TTWCP-879-03 Security Tech, Adam Levin of IDT911 and Credit.com (Part 1 of 2): Adam Levin, Consumer Advocate, Author, and Chairman and Founder of IDT911 and Credit.com
On This Episode…
With a 30-year track record of consumer advocacy Adam Levin’s experience is both broad and profound. As the former director of the Division of Consumer Affairs for the State of New Jersey, his expertise lies in credit, identity management, fraud, personal finance, and privacy. He writes weekly columns for major outlets.
Swiped offers you a clearheaded practical guide for surviving today’s epidemic of identity theft. If you have had the unfortunate experience of having your identity stolen, you will find the book helpful in guiding you through the bureaucratic nightmare of trying to regain your privacy.
Hacking and the election are also in the forefront of the news, and it is not even close to being contained. He discusses the five ways that piracy can play havoc in the 2016 election cycle.
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment, it might contain errors.
Adam Levin – Credit.com
Airing Date: September 17, 2016
Craig Peterson: Welcome back to Tech Talk with Craig Peterson. Security, security, security. We can’t say it enough and it applies to everyone nowadays. If you are just a mom, dad, you got kids at home, there are security issues. If you’re a business, oh my gosh, they just don’t end. If you’re a celebrity, of course, the same types of problems. So we’re gonna be joined right now by the author of the book called Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. We’re not talking about the guys who catch fish. We’ll explain what these phishers are and what it is they’re doing and how it’s going to impact you as well with Adam Levin. You’ll find him online at Adamlevin.com. That’s A-D-A-M-L-E-V-I-N.com. He’s a consumer advocate. He’s got more than 30 years’ experience in personal finance, privacy, real estate, government service. He has also been chairman and co-founder of credit.com. And he also is involved in IDT911. Just kind of all kinds of angles here when it comes to security for you and me. Adam, welcome.
Adam Levin: Thank you so much for having me Craig.
Craig: Well, let’s talk a little bit about the problem we hear about just this break in. The Russians did this. Those guys did that. Hillary’s had an email server. But this really is a very widespread problem. It’s not just a political one.
Adam: No, I think you have to approach it with the attitude that breaches have become the third certainty in life, by death and taxes. And unfortunately, identity theft is also involving death and taxes. And that cyberwar has replaced the cold war. And everywhere you turn, everything you do, you’re being tracked. Your information is being gathered, it’s being stored, it’s being disseminated. We’re living in a world of the internet of things where 5 billion devices are collecting information. And most of them are eminently hackable. From your security system in your home, to your car, to your toaster, to your smart mattress cover. So these are challenging digital times.
Craig: Well, you’ve been in this for quite a while. You’re in the 10th year now on Identity Theft 911. You also co-founded credit.com many years ago here. There is a change, is there? Is it kind of the same as it always has been? Is it getting worse? You mentioned it’s now as common and certain as death and taxes.
Adam: No, there is a change. It has evolved over time. Hackers have become far more sophisticated, creative, and Lord knows they are certainly persistent. And what really became clear to people how much money was at stake. In fact, we’re way beyond money. You know in the old days, people will think somebody got their hands on my credit card or debit card. They ran it up, they cost me money. This is cybercrime. It is. But we’ve advanced to the point where there are people opening new accounts in others’ names. There are people getting medical treatments in other peoples’ names, using up their insurance. Possibly co-mingling their information with the information of the patient. There are people committing crimes in the names of others. You have child identity theft. There are military people who are vulnerable as well to being victims. We have tax fraud running rampant. Just to put this in context, in the past few years, were 1 billion. And that’s with a B. 1 billion files containing personal identifiable information have been breached. Just in 2015, just in four breaches. Pre-healthcare insurers, and the US Office of Personnel Management, 120 million social security numbers were exposed to the wrong people.
Craig: Yeah, that’s dramatic isn’t it? We’ve heard about all of those things. How does it affect me? Obviously, that’s what, but half of the security numbers almost, here in the United States. Am I going to theft likely in my lifetime? And what can I do about it?
Adam: Well, I believe that each and every one of us, either has been, is about to be, or for sure will be a victim of multiple forms of identity theft throughout our lives. Simply because there is so much information out there about us. Not only information because of hacks and breaches, but also because people have this unquenchable thirst to share every morsel of their lives on social networking. And they don’t realize that every time you provide additional information than that which was there before through social networking to people who you may think are your friends, many of whom aren’t, making it that much easier for someone to make you a victim of identity theft. For instance, you take quizzes, you give them harmless information, the street you grew up on, your favorite color, your dog’s name, your mother’s middle name, the mascot of your high school. You don’t think anything of it. They are like components of a nuclear weapon. In it of themselves harmless, combined lethal. And the reason? Because when you’re asked security questions by websites in order to authenticate you, that information is being used. So what I say to people, one of the important things to do when you do anything online and they ask you to create a security question protocol is lie.
Adam: They don’t need to know your mother’s real maiden name or your real dog’s name or your favorite color. Invent something. Just make sure that whatever you invent you can remember so that you’ll be able to authenticate yourself. But what I do is I try to break it down to what I call the 3Ms. You need to minimize your risk of exposure, you need to monitor and you need to have a plan to manage the damage.
Craig: Because there will be damage. We’re speaking with Adam Levin a little bit about what’s going on here. He’s the author of a book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. I have Adam for years. For forty years now. I used different email addresses every time. I make up at random, literally random answers to all of these questions and I store them all in an encrypted password manager. Because I’ve always concerned about that. But I’ve started out my career in high tech but also in the direct mail system. So I knew about tracking even back in the 70s and it’s gone nothing but worse. Let’s talk about some of the high profile hacks. Because I think it teaches us a few things. You were just talking Adam, about us giving all of these information, right? We take a picture. We upload it to Facebook or Twitter. In that as meditative that tells them about us. In fact we’re the kids that were playing soccer and when they’re playing soccer. Leslie Jones was hacked. She dropped off Twitter because of all of the nastiness occurring. What can you tell us about Leslie Jones and the hack and of course, this is an actress from SNL. She was in Ghostbusters. And she’s probably just one of the most recent, very highly visible hacks.
Adam: Now there’d been a number of highly visible hacks. If you harken back just a few years to the Apple celebrity new gate hack. Which is where they got naked pictures of many, many celebrities. Now of course, Leslie Jones just had pictures of her that were released as well. And with that one, it wasn’t even hacked. Someone literally walked through the front door of Apple and got under the iCloud accounts of these people because so much of their lives have been chronicled in many, many websites, publications, and the like. People could sit back, gather then information, and then what they call brute force their way into their websites coz they could figure out what the email addresses were. And they could figure out what passwords they would be using. And that’s what they think happened to Leslie Jones as well. Now she had been the target of a blogger who has since been thrown off Twitter. And that’s part of why she left Twitter. But then the hate campaign began again anew a few weeks ago with the release of pictures, her driver’s license information, passport information, telephone number, even a picture of a tribute to the gorilla that had been killed when a four year old boy fell in the cage.
Adam: And it really was pretty devastating and a lot of people feel this was sort of like a hate crime. It had racial overtones, it had sexual overtones. I mean these are the kinds of things that can happen. We call this cyberbullying and there’s been a great deal of cyberbullying going on. Not only against celebrities and against political people, but also when it comes to children. That groups of children had been going after other kids and not too long ago, a thirteen year old committed suicide and his is not the first nor will it be the last of kids that are sort of driven into these, you know, emotional states as a result of attacks that occur online. And that’s what happens when you live in a digital society where everything is conducted online is that we’re way past sticks and stones. We’re now watching digital bricks being thrown in front of millions and millions of people.
Adam: That’s why it’s important to really covert your information. You know, let me just give you some thoughts on some of the things that people can do. First you have to minimize your risk of exposure. That means, you don’t carry your social security card. That means you cover up your numbers at your Medicare card and only carry it when you’re going to the doctor. That means you don’t carry every credit and debit card. That means you use long and strong passwords, not password or 1234567. That means you don’t share passwords, which, you know, is one of your practices, you don’t share passwords across through different websites understanding that if somehow your login information becomes compromised, that you could become compromised everywhere. It means you use two factor authentication which is where you start to login to a website, they send a code to your cellphone. You enter the code and then you continue on with your log on. That means you shred. That you don’t save apps in your smartphones your user ID or password. That you take the time to actually put it in separate times. You could, as you said, put information on to encrypted thumb drives for passwords. Another thing you could do is create a passphrase, which is where you use a phrase, or carve your password a couple of letters in front to remind you of the website, numbers in back. You can also consider freezing your credit so that no one, including you, can gain access to your credit unless it’s a fraud. Now that is not the ultimate solution for all forms of identity theft but it will make it more difficult for someone to try to open accounts in your name. So, you know, these are some of the things that you can do to minimize your risk of exposure. As you and I have talked it out though. You could do everything right. But if you’re in the wrong database at the wrong moment and the wrong person gained unauthorized access and your social security number is part of that database, you’re gonna be looking over your shoulder for the rest of your life.
Craig: Adam, pretty much every one of my clients has had a social engineering attack against them. These so-called phishing attacks. And in every one of these cases, it looked like an email from the CEO or the owner of the business or from accounting asking for information so they could do a wire transfer. In order to either buy something. Or in one case, they were asking for all of the W2 information from all the employees because they were sitting down with the accountant. And of course, none of that was true. My clients, at least have beaten it to them to pay attention to that. But unfortunately, those have been very effective. Here in the Northeast we keep seeing them. Alright, stick around. Adam Levin will return with us here in just a couple of minutes. We’ll be talking more about what you can do to help keep your information safe online and what your business can do as well. Hey, join me online. Visit Craigpeterson.com, you can find all kinds of information there. Articles about our guests. And please do listen to the podcasts too. If you like the show, go to iTunes and find my podcasts. Just look for Craig Peterson, you’ll find me there and give the podcast a rating. Make sure you subscribe and we’ll see you in the online world as you’re driving around as well. Stick around we’ll be right back.
———- PART TWO ———-
Craig: Our guest is Adam Levin. You can find him online at adamlevin.com. He’s the founder of IDT911 and credit.com. He’s also the author of a new book called Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. We’re gonna pick up our interview with him. Talk a little bit about what’s going on with phishing here in the Northeast as well as worldwide and it can and does impact all of us. We have another problem and I’ve had this occur to me eight times in the last year, where someone pretending to be the IRS is calling me up. This seems to be a really big deal. Adam, can you explain some of the tactics that the bad guys are using to get even more of our information?
Adam: Well, you’re correct about the phishing. You know, there are 3 types of phishing. There is phishing and spearphishing, which is the traditional where you get an email. One is either addressed to a group of people, like dear cardholder, dear member, dear account holder… or they may say dear Craig. And you have to ask yourself, what are they asking for and is it reasonable for them to ask for it. Is it normal custom? And we’ll get to that in a second. The second is phishing. That’s where you get a phone call and it appears, you look at your caller ID and it appears to be coming from a legitimate organization. Be it the Internal Revenue Service, your retailer, your bank. And where they’re asking you for information. And the third is someone actually approaches you physically and starts asking you for information for one reason or another. So most important rule of thumb for all of these is never ever, ever authenticate yourself to anyone who approaches you either online, in person, or on the phone. Unless you’re in control of the conversation. It’s one thing if you go to a website that says https and you have a lock, and you have spelled the right name of the website. If you’ve gone there by the way of a legitimate app gotten from, let’s say, the Apple Store. So you know who you’re talking to. If they then ask you to authenticate yourself that’s not unreasonable. They don’t know who you are. If they call you, arguably, they’re calling you because they’re looking for you. If you get a phone call and there’ve been all sorts of scams, everything from the Microsoft, we’ve noticed a problem with your computer, please download this thing and let’s help you get this problem solved.
Craig: My dad got caught on that one.
Adam: Oh yeah. That is prevalent right now. The jury commission is calling to confirm that you’re a legitimate member of the jury pool. Your bank is calling because your account has been frozen. The Internal Revenue Service is calling because you owe money. The IRS, theoretically, is calling students. Telling them that there is a student tax owed because they have student loans. Key thing with the IRS, they never call, they never email. They will contact you by snail mail. At some point if you set up a call with the IRS, that’s a different story. They never call you out of the blue. They never demand you make payment right away. They always give you the opportunity to dispute something. So, if you get a phone call, let’s say from your bank, and they ask you for anything more than just confirming certain transactions which they deem suspicious. The minute they start asking you to confirm anything about yourself, hang up the phone, look at your proprietor debit card, call the number on the back of the card and then if they ask you to authenticate yourself, that’s a legitimate question. And the third form of phishing is called smishing. And that’s when you get a text which says your account is frozen. Please click here. And stay miles away from that. No one will ever ask you to do that. No one will ever ask you to provide information by way of text. And never click on links, even if they’re legitimate. Go to the real website and then look at whatever it is that caught your eye in terms of a link that was sent to you. Because that’s how they get you. You click on a link and either it takes you to a website that looks very well like the one you expected to see and they start asking you for information and you give it because you think it really is your bank. Or there’s malware on that link. Which means your computer or your smartphone could turned into a keystroke logging device transmitting your login information to every website you visit to the hackers every time you go.
Craig: It’s a bad thing. We’re speaking with Adam Levin, you can find him online at adamlevin, L-E-V-I-N.com. If you have a few minutes, I wanna go over one more issue here. A very big one and that is the election. I’ve been warning people for years, you’ve been warning people for years. In fact, you’ve been helping here with more than 17 million households. More than 770,000 businesses. So you’re getting the word out in a very good way. But our elections using these electronic voting machines can be very dangerous. It’s amazing how poor the auto trails are on some of these. Might the election be stolen or even manipulated in a big way by domestic or foreign government.
Adam: We’ll there are few ways that there could be some manipulation. The first is there are a few states that permit… actually 25, states that permit certain categories of people to vote online. Be it the military, the elderly, it depends upon the state. Very limited, but they do. Someone could hack into that and they could ultimately change results that way. You have non-air gapped voting machines. Non-air gapped, or air-gapped means that they’re not connected to the internet. And what happens is even with paper ballots, there are machines that will, you know, count the results of the ballots. Now you can confirm those numbers coz you have the written ballots and that makes it a little more difficult for them to play games with that. But there are 6 states, for instance, that used touch screen voting machines. That could p be hacked and things could change. As you saw with the Wikileaks, release of certain documents. There’s very granular information out there in photo files, domino files. That information in the wrong hands could well lead to additional forms of identity theft and possibly election manipulation. And then of course with targeted voter lists, you have a situation where people in certain districts receive notification that their voting place is so overloaded they’re directed to another voting place which would never happen. But people don’t know that they get this email and this text and they immediately, you know, do what it says coz they wanna vote. I mean this is gonna be a year where a lot of people would wanna vote, for one reason or another. But what is most disturbing about this election year, forgetting even the email Russians hacked someone. And what we’ve been hearing now is the fact that cybersecurity has been a back burner issue. We hear a lot about the great wall of Mexico. But we don’t hear a great deal about beefing up our cybersecurity. Now we do, because of all the things that have just happened. But it’s a tragedy that you need something like this to occur before finally people start to wake up. And here’s something to think about. The Department of Homeland Security has designated 16 critical sectors as part of their cybersecurity and the infrastructure program that must be protected and the US government can get involved with in order to protect people involved. Voting is not one of those 16 sectors yet. And people are calling for it now even the head of Homeland Security is talking about it now. But up until now, that hasn’t been the case.
Craig: Yeah, again now, we have political problem because voting is a state’s rights issue. And, you know, where do the lines cross? But this really is a security issue. We can’t have people messing around with our elections. They’re dirty enough as it they are.
Adam: I think it’s very important for people to remember that when it comes to cybersecurity, and it comes to the integrity of national elections. We’re not talking about red states and we’re not talking about blue states. We’re talking about that every state. And unfortunately, when it comes to cybersecurity, we are all in a state of emergency.
Craig: We’ve been speaking with Adam Levin. You can find him online at adamlevin.com. A-D-A-M-L-E-V-I-N.com. he’s the author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Information that everyone needs. This is a very, very big deal. He’s the former director of the New Jersey division of Consumer Affairs. Co-founder of credit.com and IDT911. And he’s been very, very busy. Adam, anything else you would like to add?
Adam: Well, I just think the most important thing for people to remember and they have to stay vigilant. But it doesn’t matter how many laws there are, how vigorously they are enforced. The ultimate guardian of the consumer is the consumer. And the last thing, really quickly, is that people don’t realize is there are programs that are available to help them. And in many cases, they’re free. And they’re offered by insurance companies, banks, HR departments where you work. Check with your insurance agent, your bank services rep, your credit union rep, or the HR department where you work and say do you have a program to help me through an identity incident. Am I in it? If not, what do I have to do to get in it? Is it free? What is it gonna cost? And I guarantee you, when you think about it, whatever it is, it’s worth the cost.
Craig: Yeah, especially, as you were saying earlier, you got a guarantee, 100% that our identities will be breached and used really, not against us, but for someone else. So having that insurance could be a very, very big deal. Are the numbers still the same Adam? Some 500 hours to try and correct an identity breach and most of that time having to come during the regular 9-5 working hours?
Adam: Well, it’s less than that but it’s still a significant number of hours. You know, and again as we move into more sophisticated forms of identity theft and phishing is running rampant and information is flowing wildly. We’re moving toward the longer end of resolving the problem. Because it takes people longer to find out they have an issue unless they have very, very good monitoring programs. And then once they figure out they have a problem, it could be overwhelming. And that’s why it’s best to use a professional because professionals can get things done because they’ve done it so many times before they can shortcut the process to help the victim.
Craig: Adam Levin, thanks for being with us. Again, A-D-A-M-L-E-V-I-N.com and online @Adam_K_Levin. Thanks again for being with us.
Adam: Thank you for the invite.