Steve Wiseman
👤 PersonPodcast Appearances
So your credit card, if it comes with other personal information about you, will go for about $45 online on the dark web. But your medical insurance will go for much more. And that's because they are able to turn that into... They can get medical equipment. They can sell the use of the insurance. And here's the thing that makes no sense whatsoever. You become a victim of medical identity theft.
Somebody has accessed your medical insurance. You find out. You report that. And you attempt to get this false information removed from your medical records. Well, that would violate the privacy of the medical identity thief. And so all you can do is have a notation on there that this information is disputed.
But quite frankly, you could have information on your medical report that could contain a false blood type or a medicine to which you are allergic to. And these things could be potentially fatal. So Medical identity theft is a huge, huge problem, and unfortunately, the healthcare industry has been very, very lax in protecting data, including medical insurance records. Wait, what?
Yep. The HIPAA privacy law is protective. I mean, when I first found that out, I kept looking for, I must have had bad information. But nope, that's it. That's our government at work.
Years ago, there was a cartoon called Pogo, and Pogo had a saying, we have met the enemy and he is us. All too often, when it comes to being scammed and when it comes to becoming victims of identity theft, we may be our own worst enemies. For instance, we put too much personal information up on social media. So The grandparent scam, which is still going on.
And that's where the grandparent gets a call in the middle of the night. The grandchild is having problems wherever they are. They've been arrested or there's been a medical emergency. The scammers gather that information through social media. I used to like the Big Bang Theory, the show. And Sheldon used to call his grandmother Meemaw.
And so they could, the bad guys could know from checking out your social media, you call your grandmother Meemaw. And so they get a call, Meemaw, it's me. I'm in trouble. I need some money. Get it to me fast.
Yes, I saw the videos of that. It was terrific. Along with individuals, Willie Sutton, a famous bank robber, was once asked, why did he rob banks? He said, because that's where the money is. Major, major scams are perpetrated against companies and government agencies. We've seen that with ransomware and other things.
But one of the biggest, as far as companies go, is called the business email compromise. And what happens is the bad guys get into the computers of a company. They find out when a particular CEO or CFO is going to be away or on vacation or something. And then they send an email that appears to come from them. asking to wire money to a particular company that they're doing business with.
Of course, there is no company that they're doing business with. It's going to the scammers. But they now have this deep fake technology, which can be used for videos as well as audio. And there was a German company in which they had a subsidiary in Britain. And the criminals were able to get the voice of the CEO of the company from some YouTube videos.
And they were able to take that to do a phone call that sounded exactly like the CEO. There's an easy technique called spoofing where you can fool your caller ID so you can make it look like it's coming from wherever. And the scammers picked up a quick $200,000.
When I describe these identity theft protection services, I say this kind of like you're crossing the street and you get hit by a bus and someone rushes out to tell you, hey, you just got hit by a bus. That's what these services do. They don't protect you. from becoming a victim of identity theft, they alert you sooner that you have become a victim. So it's helpful.
You can do these things for yourself. I think some of them are priced so that, yeah, they may be worth it. But frankly, the best place to find a helping hand is at the end of your own arm. And the one thing... that absolutely none of these identity theft protection services do, which is the absolute best thing for protecting yourself, is putting a credit freeze on your credit reports.
And now, since 2018, you can do it for your children and Children, according to a Carnegie Mellon study, are 51 times more likely to become targeted for identity theft than adults. This can protect you so that even if someone gets your personal information, they're not going to be able to open accounts in your name, which is a big way that people get whacked. So a credit freeze is... Easy to do.
If you're going to apply for credit, you can go online and lift it so that the creditor, at least a car recently and they had to check it out, can check my credit report and then put it back on automatically. So best single thing you can do is freeze your credit and freeze your children's credit.
Identity theft is high tech, low tech, and no tech. It isn't just coming through your computer. It is going through your trash. This is anything they can do to get the information, they will do.
Absolutely. And, you know, this is one of my mottos is things aren't as bad as you think. They're far worse. So what if you have a shredder and you shred the documents before you put them out? And in Arizona in particular, there were identity thieves who hired methamphetamine addicts who would stay up all night. piecing together single shredded, you know, just vertical shredded documents.
And so if you're going to shred, which is a great idea, make sure you get a cross shredder.
Yeah, quite frankly, I don't think that's an unreasonable fear. Identity theft is... High tech, low tech, and no tech. It isn't just coming through your computer. It is going through your trash. This is anything they can do to get the information they will do. You had mentioned IRS. How do those scams work? You know, they're twofold. One of them is imposter scams.
And this is, according to the Federal Trade Commission, the biggest level of scams that we've had in the last year. And this is where you get a telephone call, a text message, or an email that is coming from some, maybe it's the FBI, maybe it's Social Security, and lately it's from the IRS.
that spoofing where the scammer very easily can trick your caller ID to make it look like it's coming from the IRS. They tell you that, here's the thing that bothers me. The fact that the IRS has had to put on its website, we don't ask for or take gift cards, but criminals posing as the a wide variety of pretexts.
They'll ask you for gift cards, credit cards, some kind of payment that you do over the phone. The other thing is income tax identity theft, which is a multi-billion dollar problem. Someone gets your social security number
uh files electronically a tax return using your number and a counterfeit w-2 they get a big refund if you file after them your your return will be held up and right now the the irs is taking about
uh... close to three hundred days to process claims for your legitimate refund so uh... income tax identity theft is a way you know they're not getting me the government government's money but you're not getting your refund for pretty much close to a year does the i r s take payments over the phone i thought they did not They did not. And as a matter of fact, I'm glad you mentioned that.
People say, how do I know if it's the IRS calling me? How do I know if it's the IRS sending me an email or a text message? And the real easy way to know it is the IRS never initiates contact in any of those three manners. The only way they initiate contact is through snail mail. So if you get a phone call, an email, or a text message indicating it's from the IRS, you know it's a scam.
I'm a I'm a lawyer and also a college professor at Bentley University, where I teach white collar crime. Actually, before I taught at Bentley University, I taught at a number of other colleges with ever setting foot on the campuses. I used to teach in their prison education programs in the Massachusetts state prisons. And it was there I met a number of scam artists and con men and criminals.
Always found it fascinating. And then, unfortunately, had a personal experience about 20 years ago where I was a victim of identity theft. And this was, I think, really around the time that identity theft was taking off as a crime. It is now the biggest consumer crime. So I just find it very, very interesting and timely.
Well, you know, there's two things about that. First of all, no one is too smart to be scammed. All you have to do is look at Bernie Madoff and the many intelligent people that wound up being victims of his scam. And he actually was kind of of that mind that If you're too smart, you wouldn't be scammed. He actually blamed his victims at one point.
He said, if anyone looked into what I said I was doing, they would know it's impossible. But when you mentioned about the Nigerian email scam, it brought a smile to my face because lately the Nigerian email scam is still with us and they are absolutely even more ridiculous than ever. And at first I was thinking, you know, why would they do that?
And the thing is, they want to get the most vulnerable, the most greedy, and people who will fall for it. They don't want to spend time with someone who will be asking a lot of questions. But the short answer to your question is anyone can get scammed, and the person that thinks they're too smart for it, they're going to be the next victim.
One of the things is the Internet of Things. Anything that you have that is connected to the Internet and that is a vulnerability for you. So, you know, if you have a smart TV in your home. If you haven't protected that and changed the default password, an identity thief can get into, hack into your Internet of Things device. And there were more than 1.5 billion attacks last year on these.
Get to your computer. From your computer, they get to your online bank account. You know, there are other times where, again, the identity theft, they trick you into providing information. I was speaking with some victims and a TV crew about a victim of a scam. They went online. They found what looked like a legitimate site.
It appeared to have all of the good credentials, but they didn't check it out. And the bottom line is they sent their money to a scammer. So we really have to do our homework in these scams. The SEC, which is interesting, actually did a phony website called for a non-existent cryptocurrency called HowieCoin.
And it looked good, had all of the endorsements of celebrities and everything to make it appear good. And if people click through and it got to the part where they were going to send their money, there's a big announcement on your screen telling you that you would have been scammed, that this is a scam. So different scams lure you in. They all take advantage of fear and greed.
They're going to attack your router. Remember, your router is the gateway to all of the tech equipment you have in your house. So they'd have to be parked outside then. I mean, they'd have to be close. Oh, no, no, they don't even they don't. This this can be done at a distance. As a matter of fact, the FBI issued a warning about hacking into routers by Russian cyber criminal gangs.
And the problem there is a lot of people don't change the default password on their router. And those router passwords are available online. Criminals halfway around the world can hack into it.
I mean, there are other issues there with our smart TVs. And interestingly enough, the prices of our smart TVs are less than what we would actually pay for it if those televisions were not subsidized by companies that are taking information that we agree, we don't realize we agree, to be gathered about us that is gathered by our smart TV that is watching not only what we're watching on TV, but
but the TV can pick up and be connected through your router to all of the other devices in your home. And so the privacy that you give up, unless you know enough, and most of us don't, and they make it difficult too. I mean, even children's toys, they come with a default password. And if people don't change those passwords, that's the Trojan horse that can lead the hackers
to your computer, to your bank account.
Absolutely. I mean, it's all of the above. The Jamaican lottery is still a major one that appeals to our greed. And there are gangs in Jamaica that have gathered telephone numbers of generally older Americans and they call them. They tell them that they've won a lottery that they never even entered. And, you know, it's tough to win a lottery. It's really tough to win. Yeah.
And so they have to pay fees or taxes. And that thing is huge. Now, that depends on greed. But there are plenty of times, particularly with cybersecurity, that we're not necessarily taking the steps and we don't realize where we are vulnerable. And of course, even if you, you know, I'm one of these guys, even paranoids have enemies. So, you know, being in the business, I'm particularly paranoid.
And I was particularly angry in 2017 with the major data breach at Equifax, where 147 million of us, and I include me in there, had our personal information stolen. So despite the fact that I'm taking care to protect my personal information, the companies didn't. And with Equifax, what made it worse is Steve Jobs once said, if you're not paying for a product, you are the product.
And with Equifax and the other credit reporting agencies, they make their money from selling our personal information. And so the idea of protecting our information wasn't as high on their priority list as it should have been.
So explain how that works. Interpol once indicated there were only about 100 cyber criminal geniuses, but their business model now is they will create the malware, the botnets to distribute it, provide tech support, and they will sell and lease what they've created, on the dark web to less sophisticated criminals. So they will be able to get all of our information.