Fraud usually gets talked about in numbers like how much money was stolen, how many people were affected, how many cases got filed. But behind every one of those numbers is a person who's been blindsided, manipulated, or left trying to rebuild trust in others and in themselves. This episode shifts the focus back to those human stories and the fight to protect them. My guest, Freddie Massimi, has spent more than a decade helping scam victims find both financial and emotional recovery, bringing empathy and understanding to a field that too often feels cold and procedural.

As a certified financial crimes investigator and program manager at The Knoble, Freddie has made it his mission to bridge the gap between institutions and individuals. He shares the heartbreaking and hopeful moments that define his work including one phone call that saved a life. Along with how that experience changed the way he thinks about what true fraud prevention really means.

Freddie also opens up about The Knoble's Post-Scam Victimization Guide, a collaborative, trauma-informed resource designed to help victims regain control of their lives and prevent re-victimization. From crypto scams to romance cons, he explains how these schemes keep evolving, why empathy is still one of the best tools we have, and how every fraud fighter can make a difference simply by listening and responding with humanity.

• [00:40] Freddie shares his background as a certified financial crimes investigator and program manager at The Knoble.
• [01:40] A look back at Freddie's early path into criminal justice and how empathy shaped his fraud-fighting approach.
• [03:07] The story of a Tennessee widow who lost $300,000 in a pig-butchering crypto scam.
• [04:30] Freddie's emotional account of saving a victim's life and how it reframed his mission to protect others.
• [07:42] The rise of collaborative fraud-fighter networks and Freddie's work leading The Knoble's post-scam initiatives.
• [08:11] How The Knoble unites financial institutions, law enforcement, and NGOs to address "human crime."
• [08:58] Development of the Post-Scam Victimization Guide, a trauma-informed resource for banks and fraud teams.
• [10:39] How financial crime has evolved from simple check scams to complex digital exploitation and trafficking.
• [13:01] The need for faster, more transparent information sharing between banks and law enforcement.
• [14:04] What makes the Post-Scam Guide different including actionable steps, empathy-driven language, and real-world tools.
• [15:00] Sextortion cases, Gavin's Law, and how shame and silence compound the harm.
• [18:30] Practical tools in the guide, including hotline numbers, QR codes, and scripts for supporting victims.
• [20:20] How to talk to romance scam victims with compassion including using questions that spark reality checks, not judgment.
• [22:00] Why shame keeps scams underreported and how trauma-informed communication changes outcomes.
• [23:19] The role of technology in scams: remote access, malware, and how scammers exploit smartphones and computers.
• [24:36] Shoutout to Kitboga for his cybersecurity tools and awareness campaigns against scam call centers.
• [25:22] Why elderly victims remain the most vulnerable and how education can empower prevention.
• [27:24] The double victimization cycle like when scammers return pretending to recover lost money.
• [30:00] Freddie's real-world example of helping a victim secure their accounts and recover identity.
• [32:50] How banks can adjust fraud detection systems to catch hidden patterns of exploitation.
• [34:30] Spotting red flags in gift card purchases and why speaking up can literally save lives.
• [36:31] Freddie's advice for anyone who suspects they're being scammed: stop all contact and secure your accounts.
• [37:06] The importance of documenting everything and reporting through IC3.gov and law enforcement.
• [38:30] Emotional recovery and community support are just as vital as financial recovery.
• [41:00] The biggest mistake victims make after being scammed is staying silent out of shame or fear.
• [41:40] Freddie's story about protecting his own grandmother from IRS and WhatsApp scams.
• [43:00] Common text-message scams and why you should never reply, even with "wrong number."
• [44:48] How to access The Knoble's free, vetted Post-Scam Victimization Guide.
• [45:30] Where to connect with Freddie and The Knoble's wider fraud-fighter network.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• The Knoble
• Freddy Massimi - LinkedIn

You think you'd never fall for a scam until you meet someone like Kitboga. He's a software engineer who's turned his curiosity about online fraud into a full-time mission to outsmart scammers and protect the people they target. His YouTube channel, The Kitboga Show, has millions of followers and nearly a billion views, thanks to his mix of humor, empathy, and clever ways of exposing how scams really work.

In our conversation, Kit opens up about how this all started, what it's really like to spend hours pretending to be a scam victim, and how organized crime has turned fraud into a massive global business. He shares what's changed over the years and why those old "red flags" don't always work anymore and how new tools like deepfakes and AI have made deception harder to spot than ever.

Kit also talks about his newest project, Serif Secure, a free tool he created to help people clean and protect their computers after a scam attempt. He's honest, thoughtful, and a little funny even when the subject is dark. By the end, you'll see just how much one person can do to fight back.

• [01:15] Kit explains how he got into "scam baiting" and why protecting victims became personal.
• [03:05] He shares how streaming scam calls to friends unexpectedly turned into a viral mission.
• [06:07] Kit recounts nearly falling for a Discord impersonation scam himself.
• [09:17] We discuss how deepfakes and AI are changing what a "red flag" looks like online.
• [11:31] Scammers now use real services like PayPal and DocuSign to appear legitimate.
• [13:11] Kit explains how long-term investment and "pig-butchering" scams draw people in slowly.
• [15:51] Fraudsters are now going after 401(k)s and retirement funds instead of small cash grabs.
• [17:00] We examine how fake phone numbers and online ads make verification harder than ever.
• [19:56] Kit talks about the emotional toll of scam-baiting and why he sometimes needs a break.
• [21:51] We reflect on why decades-old scams, like Nigerian letters, still thrive today.
• [23:57] The scale of organized fraud is compared to global industries worth trillions.
• [25:41] Kit admits scams will never truly disappear—only evolve with new technology.
• [26:44] We learn how his team uses automation to detect and map out scam networks.
• [30:24] Kit describes juggling live streaming with scam calls and the role humor plays in coping.
• [33:37] He explains why scammers' aggression still works and what it reveals about victims.
• [37:00] Kit shares moving stories of victims, including a widower deceived in a romance scam.
• [40:00] We explore how scams erode self-trust and make victims doubt their own judgment.
• [42:13] Kit talks about working with law enforcement and the need for stronger collaboration.
• [44:10] We hear about Serif Secure, his anti-scam software designed to protect users' devices.
• [47:04] The software now proactively blocks remote access tools and phishing websites.
• [48:14] Kit warns about "scam recovery" frauds and the cruel trick that targets victims twice.
• [49:30] We wrap with practical advice on skepticism, security, and staying a step ahead of scammers.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Kitboga - YouTube
• Seraph Secure
• Kitboga
• Kitboga - Instagram
• The Scamcast with Kitboga

Everywhere you turn, someone's trying to fake something like an image, a voice, or even an entire identity. With AI tools now in almost anyone's hands, it takes minutes, not days, to create a convincing fake. That's changed the game for both sides. The fraudsters have new weapons, and the rest of us are scrambling to keep up. The real question now isn't just how to stop scams, but how to know who or what to trust online.

My guest today, Bala Kumar, spends his days on the front lines of that battle. He's the Chief Product and Technology Officer at Jumio, a company working to make digital identity verification faster, smarter, and safer. Bala has more than twenty years in the industry, including leadership roles at TransUnion, and he's seen firsthand how the race between innovation and exploitation never really ends. It just keeps speeding up.

In our conversation, Bala shares how generative AI has supercharged the fraud world, what makes identity such a fragile link in digital trust, and why biometrics may finally offer a way forward. We also dig into the psychology behind online risk, how convenience often wins over caution, and what small habits can help people protect themselves in an age where deception looks more real than ever.

• [01:04] Bala Kumar has a background in product management and fraud prevention from TransUnion to Jumio.
• [01:59] He describes how fraudsters constantly evolve, forcing companies to anticipate attacks instead of just reacting.
• [03:56] The quality of manipulated images has skyrocketed, making real vs. fake nearly indistinguishable.
• [05:17] Jumio's systems catch most fake IDs, but Bala admits even advanced systems must keep auditing for missed fraud.
• [07:16] Regular audits and rapid response cycles help Jumio identify attack spikes within 24–48 hours.
• [09:40] Generative AI has dramatically increased the speed and volume of fraud attempts across industries.
• [11:33] Jumio uses cross-transaction risk analysis to detect emerging fraud patterns and shut down attacks quickly.
• [13:00] Fraudsters move from one platform to another, always searching for weaker defenses and faster wins.
• [15:10] Bala explains how fraud prevention has expanded beyond banking into gaming, dating, and gig platforms.
• [16:38] Consumers crave low friction, which ironically makes them more vulnerable to scams.
• [17:20] Instant gratification culture pressures companies to reduce security steps, fueling greater risk.
• [19:52] New AI-driven fraud tactics include injected camera feeds and highly realistic deep fakes.
• [20:12] Old tricks like "send me a selfie with proof" no longer work—deepfakes can now mimic anything.
• [22:22] Bala sees biometrics as the next major safeguard for digital identity and real-time verification.
• [23:12] Facial recognition has become mainstream, paving the way for secure and low-friction identity checks.
• [26:19] Jumio is already deploying biometric check-ins for events and hotel registrations with great success.
• [27:30] Account recovery and payout systems now use liveness and device checks to confirm identity safely.
• [30:09] Bala critiques outdated knowledge-based questions like "What's your favorite food?" as unreliable security.
• [31:12] Consumers lack visibility into which apps use strong verification or multi-factor authentication.
• [33:56] He calls for an independent rating system to rank apps based on security and identity protection.
• [37:53] Bala urges users to question why companies ask for personal data like SSNs or ZIP codes.
• [39:29] Even a ZIP code and last name can expose personal records, highlighting the need for awareness.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Jumio
• Bala Kumar - LinkedIn

Kids spend more time online than ever, and for the most part it feels normal. They're gaming, watching videos, and chatting with friends. But hidden in those same spaces are adults who know how to pose as kids, build trust, and push conversations into dangerous territory. Parents might think it couldn't happen to their child, yet detectives see how quickly an "innocent" interaction can turn into grooming or extortion.

That's the world Detective Seth Cockerham works in every day. He's been in law enforcement in Texas for close to a decade, and the last few years have been dedicated to investigating crimes against children. He talks about these cases with both the eye of an investigator and the heart of a parent, because he knows what it's like to raise kids in a world where technology isn't going away.

Seth explains how predators move kids off kid-friendly apps into spaces parents can't easily monitor, what behaviors should make families pay attention, and why kids often keep things to themselves. He also shares what has worked in his own home like parental control tools, early conversations about boundaries, and making sure his daughters know they can come to him about anything. At the end of the day, his message is simple: if your child says something feels wrong, take it seriously.

• [01:07] Seth explains his path into law enforcement and how he moved into child crime investigations.
• [02:24] Why drowning and neglect cases motivated him to take a deeper role in protecting kids.
• [04:05] The personal impact of working child abuse cases and balancing it as a parent.
• [05:30] How predators go where kids are online, from YouTube to gaming platforms with chat features.
• [07:00] Grooming tactics predators use, often pretending to be the same age to build trust.
• [07:40] Grooming can escalate in hours or take weeks, with predators moving kids to apps like Snapchat.
• [10:39] AI filters sometimes detect inappropriate content, but predators still find ways around it.
• [11:52] Behavioral changes are often the first signs kids are being exploited or manipulated online.
• [14:10] Why some kids go to police instead of parents and how Seth builds trust with families.
• [16:47] Most child abuse cases involve someone the child already knows; online cases are often strangers.
• [18:20] International predators make prosecutions harder, especially in sextortion cases.
• [21:08] Managing families' expectations when investigations take longer than TV shows portray.
• [23:55] Fastest time Seth has moved from a report to an arrest in an online case.
• [24:14] Common traits of perpetrators, often highly tech-savvy with strong knowledge of systems.
• [26:46] The parental control tools Seth uses at home, including the Bark phone for his kids.
• [29:30] How to reset boundaries with older kids and use resources like NetSmartz for education.
• [32:37] Seth's advice to kids: never send selfies to strangers, don't believe threats, tell a trusted adult.
• [33:39] His warning about sextortion: paying money never works, it only leads to more demands.
• [36:20] Resources for victims include counseling through advocacy centers and photo removal tools.
• [37:20] Seth's key takeaway: listen to your kids and take their concerns seriously.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Bark
• National Center for Missing and Exploited Children
• NetSmartz

Some people are willing to hand over their identities for cash, while organized fraudsters are lining up to buy them. What used to be a matter of stolen credit cards has turned into a global marketplace where personal details fuel large-scale fraud. Now with AI, automation, and deepfakes making impersonation easier than ever, it's becoming much more difficult to protect identities.

To understand how we got here and what can be done, I spoke with Ofer Friedman, Chief Business Development Officer at AU10TIX. Ofer has spent more than 15 years in the identity verification and compliance world, working with companies like PayPal, Google, Uber, and Saxo Bank. He's seen the evolution from basic ID checks to today's sophisticated fraud-as-a-service platforms, where attackers can buy stolen data cheaply, sometimes for just a few dozen dollars, and use it to launch real-time, undetectable attacks.

Ofer explains why traditional approaches like uploading a photo of your ID are no longer enough, and why privacy, in practice, is already gone. He walks through the "minefield strategy" of fraud prevention, where businesses must layer multiple defenses like device, network, and behavioral indicators. We also talk about the rise of digital IDs, the coming challenge of quantum computing, and why regulators and service providers, not consumers, are now the ones who must shoulder the responsibility of protecting identities.

• [01:00] Ofer explains his role in forecasting fraud trends and designing solutions, drawing from years in identity verification and compliance.
• [03:32] The conversation turns to people selling their identities, with fraudsters buying because impersonation is easier than ever.
• [05:18] Ofer describes how sales happen in encrypted channels like Telegram or Discord, often targeting desperate individuals.
• [07:07] He calls these sellers "identity mules," noting they only receive a few dozen dollars per transaction.
• [08:20] With billions of stolen data points in circulation, there's more identity data than people, making personal data cheap and plentiful.
• [09:00] Regulations require minimal information, often just basic ID details and a selfie, which makes fraud easier to attempt.
• [11:00] Deepfakes and injection attacks undermine even live ID checks, giving rise to fraud-as-a-service platforms that automate attacks.
• [13:00] New age verification laws in the US and UK highlight the growing tension between privacy and regulation.
• [15:53] Ofer outlines the "minefield strategy," where layered defenses (ID, device, network, behavior) are needed since no single tool is sufficient.
• [18:46] The discussion shifts to how fraud is global, not just American, and why digital IDs may offer better protection though not without flaws.
• [21:45] Fraud is evolving quickly with automation, enabling fraudsters to launch massive, randomized attacks.
• [29:03] Ofer explains the three lines of defense: live checks, collateral risk factors, and behavioral monitoring.
• [31:40] He stresses that privacy is effectively dead, as the balance between privacy and security always favors security.
• [34:47] Consumer education won't stop fraud—technology and companies must take the lead in identity protection.
• [39:14] Identity verification and cybersecurity are merging into one process that scrutinizes users everywhere online.
• [45:34] The rise of agentic AI could reduce friction in transactions, but desensitization means people accept more scrutiny over time.
• [47:24] Ofer argues regulations need to evolve, calling for service providers to be rated and held to higher standards.
• [50:36] He reflects that we're moving into a new era where deepfakes and impersonation will affect not just finances but media, politics, and trust itself.
• [52:05] Ofer closes with advice on evaluating identity verification vendors, emphasizing layered defenses and transparency.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• AU10TIX
• Ofer Friedman - LinkedIn

Technology is moving faster than our ability to process its impact, forcing us to question trust, motivation, and the value of our time. Few people have had a closer view of those shifts than Esther Dyson. With a background in economics from Harvard, Esther built a career as a journalist, author, commentator, investor, and philanthropist, with a unique ability to spot patterns across industries and challenge assumptions before they become mainstream.

She is the executive founder of Wellville, a ten-year nonprofit project dedicated to improving equitable well-being in communities across the United States. Beyond her nonprofit work, Esther has been an active angel investor in healthcare, open government, digital technology, biotechnology, and even outer space. She's currently focusing on health and technology startups, especially the ones that actually care about human connection instead of just making everything faster and more efficient.

When we chatted, Esther made this really compelling point about AI. She thinks we're asking the wrong question when we debate whether artificial intelligence is good or bad. What really matters, she argues, is how we choose to interact with it. We dove into some tough ethical questions about how quickly we're adopting these technologies, this concept she calls "information diabetes," and why being upfront about who's funding what and why is absolutely crucial if we want to trust anything anymore.

• [01:44] Esther describes her career path from journalism to independent investing and healthcare projects.
• [02:52] She explains why Wellville had a set end date and connects it to her upcoming book on time and mortality.
• [04:08] Esther gives her perspective on AI, tracing its evolution from expert systems to neural networks and LLMs.
• [06:17] She stresses the importance of asking who benefits from AI and being aware of hidden motives.
• [12:44] The conversation turns to ethical challenges, biased research, and the idea of "information diabetes."
• [15:37] Esther reflects on how wealth and influence can make it difficult to get honest feedback.
• [18:09] She warns that AI speeds everything up, making it easier to do both good and harm.
• [20:14] Discussion shifts to the value of work, relationships, and finding meaning beyond efficiency.
• [25:45] Esther emphasizes negotiation, balance, and how ads and AI should benefit everyone involved.
• [27:28] She highlights areas where AI could be most beneficial, such as healthcare, education, and reducing paperwork.
• [29:26] Esther argues that AI companies using public data should help fund essential workers and services.
• [31:08] She voices skepticism of universal basic income and stresses the need for human support and connection.
• [34:55] Esther says AI is far from sentience and accountability lies with the humans controlling it.
• [36:46] She explains why AI wouldn't want to kill humans but might rely on them for energy and resources.
• [37:33] The discussion turns to addiction, instant gratification, and the importance of valuing time wisely.
• [41:02] Esther compares GDP to body weight and calls for looking deeper at its components and meaning.
• [42:19] She explains why she values learning from failures as much as from successful investments.
• [43:18] Esther closes with advice: ask good questions, stay curious, and never underestimate the power of a smile.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Wellville
• Esther Dyson - LinkedIn
• The Beans
• Scarcity: The New Science of Having Less and How It Defines Our Lives
• Analogia: The Emergence of Technology Beyond Programmable Control

Cybercrime continues to evolve in sophistication and scale, with attackers running their operations much like businesses. From ransomware gangs with customer support desks to AI-generated phishing campaigns that erase traditional red flags, scams are becoming harder to detect and stop.

In this episode, David Bittner, host of the CyberWire Daily Podcast, shares his perspective on the changing landscape of fraud and cyberattacks. Drawing on his background in media, theater, and podcasting, as well as years of reporting on security issues, he explains how both criminals and defenders are using AI, why ransomware has exploded instead of fading, and how scams exploit human trust and expectations..

David also talks about common scams hitting people today, from toll violation texts and fake bank calls to romance scams on social media. He recounts personal experiences of being targeted, including a Facebook credential-harvesting attempt and an exit-ramp "out of gas" con, to show that no one is immune. Looking ahead, he predicts existing scams will keep evolving, AI will continue to raise the stakes, and defenders may eventually need AI "agents" watching out for them in real time.

• [02:00] David explains how CyberWire grew from a daily news brief into a full podcast network covering cybersecurity.
• [04:21] David recalls his background in media, theater, and early computer culture that shaped his path.
• [05:52] We hear how luck, timing, and technical skills combined to make podcasting a success for him.
• [07:17] David shares why he believes AI is the biggest change to cybersecurity in the past decade.
• [08:00] He notes that bad grammar is no longer a reliable phishing red flag thanks to large language models.
• [10:11] We discuss how phishing awareness training must adapt to more convincing scams.
• [12:30] He reflects on the unexpected rise of ransomware compared to early predictions about cryptomining.
• [14:08] David explains how ransomware groups now operate like corporations with support teams.
• [16:00] He raises concerns about ransom payments funding overseas criminal networks in Russia and North Korea.
• [18:15] We learn how scammers use call centers and human trafficking to scale their operations.
• [19:30] David describes current scam trends, including fake toll violation texts and AWS account alerts.
• [21:32] He points out how romance scams thrive on social media platforms like Facebook.
• [22:16] David recounts a frightening call where his mother was nearly scammed by criminals posing as bank security.
• [25:09] He emphasizes how scammers manipulate victims to stay locked into the story and ignore warnings.
• [26:03] We hear how criminals pressure victims into withdrawing cash, buying gold, or handing funds to unwitting couriers.
• [27:00] David shares a case where a delivery driver was tragically killed after being caught up in a scam pickup.
• [29:00] He talks about his own experiences of being scammed, including a Facebook credential-harvesting attempt.
• [32:08] David recalls falling for an "out of gas" roadside con and explains why he still prefers trusting people.
• [34:00] He reflects on how vague scam messages exploit imagination and insecurities.
• [36:08] We hear examples of scams that exploit real-life contexts, such as HR benefits or package deliveries.
• [37:45] David explains his current vigilance with real estate transactions and wire transfer fraud.
• [39:26] He predicts the next wave of scams will be evolutions of what already works, boosted by AI.
• [40:07] David outlines the persistence of "treasure box" and inheritance scams dating back hundreds of years.
• [41:02] He shares his hope that future AI "agents" will act as a safeguard for vulnerable users.
• [42:21] David speculates about "nuisance ransomware" that charges small amounts to fly under the radar.
• [43:25] He jokes about calling it "inconvenienceware" and wonders if such a niche could emerge.
• [44:39] David directs listeners to CyberWire.com to explore his podcasts and resources.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• CyberWire Daily
• Hacking Humans
• Caveat
• CyberWire

Cybercriminals are accelerating their attacks in ways that weren't possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what's genuine and what's fake is closing fast, making it harder for both individuals and organizations to defend themselves.

I'm thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help organizations adapt their defenses. Brett previously served as Okta's Regional CISO for Asia-Pacific and Japan and started his career as a journalist covering information security before moving into leadership roles in banking, government, and technology.

In this episode, Brett explains how AI is reshaping the speed and scale of cybercrime, why trusted platforms like email, SMS, and collaboration tools are being targeted, and what practical steps can reduce risk. He highlights the growing importance of phishing-resistant authentication methods like passkeys, the need for clearer communication between service providers and users, and the role of collaboration across industries and law enforcement in pushing back against attackers.

• [00:00] Brett Winterford introduces himself as Vice President of Okta Threat Intelligence and explains how identity-based threats are monitored.
• [02:00] He shares his career path from cybersecurity journalist to CISO roles and now to leading threat intelligence.
• [05:48] Brett compares phishing campaigns of a decade ago with today's AI-driven ability to launch attacks in minutes.
• [08:00] He notes how reconnaissance and lure creation have become easier with artificial intelligence.
• [10:40] Brett describes the shift from banking malware to generic infostealers that sell stolen credentials.
• [12:30] He explains how cryptocurrency changed the targeting of attacks by offering higher payouts.
• [14:21] We learn about the Poison Seed campaign that used compromised bulk email accounts to spread phishing.
• [15:26] Brett highlights the rise of SMS and other trusted communication channels as phishing delivery methods.
• [16:04] He explains how attackers exploit platforms like Microsoft Teams and Slack to bypass traditional defenses.
• [18:30] Brett details a Slack-based campaign where attackers impersonated a CEO and smuggled phishing links.
• [22:41] He warns that generative AI has erased many of the old "red flags" that once signaled a scam.
• [23:01] Brett advises consumers to focus on top-level domains, official apps, and intent of requests to detect phishing.
• [26:06] He stresses why organizations should adopt passkeys, even though adoption can be challenging.
• [27:22] Brett points out that passkeys offer faster, more secure logins compared to traditional passwords.
• [28:31] He explains how attackers increasingly rely on SMS, WhatsApp, and social platforms instead of email.
• [31:00] Brett discusses voice cloning scams targeting both individuals and corporate staff.
• [32:30] He warns about deepfake video being used in fraud schemes, including North Korean IT worker scams.
• [34:59] Brett explains why traditional media-specific red flags are less useful and critical thinking is essential.
• [37:15] He emphasizes the need for service providers to create trusted communication channels for verification.
• [39:29] Brett talks about the difficulty of convincing users to reset credentials during real incidents.
• [41:00] He reflects on how attackers adapt quickly and why organizations must raise the cost of attacks.
• [44:18] Brett highlights the importance of cross-industry collaboration with groups like Interpol and Europol.
• [45:24] He directs listeners to Okta's newsroom for resources on threat intelligence and recent campaigns.
• [47:00] Brett advises consumers to experiment with passkeys and use official apps to reduce risk.
• [48:00] He closes by stressing the importance of having a trusted, in-app channel for security communications.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Brett Winterford - LinkedIn
• Brett Winterford - Okta

Trying to erase yourself from the internet sounds simple until you start counting up old accounts, scattered social media posts, and the hundreds of data brokers quietly collecting and selling your information. The reality is messy, and for most people, the idea of fully disappearing online is more myth than possibility. But there are practical steps you can take to cut down what's out there and regain some control.

My guest, Max Eddy, is a senior staff writer at Wirecutter who covers privacy, security, and software platforms. For one of his projects, he set out to see how much of his own digital footprint he could realistically reduce. Max shares what he discovered along the way and what worked, what didn't, and how even small changes can make a meaningful difference.

In our conversation, Max talks about the value of using password managers and email masking, what he learned from testing multiple data removal services, and the emotional side of deleting old social media history. He also explains why perfection isn't the goal, and how thinking differently about privacy can help you stay one step ahead of scammers, marketers, and anyone else trying to piece together your personal information.

• [00:50] Max explains why he got into covering privacy and security and what keeps him motivated in the field.
• [03:27] We discuss the Wirecutter project on disappearing online and why it resonated with readers.
• [04:12] Using Have I Been Pwned, Max was able to reduce 350 online accounts down to 27 that needed immediate attention.
• [09:10] Max describes the tactics he used to break the links between his online accounts with fake names, masked emails, and random images.
• [11:55] We talk about data removal services, their limitations, and the challenges of removing certain public records.
• [17:52] We learn how scammers can piece together a person's complete profile from inconsistent, fragmented data from different data brokers.
• [18:54] We discuss how Google's removal tools only make information harder to find, but don't delete it.
• [23:15] We talk about the emotional side of deleting social media history and the automation tools he used to make it possible.
• [29:40] Max discusses the risks of deleting accounts entirely, from impersonation threats to losing important communication channels.
• [32:28] We talk about the value of taking a gradual approach to improving your digital privacy and how small, steady steps are most effective.
• [38:44] Max shares his key takeaways from the project: first, ask why you want to disappear, and second, remember that any effort to reduce data is valuable.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Max Eddy - Wirecutter
• I Tried, and Failed, to Disappear From the Internet
• Max Eddy
• Have I Been Pwned

Cyberattacks aren't just about hackers in hoodies anymore. Today, we're up against professionalized, well-funded organizations that run like businesses. They use AI to crack defenses, run labs that simulate the tools we rely on, and rake in trillions while defenders struggle to keep pace. The scary part? Even the strongest companies and governments can fall behind when the threat landscape moves this fast.

My guest, Evan Powell, has spent nearly 30 years in the cybersecurity world. He's the founder and CEO of Deep Tempo, and a serial entrepreneur who's helped industries from cloud data to resilience engineering make big transitions. Evan knows what it looks like when attackers have the upper hand, and he's seen firsthand how enterprises try to shift the balance.

In this conversation, Evan explains why compliance checkboxes aren't enough, why raising the cost of an attack is often more realistic than stopping one outright, and how AI is reshaping both sides of the fight. He also shares the creative ways defenders are adapting, from honeypots to sock puppets, and the simple steps every one of us can take to make life harder for attackers.

• [00:57] Evan Powell introduces himself as founder and CEO of Deep Tempo, with nearly 30 years in cybersecurity and tech innovation.
• [02:39] He recalls a high-profile spearphishing case where the CIA director's AOL email and home router were compromised.
• [03:51] Attackers are professionalizing, running AI-powered labs, and making trillions while defenders spend billions and still fall behind.
• [07:06] Evan contrasts compliance-driven "checkbox security" with threat-informed defense that anticipates attacker behavior.
• [09:40] Enterprises deploy creative tactics like honeypots and sock puppet employees to study attackers in action.
• [12:22] Raising the cost of attack through stronger habits, better routers, and multi-factor authentication can make attacks less profitable.
• [15:01] Attackers are using AI to morph and simulate defenses, while defenders experiment with anomaly detection and adaptive models.
• [20:56] Evan explains why security vendors themselves can become attack vectors and why data should sometimes stay inside customer environments.
• [24:50] He draws parallels between fraud rings and cybercrime, where different groups handle exploits, ransomware, and money laundering.
• [26:29] The debate over "hacking back" raises legal and policy questions about whether enterprises should strike attackers directly.
• [30:18] Network providers struggle with whether they should act as firewalls to protect compromised consumer devices.
• [34:59] Data silos across 50+ vendors per enterprise create "Franken-stacks," slowing real-time defense and collaboration.
• [37:28] AI agents may help unify security systems by querying across silos and tightening the OODA loop for faster response.
• [39:10] MITRE's ATT&CK framework and open-source collaboration are pushing the industry toward more shared knowledge.
• [41:05] Evan acknowledges burnout in cybersecurity roles but sees automation and better tools improving day-to-day work.
• [42:59] Final advice: corporations should rethink from first principles with data-centric solutions, and consumers must build protective habits like MFA and secret family phrases.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Evan Powell - DeepTempo
• Evan Powell - LinkedIn