DON'T MISS A SINGLE EPISODE! SUBSCRIBE AND WE WILL NOTIFY YOU WHEN EACH PODCAST DROPS
Jan. 3, 2023

Brett Johnson - Cybercrime and How to Protect Yourself

Brett Johnson holds the distinction of being the only guest on the podcast who has ever been on the U.S. Most Wanted List.  He was convicted of 39 felonies, sentenced to more than 7 years in prison, escaped and built the first cybercrime community known as Shadowcrew, a precursor to today's dark web.  The United States Secret Service called him "The Original Internet Godfather." Brett found redemption and is today one of the leading authorities on cybercrime, identity theft, and cybersecurity on the planet. He works to protect us, as he likes to say, from the person he used to be. Brett discusses his criminal past and how and why he now works to protect us.  Brett and I discuss online crimes and scams and how to protect yourself.  This is one podcast you literally cannot afford to miss.

AARP Fraud Watch - 877-908-3360

Sponsorship and advertising opportunities are available on Specifically for Seniors. To inquire about details, please contact us at https://www.specificallyforseniors.com/contact/ . 

Transcript

Disclaimer: Unedited AI transcript

Announcer (00:07):

You are connected and you are listening to specifically for seniors, the podcast for those in the Remember When Generation. Today's podcast is available everywhere you listen to podcasts and with video at specifically for senior's YouTube channel. Now, here's your host, Dr. Larry Barsh.

Larry (00:41):

My guest today on specifically for seniors is Brett Johnson. Brett holds the distinction of being the only guest ever on the podcast who has been on the US Most Wanted list. He was convicted for 39 felonies, sentenced to more than seven years in prison. Escaped built the first organized cybercrime community known as Shadowcrew, which is a precursor to today's dark web, the United States Secret Service called him the original internet godfather, Brett found redemption and his today one of the leading authorities on cybercrime identity theft and cybersecurity on the planet. He works to protect us, as he likes to say, from the person he used to be Welcome to specifically for seniors, and thanks for coming on the podcast.

Brett Johnson (01:38):

Hey, thank you for having me. I am humbled and I'm honored to be here. I, I, I just appreciate it so much. You bringing me on.

Larry (01:44):

Well, it's my pleasure. Thanks. We've all heard those inspirational stories about successful businessmen who got started, but how did you choose crime as a career opportunity?

Brett Johnson (02:00):

<Laugh>? Well, I'm not sure I, well, of course it was a choice. I was about to say. Well, I'm not sure I chose it, but it, it was a choice. The reason I kind of hesitated there is, is my life of crime actually dates back to when I was a child. My first crimes were when I was 10 years old. I'm from Eastern Kentucky. Eastern Kentucky is one of these areas that if you're not fortunate enough to be employed, you may be involved in some sort of scammer hustle. My mom was basically the captain of the entire fraud industry in that area. And this is a this is a woman who at one point she steals a 108,000 pound Caterpillar D nine bulldozer. She takes a slip and phone, a convenience store tries to sue the owner. That's my mom. And I grew up in that type of, of environment.

Brett Johnson (02:43):

My first crime, my mom had left my dad, I was 10. My sister Denise was nine. My mom would stay gone, you know, days at a time. We didn't have any food in the house. My sister walks in one day, she's got this pack of pork chops in her hand, and I'm like, where'd you get that? And she's like, I stole it. And I was like, show me how you did that. So she takes me over, shows me how she shoplifts food, and I'm like, best idea ever. <Laugh>. So we start stealing food and look across the way. There's a Kmart over there. Well, Kmart's got a heck of a lot more than food. So it's, it becomes this perverted form of Maslow's hierarchy of needs. Books, games, jewelry, music toys. Yes. Until mom comes home, sees the stolen stuff, asks where it came from.

Brett Johnson (03:25):

I stand up, we found it. She's like, no, you didn't find that. My sister, Denise, nine years old, she stands up, she's half proud, she's half off. We stole it. My mom looks at my sister. Show me how you did that <laugh>. And she joins us. Not only did she here, here's the thing, not only does she join us, but she calls her mother to join us as well. We've become this intergenerational shoplifting ring in eastern Kentucky. That's my first crime right there. Now, I, I, and here's the thing. I mean, some people will think, I'm trying to say that my childhood resulted in my choices as an adult. That's not true. When I chose to break the law as an adult, I chose to do that. I chose to victimize people. When you're a child, you can't help that. My, my sister, for example, she had the exact same upbringing that I did other than that one shoplifting experience.

Brett Johnson (04:17):

She goes off to be a great teacher, a great parent, just a great citizen overall. Me, I'm the guy that kept on going. And as I kept going, I got more involved in the types of scams and hustles and frauds that not only my mom, but every single person on that side of the family was involved in. So I grew up, I grew up knowing how to do charity fraud, insurance fraud. So think faking stolen cars, faking accidents, burning homes for cash. I grew up breaking and entering trafficking drugs illegally, s strip mining, coal. I mean, you name it. I've got a, a pretty good background in many types of fraud until I finally just branched off on my own and went into cyber crime.

Larry (05:02):

Ah, yes. Thank goodness for the internet.

Brett Johnson (05:04):

Oh, yeah, right. Yeah. <laugh>, I was told I once told my, my first wife that the only thing I ever used a computer for was to either play PC games or commit fraud. That's how bad it was.

Larry (05:16):

<Laugh>. I listened to a presentation of yours and you amazed me with one thing you said. You were talking about the fact that Google, the searchable web is only a small part of the web itself. Can you explain that?

Brett Johnson (05:35):

Sure. So, so think of the internet as broken into the surface web, and then the deep web. Alright? So the surface web is everything that's above the water. It's everything that Google can find, which seems like a lot, but that's only about 4% of the entire internet. That other 96% is below the water. It's called the deep web, alright? And in the deep web, that's anything that a search engine can't find. That's anything that's behind a paywall, for example. That's your text messages, that's your emails, that's your bank statements. That's all of that information. But in the deep web, deep dark, down into the deep web is where we've got the dark web. Alright, so how big is the dark web? Well, the thing is, no one really knows. We think that the dark web is somewhere around 15% of the overall internet. So, so you've got Google, everything that Google finds, the dark web is about three times larger than what Google does.

Larry (06:36):

And the organization you started, Shadowcrew was the start of that deep dark web.

Brett Johnson (06:43):

So Shadowcrew was, was a precursor of today's dark web and that type of criminal dark web environment. I, I, I need you to understand that not everything on the dark web is, is a crime. There are, there are legal groups on the dark web. The New York Times has a, has a site on the dark web Congress library has a site. There are several legal sites that are on the dark web, but the reason it gets its name dark web is because of that criminal activity that's there. So, so think of it like this. If a criminal can use a product or service that allows them to remain anonymous, they are the first adoptees of that service. And that's exactly what we saw with the dark web. And now the dark web was created by the United States military, the US Navy, and they created that so that intelligence operatives from different, in different areas could communicate with each other without being identified by the enemy.

Brett Johnson (07:37):

All right, now, it went open source. The US Navy decided we're gonna release this to the public so that whistleblowers can use it so that people behind different countries firewalls can use it to see what the real internet is, to get real news instead of what just their country wants them to see. And again, what they forgot was the first adoptees of any tech that are re allows you to remain anonymous are criminals. That's exactly what we saw with the beepers. It's what we see with a tour browser. It's what we see with today's cryptocurrency. The first adoptees are criminals, and that, that kind of ate everything alive. So, so today on the dark web, and you have to use a specific browser to access the dark web. Today on the dark web, most criminals, they, they venture down to the dark web to get whatever information to get whatever products they need.

Brett Johnson (08:24):

So if they need to buy, say your personal information, your credit card details, things like that, they typically go to the dark web to one of these dark web marketplaces. Shadowcrew was a precursor to that. We were the first criminal marketplace on the internet. Now, we weren't in the dark web because the dark web hadn't been created at that point, but we were a precursor to that. And what I did was, I, I initiated a trust mechanism that criminals could use. And that mechanism is still in use today in criminal environments. Nothing to be proud of, but that's one of the, one of the several claims of notoriety that I've

Larry (08:58):

Got. How hard is it to get someone's personal information on the dark web?

Brett Johnson (09:04):

It's not, not at all. Everyone's information is available. I, in conferences, I, I often get the question, what can we do to make sure that our information isn't compromised? Well, the answer is nothing. Everyone's information is available. Just last year we had 2,570 reported breaches of those just reported breaches. Over 57 billion records compromised just last year. Everyone's information is available. If you can accept that, if you can just, just go with me on that, then you can ask the next, next logical question, what can we do if a criminal gets our information that they can't use it? Now, that's something that we can't answer at that point.

Larry (09:49):

Do people buy information? Is that how it works?

Brett Johnson (09:52):

It is. So you've got, think of the think of cyber crime as broken into three parts. So you gather data, that's your pi i, your personal information, it's your bank account login, your credit card numbers, your passwords, things like that. So you gather that data, then you go off and you commit a crime, and then finally you cash that crime out. If you can't put cash in pocket, at the end of the day, the crime's worthless to you. So those three necessities gather data, commit crime, cash out. What you see in cyber crime is that a single criminal, one guy can't do all three things. He can do one, sometimes two, but rarely can one single person do all three. So you've got these marketplaces that sell credit card numbers, stolen social security numbers, background checks logins, things like that. That's where you go to buy the information.

Brett Johnson (10:42):

You get the information, you then commit the crime, then you cash that crime out. So if I'll go to the dark web, I'll buy your credit card details for say, $12. I get your credit card number, expiration date, three digit security code, your name, address, probably your phone number, maybe maybe some browser fingerprint information as well for $12. Now I buy that from somebody who has stolen that information from you. I then commit whatever crime I'm gonna commit with that credit card. I'll go to Apple and get me a cell phone or a laptop or something like that. Now I get that shipped to me. Then finally, I need to cash it out. So where will I cash it out? I'll put it on Facebook. Marketplace, Craigslist, eBay, someplace like that. Cash it out.

Larry (11:24):

Interesting. Geez.

Brett Johnson (11:26):

Yeah, it's in, I understand that this is, this is a crime that's very easy to commit, very easy,

Larry (11:32):

But it's, it's single items. It's gotta have a wide range than that.

Brett Johnson (11:38):

It's got a heck of a wide range. So that's just one specific type of crime. I mean, today you've got for example, during the pandemic, we had most fraudsters stealing identities to file unemployment claims. The state of California has, has admitted to 34 billion of fraud being committed against their unemployment system. That's just what they've admitted. It's probably gonna hit more like 70, 80 billion by the time that's over Arizona, 23 billion. I mean, all these states, all 50 states were hit with unemployment fraud. So it is really, whatever area a fraudster needs to go to, to be profitable is where you'll see most fraud hitting at that point. But there's, there's there, the internet is wide open for many different types of fraud. Think student loan fraud, credit card theft, bank, bank login, fraud crypto scams, romance fraud synthetic fraud, medical fraud. I mean, there you can name it and you can find some way to do it online and profit as a criminal.

Larry (12:37):

So just as part of that, let me ask you a question. Why do we still have social security numbers on little pieces of paper? That's

Brett Johnson (12:48):

A very good question. <Laugh>, and, and let's be honest. I mean, the Social Security administration on the card, it says this is not a form of identification yet everyone uses it as a form of identification, including government agencies. And it's insane. It, it truly is. I can't, an I am not smart enough to answer that question for you. We do need a form of identification, but having a social security number is not really the, the best idea to do that, especially where it's a static number like that. Now, back in 2011, the Social Security Administration, they randomized social security numbers. Before 2011, you were given a social security number based on your birthdate, based on the state you were born in. After 2011, they stopped that because identity thieves were eating that system alive. They randomized the numbers. Well, when they randomized the numbers, you can no longer tell when the number was issued, the state it was issued in. And because of that, now we've got this thing called synthetic fraud, where fraudsters can use children's social security numbers or they can just fabricate a social security number out of thin air. Use that number and build up a credit profile from that, that specific crime is 80% of all identity theft that's out there right now. It's it's 20% of all credit card chargebacks. It's 5% of all overall credit card debt. It's the fastest growing form of identity theft on the planet right now.

Larry (14:20):

Whoa.

Brett Johnson (14:21):

Yeah.

Larry (14:22):

I mean, this came up because I just had to change my license to a new state, and I couldn't get a real id Right. Because I didn't have a piece of paper.

Brett Johnson (14:34):

Right. And, you know, they postpone the, the guidelines on that. So you still have another two more years after next year, after this year now to get the real ID to fly.

Larry (14:43):

But I had the ID on my discharge papers, right? I had them on my old Medicare card.

Brett Johnson (14:52):

Not good enough.

Larry (14:53):

That's not good enough. And yet I have this piece of paper in my hand that, that they will accept.

Brett Johnson (15:01):

Yeah. And it's insane. Because again, I mean the Social Security Administration, the federal government says, do not use the social security number as a form of id. Yet that same government bureaucracy requires a social security number as a form of Id. Insane

Larry (15:19):

<Laugh>, I sent you an email and your nickname, Goum fun <laugh> came up. Where did that come from? Yes, sir.

Brett Johnson (15:26):

Well, I am a lord of the Rings fan, that that's honestly where it's from. I was before I got involved into this, that, that final type of cyber crime that landed me on the United States Most Wanted list, I was programming satellite D SS systems. So I was hacking into those, those 18 H R C A satellite systems. You can take the card out of it, program it, turn on all the pay-per-view. I was doing that, and my screen name on that was Bains, like b Bilbo Bains. And as I transitioned over to the the more proper type of cyber crime, I was like, well, I can't use the same screen name. So I just adopted Gollum and added fun to it. So there you go.

Larry (16:06):

What turned you around from bad guy to good guy?

Brett Johnson (16:10):

That's a good question. It's, it's, it's a long journey that did that. The first is my sister. My sister disowned me. And honestly, my sister is the only real family member that I've got. So she didn't disown me. She knew I was a crook. She accepted me for that. But she disowned me because I got engaged to a stripper. So that was the line in the sand right there. So Denise disowned me, and she didn't talk to me until after I had escaped from prison, until I had actually hit that rock bottom. And then she comes back in my life sees me for for 10 minutes before I get sent off to Texas and don't see her again for five and a half years. That's the first turnaround. Took two and a half years behind the fence for me to accept responsibility.

Brett Johnson (16:55):

You know, I said earlier that, you know, it was my choice to victimize people. I used to not think that. I used to think, whoa, I did it for my family. I did it for my wife. I did it for my stripper girlfriend. No, I did it because I chose to do it. It took going to prison. It took my sister disowning me for me to accept that responsibility. When I got outta prison, I met my wife. Now Michelle, she showed me what a what a positive, healthy relationship actually is. And I learned that every single day. I still have problems with that, but I learned about that every day about what that means to be healthy. And then finally, I reached out to the f b this guy named Keith Malarky. He's he, he's retired about two years ago, but he was an FBI super cop in cyber crime.

Brett Johnson (17:39):

And he was involved with some of the arrests of the people that I knew, sent him a message. I was like, Hey, I respect everything you did. You, you did a great job. I would like to be legal. And the guy responded. Within two hours, he took me in under his wing. He gave me references, gave me advice. He's retired now, but he continues to do that to this day. So today, you know, I'm spokesperson for A A R P. I'm the first chief criminal officer on the planet. I teach at Quantico. I lead a very blessed life that I gotta tell you I don't deserve. I don't think I deserve it at all, but I am grateful to have

Larry (18:13):

It. And we're grateful to have you on our side.

Brett Johnson (18:16):

Thank you. Thank

Larry (18:17):

You. This podcast is specifically for older adults,

Brett Johnson (18:23):

Right?

Larry (18:24):

We are perhaps more susceptible, or is that a fallacy?

Brett Johnson (18:29):

It, it's a bit of a fallacy, but not really. Most people think that senior citizens are the most vulnerable group. The most vulnerable group, vulner, excuse me, <laugh>, the most vulnerable group are the millennials. They, they edge out senior citizens by about 3%. And the reason for that is millennials, if you think about it, millennials, they grew up with the internet. They've listened to the news over the years about all these breaches, almost one a day. So they listen about all these breaches, and they get this, they've developed this sense of apathy about cybersecurity. And so they kind of, they're of the attitude, oh, whatever's going to happen is going to happen because of that, they are the most vulnerable second in line, and only by about two points indifference. Second in line are senior citizens. And the reason that senior citizens are so vulnerable, most senior citizens are not horribly tech savvy, all right?

Brett Johnson (19:23):

And a lot of senior citizens tend to think that, well, as long as I don't do anything online, I'll be safer. The truth of the matter is, is that it makes you less safe by not doing anything online. And I'll give you an example. So say you, you're, you've, you're, you bank with Chase Bank or Bank of America. So you, you don't do it online. You just go into the bank or you write checks or use your debit card and things like that. But you don't really do online banking at all. As a criminal, what I can do is I can go on the dark web, I can buy your information for at tops, about a hundred dollars. So I get your complete identity profile for less than a hundred dollars. I then use that to set up online banking in your name. I then take over your bank account.

Brett Johnson (20:07):

Now, you know, I've taken it over. You call the bank to notify them that, Hey, someone's taken over my bank account. But here's the problem, because I'm the person that's set up online access to that. I look more legitimate than you do. So it creates a huge issue. You have to get an affidavit of identity. You have to file a police report. It takes time to get that problem fixed. And during that time is when someone like I used to be, can come in. They can do a lot of damage to your finances, to your name, identity, everything else across the board. So what I say is, I don't care if you don't do online banking, but at least set it up where you control it. Where someone like me can't come in and do it for you. Alright? So have control of your security. That's first and foremost. I've also found that, you know, as, as I get older, I'm 52 right now, 53 this month. But I've found that

Brett Johnson (21:02):

We like to trust people. I like to trust people. I don't like to live my life paranoid or distrustful or anything else like that. Because we like to trust people. It becomes very easy for a criminal to come in and gain your trust. If you think about it, in order for me to victimize you, I have to get you to trust me to some extent. Now, the way that's developed online, trust is established online through technology tools and social engineering. So when I talk about technology, that's your laptop, it's your desktop, it's your cell phone, but it's also the websites you're going to, that's the tech. We inherently trust that technology. We don't understand it a lot of the time, but we trust it. That's one one of the reasons with fake news such being such a problem. News comes across the line. We trust the story without verifying it. What we don't understand is that criminals use a variety of tools to manipulate that technology. They use spoofed phone calls so that you'll think it's the IRS calling the fbi, calling your bank calling instead of it being the criminal calling. They use tools to manipulate that. That opens the door. Then they, we see how good of a conman or a liar, a social engineer, they are in manipulating you from that point.

Larry (22:13):

So Facebook,

Brett Johnson (22:16):

Right?

Larry (22:18):

Friend requests, Ooh, games. Did you ever own a Volkswagen? Do you wanna be part of our club?

Brett Johnson (22:29):

Right?

Larry (22:31):

How about that For a fraud,

Brett Johnson (22:34):

What I would say on, on your social media, I don't care if it's Facebook, I don't care if it's LinkedIn, LinkedIn's a little different. I don't care if it's Facebook, if it's Twitter, things like that. You need to be aware of how you're sharing your information. Because here's the thing, cybercrime today has a real world aspect. For example, I can go on Facebook, I can start reading your Facebook profile and I can see what you got for Christmas or what you got for your retirement gift. So if you've got, say, a Rolex, something like that, I know I've got me an expensive Rolex in your house, I just have to go and get it. Now, if you're going on vacation someplace, are you gonna brag about where you're going on vacation? Are you telling everyone where you are? A lot of people do that.

Brett Johnson (23:19):

So you're telling me when your home is empty, more than that, you're telling me what your ate is. You're telling me what your mother's maiden name cuz you're wishing your mom happy birthday, you're doing all this stuff. But it gets far, far worse than that because there are predators online that use children's pictures to create deep fakes to use as monetary gain to other more criminal sites that are out there. So you have to be very aware of who you're sharing information with and what type of information that you're sharing, because all of that is public, as long as you've got it public. And Facebook wants it to be public. So be aware of that. All right? It, it's, I've talked about this in other in other shows and on stage and things before, we have a situational awareness in the physical world. If we drive someplace and we go in a bad neighborhood or we walk in a store and something's wrong, we know that immediately our hackles raise.

Brett Johnson (24:10):

We we're a, we have that situational awareness about us for some reason. We fail to have that in an online environment. But we need that. We have to have a sit. We have to know that there are predators in all of these environments, both virtually and in the physical world. Know when you're in a bad situation, know that there are predators out there and always be on your guard. That, and I'm not saying not to trust people, but always trust but verify as well. That's the most important thing. You need to always verify every single thing. So say someone calls from it says the i r s, and they're, they've, you know, they've got the warrant to come arrest you and everything else. What's happening there is, as a criminal, I'm trying to get you to react emotionally. I'm trying to get you to set reason and logic to the side.

Brett Johnson (24:59):

A knee-jerk reaction out of emotion, fear, anger, something like that. If I can get you to do that, I'm gonna be pretty successful. So you receiving that call, it's important for you to disengage. First of all, hang up. Tell 'em you'll call 'em back. They won't want you to do that because you can't call them back. Take a breath, take a pause, count to 10. Let reason come in, take over again. All right? Find you a buddy. Find you an enemy. Find you somebody that you can talk to and bounce these things off of you. Your worst enemy in the world. They'll, they'll be your best friend in that situation. You can simply call 'em up. Hey Bill, this is what's going on. Have you ever heard anything like this? And Bill will tell you if he hates you enough, bill will tell you, you're a big idiot.

Brett Johnson (25:42):

You're being scammed right now. Not saying victims are idiots, cuz they're not. But find a friend, find an enemy. Call Arps fraud. Watch. They'll walk you through it. It's an 800 number. They'll walk you through that scam and help protect you at that point as well. So take a breath, take a pause, find a buddy. If you receive any requests for unsolicited information. So a criminal online, they're looking for information, access data or cash. If you receive any unsolicited request for that, that's something that you never respond to at all, at all. That's a knock at the door. That's a piece of mail in your mailbox. That's a phone call, that's a pop-up message on a screen, an email, text message, anything like that. You never respond to that because that is going to lead you into trouble. So these are the things that you can do to help protect yourself.

Brett Johnson (26:34):

The the more concrete things you can do, freeze your credit. Credit freezes became free September of 2018. So you have to contact all three credit bureaus, freeze your credit, freeze the credit of every single person in the house, make sure that you're monitoring accounts and you're placing alerts on those accounts where you can. So your credit cards, you can place a $0 alert on most cards right now. So if I go on the dark web and buy your credit card details for that $12 that I mentioned, just ping the card to see if it's still alive. You get a text message saying, Hey, someone's trying to steal your card. You can have it locked down at that point. So freeze credit monitor accounts, place alerts, and then the big one, passwords and logins, because 80% of the population across the planet uses the same or similar passwords and logins across multiple websites. The on their best solution right now for that is a password manager. And they have some issues, but they're far safer than just trying to come up with a secure password by your, by yourself.

Larry (27:36):

In addition scams for seniors. I got a call one night, grandpa, this teary voice said I had a couple of drinks, right? And I got stopped by the police and I need bail. They knew my granddaughter's name, right? They sounded something like her. The pitch was convincing until I asked the caller what her middle name was. <Laugh>.

Brett Johnson (28:18):

And they didn't have that.

Larry (28:18):

They didn't pay enough apparently, right? <Laugh>. But the fact that people actually got her name was scary.

Brett Johnson (28:27):

Oh, absolutely. Absolutely. And it's, it's not hard to get that. And you mentioned Facebook. That's one of the places I can get that. If, if I can't get it from there, I can buy it. So I can go through and there are legal services where you can do that. You can go through Intelius, you can go through Ben verified, for example. Ben verified for $27 a month. I can pull unlimited background checks on any person that I want to and that will give me your granddaughter's full name. So these are things that you need to be aware of that that goes back into what I said a second ago. Any unsolicited request for information, it's important not to respond to that. It's important to step back, take a breath and think about it. Is that your, your granddaughter that's online now, you were smart enough.

Brett Johnson (29:10):

What's your middle name? You already knew something was off at that point. But most people won't know that. Most people, you know, if you're calling between the hours of two and 4:00 AM in the morning, nothing good happens between two and 4:00 AM in the morning. So you get that call, you're tired, you're not thinking clearly, and you, you're automatically put in that emotional response that a scammer wants you to be in. I'm in prison, I'm in jail, I need help. I've been in a wreck, what have you. You're already responding emotionally at that point without being fully cognitively awake.

Larry (29:42):

There have also been in the community that I'm currently in. Mm-Hmm. <Affirmative> a lot of bank accounts and credit card hacks.

Brett Johnson (29:51):

Right?

Larry (29:53):

Can you explain a little bit about that?

Brett Johnson (29:56):

How I can about, so again, everyone's information is available. So that's, that's the first key. Getting your complete identity profile. The second key is getting the login credentials for that account. And there's a couple of ways that I can do that. If you're one of those 80% of people that uses the same or similar, it's very easy for me to get your credentials. So it's not hard to get your password and login. The thing is, is that there are other attacks that are online right now that are a little different than that. So that they sit in the middle between you and the bank and they capture the cookies for that specific login. So they don't have to have your password and login anymore. They just use the cookie and check that into their specific browser. And they're able to go in and basically be you in your bank account. The way that you fix that is you make sure that you've got multifactor authentication throughout that system. So some banks have m FFA at the login. Some banks also have m ffa when you go to send money, change details,

Larry (30:57):

Things like that, mfa

Brett Johnson (30:58):

Multifactor authorization. Okay. Or authentication, I'm sorry, authentication. So you need to make sure you've got that multifactor set up like that, that every step of a change that you're aware of what's go, that you've got some sort of code that comes in that you have to enter in to get access to that. Okay? That's how you take care of that. It's, it's, the problem is, is that, and I mentioned that before, these crimes are not difficult to commit. There are not. The problem is, a lot of the problem is that most people, they don't know how to protect themselves or they've been told how to protect themselves and they've not done it yet. If you think about updates, for example you know, you've got your browser open or Windows, you're running Windows and you've got a Windows update. Well, you know that thing's gonna take 15 minutes to install and you're like, I'm not gonna do that right now.

Brett Johnson (31:47):

I'm gonna wait. Well, the problem is an update is basically a broadcast to every single criminal on the planet, telling them which door to knock on to get entry. The longer you wait on updating your system is the longer a criminal has to get in your system and do something about it. Okay? So these are things that you need to be aware of, the security that's out there, you absolutely need to have that in place. And it's not a whole lot that you have to do to protect yourself from the other 90% of the potential victims that are out there.

Larry (32:26):

So you covered a, a a little bit about protecting ourselves. Sure. Let's talk about the audience here. Okay. as seniors who don't know much tech,

Brett Johnson (32:40):

Right,

Larry (32:40):

What can we do?

Brett Johnson (32:43):

What you can do is for example, I'm most people that that, that I'm probably talking to on this show, they probably are getting social security. Do you have online access to your social security account? If you don't, you do that today. If you have to get a family member, somebody to help you, set it up, set up to where you have online access. That way a criminal can't come in and divert your social security payments to a prepaid debit card that they've got at Walmart. So do that today. Freeze your credit today. Today you have to contact all three credit bureaus. Freeze your credit, all right? Doesn't cost a thing, it's free. All right? You can use there's a thing called Mint, which is also free. It will monitor some of your accounts for you. So I'm trying to, trying to do things where it's not costing you any money.

Brett Johnson (33:30):

So use Mint that will help monitor some of your accounts and then use a password manager. Android's got one built in apple's, got one built in. Use those out of the gate. That's what you need to do. And that will protect you more than probably 80, 90% of everyone else in this country. So that's what you need to do. And, and the reason I say that's important, most crime is committed because of cash. Criminals are wanting to make money. Those cash based attacks like that are lowest hanging fruit. That criminal is looking for the easiest access that gives him the largest return. So if you're farther up the tree, you're not gonna be hit. He's picking the low hanging fruit that's out there and the way you get up, farther up the tree, multifactor authentication, credit freezes, password manager, monetary account, place place alerts, things like that.

Brett Johnson (34:22):

All right? Those are the big ones that you need to do. What I would say, work on your situational awareness. Like I mentioned before, understand that there are predators that are out there. That doesn't mean you have to be paranoid, but there, there are predators that are out there. If you're on a dating site, for example, there's a lot of bots that are on dating sites or a lot of fake profiles on dating sites. So you need to be aware of that. You need to be, be conscious of, is this really this person that I'm talking to? How do I know it's this person that I'm talking to? These are the things that you need to verify. The problem with a say, a dating site, is that we're looking for companionship. We're looking for romance or friendships, something like that. And because we're looking for that, cause we've got that desire, it's, it's very easy for a criminal to gain trust in that. So you need to be aware of that. Raise your hackles. Raise your guard. That's the big things. You never, never react out of desperation. Never react in a quick manner. Take your time because taking your time will give you the chance to think things out objectionably instead of, instead of subjectively. So that's the big things I think right there.

Larry (35:41):

Do you, you mentioned before the A A R P Fraud Watch Network. Mm-Hmm. <affirmative>, do you want to tell us a little bit more?

Brett Johnson (35:48):

Sure. So A A R P has this network called Fraud Watch, which they, they study all the frauds that are out there. They, they go out in communities. They talk about the different types of scams and frauds that hit older people, and they tell you how to protect yourself against that. They do one even better than that though. They've got an 800 number. I don't have that in front of me. They've got an 800 number that you can call and talk to someone at Fraud watch. So say you're on that dating site, or say you've got that piece of mail in your mailbox or a knock at the door, someone's on the phone. You can actually hang up on 'em. You can call the arps Fraud Watch and you can say, Hey, this is what's going on. Does this sound like this is legitimate to you?

Brett Johnson (36:28):

And here's what fraud watch does. They will actually walk you through that scam that you're going through right then, know it doesn't sound legitimate. And here's how I know, because this is the way the scam actually works. You think, you think about it, these scams are nothing new at all. And, and just because you're seeing it for the first time doesn't mean it's the first, it's its first rodeo. It's been around a while. So Arps fraud watch, they're very skilled at that. They're very educated at that, and they can walk you through, show you how to protect yourself. So show you how to report to law enforcement and hopefully get this individual locked up at the end of the day.

Larry (37:02):

Any other words of advice? Anything we forgot to talk about?

Brett Johnson (37:06):

I don't think so. What I would say is stay safe out there. Stay secure, stay vigilant. That's the big thing. Have fun. You know, have fun, but be on your guard. I don't believe in, I don't believe in leading a, a paranoid life at all, but I do believe in leading a secure life. So just be careful out there.

Larry (37:27):

Brett, thanks. This was so much help and I think it's gonna be a valuable podcast for my listeners.

Brett Johnson (37:34):

Thank you so much for bringing me on. I appreciate it.

Larry (37:36):

Thanks again.

Announcer (37:39):

If you found this podcast interesting, fun or helpful, tell your friends and family and click on the follow or subscribe button. We'll let you know when new episodes are available. You've been listening to specifically for seniors. We'll talk more next time. Stay connected.

 

Brett Johnson Profile Photo

Brett Johnson

I am one of the top experts in the world on cybercrime, identity theft, fraud, and cybersecurity. My knowledge is unique. My education does not come from a book, school, investigator, or commentator who has no practical experience on the subject of which they speak. I have hands on training. My knowledge is from the criminal side of things. I have an understanding of cybercrime that the majority of people on the planet will never possess.

I built the first organized cybercrime community, Shadowcrew, while also establishing several forms of financial cybercrime. Shadowcrew was the precursor to today's Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today. I was placed on the United States Most Wanted List, convicted of 39 felonies, and sentenced to 7 1/2 years in federal prison.

I am fortunate to be one of the few who have been able to step away from my life of crime--with the help of many. Today, I use the vast amount of knowledge I have concerning cybersecurity, cybercrime, identity theft, and fraud to help individuals and companies protect themselves from the type of person I used to be.

I speak and consult with some of the most well known entities across the globe. Clients include The FBI, Microsoft, Lexis-Nexis, ThreatMetrix, VISA, Identity Guard, AARP, Emailage, MWAA, Elavon, TED, ISMG, Neustar, BBWest Bank, and numerous others.

Recently featured on CNNMoney, NBC, AARP, VICE, RT TV, Arstechnica, the Independent, FOX TV, and more.