Sign up to save your podcasts
Or
Share 4. Your Bank is NOT Your Friend
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
4. Your Bank is NOT Your Friend
Stupid...or Just Irresponsible? | Episode 4: The Bank is NOT Your Friend
Subscribe to Stupid or Irresponsible Podcast
Spotify | Apple Podcasts | Google Podcasts
Resources
Security Webinar - Stay ahead of the game! Sign up for our Security Webinar today. We give you FREE tools, FREE training, and we WILL hold your hand throughout the process. BUT when you don’t take our help or our advice that is stupid.
Schedule Your Discovery Call - If you know you've got a problem take us up on this offer! Book a 10 minute call with myself (Justin Shelley) and we’ll go over what we can do to help, get you started on a path to have a solid plan in place, constantly reviewing that plan, and just making sure you are doing the right things to minimize ALL the risk we possibly can.
Show Notes
[1:50] – Justin shares what started his love affair with technology and how he is shocked to be spending most his time fighting crime...
- Justin’s love affair with Technology began at the rightful age of 12 with the Apple 2E
[2:26] - “I got into computers at the rightful age of 12 but did not see myself fighting crime…”
[2:36] - But here we are… Master Computing is an IT company we really pride ourselves of fast response, on processes, on client education, but man we spend most our time fighting crime! Who knew!?
[2:59] The title of this podcast Stupid or irresponsible
- Title Background - We send out the this letter called the “Stupid or Irresponsible” letter and people got offended or squeamish about calling someone Stupid.. So, they would play it down to sound less harsh. But the fact is, not taking basic security measures and educating yourselves, employees, then you are stupid.
[3:50] - Justin came to this conclusion when making this title - If you don’t care enough about your business to care about your business to protect it from cyber crime, I can’t care about your business more than you do. SO, take the advice, take the tools we’re giving YOU, or don’t but if you don’t and you get hit... sorry YOU’RE STUPID.
[4:08] – Today we are going to talk about a BEC Attack that cost a very intelligent very established businessman $400,000 that he DID NOT RECOVER.
[4:20] – What's a BEC Attack?
- BEC Attack – Business email compromise attack:
- It’s when someone has access to or is faking that they have access to your email account.
What does it mean? What can it do?
You are going to want to Keep listening!
- A BEC attack begins with cyber criminals hacking and spoofing to gain access to your email.
- If they have access to your email or at least the end user they’re talking to (which could be your bank or any financial institution you name it) … If they think they’re talking to you and your email account, the hacker, now they’ve got your world.
“So, if you want my bank account and you aren’t me but happen to have my email then you pretty much have it all.”
[5:47] - So that’s what a BEC, a scam is – it’s when somebody (aka a hacker) gets access to your email by impersonating you or someone in your business.
What is “Spoofing”?
[5:57] - If somebody can PRETEND to have your email address, we call that “spoofing”
[6:09] – Unless you have security set up it’ll look exactly like it’s coming from you
[6:17] – We’re talking about scary stuff “we can’t really get through life believing every little bad thing is going to happen to us.”
[6:30] – one of the human defense mechanisms is to believe that bad things cannot happen to us… Today, in this podcast, we are here talking about things that HAVE happened.
Listen as we shine light on the importance of this growing threat.
[8:00] - Above was talking about Spoofing
- A “spoofed email” would set off alerts, but if you logged into my email account it’s NOT triggering those alerts – THIS is what we really must be careful of.
- We have all kinds of protections we can put against spoofing but sounds like we’ve got to work on our email...
[8:16] What Joe recommends to anyone, especially people who have any kind of personal Yahoo or Gmail account: Setting up one or both of these two things:
- MFA
- 2FA
The most basic of those would be Multi Factor Authentication (MFA). You might also see 2FA out there. Recommendations from Joe:
- I would highly recommend anybody, if you have any kind of Yahoo, Gmail, personal account, you name it!
- I would 100% set up MFA – It will save you so much time, headache and effort.
[8:35] – So let’s get into the nuts and bolts of this one - we are going to talk about a guy named Verne Harnish
STORY
[9:04] – Verne Harnish got hit. But he is not stupid, he had protections in place.
He was in a foreign country, doing a big presentation to 3,000+ CEO's, executives, entrepreneurs. In this article Verne says he used a “public network” and in that process somebody was able to sniff out his emails and now is when the attack begins.
1st – they hack his email, then they start impersonating him
Note: They are not spoofing him. They are actually INSIDE his email account. They are him.
Inside his email account watching messages being sent between Verne and his admin (communicating about wiring money...)
They sit and learn this stuff until they are able to very accurately impersonate him THEN they make the attack. Wiring money to 3-4 different places. By the time Verne (or anyone) figures it out, it’s game over… the money is GONE.
[12:15] – Joe, let’s talk about what Verne did RIGHT what he did WRONG
- Rule #1: Just don’t get on public WiFi.
- We highly suggest that if you do get on public WiFi you’ve got a proxy VPN, or a VPN set up.
- Why? If you don’t have that, any hacker is reading words verbatim off your computer.
So Joe, "DO or DO NOT use Starbucks WiFi?
- NO do not…
- Safe alternative like the VPN set up is to 100% use your mobile hotspot if you need WiFi.
So what could Verne have done as extra security to possibly prevent this?
[15:00] – What could they have done to possibly prevent this?
The BEST thing they could have done:
- In this case one KEY component that was missing is –
- Don’t ever allow money to be authorized over email.
- Or at least not over the initial form of communication.
- Example:
- If email is where it initiated, get another form of communication in there (like a direc...
View all episodes
By Master Computing
5
33 ratings
Stupid...or Just Irresponsible? | Episode 4: The Bank is NOT Your Friend
Subscribe to Stupid or Irresponsible Podcast
Spotify | Apple Podcasts | Google Podcasts
Resources
Security Webinar - Stay ahead of the game! Sign up for our Security Webinar today. We give you FREE tools, FREE training, and we WILL hold your hand throughout the process. BUT when you don’t take our help or our advice that is stupid.
Schedule Your Discovery Call - If you know you've got a problem take us up on this offer! Book a 10 minute call with myself (Justin Shelley) and we’ll go over what we can do to help, get you started on a path to have a solid plan in place, constantly reviewing that plan, and just making sure you are doing the right things to minimize ALL the risk we possibly can.
Show Notes
[1:50] – Justin shares what started his love affair with technology and how he is shocked to be spending most his time fighting crime...
- Justin’s love affair with Technology began at the rightful age of 12 with the Apple 2E
[2:26] - “I got into computers at the rightful age of 12 but did not see myself fighting crime…”
[2:36] - But here we are… Master Computing is an IT company we really pride ourselves of fast response, on processes, on client education, but man we spend most our time fighting crime! Who knew!?
[2:59] The title of this podcast Stupid or irresponsible
- Title Background - We send out the this letter called the “Stupid or Irresponsible” letter and people got offended or squeamish about calling someone Stupid.. So, they would play it down to sound less harsh. But the fact is, not taking basic security measures and educating yourselves, employees, then you are stupid.
[3:50] - Justin came to this conclusion when making this title - If you don’t care enough about your business to care about your business to protect it from cyber crime, I can’t care about your business more than you do. SO, take the advice, take the tools we’re giving YOU, or don’t but if you don’t and you get hit... sorry YOU’RE STUPID.
[4:08] – Today we are going to talk about a BEC Attack that cost a very intelligent very established businessman $400,000 that he DID NOT RECOVER.
[4:20] – What's a BEC Attack?
- BEC Attack – Business email compromise attack:
- It’s when someone has access to or is faking that they have access to your email account.
What does it mean? What can it do?
You are going to want to Keep listening!
- A BEC attack begins with cyber criminals hacking and spoofing to gain access to your email.
- If they have access to your email or at least the end user they’re talking to (which could be your bank or any financial institution you name it) … If they think they’re talking to you and your email account, the hacker, now they’ve got your world.
“So, if you want my bank account and you aren’t me but happen to have my email then you pretty much have it all.”
[5:47] - So that’s what a BEC, a scam is – it’s when somebody (aka a hacker) gets access to your email by impersonating you or someone in your business.
What is “Spoofing”?
[5:57] - If somebody can PRETEND to have your email address, we call that “spoofing”
[6:09] – Unless you have security set up it’ll look exactly like it’s coming from you
[6:17] – We’re talking about scary stuff “we can’t really get through life believing every little bad thing is going to happen to us.”
[6:30] – one of the human defense mechanisms is to believe that bad things cannot happen to us… Today, in this podcast, we are here talking about things that HAVE happened.
Listen as we shine light on the importance of this growing threat.
[8:00] - Above was talking about Spoofing
- A “spoofed email” would set off alerts, but if you logged into my email account it’s NOT triggering those alerts – THIS is what we really must be careful of.
- We have all kinds of protections we can put against spoofing but sounds like we’ve got to work on our email...
[8:16] What Joe recommends to anyone, especially people who have any kind of personal Yahoo or Gmail account: Setting up one or both of these two things:
- MFA
- 2FA
The most basic of those would be Multi Factor Authentication (MFA). You might also see 2FA out there. Recommendations from Joe:
- I would highly recommend anybody, if you have any kind of Yahoo, Gmail, personal account, you name it!
- I would 100% set up MFA – It will save you so much time, headache and effort.
[8:35] – So let’s get into the nuts and bolts of this one - we are going to talk about a guy named Verne Harnish
STORY
[9:04] – Verne Harnish got hit. But he is not stupid, he had protections in place.
He was in a foreign country, doing a big presentation to 3,000+ CEO's, executives, entrepreneurs. In this article Verne says he used a “public network” and in that process somebody was able to sniff out his emails and now is when the attack begins.
1st – they hack his email, then they start impersonating him
Note: They are not spoofing him. They are actually INSIDE his email account. They are him.
Inside his email account watching messages being sent between Verne and his admin (communicating about wiring money...)
They sit and learn this stuff until they are able to very accurately impersonate him THEN they make the attack. Wiring money to 3-4 different places. By the time Verne (or anyone) figures it out, it’s game over… the money is GONE.
[12:15] – Joe, let’s talk about what Verne did RIGHT what he did WRONG
- Rule #1: Just don’t get on public WiFi.
- We highly suggest that if you do get on public WiFi you’ve got a proxy VPN, or a VPN set up.
- Why? If you don’t have that, any hacker is reading words verbatim off your computer.
So Joe, "DO or DO NOT use Starbucks WiFi?
- NO do not…
- Safe alternative like the VPN set up is to 100% use your mobile hotspot if you need WiFi.
So what could Verne have done as extra security to possibly prevent this?
[15:00] – What could they have done to possibly prevent this?
The BEST thing they could have done:
- In this case one KEY component that was missing is –
- Don’t ever allow money to be authorized over email.
- Or at least not over the initial form of communication.
- Example:
- If email is where it initiated, get another form of communication in there (like a direc...