X

Easy Prey Podcast

Their Loss is Another's Gain

Why Everyone’s A Target

“We live in a time where consumers need to adopt zero trust in communication. If you didn’t initiate the conversation, assume it’s suspect.” - Gabrielle Hempel Share on X

Some scams are so convincing, they’re almost impossible to spot. With phishing emails that look like they’re from your bank, deep fake videos that mimic real people, and AI-generated messages that feel personal, it’s getting harder to know what’s real and what’s a trap.

In this episode, I sit down with Gabrielle Hempel, a security operations specialist at Exabeam and a current law student at Purdue University. Gabrielle brings a sharp perspective shaped by years in cybersecurity, a master’s in cybersecurity and global affairs from NYU, and hands-on experience navigating everything from vulnerability management to executive risk consulting. She even wrote her graduate thesis on critical infrastructure security.

We talk about the new era of digital deception, why younger people are actually falling for scams more often, and how criminals are using AI and current events to build trust and bypass defenses. Gabrielle shares practical advice, personal stories, and a fresh way to think about digital safety that could help you spot the next scam before it costs you.

“I used to think scams mostly targeted older people. But the data shows people between 20 and 29 are actually the most frequently targeted and often fall for them. Comfort with technology doesn’t always mean skepticism.” -… Share on X

Show Notes:

  • [01:09] Gabrielle has held quite a few jobs in cybersecurity. She's currently the Security Operations Strategist at Exabeam. 
  • [01:40] She's involved with anything to do with the internal security operation.
  • [02:04] She majored in psychology and neuroscience. Working in Pharma and with medical devices led her to the path of cybersecurity.
  • [04:34] We learn about an incident that she was involved in. Her parents were attempting to file their taxes with TurboTax, but they were flagged as already filing. This led to a lot of shenanigans with the IRS.
  • [06:29] Most everyone has been a victim to some type of fraud or scam.
  • [07:20] Our information is out there. It's more about staying vigilant and keeping an eye on things.
  • [08:05] A lot of the current scams are blending with the cybercrime ecosystem.
  • [09:17] AI has made it easier for people to craft more convincing phishing emails.
  • [12:51] Are modern phishing emails getting through the spam filters more often?
  • [15:48] How it's not retirees being the people most frequently caught in scams.
  • [16:42] Why 20 to 29 year-olds frequently fall for scams. It could be because of their comfort with technology.
  • [21:12] Better education surrounding threats might be a good idea for young people.
  • [22:47] As scammers get more information about us, targeting will be easier.
  • [24:32] Big trends are voice cloning and deep fakes.
  • [27:51] Scams around shipping fees and tariffs are skyrocketing.
  • [29:15] Advice includes adopting zero trust with communication.
  • [33:10] If you're not expecting it. It's potentially suspect.
  • [34:45] Best practices include doing your due diligence, and if you feel like something may not be legitimate go around and check.
“Even people who work in cybersecurity fall for these scams. It’s not about being stupid—it’s about how convincing the attacks have become.” - Gabrielle Hempel Share on X

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Transcript:

Gabrielle, thank you so much for coming on the podcast today.

Thank you for having me. Excited to chat with you.

This will be fun. Can you give the audience and myself a little bit of background about who you are and what you do?

Yeah. So my name is Gabrielle, Gabrielle Hempel. I work in cybersecurity. I've held quite a few jobs in cybersecurity but currently a security operations strategist at Exabeam.

So I know that's one of those roles where people are like, “So what do you actually do?” And it's a little bit of everything, honestly. I work across mostly our SOC and application security teams, but also a little bit with GRC. So pretty much just anything to do with our internal security operations, I have a little bit of a hand in.

So what got you interested in the field?

Oh, that's actually, that's one of my favorite stories. So I did not go to school for cybersecurity. I didn't really even know that it was a career option, you know, back in the day when you're 18 and you're made to decide what you wanna do for the rest of your life, right? I majored in psychology and neuroscience, actually. So I worked in genetic science and pharmaceuticals for a couple of years, and that's actually how I ended up getting into cybersecurity.

I was working with medical device manufacturers on medical regulations and there were a lot of medical devices that continued to have exploits pop up. And I was so—I didn't know anything about the field at that time. I was like, “Why are people trying to exploit it? Like, what is happening? Why is this something that, first of all, is connected to the Internet?”

But second of all, like, “Why are people trying to exploit it?” You know? And then you kinda fall down the rabbit hole and start learning about cybersecurity. And then couple years later, you're suddenly working in it. So, yeah.

Medical devices was one of the, to me, always one of those really scary—it’s one thing if my connected doorbell can be exploited, and that's a little unnerving. But when medical devices can start getting exploited, that's life threatening.

Yeah. And there were some, you know, back in the day, I think we really put medical technology and some of the health innovation ahead of security, I mean, as we're seeing with a lot of IoT devices at this point.

And yeah, it was a scramble. It was like, “Oh gosh.” Like, “We have these devices that can do all these really cool things medically, and now we need to scramble to secure them because we didn't think about that, you know, when we were building them.” So, yeah. And then like and I don't like, in some sense, I do, but I don't fault people like that.

Like, their specialty is, “I'm trying to help people with a medical condition,” not, “I'm trying to keep cybersecurity,” you know, “have the best cybersecurity on the planet on my pacemaker” or whatever it is. Yeah. Yeah.

Definitely. Yeah.

It's just not even part, I think, of the thought, and that's why there's a lot more emphasis, I think, now on, you know, secure code and secure development. That's a big thing in the industry now. But, yeah, it just it's one of those things that I don't think crosses the mind of a lot of people that are making these connected devices and things along those lines.

Yeah. It's definitely, historically, has often not been the first thought of security first. It's usually security second, security third, or maybe security fourth.

Or, like, tenth. I don't know.

So one of the questions I always try to ask my guests in cybersecurity is have you ever been involved in an incident, a cybersecurity incident or a scam or a fraud? Because if you and I can't get it right 100% of the times, you know, I don't want our audience to feel ashamed or embarrassed or think that there's something wrong with them because it's this is an issue for everybody. So do you have a story about that that you can tell?

I absolutely do. You know, and this is one of those it's an interesting one because there's not really much that we could've done about it, but I think I was in college and was still living with my parents at that point. And they went to file their taxes, you know, on TurboTax as one does. And they were like, “Oh, you can't file. You already did.” And my parents were like, “Excuse me? We did not file our taxes yet.” And just, like, things moved really quickly after that, which was really crazy because I just barely knew what taxes were too. I was in college.

So, yeah, all of a sudden, like, we had to sit down with the IRS, and they gave us, like, these crazy PINs. And, like, we had to sit down and do our return with them, like, manually so they could make sure that, I guess, we weren't trying to hold a little over their eyes and that it was actually the case of some, like, a stolen identity or something along those lines. But, yeah. And then they put us on, like, monitoring for years after that as far as, like, our Social Security numbers and things along those lines. And, like, in order to submit taxes after that, I had to, like, put a special PIN number in, so it wouldn't happen again.

And it was it was really crazy. And, it's just one of those things that, like, I think it happens more often than not, like, in the grand scheme of things. But I think to a lot of people, it will happen to you at some point in your lifetime or something similar to that, right, where you suddenly have a case of fraud or identity theft or a scam or something along those lines. And I don't think there’s—if anyone tells you that they've never fallen victim to something like that, then I mean I doubt it.

But I usually go with the cybersecurity incident is everybody has been a victim of a cybersecurity incident. It's whether or not they know it.

Yes. And I always say it's a matter you know—when talking about security even, I say it's a matter of what not if. There's a lot of organizations that are like, oh, like, “If this were to happen, we have a contingency plan.”

And, no, it's a matter of when. It will happen one day. The scale and everything is to be determined, but it's going to and that's kinda how I feel about scams and fraud and everything too. It's people are like, “Oh, aren't you really worried, especially working in security, about your information being out there?” And I'm like, “It's out there.”

It's a matter of when. It will happen one day. The scale and everything is to be determined, but it's going to and that's kinda how I feel about scams and fraud and everything too. -Gabrielle Hempel Share on X

Like, I know it is. Like, my Social Security number is out there. All of my information is out there. And it's more just staying vigilant and making sure that I keep an eye on how it's being used, right?

Yeah. It’s being aware of when it's getting used inappropriately and then trying to take action from there.

Yes. Definitely.

So let's talk about scams. I know that this is an area that interests you. What is kind of your take on the scam environment currently?

Oh, it's pretty wild. You know, there's definitely some patterns I've started to notice. They’re, you know, working in security, I stay super on top of a lot of the cyberattacks that you see in the news and the things that are out there.

And the thing that I've found that's really interesting is a lot of the scams that you're seeing kind of start to blend with that bigger cybercrime ecosystem. And there's a lot of the same tactics being used, I think, across some of your scams that you see, but also, like, some of your cybercrime. Like, phishing emails are huge. They're used for everything. I think of it like a pry bar to, like, get into a house, right?

Like, that's your way in, and then you can do what you want from there. But, yeah, phishing opens the doors, and you see that a lot with not only, like, big cyber attacks. A lot of those stem from a phishing email, but also your scams. I sometimes go through my junk email or my spam folder just for a laugh, and it's insane. Like, the amount that is caught in there that I just don't even see, right?

Yeah. Like I said, it's what makes it to our inbox is usually only the tip of the iceberg of what's actually getting sent to us.

Absolutely. It's crazy. There's so much. And some of them, like, I don't know. You look at it and you're like, “Are you even trying?” And then there's others where you're like, “That looks legit,” and it takes you a couple of minutes. You sit there and you stare at it like, “OK, that's convincing. You did a good job.”

Are you generally tending to see higher quality scam phishing emails these days?

Yes. Because AI has made it much easier for people to, I think, craft more convincing verbiage and things along those lines in the email and just kind of find a better way in. So, even internally, just some of the phishing emails that we see reported, or you look at them and you're like, “Wow, that’s pretty convincing.” Sometimes it takes a couple of us. Like, we look for a little bit and we're like, “Yeah.” That's after digging in, you can tell, but it's on the surface, it's very convincing.

AI has made it much easier for people to, I think, craft more convincing verbiage and things along those lines in the email and just kind of find a better way in. -Gabrielle Hempel Share on X

Yeah. I've definitely gotten a couple that were, “I know I'm not banking with that bank, so I know it's not a legitimate email.” But it was cadet. They're pulling the right images, everything. It looks like a perfectly formatted, grammatically correct, current logos. Like, it was always funny when you got the bank email from, like, five logos ago. It's like, “Well, they haven't used that logo in 20 years.” Like, “What the heck?” But some of them have gotten incredibly good looking.

Yeah. I actually, I got one a couple weeks ago, and I ended up, like, kind of circumventing it and reaching out to the team directly because I was like, “I don't know if this is real or not.” And it was a little suspect, but it was from—it was pretending to be from X or Twitter. And it was about, like, a DMCA and stuff like that, and it was all very official. And even, like, the return address was right and things along those lines, but it just wasn’t—it didn't add up, a lot of the content and stuff like that.

I was like, “This is strange.” And I actually reached out to their legal team, and they were like, “Yeah, that didn't come from us.” And I was like, “That was crafty.” And I actually saw some people that actually got kind of a similar email that did think it was legitimate, and these are all cybersecurity people.

Was it the one, like, “You've used an image that's a copyrighted image of one of our clients, and we need you to link to it”?

Yeah. And I've gotten those somewhat legitimately before too, right? So it's hard to tell, but it was very well-crafted. It took me a while. I sat there and looked at it and started poking at it for a little bit. And, yeah, they're getting very, very good.

Yeah, nd that's where those are challenging because, like, if you're a business owner and you get something that looks legal, you don't just wanna go, “Oh, I'm sure it's a scam,” and throw it away because it potentially, like, it requires some level of attention as opposed to, “Well, I don't run—I don't have a website.” Of course, I did put a picture that belongs to somebody else on my website because I don't even have one.

Yeah. It was very well-targeted, and it was really interesting. But, yeah, we're seeing not only better attempts, but again, it's kind of blending with that bigger ecosystem. A lot of what you're seeing, like, your big cyber actors doing, so, like, living off the land, impersonation, things along those lines, domain spoofing, you're seeing a lot of that in your fraud and your scams as well. So it's interesting that kind of parallels.

When it comes to the phishing emails, do you think because the grammar is getting better and the quality is getting better, would you expect more of them to start getting through the spam filters?

Or is this, you know, kind of the blacklists and the, “Well, we know this is coming from a compromised computer or a fake domain name”? Is most being able to be kept at bay, or is it gonna—should we expect to start seeing it slip through the filters more?

That's a really good question. You know, I've seen some I don't know if I've really seen an uptick in what's come through the spam filters. So it seems like, you know, the email companies are doing a good a good job at staying on top of a lot of what's going on.

But I think that, you know, if AI continues at the pace it's continuing at, we could definitely see an uptick in that just because it's getting so much easier to do those kinds of things, and it’s harder to be in the reactive state, right?

Do you see kind of the defense? Like, I always worry about this. Like, you know, AI versus AI. So if you have defensive AI. Like, it needs to get it right because you don’t, and that's one of the challenges to any kind of filtering is you never wanna let something valid get rejected in the attempts of keeping all the bad stuff out.

Yeah. When you said AI versus AI, it just made me think of BattleBots, watching BattleBots. I don't know. That was, like, the image that came to mind. It was funny. You know, I said last week—I was talking a little bit about AI, and one of the things that I thought was interesting was, and I read this somewhere and kind of adopted it, but with AI, offensive AI just has to be effective, and defensive AI has to be accurate. Yes. And that was a really nice way of putting it, I thought, and it made a lot of sense.

I read this somewhere and kind of adopted it, but with AI, offensive AI just has to be effective, and defensive AI has to be accurate. -Gabrielle Hempel Share on X

And I hadn't really thought of it in that manner before. But, yeah, it's so true because you don't wanna suddenly start filtering out executives' emails and, you know, somebody—it’s like those things where, yeah, if you cut off access to anybody, someone will scream, right? And it'll be someone important that has the ability to make or break your career, right?

It's that challenge is that when you're on the defensive, you have to get it right 100% of the time. But the adversaries just need to get it right 1% of the time.

Yeah. They just need one person to click and you've got your access, right? But on the defensive side, if you're filtering everything out, then that's not good.

So I know one of the kind of—I think I'm starting to think that it's probably more incorrect, and maybe it was never correct to begin with, was that the vast majority of online scams are targeting, you know, those in their retirement, 65 and older, that, you know, we've gotta protect our grandparents because everybody's trying to get our grandparents.

And I think there's a certain amount of validity to that in the sense of they may be less accustomed with the technology and they have more to lose. But I'm starting to see things that seem to indicate that that they really aren't the ones that are most frequently caught by scams.

No. And that was the most interesting thing about a lot of this FTC data to me because I always thought that too. And you always see, like, the workshops for retirees on how to keep your data safe, and there's books about it out there.

And there's webinars and everything about how older people need to be aware of these cyber scams. And suddenly, all this information comes out, and it's not the case, but I think there's other groups that are proving to be more susceptible, right? Yeah. The surprising thing I just wanted to double-check on the ages.

But, yeah, individuals between the ages of 20 and 29 are most frequently targeted, but I believe that they were the most frequent to fall victim as well, right? And then I think the older group spent more money overall. But, yeah, I found that very interesting.

Individuals between the ages of 20 and 29 are most frequently targeted, but I believe that they were the most frequent to fall victim as well. -Gabrielle Hempel Share on X

And I was trying to rack my brain as to why that could be the case because these are digital natives, right? They're people that aree 20 to 29, you've grown up with the Internet already in place, and you've grown up only knowing smartphones for the most part. And I feel like that was really surprising to me because it should be people that understand, you know, that fraud is a thing and have grown up with that, and that is not seeming to be the case. And I was trying to think of why.

I think that some of it is they've grown up comfortably with technology. Yeah, it’s always been available. It's always just worked. I don't know about you, but I, like, growing up, it was kind of like the Y2K era and stuff like that. Like, technology was kinda there, but you also—like I learned to be patient because I had to use dial up, right? And I learned about antivirus because I had LimeWire. So just things like that, right?

You kinda laugh; half to the audience has no idea what LimeWire is.

I know. And that makes me so sad because that was the golden age. But you really had to kind of learn how the technology works because it didn't always work the way it was supposed to from the get-go. And I think a lot of the technology we have now just makes it so easy.

Maybe it's just it's always there. It's always worked. There hasn't been the distrust in the technology, and maybe they're falling victim to scams. -Gabrielle Hempel Share on X

It's plug and play. And, yeah, maybe that's why. Maybe it's just it's always there. It's always worked. There hasn't been the distrust in the technology, and maybe they're falling victim to scams. I don't know. I'm curious.

Yeah. I mean, like, the perception I always have is that the people that are, let's say, 70 and older have had—a gross generalization here—seem to be more leery of certain technologies. They're like, technologies.

They're like, you know, “I'd rather go in and deal with the bank teller than use the ATM machine, let alone taking a photo of my check.” And so I don't know that it's so much like—I don't see it so much as an issue of younger people are necessarily more susceptible, but younger people are spending more of their lives online. It's you, know, I was jokingly talking with somebody, and they're like, ‘What's a “check?’” Like, they've never written a check in their life because they'd always, “Oh, I'll do an electronic funds transfer. I'll do Zelle, Venmo, you know, Cash App, Apple Pay,” you know?

They had never needed to write a check because, like, “Oh, rent my apartment. I just do it online. It's an electronic funds transfer.” And so I think when you're so used to everything being digital and everything being online, there's a familiarity and a comfort with doing everything online.

And so there's less skepticism of, “Oh, why is this online? Why are they trying to do this online?” I get it. I want everything to be online.

I love everything that I have. It makes it like, there is an advantage that it makes so many things simpler. But when we're so accustomed to it, we're so used to it, I think that's where the falling victim to it or falling prey to it, just has a—there’s more of an opportunity, not necessarily that scammers are any more effective in dealing with younger people. It's just, well, when you're online, you know, 18 hours a day as opposed to 2 hours a day, there's just more opportunity to be scammed.

Yeah. And just the younger people that are getting phones too. I think Riley Ann had mentioned actually the other day when we were talking, that, like, there are people that her daughter's friends have phones, and they're, like, seven and eight years old, right?

And, like, what? If I had had a phone when I was seven, I would have done so many dumb things. So I think there's some of that too. There's just the inherent trust in technology, and we're getting technology younger. I think you've got less life experience when you're being handed technology, and that's some of it as well.

There's just the inherent trust in technology, and we're getting technology younger. -Gabrielle Hempel Share on X

Do you think there is a case to be made for, I don't wanna say taking technology away from younger people, but I think we very easily just give, give, yeah. “Here’s a peak piece of tech, and I'm not gonna pass along any warnings to you as part of the process. It's just here.”

Maybe better education surrounding some of the threats out there. I don't know. And it's again, it's not one size fits all either. Like, the scams that are gonna target some of your young kids are gonna be really different than the scams that are targeting some of the old people, presumably. I mean, maybe not.

Yeah. If I was 20 years old and got a call about Medicare Part C, like, “Nope. Not for me.”

What are all these Medicare parts? I feel like they add a new one every week.

I get commercials. I watch a lot of HGTV, right? So I get, like, all the old people scam commercials, like, all the Medicare. I keep getting, like, funeral home commercials recently. I'm feeling a little, like, called out. Maybe I need to find a new channel to watch.

But, not to say that those things are necessarily scams, but there are definitely things that will resonate with different audiences. I mean, you know, someone who's, you know, 90 years old in a retirement home is not gonna, you know, care about concert tickets, you know?

“Hey, here’s where you can get discount concert tickets.” They're like, “I haven't left the house in two years. I'm not gonna, like, that's not me.” So there's definitely things that are gonna resonate with different audiences better.

And that's where AI starts to make me nervous is that as the scammer platforms have more information about us, they'll be able to target us better. And gone will be the days of the Nigerian prince scams and, “Hey, I went to high school with you. It was this high school, and it was, you know, this year, and we both knew this same person.”

Yeah. That's scary. I don't like that. Although, you know, that just made me realize I haven't been reached out to by a foreign royal promising me a lot of money in a while, and I'm kinda sad now. Is it me? Is it a me problem?

All these things ebb and flow.  Give it a few weeks. Now that we have recorded it, an episode where we've talked about Nigerian prince scams, it will be in the ether, and you will suddenly get a hundred of them in the next 24 hours. Good.

That sounds good. I've missed them a little bit. Good conversation.

So do you ever play around? Are you one of those people who—do you interact with the scammers from time to time?

Sometimes. Depends on my mood and how annoyed I am by the scam, honestly. I try not to engage, just because it's not gonna do any of us any good. But at the same time, I have a couple friends who are very, very responsive to those kinds of things, and it's entertaining.

They work in the industry as well. One of them is really into voice cloning and that AI kind of stuff, and he's done a lot of really interesting things with that in response to scammers, and that's been kind of fun to watch, so yeah.

I think that's more for entertainment purposes than actually being able to stop anything.

Yeah. No, it's not stopping anybody. It's more just annoying them and wasting their time.

So are there any particular recent trends that you've seen of I haven't seen this type of scam or this type of phishing attempt before that you're now starting to see more of?

I mean, the voice cloning and the deepfakes I feel like have been really big.

And those are difficult because I don't think the detection is really effective for those yet. And I know we had one that there was an article published about a little bit ago, and I wasn't part of, like, the team that encountered it. But we had somebody show up for an interview that was a deep fake. And Interesting, luckily, you know, the folks doing the interview caught it super quickly.

And they started asking about, you know, things in the person's background, like, behind them and saying, like, “Hey, what is that thing?” And just asking, like, more personal things, and it was really apparent very quickly that it was somebody that was a deepfake, right?

But you've heard a lot of these stories, and that is one of the trends that is most concerning to me because some of them are extremely convincing. There's been times I've seen videos, and I'm like, “Oh, like, is that real?” And you sit there and you watch it a couple times, and you can't tell. And same with the voice cloning. I had the one friend that I have that is really into that kind of thing. He wanted to see how long it took him to make, like, a convincing voice clone of one of our mutual friends, and it took him, like, 15 minutes.

Yeah. I was just playing around with an AI video generation tool the other day. And on, like, three minutes of training, it was able to present a passable, like, “Oh, that looks like me, and it sounds like me, and it's kind of got some of my mannerisms.” Then my wife, wouldn't you know, my wife would recognize that it's not me.

But someone who knows me casually or who's just an acquaintance might go, “Yeah, it's just a low-quality video. Quality isn't very good that it wasn't, you know, 10 years ago, like, even when I started the podcast. I was always, “Oh, ask the person to jump on a video with you. And if they refuse, then, yeah, if they won't do a FaceTime call with you, it’s a scam. Or if they won't jump on a Zoom with you, It's a scam.” And then it was like, “Well, if you get on there, the quality's bad or the ears look funny. You know, the eye, the chin looks, you know, a little bit wonky.” But nowadays, the AI clones of people are, without a whole lot of work, are pretty passable.

I used to be able to tell because of the fingers too, right? Like, they would, like, put, like, 10 fingers on the person. They got six fingers. Exactly.

You'd be like, “Oh, OK. That's definitely AI-generated.” Now it's like, “Oh, like, I can't tell.” So, yeah, that's one of the trends that is super concerning to me, and just I don't know.

So one of the interesting things that I was trying to think of to not talk politics, but we all know what's going on with the tariffs and things along those lines. And, you know, one of the scams that I think that I've seen a lot and I've seen a lot of other people see a lot are, like, the USPS, the package delivery, the, “You need to pay us money so that we’ll release your package” kind of scams, and I can see that skyrocketing with the tariffs too. It's a perfect ploy. “Oh, you ordered something from China? Give us money before we deliver it to you.”

Particularly, like, if it if it looks like it's coming from Amazon and it just says, “Hey. Your recent package was shipped from China expedited, so it'll get here next day. But because of the tariffs, we need to collect the tariff because yeah, it came in after, you know, it came into the country before the tariff, or, like, you know, the timing works out just right that well, the tariffs weren't in effect when you ordered it, but they are in effect now that it's coming into the country. You need to pay this fee, or if you don't wanna pay it, you need to go here and fill out this form.”

I mean, the scammers are really good at, are getting better and better at using news and current events to make things seem more reasonable.

And I feel like we really started to see that, you know, with COVID. There were a lot of scams that started to pop up around COVID with vaccines and testing and just things along those lines. And I feel like it's just kind of been taking off ever since that worked. So now we're doubling down on it, right?

Yep. So what's the advice for people?

I like to—I know not everybody's in cybersecurity. One of the approaches that I do like is, you know, we talk a lot about zero trust in cybersecurity, and I think that we live in an era at this point where consumers need to adopt zero trust in communication.

I think that we live in an era at this point where consumers need to adopt zero trust in communication. Like, you need to look at all communication that you have as potentially a scam. -Gabrielle Hempel Share on X

Like, you need to look at all communication that you have as potentially a scam. And that's unfortunate. I don't love living that way, but, we are in that era. You know, there’s, again, I think it's healthy to remain skeptical. If you didn't initiate a conversation, I would say assume it's suspect.

Yeah. I get, like, three texts a day, like, “Hey. Are you interested in this job? Do you wanna hear more about this job I have for you?” And it's, like, “No.”

If somebody offers you something free, you should be so skeptical because there is absolutely nothing in life that is actually free. -Gabrielle Hempel Share on X

Nobody would reach out to me over text, over, like, a spoof number to ask me about that, you know? So, yeah. And nothing is free. If somebody offers you something free, you should be so skeptical because there is absolutely nothing in life that is actually free.

So, yeah, the just being wary, staying on top of things. You know, with the voice phishing and that kind of thing, that's really hard. But I would say if you are suspect of that, if you feel like something's not right, like, hang up and call the person on the number that you know is theirs. Or, I don't know. Like, I've seen some people develop, like, code words with their family.

My wife and I do.

Yeah. And that's a great idea because, you know, ask a question that only that person would know an answer to, something along those lines just to verify. It's unfortunate, but it is the world that we live in these days, and you can never be too careful.

Yeah.  And, I 100% agree. And I feel like the scammers are even trying to exploit people's decency . The first time I got it was a, “Hey. I'm at the golf range. Where are you?” And I initially was like—I started to respond back. I'm like, “Oh, you've got the wrong number.” Then I was like, that seems to be weird that—how would you get a wrong number doing that? And so I just so I'm like, “OK. I'm not answering that. This just seems weird.”

And over the course of the last, let's say, year, the intensity and the frequency of those text messages have gone through the roof of, “Hey. I'm running late. Can we meet at two? Are you available at two for that for that Zoom call?”

For one, I know no one's gonna be texting me that sort of stuff. But some of them were like, “Hey. This is so and so from the vet, and we need to make a decision on this treatment for your dog.”

I can imagine any dog owner going, “Oh my gosh. I don't have a dog. I know you're not my vet, but if my dog needed an emergency treatment, I'd wanna make sure that, you know, that they knew they got the wrong number.” And so it's like I feel like they're exploiting, you know, our good nature to try to take advantage. So it's, like, unfortunately, now it's like, “Nope.”

I just can't respond to text messages. Whether they're legitimately misdirected or a scam, I'm just not gonna respond to them anymore.

Yeah. I've gotten to that point too.

If I don't know who it is, I generally won't respond. And there's been times where I'm like that might be somebody that I used to know, don't have the number anymore. I'm not sure. Usually, you can tell it's not because of, like, it's a completely out-of-whack area code or something. But, I mean, it's it really depends.

There's been something that I've gotten from local area codes, and I'm like, “Is that a person? Is that a really good spoof?” Like, whatever. But, again, if you're not expecting it, then it's potentially, you know, not legitimate.

My favorite current one is getting messages from the Philippines of, “Hey. You did pay your local toll.”

Oh, yeah. We were talking about that yesterday. There's been so many of those. I got one from a state that I've never been to before, and I was like, “Hey.”

You didn't pay the California toll, and this is coming from a Philippines telephone number. Like, no.

You don't think so. Like, unless you've got some really crazy, you know, toll stuff, or it's outsourced. Like, I could, yeah.

I could see someone making the case of, like, “Hey. We are the support center that's been outsourced to the Philippines to follow up on people that have not paid their tolls.”

What starts to become believable at that point? Is it Chicago? There is a city that outsourced all of its parking payment to it's a different country.

I don't remember. I've read about this recently, and I don't remember the city or the country. But, like, I was reading about it, and I was like, “Is this real?” But, yeah, for the next, like, if they've got some sort of deal where, like, for the next 15 years, all money from parking goes to this country, like, in exchange for some—it’s bizarre. I was like, “Oh, so that could be legit.”

Like, are you kidding me?

With all the outsourcing, you never know.

So before we get way too far off topic Any additional kind of just good best practices, advice, that people should follow before we wrap up here?

Again, like, just do your due diligence. I would always research things. If you feel like something's legitimate, then, try to go around. And if you feel like, “Oh, I'm getting an email from this legal department of this company,” like, find the legal department contact information on the company website and then email them or call them. Or, same if you think somebody's contacting you, try to find their actual contact information.

Like, kind of circumvent. Don't go directly through that channel. It's kinda like when you get, like, a phishing email and you think it's your bank, just go to the bank's website and log in. Don't click on the link in the email, right? So, yeah, just staying vigilant with stuff like that.

With a lot of the financial fraud, don't put money into a platform you don't know anything about or haven't heard of. Like, that's just common sense, but is it?

Yeah. But that's the challenge of some of these scams is they—a story where they had to interact with someone. They had, you know, through a chat or whatever, had met someone and gone back and forth and heard about this great crypto investment.

And so they put money into the platform, and at some point, like, the person was saying, “Hey. You've done well. It'd be good to take some of your money out.” And so they took some money out, and they got it. And so in their mind, it built this, “Well, this must be a legitimate platform because if it were a scam, I wouldn't have been able to get my money out.”

But now that I've gotten a portion of my money out, I now feel safe in putting more money in, and so they dumped in their entire life savings, and all of a sudden, the app stops working. They can't get a penny out anymore. And they're left figuring, “Well, clearly, it was some sort of—did the company go out of business, or was it a scam?”

Because why is a scammer ever gonna give you part of your money back? But that was part of the building trust.

Mhmm. Yeah. Building trust and then kind of, I mean, that was what Bernie Madoff did, wasn't it?

Yep. They'll trust and, you know, community referrals. So, yeah. “Hey. We trust him. He's made us a lot of money. You know? Maybe we took a little bit out, but as long as not everybody tried to get all their money out, no one found out until it got too big.”

Yeah. But he also blamed his victims, like, saying they should've known that they couldn't get a legitimate return like this. But that's awful, and that's a different story.

Yes. It is a very different story. It just made me think of that with the building trust. But, yeah.

And then, you know, as far as cybersecurity goes, very much the same things. Don't click on links in phishing emails. Be very vigilant about phishing, things along those lines. I think, you know, there's a lot of tools out there now that are using AI and things like that for detection. I know we do that for specifically, like, insider threat and a lot of the other victim to scam things that you might see.

So, yeah, lots of platforms out there that are doing that kind of thing too. And I think that's hopefully, eventually, going to help identify and halt these things before they actually happen.

Gotcha. If people wanna connect with you or find out more about what Exabeam does, how can they connect with you?

I'm on LinkedIn.

My full name, Gabrielle Hempel. Also on X, under gabsmashh. That's my handle on a lot of social media. That's where you can find me. It's another story.

And then just Exabeam as well. If you don't remember my name, you can reach out to Exabeam and be like, “Hey. I heard this chick on a podcast. Who was it?” And they can direct you to me.

Awesome. Thank you so much for coming on the podcast today.

Thank you so much.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Notified When We Release New EpisodesALERT ME

X

Logo

Get Notified

When we release
new episodes

We will only send you awesome stuff!

Privacy Policy

×

 
×

Easy Prey Self Assessment Cover

Are you safe or at risk? Find out.

We’ll send you instructions to download the self-assessment right away. It takes only a few minutes to complete.

We hate spam and promise not to spam you.
Unsubscribe at any time.

Privacy Policy

×

Hire Me To Speak

Privacy Policy

×

Privacy Policy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on every page of our site.

The Way We Use Information

We use email addresses to confirm registration upon the creation of a new account.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

On occasion, we may send email to addresses of registered users to inform them about changes or new features added to our site.

We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Affiliated sites, linked sites, and advertisements

CGP Holdings, Inc. expects its partners, advertisers, and third-party affiliates to respect the privacy of our users. However, third parties, including our partners, advertisers, affiliates and other content providers accessible through our site, may have their own privacy and data collection policies and practices. For example, during your visit to our site you may link to, or view as part of a frame on a CGP Holdings, Inc. page, certain content that is actually created or hosted by a third party. Also, through CGP Holdings, Inc. you may be introduced to, or be able to access, information, Web sites, advertisements, features, contests or sweepstakes offered by other parties. CGP Holdings, Inc. is not responsible for the actions or policies of such third parties. You should check the applicable privacy policies of those third parties when providing information on a feature or page operated by a third party.

While on our site, our advertisers, promotional partners or other third parties may use cookies or other technology to attempt to identify some of your preferences or retrieve information about you. For example, some of our advertising is served by third parties and may include cookies that enable the advertiser to determine whether you have seen a particular advertisement before. Through features available on our site, third parties may use cookies or other technology to gather information. CGP Holdings, Inc. does not control the use of this technology or the resulting information and is not responsible for any actions or policies of such third parties.

We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. For information about their specific privacy policies please contact the advertisers directly.

Please be careful and responsible whenever you are online. Should you choose to voluntarily disclose Personally Identifiable Information on our site, such as in message boards, chat areas or in advertising or notices you post, that information can be viewed publicly and can be collected and used by third parties without our knowledge and may result in unsolicited messages from other individuals or third parties. Such activities are beyond the control of CGP Holdings, Inc. and this policy.

Changes to this policy

CGP Holdings, Inc. reserves the right to change this policy at any time. Please check this page periodically for changes. Your continued use of our site following the posting of changes to these terms will mean you accept those changes. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.

 

×
close
Embed this image

Copy and paste this code to display the image on your site