How Much Can I Make? — Real Jobs. Real Stories. Career Insights

Cybersecurity Jobs: Understanding Account Takeovers, SIM Swaps, and Email Hacks

Mirav Ozeri - Career Insights Journalist Season 2 Episode 68

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 45:41

Cyber Security Expert

Cybersecurity is one of today's fastest-growing career opportunities, offering high earnings and strong job security as cybercrime continues to evolve.

Most cyberattacks don’t start with elite hackers—they start with your email address and phone number. We sit down with Rivka Tadjer, CEO and co-founder of Zero Hack, to break down how modern cybercrime really works—and how protecting people and companies has turned into a lucrative career path.

Rivka breaks down the most common attack paths—email compromise, phone number hijacking, and reused passwords—and walks through practical steps you should take to protect yourself.  We unpack how organized cybercrime operates at scale, why email and phone takeovers are the #1 threat to your finance and identity, and what skills are actually valuable in the cybersecurity job market.

Rivka explians VPN and router security basics, travel-related risks, and how to create a “clean” financial identity that stays off public apps and social logins.

Whether you’re curious about cybersecurity careers, want to protect your money, or just want to stop feeling exposed online, this episode is your cybersecurity reset.


Connect with Rivka:

Linkedin - https://www.linkedin.com/in/rivkatadjer/

Website - https://cybercrimedispatchunit.com/


How Much Can I Make? Is nominated for 2026 Women in Podcasting Award!

Want us to cover a specific job? Shoot us an email!

Visit howmuchcanimake.info

Music credit: Kate Pierson & Monica Nation

Why Criminal Mindset Matters

SPEAKER_00

If you understand criminal behavior, you will understand how not to be a victim. And you actually know more than you think you know. I promise you, incident response and mitigation of identity theft and breaches of your bank account will take forever. It's expensive and it's very painful. And it's horrible to see. And so much of it is preventable.

Meet Rivka And Her Background

SPEAKER_03

Hi, welcome back to How Much Can I Make? I'm your host, Miravozeri, and today we're stepping into the high-stake world of cybersecurity. Our guest is Rivka Tajra, CEO and co-founder of Zero Hack. Rivka is a top cybersecurity expert who worked with the White House, major corporations, and private individuals to prevent cyber attacks and identity theft. Let's tap into her expertise and find out what we can and should do to protect ourselves in this digital world. Well, Rivka, thanks a lot for willing to participate and giving us your time. I have millions of questions, of course, because that totally concerns me, security. I was hacked. So let's start by first telling me how did you get into doing cybersecurity?

SPEAKER_00

So, first of all, thank you for having me on. And um, well, I started as a journalist in the late 80s, early 90s. I was on the team with the Wall Street Journal, who put the Wall Street Journal online in what we call the OJ years in 1994. And then I was covering privacy, security, identity theft, as well as AI, machine learning, data mining, and supply chains.

SPEAKER_03

Already in 94, you would were dealing with AI?

SPEAKER_00

Well, because in AI, a lot of what is called AI now is machine learning.

SPEAKER_03

Right.

SPEAKER_00

So that was the beginnings in data mining and putting those systems together.

SPEAKER_03

Didn't know that. So okay, so now you are an independent contractor, right? That deals with security. Tell us what you do.

Financial Protection And Threat Intel

SPEAKER_00

So um we're actually going to celebrate our 10th anniversary next month of our consultancy. What we do is we protect people specializing in financial protection and secure communication.

SPEAKER_03

Okay, what does it mean financial protection?

SPEAKER_00

Protecting the cyber equivalent of putting your banks and brokerage in witness protection. So I also worked in FinTech in banking, and I was on the White House National Infrastructure Advisory Council for Critical Infrastructure in the banking industry, appointed by Obama, but worked through Trump administration. So I have specialty in how payments and banking work, and I covered it a lot as a journalist. Then I moved to work for fintech and banking companies. So what we do is we investigate. Here you are, right? Mirav, you have email addresses. You've been online since we all got this Steve Jobs remote control of our planet in 2008, right?

SPEAKER_01

Everything was free.

SPEAKER_00

Free email, free this, you can get everything. And so we ran for convenience. And those email addresses and the telephony side of your phone, which I'll get into, are wide open doors. Okay? Everyone's heard about the terms phishing, okay? If they hack into your email and can impersonate you, that's called an account takeover. And then thanks to AT ⁇ T and Verizon last year, they breached all of our data and social security numbers. I can be Mirov. So what we do is we use cyber threat intel systems that are closed systems. We look anonymously in threat intel systems to see what of yours has been exposed. Can someone take your phone and forward authentication codes to another phone? Can someone be you with your email address? And what kinds of cyber criminal groups are targeting you? So first we do that. I'm a data-driven person.

SPEAKER_02

Okay. Okay?

Email Takeovers And Encrypted Mail

SPEAKER_00

So first I get the data. Okay. I look it up. And we need scary little to find this out. Literally, your name, middle name helps if you have a common name, birth date, legal address, your IP addresses, phone number, and your email addresses. And that's it. And I never look at anyone's financial balance. I don't look at sensitive information, and we can see if your social security number has been texted to someone else. But essentially, you you have to get the data and see where the vulnerabilities are. And if they are into your email or your phone or your systems, how they got in. Once we know how they got in, we can kick them out. And one of the most important that's the service part. If somebody has your social security number, they can't do anything with it. Or that they can't access your banks and brokerage because we've created a new identity for you with those. Because once data's breached out there, the toothpaste is out of the tube. You are never putting that back. So sometimes it's a pain in the neck. I might tell you, you know that Gmail you've had for a hundred years? You've got to get rid of it now. Okay? And then you have to migrate it, you have to move your contacts, but you need encrypted secure email for your bank and brokerage that never sees the light of day that you never use for anything else. How can I get the encrypted email? You can go to proton.me in Switzerland and get a proton mail. Russian oligarchs use it to protect their Swiss bank accounts, and now so can you for$3.99 a month. Think about it. Proton mail for protecting Swiss bank accounts. Do you think somebody's using a Gmail to protect a Swiss bank account?

SPEAKER_03

Okay.

SPEAKER_00

No. Actually, if somebody tries to crack your password though, the whole inbox turns to some pig Latin version of Cyrillic. Even for you, if you lose it. Okay? It's designed to protect. Other thing that you can do, depending on where your email is hosted, is things like Spam Assassin, these little add-ons that you can put on that really don't allow things into your server, especially if you're using a Gmail and you haven't gotten an encrypted secure email. Encrypted secure email will throw that stuff and it won't even let it on your server. It's like a it's like a big gunk air filter. Every infiltration and the new IBM research reports and the new Verizon reports, read those yearly. You can download them. The FBI ICS unit, the Internet Crimes unit, read their reports. Over 90%, no exaggeration, happens by human error with their email credential. I want to double check something.

Signal, Not WhatsApp

SPEAKER_03

Yeah. If I email my broker, if I delete it and delete the trash, I'm safe? The inform no? No.

SPEAKER_00

At Yahoo, they store all that crap on a server that they've long abandoned. If you didn't change over to Outlook mail and get encrypted mail and Outlook, you know, they do offer encrypted email servers or your hot mail or that prodigy thing that ATT owns, okay? Anyone with one of those Yahoo accounts that became a prodigy account, that is all subject to the ATT brief.

SPEAKER_03

So hold on a second. If I communicate on WhatsApp, WhatsApp is encrypted.

SPEAKER_00

No, it's not. Zuckerberg bought it, and now everything meta is integrated into it. That's why the whole world moved to Signal.

SPEAKER_03

Signal.

High‑Risk Behaviors And Breaches

SPEAKER_00

Yeah. So now, and when that goes to hell, I can come back and tell you what's new. The cyber criminals is what you should be worried about. It's organized crime. It's not a 40-year-old guy in his bathrobe still living with his mother. These are well funded. They have the best hackers in the world, and they have supercomputers. They can run everything about you in social media and in 10 seconds know the password to your email if you have not protected it. Okay, this is very, very sophisticated. So what you're looking at is the cyber criminals and protecting yourself from those criminal gangs. And you know, usually they don't have ideology. They just path of least resistance, where can I break in and get money? How can I assume someone's identity? There are six attack surfaces. These are the high-risk behaviors. Crypto, activism, ancestry sites get off of them all right now, porn, gaming, and dating sites. There are ways to do all of these safely, except for ancestry. And it's a shame because when 23andMe was breached, okay, and they only stole a database of Ashkenazi Jews.

SPEAKER_02

Really?

SPEAKER_00

Yep. Alright, so why do they do that? It could be someone who uh wants to sell to Pfizer a database so that they can make a drug to prevent Tay Sachs disease. Or it could be someone who hates Ashkenazi Jews. It could be anything on that spectrum. Class action suit, and now 23 and me is gone.

SPEAKER_02

Right.

Dark Web Markets Explained

SPEAKER_00

But the data's not gone and it's in junkyards somewhere. And it's a shame because something like 23 and me, so many people, if they were adopted, because it was medical-based. Right, right. But it's in a magnet for hackers because they know there's all kinds of data in there. The other places to be super careful, you're getting a divorce. What's not in a separation agreement? Be careful how you communicate to your lawyer. Not only do you know how everything's divided, you know who got what and where it is. So think, you gotta learn to think like a criminal. And accountants, forensic accounting, they're so good at this. Some of my best sources that I brainstorm with are forensic accountants. They get this immediately once they tune into it. Because they know how money flows. And the more you know about money flow, about accounting, real estate lawyers are great at this. I have some great sources that I use who are realtors because they know when something looks weird in MLS, and MLS was hacked in 2023.

unknown

Wow.

SPEAKER_00

Okay, so if you've ever bought a house or sold a house or rented a house, do you know what is stored in an average real estate office printer? In the why it's stored? In the printer. Because they're like, oh, I have to print out the this person's whole financial picture. They sent me proof of income. And it's stored? It's it's stored. Look at network printers and see how often they're cleared. Medical people know the confluence of data and have great aptitude for this. Okay, and now with telemedicine there, all of that, that's why they keep getting breached. There's juicy information that goes on for years to socially engineer people. What is this dark web?

SPEAKER_03

Can you actually see what's there?

SPEAKER_00

It's like a mall. Of course you can see it. So can I go in and see if my information is in there? Well, you don't want to you don't want to like be noticed in there. You want to go in anonymously or posing as a fraudster buying stuff because you'll be seen a mile away. You need to be anonymous to go do it and watch what they're doing to do it. Do you do that? Yeah, of course. That's what threat intel systems do. And we use one that's mirrored the infrastructure of the dark web. And it's amazing.

SPEAKER_03

Oh my god.

SPEAKER_00

So we can watch what they're doing, and you query it in many languages.

SPEAKER_03

You literally see people there buying and selling information.

Passwords, Managers, And Control

SPEAKER_00

Yes, there are trajectories where you can see, sometimes you can place them by longitude and latitude. Trading data. I mean, it's not a little avatar guy, but it's your identity. Wow. The problem with this crime is that it pays, and there's only 0.05% of the time that anyone's ever caught because you don't have to be seen.

SPEAKER_03

So you said secure password. How can I secure my password?

SPEAKER_00

Well, first of all, never ever use an automated, auto-generated password. Two reasons why. Whoever is offering to auto-generate your password is keeping a database of those passwords.

SPEAKER_03

Even the very complicated, very long password that it's AI.

SPEAKER_00

AI is not good at implementing ideas or being creative, but if it's out there, they can grab it. The other thing is it's a hacker's dream. So let's say you have automated passwords generated in a password manager. Those are stored in a place because you can't have everybody with the same passwords, right? Right. So if they get to that attack surface and they say, Oh, who has accounts here? Great, let's go get the that's the first thing they'll go for. Let's go get the database of the auto-generated passwords, run it against the accounts and see where we get in. You need a system where you control things, where all the locks are yours to put on and take off. Like freezing your credit reports. Okay, once Equifax was hacked, people in my industry, we lobbied, it became rule that you get to freeze your credit report.

SPEAKER_03

Right, I did that, yeah.

Freezing Credit And Misinformation

SPEAKER_00

Right, and people are like, well, I don't have an account there. I was like, great, well, they have had a dossier on you for 50 years. So you create that online experience so you control whether it's frozen or not. You want to go for apply for a loan, you say, which one are you looking at? And you only unlock that one 24 hours before, you let them do it, and then you lock it back up. Okay? And the most important thing about security is don't tell someone what you're doing. Misinformation is a good thing. What do you mean by that? When you create a new persona for your banks and brokerage, and you have an encrypted email, you have two-factor authentication, you have good user ID and password, you have excellent hygiene when you do online banking and where you do your online banking and how you delete your browsing data and how you sign out instead of Xing out. Your habits, how you call your bank and brokerage and say, no wires ever go out of my account unless I'm in branch.

SPEAKER_03

Uh hold on a second, you said something important. Deleting your browsing history, you said.

SPEAKER_00

Absolutely.

SPEAKER_03

On a daily basis?

Hygiene: Browsers, Deleting History

Keystroke Loggers And Background Tasks

SPEAKER_00

Absolutely. When you can visualize how cyber criminals see what you're doing, then you really tune in to these principles, and then you just apply the principles in your life once you click into it. And you know, people tell me all the time, you know, I I'm not this is the era of the kids, I'm not good at this. I disagree. I work with seniors, a lot of seniors mostly, because they're they're hard to protect and they have a lot to lose, and they're main targets. Actually, they're much better at this than my 24-year-old daughter. Because you know crime and you know criminals and you know criminal minds. But you have to know what they're seeing and how they follow you. You have to know what a keystroke logger is. That's everywhere you browse on the internet. Little pieces of malware in that beautiful little Gmail of yours, or Yahoo, or a Hotmail, or any free mail, AOL, that sells your email to advertisers. What is a keystroke logger? Exactly what it sounds like. It logs your keystrokes. It's an info stealer, okay? And you have to find out in all of your settings whether there's anything on there. On a PC, you go into your task manager. In your Apple computer, you go to the activity monitor, and look at all the crap running in the background in your computer. And if you see anything in Chinese or Russian, you call me. But if you see the words Zen desk, MSPY, like, um, or numbers with KK.txt, those are info stealers. What browser is the best one to use? It doesn't matter. They're all the same. It's how you set them up that matters. You set them up for zero trust. What do you think that Google and Microsoft and um Apple and Firefox are doing with all that data if you don't set it? How do you think they sell advertising? They gather your analytics and they sell it to each other.

SPEAKER_03

But how can I set it so they don't do it?

Zero‑Trust Browser Settings

SPEAKER_00

It's all in settings. This is what I encourage people to do. Log on to any app that you use and click on that stupid little gear shift or the three dots or the three lines and go through every single setting in there. And anything that looks like, share my data, give analytics, personalize, turn it off. Anything that says, remember me, say no. You do not want AI to grab this information and sell it off into the dark web. The more information they have about you, and if you've ever been hacked, you're worth more on the dark web. You go from being worth that 50 cents to marketers to being worth thousands. And the other thing to remember that's super important is everybody looks at their phone, they're like, I either have a droid or an Apple. Apple will say, nobody can bust our architecture. I was like, who cares? Nobody, you don't have the secret sauce to Coca-Cola on your computer. That's not what I want. I want the telephony side. Your phone is Verizon or ATT or T-Mobile. Apple is in the cloud. How are you protecting that Apple ID? With a Gmail? All right? If I go and hijack your Apple ID, all right, and I change the phone number and I change the email address and I lock you out. I have everything in your cloud, I have the credit card you have to store apps. You call Apple, even with a serial number or an IMEI number on your phone, and they will not help you. So it doesn't matter what the architecture is, everything we do is online and in the cloud. And you have to have the same mantra of protection. You have to protect the credentials that guard the accounts, and then you'll be safe.

SPEAKER_03

So, for example, people put credit cards in Apple wallet. Is that safe?

Apple ID, Cloud, And Telephony

SPEAKER_00

It's as safe as how you guard your account. Look, I am not willing to go live in the woods with a shotgun on my porch, okay, and a roll of bills under my mattress. Okay. You know, some people are, but I live in this world and I love to shop and do everything else. Right. You have to protect the SIM, which is the telephony side of your phone, so that no one can take those authorization codes to your bank and forward them somewhere else. And no phone company will ever tell you the piece of advice I'm going to give you right now. You have to protect your Apple ID by not allowing remote access to it, and you have to have a VPN on your phone, and you have to secure encrypted emails for any account that you have that does payments. And then you take your Gmail address and you leave your what I call your trash persona out there. Let them pick at that until it's just bone. Because it's already out there. You change you surgically remove what is financial from your breached data that's out there. You put it under a lock and key where it's not going to be sold, and that's how you protect yourself.

SPEAKER_03

I have malware on my computer. That doesn't give me really any security except for virus, right?

VPNs: Features And Picks

SPEAKER_00

No, no, anti-malware. You mean malware bytes? Yeah. Something like that. Okay, so this is a very interesting point. You need a VPN with that. So what malware bites does is it looks on your hard drive. Are there viruses or is there malware on your hard drive? Okay. What a VPN does, it does two jobs. One, it monitors your network traffic. The VPN, the mothership, it monitors for keystroke loggers, viruses, malware, um, ad trackers that track you and then sell all your data. VPNs are very powerful now. It used to be for enterprises. You can click on ad and tracking blocking, you can click on anti-malware. That is not something malware bytes can do. What that mothership does in a VPN is it prevents you from downloading anything bad. Most malware and stuff either comes through your email that Google sells and promotion people can say they have to read it before they delete it, and reading it can load the malware, or they have to read it, they have to click on it three times, or some crap, so it stays in your computer, but it also will quarantine any PDF or virus-filled document. Okay? And so you can look at it, it keeps it on a server. The other part of a VPN that you embed in your browser and an extension masks your IP address.

SPEAKER_03

Is there a particular VPN? Because I looked into it once when I got the paranoid hour paranoid hour. And there are so many to choose from. How do I know what features are?

SPEAKER_00

It's a good question. So I just want to preface this by saying I take no referral money, affiliate money, anyone from anyone I recommend or say is bad. Okay. Because I have to stay clean.

SPEAKER_03

Yes, of course.

SPEAKER_00

Okay. Right now we like Nord VPN. We like Nord VPN for several reasons. When we look it up on our Threat Intel systems, we don't see infantry stealers on their domain. We don't see a lot of employee addresses that have account takeover. Okay? What if there's an employee with, you know, they're looking for that access to those accounts? We see very, very few. Their parent company is based in Amsterdam, probably protecting the de Beers, okay?

SPEAKER_02

Right.

SPEAKER_00

Remember, the people who really have the most money in the world are not talking about it, okay? So Europe's privacy laws are way more developed than ours are. They're stronger. So this type of application grew up in an environment where it's it's very, very careful. If you keep it updated, they're constantly studying the mutations of malware and then bringing the inoculation. That one thing to remember about a VPN is definitely there's a lot, there's a lot of good ones out there, but test your internet speed with or without it. One of the things we like. About Nord, it doesn't degrade internet speed.

SPEAKER_02

Okay.

Start At Home: Router Lockdown

SPEAKER_00

So sometimes, like Proton has a very good sister application. It's a great VPN if you live in Switzerland. But it's protocols here, your zooms will freeze. You'll turn it off. It will drive you crazy. So that's a big configuration. It's overwhelming. It is. It's like taking a sip from a fire hose, but the best thing to do is not to think of it all at once. The first thing I do in a house, go change the Wi-Fi password on your router. Okay? Many, many companies that provide your Wi-Fi service on that router. Right, spectrum provide money. Okay, so my entire neighborhood, the first two words of the password that's like imprinted on the router is the same for everybody. Okay, so if I'm smart enough and I shoulder surf on Wi-Fi, all I have to do is run algorithms around against the last three numbers. I go anywhere and I can look up Wi-Fi in your neighborhood, and most people have not even changed the name from Spectrum Setup F8. Okay. Oh, you have to change that too? You can and you should change that router password to something Spectrum doesn't know. Not because Spectrum is evil. But Spectrum is a mobile virtual operator of Verizon. Verizon was breached last year, okay? What's the first thing they're gonna do if they if they break into Spectrum? Let's go see all the passwords that they have stored, run them against their list of accounts and see where we can hop in and go take stuff. So you gotta reduce your attack surfaces and you have to think like you're your own personal corporation and who your third-party risk is. That's the first thing you do. And you start here because your IP address on every little device is mapped to where you live. Right. Okay? So it's home invasion, it's protection against home invasion, that router password and name.

SPEAKER_03

But you know what? I was hacked through Chase. I w they you know how they have di double identification? They never called me or anything. Somebody got in a couple of things.

SPEAKER_01

Somebody turned it off.

SIM Swapping And The Fix

SPEAKER_03

Right, and they took everything I had. The bank gave it back to me because I was it a credit card or a bank account?

SPEAKER_00

Bank account. Were they did they wire you?

SPEAKER_03

They changed my address on my statements.

SPEAKER_00

Did they change your account number?

SPEAKER_03

No, they didn't change.

SPEAKER_00

Bad. Bad. They're gonna get a call from me tomorrow. That's very bad. Chase has particular vulnerabilities to certain organized crime groups that I will not mention on this because we need to protect Chase that are particularly good at the code that iPhones are written in. And after the ATT breach, the reason you never got the code is because if you had not protected your SIM card or your eSIM on your phone, SIM swapping is where they helped themselves to that account, probably took your SIM, forward that number to somewhere else, and they got the authorization. Okay, ready?

SPEAKER_03

Yeah.

SPEAKER_00

All right, take out your phone and go to settings.

SPEAKER_03

Okay.

SPEAKER_00

This is what you want to do, folks. All right, if you're on an iPhone, you want to go into settings, that little gray gear that you're gonna get really familiar with. You're gonna click on cellular data. Right. You're going to scroll down until you see sim. If you have an iPhone 15 or later, you can put a pin even on an eSIM. Okay? Okay. You're gonna click on that management of pin.

SPEAKER_03

Oh, SINPIM.

SPEAKER_00

Yeah, you're gonna turn toggle it on. Right. Now, get this. In their infinite wisdom, ATT and Verizon and therefore Spectrum, the preset pin in your phone is 1111. Oh, okay. T-Mobile's one, two, three, four. Okay. Google Pixel is one one one one or zero zero zero zero. There is not a fraudster on the planet that doesn't know this. Okay? Has anyone ever put in your statement? Then maybe you should go ahead and put this pin on. No, never. Okay, so you're gonna enter your current pin. So it would be one one one. Right. Okay, hit done.

SPEAKER_03

Yeah.

Travel Safety: Faraday And Bluetooth

SPEAKER_00

Okay. Now does it say change pin? Yes. Click change pin. Change pin. Put in again the current pin. One one one. Hit done. Does it say new pin? Yes. Okay, here's the drill. Do not tell anyone your pin. And by the way, if anybody in security ever asks you for a bank balance or pin number, show them the door. Security is like a secret. Only one person can keep it. Okay? Write this pin number down somewhere. Do not make it your cat's birthday, your birthday, your favorite lucky numbers. Okay? None of that. Random, random, random. Look around a room. Look at the clock. Look at a thermostat. Random that can't be socially engineered. Put that darn thing on a sticky note. Put it in your sock drawer, stick it on the butter dish in your fridge, because you will be going into ATT or T Mobile or Spectrum to unlock it if you lose it.

SPEAKER_03

So it shouldn't be the same pin that I use for the phone? No. No two pins should ever be the same.

SPEAKER_00

Okay? And if you don't want to put in an encrypted password manager, you get yourself an address book that's alphabetized, okay? And create redundancies. And if you keep it on a spreadsheet, you password protect that and you don't keep it in the cloud. So you're gonna pick a new pin that has four numbers, write it down, and don't show it to anyone.

SPEAKER_03

Done.

SPEAKER_00

Okay, this alone has prevented what we call sim swapping. So that authorization code that you never got because someone else did can't happen anymore.

SPEAKER_03

Oh, there was sim swapping?

SPEAKER_00

I'm guessing.

SPEAKER_03

Wow.

Public Wi‑Fi And Auto‑Join Risks

SPEAKER_00

I mean I'd have to look up your data, but if there was authorization code. So that means, so now, is this fail-safe? No. Does she have to log into her Spectrum account? Change the email address you store on that account to a nice encrypted email address, and there are more than Proton. PC Magazine has a great top 10 list of encrypted secure emails, different uses, business people, you know, it depends on what you do. Log out once you put in that encrypted email, log back in, then add your two-factor authentication, change your password, and if any account where you store payment or make monthly payments allows you to have a user ID that is not your email address, change it and make it random. No special interest, no cute um, you know, art figures, no constellations you like, nothing to do with you. Look around the room, pick random things. All right? And make sure that when it says remember me, you do not. Because all that information stored in your browser, all you need is one little info stealer in there, and all of that is theirs. But people forget that their phone is actually the telephony side. And by the way, if you have a droid, just click on settings, go to the search bar, and type in sim. Same with Google Pixel phone users, okay? And then the steps are the same from there. And if you get locked out, if it says one more try and you're locked out, don't do it. Go to the store where you pay for the telephony side and do it there. It could mean a couple of things. It could mean outdated software. It could be someone snorking around your phone in your um account already. Okay? But if you are about to get locked out, do not attempt it. You will hate me and this podcast forever, um, because your phone won't work and your text won't work if you get locked out of your SIM.

SPEAKER_03

Right. You have to remember the code.

Zelle, PayPal, Venmo Safeguards

SPEAKER_00

Once you remember the code, you'll then once you change your pin, here's the two times that you'll need it. Okay? If you turn off your phone all the way and then turn it back on, it'll say SIM pin locked. You'll put in the password to your phone and then it will prompt you to enter that SIM pin. The other time you're gonna need to enter that SIM pin is after your iOS updates or your Samsung, uh, you know, whatever operating system are on other phones. Once it doesn't update, it will prompt you to have it. Those are the only two times.

SPEAKER_03

I saw a documentary on HBO about cybersecurity, and they recommend to turn off the phone every few days because there are people out there that can get into your phone even when you are out on the street.

SPEAKER_00

That's absolutely true. And it depends if you're being targeted and by whom you're being targeted. Um, that's absolutely true. So get yourself a Faraday pouch. What is a Faraday pouch and don't skimp on it? Get that technology. What is it? Named after John Faraday, it blocks out all electrical impulses. Okay, so if your phone is off and in a Faraday pouch, it's it's endless what we have to do. But when you travel through airports, throw it in that Faraday pouch.

SPEAKER_03

Now, you told me a while ago that when I'm in airport to turn off Bluetooth.

Separate Cards For Higher Safety

SPEAKER_00

Yes. So here's an airdrop if you have an iPhone. So here's why. Bluetooth and airdrop are close proximity theft mechanisms. It's a backdoor into your phone. So let's say you've changed your SIM pin and you've you've protected your Apple ID and you have a VPN on, but your airdrop, Bluetooth, location services are all on. Backdoor. So Bluetooth, I have to be near you to grab it. Okay. But it works just like if you've ever airdropped something. Here, here's the password. Okay? So people, and by airports, I also mean Panera and Starbucks. Okay, it's just airports are yummy and juicy because people who have money to fly have more money than people who don't have money to fly. Right. So they just like it and you're on public Wi-Fi all the time, and it's just a good environment. But somebody's sitting outside of that Panera parking lot or in that cafe, and anyone who's vulnerable, they're just looking for them.

SPEAKER_03

When I'm in the city, all of a sudden I see that I'm on Verizon Wi-Fi. Should I get off of it?

SPEAKER_00

Uh yeah, make it your option. You don't want anything to just move your phone onto something. Um, it's like on uh Spectrum routers, there's a little setting that's actually, if you log into your account online and go into a setting, you won't find it in as easily in the app, and you log in, it's actually under security. It's actually under, you know, security shield. But right next to security shield, there's a little toggle switch. And that toggle switch is spectrum mobile access. That means that anyone with a spectrum mobile phone can bypass a lot of your security and log on.

SPEAKER_02

Oh my god.

Posting Later And Biometrics

SPEAKER_00

So that they can gather data analytics, okay? I was a marketer for a long time of who has a spectrum phone in the area. All right, they cluster neighborhoods with IP addresses, they're doing data analysis all the time, and some of it's for good purposes, like outages. You gotta turn that thing off, and no one's ever gonna tell you, and its default is on. So if you enter the city and this default thing is that you're on a Verizon Wi-Fi backbone, don't. You have 5G and four bars, turn on your VPN and use it that way. Any Wi-Fi that just automatically happens because you have an account, you want to go into settings and control it. You do not want it to be automated.

SPEAKER_03

Is Zell and PayPal and Venmo all of this? Are those secure?

Biggest Consumer Attack Paths

SPEAKER_00

Okay, so Zell is very secure now, but I'm again the mantra, it is secure as how you have protected your bank account. So when um Zell was sued, when Wells Fargo and JP Morgan Chase and Bank of America were sued because of the Zell scams, okay, in December 2024, that lawsuit was dropped. But part of what they did to make it safer is there's no more Zell app. So you are putting in someone's phone number or an email address to send them Zell money, and it's going bank to bank. And it's not a wire, it's protected under EFTA electric funds transfer law. So it's much more protected unless you're using a Gmail address for your Bank of America account and maybe two-factor authentication to a phone that doesn't have a SIM pin, and a crappy password, and a user ID that's your your your favorite pet of all time. All right, so it's a secure, and you should not have it sent to email. When you put that nice secure encrypted email on your bank, you don't use that for Zell. Nobody knows about that except the bank of record. So you but Zell is fine, and also PayPal and Venmo if you secure that account well. Here's my thought about all of these things. The credit card that's in your Apple ID that you buy apps with, the card that you set up for PayPal if you're using a card, the credit card that you keep on record for things like Apple Pay and your Apple ID should be a credit card where you do not have a checking account or brokerage. Because a fraudster loves nothing more than when they go in, you're like, oh, that's a Citibank card, and they have city checking, they have city brokerage, and off they go to try and get into that account. Because if they can impersonate you and log in, they have everything. So when you're online, it's the opposite of what were raised. Go get one of those pre-approved card offers of yours. Do not have the credit card that you store for payments for highly targeted things have anything to do with your bank and brokerage. You see the pattern here, you're removing it from site.

SPEAKER_03

I I have a credit card like that. I'm gonna do that.

SPEAKER_00

That's what you do. And when you travel, that's the one you bring.

SPEAKER_03

Oh, really?

SPEAKER_00

Do not travel with a credit card that's also tied to your brokerage account. And try not to check bank balances and all that when you're traveling on vacation. And I mentioned this because it's summer now.

SPEAKER_03

Why tr oh yeah, right. By white traveling, is it more, am I more vulnerable when I travel?

Authenticators Over Text Codes

SPEAKER_00

Everything you do, yes. Everything you do is public. You're going from an airport or a train or whatever that's public Wi-Fi, you're going to a hotel, another great target. Okay? Sit in a hotel lobby, have a drink, pick out the hacker. Everybody's on public things all the time. All right, everyone has their geolocation on. The other thing is, you know, here's mantra. Post your pictures of Notre Dame when you're already at the Eiffel Tower. Don't do it in real time, okay? Don't Why? Because you can turn a cyber attack into actual burglary and take off your biometrics. You know, when you're sitting here at home and you have your face ID that gets you in your fingers, I don't want someone punching you, putting your face up and taking your phone, and it happens all the time.

SPEAKER_03

Yeah, I took it from all the financial, but it opens the phone.

SPEAKER_00

Okay, so that's bad when you travel or when you're in the city. Don't. You know, if you're in a rural environment in a low-risk environment, it's fine, especially at home for your convenience. And older people who are going to nice hotels, there's nothing a hacker in Froster loves more. It's like, let's follow them for the airport. They're dressed well, they look nice. They just checked into a four-star or five-star. Yay, let's go get them. Let's go see what apps they have open, let's go see how much they're protected. And you can call Apple and they're like, they can't break into their architecture, but they don't care about your architecture. They care about what you have going on in the cloud. Okay? They just want to know where you bank and if they can crack open that Apple ID. You know, and understand that you can be watched when you don't think so.

SPEAKER_03

What is the biggest cyberattack you worked on?

SPEAKER_00

I can't name things. No, not don't name the company. Two things. So in the White House and the National Infrastructure Advisory Council, we do look at critical infrastructure.

SPEAKER_02

Okay.

Prevention Over Painful Cleanup

SPEAKER_00

Okay, so there were things that we looked in there, like the grid and transportation and things like that. Large nonprofit that was breached really badly.

SPEAKER_03

Um the donors' information was taken?

SPEAKER_00

And yeah, they love donor information. And um, when you make a donation, please just go to the website, do it there. Don't use the apps, don't do links, even if you're a long-standing member, never use GoFundMe. You know, even Who and the Red Cross were cloned during COVID. If you think a ransomware attack is not stealing personal data, you need to watch more gangster movies. They kill the guy and they store him in a junkyard and they go offshore for months until things lay low. There are literally junkyards in the dark web. They're called junkyards. If they steal a lot of data after a ransomware attack, they store it somewhere and they go lay low. And then six weeks to three months later, boom. You're gonna see it. In threat intel systems, you can see this stuff happening. The law and its mechanisms are just a little behind the criminals at this point.

SPEAKER_03

What's the most common hacking you see for private people, not big organizations?

SPEAKER_00

Email, email account takeover.

SPEAKER_03

So they take over the email and then what?

Seniors’ Unique Vulnerabilities

SPEAKER_00

91% starts with an email account takeover. And then I go look for all your accounts with that email, and I'm just you. Hi, I forgot my password. Reset. Okay? I just have the emails. I can just impersonate you. Email and spoofing on the phone. What is spoofing? That's what you just worked very hard to oh, changing the SIM? Right, where the authorization code is forwarded to another phone from SIM swapping. Just swaps up for another SIM. Very, very, very common.

SPEAKER_03

Oh my god.

SPEAKER_00

And that's why the move you'll see in secure environments, they use an authenticator app instead of text to your phone. Because an authenticator app does not use sim technology. Also, while traveling, when you rent a car and you're just like, great plug in, Google Maps, delete your profile when you get out of that car. Because if I hop into your account, when was the last time you logged out of a Gmail or Yahoo? You just open your computer and there you are, isn't it? Is that fun? I've seen people go from their Google Maps into their Google account and then they're off to the races. Don't leave that stored in a rent a car. You'll notice that if you download Google Chrome and open up settings, here's a little test. Okay, after two minutes on your computer with Safari, all of your passwords stored in Safari are magically going to appear in Chrome because they'll make a handshake unless you turn it all off. Export those things out of the browser. That's a public space. It's prevention, is what you want. You know, it's really funny. In this culture, black cats are considered bad luck. Right. This is totally misunderstanding the black cat. If you go into ancient cultures, the black cat is good luck. Why is that? Because if a black cat cross your path, it warns you that bad luck is coming. Warnings are good. So it's very interesting in Japan. When I was in Tokyo, I thought it was so cute. Every security firm's logo, whether it's physical or cyber, is all a black cat. So think like that. You want to be warned. And then go look and shore yourself up because I promise you, incident response and mitigation of identity theft and breaches of your bank account will take forever. It's expensive and it's very painful. And it's horrible to see. And so much of it is preventable. So much of it is preventable.

SPEAKER_03

Mostly via email, you said.

SPEAKER_00

Yes, and your phone.

SPEAKER_03

But in order to steal my identity, they need my social security. It's not stored on my phone.

SPEAKER_00

There's 200 million of them out there thanks to ATT and Verizon last year.

SPEAKER_03

Okay, let's talk about money. If somebody just starts in the cr cybercrime prevention uh business, how much money can they make?

Careers And Skills In Cyber

SPEAKER_00

So it would depend on your education, like anything. Right. If you come into a threat intel company and you're you just want to get your foot in the door, you haven't studied any of this in college, you know, life doesn't end after college, who the heck cares? Get in there in some way. Okay, in whatever department, and then learn. Okay. So then you're looking at probably lower end entry-level salaries that are, you know, probably between 30 and 50, depending on the company and depending on your if you have a law degree and you want to take a left, lawyers are very useful because they know how to use threat intel data on both sides. It's on the prosecution and defense. Anyone who took accounting, be great at this. You know, get extra fraud certificates and you, you know, then you're and then you're in six figures. Wow. Six-figure industry because there's a shortage of people who know how to do these things. And you don't have to look twice to see the need. The need will always be there. Yeah.

SPEAKER_03

And what kind of skill do you need to have in order to be able to be a good cybersecurity person?

SPEAKER_00

You need to be a good data analyst. So you can take data analytics too. What does the data mean? How do you map it? How do you see the matrix? Okay. Um, that definitely and psychology, criminal psychology. Yeah, you said that. Go get a criminal justice degree and learn how criminals behave. Because there is no physical crime that happens anymore without Intel.

SPEAKER_03

This is a lot to know. My head has been blowing up already.

SPEAKER_00

I've also been doing it for many, many years. So what is very important is you study banking and payments. Okay? I worked in both of those fields. Okay. Study how money moves. And it's fascinating. It's a super fun. If you are interested in research and stuff, it's really fun. And then how it dovetails with a criminal mind. Learn about white-collar crime. Learn about the psychology of deviance. Take psychology, take sociology, take pathology, accounting, and your and your cybersecurity, and know how things work, not just not to click on something. So you take those things, but you focus really on the human behavior part. If you understand criminal behavior, you will understand how not to be a victim. And you actually know more than you think you know. You don't have to be math-oriented as much as you think. A very good, like investigative reporting is very good to study as well. Because there aren't a lot of people who do it. It's a great field, it's completely understaffed, and there's a lot of employment in it.

SPEAKER_03

So you don't really need to have a tech background.

SPEAKER_00

It's very good to have a tech background. It's good. And hands-on tech. Okay. Yeah, and go.

SPEAKER_03

Do you need to know how to code also?

COVID Era Breaches And Resources

SPEAKER_00

Coding is very easy. So when you learn Threat Intel systems, you will have to learn some coding languages. There are also some great tools where you can go and learn to be an analyst and take these online quizzes, like here's a malware thing, here's the problem, and you can work it out on these little modules. Learn what malware is and how it works.

SPEAKER_03

I hear that seniors in particular are vulnerable to attacks. Why is that?

SPEAKER_00

When you are below the age, this is why seniors are in danger. When you are below the age to collect Social Security or when your IRA is locked up.

SPEAKER_02

Right.

SPEAKER_00

Right? Like you have to have a penalty and all the bank's protected, and there's a moving things and there's forms to fill out and all that. All that gets taken down when you're 59 and a half. You can just go remove money like it's a checking account. Easier to hack into. When people collect Social Security, that's why there's so much emphasis on Social Security fraud. This is what happened during COVID is people use those numbers to go collect unemployment or to divert social security. And then you have retirees, people who are over 60 have more money than people who are 20. Right. If you have your mortgage paid off, you're more vulnerable.

SPEAKER_03

Yeah, because they can take your property. Yeah. I heard that, yeah.

SPEAKER_00

Totally. And but there's things that you can do from all of it. You just the vigilance there and the senior attacks really make me mad. We focus a lot of our business on making sure that doesn't happen. And then they sit around waiting for trusts and wills and financial transfers. So those are important to put in place.

SPEAKER_03

So most of the stuff that you deal with, is it preventing uh hacking or is it repairing?

Closing And Listener Actions

SPEAKER_00

Unfortunately, we get a lot of incident response and mitigation, which is really painful and expensive. I if people have been on their phones since 2008 and have never gone through what we call breach data cleanup, we highly advise it. We do run cybercrime boot camps at theaters and synagogues and other places to show people what they need to do, and if they need our help, we help them. Because if you don't prevent now, it's kind of inevitable. COVID overworked a lot of networks. So the IRS- What do you mean by that? So when when we were all in COVID and everybody's online all the time, there were vulnerabilities, and the hackers got a lot more sophisticated, and the systems were burdened. Okay? So the IRS had breaches, the MLS system in real estate, the DMV, even who and the Red Cross were cloned because it's just so much traffic, and there were opportunists. So those things, and you coupled with huge telephony breaches from ATT and Verizon last year, there's a lot of stuff out there. And whatever your politics are, I would highly recommend watching the 60-minute segment on cybercrime and the dark web that aired in May last month. It explains a lot about cyber criminals. Um, and you can also go to my website at zerohacksecure.com and hit play on the short video that explains it.

SPEAKER_03

Rivka, thank you so much. This is wealth of information. I have to listen to the whole thing again because I got a headache from all the vulnerability I'm exposed to.

SPEAKER_00

But it's an exciting field and it's there's a lot of opportunity in it.

SPEAKER_03

Okay, that's a wrap for today. If you have a comment or question or would like us to cover a certain job, please let us know. Visit our website at how much cani make that info. We would love to hear from you. And on your way out, don't forget to subscribe and share this episode with anyone who is curious about their next job. See you next time.

Head Shot

Mirav Ozeri

Host