Beau Friedlander (00:00):
Adam, I have been shopping for credit this week, true story, and I am so tired of the authentication process. So on my computer I do use biometric verification sometimes. So I’m telling you that because I have a very high confidence that nobody’s going to be able to steal my finger and put it on my computer and steal my identity. That said, it stopped working this week and it was a huge headache. And I actually just want to ask you, are you a fan? Do you like step on the scale, put your butt on the butt print machine and get your eye looked at before you can go through the door?
Adam Levin (00:35):
I actually believe in biometric authentication. I think it’s certainly better than passwords. I’m not necessarily in the majority, depending upon who you talk to. This is the future. This is where we’re going now. There are bumps in the road to get there, and sometimes the issue is that you have so much authentication on a particular account that you can barely get in.
Beau Friedlander (00:59):
Travis, you raised a red flag today about biometrics. What was that all about?
Travis Taylor (01:05):
Well, there’s a company that had gotten a lot of contracts with state governments for their unemployment benefits, saying that you have to supply biometric information to be able to collect your benefits. And even just about two minutes of research there, I saw hundreds and hundreds and hundreds of complaints from people saying, I can’t access my benefits. This service isn’t working. And naturally, if you go to this services website, they say it’s completely secure. It works. It’s a hundred percent. And then obviously the reality for a lot of people, especially ones who really need to collect their benefits to pay their rent or buy food, are finding that it’s not all it’s cracked up to be,
Speaker 4 (01:42):
Lisa, I want some more
Beau Friedlander (01:45):
Now. It doesn’t work or it is being targeted by criminals.
Travis Taylor (01:51):
Oh, it doesn’t work, is what people were complaining about, just not at all. And they said that they were having to contact tech support and that they couldn’t get in touch with tech supports, and so many people were having difficulties with it. Biometric authentication. In a lot of ways it’s more secure than passwords and passwords. We obviously know that there are a lot of limitations there, but be careful if you’re going to think that it’s going to be the end all be all for being able to secure your account or to be able to protect your identity.
Beau Friedlander (02:20):
We both use biometric authentication, but in my case, and I bet in your case too, there is still a password on that account.
Adam Levin (02:28):
Oh, no. There is a password and the biometric authentication is simply part of multifactor authentication. One factor is the password, and the second factor is either a code sent to a mobile device or some biometric feature that that site is or device is using. Welcome to what? The hack with Adam Levin, a show about hackers, scammers, and the people who get got by them. I’m Adam Levin, former director of the New Jersey Division of Consumer Affairs, the founder of Cyber Scout and the author of Swiped How to Protect Yourself in a World Full of Scammers, fishers and Identity
Beau Friedlander (03:04):
Thieves. And I’m Bo Fried Lander, cyber interested human being who likes to talk to Adam about anything having to do with the scam, fraud, online crime. You name it, I’m
Travis Taylor (03:14):
There. I’m Travis Taylor, resident cybersecurity expert and occasional voice of God.
Beau Friedlander (03:25):
I guess its time has come, but it has not arrived to all the people who might be using it and needing it right now. That’s kind of what I’m hearing, right, dv?
Travis Taylor (03:34):
Yeah, pretty much. And the main thing to keep in mind too is that if your password gets breached, you can change it. If your biometric identification or information gets breached for whatever reason, you can’t go out and get a new finger.
Beau Friedlander (03:47):
Well, terrifying thing also is, there was a story quite a while ago that when someone was holding their hand up to a camera, it was possible for certain cameras to capture enough information to recreate the whores on your fingers and steal your fingerprint, thereby being able to get into your, I think I might’ve made it up. I might’ve been sleeping and dreaming that, but I Am I making
Travis Taylor (04:12):
It up? That actually did happen.
Adam Levin (04:14):
Wow. As a matter of fact, it was in the context, believe it or not, of the Boy Scouts of America. No. When they do that, sign
Beau Friedlander (04:24):
Nanu,
Adam Levin (04:25):
When they do the Boy Scout salute, essentially it was recommended that they not show their fingerprint side of their fingers to any camera because of the possibility that there could be a replication of that image.
Travis Taylor (04:42):
It gets even weirder. Some people found out that they could get around a retinal scan by printing out a picture of someone else’s eye and then attaching it to a contact lens.
Adam Levin (04:51):
Wow. And you know about that. The MasterCard was testing a system where as part of verifying who you were for the purpose of making a charge, that you would take a selfie, but you would have to blink to prove proof of life.
Beau Friedlander (05:08):
Wow.
Adam Levin (05:10):
The moral to the story is love your passwords, change them, use password managers. And don’t assume that biometric verification is the be all, end all. It’s coming. It’s evolving. We just haven’t quite gotten there yet
Beau Friedlander (05:26):
And wear gloves
Travis Taylor (05:29):
And dark glasses.
Beau Friedlander (05:31):
That’s awesome.
Adam Levin (05:42):
So hey Bo, today I want to introduce you to somebody who’s very special to me. Now, this show for a long time has given new meaning to the concept of friends and family, but today we have somebody whose family and a friend. So let me introduce you to my sister-in-Law, Christen Harvey.
Beau Friedlander (06:00):
Hey Christen.
Christen (06:02):
Hi,
Beau Friedlander (06:03):
Christen. So I have heard a little bit about you from just being part of the family, and I have to ask you, are you also a bodybuilder, like your sister?
Christen (06:16):
I am not a bodybuilder. I do love to work out, but I do a lot more cardio than she does. She’s more in the weight department and I like to run and hike and Colorado things.
Beau Friedlander (06:28):
Oh, you’re from Colorado. So where in Colorado are you’re from?
Christen (06:31):
So I live south of Denver in a suburb called Highlands Ranch.
Beau Friedlander (06:36):
Got it. And what do you do there?
Christen (06:37):
So I work part-time at home. I have three kids, 12, nine, and seven. So running sports and activities and school and all that
Beau Friedlander (06:48):
Stuff. That sounds like a ton. You run up there. I’m curious, so you may not be a bodybuilder, but if you’re running up there, I imagine, do you ever come to lower climbs like where I am in New York City and run?
Christen (07:00):
Yes, and it’s much easier.
Beau Friedlander (07:01):
It is. You must be like, you just pass everybody. They’re not even moving. Right,
Christen (07:05):
Right. But it’s different because it’s humid there. If I run in New York, I sweat so much, but in Colorado it’s really dry so I can run the same distance and feel like I’m having a harder workout there because I sweat. But here it just dries up while you’re running.
Beau Friedlander (07:21):
Oh, and there’s that. Since I have you here, I have to ask, do you have any funny Adam stories? I would love to hear something. You can embarrass him if you want.
Christen (07:30):
Oh, funny Adam stories. I’m sure I do. But we recently went to Vegas and I always, I don’t know, Adam didn’t think it was that funny, but we went to Vegas and Adam was winning at blackjack and his goal the whole night was to get a yellow chip. And I can’t remember what casino we are, I think Aria, but he wanted this yellow chip, which was a thousand dollars. So he’d won a thousand dollars, and so he got this chip. He was so proud of it, and sometime during the evening it fell out of his pockets and he was depressed The whole rest of the trip. We went, all of us were on hands and knees in the casino at like 2:00 AM looking for this one. Adam Chip. The next day he was still working for it, and I’m sure the eye in the sky saw it and someone scooped it up right away.
Beau Friedlander (08:31):
Adam. Oh, poor Adam. Are you still looking for it? Tell the truth. Do you wake up every morning and think, oh, it’s here. It’s not there.
Adam Levin (08:38):
Every morning I look under the bed, I look under the sink, I look in every pair of pants I own every time we go to Vegas. My quest is to figure out a way to at least win that a thousand dollars Checkback. Unfortunately, I think I’ve contributed more than I’ve actually received of late at the casino. So
Beau Friedlander (09:15):
If we weren’t just on audio, I would pull this lovely little yellow chip from behind your ear. But alas, you’re in Arizona, I’m in New York, and that’s not going to happen. So Christen, you have been a victim of a scam from what I understand. I think I just want to start at the beginning of the story. How did you find out that you had become a victim of a scam?
Christen (09:58):
So I did some work for a company last year at the beginning of last year and got a 10 99. And in December, I think they’re called a Reliant card. When you file for unemployment, you get this credit card that you just use a credit card, but it has unemployment money on it. So in December, I got an envelope in the mail that looked like a credit card, and I was like, I haven’t applied for credit card. So I just left it in a pile and at some point it got thrown out. Well, in January I got an email from that company that I had been a contractor with, and they said, there’s been a lot of Colorado unemployment thefts and we’ve had a couple people that have worked with us that have said someone has filed in their name, so you need to check and see.
(10:45):
And basically they gave me a list of things. They said, check your credit regularly and if you’ve received a reliant card for Colorado Unemployment benefits then and you didn’t apply, this might be a problem. And I was like, oh, that’s weird. I first went in and checked my credit and I’m like, there’s nothing on there, nothing new. And I was like, so it seems fine. But I was like, I did get that card in the mail in December, but I had thrown it away. So the first thing I did is I called the Reliant card company and said, Hey, I need to see if there’s a card in my name. And they were like, well, give me your card number. And I said, well, I don’t actually have a card. And so it was kind of a long process. They had to look up my address and then they did say, oh, we see there is a card open in your name. So then I told them, well, I didn’t apply for unemployment benefits. And they said, well, somebody has. So then they gave me some steps. I went to identity theft.gov and filed a report, and then I called division of Unemployment and told them What was interesting is that it doesn’t show up on your credit.
(11:52):
So if I had never received the card and I hadn’t gotten a heads up email from that company, somebody could have just gotten the card and used my unemployment benefits, I wouldn’t have known unless I filed.
Beau Friedlander (12:05):
I’m curious now how much money are we talking about Christen?
Christen (12:08):
I don’t know. But I think at the time there was $3,000 on the card available. Now, I don’t know if it would’ve been more or if that was just for a six week period or what, but they hadn’t actually used the money because the card, they probably tried to get the card sent to their address and it came to mind.
Beau Friedlander (12:27):
Now I want to just ask Travis quick question. Do you think this has anything to do with the 10 99 work that Christen did? Travis,
Travis Taylor (12:35):
I’d be surprised, actually. There have been so many unemployment scams of late, especially in the wake of covid, that it could have been the 10 99, but it could have been anything else. It could have just been that her name had been exposed in a breach already and that someone just got ahold of her contact information.
Beau Friedlander (12:51):
Adam, how often are you telling everyone to check? Have I been pod
Adam Levin (12:58):
Pretty much every hour?
Travis Taylor (13:01):
In case you don’t know, what have I been Pod is, it’s a website that lets you check your email address, phone number, or even passwords to see if they’ve been breached or otherwise compromised. Simply go to have i been phone.com, that’s PWNE d.com, and you can access it from any web browser.
Adam Levin (13:19):
It is a situation where unfortunately, there has been hundreds of billions of dollars now that had been compromised as a result of these unemployment compensation scams on top of every other scam because scams went totally crazy during covid. But these scams are particularly pernicious because they’re usually using information that has been gathered up, scraped up from the billions of records that have been exposed over the past few years as a result of breaches and compromises. And in this particular country, it’s gone wild. I mean, I know at one point the state of Washington was facing hundreds of millions of dollars worth of fake claims. It’s estimated that 10% of all unemployment compensation filings are fraudulent. And the Office of Inspector General claims now that they have helped states returned about $565 million that were stolen as a result of these unemployment compensation scams.
Beau Friedlander (14:28):
God, what could be worse Now, Christen, did it get worse or is that all that happened?
Christen (14:36):
Once I filed or once I filed with identity theft.gov, they did a little bit more research and said, well, did you possibly file in the state of Ohio for benefits? And I was like, no, I’ve never lived in Ohio. I’ve never worked in Ohio or worked for an Ohio company. So then they had to go down the route of looking in Ohio if anyone, and I only received one card. So they said, well, a chance that now somebody really does have the card in Ohio. But again, no money at the time had been actually used, but I wouldn’t have known. I mean, I don’t know.
Beau Friedlander (15:19):
And you haven’t been going to Ohio for the Columbus, the Akron marathon or anything? You haven’t been? No,
Christen (15:28):
No, I haven’t been there in, I mean, maybe my childhood once, but so that was kind of weird.
Beau Friedlander (15:36):
So Adam, it sounds to me like Christen’s information must have been, as you say, just in one of these huge dragnets of data that have been stolen or compromised over the years.
Adam Levin (15:48):
Either it’s a breach like that or many companies have experienced situations where W2 forms have been stolen and the information behind it, and it could be something as simple with a company as that. Somebody got an email from, they thought it was a boss, and the boss was asking, I need information to back up the W2 forms that we sent out, except it’s not the boss, it’s a scammer. Oh,
Beau Friedlander (16:14):
Spearfishing.
Adam Levin (16:15):
There have been spearfishing imposter scams with this. And the way most people generally find out they’re victims of this unemployment compensation fraud is either they apply for unemployment compensation benefits and are denied because they’re notified that someone’s already collecting their unemployment benefits and the state thought it was them or their company contacts and says, this is very strange because we’ve been notified that you’re receiving unemployment benefits except you’re not unemployed. You’re working for us. And so this has been a real epidemic in this country, and it’s up something like 40000% based on the what’s going on with Covid.
Beau Friedlander (17:00):
I feel like Adam, you’ve been paying a lot more attention to these stories since the shelter in place stuff began with the pandemic than I have, so I’m not really up to speed on what one does and how you can protect yourself. Because as far as I know, I may also have somebody collecting unemployment on buying behalf. Does it show up in your taxes? Does it show up anywhere later on in the year?
Adam Levin (17:24):
Well, it could potentially show up in taxes because receipt of unemployment compensation benefits, depending upon which benefits they are there could be taxable. That’s one, it could show up in your credit report, but not really related to the unemployment benefit scam. But it could show up because someone has enough of your information that they then open accounts in your name, get medical treatments in your name. There are children are compromised. So that’s another way it could show up where you get notification from bill collectors or medical bills or something like that, which again, it is collateral to all of this.
Beau Friedlander (18:05):
Christen, have you checked your credit report to see if you’ve had any other kind of incursions into your credit or your financial accounts?
Christen (18:14):
Yes, I did right away and then I put them all on alert so that now they’re going to be closely watched for the next year, but nothing had shown up. So if I was unemployed and I tried to, I mean, that was the biggest thing is what if I had lost my job and I worked full time and then my benefits were already being used by somebody else and I had no benefit.
Adam Levin (18:36):
And that’s happened to many people and it’s terrifying. And they have to go through the agony of dealing with the state unemployment compensation folks. And many states have implemented ways to make it easier for people to notify the state if they become victimized by this. And the federal government’s also involved in helping where it can, but also, this goes back to the cyber hygiene basics anyway, which is the three M’S that we’ve talked about. And that is minimize your risk of exposure, reduce your attackable surface, which means long and strong passwords. Two-factor authentication. When you’re dealing with any account, it means not clicking on links or opening attachments, not downloading apps that you haven’t carefully researched. In addition, monitoring your credit, monitoring your credit scores, putting transaction alerts on your financial accounts. These are things. And then also having a plan to manage the damage. And a lot of people don’t realize, and we talked about this on the show, that many insurance companies, financial institutions and employers offer programs to help you through identity incidents. I know in the case of cybers Scout, there were many people of get contacted the organization in order to get help, and they did receive help.
Beau Friedlander (20:01):
And they can be super high touch too, those kinds of services. Absolutely. They call you, they’re great services out there, but I’m just sitting here struck whatever the opposite of a hierarchy is. Is there a lower hierarchy for the scum, the pond scum that would go after somebody’s benefits? I mean, when you were doing these calls, Christen, did they tell you anything about how you would, I’m just curious, what would a person do if they actually did need these benefits and they had been claimed by somebody else?
Christen (20:32):
Well, really, they kind of put you in a queue. I mean, they were helpful, but it was like, well, we’ll do a little bit more research. And mostly since it looked like they hadn’t collected, then it was kind of wrapped up. But if they had collected, I don’t know what the process would’ve been. I mean, they all wanted me to file a police report too in the state of Colorado, which I did. But I mean for them to be able to figure out who had done it is basically impossible. I, and it could have been the same person that filed in Colorado and Ohio. It could have been two different people. Mean was basically they told me Good luck on ever finding out.
Beau Friedlander (21:15):
But what it does tell us is this is the equivalent of being in a war zone, which we all are when it comes to our data, because our data is out there in various ways, and this is the equivalent of a sniper taking a shot at us. You get hit. The question is what are they trying to accomplish? And in this case, it was this very narrow goal of stealing employment, unemployment benefits, but it could be anything. And that’s what to me is so terrifying.
Adam Levin (22:09):
Well, as an example, if you want to talk about how scammers and hackers took advantage of the covid disaster, first of all in the unemployment area, because most people due to lockdowns weren’t going into the office. And in many states you find out that many people are back maybe one day a week, so things are backed up. They also needed to bring on more people, but it was the perfect storm for scammers because there was nobody you could really call that in most cases, you had to go online and there were so many people that were filing for benefits online at the same time that everything, you had websites crashing. So they were taking advantage, as they always do, of moments of distraction and vulnerability. Another thing they were doing is if you want to talk about a lower rung in hell, even than those who would steal unemployment benefits, how about people that would do ransomware attacks on medical facilities when people desperately had to get treatment and help? And these medical facilities in many cases were reduced to operating with paper and pencil. That procedures were canceled.
Beau Friedlander (23:22):
I was struck by, there was an attack that made the news a while ago on a pipeline, an oil pipeline. Good
Speaker 6 (23:31):
Evening. Tonight, federal authorities are investigating a major cyber attack targeting America’s energy infrastructure. Georgia-based Colonial Pipeline says it was hit by ransomware. The company responded by shutting its entire down to
Beau Friedlander (23:45):
Protect it, the hackers said, well, we don’t really, we’re really against harming people. We’re just going after low harm, high profit targets and prices of gas went up to $5 a gallon for a second. And I was like, really? Because it seems like that’s harming pretty much everybody. I think there’s always, with these guys, they go to the basement of despair and then there’s a trap door and there’s even deeper these jerks can go. But Christen, I have a question for you. Any takeaways from this? Did you learn anything about protecting yourself from this particular brand of jerk, or are we just sort of hoping that it doesn’t happen again?
Christen (24:24):
Well, I do think I check my credit reports pretty regularly, but like I said, it didn’t show up. But if I do think it can for some people, so I would say that would be helpful. And then also, if you receive one of these cards, I kind of overlooked it, but I would’ve caught it a month earlier if I had opened it and really looked at it and been like, well, I didn’t file for unemployment, because it’s pretty clear it is a certain kind of card you get. So if I would’ve been like, I didn’t apply for that and called that card company right away, I would’ve caught it a month earlier. So that would’ve been helpful.
Adam Levin (25:00):
Well, and the most important thing here too is the fact that being alert, there’s no substitute for being alert. And this was not a credit card, by the way. This was a prepaid debit card. The state could reload it if it chose to, but there was a certain amount of money that was available on that card if the state granted benefits to that particular individual. And that’s why it’s just so important to watch everything. There is just no substitute at all for being alert.
Beau Friedlander (25:34):
Thank you so much, Christen, for coming and joining us today.
Christen (25:37):
Thank you guys.
Beau Friedlander (25:39):
What the heck with Adam Levin is a production of Loud Tree Media.
Adam Levin (25:42):
It’s produced by Andrew Steven, the man with two first names.
Travis Taylor (25:46):
You can find us online@loudtreemedia.com and on Instagram, Twitter, and Facebook at Adam k Levin.