Alabama's Morning News with JT
Greg Schaffer tells us how to stay ahead of scammers
I got to tell you, the cyber attacks and all the fraud people out there, the bad guys coming after us and they're so good and smooth at it that it doesn't matter how old you are, how young you are, how rich you are, how smart you are. Everybody is a target when it comes to these guys and ladies, they're all sitting around together in these big cubicles. Yeah, yeah, I'm calling you about, yeah, no, thanks. Bye. They can get under you and into your business quicker than you can say cybersecurity alert. And joining us now, Greg Schafer is here in Information Security Consulting Business that he is the owner and founder of is all about this warning us a little bit more about how they're doing this and how we can kind of head them off at the pass. Welcome, and Greg, thanks for being with me. I'm happy to be here, JT. So, yeah, they're preying on our human nature. They know how to have communication and get you into a soft spot and all of a sudden your defenses go down and next thing, you know, oh my gosh, I didn't see that coming. So, what are some of the ways that they're doing this and how we can spot these things before it gets out of control? Well, I think in general, first, you have to have a heightened sense of awareness and just question everything that happens. And actually, that just happened a moment ago, where beginning this process and your producer asked me a question out of the blue. I thought it was a scam call that was coming in. It didn't really make sense to me. And as I told Blake, I'm like, well, I'm paid to be paranoid, but it did kind of send me into a little bit of a defensive mode. And that's really the point there is that if you're expecting something or if you're not expecting something even more so, be in that defensive mode. Certainly, one of the most common ways that the bad guys get in nowadays, probably a lot of folks have heard is it's phishing. And what phishing emails basically are is they'll send you something that looks like a very valid email, like your Amazon packages here login or what have you, or you've got a new message login to your Microsoft account. And really, what the scammers are trying to do is that they're trying to get your credentials so that they can get it to your stuff so that then they can do the fraud that it is that they're trying to do. And it used to be that these emails were fairly easy to spot. In the security community, we would say, look for misspelling or bad grammar because usually they came from overseas. The English was off, didn't make too much sense. I've seen that for sure. Yeah, but nowadays with generative AI, artificial intelligence, now those emails can look very, very, very real to the point where it's very difficult to identify that it is actually a scam email. So I always advise folks that if they're asking you for something, contact the sender in a method that isn't in the email. You know the person's phone number, call them up and say, hey, did you just ask me to send you $2,000? That's usually the best thing to do. All right, my in-laws, they're in their 80s now and somebody called them and you're talking about AI and chat GPT and fake videos and fake voices, they got a phone call from somebody that sounded like their grandson who's in his 20s now in college. And he says, I've been in an accident, can you please send me $2,000? My car, they want the money now to get me out of this jam and they send them into panic and they're like, what? And for a minute, they were kind of sucked in. Are you okay? Are you okay? And next thing you know, something triggered my mother-in-law and she hung up the phone and called her grandson and said, are you okay? And he goes, yeah, why? I'm just laying here studying a little bit. What's going on? And she goes, oh, I'm so glad. It's amazing how much they can go get his voice off the internet or somewhere in a video and then just recreate the scenario and scare people into making a move. Well, she did exactly the right things. She had her defenses up and she verified it. And this is just not going to get better. It's going to get worse. One of the stories in the business world that happened earlier this year is a business executive was having a meeting with five other of their colleagues on Zoom executives. And those colleagues convinced the business executive to send $25 million. Now, the business executive thought that the other five in the Zoom meeting, the voices and the faces and the movements, they all looked to be genuine, but they weren't. And they were deep fakes. That's kind of a new term that's out there. And once the money is gone, you can't get it back. And so those principles in business do apply to our personal lives as well. Yeah, when they start asking for things that you normally fill out in privacy, social security numbers, sensitive information about your finances, bank account routing numbers, red flags are flying everywhere. And boy, they're so good at convincing you that they are the real people, but you're right. I guess if you have any hint that something's going wrong, your advice, obviously, take a deep breath, hang up, and then you initiate the call back to who you think it might have been. Absolutely. And they try to get to you in other ways as well, too. But the basic motif is that they want to try to wear you down. So one of the relatively newer things out there is something called multifactor fatigue. And that's a lot of words to just basically explain when you log in to say your bank account, your bank account will send a code or a message to your phone saying, do you want to log in? Well, what the bad guys are doing, if they've already gotten your password, they've gotten through the first gate, now they're trying to get through the second gate. And so they keep on sending to your phone those requests until you get to the point of like, I just want this to go away. I obviously, I logged in somewhere to do something or there's something going on. I'm not even thinking about it. And once you hit yes or once you put in that code, now they have access to all your information. And it's preying on the human element of trying to get you to do something in a rush. You got to slow down and not fall for it. All right, very good advice. I really appreciate you. Greg, we'll have you back. Greg Schafer, cybersecurity expert.