, and many more. Scott is the author of Hacked Again, Cyber Security is Everybody’s Business, and his latest book, we’ll talk about today, Senior Cyber.

“As we get older we tend to be more trusting, more innocent, and we share things and tell people. But then we hide things when we make mistakes or do something stupid because we are embarrassed. So finding that balance in the world… Click To Tweet

Show Notes:

“Education and awareness make a difference. Sharing knowledge and mistakes we’ve made makes a difference. When we make a mistake, share that knowledge so others don’t fall victim.” - Scott Schober Click To Tweet

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Transcript:

It's great to have you on again. I know that Senior Cyber is near and dear to your heart. Can you give us and the audience a little background of why you wrote the book? Then we'll jump right on into it.

Yeah, absolutely. Senior Cyber came off the heels of my other two books. My first book, Hacked Again, and then my second book, Cybersecurity is Everybody's Business, where I was talking to a much wider span of individuals. At first, it was more in the realm of cybersecurity, only with Hacked Again digging into more data breaches and why I was hacked, the mistakes. Once I wrote Cybersecurity is Everybody's Business, literally, it's affecting all of our lives.

In the process of that, dealing with some frustrations helping my grandfather—he was 99 when he passed recently—deal with technology. Both of my parents were aged and dealing with different health challenges right now, but they're both very active with smartphones and computers, the Internet. They're constantly getting hit with scams and getting frustrated with passwords, logins, and everything else.

I'm sitting there saying, “Boy, I felt like I explained this to them and they're not getting it.” I'd go out on the Internet and try to find some articles with tips, or books, and things. It's a little frustrating. I said, “Geez, there's not a lot of great resources out there.” There are a few. As I would start reading them or delving into them, I felt as if—from a senior's perspective—it was a little almost insulting. They talk down to seniors. They would try to almost apologize for trying to explain things that really shouldn't be apologizing. It's just almost a generational gap. I don't think you can expect seniors to get all of the technology on the Internet because it's so fast and changing.

I stood back for that for a moment. I said, “Geez, maybe this is missing. Maybe there's nobody that's really writing to this audience—the seniors, the elderly—that maybe have a little bit more time on their hands because they're not working.” They're retired, and perhaps, they're in assisted living or nursing homes, and they want to learn how to use a smartphone, get on the Internet, look up a recipe, or something else. But they're intimidated because of all these scammers and cybercriminals out there that are really targeting them.

That was the premise of the book—really just dealing with it from a personal level and seeing this frustration. Also, I started thinking about it. I am a child of parents that are seniors who are struggling with some of the stuff. Maybe you didn't struggle as much in the past but as you get older, your mind starts to forget things—be it passwords, procedures, click here, hold this, and all these magic buttons. Maybe that's something that other people are dealing with, too.

In other words, is there something that could be a resource for somebody that is assisting parents that are aging, somebody like myself besides just the parents, the elderly themselves? It's those two audiences there that can hopefully appreciate some of the tips and some of the struggles that I've gone through with what my parents, my grandparents have gone through. Maybe they can relate to it. I might make it a little bit easier for them or hopefully easier for them to deal with as they run into these different brick walls.

Yeah. With respect to cybersecurity, we'll talk about scams also. I got a story I want to share and get your thoughts on. What are some of the bigger cybersecurity risks that you think are maybe more specific to those that are older?

I dived into this in the book a little bit there. Just the fact that typically, seniors have a little bit more disposable income because they're saving all their lives. The generation there, especially somebody that's come out of depression or grew up after that, really thinks about the importance of saving. Whereas somebody younger now, they get $1 in their hand, they spend it. Having a little bit more money in the bank, or perhaps in the stock market, means they're right for the pick as far as a hacker trying to go in there and get them.

The other thing is the fact that seniors are a little bit more innocent, a little bit more trusting. The hackers will play on that. That way, they can use social engineering, especially to their advantage. That could be in the form of traditional phishing attacks or in the form of even phone calls. I see a lot of the phone calls seem to come into play. Combinations of attacks where you break down those barriers. I share a few that my grandfather dealt with personally even in Senior Cyber there. That's the thing. For somebody reading it, it'll wake them up a little bit to what might be happening. “Hey, I just got a call from the IRS. Is this real? What are some things that I should say and what are things that I shouldn't say?”

Just bringing the conversation up, like in this book, will help some seniors just pause before they divulge too much information, or they'll do a little research on their own. They don't have to feel embarrassed to ask their son, daughter, or friend. They may want to do a little preliminary research just to say, “Hey, this is a scam. Let me stop right here because it's a problem.”

Got you. One of the things that when you're talking I was thinking of is we are thinking that sometimes, people talk down to the elderly. You don't really know how this works. I also think that maybe not necessarily talking down to the elderly—we don't want to be doing that—but their lack of familiarity also creates a little bit of a problem.

I was thinking of the scams where someone says, “Oh, go to 7-Eleven and pay with an iTunes gift card or Google Play card.” Someone in my generation and younger is going to go, “That's not how you pay bills these days.” But maybe someone who's not familiar with how to pay bills online or over the phone is going to be a little more likely to go, “OK, I'll just follow your instructions.”

Yeah, exactly. Especially if somebody brings in cryptocurrency, Bitcoin, or something, you could see some seniors saying, “I don't get this. Where is the money? I can't touch it and feel it.” The ability to differentiate, just as you pointed out nicely. Is this the way that you do pay bills nowadays? Is this the way that you actually have transactions, the way you handle it? Some of it bridges that. There are seniors now that are using PayPal and are comfortable with it. There are seniors that I've seen who have iPhones and they're comfortable with Apple Pay.

They get near-field communications and understand the security of it. I say good for them. They took a little bit of time to research and learn. Maybe they got a little help along the way. To me, that empowers them to take security…a stance and say, “This is my business. This is my money, my property. I'm going to protect it, but I'm not going to be afraid of cybercriminals. I'm not going to be the next victim. In fact, I'm not only going to learn and embrace it, I'm going to share it with my other peers, everybody else at my assisted living home. I'm going to show them how to use it. I'm going to spend some time and teach them how to get on the Internet, how to use it.”

To me, that's a wonderful thing. Knowledge is very powerful when you could share it with others, especially those in your peer group or even younger ones sharing with older people. I've noticed that with the book. I've had a couple of people tell me they read the book and it started a conversation. It actually brought them together. That generation gap, maybe it was kid to a grandparent or kid to a parent. They don't have that technology talk. They're like, “Mom, you don't understand that. Come on, just trust me.”

It allowed them to discuss that a little bit. What started the conversation was just reading through Senior Cyber. It helped them to maybe relate and pull those two generations together. I said, “Oh, that's beautiful.” That's what we need to do more of, especially in a world that is probably more divided than, at least in my life, I've ever seen, and more isolated than it's ever been with this pandemic that's going on. We need things that will hopefully bridge that gap, pull people closer, and have conversations.

When you mentioned that opportunity to start a conversation and bring people closer, it reminded me of a situation that some of my friends were in. They're local to me. We heard that my friend's dad went missing. I’m not sure if he took the car.  But he went off and he's had some dementia issues. They're like, “Let's go to the places that he normally goes to. Let's try to find him.” They can't find him. Hours now become a day or two. My friend at law enforcement says, “This is really not good. We need to do everything that we can to try to find him.”

“OK, let's start looking at credit card transactions because either he didn't take the phone or the phone was off. Let's look at credit card transactions.” They're starting to be able to see, “OK, he's heading south because we saw the credit card transactions heading south.” Then, they saw a credit card transaction at a hotel in Mexico. They go, “Wait we have some friends that are nearby the hotel. Let's call them, have them go to the hotel, send them a photo of dad.” They did that and it turns out that he's there. He was just confused and was going somewhere. He thought his wife was there, the kids were there, or something like that.

In his mind, it was all very rational and made sense. He didn't feel like he was in danger, but no one else knew how to get ahold of him or find him. It started to get me to think about my parents and they’re aged. They're not having cognitive issues, but I felt, “Oh, gosh, what if one of them does disappear? How are we going to find them?”

That was a great opportunity to go visit my mom and dad, telling them about that story. My dad's like, “Oh, I've got Find My iPhone turned on so if I ever disappeared, your mom could just jump on the computer and use the Find My iPhone.” I'm like, “Does she know the password to get into Find My iPhone?” He's like, “Oh, I'm sure she does.” She's like, “I don't know it.”

Probably not.

She goes, “I wouldn't even know how to do that.” This led to a great conversation about making sure that we, as kids, know how to get into their iCloud account in order to try to find them if they go missing, and they have smartwatches now, which have GPS on them, and those are tied in with things. It really led to a great conversation about let's use technology. If anything goes wrong, we can help find you, or that you can get fall assist with technology, rather than using technology to be something that's scary or big brother that is really the solution to offer more freedom for them.

Yeah. That's a great point that you make. It's initiating that conversation. It's usually an event. Unfortunately, there are a lot of times when somebody gets off the beaten path, gets lost, as you mentioned, it was a similar story. My daughter and my son were with myself and my wife who went down with a group of friends. We rented a large house down in North Carolina on the ocean a couple of years ago. Right when we got there, we're all unpacking. We each took a floor of the house. It's a huge, giant house. It's awesome. Elevator and everything else. But in any event, the kids all went exploring. The next thing you know is, “Where's my daughter? Did you see her?” Nobody saw her. We all panicked.

We started canvassing the house, all three floors. Then, we went out on the property. We started looking in the neighborhood. We're panicking. “Should we call the police? What do we do?” Never thinking about technology and how that could actually help nowadays. Fast forward, we did find her, fortunately. She was playing hide-and-go-seek. She was standing 10 feet away from us all in the basement. We're ready to call the police. We heard her finally scream, “I'm over here hiding.” We were in tears, all nervous after about an hour looking for her.

Now, to your point, we use iPhones, all of us. Obviously, we all have that turned on. We all know how to locate someone's phone if they get lost. We talked about, “Here's the plan if we get separated. How can we connect with one another?” Sometimes these conversations happen when something tragic occurs, unfortunately. But it's good for everybody to sit down with families and have that conversation especially—as we're talking about here—with seniors because they might be a little more forgetful.

I've spent a lot of time with my father. I was joking. I was telling someone on a show. I was being interviewed the other day. I was frustrated with him the other week. He was trying to set up a logging credential for something. He couldn't figure it out. He's said, “Can I just show you this?” I said, “Yeah, sure.” He goes, “Here, I'm putting my email address.” I'm like, “OK, that's your username.” I said to him, “What's your password?” He put the same thing in again. I'm like, “That's not your password.” He goes, “Yeah, that's my password.” I said, “I don't think it'll even accept your username and password to be the same.” Sure enough, it did. I said, “Why in the world would you use your email address as your username and password?”

He looks at me and he goes, “I can't figure this stuff out anymore. I'm just too old for it. I can't remember passwords, and I can't figure this keychain thing out anymore. I write it on a sticky note and I lose it. I got 90 variants of the password.” I'm sitting there saying, here's somebody again. He's the CTO of our company. He's retired, my father, but he's got a brilliant mind. He taught at New York University for 30 years of master’s programs. From an intellect standpoint, he's very knowledgeable and he understands very complex things. But if he's frustrated with passwords and can't get it, we're all doomed. It can be very frustrating. That's what I start to feel when I see a senior struggle through it.

It can get very difficult to remember passwords.

Now, I try to contrast and say, “Imagine a senior that has never used computers and technology.” You say password, encryption, or any of these other small words that are buzzwords in the cybersecurity world, and they don't even say anything in response. They just tune you out. That's the problem. You say ransomware. You say phishing attack. Most people go, “Uh-huh.” But they don't get it. To me, explaining not just what it is but helping them to relate and trying to explain, “Well, you're familiar with regular phishing, right grandpa? Why do you use a lure? What does that do?”

Then, they start to say, “Oh, I get it. I'm not doing anything bad or wrong. It's just you're showing me this analogy so I can relate to it, so I don't make the mistake and click on this attachment and email because bad stuff comes in.” Exactly. Now, the flags go up going forward. They hopefully learn and teach other people as well.

That's a great story. What do you think are the biggest cybersecurity things that seniors should be watching out for? In cybersecurity, we like to say, “Oh, password managers, two-factor authentication.” But with seniors, what do you adjust or modify? What do you think is more important for them?

When I observe seniors—how they live and what they do—most of them are using a computer and are accessing the Internet. I find that a fair amount of them are maybe not necessarily doing online banking, but they usually have a connection to a stock portfolio.

Typically, I see right alongside their computer is the password written out there on a sticky note. We all joke about it. You laughed. You shouldn't do it, but they all do it. Probably more than half of the people do it. I usually try to nicely explain the dangers of that. If you are going to write it down, hey, that's OK. Write it in big, bold letters, put it in a little black book, and lock it in the safe, perhaps. That way, it's close at hand, you can get in there, and access it if you have to, but don't do the sticky notes.

We're all guilty of it. I used to do it as well. It serves its purpose. You probably figure, “Who's going to see it?” But then think about a senior. Maybe when home health aide comes in. Maybe when a neighbor stops by, glances over, and sees it. Maybe if an ambulance ever has to come. Now, you've got a whole slew of people and police coming inside and outside your house. They glance at it and see it. That's dangerous. It's the innocent person that sees it that maybe tells someone else, and it goes out there until somebody hacks into an account.

Just doing basic housekeeping and cleaning up your cybersecurity stance from a senior's perspective really helps. I always encourage people, too. Again, they necessarily don't have to do this but maybe it's their son, daughter, or a friend that's helping them. If they're on the computer or their smartphone, go on there and ask them, “Hey, when's the last time that you played Candy Crush? When's the last time you used this particular application you downloaded a year ago that you never used again?” Let's clean out and get some of these things off because that's often the conduit of how criminals are going to get into your computer, onto your smartphone, all these apps that we have.

None of us read all the terms and conditions for the apps. None of us understand it yet we're giving somebody carte blanche to come into our device, into our computer, and have access to our contacts, what our viewing habits are, what we entered on our browser, so on and so forth. Again, we don't have to go into the tech details when we're explaining to a senior, but sharing the basic dangers of it but, more importantly, helping them to clean off all the stuff because the more stuff you have, sometimes, you feel almost overwhelmed and then you do nothing. You almost get complacent and say, “Why bother?”

I've seen people do that. I always encourage seniors—even when I talk to them—I say something even as basic as having a good shredder. Why don't people do this? “I rip it up and throw it in the garbage can.” “That's great. Take it a step further.”

I always share this story—I don't know if I shared this with you in the past. I had a credit card here in the company. It was expiring so I had a new one issued, so on and so forth. I said, “I'm going to cut it up.” I cut the card up. It's like a million little plastic pieces that I cut in my hand, dumped into my garbage can. That was on a Friday.

Monday morning, I came in and our building maintenance guy said, “Hey, Scott, you got to come outside and look at this.” I'm like, “What?” He takes me over to the garbage cans that are all lined up. On the ground was my credit card pieced together.

People will dig through garbage to put cards back together.

I'm sitting there going, “What?” Somebody actually had the nerve to dig through our garbage, through all the nasty stuff in the garbage. They said, “Oh, somebody chopped a credit card. They pieced it together. My guess is that they probably took a picture, went home, and tried to go online shopping or something else. Nothing happened to me, but it was more of a moment to see at what lengths people are willing to go to compromise our personal information, to steal our credit cards. That is a concern. If they could piece together my credit card, and I thought they went to good lengths to do it, what's going to prevent them from a senior that's not going to be able to maybe cut it up into a million little jigsaw pieces? Maybe they just cut it in half, throw it out. They'll piece that together and go shopping.

Education is important. Sharing stories as you do with your audience is really important because it raises awareness and it teaches us better behavior going forward. That will prevent us from being a victim.

Sometimes, the stories are less threatening also. Someone could listen to this story, connect with it, and not feel like, “But you're just lecturing me.” The story helps them to see how things unfolded, empathize, and connect with the situation as opposed to, “Do this.”

Yeah. I don't think you want to have to talk down to someone. Personally, when I talk to an audience—and even in the world of cybersecurity where I'm filled with a room of experts who are usually smarter than I am—I use myself as a guinea pig. I would start it out and I would just say, “Who had their credit card compromised?” I see one or two hands go. I'm like, “Guys, come on, I've had my credit card compromised nine times in the past year.” Then, all of a sudden, a couple more hands go up. I asked a series of three questions in one cyber session at RSA, maybe the audience. Every single hand was up.

That scared me. Everybody's a victim. It really is something. These are the professionals. These are the guys that are getting paid to keep our personal information safe and secured, be it government agencies, banking institutions, managing stock portfolios. We all have some level of vulnerability and risk out there. It's really important that all of us get the message, but at least my mission as of late is to really help the population, the seniors that are really neglected and not helped as much as they should be.

Let's shift gears here a little bit. We've talked about cybersecurity. We've also talked a little bit about scams. What are the scams that you're seeing that are targeting senior citizens? Maybe the senior citizens aren't falling prey to social media posts to send Bitcoin that doubles it because they don't even know what Bitcoin is. They're not even on Twitter so it doesn't matter. What are the things that you're seeing that are targeting seniors, or that seniors are most impacted by?

Fabulous point. Always, it's tied to something emotional. What's been an emotional issue lately? Vaccines. Last week, I was up visiting my parents, helping them out with a few things. Phone rings. Sure enough, somebody's asking him. “Hold on a second. Somebody's telling me something about they want information so we can get on the list to get a vaccine.”

I was like, “Scam. Don't give them information.” It ended up being a robocall but one that sounds real where they have a nice voice. They put the ums and the little word whiskers in there to fool you, but it's really just meant to collect information from innocent victims. He's like, “Geez, I'm glad you told me. I got six other calls the other day like that.” I'm like, “Oh.” He said, “But we’re waiting to find out because we went to the doctor about a vaccine, when we’re gonna get it, where we’re gonna go.”

If that's a real issue on your mind, that's when the question flags really have to go up. I always encourage people to ask questions. Stop. Pause. I do that even. If somebody's got something that seems a little fishy, I'll say, hold on a second, what was your name again? Let me get your phone number in case we get disconnected. Oftentimes, if it's a scam, what happens? Click. They hang up. Then you know right away.

You saved yourself the breath of even arguing, trying to figure out, justifying, feeling guilty that you don't trust them, or something like that. Trust nobody. I would not trust anybody, especially if you're a senior and you're getting repeated phone calls. That's number one on the list, the phone calls regarding vaccines.

Secondary to that is probably the emails that you might be getting related to vaccines. Call your doctor. Call the hospital. Verify before you're too quick to give them additional information.

The IRS isn’t going to call you to verify your SSN. Hackers are trying to find people who received a refund. -Scott Schober Click To Tweet

The next thing that comes to mind that I'm seeing a fair amount of—and it's obvious because it's tax time—lots of tax scams are going on. The IRS isn't going to call you and ask you to verify your Social Security number or this or that. The hackers, the cybercriminals are trying to find people that perhaps received a refund, played a game, stimulus checks on the way. We just want to confirm a few more pieces of information, Mr. Smith.

They're trying to socially engineer information out of you. It's so easy to find out information about you, me, or anybody on the Internet. It's public information—be it tax records, be it People Finder, Google search, social media. Everything and anything is out there about all of us. Just be leery of that. If it sounds like they know a lot about you, it's because they did their homework. They put together your profile, or they were cheap. They went out to the dark web, and they purchased it. They're trying to perform identity theft, steal your money, or something else. Trust nobody. That's really the key.

The scams are rampant. Every single day, there's a different scam I learn about. I almost thought about writing these down and documenting them to educate people. As fast as you document them, there's a new flavor on, a variation of it. It keeps changing and evolving. That's the part that people have to realize.

You have to really understand how to identify a potential scam at the very beginning of the conversation before you go down and divulge too much information. Otherwise, it'll be too late. You'll give in some information. Each time you give in, they're building up their database, their sheet to try to nail you and steal your phones, or whatever they're trying to accomplish.

What would be those key pieces of information that they're trying to get that should be a red flag in someone's mind when they get a call—someone says, whatever this scenario is, when they start asking you, “Can you tell me this…?”

I've heard this personally and other people have shared this with me—when they share part of your personal information. They volunteer it. They say, “Mr. Parker, I just need to confirm the rest of your Social Security Number. The last digits are 1234, correct? Could you share the rest of it with me?” The innocent person on the phone, especially if they hear, “Hey, your credit card may have been compromised, Mr. Parker. I need to verify for your own security purposes that you are who you are so I don't make any mistakes here. Could you just verify some information?” They do it very quickly.

Usually, speed and time are of the essence. If they push something, the red flag goes up. They've divulged something personal that you think maybe only me would know. Again, I can get anybody's Social Security Number. It costs about $1 if you really want to go out there and get it. Don't be too trusting to people.

If they say, “Verify these security challenge questions. You were at this high school, correct?” Anybody could hit me to find me at a high school. Be really careful when they volunteer information and hope that you fill in the blank—the other piece—because that blank is what they're missing. That's true across the board on most of these scams that are on the phone. Sometimes, on email, too, but mostly on the phone. I talk about this in the book even. Think about this: when the phone rings in your home, do you pick it up and answer it? I don’t.

Be careful when someone volunteers info in hopes of you filling in the blank. It’s blank because it’s what they’re missing. -Scott Schober Click To Tweet

I do, purely because I'm curious about what the scam is.

That's true. You're investigating. You're like, “This is going to be a good one for my next show.” We have a caller ID. It talks and tells you who it is on the phone, so you don’t even have to get off your butt to get up there. But if anybody wants to contact me, typically, they'll call my cell phone that's on me.

Now, somebody older contrasts that. How did they grow up? They grew up being taught if the phone rings, you want to answer it. Why? Because it's courteous, it's polite. They don't let it ring 50 times. It may ring a little bit longer because by the time they get out of their chair, get over to it, and pick it up. But they're usually very kind or courteous. They have etiquette on the phone. Try to teach it to a younger generation—it’s completely different.

Again, hackers realize this. They're going to target somebody's home phone. They're also going to be more likely near the phone and answer it. They're not as mobile as you or I, traveling in the car. We got our smartphone. Pick it up.

It's a numbers game, unfortunately. They're going for that low-hung fruit, as they always say, because it's easier to fool and convince somebody older out of something. A lot of things, with the phone at least, seniors are now using phones where maybe it's a wireless phone in their home. They're comfortable with that. It's convenient. There's no cord to trip over. It's got a big caller ID. You could raise the volume louder, or perhaps, a smartphone or hybrid in between in there.

The problem is call spoofing is so easy. Any of us can buy an app. We could spoof a number. I did this with my friend, just as a joke. He's a huge hockey fan. He always talks about hockey. He belongs to a fan club, follows every player that gets traded, and so on and so forth. My son and I were sitting there laughing one day. I said, “Let's have some fun. Let's look up the fan club's phone numbers.” It was 1-800 numbers for that particular hockey team. “Let's send him a text, spoof the phone number, and make it look official.”

We wrote a thing and said, “I'm from the so-and-so team. Major update: this player was just traded,” and just hit send. Nothing else. It doesn't look like it's from me. It looks like it's from the fan club. Ten minutes later, he texts me. He goes, “You won't believe it. No one knows this yet, but I'm part of a special fan club. I heard this so-and-so player is traded. Tell your son. He won't believe it.” I was laughing and we're just having some fun with him.

But again, here's somebody that's in their 60s, innocent. What was convincing to them? It's not that they're stupid. It's that they looked at the phone number. It looked exactly like the fan club and it's credible. The problem is they shared that with somebody else and told 10 other people about it.

As we get older, we tend to be more trusting, more innocent. We share things. We tell people. But then we hide things when we make mistakes or do something stupid because we get embarrassed. Finding that balance in the world of cybersecurity and scam is very, very important, especially as seniors. They're primarily the ones targeted or at least that respond.

I was asked once, “Geez, I'm getting these robocalls. No matter how many lists I subscribe to, how much technology is enforced with the STIR/SHAKEN technology, the FCC, the fines —the problem hasn't gone away. It's still annoying. I still get them. But what's the difference?” I don't bother answering it. Somebody that's a little more naive or innocent may actually keep answering the phone and that could be a problem.

It sounds like each of those calls reveals just a little bit more information. Then, all of a sudden, they know enough about you to convince you of stuff.

Exactly. It reminds me—again, maybe I'm dating myself here—if you ever saw the show Columbo. One more thing. One more question. That's what cybercriminals do. They pull out one little piece, one little piece. Enough. Now, they got a whole picture and they could move in for the kill.

Earlier, you were saying you had a story about your dad or your grandfather. Something had happened. What was that story?

The one about my grandfather, in particular, will stand out. This was a couple of years ago. He was in his mid-90s at the time. He got a frantic call. It said, “Grandpa, it's me.” We've all heard similar stories to this. He's like, “Who is it?” He goes, “It's your grandson.” He goes, “Ryan, is that you?” “Yes, it's me.”

Right away, the cybercriminal got him to divulge information. Innocence creeping here too well. They don't want to be embarrassed and say, “Speak up, I can't hear you.” Then, he goes, “Hey, I took a ride with friends. We're up in Canada. The police pulled us over. I didn't have my license on me. There were drugs in the car, but they're not mine.”

Right away, my grandpa was saying, “I told you never to take drugs. You can get in trouble.” Preaching and educating. He goes, “Look, grandpa, I just need $10,000. Otherwise, they're going to hold me all week and I'll be stuck here. I can't get out of prison. It's going to affect my record. I won't be able to get into college.” And so on and so forth. The story grows and grows.

“Oh, my gosh, what do I do? How do I help you?” He said, “Whatever you do, don't tell my mom. She'll be upset.” “OK, no, I wouldn’t.” “Go to the Target. Get one piece of paper, wire transfer sheet, fill out the information, and send it over. Put the bank account. Next Thursday, I'm going to send you the money back, so you won't even miss it.” “OK, no problem.”

He grabbed my grandmother. It happened to be that they were in an assisted living facility there, about 1500 residents. They went across the street, which happened to have a Target. They were in line. There were about 10 other older couples there. They all have the same wire transfer package in line.

The person at the register says, “Hold on, what are you doing with this, can I ask?” He's like, “Wait, there's a scam going around.” They literally are targeting each couple within that entire community there. They're literally lined up across the street, getting it out of innocence.

What could my grandfather have done? He could have stopped and said, “What's your mobile number? Let me call your mother and verify.” Any of those things that would've maybe paused the situation. What would have probably happened? The hacker would have hung up immediately, or the scammer. He almost learned the hard way, but fortunately, a good cashier at Target saved the day and stopped that from actually coming to fruition and being a big problem there. That was one of many.

There's another scam that I laughed about. He got into investing in these remote oil rigs in Antarctica or whatever. There were also more scams. Once they get your information, everybody starts attacking you with different scam calls via email and phone.

Once, he got a phone call and they said that you're a prize winner. You just won 10,000 gallons of gasoline that you can use for the rest of your life. He goes, “All we need is your credit card just to process a small processing fee for it. Then we'll have a truck come and deliver the gasoline for you.” He gave it to them. Sure enough, the next day, X number of thousands of dollars were taken off his account.

We're sitting down, trying to reason with my grandfather. You don't have a car, what are you going to do with 10,000 gallons of gasoline? He goes, “I don't know, but I won.” The only thing he kept thinking of is he won. Are they going to still deliver it? We're like, “No. It's a scam. There's no gasoline coming.” “I thought I could give it away to all my friends and I'd be the nice guy.” I'm like, “Oh.”

Again, the innocence that we tend to get fooled—when it's too good to be true, it's probably too good to be true.

When it's too good to be true, it's probably too good to be true. -Scott Schober Click To Tweet

One of the horrible things I've heard about from another guest was what they had started to see with scams when they're sending people over to Target or 7-Eleven to do the wire transfers—because so many of the stores were starting to ask questions like, “Are you really sure?” They started coaching people on how to get around the questions. It's like, “Don't tell them this or this because they'll say this. They'll try to get you to not do it.” They start coaching the people to lie to the tellers, the people at the bank. It was just like, oh, my gosh. As soon as someone starts coaching you to lie, it should be a really big red flag.

You see how elaborate some of these scams are and what lengths they'll go to because they run into a roadblock and they probably take good notes—“Well, this didn’t work; let's modify. Let's try this and find another workaround.”

I guess if you're not working and you're a hacker, you're a scammer, a cybercriminal, and you're sitting on your butt, you get creative. You've still got to pay your bills. You've still got to eat food and buy your computers, gear, and stuff. They get pretty creative. I give them credit on some of these scams. I'm just amazed at what lengths they will go to. A lot of them also were setting up 1-800 numbers. Say it's an email and it looks like something suspicious. You look at the email. Inside the email, you say, “Wait, let me call to verify it.”

I had one where it was something questionable with my cable company. I said, “This is not right.” I called the physical number. It was an email I received. I said it's obviously a phishing scam. Let me report it to them because it looks very convincing. I called up and I read it off to the customer service girl. She goes, “Yeah, that's something that we sent.” She goes, “It's OK to click on that.” I said, “Can you please put your manager on?” She goes, “Why? You don't trust me?” I said, “I just want to verify one more time with someone else. Put the manager on.”

She goes, “Sir, I'm so sorry. That is not from us. That was clearly a phishing scam. You identified it. Could you please send it to me? We will sit down and talk to that customer service, the support person. They misled you in saying it was OK to click on it.” I sat there and I was like, “Yikes.” Even internally in a company, they're not trained enough to say, “Stop. Read that off again, email it to me. Let me verify this or that. No, we don't ask for that information.”

It's scary what's going on out there. People need to really slow down, not be so quick to click and trust because it's everybody they're targeting. Cybercriminals, when they send out an email, if it's a phishing scam, it's going to millions and millions of people. When they make a phone call or robocalls, they can do over a million calls per second internationally into the United States.

People need to really slow down, not be so quick to click and trust because it's everybody they're targeting. -Scott Schober Click To Tweet

It's a numbers game. That's what we have to watch. They're not looking for a million people to answer the phone and divulge their credit card information. They're looking for one. That's all they need in a day. The odds are in their favor, unfortunately.

That's the really challenging thing. I've talked to a number of people. They think they are specifically being targeted. I was like, “No. Guess what? I got that same email. I got that same phone call. It's not that they send it to you and I personally because they're trying to get our money. They sent it to everybody—every email address, every phone number.” It turns out to be just crazy.

I know I had Jim Browning on. He has a popular YouTube channel where he debunks or he deals with tech support scams. He's gotten into the scammers' systems and found out that they're running these scam call centers like real call centers. They've got training manuals. They do coaching like, “Oh, you didn't clear enough money from the scam today. Let me teach you how to do it better.” I'm just like, “Oh, my gosh. It's an industry. They take advantage of us.”

It's terrible. We were targeted, our company. This goes back sometime last year to our receptionist. Fortunately, she was smart enough to call me over. She goes, “Scott, I read your book. I'm not going to do anything, but I got a guy on the phone right now. He wants me to go into my browser and enter this number.”

Scammers pretend to call being tech support.

I said, “Let me talk to him. Shift him over to me.” He was pretending to be a Microsoft support technician. Of course, we're on Apple for our whole administration management. We're not using Microsoft products there and stuff. I said, “Let me play along with this and see what he's trying to do.”

It was interesting. Every time I go, “Hold on, sir, what was your name again?” He would try to change the subject. I said, “No, I'm afraid we're going to get cut off. I really need your name. Then he would say his name, but he sounded nervous. You could hear the background. It will sound like a call center of scammers, or something like that.

He was trying to—basically, do remote control—take over the PC, put some malware on, steal files or something like that. I took it to a certain point and then I said, “Sir, I’ve got to tell you something.” I said, “I clearly realized that you are a criminal. I know that for a fact.” His nice, friendly voice changed. He actually said to me, he goes—these are some nasty words I won't repeat. “I'm going to kill your daughter, your wife, and your girlfriend.” It's a strong accent. I said, “Excuse me?” Then, he hung the phone up.

It went from Mr. Friendly-Nice “I’m going to help you solve this problem with this security on your computer” to “I'm going to kill everyone you know.” You could see they're just mad. If they get caught, they get angry. It's just a numbers game. They're going to keep working at it. They probably go through 100, 200 calls a day and all it takes is that one person that trusts them enough to let them onto their computer and then take over. It's a sad game but education does make a difference. Awareness makes a difference. Sharing knowledge and sharing mistakes.

When you make stupid mistakes, share that with other people so they don't fall victim. At least if nothing else, we're going to push the problem off, educate other people so they don't fall victim. Make the hackers really have to work for it. Make it so it's not affordable for them to try to hack and steal our information.

Sometimes, that's my mentality when I get a call. I'm like, “If they're on the call with me, that means they're not on the call with somebody else.” Sometimes, I'm like, “How long can I keep them on the phone?” I'm like, “Can you hold on just a moment? Hold on, let me get where I could sit down and give this proper attention.” Put the phone down, walk away for a moment.

“I don't want to make a mistake and give you the wrong wire transfer bank account information. Hold on, I'll be right back.” Then, you go get a coffee and come back 10 minutes later.

“Can you repeat that number again?” And then I read it back wrong. They read it again. “I'm sorry. I don't know why I just can't get this right. I've got dyslexia. Can you read one more time?” Unfortunately, I'm not scalable to waste their time.

No. Probably neither of us are. But sometimes it gives you a good chuckle. It also helps us understand a little bit better how they operate. To me, if you don't deal with it firsthand, it's not like you could read it out of a rule book—the dos and the don'ts. You have to almost experience it—the emotional side of it, the frustration side of it, the mistakes that you make. Then, you could better educate other people so they don't follow the same path, perhaps the introverts or somebody else. That's part of the education because people then can relate to it. It's not just some guy telling me, “Don't click here. Don't divulge who's on the phone.” It's happening every day. People are doing it because they're innocent. They're giving in to the social engineering methodology that these criminals are using.

Yeah. It’s the emotion, the urgency, the authority—when all those things line up.

It's a perfect storm. It really is and again, the sheer volume of people that are dumb. If you look at it, if it's one out of one million people we're targeting, it's probably less than that, but that's enough for them to have a successful enterprise. That's the part that's so concerning. We've got to get it right every single time or they're going to get into our computer or network. They get it right once, it's payday. They move on to the next victim.

Out of curiosity, have you heard of—I don't know if this necessarily targets seniors—the new thing called brushing?

No. I haven't.

Apparently, what scammers are trying to do now is they're sending out packages to people that are unexpected. I don't know this necessarily. Let’s say I'm the target, but I've received multiple books that look like they've come from Amazon. I'm like, “Oh, I didn't order this.” Did some working backwards and found out that it was through a third-party seller. I found their number and contacted them.

They're like, “Oh, you're the third person who's called me saying they got a book that I shipped them that was placed on behalf of somebody else. Interestingly, all three of them are the same.” They're testing credit card numbers. Sometimes, they actually ship real products so that you'll give them a free review. It's crazy, the stuff that happens.

I've heard a lot about the reviews. In the world of Amazon—we sell products, I sell books on Amazon—it is important and essential to have solid reviews and real reviews. But some of the scams are going on, I haven't heard of that term brushing, but I've heard a lot about the scams that people will use where they're actually paying people to give them good reviews.

They'll send them a product, maybe a $25, $50 product and they're like, “Hey, if you give me a good review, you keep the product.” It's the cost of reviews that they look at and say, “OK, if I spend this much and I get a good review, I may get 20 sales more than somebody else. Hey, let's send out X number of products and let the people keep them.” It's a numbers game again.

They're looking for positive reviews because that is the way Amazon's algorithm works effectively. Your product is actually pushed out there ahead of other products. It does really work. I compare our online web store to Amazon. We push a lot of people toward our online store, but surprisingly, we got a ton of business on Amazon more than on our online store.

I'm sitting there saying, “We're spending all this money here. Why is it coming through Amazon?” Because of Amazon's engine. The search engine there is extremely powerful when you couple that to looking at what everybody is searching, viewing, finding, talking about, rating products. It's an unbelievably powerful combination.

Speaking of Amazon, where could people get your book? What is it entitled?

They could certainly buy it on Amazon—Senior Cyber. They could also buy it on our website. My website is scottschober.com. In Amazon, just go on there and search for Senior Cyber. You'll see the book certainly pop up there. If you do buy it, I appreciate an honest review of it. I'm not going to send you a $50 gift or anything like that as a bribe. I just like to hear honest feedback. Good, bad, or ugly is greatly appreciated because that hopefully helps teach me how to write better, share experiences, and educate people better for the next book that's coming.

That's great. One of the things that I shared with you earlier before we started recording was I love that you've chosen a large font size. You know your audience. You're making it easy. It almost makes it seem—I don’t want to say—less serious, but less threatening. It's like, “Oh, it's a bigger font. It's easier. I can experience this in a better way, particularly when I put on my reading glasses.”

Myself, personally, I can identify with it as my eyesight gets worse and worse. When I read something, if it's a lighter, bigger, bolder font, I can walk away with a few things. We even tried to break it down, the book, throughout there, me and my brother, the co-author, Craig. He’s out in our West Coast offices. We share senior tips throughout the book.

Once you get to a point and it’s something that's digestible and an action item, we try to simply define it as a senior tip. That way, you could say, “Oh, wait a minute. I learned what a phishing attack is.” You remember that and you can use that hopefully next time. We went a little bit further. We actually created an activity workbook even for seniors.

That's cool.

It uses a lot of similar illustrations and it helps define some of the terms that may not be as familiar. We have mazes on there. We have a word search. We have a Hangman game. All senior-friendly games, big fonts, easy to read. There's no charge that if somebody wants to write to me and wants me to mail one, I'm happy to send one out there to any of your listeners there.

It's just an enjoyable thing that, as a senior, you could take your time and digest things in the world of cybersecurity without intimidation. We even made some crayons for some of the activity books. They are friendly crayons because there are some coloring pages in there for different things.

That's a fun aspect of learning. Not just hardcore reading, but you break it up and you make it digestible pieces so you can walk away and say, “Hey, I learned something today. I'm going to tell my neighbor, my friend, my son, my grandfather, whoever.” That's the goal of this. It's really the educational side that we're striving to hit here.

That's awesome. I love that you've made the education fun and entertaining in the process.

I think it's key these days. There are so many books out there, not to knock them because I love books. I learn from books, but sometimes when you have a whole shelf of books and you're reading and reading, it's hard to differentiate and sort them. When you simplify it a little bit, we remember things.

Especially as we get older, it gets a little bit more challenging for us to remember things. Keeping it simple, keeping it something memorable and actionable helps make a difference when we can relate to this audience.

Exit mobile version