How Much Can I Make? - Discover Your Dream Job.
"How Much Can I Make?" - Explores career opportunities and job advice.
If you're looking to understand the job market and want to make informed career decisions, this is the podcast for you!
Whether you're just starting out, or looking to make a major career change, getting the ins and outs of any job, is key to making informed decisions.
This podcast dives deep into what different careers are really like—what the day-to-day looks like, how much you can earn, and what it takes to succeed. You'll hear firsthand job advice from professionals who've been there, done that, and are eager to share their stories.
If you're curious about your next move, or just exploring career possibilities, you're in the right place!
Nominated for 2025 Women Podcasters award.
How Much Can I Make? - Discover Your Dream Job.
Cybersecurity Expert Tips for Job Seekers: Prevention vs. Recovery
Cybersecurity
Join cybersecurity expert Rivka Tadjer as she discusses job opportunities and essential tips to secure your digital.
Rivka reveals how criminals target our digital world, drawing from her long career in cybersecurity working for the White House, major corporations, and private individuals. She explains some easy steps we can take to prevent cyber attacks and identity theft.
You'll discover why your Gmail account might be putting your retirement savings at risk, how criminals can intercept text message verification codes, and why the default settings on your home router are practically rolling out the welcome mat for hackers.
Listen now and transform your understanding of cybersecurity from overwhelming technical jargon into practical wisdom that could save you thousands of dollars and countless hours of heartache.
Topics
1:15 From Journalism to Cybersecurity Expert
2:50 What is Cybersecurity
7:38 Most Vulnerable Websites and Places
9:53 What is the "Dark Web"?
15:29 Secure Communications and Password Protection
21:46 Banking Security and SIM Protection - Must Know!
28:38 Bluetooth, Wi-Fi, and Travel Safety
31:12 Secure Your Banking and Credit Cards
35:39 Ransomware Attacks
36:32 Identity Theft and Common Attacks
39:04 Career Opportunities in Cybersecurity
42:14 Why Seniors Are Prime Targets
Resources
zerohacksecure.com
Nordvpn.com
Follow us for more conversation like this one.
Want us to cover a specific job? Shoot us an email!
Music credit: Kate Pierson & Monica Nation
If you understand criminal behavior, you will understand how not to be a victim and you actually know more than you think you know, I promise you, incident response and mitigation of identity theft and breaches of your bank account will take forever. It's expensive and it's very painful and it's horrible to see, and so much of it is preventable.
Speaker 2:Hi, welcome back to how Much Can I Make. I'm your host, merav Ozeri, and today we're stepping into the high-stake world of cybersecurity. Our guest is Rivka Tadger, ceo and co-founder of ZeroHack. Rivka is a top cybersecurity expert who worked with the White House, major corporations and private individuals to prevent cyber attacks and identity theft. Let's step into her expertise and find out what we can and should do to protect ourselves in this digital world. Well, rivka, thanks a lot for willing to participate and giving us your time. I have millions of questions, of course, because that totally concerns me security. I was hacked, so let's start by first telling me how did you get into doing cybersecurity?
Speaker 1:So, first of all, thank you for having me on. And well, I started as a journalist in the late 80s, early 90s. I was on the team with the Wall Street Journal who put the Wall Street Journal online in what we call the OJ years 1994. And then I was covering privacy security, identity theft, as well as AI, machine learning, data mining and supply chains.
Speaker 1:Already in 94, you were dealing with AI Well because AI a lot of what is called AI now is machine learning Right. So that was the beginnings in data mining and putting those systems together.
Speaker 2:Didn't know that, so okay, so now you're an independent contractor, right? That deals with security. Tell us what you do.
Speaker 1:So we're actually going to celebrate our 10th anniversary next month of our consultancy. What we do is we protect people specializing in financial protection and secure communication.
Speaker 2:Okay, what does it mean? Financial?
Speaker 1:protection, protecting the cyber equivalent of putting your banks and brokerage in witness protection. So I also worked in fintech, in banking, and I was on the White House National Infrastructure Advisory Council for Critical Infrastructure in the banking industry, appointed by Obama, but worked through Trump administration. So I have specialty in how payments and banking work and I covered it a lot as a journalist. Then I moved to work for fintech and banking companies, so what we do is we investigate here you are right, mirav, you have email addresses. You've been online since we all got this Steve Jobs remote control of our planet in 2008, right?
Speaker 2:Everything was free free email free, this you can get everything.
Speaker 1:It was free, free email free, this, you can get everything. And so we ran for convenience. And those email addresses and the telephony side of your phone, which I'll get into, are wide open doors. Okay, everyone's heard about the terms phishing. Okay, if they hack into your email and can impersonate you, that's called an account takeover. And then, thanks to AT&T and Verizon, last year they breached all of our data and social security numbers. I can be Mirov. So what we do is we use cyber threat intel systems that are closed systems. We look anonymously in threat intel systems to see what of yours has been exposed. Can someone take your phone and forward authentication codes to another phone? Can someone be you with your email address and what kinds of cyber criminal groups are targeting you? So first, we do that. I'm a data driven person.
Speaker 2:Okay.
Speaker 1:So first I get the data.
Speaker 2:Okay.
Speaker 1:And we need scary little to find this out. Literally your name, middle name, helps if you have a common name, birth date, legal address, your IP addresses, phone number and your email addresses and that's it. And I never look at anyone's financial balance. I don't look at sensitive information and we can see if your social security number has been texted to someone else, but essentially you have to get the data and see what the vulnerabilities are and, if they are into your email or your phone or your systems, how they got in. Once we know how they got in, we can kick them out. And one of the most important, and that's the service part, If somebody has your social security number, they can't do anything with it, or that they can't access your banks and brokerage, because we've created a new identity for you with those.
Speaker 1:Because, once data is breached out there, the toothpaste is out of the tube. You are never putting that back, so sometimes it's a pain in the neck, I might tell you. You know that Gmail you've had for 100 years. You've got to get rid of it now, okay, and then you have to migrate it. You have to move your contacts, but you need encrypted, secure email for your bank and brokerage that never sees the light of day, that you never use for anything else, how can I get encrypted email?
Speaker 1:You can go to protonme in Switzerland and geta ProtonMail. Russian oligarchs use it to protect their Swiss bank accounts. And now so can you, for $3.99 a month. Think about it ProtonMail for protecting Swiss bank accounts. Do you think somebody's using a Gmail to protect a Swiss bank account? No, actually, if somebody tries to crack your password, the whole inbox turns to some pig Latin version of Cyrillic. Even for you. If you lose it, it's designed to protect. Other thing that you can do, depending on where your email is hosted, is things like Spam Assassin, these little add-ons that you can put on that really don't allow things into your server, especially if you're using a Gmail and you haven't gotten an encrypted secure email. An encrypted secure email will throw that stuff and it won't even let it on your server. It's like a big gunk air filter. Every infiltration. And the new IBM research reports and the new Verizon reports read those yearly. You can download them. The FBI ICS unit, the Internet Crimes Unit, read their reports. Over 90%, no exaggeration happens by human error with their email credential.
Speaker 2:I want to double check something. Yeah, if I email my broker, if I delete it and delete the trash, I'm safe. No, no, no.
Speaker 1:At Yahoo. They store all that crap on a server that they've long abandoned. If you didn't change over to Outlook Mail and get encrypted mail and Outlook, you know they do offer encrypted email servers, or your Hotmail, or that Prodigy thing that AT&T owns. Okay, anyone with one of those Yahoo accounts that became a Prodigy account, that is all subject to the.
Speaker 2:AT&T breach, so hold on a second. If I communicate on WhatsApp, whatsapp is encrypted. No, no, it's not.
Speaker 1:Zuckerberg bought it and now everything meta is integrated into it. That's why the whole world moved to Signal.
Speaker 2:Signal.
Speaker 1:Yeah. So now and when that goes to hell, I can come back and tell you what's new. The cyber criminals is what you should be worried about. Cyber criminals is what you should be worried about. It's organized crime. It's not a 40-year-old guy in his bathrobe still living with his mother. These are well-funded, they have the best hackers in the world and they have supercomputers. They can run everything about you in social media and, in 10 seconds, know the password to your email if you have not protected it. Okay, this is very, very sophisticated. So what you're looking at is the cyber criminals and protecting yourself from those criminal gangs. And you know, usually they don't have ideology, they just path of least resistance. Where can I break in and get money? How can I assume someone's identity? There are six attack surfaces. These are the high risk behaviors Crypto activism, ancestry sites get off of them all right now Porn, gaming and dating sites.
Speaker 1:There are ways to do all of these safely, except for ancestry, and it's a shame, because when 23andMe was breached, okay, and they only stole a database of Ashkenazi Jews, really, yep, all right. So why do they do that? It could be someone who wants to sell to Pfizer a database so that they can make a drug to prevent Tay-Sachs disease, or it could be someone who hates Ashkenazi Jews. It could be anything on that spectrum. Class action suit. And now 23andMe is gone Right, but the data's not gone and it's in junkyards somewhere. And it's a shame because something like 23andMe so many people if they were adopted because it was medical based, right right.
Speaker 1:But it's in the magnet for hackers because they know there's all kinds of data in there. The other place is to be super careful. You're getting a divorce. What's not in a separation agreement? Be careful how you communicate to your lawyer. Not only do you know how everything's divided, you know who got what and where it is. So think you got to learn to think like a criminal.
Speaker 1:And accountants forensic accounting they're so good at this. Some of my best sources that I brainstorm with are forensic accountants. They get this immediately once they tune into it because they know how money flows and the more you know about money flow, about accounting. Real estate lawyers are great at this. I have some great sources that I use who are realtors, because they know when something looks weird in MLS and MLS was hacked in 2023. Wow, okay. So if you've ever bought a house or sold a house or rented a house, do you know what is stored in an average real estate office printer In the printer it's stored In the printer because they're like oh, I have to print out this person's whole financial picture.
Speaker 1:They sent me proof of income and it's stored. It's stored. Look at network printers and see how often they're cleared. Medical people know the confluence of data and have great aptitude for this. Okay, and now with telemedicine there, all of that, that's why they keep getting breached. There's juicy information that goes on for years to socially engineer people.
Speaker 2:What is this dark web? Can you actually see what's there? It's like a mall.
Speaker 1:Of course you can see it.
Speaker 2:So can I go in and see if my information is in there?
Speaker 1:Well, you don't want to be noticed in there. You is in there. Well, you don't want to be noticed in there. You want to go in anonymously or posing as a fraudster buying stuff, because you'll be seen a mile away. You need to be anonymous to go do it and watch what they're doing, to do it. Do you do that? Yeah, of course that's what threat intel systems do, and we use one that's mirrored the infrastructure of the dark web, and it's amazing.
Speaker 2:Oh my God, so we?
Speaker 1:can watch what they're doing and you query it in many languages.
Speaker 2:You literally see people there buying and selling information.
Speaker 1:Yes, there are trajectories where you can see. Sometimes you can place them by longitude and latitude. Trading data.
Speaker 2:I mean, it's not a little avatar guy, but it's their identity.
Speaker 1:Wow. The problem with this crime is that it pays and there's only 0.05% of the time that anyone's ever caught, because you don't have to be seen.
Speaker 2:So you said secure password. How can I secure my password?
Speaker 1:Well, first of all, never, ever, use an automated, auto-generated password. Two reasons why Whoever is offering to auto-generate your password is keeping a database of those passwords.
Speaker 2:Even the very complicated, very long password, it's AI.
Speaker 1:AI is not good at implementing ideas or being creative, but if it's out there they can grab it. The other thing is it's a hacker's dream. So let's say you have automated passwords generated in a password manager. Those are stored in a place because you can't have everybody with the same passwords, right, right? So if they get to that attack surface and they say, oh, who has accounts here? Great, let's go get the. That's the first thing they'll go for. Let's go get the database of the auto-generated passwords, run it against the accounts and see where we get in. You need a system where you control things, where all the locks are yours to put on and take off, like freezing your credit reports. Okay, once Equifax was hacked, people in my industry we lobbied it became rule that you get to freeze your credit report.
Speaker 2:Right, I did that, yeah.
Speaker 1:Right and people are like, well, I don't have an account there. I was like great, well, they have had a dossier on you for 50 years. So you create that online experience so you control whether it's frozen or not. You want to go for, apply for a loan. You say which one are you looking at and you only unlock that one 24 hours before you let them do it, and then you lock it back up. Okay, and the most important thing about security is don't tell someone what you're doing. Misinformation is a good thing. What do you mean by that? When you create a new persona for your banks and brokerage and you have an encrypted email, you have two-factor authentication, you have good user ID and password, you have excellent hygiene when you do online banking and where you do your online banking and how you delete your browsing data and how you sign out instead of X-ing out your habits.
Speaker 1:How you call your bank and brokerage and say no wires ever go out of my account unless I'm in branch.
Speaker 2:Hold on a second. You said something important Deleting your browsing history. You said Absolutely. On a daily basis.
Speaker 1:Absolutely. When you can visualize how cyber criminals see what you're doing, then you really tune in to these principles and then you just apply the principles in your life. Once you click into it and you know, people tell me all the time you know I'm not, this is the era of the kids. I'm not good at this. I disagree. I work with seniors, a lot of seniors mostly because they're hard to protect and they have a lot to lose and they're main targets. Actually, they're much better at this than my 24-year-old daughter, because you know crime and you know criminals and you know criminal minds. But you have to know what they're seeing and how they follow you. You have to know what a keystroke logger is. That's everywhere you browse on the internet Little pieces of malware in that beautiful little Gmail of yours or Yahoo or Hotmail or any free mail AOL that sells your email to advertisers.
Speaker 1:What is a keystroke logger? Exactly what it sounds like. It logs your keystrokes. It's an info stealer. Okay, and you have to find out in all of your settings whether there's anything on there. On a PC, you go into your task manager In your Apple computer. You go to the activity monitor. Look at all the crap running in the background in your computer and if you see anything in Chinese or Russian, you call me. But if you see the words Zendesk, MSpy or numbers with KKEtxt, those are info stealers.
Speaker 2:What browser is the best one to use?
Speaker 1:It doesn't matter, they're all the same. It's how you set them up that matters. You set them up for zero trust. What do you think that Google and Microsoft and Apple and Firefox are doing with all that data if you don't set it? How do you think they sell advertising? They gather your analytics and they sell it to each other.
Speaker 2:But how can I set it so they?
Speaker 1:don't do it. It's all in settings. This is what I encourage people to do Log on to any app that you use and click on that stupid little gear shift or the three dots or the three lines and go through every single setting in there and anything that looks like share my data, give analytics, personalize, turn it off. Anything that says remember me, say no. You do not want AI to grab this information and sell it off into the dark web. The more information they have about you and if you've ever been hacked, you're worth more into the dark web the more information they have about you and if you've ever been hacked, you're worth more on the dark web. You go from being worth that 50 cents to marketers to being worth thousands. And the other thing to remember that's super important is everybody looks at their phone. They're like I either have a Droid or an Apple.
Speaker 1:Apple will say nobody can bust our architecture. I was like who cares? Nobody, you don't have the secret sauce to Coca-Cola on your computer. That's not what I want. I want the telephony side. Your phone is Verizon or AT&T or T-Mobile. Apple is in the cloud. How are you protecting that Apple ID With a Gmail? All right If I go and hijack your Apple ID all right, and I change the phone number and I change the email address and I lock you out. I have everything in your cloud. I have the credit card. You have to store apps. You call Apple, even with a serial number or an IMEI number on your phone, and they will not help you. So it doesn't matter what the architecture is, everything we do is online in the cloud, and you have to have the same mantra of protection. You have to protect the credentials that guard the accounts, and then you'll be safe.
Speaker 2:So, for example, people put credit cards in Apple Wallet. Is that safe?
Speaker 1:It's as safe as how you guard your account. Look, I am not willing to go live in the woods with a shotgun on my porch okay, and a roll of bills under my mattress okay.
Speaker 1:Right, you know some people are, but I live in this world and I love to shop and do everything else. Right, you have to protect the SIM, which is the telephony side of your phone, so that no one can take those authorization codes to your bank and forward them somewhere else and no phone company will ever tell you the piece of advice I'm going to give you right now you have to protect your Apple ID by not allowing remote access to it and you have to have a VPN on your phone. And you have to have a VPN on your phone and you have to secure encrypted emails for any account that you have that does payments. And then you take your Gmail address and you leave what I call your trash persona out there. Let them pick at that until it's just bone, because it's already out there. You surgically remove what is financial from your breach data. That's out there. You put it under lock and key where it's not going to be sold, and that's how you protect yourself.
Speaker 2:I have malware on my computer that doesn't give me really any security, except for virus, right.
Speaker 1:No, no, anti-malware, you mean malware bytes.
Speaker 2:Yes.
Speaker 1:Something like that. Yes, okay. So this is a very interesting point. You need a VPN with that. So what malware bytes does? Is it looks on your hard drive. Are there viruses or is there malware on your hard drive?
Speaker 1:Okay, what a VPN does? It does two jobs. One it monitors your network traffic. The VPN, the mothership. It monitors for keystroke loggers, viruses, malware, ad trackers that track you and then sell all your data. Vpns are very powerful now. It used to be for enterprises. You can click on ad and tracking blocking. You can click on anti-malware. That is not something Malwarebytes can do. What that mothership does in a VPN is it prevents you from downloading anything bad. Most malware and stuff either comes through your email that Google sells and promotion. People can say they have to read it before they delete it, and reading it can load the malware. Or they have to read it. They have to click on it three times or some crap, so it stays in your computer. But it also will quarantine any PDF or virus filled document. Okay, and so you can look at it. It keeps it on a server and so you can look at it. It keeps it on a server the other part of a VPN that you embed in your browser and an extension masks your IP address.
Speaker 2:Is there a particular VPN? Because I looked into it once when I got the paranoid hour and there are so many to choose from, how do I know what VPN it's?
Speaker 1:a good question. So I just want to preface this by saying I take no referral money, affiliate money anyone from anyone I recommend or say is bad.
Speaker 2:Okay.
Speaker 1:Because I have to stay clean.
Speaker 2:Yes, of course Okay.
Speaker 1:Right now. We like NordVPN. We like NordVPN for several reasons. When we look it up on our threat intel systems, we don't see infant stealers on their domain. We don't see a lot of employee addresses that have account takeover. Okay, what if there's an employee with you know they're looking for that access to those accounts? We see very, very few. Their parent company is based in Amsterdam, probably protecting the De Beers. Okay, right, remember, the people who really have the most money in the world are not talking about it. Okay, so Europe's privacy laws are way more developed. The world are not talking about it. Okay, so Europe's privacy laws are way more developed than ours are. They're stronger.
Speaker 1:So this type of application grew up in an environment where it's very, very careful If you keep it updated. They're constantly studying the mutations of malware and then bringing the inoculation. One thing to remember about a VPN is definitely there's a lot of good ones out there, but test your internet speed with or without it. One of the things we like about Nord is it doesn't degrade internet speed, so sometimes, like Proton, has a very good sister application. It's a great VPN if you live in Switzerland, but its protocols protocols here. Your Zooms will freeze. You'll turn it off, it will drive you crazy. So that's a big configuration. It's overwhelming, it is it's like taking a sip from a fire hose, but the best thing to do is not to think of it all at once. The first thing I do in a house go change the Wi-Fi password on your router, okay. Go change the Wi-Fi password on your router, okay. Many, many companies that provide your Wi-Fi service on that router, right.
Speaker 2:Spectrum provides mine Okay.
Speaker 1:So my entire neighborhood. The first two words of the password. That's like imprinted on the router is the same for everybody.
Speaker 1:Okay, so if I'm smart enough and I shoulder surf on Wi-Fi, all I have to do is run algorithms against the last three numbers. I go anywhere and I can look up Wi-Fi in your neighborhood and most people have not even changed the name from Spectrum Setup F8. Oh, you have to change that too. You can and you should change that router password to something Spectrum doesn't know, not because Spectrum is evil, but Spectrum is a mobile virtual operator of Verizon. Verizon was breached last year. Okay, what's the first thing they're going to do if they break into Spectrum? Let's go see all the passwords that they have stored, run them against their list of accounts and see where we can hop in and go take stuff. So you've got to reduce your attack surfaces and you have to think like you're your own personal corporation and who your third party risk is. That's the first thing you do. And you start here, because your IP address on every little device is mapped to where you live, right? Okay, so it's home invasion, it's protection against home invasion, that router password and name.
Speaker 2:But you know what? I was hacked through Chase. You know how they have double identification. They never called me or anything. Somebody got in the back door.
Speaker 1:Somebody turned it off.
Speaker 2:Right and they took everything I had. The bank gave it back to me because I Was it a credit card or a bank account. Bank account.
Speaker 1:Did they wire you?
Speaker 2:They changed my address on my statements. Did they change your account? Number no, they didn't change.
Speaker 1:Bad, bad, bad. They're going to get a call from me tomorrow. That's very bad. Chase has particular vulnerabilities to certain organized crime groups that I will not mention on this because we need to protect Chase that are particularly good at the code that iPhones are written in and after the AT&T breach. The reason you never got the code is because if you had not protected your SIM card or your eSIM on your phone SIM swapping is where they helped themselves to. That account probably took your SIM, forwarded that number to somewhere else and they got the authorized subject how can I protect my SIM?
Speaker 1:Okay, ready.
Speaker 2:Yeah.
Speaker 1:All right, take out your phone and go to settings. Okay, this is what you want to do, folks. All right, if you're on an iPhone, you want to go into settings, that little gray gear that you're going to get really familiar with. You're going to click on cellular data, right. You're going to scroll down until you see SIM. If you have an iPhone 15 or or later, you can put a pin even on an e-sim. Okay, okay you're gonna click on that management of pin oh sin pin yeah, you're gonna toggle it on right now.
Speaker 1:Get this in their infinite wisdom at&t and verizon, and therefore spectrum. The preset pin in your phone is 0 0 1 1 1 oh okay t-mobile's 1, 2, 3, 4. Okay, google pixel is 1 1, 1, 1 or 0, 0, 0, 0. There is not a fraudster on the planet that doesn't know this. Okay, has anyone ever put in your statement? Then maybe you should go ahead and put this pin on no, never. Okay, so you're going to enter your current pin, so it would be 1 1, 1, right, okay, hit, done.
Speaker 2:Yeah.
Speaker 1:Okay, now does it say change PIN. Yes, click change PIN.
Speaker 2:Change PIN.
Speaker 1:Put it in again, the current PIN, 1111. Hit done. Does it say new PIN? Yes, Okay, here's the drill. Do not tell anyone your PIN. And, by the way, if anybody in security ever asks you for a bank balance or PIN number, show them the door. Security is like a secret. Only one person can keep it. Okay, write this pin number down somewhere. Do not make it your cat's birthday, your birthday, your favorite lucky numbers Okay, none of that. Random, random. Random. Look around the room. Look at the clock. Look at a thermostat. Random that can't be socially engineered. Put that darn thing on a sticky note. Put it in your sock drawer. Stick it on the butter dish in your fridge, because you will be going into AT&T or T-Mobile or Spectrum to unlock it if you lose it.
Speaker 2:So it shouldn't be the same PIN that I use for the phone.
Speaker 1:No, same pin that I use for the phone. No, no, two pins should ever be the same Okay, and if you don't want to put in an encrypted password manager, you get yourself an address book that's alphabetized Okay, and create redundancies. And if you keep it on a spreadsheet, you password protect that and you don't keep it in the cloud, so you're going to pick a new pin that has four numbers write it down and don't show it to anyone.
Speaker 1:Done okay. This alone has prevented what we call sim swapping, so that authorization code that you never got because someone else did can't happen anymore oh, there was sim swapping, I'm guessing. Wow, I mean I'd have to look up your data.
Speaker 2:But if yeah, because they're always asked double identification, so that means.
Speaker 1:So now, is this fail safe? No, does she have to log into her spectrum account? Change the email address you store on that account to a nice encrypted email address and there are more than proton. Pc magazine has a great top 10 list of encrypted, secure emails. Different uses, business, business people. You know it depends on what you do. Log out once you put in that encrypted email. Log back in Then add your two-factor authentication, change your password and if any account where you store payment or make monthly payments allows you to have a user ID that is not your email address, change it and make it random no special interests, no cute art figures, no constellations you like, nothing to do with you.
Speaker 1:Look around the room, pick random things and make sure that when it says remember me, you do not, because all that information stored in your browser, all you need is one little info stealer in there and all of that is theirs. But people forget that their phone is actually the telephony side. And, by the way, if you have a Droid, just click on settings, go to the search bar and type in SIM. Same with Google Pixel phone users. Okay, and then the steps are the same from there and if you get locked out.
Speaker 1:If it says one more try and you're locked out, don't do it. Go to the store where you pay for the telephony side and do it there. It could mean a couple of things. It could mean outdated software. It could be someone snorking around your phone in your account already Okay. But if you were about to get locked out, do not attempt it. You will hate me and this podcast forever. Um, because your phone won't work and your texts won't work if you get locked out of your sim right, you have to remember the code once you you remember the code once you change your pin.
Speaker 1:Here's the two times that you'll need it. Okay, if you turn off your phone all the way and then turn it back on, it'll say SIM PIN locked. You'll put in the password to your phone and then it will prompt you to enter that SIM PIN. The other time you're going to need to enter that SIM PIN is after your iOS updates or your Samsung, you know whatever operating system or on other phones. Once it doesn't update, it will prompt you to have it.
Speaker 2:Now I saw a documentary on HBO about cybersecurity and they recommend to turn off the phone every few days because there are people out there that can get into your phone even when you're out on the street.
Speaker 1:That's absolutely true. And it depends if you're being targeted and by whom you're being targeted. That's absolutely true. So get depends if you're being targeted and by whom you're being targeted. That's absolutely true. So get yourself a Faraday pouch. What is a Faraday pouch? And don't skimp on it. Get that technology.
Speaker 2:What is it?
Speaker 1:Named after John Faraday. It blocks out all electrical impulses. Okay, so if your phone is off and in a Faraday pouch, it's endless what we have to do, but when? You travel through airports. Throw it in that Faraday pouch.
Speaker 2:Now you told me a while ago that when I'm in airport to turn off Bluetooth, yes.
Speaker 1:So here's an AirDrop if you have an iPhone. So here's why Bluetooth and AirDrop are close proximity theft mechanisms. It's a backdoor into your phone. So let's say you've changed your SIM pin and you've protected your Apple ID and you have a VPN on, but your AirDrop Bluetooth location services are all on Backdoor. So Bluetooth I have to be near you to grab it. Okay, but it works just like if you've ever AirDropped something here. Here's the password. Okay, so people, and by airports I also mean Panera and Starbucks okay.
Speaker 1:It's just airports are yummy and juicy because people who have money to fly have more money than people who don't have money to fly, so they just like it and you're on public Wi-Fi all the time and it's just a good environment. But somebody sitting outside of that Panera parking lot or in that cafe and anyone who's vulnerable they're just looking for them.
Speaker 2:When I'm in the city. All of a sudden I see that I'm on Verizon Wi-Fi. Should I get off of it?
Speaker 1:Yeah, make it your option. You don't want anything to just move your phone onto something. It's like on spectrum routers there's a little setting. That's actually. If you log into your account online and go into a setting, you won't find it as easily in the app and you log in, it's actually under security. It's actually under, you know, security shield. But right next to security shield there's a little toggle switch and that toggle switch is Spectrum mobile access. That means that anyone with a Spectrum mobile phone can bypass a lot of your security and log on.
Speaker 2:Oh, my God, so that they can gather data analytics.
Speaker 1:Okay, I was a marketer for a long time of who has a Spectrum phone in the area. All right, they cluster neighborhoods with IP addresses. They're doing data analysis all the time and some of it's for good purposes, like outages. You got to turn that thing off and no one's ever going to tell you and its default is on. So if you enter the city and this default thing is that you're on a Verizon Wi-Fi backbone, don't you have 5G and four bars? Turn on your VPN and use it that way. Any Wi-Fi that just automatically happens because you have an account. You want to go into settings and control it. You do not want it to be automated.
Speaker 2:Is Zelle and PayPal and Venmo, all of this are those secure.
Speaker 1:Okay, so Zelle is very secure now, but again, the mantra it is secure as how you have protected your bank account. So when Zelle was sued, when Wells Fargo and JPMorgan Chase and Bank of America were sued because of the Zelle scams, okay, in December 2024, that lawsuit was dropped. But part of what they did to make it safer is there's no more Zelle app. So you are putting in someone's phone number or an email address to send them Zelle money and it's going bank to bank and it's not a wire. It's protected under EFTA electric funds transfer law. So it's much more protected, unless you're using a Gmail address for your Bank of America account and maybe two back to authentication to a phone that doesn't have a SIM pin and a crappy password and a user ID that's your favorite pet of all time. All right, so it's a secure and you should not have it sent to email. When you put that nice secure, encrypted email on your bank, you don't use that for Zelle. Nobody knows about that except the bank of record. Oh my God. But Zelle is fine, and also PayPal and Venmo if you secure that account.
Speaker 1:Well, here's my thought about all of these things the credit card that's in your Apple ID that you buy apps with the card that you set up for PayPal. If you're using a card, the credit card that you keep on record for things like Apple Pay and your Apple ID should be a credit card where you do not have a checking account or brokerage. Because a fraudster loves nothing more than when they go in and you're like, oh, that's a Citibank card and they have city checking, they have city brokerage and off they go to try and get into that account Because if they can impersonate you and log in, they have everything. So when you're online, it's the opposite of what we're raised. Go get one of those pre-approved card offers of yours. Do not have the credit card that you store for payments for highly targeted things. Have anything to do with your bank and brokerage. You see the pattern here. You're removing it from sight.
Speaker 2:I have a credit card like that. I'm going to do that.
Speaker 1:That's what you do, and when you travel, that's the one you bring. Oh, really Do not travel with a credit card that's also tied to your brokerage account and try not to check bank balances and all that when you're traveling on vacation. And I mentioned this because it's summer now.
Speaker 2:Why? Oh yeah, right by why traveling Is it more? Am I more vulnerable when I travel?
Speaker 1:Because everything you do yes, everything you do is public. You're going from an airport or a train or whatever. That's public Wi-Fi. You're going to a hotel another great target. Okay, sit in a hotel lobby, have a drink, pick out the hacker. Everybody's on public things all the time. All right, everyone has their geolocation on. The other thing is you know here's mantra post your pictures of Notre Dame when you're already at the Eiffel Tower. Don't do it in real time. Okay, don't why? Because you can turn a cyber attack into actual burglary and take off your biometrics. You know, when you're sitting here at home and you have your face ID, that gets you in your fingers. I don't want someone punching you, putting your face up and taking your phone and it happens all the time.
Speaker 2:Yeah, I took it from all the financial, but it opens the phone.
Speaker 1:Okay, so that's bad when you travel or when you're in the city, don't you know? If you're in a rural environment, in a low-risk environment, it's fine, especially at home, for your convenience. And older people who are going to nice hotels. There's nothing a hacker in Fraudster loves more. It's like let's follow them for the airport. They're dressed well, they look nice. They just checked into a four-star or five-star Yay, hey, let's go get them. Let's go see what apps they have open. Let's go see how much they're protected and you can call Apple and they're like they can't break into their architecture. But they don't care about your architecture. They care about what you have going on in the cloud, Okay, they just want to know where you bank and if they can crack open that Apple ID. You know and understand that you can be watched when you don't think so what is the biggest cyber attack you worked on?
Speaker 2:I can't name things no, not, don't name the company.
Speaker 1:Two two things. So in the white house, in the national infrastructure advisory council, we do look at critical infrastructure okay okay. So there were things that we looked in there, like the grid and transportation and things like that large non-profit that was breached really badly.
Speaker 2:So all the donors' information was taken.
Speaker 1:Yeah, they love donor information and when you make a donation, please just go to the website. Do it there. Don't use the apps. Don't do links, even if you're a longstanding member. Never use GoFundMe. You know even who and the Red Cross were cloned during COVID. If you think a ransomware attack is not stealing personal data, you need to watch more gangster movies. They kill the guy and they store him in a junkyard and they go offshore for months until things lay low. There are literally junkyards in the dark web. They're called junkyards. If they steal a lot of data after a ransomware attack, they store it somewhere and they go lay low and then six weeks to three months later, boom, you're going to see it and threat intel systems. You can see this stuff happening. The law and its mechanisms are just a little behind the criminals at this point.
Speaker 2:What's the most common? Hacking, you see, for private people, not big organizations.
Speaker 1:Email email account takeover.
Speaker 2:So they take over the email. And then what?
Speaker 1:91% starts with an email account takeover. And then I go look for all your accounts with that email and I'm just you. Hi, I forgot my password Reset. Okay, I just have the emails. I can just impersonate you, email and spoofing on the phone. What is spoofing? That's what you just worked very hard to.
Speaker 2:Oh, changing the eSIM.
Speaker 1:Right when the authorization code is forwarded to another phone from SIM swapping, just swaps out for another SIM.
Speaker 2:So that's a common thing, Very, very very common, oh, very common thing. Very, very, very common. Oh, my God.
Speaker 1:And that's why the move you'll see in secure environments, they use an authenticator app instead of text to your phone, because an authenticator app does not use SIM technology. Also, while traveling, when you rent a car and you're just like great plug in Google Maps, delete your profile when you get out of that car. Because if I hop into your account, when was the last time you get out of that car? Because if I hop into your account, when was the last time you logged out of a Gmail or Yahoo? You just open your computer and there you are. Isn't it that fun.
Speaker 1:I've seen people go from their Google Maps into their Google account and then they're off to the races. Don't leave that stored in a rent-a-car. You'll notice that if you download Google Chrome and open up settings. Here's a little test. Okay, after two minutes on your computer with Safari, all of your passwords stored in Safari are magically going to appear in Chrome because they'll make a handshake unless you turn it all off. Export those things out of the browser. That's a public space. It's prevention. Is what you want. You know it's really funny. In this culture, black cats are considered bad luck Right. This is totally misunderstanding the black cat.
Speaker 2:Why you have a black cat.
Speaker 1:If you go into ancient cultures, the black cat is good luck. Why is that? Because if a black cat crosses your path, it warns you that bad luck is coming. Warnings are good, so it's very interesting in Japan when I was in Tokyo I thought it was so cute Every security firm's logo, whether it's physical or cyber, is all a black cat. So think like that you want to be warned and then go look and shore yourself up because I promise you incident response and mitigation of identity theft and breaches of your bank account will take forever. It's expensive and it's very painful and it's horrible to see, and so much of it is preventable, so much of it is preventable Mostly via email.
Speaker 2:You said.
Speaker 1:Yes, and your phone, but in order to steal my identity.
Speaker 2:They need my social security. It's not stored on my phone.
Speaker 1:There's 200 million of them out there, thanks to AT&T and Verizon.
Speaker 2:last year, Okay, let's talk about money. If somebody just starts in the cybercrime prevention business, how much money can they?
Speaker 1:make, so it would depend on your education, like anything right If you come into a threat Intel company and you're, you just want to get your foot in the door. You haven't studied any of this in college. You know life doesn't end after college. Who the heck cares? Get in there in some way, right In whatever department, and then learn okay. So then you're looking at probably lower end entry level salaries that are, you know, probably between 30 and 50, depending on the company and depending on your thing, If you have a law degree and you want to take a left, lawyers are very useful because they know how to use threat intel data on both sides.
Speaker 1:It's on the prosecution and defense. Lawyers are very useful because they know how to use threat intel data on both sides on the prosecution and defense. Anyone who took accounting be great at this. You know, get extra fraud certificates and you, you know, then you're, and then you're in six figures. Wow, it's a six figure industry because there's a shortage of people who know how to do these things and you don't have to look twice to see the need.
Speaker 2:The need will always be there, yeah, and what kind of skill do you need to have in order to be able to be a good cybersecurity person?
Speaker 1:You need to be a good data analyst, so you can take data analytics too. What does the data mean? How do you map it? How do you see the matrix? Okay, that definitely. And psychology criminal psychology.
Speaker 2:Yeah, you said that.
Speaker 1:Go get a criminal justice degree and learn how criminals behave, because there is no physical crime that happens anymore without intel.
Speaker 2:This is a lot to know. I mean, my head is blowing up already.
Speaker 1:I've also been doing it for many, many years. So what is very important is you study banking and payments I worked in both of those fields Okay, study how money moves and it's fascinating. It's a super fun. If you are interested in research and stuff, it's really fun. And then how it dovetails with the criminal mind, learn about white collar climb. Learn about the psychology of deviance. Take psychology, take sociology, take pathology, accounting and your cybersecurity and know how things work, not just not to click on something. So you take those things but you focus really on the human behavior part. If you understand criminal behavior, you will understand how not to be a victim and you actually know more than you think you know. You don't have to be math oriented as much as you think. A very good like investigative reporting is very good to study as well, because there aren't a lot of people who do it. It's a great field. It's completely understaffed and there's a lot of employment in it.
Speaker 2:So you don't really need to have a tech background.
Speaker 1:It's very good to have a tech background. It's good and hands-on tech.
Speaker 2:Okay, yeah and go. Do you need to know how to code also?
Speaker 1:Coding is very easy, so when you learn threat intel systems, you will have to learn some coding languages. There are also some great tools where you can go and learn to be an analyst and take these online quizzes Like here's a malware thing, here's the problem, and you can work it out on these little modules. Learn what malware is and how it works.
Speaker 2:I hear that seniors in particular are vulnerable to attacks. Why is that?
Speaker 1:When you are below the age. This is why seniors are in danger when you are below the age to collect social security or when your IRA is locked up right, like you have to have a penalty and all the banks protect it and there's things and there's forms to fill out and all that.
Speaker 1:All that gets taken down. When you're 59 and a half, you can just go remove money, like it's a checking account Easier to hack into when people collect social security. That's why there's so much emphasis on social security fraud. This is what happened during COVID is people use those numbers to go collect unemployment or to divert social security? And then you have retirees people who are over 60, have more money than people who are 20. Right, if you have your mortgage paid off, you're more vulnerable.
Speaker 2:Yeah, because they can take your property. Yeah, I heard that.
Speaker 1:Yeah totally, but there's things that you can do from all of it. You just the vigilance there and the senior attacks really make me mad. We focus a lot of our business on making sure that doesn't happen and then they sit around waiting for trusts and wills and financial transfers. So those are important to put in place.
Speaker 2:So most of the stuff that you deal with is it preventing a hacking or is it repairing?
Speaker 1:Well, unfortunately, we get a lot of incident response and mitigation, which is really painful and expensive If people have been on their phone since 2008, and they've never gone through what we call breach data cleanup. We highly advise it. We do run cyber crime boot camps at theaters and synagogues and other places to show people what they need to do and if they need our help, we help them, because if you don't prevent now it's kind of inevitable. Covid overworked a lot of networks, so the IRS what do you mean by that?
Speaker 1:So when we were all in COVID and everybody's online all the time, there were vulnerabilities and the hackers got a lot more sophisticated and the systems were burdened. Okay, so the IRS had breaches, the MLS system in real estate, the DMV, even who and the Red Cross were cloned because it's just so much traffic and there were opportunists. So those things and you coupled with huge telephony breaches from AT&T and Verizon last year. There's a lot of stuff out there and, whatever your politics are, I would highly recommend watching the 60-minute segment on cyber crime and the dark web that aired in May last month. It explains a lot about cyber criminals and you can also go to my website at zerohacksecurecom and hit play on the short video that explains it.
Speaker 2:Rivka. Thank you so much. This is wealth of information. I have to listen to the whole thing again because I got a headache from all the vulnerability I'm exposed to.
Speaker 1:But it's an exciting field and there's a lot of opportunity in it.
Speaker 2:Okay, that's a wrap for today. If you have a comment or question or would like us to cover a certain job, please let us know. Visit our website at howmuchcanimakeinfo. We would love to hear from you. And, on your way out, don't forget to subscribe and share this episode with anyone who is curious about their next job. See you next time.
