There are a shocking amount of businesses that ultimately fail because of fraud. Many managers and business owners are unaware of their losses because they do not have the systems in place to look for fraud and it may not be their primary concern.

Today’s guest is James Ratley. Jim graduated from the University of Texas at Dallas with a bachelor’s degree in Business Administration. In 1971, he joined the Dallas Police Department as a police officer. He was on numerous task forces with a concentration on major fraud cases. He joined a major forensic accounting practice and was in charge of fraud investigations.

In 1988, he was named the Program Director of The Association of Certified Fraud Examiners and in 2006, became the President. In 2011, he became the CEO and he retired in 2018 after 30 years there. James has been an adjunct professor, published author, and named by Accounting Today as one of the top influencers multiple times.

• [1:14] - James shares his background and the way his career panned out over 30 years.
• [3:35] - When the ACFE was established, there was no information or education around it at all.
• [5:09] - The average organization loses 5% of their revenue to fraud. Out of every ten people hired, statistically, six of them will steal from you.
• [6:46] - Fraud can be prevented and strategies to reduce fraud are typically inexpensive.
• [8:40] - It’s important for business owners not to be afraid to call it fraud.
• [10:25] - Fraud perpetrators believe they deserve what they’ve taken.
• [13:26] - It’s important for businesses to have strong management and leadership. Training is crucial.
• [14:18] - James discusses the most common types of fraud and how even the seemingly minor things could be detrimental.
• [18:24] - Fraud perpetrators are really good at hiding what they are doing and making the business owners believe it could never be them.
• [20:15] - Another strategy is to separate tasks out and be strict about them.
• [21:37] - Surprise cash counts is another good strategy.
• [23:13] - There are no small frauds, only frauds that have not had time to reach maturity.
• [25:44] - You impact rationalization through education.
• [29:16] - James lists some of the red flags that could indicate something more going on.
• [31:31] - There should be policies and regulations that purchasing officers are held to.
• [36:30] - Auditors must be completely independent.
• [40:10] - Some business owners will deny the problem is happening because it is hard to deal with and accept that someone they trust could be stealing.
• [44:35] - Many small organizations go out of business due to operating at a loss. Most of the time this is because of fraud.
• [47:25] - Never judge someone by the standards you have for yourself.
• [51:12] - Something to remember is that most fraudsters will steal in even numbers.
• [53:11] - In most cases that James has worked, the manager had seen all the signs, but never thought anything about it.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• ACFE Website

Now that so much of our communications are digital, such as texts, emails, and chats, we miss out on the tone and facial expressions to help us understand the intent and content in communication. It’s important to know ourselves well enough to know what areas we’ll be more easily influenced and are susceptible to being deceived. The greater our desire for something to be true, the easier it is for us to be scammed.

Today’s guest is Mark Bowden. Mark is a world-renowned body language expert, keynote speaker, and best-selling author. He is the founder of the communication training company, TruthPlane. Mark is also a member of The Behavior Panel on YouTube.

• [1:08] - Mark shares his background and what motivated him to specialize in human behavior.
• [2:34] - There are parts of the brain that are activated when we first meet someone new.
• [3:56] - Think about how many people you see on a regular day. Some you will notice and some you will not.
• [7:03] - There are certain parts of the brain that can overwrite natural instinct.
• [10:02] - Mark demonstrates how body language changes when there is perceived risk.
• [14:50] - Body language signals can be perceived inaccurately. People can also change their body language to send different signals.
• [17:15] - So many signals that our brains rely on in communication disappear when we cannot see the person we’re talking to.
• [19:16] - Mark gives an example of how the human brain perceives the bait of a scam.
• [22:48] - The first step in critical thinking is to suspend judgment.
• [25:58] - “You can only con a greedy man.” Think about what you want so much that if it were offered, you lose your sense of judgment.
• [28:33] - If anyone ever tells you that something seems like it isn’t true, suspend judgment and look into it.
• [30:32] - It’s a risky world. There are people who have dedicated their lives to deceiving others.
• [35:13] - Part of critical thinking is asking other people whom you trust about what they think.
• [39:56] - Sometimes we will set people up to see how they will respond.
• [43:11] - It is best to have an open mind and be willing to see things for what they are over what you want them to be.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• TruthPlane Website
• Mark Bowden on YouTube
• The Behavior Panel on YouTube

Many industries are reliant on software and if the software becomes corrupt or an update fails, it may require hands-on support. Do you have your infrastructure set for repair and recovery?

Today’s guest is Gabe Dimeglio. Gabe is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission-critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analysis/risk mitigation, and compliance.

Mr. Dimeglio serves as Vice President & Executive Advisor, Security, Office of the CTO at Rimini Street. He is responsible for oversight of the GSS organization that provides tailored consulting and advisory security services to prospects and clients, in collaboration with Rimini Street sales, client engagement, and retention functions.

• [1:18] - Gabe shares his background and what he does in his roles at Rimini Street.
• [2:38] - Anyone can be a victim of a scam. That includes Gabe.
• [4:03] - Scams are very sophisticated and techniques have come a long way in the last decade.
• [5:23] - Gabe describes what happened with the update that shut down much of the United States’ systems and infrastructure.
• [8:30] - To complicate things, the platform could not be restarted with this update in effect.
• [10:42] - Updates are sideloaded continuously and are processed by this kernel driver. The thought process is interesting because it has happened before.
• [12:37] - This was the biggest problem caused by Crowdstrike.
• [14:47] - One mistake out of 10,000 updates is a low error rate, but there is a lot of reputation damage done in this event.
• [16:50] - In the case of Crowdstrike, turning off auto-update was not an option.
• [18:43] - Any time software, programs, or data are introduced, you’re also introducing risk.
• [21:04] - Part of the solution to fixing this massive problem was hands-on support on every box.
• [26:13] - One problem is that there are some industries where technology is very outdated.
• [27:23] - People are selling their solutions and the solutions are cloud-managed. This is scary due to frequent cloud breaches.
• [31:10] - There are still businesses that have no security professionals or teams managing client data and safety.
• [32:53] - The skills gap is crushing most businesses.
• [35:03] - Security has come a long way, even if there are still areas of lack.
• [37:01] - For the last couple of years, security has been something that there is a budget for in most businesses.
• [40:49] - Don’t ever let anyone convince you to shortcut anything.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Rimini Street Website

It’s not always easy to determine the value of digital assets. The potential of overestimating or undervaluing your data can make it difficult to establish how much protection you need for a cyber intrusion.

Today’s guest is Jeremiah Grossman. Jeremiah has spent over 25 years as an InfoSec professional and hacker. He is the Managing Director of Grossman Ventures. He is an industry creator and founder of White Hat Security and Bit Discovery. He has his black belt in Brazilian Jiu-Jitsu and is an avid car collector.

• [0:53] - Jeremiah shares his background and what he does as the managing director of new venture capital, Grossman Venture.
• [1:55] - When he was 24, Jeremiah’s business was victimized by a data breach.
• [5:30] - This experience taught him that if you treat your customers with integrity and have their best interests in mind, they will keep doing business with you.
• [7:43] - These things happen to countless businesses. It is important to keep customers and clients informed.
• [10:27] - Cybercrime is one of the only crimes where the victim doesn’t always know they’re a victim.
• [13:30] - When it comes to solving these problems, we have to narrow in on the problems that are worth solving and then work for a solution.
• [14:53] - Doing an asset evaluation is a good starting point. There is no algorithm to determine the value of digital assets.
• [19:18] - What role does AI play in this and what should people be wary of?
• [20:31] - How do we raise the cost on the adversary?
• [23:12] - There are ways to bait adversaries as well which is an inexpensive solution.
• [25:17] - These days, adversaries are nowhere physically near the data. They access it all through digital means.
• [27:28] - Jeremiah is optimistic about AI and in his perspective, AI is a tool that will help us determine solutions.
• [28:07] - Currently, cyber insurance has become compulsory.
• [30:48] - Jeremiah explains how things work in venture capital and the problems that are common.
• [34:11] - There are many things that we can do better in this space.
• [35:46] - Jeremiah shares advice for small and medium-sized businesses.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Jeremiah Grossman’s Website
• Jeremiah on Twitter

Pig butchering is worse than just manipulating someone and taking their money. It leaves them with emotional anguish. Once their finances have been drained, they lose their financial security and they no longer trust people. Today’s guest is Erin West. Erin has been with the County of Santa Clara for 26 years and is a Deputy District Attorney. She specializes in cryptocurrency investigations and prosecutions.

• [0:46] - Erin shares her background and what her role is as a Deputy District Attorney in Santa Clara County.
• [3:20] - Five years ago, Erin found herself working on prosecutions regarding SIM swapping and cryptocurrency hacks.
• [4:35] - The emotional impact of “just a financial crime,” is staggering.
• [7:38] - You never know who around you is a victim of some of these crimes.
• [8:18] - Erin describes the experience of being convinced to click a link herself.
• [10:32] - Scammers will think about different things that would trigger someone into clicking a link.
• [13:40] - Pig butchering involves building trust with a victim and showing them a false plush lifestyle.
• [16:08] - A red flag is a text or social media message you may receive that seems misdirected or to a wrong number.
• [19:21] - It feels like the right thing to do when we feel the need to respond to the scammer with a “you’ve got the wrong number,” but that’s how they start a conversation.
• [22:29] - In many cases, scammers bulk text a massive amount of phone numbers. But some people are specifically targeted on social media.
• [24:23] - Covid really accelerated this type of scam due to loneliness.
• [25:40] - A misconception is that these scams target the elderly. But it is not based on age at all.
• [27:03] - Unfortunately, law enforcement is not set up to be able to handle this type of crime.
• [28:18] - Erin explains that law enforcement doesn’t tend to always lead with empathy when this type of crime is reported.
• [30:12] - It is important to report the crime to local law enforcement, but there are other places that the crime can be reported to in addition.
• [32:50] - Victims should be able to speak to a detective.
• [34:33] - Victims should be very wary of third party recovery programs.
• [37:26] - On the other side of things, a scammer could also be a victim of human trafficking and being forced to scam others.
• [39:40] - Scams are being operated on a massive scale and have a front of a corporate business.
• [41:14] - Initially, most of the cases seemed to have money moved out of the country. However, recently scammers have been found to be operating in the US.
• [44:04] - There is some hope and opportunities in recent months where money laundering has been intercepted.
• [46:41] - Progress in education and advocating for less victim shaming is moving in the right direction.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Erin West on LinkedIn

Sometimes people only share their stories after they’ve gone through a challenging time. But it’s also important to learn from those in the middle of a scam to learn how people are manipulated and how vulnerable our loved ones can really be.

Today’s guest is Terri Proctor. Terri’s elderly mother has been scammed by romance scammers over the last three years. In trying to get help from different recommended services, she realized that no one was really interested in helping. She started the non-profit Stop Elderly Scams to educate and bring awareness to the community.

• [0:53] - Terri shares her background and how she was thrown into her situation. Her experience led her to founding a non-profit.
• [2:28] - Over the course of a year, Terri’s mother lost about $100,000 to a romance scammer.
• [3:30] - Terri’s mother was not treated like a victim. She was treated as a willing participant.
• [6:01] - There were many reasons why Terri’s mother was vulnerable to manipulation, including loneliness.
• [8:23] - It is sad to see the comments online about victims of scams.
• [10:23] - The shame and embarrassment a lot of victims feel causes them to not talk about the problem or seek help.
• [11:57] - In the beginning, Terri admits that she had a lot of anger and frustration that was also focused on her mother. It is better to listen and try to reason.
• [14:54] - Terri’s mother was stopped by a store manager from buying more gift cards. The manager has expressed concern that she is not the only one.
• [16:51] - Part of the vulnerability of Terri’s mother is loneliness.
• [18:47] - Other types of scams tend to target the elderly. It is hard to keep up.
• [24:08] - How can we help our loved ones without taking away their independence?
• [26:21] - People should feel free to talk about these issues. Terri shares how her non-profit is helping educate and make a difference.
• [28:46] - It is challenging to find the balance in helping loved ones and making sure they have their autonomy.
• [29:59] - When you think you’ve learned about one thing or one scam, another problem pops up.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Stop Elderly Scams Website

Regulators have to invest a considerable amount of time in keeping legislation and policy up to date regarding technology and AI, but it’s not easy. We need floor debates, not for sound bytes or for political gain, but to move policy forward.

Today’s guest is Bruce Schneier. Bruce is an internationally renowned security technologist called The Security Guru by The Economist. He is the author of over a dozen books including his latest, A Hacker’s Mind. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. He is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University, a lecturer in Public Policy at Harvard Kennedy School, a board member of the Electronic Frontier Foundation and AccessNow, and an advisory board member of EPIC and VerifiedVoting.org.

• [1:40] - Bruce shares what he teaches at Harvard and the current interest in policy.
• [4:27] - The notion that tech can’t be regulated has been very harmful.
• [6:00] - Typically, the United States doesn’t regulate much in tech. Most regulation has come from Europe.
• [7:52] - AI is a power magnification tool. Will the uses empower the already powerful or democratize power?
• [9:16] - Bruce describes loopholes and how AI as a power magnification tool can mean something different in different situations.
• [12:06] - It will be interesting to watch AI begin to do human cognitive tasks because they will do them differently.
• [13:58] - Bruce explains how AI collaboration can be a real benefit.
• [16:17] - Like every text writer, AI is going to become a collaborative tool. What does this mean for writing legislation?
• [17:18] - AI can write more complex and detailed laws than humans can.
• [21:27] - AI regulation will be skewed towards corporations. Bruce explains how public AI could work.
• [23:46] - Will AI help the defender or the attacker more?
• [26:19] - AI can be good against legacy, but we need some sort of infrastructure.
• [29:27] - There’s going to be a need for proof of humanity.
• [32:29] - It is hard to know what people can do to help move regulation along. Ultimately, it is a political issue.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Schneier on Security

Security risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring.

Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others.

• [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ.
• [3:49] - At the time of this recording, there has been a major global security panic.
• [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of.
• [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went.
• [9:33] - Pen tests and threat emulation do not need to be limited to just once a year.
• [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention.
• [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again.
• [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies.
• [16:41] - Andrew discusses the frequency of really critical CVEs.
• [19:01] - What do attackers go after when they’ve breached a system?
• [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable.
• [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset.
• [24:56] - If we run every test, the amount of data will be overwhelming.
• [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach.
• [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found.
• [30:18] - The red team is not going to be able to cover your entire organization.
• [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference.
• [33:50] - How are vulnerabilities and tests prioritized?
• [36:19] - Andrew describes the things his team works on and their objectives for customers and clients.
• [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach.
• [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Andrew Costis at Attack IQ