Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Coffee Chat: Fraud, Scam and Cybersecurity, a conversation with Lital Asher Dotan and Didi Dotan, a married couple in Cybersecurity.
568 Plays2 years ago
In this episode, we're joined by special guests Didi and Lital, hosts of The Didi & Lital show, to discuss the most defenseless side of fraud - the tens of thousands of individuals falling victim to scams. Lital is the CMO of Hunters and Didi is a CTO at Oort.
W also dive into the differences and similarities between cybersecurity and the fraud industry, the latest fraud trends, and best defense practices. Our guests Didi and Lital share their insights and experiences, and Ayelet provides her expertise as the founder of Scam Rangers.
The Didi and Lital Show: pod.link/1654750986.
Scam Rangers on LinkedIn: https://www.linkedin.com/company/scamrangers/
Scam Ranger the solution: https://scamranger.ai
Recommended
Transcript
Introduction to Scam Rangers Podcast
00:00:03
Speaker
Scam Rangers, a podcast about the human side of fraud and the people who are on a mission to protect us. I am your host, Ayelet Bigger Levine, and I'm passionate about driving awareness and solving this problem.
00:00:22
Speaker
Welcome to Episode 12 of Scam Rangers.
Fraud and Cybersecurity: A Couple's Insight
00:00:25
Speaker
This episode is going to have a slightly different format. I'd like to invite you to a conversation I had with Didi and Lital, a married couple in cyber security, who I happen to know pretty well. Litala Sheldotan is the Chief Marketing Officer at Hunters.
00:00:39
Speaker
and has been in cybersecurity marketing for the last 10 years. Dididotan is a Chief Technology Officer at ORT, and he and I used to work together years ago at RSA Security. We met to talk about fraud and cybersecurity and what these disciplines have in common, as well as online scams. This time, I share my journey fighting fraud and protecting access to enterprises on their podcast. I hope you enjoy the conversation.
Career Journey: From RSA Security to BioCatch
00:01:11
Speaker
So I started RSA Security 2008, and my focus was fraud detection and enterprise identity. Actually, throughout my career at RSA Security, I spent 11 years there, and I transitioned between fraud protection, working with financial institutions to protect the online banking sessions, and I work closely with you on enterprise identity, protecting access to organizations, which you're still doing today.
00:01:36
Speaker
And it was a really, really interesting transition back and forth. I also transitioned between a lot of different roles. So most of my time at RSA security, I was in product management. I would say about eight years between fraud products, fraud protection products, and enterprise identity products. And then I also transitioned to professional services, working very closely with customers.
00:01:59
Speaker
understanding their problems, challenges, escalations, and then transition to product marketing, which is completely different and a turn, but I think that's where I found my passion because product marketing, and I'm sure you'll connect to this, allows me to really connect the true value messages from the technical side, which I'm very passionate about too. Well, from the technical side,
00:02:25
Speaker
to the marketing side. Absolutely. When you tell them why they should buy this and why it will help them. And I think to me, I really, I come from an engineering background. I'm really kind of a geek in nature and I really like to understand things. So I really like to understand their problems and I ask questions deeply to understand. So it helps me connect the technology properly to that.
00:02:52
Speaker
And then after 11 years at RSA security, I felt like I needed to get a different perspective of the security landscape. And I went to work for Biocatch. And Biocatch is focused on fraud detection with technology called behavioral biometrics. And we'll talk about fraud, I'm sure, a lot more.
00:03:09
Speaker
And I really enjoyed my time at BioCatch. Well, you got to work with one of the grand masters of the fraud space, which is Uwe, who I really appreciate everything he does. Yeah, Yuri Rivner is definitely a persona in the space, very strong, and he now actually left and started a new company in AML. And it was a pleasure to work with him, and I think there are a lot of great people
00:03:35
Speaker
Coincidentally, a lot of people moved from RSA to Biocatch because I think there are a lot of similarities in the approach and Biocatch just took it to the next level in terms of technology. So a lot of great names and a lot of great people and it's doing really well. My role there, my last role, I ran marketing for Biocatch for last year and
The Emotional Toll of Scams on Victims
00:03:54
Speaker
a half.
00:03:54
Speaker
And then what happened was I realized that we're really focused on the metrics that banks care about like when it comes to fraud detection like false positive rates and high detection rates and balancing security and user
00:04:13
Speaker
Experience as you how fast security and user experience and I realized that something is missing and what was missing is the human side what happens to the people on the other end and what has emerged as a large threat because the security controls that banks got so got to be so good and so effective what was missing or what happened and what evolved is that cyber criminals turned to attack the weakest link the human
00:04:42
Speaker
with online scams and that's a vector that's growing very, very fast in the fraud space. Also in the enterprise protection space, we're seeing this is why it kind of exists is because we're seeing that the attacks stopped being from zero day and started to go after the person.
00:04:59
Speaker
Right, exactly. The weakest link, the human. All the scams that attack enterprise to gain access to systems and social engineering of new employees, of HR, of impersonation of IT, impersonation of HR to get data, to get access, that is the same approach that cybercriminals are taking for financial fraud. And I realized that
00:05:24
Speaker
the impact on the human is much bigger than, first of all, than we think about. And that financial institutions and fraud teams don't necessarily think about this on a day-to-day basis. Because for customers whose accounts are taken over,
00:05:42
Speaker
there's typically reimbursement by the bank. Because if someone stole credentials and used a different device to access the account, there's regulation today to reimburse customers. So the financial impact is eventually going to be compensated for. And there is going to be a hassle because you need to contact the bank, it needs to get resolved, it's going to be a process, but it will be taken care of eventually. And it's not something that you did.
00:06:09
Speaker
Someone manipulated you emotionally to transfer money to them and you realize that was a scam. You have the financial impact, you have the emotional impact and there is no reimbursement today. And that hit me and I realized that that's something I need to be involved in and I need to be part of the solution.
00:06:29
Speaker
This is so interesting. I recently, a friend of mine got scammed and she didn't care about the money. This is so interesting. She just said how deeply she felt bad about being manipulated and believing those cameras. And she was like, I can't believe I believed them. I can't believe that I approved this transaction. So I never thought about it. But yes, there is an emotional toll when you are being scammed, when like,
00:06:59
Speaker
you had trust in the system or like somebody called you out of the blue and walking and with your dog and like you were happy and somebody said something to you and you thought it was real like people that the life gets shattered when they kind of like realize
00:07:16
Speaker
how full I was and it's easy to manipulate people.
Scam Tactics: Bank Impersonation and IRS Calls
00:07:21
Speaker
So it's really interesting. I didn't think much about it, but because she went through that, it was interesting. I'll give you another example of someone. There's a very well-known scam called bank impersonation scam.
00:07:32
Speaker
The scammer, let's say it starts with a text message saying, you have this transaction for $400, if you didn't do it, call this number. Okay, driving sense of urgency, I called the number, now I'm talking to a scammer, because I got a random... And you think it's the... I think it's the bank, I'm nervous, they manipulate you in a sense of fear. Okay, so now I'm talking to what I think is the bank, but it's really a scammer. And what this person is doing is,
00:07:58
Speaker
They're manipulating you. They're causing more fear. They're causing you to take action now. There are all these time bombs they put in, and you think you're talking to the bank. Okay, now let's say that the bank put a control that allows them to somehow magically detect that, although it's your legitimate device and you're using the network elements and all the things that we looked at when we were doing fraud protection.
00:08:22
Speaker
everything looks legit but somehow they manage to detect that it's not maybe the session's very long whatever that some behavioral analytics or behavioral biometrics so the bank fraud team calls you on the other line call waiting you're talking to the scammer but you think it's a bank the bank is now calling the real bank is calling you
00:08:40
Speaker
They're not saying, I'm the real bank, trust me. How do you know who to trust? Oh gosh, that's tough. And I've even heard a case, a good friend of mine told me that, and he's in fraud too, he's a fraud fighter, but his grandmother was scammed, bank impersonation scam. They didn't even go to the extent to say that they're the bank. What they told that lady, who's elderly, is that
00:09:01
Speaker
Her bank is in on stealing money from her. They're conspiring against her. So they're going to save her. And they convinced her to transfer the money. And they said, your bank might call you. But when they call, just know that they're in on this conspiracy. So don't believe them. So that manipulation is devastating. And it's a shattered sense of reality. Just like you said, it's completely distorted. I don't know what to believe anymore. And it causes post-traumatic stress disorder. And unfortunately, there are also cases of suicide.
00:09:31
Speaker
Wow. People just lose their confidence. Think of all the IRS scams. This really impacted people. Speaking of IRS tests, this is tax season. Be very, very, very careful because this is the scam between beginning of March till the end of April.
00:09:49
Speaker
Everybody gets a call from the IRS saying that they failed the audit, that something is bad. Where investment is coming. No, nothing scares people more than the IRS wants your money. Nothing scares people more. And the IRS will not call you like that. They will not.
00:10:07
Speaker
There's been a decline in robocalls for IRS in the last few years because authorities asked mandated telcos to do something about it, and there has been a lot of robocall-related technology evolution. I actually have a story about an IRS scam. I got a call in 2014, I think, or 50.
00:10:25
Speaker
Something like that. And I realized that they called. I know it's a robocall, but I wanted to see the mode of operation. So I just went down the path. I clicked one. They asked for my name. I gave fake information and I gave a fake address in Texas. I just made something up. And then, of course, they found that I owe money and that and.
00:10:44
Speaker
I didn't take it very seriously, so they continually aggravated the situation. It started from you owe us money to the FBI is on their way because you have drug smuggling and whatever charges on your, and they're on their way now. So you better pay. And I know it's scam. I gave fake information. My heartbeat went up like crazy because the, it's scary when someone is yelling at you and you're, and I'm like,
00:11:09
Speaker
It was like, did I get fake information? Oh, God, they have my phone number. Nevermind. I'm going to hang up now. So yeah, it's very, very intense. And what I want to do in my new mission is to prevent that from happening in the first place. So like I said, there is a decline in robocalls. Unfortunately, they didn't stop. They just transitioned to using text messages and emails and social platforms and dating platforms. And there are so many different types of scams are so creative. And they prey on the psychology of human nature.
00:11:39
Speaker
I got a person call from the IRS. Not a robo call. Oh, a person call. A person call. Okay, wow. A real, real person. Yeah. I mean, our call centers, they employ people. Absolutely. It's a business. Yeah. Yeah. Yeah. And they have ways to, the telcos have a way to stop calls based on volume. Also, not only robo calls, but just
00:12:02
Speaker
But what they do is they actually use many SIMs and change phone numbers all the time. So there's no ability to repeat and block list the calls, the bag numbers. So they're very sophisticated in that. They know what controls we're using and they're just moving around. So I'll give you another example of a really nice attack that they did. So as you know, most school systems call centers
00:12:27
Speaker
are automated. They hacked a computer on the school and they got calls coming from the school. So as if the school is calling you? The number shows up as the school. The school district. And I know that I enter the school on the school. That's the only number that I actually answer. They went one by one on the parent list.
00:12:51
Speaker
This was very, very impressive. Oh, wow. Exactly. So impersonation of the phone number. Yeah, this is super interesting. Maybe we take one step back because a lot of the people listening are from cybersecurity. And I wanted to kind of like clarify this relationship between cyber and fraud. I think they're very close to each other. They're also
00:13:14
Speaker
different in a sense. So help us understand kind of like how these two worlds come together and come apart. Yeah, and I'm happy to have this as a conversation. From my perspective, as I said, there are a lot of similarities in the techniques that are used from an org structure perspective. Let's start with that. I think that typically the fraud teams
00:13:36
Speaker
currently belong to financial institutions, merchants, e-commerce companies, places where they're dealing with customers and there might be fraud. A lot of transactions. If you're not an organization with a large volume of transactions, you care less, I guess, about fraud.
00:13:54
Speaker
Right, there's insider fraud and embezzlement and things like that. But when it comes to what we're talking about, online fraud detection controls and technologies and methodologies, then it's typically for those organizations that perform or have transactions, have money moving around.
00:14:11
Speaker
So typically, I would say, and it really, really depends on the organization, their structure. I think in the past, it did report to cybersecurity, but over time, because of the importance of the user experience, it shifted to be under the products team or the digital team, the digital marketing team. And there was a center of excellence for fraud, or it reports to the risk center, which is also very, it also depends on the country. It changes and varies.
00:14:38
Speaker
What is important is that the cybersecurity organization is always a stakeholder in the decision-making process. They're not disconnected. Hopefully they work together and collaborate to also find adjacencies because you can take a lot of risk indicators from fraud and consume them on the cybersecurity control side and vice versa. And definitely from a knowledge perspective, knowledge sharing and brainstorming and thinking about how we tackle this and how we tackle that.
00:15:07
Speaker
definitely advocate for collaboration across those teams, even if they're not in the same org chart. From a methodology perspective, I would say if we kind of look at fraud controls and feel free to chime in. I know you're an expert on this too. So initially, the fraud control started with IP intelligence, device intelligence, behavioral analytics. So looking at characteristics of the different transactions over time. What are we learning about this user? Are they behaving normally?
00:15:36
Speaker
based on their activity in the past, the types of PEs, and learning what is risky. And you'll count is risky and new PE is risky, things like that over time. And then behavioral biometrics was layered on top of that. So how does a user swipe and click and move their phone with a gyro and things like that?
00:15:54
Speaker
Sounds like rocket science, but it's it's pragmatic and it works very well. Basically, is it a real phone of a user? It's even more. It's even simpler. It's what are your biometric traits? So, for example, your mom clicks very differently than you. Right. If I run JavaScript on the client, I can see how the mouse moves, how fast you click.
00:16:17
Speaker
Think of how face it does. And it belongs to you. Yeah. But what you said is also one of them. So is it a bot or not? Is it a real human behind it or not? Or is it so automated? So absolutely bot detection is part of fraud protection as well. And that's another connection point with cybersecurity because bots can access consumer websites and they can access or attempt to access enterprise website as well.
00:16:38
Speaker
So that's one aspect. Are you who you claim to be by looking at the data without asking for authentication, without asking the user to participate because of that high focus on user experience. Another really interesting part of behavioral biometrics is the ability to look at patterns and say, this looks like a cyber criminal or this looks like a legitimate user. So I'll give you an example. When you open an account as a legitimate person,
00:17:07
Speaker
You're going to look for at the form the account of an informed fill in the details look at the terms and conditions Maybe it's a credit card design if it's a new credit card And it will take you some time now if you're a cyber criminal who does that 50 times a day? You're gonna do it very very quickly only mandatory fields not stopping for a moment check the box and go you're gonna also so you can see the proficiency and filling out the form and
00:17:30
Speaker
Another element in that same activity is if you're a legitimate user, you know your personal details, your address, your phone number, and you use your long-term memory to fill the form. So your typing will be continuous, there will be no hesitation, but when a cyber criminal does it, they'll either copy, paste from, they'll go off-screen, on-screen, they'll copy, paste, they'll type from a list, it will be continuous.
00:17:55
Speaker
So all these things are patterns of cyber criminal activity versus legitimate activity that are not authenticating the user so much, but just classifying the activity. So that's been very effective. But again, when it comes to online scams, there's a gap because maybe there could be some indications if someone is on the phone and on their device and the session's really long and they're hesitating before they make the payment. So there could be very edge cases that could be caught, but
00:18:23
Speaker
The thing is, online scams, not everything happens online. People transfer money on Zelle, gift cards, they go to the bank, they send checks. They go and get cash and crypto. So a lot of this activity can't be or is really hard to catch. And as I said, even if technology is able to catch it at the point of transaction, the distorted sense of reality interferes with making
Consumer vs. Enterprise: Fraud Detection Challenges
00:18:49
Speaker
decisions.
00:18:49
Speaker
And let me tell you, here's one thing that as somebody who did both of them, it's a very big difference. Because you'll hear a lot of times fraud detection is usually more advanced than enterprise security. More advanced than enterprise security. A lot more advanced than enterprise security. Because money is at stake. The ROI also is clear. It's clear. The ROI is very, very clear. Okay. If you're in a company, if I need to explain to the CISO why I need to buy ort, hunters, whatever to do detection, I need to explain what's the cost of a loss transaction.
00:19:18
Speaker
You need to explain the risk. And cyber risk is not something that is tangible. I'll give you an example. When you build B2B consumer sites, for example, the thing that we built for our consumers at Cisco,
00:19:33
Speaker
That has a little bit of both because it serves millions of people. Everyone is a Cisco customer, but they're not doing this for themselves. So there's no cost of a lost transaction. It's a lot harder than if you're Amazon and you need to know. So trying to establish fraud there, it's a lot harder.
00:19:50
Speaker
But if you're doing, if you're Amazon, you know exactly, you say 5% of transactions, I'm willing to take a hit of X amount of transactions to prevent loss of transactions. There's a whole bunch of stuff that goes there. But anything above that, I'm not willing to take. Exactly. So the money and budgets are very clear and very guaranteed and that's why you'll see a lot more advanced.
00:20:11
Speaker
Interesting. But what happens a lot of times is people in cybersecurity try to implement it back into enterprise security. I had a call from VC that said, how about you do adaptive authorization? And I said, Larry and I, Larry Friedman, who you also know very well, and I failed to do this now three times. And it never has to deal with technology. We solved it technologically in 2010. The problem is people.
00:20:37
Speaker
If I'm in an enterprise and I do my same job over and over and over again, I don't want to be challenged by extra factors in an inexplicable way. I don't want to get a screen of my usual system that says, we don't know if you're who you are, so you get three screens less. The first thing that will happen is they'll call it at IT and yell their heads off.
00:20:58
Speaker
So, and this has happened now multiple, multiple times. So this is stuff that the consumer is actually more open to, to have to, if you see your Capital One state and Capital One thinks that you're not in a good state, they say, listen, we're here to protect you.
00:21:14
Speaker
How about we don't show you this, how about you call us, prove who you are and we'll reopen these fields. Even we know that as users we get very upset if like you're trying to buy a flight ticket and you get the extra thing that is thinking and waiting to be authorized or you need to get a call or you need to approve. Consumer tolerance for additional controls. I think what fraud is trying to do or the fraud controls are trying to do as much as possible without
00:21:42
Speaker
user interaction without harassing the user, without asking. And yes, there is risk-based authentication and asking for additional controls later. And with enterprises, yes, some mad people will call IT, but I think there is acceptance that you need to protect the enterprise. So it's that balance.
00:21:59
Speaker
It's the balance, but you can put a lot, you can top load the controls. So in an enterprise space, I can top load. I can make sure that if you want to do this transaction, always use YubiKey. I don't care if you want to do a transaction over 10K in this bank, insert YubiKey, otherwise not going to happen. So this is acceptance in the enterprise space. And I would say that's also true for consumer, for commercial banking as well, for example. But you can top load.
00:22:25
Speaker
You have to front load. You can front load. You have to front load the security controls invisibly. I think another area of similarity where there's a lot of shared knowledge between cybersecurity and fraud is the analytics, right? The user entity behavioral analytics that's done in cybersecurity, very similar. The data, of course, is different. The elements that we're looking, there are some similarities. Looking for maybe different behaviors, a little bit. Different behaviors and different data, but the methodologies are,
00:22:54
Speaker
essentially very, very similar. And then it's AI models will, or what you put in the models, how you manage the models and supervise them, that will give it the quality. Absolutely. Question about the players, what do we know? Is the other the same like cyber criminals? Are they also the same players playing in fraud? Is it different? Do they kind of like live in the same ecosystem? What do we know about that?
00:23:21
Speaker
So again, I'll chime in and feel free to. So I think there are a number of motivations for cybercriminals in general, right? So you have the nation state hackers, the financially motivated criminals, you have the hacktivists who just want to cross chaos and anarchy and make a point and some, I'm not going to
00:23:40
Speaker
put a point of view here i'll probably support some of those activities but generally speaking no and when it comes to espionage is another one of course and i would say this data breaches the impact of data breaches whether it's for enterprise or for consumer
00:23:59
Speaker
are then the user names, passwords, personal data all find itself in the dark web, right? And the consumers of the dark web, who are the cyber criminals that are financially motivated or whatever, they're going to use the data for social engineering, they're going to use the data to create new accounts, they're going to use the data to take over accounts,
00:24:19
Speaker
So it's all intertwined. I think it's pretty organized there, you know, where to go, where to buy. So it's part of that supply chain, those who create the breaches, sell the data, consume the data, perform, perform the activities. So it's definitely intertwined. I think for fraud, obviously, they're financially motivated at the end of the day, but
00:24:39
Speaker
I think they're financially motivated in enterprise as well. So I'm going to do the short answer. So we thought, yes, I believe that these are the same people. It's the same hierarchy that I was describing. So you get the hierarchy. I call it the shit rolls downhill level thing. I call it the supply chain. So you start with nation states. You start with the espionage in nation states. And when we think of nation states, we think of the NSA and their likes. But there's at least eight to 10 countries.
00:25:09
Speaker
And as you go down the levels of these eight to ten countries, you discover that the guys that build these for these countries start having less and less moral scruples. So the tool that was used to war becomes a tool for commercial gain.
00:25:27
Speaker
Many nation states use those tools for financial gain or play both. Exactly. So then you start going into what I call the grayscale. What does it mean the grayscale? So we, all three of us come from a country that loves the grayscale. They take the stuff that the military built and turn it into
00:25:45
Speaker
Commercially, it's a lawful interception and things that deal with gambling and things that deal with all the crap. All the adware that we get. Now that's in grayscale. Is this legal? Is this not legal? Because they're spying on us. They're really good at spying on us. Zoom info gets us a whole bunch of stuff that I don't want to know how they got there. So now you have grayscale and very close after that comes the not so grayscale.
00:26:13
Speaker
They take the exact same tool that the military's built and now they want to get money. There's easy ways to monetize from enterprise and there's easy ways to monetize out of fraud. It's kind of pick your poison. With enterprise, it's the people that usually want to get a binger bag. Because if I hack a hospital and ransomware the shit out of them,
00:26:36
Speaker
You get a few million dollars or tens of millions of dollars and you go away and then you drop the data in the dark web and resell it to all the fraudulence. Exactly. So the people that usually go after enterprise are more motivated to get a bigger buck. The people that go after people usually are like the people that would have picked your pocket on the tee.
00:27:02
Speaker
Although I want to say that that that has been true for a long time. I think the scam, the amount lost to scams used to be a few hundred dollars, few thousands. Now we have a new class of scams, the crypto investment scam. We're talking about hundreds of rings, big butchering scams. We're talking about. OK. You did a podcast about it, right? Yeah.
00:27:21
Speaker
Let's plug it in. OK, so these scams are millions of dollars to these scams. All the savings of people goes to that. So I'll remind you now again a little bit from our history. Remember that Israel Aloni coming to us, by the way, he's now in Sentinel.
00:27:38
Speaker
He came in and knocked on your office door when we were talking and said, we have to secure the online gambling stuff. Remember when he was talking about this? Because back then there was millions of uninsured, ungoverned money there.
00:27:53
Speaker
Tell people gamble online and lose all the saving, how different it is. No, so attacking the big gamblers used to be a lot less secure. They had their accounts in the gambling sites and those were not insured, very much like I was talking about insurance.
00:28:10
Speaker
So there were a higher class of criminals that used to steal money from the high roller gamblers. Now they put a lot of controls in place, the numbers are going down, so they're choosing other places. But I think what I yelled at is saying is that there's the people that steal from what I call the jackpots.
00:28:30
Speaker
the people that if you steal a lot from, it's like, yeah, it's, it's, it's very pervasive. It's not, they will steal as much as they can, like you said, everything. And if you're everything is a few millions, but also people take mortgages.
Innovation in Scam Prevention Technologies
00:28:45
Speaker
People are taking money that they don't have is taken from them.
00:28:50
Speaker
So this is where tragedy really comes in, but I think it's a gray area. I don't think it's similar to online gambling because I think the gambling sites, not that I think that it's good, but the gambling sites are trying to do gambling, like with chance and rolling the dice in that level. Whereas here it's a scam, it's manipulation. It's different. Your choice of spending money versus... What I meant was... He was talking about stealing from your account when you used to gambling. I'm just talking.
00:29:19
Speaker
the moral ethic of those gambling sites. I want to make sure we have time to talk about your enterprise. You started talking about the people behind those camps. So what are you working on? Tell us.
00:29:35
Speaker
Yeah, so in the last few months, I've kind of been thinking about, okay, my goal is to stop online scams before they happen, before the manipulation starts, before people start to go down that rabbit hole of the emotional manipulation, those conversations, the fear, everything that happens to them that we want to avoid. And just like you said, your friend cared more about the emotional side than the money. Absolutely. It wasn't a lot of money.
00:30:00
Speaker
And so I'm working on a technology solution in that space, very, very early stages. So you're planning to have technology that will help people recognize that they're speaking with this camera, that they are being scammed, is that the direction? That's the idea, yeah.
00:30:17
Speaker
Amazing, amazing. I'm sure that fits very well also with something we talked with Gaby a few episodes ago about education. I mean, there's nothing better than being aware and stopping and like asking yourself, is this true? Am I being scammed? I think just being aware, I mean, it's not bulletproof. We all can be scammed. I mean,
00:30:41
Speaker
We have the tendency to the sense of urgency. To be humans. We're humans. And that tendency is what they prey on. And they prey on actually the niceties of a lot of us. We want to be helpful. We want to be helpful. You don't want to be perceived as a bad person. I think you really don't want to be a bad person. That's a very long conversation. If we're naturally bad or we're naturally good.
00:31:08
Speaker
So I'll plug it here that I wish whenever the technology is ready that all the banks will invest and use because like what's better than educating the users that it exists and helping them prevent it because it's not just the sides. Like you cannot kind of bulletproof yourself if you're not using the user itself. Excellent. Well, that's super exciting. Are we ready? Time to play the game. Yeah, let's go.
00:31:39
Speaker
And now, Lital and Didi present Prove You're Not a Robot, three final authenticating questions for our guest. So, Ayelet, if you were a cybersecurity superhero, what would be your name and who would be the actor, actress, will play you in the Hollywood movie or Israeli movie that will come afterwards? Maybe it will be Bollywood. So definitely Scam Ranger, the Scam Ranger. Yes. That's an easy one. And
00:32:09
Speaker
I'm debating between two Israeli actresses, Gal Gadot and Natish B. And they're both in Hollywood. Both women are powerful and leaders and stand for what they believe in. So, absolutely. Natish B. went to school with me. Another Allianz graduate. Oh. Yes. Awesome. So she speaks French, too. What is your favorite hacking breach horror story?
00:32:41
Speaker
My favorite or least favorite. Or least favorite.
00:32:44
Speaker
And it could be fraud story as well. Yeah, I would say, yeah, because the hacking story, I'm sure you guys talked about it on the show a lot. I was kind of when RSA was breached, I was the one who was not the only one, of course, with hundreds of other people holding the fort and not dealing with a breach. So that horror story for me was more like just keep on moving with half the people. You were gone for months and some other people. So we just had to keep going. But I would say,
00:33:13
Speaker
To me, I'm going to generalize here. I think that the horror story is not a particular breach or hack. It's more the fact that people don't understand the implications of it, and I think all of us in cybersecurity do.
00:33:28
Speaker
people are not careful with their own data. And how do we ensure that even if there is a breach, people are protecting themselves and not using the same password across all social platforms and work. And that is something that we need to deal with. And speaking of about Gabby Friedlander, he and I, well, hopefully, we're talking about going to schools and starting to educate them about these things like password
00:33:52
Speaker
It has to start very, very young. Yeah. And Gabi says this, you give your, your, your kids a cell phone and it's like giving them the keys to the car, go drive without learning any training. So same about sitting on the computer and clicking on links.
00:34:10
Speaker
Yeah, absolutely. So that's something that we want to do. And I think that's that's the horror in it. And I'm terrified about this, this generation that is just growing up with Roblox and and talking to people and I'm talking to when they're very young, and they're that sense that, yeah, there are strangers out there and I can talk to them and I can trust them. And that's so I twisted a little bit. Perfect.
00:34:34
Speaker
Answer, answer wherever you want. Because everybody answers AI on the revolutionary part, I'll ask, how do you waste your time on the internet? How do I waste my time on the internet? Oh, so I decided a few years ago that Facebook is wasting my time. So I'm not wasting my time on Facebook anymore. Because I felt like I go on Facebook, I'm 40 minutes past and I didn't even realize, I didn't even mean to. I was looking for email or whatever and I just, so I stopped doing that. So
00:35:02
Speaker
Instagram from time to time, but LinkedIn is definitely, definitely the way I spend my time. And I'm not going to say waste because I do learn a lot on LinkedIn. There's a community. I feel like fraud fighters are there. I just recently saw an article about coffee and fraud fighters and how much, what happens to the world if coffee goes away, the amount of money that's going to be lost from fraud because fraud fighters don't have coffee to drink. So that's, that's my entertainment. That's awesome. That is awesome.
00:35:31
Speaker
We will not be able to fight it without coffee. We will not be able to survive the day. Yeah. Coffee is a fuel. Exactly. Amazing. Anything else we need to share with our listeners? Less thoughts. Yeah. I think part of what I'm trying to communicate and to get everyone to think about is these camps can happen to anyone. And we just talked about the prey on human nature and
00:35:58
Speaker
Education is super important but it's not enough because one moment off guard and it can really happen to anyone it happened to me. Last year in april i have a long story that i'm not gonna get into now but it's it's on my podcast but basically i eventually stopped i realized they were trying to get me to install a remote access tool so that point i'm like okay.
00:36:19
Speaker
But I ignored so many red flags on the way, and I'm an expert on
Empathy and Reporting in Scam Victim Support
00:36:23
Speaker
this. I know about this, but I almost fell for it myself because I was in a situation where I was hoping that someone will help me. And my point is definitely show empathy, but also if it happens to anyone,
00:36:38
Speaker
they shouldn't feel ashamed. And to the cybersecurity community in particular, I want to say, show empathy. Absolutely. We are not good at that. Like, yeah, we like to blame and like, think, poke at them. Stupid. Yeah, it can happen to anyone and people need to know that it will happen to everyone. People need to know that it's okay to share and speak up because that helps support
00:37:03
Speaker
those emotional traumas. It's very similar to what we say about breaches. They will happen. All organizations will eventually be breached. Unfortunately, many individuals will be scammed out of fraud. We shouldn't be ashamed. We should find a way to first recover. I guess there should be also ways to advise people on how
00:37:24
Speaker
Maybe the money cannot be recovered, but maybe they need some trauma. Sometimes money can be recovered and it's important to report immediately because that helps recover. Who to report to? That's important if people are listening. Local law enforcement, FBI, those are the starting points, FTC, Federal Trade Commission.
00:37:42
Speaker
And sometimes they don't have the ability to take on all the workloads but that's definitely start with your local law enforcement and there's a team in California that's really trying to teach law enforcement globally they created a blueprint to be able to analyze crypto scams and seize the money.
00:38:00
Speaker
So there is a lot of awareness in law enforcement that cybercrime and scams are crimes that need to be taken care of and there are systems to recover the money. So definitely reporting and then there are also support groups for scam victims which exist out there. Can help with the emotional part of it. Perfect.
00:38:20
Speaker
Very helpful. You're doing a great job. So important. Thank you. Excellent. Well, thanks for joining us at the Didi Little Show. Thanks everyone for listening.
00:38:32
Speaker
In the next episode of Scam Rangers, I will be chatting with Frank McKenna, Chief Fraud Strategist at Point Predictive, and creator of Frank on Fraud, a blog about trends and modes of operation in fraud. We will talk about the modes of operation and technology criminals use when they execute scams, and what's coming with deep fakes and generative AI.
00:38:52
Speaker
I really hope you enjoyed this episode. I'm going to put a link to Didi and Litao's podcast, the Didi and Litao show, and the show notes. And if you want to hear more about scams, scam rangers, or what we can do about online scams, please follow me on LinkedIn. I get it. Bigger Levine. Or follow scam rangers on LinkedIn. Scam-rangers. Have a wonderful week.