0.000000 3.000000 Tech It From Me is an independent and solo-produced podcast. 3.000000 5.000000 Welcome to the Tech It From Me podcast. 5.000000 6.000000 I'm Mike Madole. 6.000000 10.000000 If you're like most people, you think you're reasonably careful online. 10.000000 12.000000 You don't click sketchy links. 12.000000 14.000000 You don't open spam emails. 14.000000 17.000000 And your passwords are pretty good, right? 17.000000 21.000000 So why do stories of stolen Netflix accounts, 21.000000 24.000000 compromised credit cards, and hacked bank logins 24.000000 27.000000 still keep happening to regular people? 27.000000 29.000000 Well, here's the truth. 29.000000 32.000000 Cybercriminals don't need to target you anymore. 32.000000 35.000000 They use automated tools to scoop up logins, 35.000000 39.000000 skim data, and steal identities at scale. 39.000000 42.000000 And most people have no idea how exposed they really are. 42.000000 45.000000 In this episode, we're going to break it all down. 45.000000 48.000000 How the bad guys actually get your info, 48.000000 51.000000 what you're probably doing wrong without even realizing it, 51.000000 53.000000 and five things you can start doing today 53.000000 56.000000 to protect yourself and your family. 56.000000 60.000000 This is the Tech It From Me podcast. Let's go. 60.000000 62.000000 This is the Tech It From Me podcast. 62.000000 65.000000 Let's talk about how this stuff really happens. 65.000000 68.000000 Not the Hollywood version, but the real world tools 68.000000 71.000000 and tactics used by cybercriminals. 71.000000 74.000000 There are many methods these malicious actors use, 74.000000 78.000000 but here are the top five most commonly used methods. 78.000000 80.000000 Number one, fishing. 80.000000 82.000000 That's the classic one. 82.000000 85.000000 An email pretending to be from your bank, Amazon, 85.000000 87.000000 or Netflix, or others. 87.000000 90.000000 It says there's a problem with your payment method, 90.000000 93.000000 or your account was locked, and it provides a link. 93.000000 96.000000 But the link takes you to a fake login page. 96.000000 100.000000 You type in your credentials, and bam, they've got your info. 100.000000 103.000000 The second method is social engineering. 103.000000 105.000000 Sometimes it's not about tech at all. 105.000000 108.000000 It's a phone call from tech support, 108.000000 110.000000 asking for remote access, 110.000000 112.000000 or someone pretending to be payroll, 112.000000 116.000000 asking you to verify your direct deposit details. 116.000000 118.000000 Humans are always the weak point, 118.000000 121.000000 and the hackers know it. 121.000000 123.000000 Thirdly, credential stuffing. 123.000000 125.000000 This one is really sneaky. 125.000000 128.000000 Let's say you used the same email and password 128.000000 131.000000 on a random website five years ago, 131.000000 133.000000 and that site was breached. 133.000000 137.000000 Hackers take that combo and try it on every major platform. 137.000000 141.000000 Gmail, Amazon, Facebook, PayPal, you name it. 141.000000 145.000000 If you reuse that password, you're done for. 145.000000 149.000000 The fourth method, public Wi-Fi attacks. 149.000000 151.000000 Here's a classic move. 151.000000 154.000000 Someone sets up a fake Wi-Fi hotspot at a coffee shop 154.000000 156.000000 and names it something legit, 156.000000 161.000000 like Starbucks free Wi-Fi or Tim Horton's Timbits. 161.000000 164.000000 You connect, and they start intercepting your data. 164.000000 167.000000 It's called a man-in-a-middle attack, 167.000000 169.000000 and it's more common than you think. 169.000000 174.000000 The fifth most common is malicious apps and browser extensions. 174.000000 177.000000 Not everything happens over email. 177.000000 181.000000 Sometimes it's a mobile app that asks for way too many permissions, 181.000000 185.000000 or a browser extension that quietly logs your keystrokes. 185.000000 187.000000 This stuff isn't hypothetical. 187.000000 191.000000 I've seen fishing campaigns hit an entire department. 191.000000 196.000000 I've also seen a company owner fall for fake invoice emails. 196.000000 201.000000 And these aren't people who, quote, "should have known better." 201.000000 204.000000 They were simply caught off guard. 204.000000 207.000000 Now, let's talk about why you, yes, you, 207.000000 210.000000 are more vulnerable than you think. 210.000000 213.000000 Most people assume I'm not that important. 213.000000 215.000000 Nobody's going to want to hack me. 215.000000 218.000000 They think, I don't have millions in the bank. 218.000000 220.000000 Why would anyone come after me? 220.000000 223.000000 But that's not how this works anymore. 223.000000 226.000000 You're not being personally targeted. 226.000000 231.000000 You're being scooped up along with thousands of others in automated sweeps 231.000000 233.000000 that don't care who you are. 233.000000 235.000000 They just want one thing. 235.000000 236.000000 Access. 236.000000 238.000000 Here's the reality. 238.000000 243.000000 Cybercrime is no longer a guy in a hoodie guessing passwords at three in the morning. 243.000000 245.000000 It's software. It's bots. 245.000000 251.000000 It's scripts running through databases of billions of leaked credentials, 251.000000 256.000000 testing them at scale against every major platform you can think of. 256.000000 259.000000 It's like someone going down your street with a master key, 259.000000 261.000000 just trying it on every single door. 261.000000 266.000000 If your door is weak, or if you reuse the same lock as 15 other people, 266.000000 268.000000 they're going to get in. 268.000000 270.000000 So let me give you an example. 270.000000 273.000000 A few years ago, LinkedIn had a major data breach. 273.000000 277.000000 Millions of emails and passwords were exposed. 277.000000 283.000000 Fast forward to today, those credentials are still floating around online. 283.000000 289.000000 And if you've reused that same LinkedIn password for say Netflix or your Gmail accounts 289.000000 292.000000 or online banking, guess what? 292.000000 300.000000 Attackers have tools that will try your LinkedIn combo on every major site automatically. 300.000000 302.000000 That is what's called credential stuffing. 302.000000 306.000000 And it works way more often than you'd think it would. 306.000000 308.000000 And it gets worse. 308.000000 312.000000 Sometimes your credentials don't even need to be stolen in real time. 312.000000 316.000000 They can be bought or downloaded from massive dark web dumps 316.000000 319.000000 like the infamous collection number one breach. 319.000000 326.000000 That had over 770 million email and password combinations exposed. 326.000000 330.000000 If you've never checked to see if your email address has shown up in one of these dumps, 330.000000 336.000000 I strongly suggest a website called HaveIBindPond.com. 336.000000 345.000000 So that's h-a-v-e-i-b-e-e-n-p-w-n-e-d.com. 345.000000 351.000000 It's free, it's safe, and it's run by a well-respected security researcher. 351.000000 357.000000 Just type in your email address, and you might be shocked by how many breaches it's been involved in. 357.000000 359.000000 I've seen people shrug this off. 359.000000 361.000000 I've got nothing to hide, they say. 361.000000 364.000000 But here's the thing, you don't need to have any secrets. 364.000000 369.000000 You just need to have value and access the things that criminals want. 369.000000 371.000000 So think about it. 371.000000 375.000000 Your email account is the recovery point for almost everything. 375.000000 378.000000 Your Amazon account might have stored credit cards. 378.000000 383.000000 Your Dropbox might have sensitive work files or personal records. 383.000000 388.000000 Your Uber account could be used for identity theft and fraud. 388.000000 392.000000 And once someone gets in, it's not just about theft. 392.000000 394.000000 It's about control. 394.000000 396.000000 They can lock you out. 396.000000 398.000000 They can impersonate you. 398.000000 402.000000 They can use your email to send phishing scams to your contacts. 402.000000 406.000000 And they will trust it because it came from you. 406.000000 412.000000 It's not about paranoia, it's about understanding the scale and automation of today's attacks. 412.000000 417.000000 You don't have to be a millionaire, you just have to be unprepared. 417.000000 422.000000 All right, so now that I've scared you, so what can you do? 422.000000 425.000000 At the beginning, I promised five simple things that you could do. 425.000000 432.000000 Here are those five simple practical things that will drastically reduce your risk. 432.000000 436.000000 First off, use a password manager. 436.000000 439.000000 This is the biggest game changer. 439.000000 442.000000 I use a software called 1Password. 442.000000 448.000000 And no, I'm not sponsored, I'm not compensated or affiliated with this company in any way. 448.000000 451.000000 I just really believe in it. 451.000000 460.000000 One of the reasons I selected it is because it includes built-in support for MFA or multi-factor authentication. 460.000000 464.000000 Instead of bouncing between a password vault and an authenticator app, 464.000000 469.000000 I can generate one-time codes right inside of 1Password. 469.000000 476.000000 It simplifies my workflow and actually makes me more secure because I'm not tempted to cut corners. 476.000000 479.000000 Everything syncs across my devices as well. 479.000000 485.000000 Windows, Mac, iPhone, iPad, and Autofill is awesome. 485.000000 491.000000 If you're still storing passwords in your browser or worse using the same password on multiple sites, 491.000000 494.000000 you really need to make a switch. 494.000000 499.000000 Other solid password managers include BitWarden and Dashlane. 499.000000 507.000000 Even iCloud keychain has improved, but for cross-platform users, 1Password really shines. 507.000000 512.000000 The second, turn on MFA everywhere you can. 512.000000 517.000000 Multi-factor authentication means that even if someone steals your password, 517.000000 523.000000 they still can't get in without a second form of verification, like a code from your phone. 523.000000 527.000000 Most major sites support this now. 527.000000 534.000000 Turn it on for your email, banking, social media, absolutely everything where it's available. 534.000000 538.000000 Third, stop reusing passwords. 538.000000 543.000000 If one site gets compromised and you've reused that password elsewhere, 543.000000 546.000000 all those other accounts are now vulnerable. 546.000000 548.000000 A password manager makes this simple. 548.000000 555.000000 You can have a unique strong password for every single site and never have to remember any of them. 555.000000 560.000000 Number four, be skeptical of public Wi-Fi. 560.000000 565.000000 When you're at a coffee shop or an airport, avoid logging into sensitive accounts. 565.000000 571.000000 These networks are often poorly secured and in some cases, they're outright malicious. 571.000000 579.000000 That free airport Wi-Fi might actually be someone running a fake hotspot. 579.000000 583.000000 In addition to this, use a VPN when you're away from home. 583.000000 592.000000 If you have to access a public Wi-Fi, a VPN or a virtual private network is your best friend. 592.000000 598.000000 A VPN encrypts your internet traffic, creating a secure tunnel between your device and the internet. 598.000000 603.000000 That means even if someone is snooping on the network, they can't see what you're doing. 603.000000 609.000000 I know VPNs can sound technical or intimidating, but they've become super easy to use. 609.000000 613.000000 There's lots of great options out there as well. 613.000000 618.000000 Proton VPN is a solid privacy focus from the creators of Proton Mail. 618.000000 622.000000 Mullvad, you don't even need to create an account with them. 622.000000 627.000000 Nord VPN, Express VPN, they're very user friendly and fast. 627.000000 631.000000 But the one that I use daily, CloudFlare Warp. 631.000000 639.000000 It's part of CloudFlare's 1.1.1.1 app, and it's available not just on phones, but also on Windows and Mac. 639.000000 643.000000 I use it on my Mac as part of my regular workflow. 643.000000 648.000000 Now, technically, Warp isn't a full VPN in a traditional sense. 648.000000 651.000000 It's more of a secure connection optimizer. 651.000000 660.000000 It encrypts your traffic, routes it through CloudFlare's global network, and protects you from snooping on unsecured networks. 660.000000 666.000000 It doesn't let you spoof your location, so it's not meant for streaming or region hopping. 666.000000 672.000000 But for privacy and security on the go, it's fabulous and it's free. 672.000000 679.000000 If you're looking for a lightweight option that just works and comes from a company trusted for internet infrastructure, 679.000000 682.000000 Warp is a great place to start. 682.000000 689.000000 And don't worry, I'm going to do a future episode specifically dedicated to VPNs, how they work, how to choose the right one, 689.000000 694.000000 and why some of them do more harm than good, so stay tuned for that. 694.000000 702.000000 The fifth and final one that I wanted to share here is train yourself to spot fishing. 702.000000 709.000000 If something feels off, it probably is. Check the sender of an email, look closely at a URL. 709.000000 716.000000 Don't click on unexpected links, and when in doubt, just go directly to the site in your browser. 716.000000 722.000000 These days, fishing attacks aren't riddled with typos. They look really good. They look professional. 722.000000 727.000000 They create urgency, and they rely on people reacting without thinking. 727.000000 731.000000 Slowing down could save you a lot of grief later on. 731.000000 740.000000 I want to shift gears now and talk about this from my experience, not just as someone who's tech savvy, but as an IT leader as well. 740.000000 750.000000 I've worked in IT for a long time, across industries like healthcare, retail, food services, law, even private equity-backed companies. 750.000000 758.000000 And here's the biggest thing that I've learned. It's never just about the technology. It's always about the people. 758.000000 768.000000 You can have the best firewall money can buy, endpoint detection tools, humming in the background, encrypted storage, and all the latest patches in place. 768.000000 783.000000 But if someone on your team clicks a fishing link, if someone reuses their old Yahoo password from 2008, if someone says yes to a fake tech support call pretending to be from the help desk, it's game over. 783.000000 793.000000 Cybersecurity is a behavioral issue, not just a technical one. And that's why as a leader, my job isn't just to secure systems. 793.000000 798.000000 It's to make secure behavior easier than insecure behavior. 798.000000 805.000000 So what that means is giving people password managers so they don't write passwords on sticky notes. 805.000000 812.000000 Rolling out single sign-on with multi-factor authentication to make login secure and seamless. 812.000000 819.000000 Running fishing simulations and awareness training, not to shame people, but to educate them. 819.000000 826.000000 And building a culture where it's okay to ask, "Hey, this email looks weird. Do you mind taking a look at it?" 826.000000 833.000000 You'd be surprised how many breaches start with someone too afraid just to speak up. And look, I get it. 833.000000 843.000000 Most people just want to do their job. They don't wake up thinking about security. But if we give them the right tools and make the secure choice, the easy choice, they will take it. 843.000000 854.000000 That's why I recommend password managers. That's why I push for MFA everywhere. That's why I advocate for tools like Cloud Warp for mobile and desktop users on the go. 854.000000 863.000000 Because good tools make good habits stick. And I've seen firsthand what happens when those habits are not there. 863.000000 869.000000 There was one case I remember. A user clicked on a fishing email that looked like a docusign request. 869.000000 877.000000 The branding was flawless. The urgency, it was believable. They entered their Microsoft 365 credentials into this fake page. 877.000000 885.000000 And within minutes, their inbox was taken over and used to launch internal fishing campaigns targeting finance. 885.000000 893.000000 Our department caught it. We contained it. But not before it created confusion, risk, and a whole lot of cleanup work. 893.000000 897.000000 And that was just one person, one click. 897.000000 911.000000 So when I tell people to take this stuff seriously, it's not theoretical. I've seen the domino effect. And I've seen how just one extra layer of protection, one good decision can stop that domino from falling. 911.000000 921.000000 Alright, let's wrap this up. Here's what I hope you take away from today's episode. Cybercrime today is automated, scalable, and indiscriminate. 921.000000 935.000000 You don't have to be richer famous to be a target. The most common attacks don't rely on high end hacking. They rely on people reusing passwords, skipping MFA, or clicking on things that appear to be legitimate. 935.000000 944.000000 Your behavior matters more than your firewall. So here's my challenge to you. Start with just one thing today. 944.000000 957.000000 Turn on MFA for your email. Install and use a password manager, and let it start handling your logins. Try Cloud Flare Warp on your phone or laptop next time you're on public Wi-Fi. 957.000000 964.000000 Small steps now are a lot easier than dealing with identity theft, or account compromise later. 964.000000 973.000000 And remember, this stuff isn't just for IT people. If you use the internet, you're in the game. Might as well play defense. 973.000000 987.000000 If you found this episode helpful, feel free to share it with a friend or a coworker. You can find all episodes and my blog articles at TechItForMe.com, or follow this show on your favorite podcast app. 987.000000 992.000000 Thanks for listening. This has been the Tech It From Me podcast. 992.000000 996.000000 Tech It From Me is an independent and solo-produced podcast. 996.000000 997.172187 [BLANK_AUDIO]