So what the coin bases and others of the world have learned and what the AT&T's and horizons have learned is that as you know, foreseeability equals liability. And so if any of these companies can foresee that a sin swap is going to result in tens of thousands to millions of dollars in losses for a consumer, if they can foresee that is going to happen, they need to do something in addition to what they currently have in place in regards to preventing that from happening. Therefore, what else can we do, they said? And they said, well, how, what if we knew the sin was swapped out legitimately or illegitimately? How would we know that? What do we need to do going forward? Thanks for listening to Kerry Lutz's financial survival network, your solution to today's trying times. For the latest, go to financialsurvivalnetwork.com. Financial survival network now more than ever. And welcome, you are listening to and watching the financial survival network. I'm your host, Kerry Lutz. We have security expert, Robert Sassiliano with us now. Robert, you've been warning people about scams, seems like most of your life. And now they're after you, they're trying to scam you, right? Oh, man. Oh, yeah, that they they haven't been trying to scam me for quite a quite a long time. Actually, I've I've received, I've received emails from bad guys with my social security number in the body of an email. Hey, security guy, here's your social, ha, ha, with them basically flexing their muscles, showing me how cool they were, and that they got one up on me. And you know, like when I see that, my response is, you know, whatever, because as far as I'm concerned, everybody's social security number at this point is in the hands of a criminal, you know, like I'm often asked by consumers, you know, should I invest in services that, you know, find my information on the dark web? What do you think about that? And like, my information's on the dark web yard, mations of the dark web, your name, your email address, likely your social security number, your haul address, your phone number, your email address, you know, everything like it's, it's all on the dark web, because there's been like 170 plus billion records compromised at least in the last decade. And all of that information, or at least most of it is available on the dark web. So what is a dark web scan going to do other than tell you that your data is exposed? And what do you do in response? What do how do you react to the information? Basically, the idea is to make the data useless to the thief, right? And so, what does that mean? What does it mean when they have your social? What does it mean when they have your credit card number? What does it mean when they have your email address? So, or what does it mean when they have your passwords, right? And I tell people all the time, don't worry about it, but do something about it. So passwords, what do you do? You change a few passcodes when you find out that specific passwords will compromise, and you find, and you look through all your various logins to determine where that password might have been affected. So you change up your passcodes. In addition to that, the end all cure all for most password breaches is make sure you have two factor authentication across all critical websites, because even if they have your passcode saved for your PayPal account, they would need to have your mobile phone in their possession. As long as you have two factor authentication enabled, they would have to have your mobile phone in their possession to be able to get into your PayPal account, even if they had your passcode. So just yesterday, I got an alert that somebody's trying to update my Instagram account. They want to reset the password of my Instagram, which means that somebody probably has my email address, which is public knowledge, and they probably just did a password reset. And to most people, that's going to freak them out. For me, you know, I've got two factor authentication. I've got uppercase, lowercase, that was a characteristic of my passwords, and they would need my mobile phone in their possession to get into my Instagram account. As far as if they had my social security number, well, that's kind of a no-brainer too. You know, I have identity protection services that monitor my information, look for new lives of credit being opened up under my name. In addition to that, I have a credit freeze across all three major credit bureaus, so Experian, Trans Unite Aquafacts. So if somebody has my social security number in their possession, and they're trying to open up new lives of credit under my name, well, good luck, because any lender, any credit card company, any where they go to try to process an application for credit, they're going to be met with a credit freeze. They're not going to be able to see what my credit scores are. Therefore, that lender, that credit card company, that bank is going to bump that credit check back and say, you can't approve this load or this credit card because you have a credit freeze, Robert Sisley, out of slash identity beef. And therefore, we can, you know, issue this line of credit, this credit card to you. So a credit freeze, in most cases, makes the social security number, in most cases useless to the thief. And it's if they have my credit card number, right? Yeah, they could probably make charges to my credit card. Sure, like that's not that difficult. Every single time you use your credit card, your credit card number over the phone in person, whenever that number that credit card is at risk. However, I have push notifications or, you know, a pop up notifications via all of my credit card numbers and my bank account number. Well, what that means is every single time there's a charge, every single time there's a transaction on my bank account, on any of my cards, card, present card, not present, international below or above a dollar, you name it, I either get an email instantly, a text message instantly, or a pop up via one of my credit card or bank mobile apps. So I am made aware in real time, every single time there's a transaction on a card or a bank card or credit card, which doesn't necessarily make those digits useless to the thief, but it makes it really hard to use any of my credit card or bank account account numbers in commerce, because I am made aware of it in real time. And I can immediately refute those charges, which in most cases should, you know, stop the bad guy in his tracks and prevent him or her from doing any further damage. And then I'll just get a new credit card in the mail shortly afterwards. And I've, I've actually probably in the past three to five years, have had to get two or three different new cards as a result of those push notifications, you know, and push notifications that I set up for my bank card, my credit card are different than when the bank or credit card company notices charges that are anomalous, meaning, for example, I might use my credit card and gas station in Boston. And then 10 minutes later, that card is used in Russia. I obviously get to Russia in 10 minutes, you know, that's an anomaly, right? So the credit card companies, the banks, they have anomaly detection technology that recognizes risk, which is different than you setting up push notifications. So credit cards, you know, social cutting numbers, pass codes, it's the dark web. It's a matter of making the data useless to the thief. So what about this thing of sim swapping, which really could be used to defeat third party factor ID for the people like getting their crypto accounts, their bank accounts, all sorts of things, looks like the carriers are taking additional precautions to stop it, but it's a little scary. Yeah, so I'm glad you touched on that, because I've actually been, and I still function as an expert witness, revolving around sim swapping, and someone's, you know, crypto account being drained, right? And I've seen that, unfortunately, too many times. And when somebody is targeted, usually the first thing that happens is their email is compromised in some way, whether they are fished, when they don't have two factor authentication, right? Whether they're fished or their credentials are exposed of the dark web, you know, so your email addresses relatively public. But then your password, password, singular, that's used across multiple accounts is highly problematic. Okay, so I'll get to the sim aspect of this, but it begins with your email being compromised. And so once your email is compromised, once the bad guy is inside your email, A, it goes back to authentication, B, because you use the same passcode across multiple accounts. And that data is in fact exposed to the dark web. The bad guy doesn't necessarily hack into your email. They just log in because they have your credentials, because your credentials are exposed on the dark web. And you're not doing the basic cybersecurity 101 to make the data useless to the thief by setting up two factor authentication, never using the same passcode twice, which also generally means that using a password manager, which I do and I have for over 20 years, right? And a password manager facilitates the process of using a different passcode across each account, uppercase, lowercase numbers and characters, long, strong passwords that generally aren't easily cracked or words found in the dictionary or consecutive piece drops across a keyboard and so forth. And so once the email is compromised, bad guys inside the email, now they just search Coinbase, they search crypto, they search, uh, Binance and so forth, all the crypto exchanges, right? And once they're inside your email and they see, oh, he or she has a Coinbase account, he or she has a Binance account and so forth. That's when they begin the password reset, if possible from your email. And if that doesn't get them in, they realize you have two factor authentication. And that's when the same swap process begins. Now, once they're inside your email, they search out AT&T, Verizon, Comcast, T-Mobile, right? What mint and so on. And they just go down the line in regards to all the mobile phone carrier companies to see where you have it. And the next best thing for them is to reset the passcode for your, uh, telco. So that now they're in your telco. And even if that has two factor authentication, they at least have at this point enough intelligence because they're inside your email that they know who you can use for crypto. They know who you use as your cell carrier and so forth. Now from there, that's when if they can't reset any passcodes because of two factor authentication, best case scenario, that's when they head out to a physical store, and then go to generally a third party reseller, you know, some guy that has a shop at a mall somewhere that, uh, you know, sells mobile phones. And he has access to much of the same tools to swap out a sim as one of the actual carriers, you know, the T-Mobile's and AT&T's and Verizon's of the world. That third party reseller has that same similar access and the problem here. And I've seen this and I've actually commented on this in some swap cases, uh, in a, in a court of law that, um, like you'll find pockets of these third parties resellers where like there's been a few different sims swaps have occurred as a result of this particular reseller at that particular location. Why? Because he or she was approached by a, um, scammer and said, Hey, listen, I'll give you a thousand bucks. If you could swap out this sim. He's like, I, okay, you got it. 1000 bucks is 1000 bucks. Yeah. You just got one or two of them coming in a week. That's, you know, four, six, eight, 10, 12 grand a month. You know, sure. Why not? Right? Like that's easy. He's money. And so that reseller generally is the one who is defeating, um, whatever security measures that the telcos have in place. And it's not just the third party. So in my own research, when it comes to sim swaps and my own research as an expert witness, I've reached out to the Verizon's and the AT&T's and the boost mobiles and the Verizon's and so forth as a consumer and made a phone call and went in to the actual operations. And said, listen, I like, what do I do? Like I, I, I lost my password to my account. And I got this mobile phone. I got this iPhone and I need to swap out my sim because like my phone doesn't work anymore. And, and I, you know, just everything's dead. And, you know, what do I do? Like, how do I go about it? He said, well, you know, generally, like we need to, you know, two forms of identification. He's like, well, I'm like, well, I've got a driver's license. That's all I've got. And, but, you know, be on that, like I don't have anything else. It's like, well, as long as you come in with a job relations, we'll have no problem. We should be able to do it right here on the spot. Here's the problem with that. You go on TikTok right now, you go on Instagram right now, you go to any college in America right now, you can easily find fake IDs easily, like two for 80 bucks, two for 80 bucks. And they're good. They are good quality IDs. And the only, and I've looked at these IDs, like I've handled and played with these IDs, but compared up against mine, you know, and the only difference in the fake IDs versus the real IDs is that there's generally a hologram in the rail ID that isn't as good as the one that's in the fake ID. The fake IDs are a little duller. They're just a little duller. Yeah, that's real. You know exactly what you mean, dollar. Yeah. But the, but the, but it's, but there is a hologram there. It's just a little duller. It's a little more faint. And that's really it. And so your everyday Verizon store employee, he's really not going to be really looking for that, or no enough to look for that. He may or may not have the experience. He may or may or may not know the difference, but you walk in all, you know, frazzled and so I just need this new all, you know, you've got like, you know, clean, shiny teeth and good hygiene. So they're on a Friday, go there on a Friday before closing, right? Yeah, they're not going to be like, I don't know about you, like your sketch. I mean, you're, I walk in, we're not going to be all sketch, you know, right? Exactly. We look like taxpayers. Yeah. Gotcha. So there is, there is good news here though. Here's the deal, right? All is not lost. The good news is that this, there's a lot you can do change up all your past codes, use two factor authentication for everything, everything, including email, never use the same passcode twice. You do all these different things, okay? The good news is that the cryptocurrency companies, right, the bitcoins and so forth, they now have developed relationships with the telcos. And what that means is, they know, if you are, if you already have say, a Coinbase account and your stuff as high as that Coinbase and you're on AT&T, you've got two factor authentication, you're doing all the things the us supposed to do at Coinbase to make sure that your crypto is in hack that you've tightened up your AT&T account and like you've got two factor authentication there. But then you're like, you know what? AT&T is too expensive. I'm going to go to mid mobile. Yeah. Right? Because mid mobile is like a third of the price. So you go to the process of setting up a mid mobile. Coinbase knows that you no longer are at AT&T. You're at mid mobile. They have backed over access and know that you've swapped out your sim to go from AT&T to mid mobile. They know that now. So that back door access, that relationship that Coinbase has with AT&T and others is a good thing. And that protects Coinbase and it protects their users. Yeah, it's getting harder to swap out a sim for the bad guy in it not be detected by the coin bases of the world. And I can tell you a personal story. I don't want to say what carrier I use and what major bank it was, but I had gotten a new phone upgraded by iPhone and you know, it's an e-sim. But when I logged on to that bank the first time, it said it appears that you're using a new phone or a new sim, we have to do additional verifications. And you know, they nailed it because obviously it was me. But I saw that they were really taking precautions. So I guess there will be some universal verification of sims, e-sims, as well as physical sims. So when someone has a new one and it pops up for the account, then they have to go through an additional phase of verifications. More than one, it was two or three. I had to do a couple credit cards by AT&T card. And yeah, it was it was extensive. So I didn't think so it's a bad but it's a good thing. And so what what the coin bases and others of the world have learned and what the AT&T's and horizons have learned is that as you know, foreseeability equals liability. And so if any of these companies can foresee that a sim swap is going to result in tens of thousands to millions of dollars and losses for a consumer, if they can foresee that is going to happen, they need to do something in addition to what they currently have in place in regards to preventing that from happening. Therefore, what else can we do, they said? And they said, well, how what if we knew the sim was swapped out legitimately or illegitimately, how would we know that? What do we need to do going forward? And they developed that relationship. They begin to shake hands with each other. And now they know via an API or something, that effect. And so that does protect consumers in the end. That does not mean that consumers should still sit in their hands and do nothing. They still need to engage in all the various, you know, due factor authentication, change of your pass screws, never use the same pass code twice, enlist in a password manager, and so on and so forth, at all your various critical accounts, including anything related to any finance crypto and everything and anything. And generally, you're going to become a tougher target for the bad guy. And they're going to go after the path of least resistance, which is the people who don't have those basics in place. And as we were speaking, I changed my Google password, because it had been too long. And it sent a notification to my phone. I was doing it online. On my desktop sent a notification on my phone, your passwords just been changed. Was that you? Yes or no? And of course, I said yes. So yeah, you can never be too careful here, Robert, and a friend of mine that it happened to in Florida, Coinbase account got drained. They tried to drain her bank account, but they were not able to. But they took $28,000 worth crypto from her account. And she had to sue them. I didn't hear what happened. I believe it was settled out of court. And that was that. Hey, well, appreciate you coming on telling us about this new emerging threat, as well as the way that they're after you personally. Just tell us where do we find you? How do we connect with you on the web? Sure. I am at ProtectNow, LLC.com again, ProtectNow, LLC.com. I can also be found at safer.me. That's S-A-F-R dot M-E. Or just Google, Robert, you can't miss me. All right. And the links are in the show notes of this interview on financial survival network.com. While you're there, sign up for your free newsletter. You got a lot of valuable info from this. And Robert, we'll talk to you again real soon. Thanks for stopping by. Thank you, buddy. Thanks for listening to Carrie Lutz's Financial Survival Network, your solution to today's trying times. For the latest, go to financialsurvivalnetwork.com. Financial Survival Network. Now, more than ever.
