Alrighty. Hi, everyone, and welcome. Welcome to Declassified. Hey. This is the series premiere, the whole new series, Declassified, that's meant to be a raw intel drop on the dark economy of cybercrime. Now there's a key phrasing there. Right? I wanted to make this, like, some central tension here. The dark economy economy is really like, okay. We're we're breaking this bigger. Because normally, we think of cybercrime and we think of, oh, some hobby in a basement, but it's much, much bigger than that. Right? These are real businesses. It's it's a whole standard industry of hackers and threat actors and fraudsters and scammers that honestly use the same tools, the same org charts, the same sort of KPIs. Right? Really business tech inside and stuff that that you do just as well. All the companies, all the organizations tuning in to watch declassified here. We really wanted to show that, hey. There's this sort of mirror image, a sort of hidden competition for the threats that are out there. But look. Hey. Hi. Hello. My name is John. Right? Hey. I'm John Hammond. I'm the senior principal security researcher at Huntress and really excited to bring the show to you all. I think I'll be your host, but truth be told, we have an extremely special guest that honestly needs no introduction, but I'll do my best. I did wanna help tee him up. Look, Jim Browning. Jim Browning joining the party to help step inside the business of modern cybercrime. And Jim is incredible for one thing. Hey. He's a software engineer. He's a YouTuber alongside myself, fellow content creator, helping share some education, get some awareness out the door for the whole wide world. But, Jim, I think you're mostly all about scams. Scam. Scam baiting, scam call centers, but you take it a little bit further and you get inside of the environment to help take down these scams. Can you tell me a little bit more about it, who you are, and, honestly, can I ask, hey? Why are you willing to keep hanging out with us over here at Huntress? Well, first of all, thank you for having me. I appreciate the invite. Thanks to you. Thanks to Huntress. And, yes, I love digging deep into scams, scammers. And as you say, these people are your hidden adversaries. And I like, just like you do, like to educate people about scams, how they work, and I'm an engineer as well. I like digging into the depths of those scams, and I expose scams and scammers. Now I have to apologize for this because if people don't know, I don't normally show my face on camera. So I'm I'm I've got a little bit of a disguise on. We have met face to face before, but this is for my safety. I am not one of those kind of hacker types who's doing something illegal. Far from it. What I do is actually expose people who are going after your business. So apologize apologies for this getup. It is really for my safety, so I'll say that first of all. But, yes, thank you for the invite. And, yes, it's an interesting topic we're about to talk about. No. Thank you. I should have teed it up a little bit better. I knew look. Yeah. You're gonna be coming in hoodie on, mask up because, hey. You are an ethical hacker for all the right reasons. Right? Doing the right thing to kinda fight back against these threats that are out there. But it makes complete sense keeping that anonymity, keeping that sort of op sec. Right? Operational security intact. But I do have to say something else that we're a little bit excited about for this show. If folks are willing to stick through to the end with us, we have some incredible visuals, show and tell, like CCTV footage, real audio and video from inside the operations here for scam call centers, cybercrime operations. But hold on. Hold on with us till the very end. We do have a cool giveaway for folks that were tuning in. Some sweet AirPods Max that, we'll announce at the very end, but wanted to make sure oh, maybe if you're at the edge of your seat, if we get any audience participation, there's a cool queue for you, then look, we'll have a sweet prize. But if I could kinda set the stage, right, I think there's a cool distinction, that is honestly even a little bit blurry. Right? Because I know right over here at Huntress, we are managed security platform chasing hackers, wrecking hackers to really get what I know that I consider sometimes just traditional ransomware or info stealer malware or cryptocurrency miners or folks that are doing adversary in the middle doing business email compromise, blah blah blah. And I I know sometimes I've almost sort of separated that between what you do, Jim, in in stopping scams. But when I thought about it more, realizing look. This is blurry. The these two are honestly together. When it boils down to it, hackers, threat actors, fraudsters, and scammers, they're all still doing these illicit activities with ill intent to cause real damage, to wreak havoc, to do cybercrime, organized cybercrime. That's the keyword, how it's organized and become a real true business here. Honestly, hackers and scammers, they're one and the same. Exactly. Exactly. And and that's the kinda key point. They really are your hidden competition. So I what I do is I dig a little bit deeper into those. I'm an engineer, much like yourself, probably a lot like everyone or a lot of people who are on this webinar. And what you'll find is your hidden competition is exactly the same as your organization. And what I've been able to do over a few years at this point is dig deep into those organizations. It's not just about me hacking them or similar. A lot of this information comes from people who are disgruntled employees, people on the inside. And a lot of what I'm about to show you here doesn't necessarily come from those hacks or compromises of scam organizations. They could well be insiders. So I would like to take you through what those organizations look like, and maybe you will see a lot of similarities to your own. So if I can talk about really their business, and that is key to it. They do run this like a proper business. And key to all of that is, you know, when you look at these slides, you will see that they look exactly like your business. And that is kind of one of the probably surprising things. They run this thing extremely professionally. They do, for example I think I'll just share these slides here. And while you're getting things going, Jim, I may I wanted to sprinkle in one little teaser because I think you've actually got some exclusives to share with us. Some, like, never never been seen before really cool new fireworks. Yeah. Yeah. Some of this, yes, you will have seen on my YouTube channel. But what you will also see is a few things which I've actually held back from my channel. And even something I record I'm sorry. I'm going to spring this on you a little bit, but something I recorded just earlier today because it is relevant to what we're going to talk about. So this is some of this has definitely never been seen before, and it's like I said, it's a bit of a pleasure to kinda talk through this. But what it once I go through this, I want to emphasize are really the three points that you see here. And you will find that whatever business you're in, what you're about to see, it will look incredibly similar to your own business. And that is no accident. The people who run scams, the people who are your hidden adversaries have to be professional about what they do. And if if they didn't do that, then they would lose money. And it is all about stealing your money, so they have to be extremely careful about that. So as we go through here, they're after your customers, and you will see a lot of overlap between the way they run their business and probably the way you run yours as well. So let me just change this. Let me go. I get the right the right slide. There we go. Sorry. I'm having a little difficulty pushing these slides on. One second. I'll give you some air cover while you're going. Okay. You got it. There we go. Thanks. Finally got it going. So this is something that I lifted from one of those organizations. And what it is, it's a just a single file. Now it's a little bit busy, but what you'll probably see on the left here is that this is a network diagram. Probably, if you're in a small business, this will look very familiar to you. But what I wanted to point out was the fact that the people who created this diagram are scammers. Okay? So all of the kind of back office you know, they've got their internal IP addresses. They've got these rooms mapped out, but it's the rooms. It's the the words in green here that might surprise you because they have their training room. They have their HR room, they have their operations room, and down at the bottom, an IT and quality room. And that's kind of key. And, you know, if you have never seen this before, this probably looks exactly the same as your own business. The fact that they have quality associated with running a scam operation probably doesn't come as a surprise to some people, but absolutely, they have they train their operatives to make sure that they steal as much money as possible. So this sort of layout is probably very similar to your own business, I'd suggest. And I'm sure from what I've seen before, this looks quite familiar to probably a lot of people here. So when I talk about going inside the operation, what you're about to see here has come from, yes, me trying to engage with scammers. I get them to connect into my computer, and I quite deliberately lead them on. I I follow the scam the whole way so that I can unpick their business. And for me, that's the most interesting part of this. How does a business run? I'm an engineer. I like to understand how things work. Can I pull it apart? And that's exactly what I do here. So when you have a look at this, I'm gonna go through a few examples of some of the scam operations that I have managed to disrupt over a number of years. So we've got a picture of four different call centers. And, yes, you're looking at CCTV here. So I I literally mean I can see the people who are running those, like, fraudulent operations. These are four different call centers. They're all in different count well, most of them are in India in this case. One is in Pakistan. And I'll I'll run you through well, you probably the obvious question is, how do I even get the CCTV? And I I think if you ever watch my channel, you'll probably get a bit more of a clue. I don't go into the exact detail because, hey, I don't want them to know exactly what my techniques are. But the most interesting part of this is we're just about to see some scams actually running where I see them on CCTV, and I can hear their telephone calls. Now just to give you an idea about the kind of breadth of scam operations, here are four different call centers. The one on my on the top left here is a travel agency or at least they describe themselves as a travel agency. They're nothing of the sort. It is a front for a scam operation. They run a a legitimate travel company, but, actually, what they do and where most of their money comes from is a fake Microsoft scam operation. They produce fake pop ups or at least they pay people to do their to send out those pop ups, and it will say, hey. Your computer's got a virus. Call this number. And, of course, the people sitting on this top left here are very willing to help diagnose your computer. Strangely, they always find a fault in your computer, and they will, of course, charge you for that. So this particular company, we're making upwards of three million dollars a year running just those pop up And I was able to get that figure because, hey, I've dug into them. I can see where the money goes, and this is just one example. Now there's three others here as well. The one on the top right, it's in Lahore in Pakistan, Pakistan, and it's a company called Tech Harbor Services, and they steal mobile phones. And you might be wondering how on earth do they steal mobile phones? And the answer is they've got a good script to allow them to do that. And the way they do it is they call you up, offer you a discount on your cell phone plan, and if you comply with them or if that sounds interesting and who wouldn't want a discount, they will send what they describe as a promotional code to your cell phone. And as you can imagine, and I'm sure on you will comment on this as well, a code to your phone is then resetting your password, and I'm sure that is quite often what you and Huntress and everything see quite often. It's one huge attack factor, I'm sure. Yeah. I mean, it's funny. We tend to think there's extra safety and security in multifactor authentication. And, of course, without a doubt, there absolutely is that you need to have that layered security, defense, and depth. But one of the craziest things when look. You're kind of on the phone with someone, and that's how a lot of these things happen. Right? Oh, you get a random call, tech support, or whatever the case may be. The pop up tells you to call this number, and then you have a person walking you through the steps, and they say, oh, I'll send you this PIN code that maybe they dress up as a coupon or discount or whatever. Right? But in all reality, that's the access to your account. And we parallel that a lot in our ITDR world, like identity threat detection response. When we see wild stuff like Evil Jinx or Naked Pages or all these sort of phishing kits just to gain access, there's like an adversary in the middle waiting to capture those credentials. But in this case, you're just, like, synchronized on the phone with someone giving it because you're duped. You fell victim to the scam. Yeah. Absolutely. And like I say, a very, very common tactic that and kind of fake invoices, of course. Bottom left here, we have a different one. This one's called DK Business Patron. Unlike a lot of these operations, again, they have their legitimate side. During the day, this company would actually be Amazon resellers. And I could check that because when I got access to it, it was at nighttime. It was the daytime in the US, nighttime in India where this one is, is in Delhi. And they, again, were pretending to be Microsoft, calling people up. Your computer has got a problem, and, of course, no problem at all exists. But that's what they did. And, again, because I could see them in CCTV, I got a very detailed view of how their scam operation went. And the one on the bottom right, this one you may not have heard of before because this is a particularly sneaky scam. And the the although it looks quite a comfortable office, there's lots and lots of people involved in this, what they do is accept inbound calls from people in the US who think they've dialed their bank or their electric company company or someone that they have managed to search the web to get their phone number, but these guys have bought up either similar numbers or old or defunct phone numbers close to real organizations. So say you have a problem with your electric bill, they will be one digit away from the actual genuine electric company. And if you called them up, they would very happily take all of your personal details, including your credit card number. And during the call, they would play what they described as an advert. But in fact, they would sign you up for a monthly subscription service based on the personal details that you thought you were legitimately giving to your electric company. So all very different scams, but all running in a very similar way. So, again, this is what your competition looks like. They may be sitting on phone numbers very similar to your own office, but that's exactly what goes on. Now these are just still images. I have a little example here of me actually able to watch on CCTV one of one of the live calls. So let's have a little listen to this one. Hello? Hello? Yeah. Hi, sir. Very good day to This is Olivia Roger, and I'm Have we got audio okay? Just checking. Can you hear that okay? Just Cool. Excellent. Thank you so much. Audio. Good. I will continue this. There is subtitles here as well because she may be a little bit difficult to make out. I will continue. Calling from the security department of Commonwealth Bank. So how are you doing today? Commonwealth Bank, if you didn't know, is an Australian bank. Well, this call is regarding to your bank account which you are holding with us. It's a verification call to you. Do you authorize any transaction of eight hundred dollars to mister James Smith? Are you sending any overseas money to anyone? I don't know what you're talking about. I'm talking about your bank account. Okay? Your bank account has been holding with us. Okay? It's been with us. Hello? I will I will pause that one there because she can be quite difficult to make out, and I just want to make sure that you definitely hear that one. First of all, you definitely can. Yes? I guess. Okay. I will go past it, but suffice to say that is not Commonwealth Bank as you can plainly imagine. But nevertheless, there's a few other things I just want to point out in this picture. On usually, these guys have got telephones. Normally, what they do is they plug their headsets into their computers. They they will not be using proper phone lines. And, of course, they will be spoofing US, UK, whatever phone numbers. Now in the UK, they have been prevented from spoofing landline numbers. So what they have moved to is spoofing mobile or cell phone numbers. And I think that's something that I would love to see change in the future. But, this may be where Huntress can maybe help with the kind of detection of these sorts of attacks. I don't know if you want to say anything about this one, John. Yeah. Absolutely. It's for one thing, watching the video is insane to me because I see the people, like, snickering and kinda laughing, giggling in the corner, and everyone, every single person is on the phone on a headset dialing and making calls like nonstop, which is crazy to see. But without a doubt, look, Huntress is still trying to track and keep businesses protected. And whenever we acknowledge the fact that there's nothing really stopping any threat actor or adversary from kind of just impersonating you, anyone, brand ajacking has kind of been a thing we've been talking about. That's hey. Why not just claim and say, hey. I am x y z a b c. And then if they get in the middle of some business email compromise, maybe they mid thread or change or redirect a conversation that could lead to things like, I don't know, some wire transfer shenanigans, so many trouble. Those are all the things I know, especially, don't wanna keep harping back to our identity threat work, but that is kind of the big component here is like, okay. Do you know who you're having a conversation with? Are they real or are they totally duping you? Yeah. Yep. I mean, this one and if you haven't seen this thing before, there's plenty of more of this on my channel and other scam builders channel. Sometimes we get to see them and it's kinda nice to be able to really pick them apart this way. Now this is another way that, of course, these scammers, these adversaries impersonate you. This one's obviously a bit more obvious because anytime you see Elon Musk promoting something, you can almost guarantee that is going to be a scam. And this is no exception. Here, they've obviously just edited a real Elon Musk post and put their little message below it. And I'm the kind of person who actually clicks on next trading dot a I or whatever the scam domain is because what I do then is engage with whoever calls me. Now I did happen to register my, obviously, fake details on this particular website, and I got about thirteen different phone calls as a result of that. Each one of those phone calls told me that if I get any more phone calls, the other guys are the scammers. It's not us. We're the real deal. Stick with us. And in fact, a lot of them even had a little password system so that if I didn't quote the password to the next caller, then I should hang up the phone. And that's that's because they knew that this particular trading system, the data that I filled in, would be sold to multiple organizations, all of whom would try to scam me. And the level of sophistication might surprise you. You think this is just, oh, this is somebody trying their luck pretending to be Elon Musk. In fact, the people who are behind this have a whole infrastructure and a very, very sophisticated level of expertise in how to manage people who think that they're about to invest in something. And what I've managed to do here and I've had to kind of remove and redact a little bit of the information because this is a live CRM system from one scam organization who run one of those fake trading apps. And if you can make out what a lot of this says, you can see down the left hand side here, there's a whole lot of things about a ticketing system, a task, a leaderboard even for the people who are running the scams, a leaderboard. And you can get an idea roughly what this is about because on the right hand side on your dashboard, you have the statuses of your, what they call, customers, their scam victims, and how much money each of them has put in here. And I've redacted this deliberately because this is a real live trading system, and I the police are already on to this one. But it gives you an idea of the level of sophistication with it. So not only is there a little overview where you can kinda see how things go, here, I've just drilled down into one what they call customer customer insight. And, obviously, they'll have a a name which I've redacted here. And they've got a particular team. One's called retention with DE, DE for Deutschland or Germany. So not only do they attack people in the US and Europe and English speaking countries, here you can see they've actually got a German speaking team who will target people in Germany. Below this again, again, overview of what they call customers, but, again, there are no such thing. But look at the other things in this. This is all integrated with their fake trading system. And you can see here that there's different countries. They are targeting people in multiple countries. They have affiliates. So not only are they selling this, they buy the data from a third party. There's a whole ecosystem around their scam. And that level of sophistication, you'll probably only see in a really professional organization. So that's just their customer overview. This is their own admin view. So I haven't redacted these names because they're all just names fake names of scammers. So you might have a scammer called Amy Lopez or El Patron is the the boss. They they give themselves this. On the desk that it's associated conversion means that the the person has signed up to a fake investment, and they wanna convert their money into crypto. And retention is someone who's already been scammed, and they are offering to recover their money for them. And this is what they call retention. They've already been scammed. We're going to retain them for yet more money. And not only does it integrate with their fake systems, but they also have their own security around it. So this is an admin account, and even the people who sign up, they are told, for example, they can use two factor authentication. So this isn't just a normal kind of put together, knocked together using AI system. They have sophisticated enough quality control and security systems around it, and that may surprise people the level of sophistication here. And, of course, this is all about getting money out of people. So they have an agent performance, and FTD, by the way, is first time depositor. They're very keen on that stat because if you deposit a little bit of money, this is their opportunity to take yet more from you. So they will collect lots and lots of stats. And remember the little diagram at the start where they've got a quality assurance room and a HR room? That's exactly what this is about. So agent performance is particularly well measured. So any thoughts on that one, John? Because I'm sure if you've worked in any big organization, performance is always key, and there's no exception exception for scammers. Yeah. I mean, for one thing, this is insane. Second, if I could, like, break the fourth wall a little bit. Right? I don't know. Hey, folks tuning in, audience, organizations. Right? I have to think this system, the CRM management dashboard, and everything they've got cooking here probably looks a heck of a lot like what you might have in your own business. Even the sure. Two factor authentication, the security setup, and it's, again, it's just mind blowing to me to see this in both the front of, yes, okay, our scam operation business, and then a front that is a fake company to pretend and to do good in one direction. But then the, like, zoomed in aspect of this for the CRM system or other components in the tech stack that they use, like, literally a shared tech stack mirroring what you use in your organization, sometimes still all for show, all for the lie. Like, the added two factor authentication makes it look legitimate because you feel like you've got the right security connectivity there, and that's just mind blowing to me. But Yeah. I mean, honestly, it it's it's down to the training as well. Yeah. And, you know, I I've also uncovered, and this is a genuine document that I've picked up from a different scam group. This particular group were involved in something called scareware where it you will download a bit of software. And initially, it might be free software, but all of a sudden, it will come up with scary messages that your PC has got all these problems, and you need to upgrade your bit of software. And this particular group trained their employees, in this case, in Japanese so that they could dig out the scam or the scareware market in Japan. And this is a real Japanese language proficiency test entrance on a university in India where they sent this guy in to make sure he could run the scam in Japanese. Listening to to these guys speak Japanese was quite funny, but that's a real document that has been picked up from a scammer. So, yes, very, very sophisticated. And if you think that your office has got its own training department, have a look at what your competition is doing as well. Jim, can I ask, I don't know, just a question, especially from the CRM and that whole management system? Do you know just how much money, I guess, they would have made or they've raked in for scams like this? And I think we got a cool poll that we could fire up. Like, what is Yeah. Audience hey. Folks tuning in. What do you think? How much money do things like this cybercrime economy really make? Or how does it fare amongst the markets of the world? And, Jim, I'd love to get your opinion. What is the real number, if you know, for Yes. What that group was making? I I do have to know for this group. And because they're involved in scareware, you might imagine that those sort of figures be quite difficult to come by. Not if you have my sort of access. And in quite a lot of cases, I'm able to see exactly what those figures look like. This particular group, they're one of or were one of the largest groups involved in this sort of scam. At at one point, employed over three hundred people running scam, and they made upwards of twenty million a year using that scam alone. So I think you've got a little poll up there. I would be interested to see exactly what people think might be the kind of cybercrime economy levels with this because the figures may well be surprising, I think. Yeah. We can leave up the real answer for the end, but please do if anyone's willing to chime in and chat even after you submit your question in the poll and the answer there. But, Jim, you said something that kind of threw me off guard. Right? You you you dangled in the hot commodity, hot topic, new acronym these days. You said AI. AI. Yes. Before we go to AI, though, I'm gonna I have a little exclusive because I mentioned we there's something I've been holding back for quite a while. I've never published on my video on my channel. So this is my little exclusive, first of all, and it's to do with just the the makeup of those organization. So I mentioned, for example, there's a HR department. And what I've been able to do in the past is actually encourage some in in this case, Indian local people who are just very disgruntled. The vast majority of people in India can't stand the scammers and can't stand what they're doing. But there are some very brave individuals who will actually try to infiltrate those organizations. I mentioned at the start of our webinar that sometimes I can get people to actually go in to these scam call centers and actually see how the scam starts. How do these organizations even recruit people in running this sort of scam organization. And what I've got here, I'll just bring it over here. Hopefully, you can see this. I'm gonna keep this video on mute, but I'm just going to play it as I'm speaking. This very brave individual in India is actually going into one of those scam call centers for an interview. And I knew before he went in that this is actually quite a notorious scam group. In fact, the name of the business let me bring that to the front again. Name of the business is VRM Business Services, and they were one of the biggest scam operations in Kolkata or Kolkata in India. And this is the guy going into the offices. He's got a little camera in his top lapel pocket. And, obviously, if he was discovered filming, I mean, goodness knows what would happen to him. So he's very bravely going in past the security here, and he's going to film his interview with VRM business services. I've kind of kept this back because I've exposed this group in the past, and I fully expected them to go, hey. We're a legitimate organization. You know, how dare you pick on us for running scams? We aren't like that. Because as I said before, this group deliberately run a legitimate org organization, a legitimate process alongside their scam operations. And that way, they can kinda cleanly launder money. And if anyone did come in and raid them, then they could point to all legitimate work they're doing and so on. So I'll kinda zoom past this one. He he actually goes into you'll see, for example, the VRM logo in the back here, the security part, but he's still filming. And I'll cut back to the slides because he's going to be brought into an interview room, and the HR lady, yes, they have a HR service as with any normal organization. And she will ask him some questions, the type of questions you would normally hear in one in a normal interview, but notice the terminology they're about to use. They're going to ask, for example they won't mention the word scam. There's an unwritten language that they both understand. And as we as he goes into the scam office, you're going to hear him use some of those terminology. So listen carefully to this. It's subtitled because it's a little bit difficult to hear, but I'm just going to play a little clip where they kind of acknowledge a scam goes on without using the word scam. So have a little listen to this. So like I say, note the terminology here. Yes. These are technical sales, Amazon, you know, refund, and all the all that stuff with the Tech support on date first? Yes. It was tech support. Tech support. Yes. We are telling taxes. What is taxes? Oh, it's it's technical support. I'm sorry. Fine. We also have the same process. You have experience in refund? No, ma'am. I have we have we had that refund process. On the refund process, if you don't know or not familiar with that is, this is a refund scam where they accidentally seem to put too much money into somebody's account. They'll say they'll send you a fee invoice, you spent two hundred dollars. They will get remote access to your computer. They will right on your bank account. And when they say they're going to refund you, what they're really doing is doing the old right click, inspect element, updating it not to two hundred dollars, but to twenty thousand dollars. And then they'll say, oh my goodness. We've given you too much money, and you're gonna have to pay us back or I'll lose my job, and the sob story will start. And I'm sure, again, that is exact although they haven't used the word refund scam here, it's a refund process, there is an unwritten language that they both understand here. So, again, the the director of this operation has been arrested, thankfully. But, you know, this is the kind of competition that you may well see that is operating against your business. So, again, I know that's something that Huntress and your own organization can help with to an extent, I think, John. Yeah. Watching the video is just crazy. They don't even say the word. The the double speak, right, when they kinda skirt around the word scam. You know, one thing that we do, right, for the endpoint detection response efforts and the big side of huntress, we're protecting a boatload of businesses. But, look, how scammers ultimately kinda gain access to your computer. Right? And then they do that, oh, HTML element inspect, tweak and tune the number to make it look crazy. We're we're really trying to keep an eye on, okay, what's normal in your environment, especially for tools that give that sort of control? We talk about remote monitoring and management solutions, things that have, oh, the connectivity to see your screen, to use your keyboard and mouse. If we're looking for stuff like TeamViewer, UltraViewer, AnyDesk, ScreenConnect, right, that list is a laundry list. But those are the things that we wanna know, okay, what is intended to be inside of your environment? And if we ever see some of the strange, random, rogue, different connections that are unexpected or even when scammers leave notes in your notepad. We've told that story before as to, hey. They they said our our phone call dropped. Let me call you back. Don't talk to anyone else. All the things that they do to keep you brainwashed when there are real forensic artifacts kind of on disk, right, Huntress is still gonna hey. Monitoring and triaging and bubbling those up so that we can help spring into action and save the day. But it's wild that, hey. We're kinda going toe to toe with the adversary, hacker, scammer, fraudster, threat actor, whatever the case may be. Yeah. And, like I say, this is sadly, this is quite a I mean, this guy could have gone into multiple organizations. Even in that area alone, there were at least ten or twelve different call centers running similar scams. Should we say this happened to be one of the bigger ones? I'll I'll skip past this one because there was one thing you mentioned, and that was AI. And I think we well, I I've you know, I don't think any webinar would be complete without talking about what's going on with AI because, of course, fraudsters, your adversaries, and, hopefully, you guys as well will also be attempting to use AI in a way that benefits your business. But, of course, your adversaries will try and use AI against you. And I think, John, that's that's one thing that I know that your own business is encountering time and time again. Yes. Without a doubt, we have seen, we are seeing. I know there's a conversation. Oh, is the world changing? Look. No. The world has already changed. I think threat threat actors and organized organized cybercriminals were kind of, I gotta say, the earliest adopters and maybe first movers to leverage artificial intelligence, but we're all over it. Like, Huntress is really leaning into this because, for the longest time, we have been and we still are like, one of the big things we pride ourselves on is a managed security operation center. So twenty four seven, hey, threat hunters and analysts that are all over the world, we fall in the sun, and we that's all funneling up through people, to human beings, to real expertise and real human eyes. But Yeah. We know we now have threats that are moving sort of at machine speed. They're leveraging AI to pull off these attacks. So we still wanna keep being tiptoe, toe to toe with the adversary, and we wanna keep up and keep pace with them. And that's what we are doing. We really believe, hey. That, agentic sock sort of humans and AI together kinda joining forces in a really cool way. But we see it both for, yes, our defensive work and the offensive hackers doing damage. One thing that we're doing, like, right now actively internally, we've kind of got our own little rapid response process happening. We're seeing widespread phishing attacks that are just fanned out with threat actors prompting for infrastructure to come up and then do some of the, you know, classic adversary in the middle, intra ID takeover attacks. We've got some really cool blog posts and some material coming up on that super duper soon, but it's it's happening right now. It's real time. That's the world we're living in. Yeah. I mean, I see that as well. And sadly, over the last couple of years, it is one thing that I've seen well, I mean, I have a few examples on these slides, and I'll I'll talk you through some of them. This is this is what I have seen personally just in the last year. Now remember I mentioned that I engage with the people who run those kind of fake investment sites. One of those people sent me her passport, and I know this is actually something you actually tweeted out just before our our conference. So some people will recognize this slide. But this is something that somebody who called herself Margaret Marshall sent to me to convince me that she was real. Now it used to be that I could take the photograph that's being used in this passport, run it through reverse image search, and you would find the real person behind it. But, of course, these days, it's so easy to create a fake image using AI that that's just not possible anymore. But there is a level of sophistication. This isn't just a a Photoshop version of a passport. This is something where, at very least, it's been edited using Photoshop, but then a real or some sort of passport has been printed, and they have taken a photograph. So all of the metadata, for example, will be there that you would expect a normal photograph to have. It may even have a United States location because they've convinced somebody to take a photograph in a in a location maybe in New York because this person is claiming to be from New York. And when they sent me this, I had to scratch my head. How's is this a victim passport? Because it looked too real. But, no, it is a Photoshop version of this all to convince me that the person is real. And the the the fraudsters are getting more sophisticated. And the other thing that I mentioned at the very start was just before this call, I had a scammer who was willing to join me on a Zoom call. And I'm seeing this a little bit more nowadays. They're not afraid to join Zoom calls for the very reason that they are starting to use deepfix to convince people. Now you've probably seen deepfix before. There is something I'm going to show you here that you may be able to use as a way to kind of figure out whether this is a deepfix or not. So this is a personal Zoom call. Let me just share this first of all, and I'm going to unmute it face anyway. So you'll hear my voice on this guy. I want you to look at two things here. One is the office that he's in. It looks a bit fake, but very shortly, you'll see that it's not fake. But I also want you to look at the little bit of hair on his top right or left as he's talking to me. And I'm going to give you a hint about if you're ever on one of these Zoom calls, and I'm going to ask him particular questions that will figure out whether he is a deepfake or not. And have a listen to what I'm this is only two minutes, less than two minutes, but I do want you to have a little listen to this. This may be of interest to you. Thank you very much. Thank you. You So are you with them on a on a computer or just Yeah. Not a computer, but it's kind of an old computer. You have a a nice office there, I must say. Alright. Yeah. I mean, it's pretty good. It's pretty good. Are you at home right now? His lips Yes. I'm at home. Lying. Getting a little bit behind what he's saying. Great. How do how I know you're not some AI thing? What what what how would I be able to tell? Here, man. Here. Oh, is that sorry. Can you hold that up? It's not AI. Can you Yeah. Of course. But it's not his name. That's a That's our director. Oh, I see. I thought it would be your name. No. No. No. That's our director. We have a multiple. You see all of them here. Oh, I see. Go, Ronnie. But but, you know, it's in What's going on? Way of telling whether you're real or not. Can you, like, hold up three fingers in front of your face or anything? Oh, come on. That's too much. Oh, you don't want to do that? The three fingers in front of your face is deliberate. So What do you mean? I mean, that's too much. Come on, Ronnie. Why would it would it affect the AI if it was in front of your face? Well, not at all. You can hold it up. Hold here. Much to ask somebody. Making sure you're not AI is not unreasonable. I mean, can you do that in front of your face? Well, I think that that's too much to ask somebody. Don't you think that? No. I don't think it is. If I'm making sure you're not AI, I think that's a reasonable thing to ask. Can you hold up three fingers in front of your face? Well, I think that well, is that enough? No. It's not in front of your face. He's really doing his best here. That's too much, don't you think? Yes. It is. Because, you know, if you were real, you would put up three fingers in front of your face. Yes. And of course, he then exited the Zoom call quite deliberately because, you know, I was asking him just to do this. So if you ever if you're ever in any doubt whether someone is using a deepfake, that's quite a good question to ask because you can see him squirming on that one. So yeah. Like I say, that's one way of combating them. I don't know your your thoughts here, John. I mean, I'm sure everybody has seen deepfake videos at this stage, but it's kinda nice to wind them up too. Holy crap, Jim. That happened just before this call, didn't I? Yeah. You came on when we were, you know, getting prepped, getting ready to go live, and I wanted to, again, maybe break the fourth wall because Jim was like, can we show this? Is this cool? I'm like, absolutely. This is insane. I know it's one thing. Hey. We see some pictures of old deepfakes out and about in news and articles, but being able to see and hear you and have this conversation, and that's that's you in the call and hysterical and insane. No. I I that's too much. You know? You wouldn't ask someone of that. And then they just rage quit. Oh, of course. Yeah. Yeah. I I was pushing it too much. So we're like, the guy, you know, just just you can do it to here. Why not do it just here? You know? It's not unreasonable to ask, but, no, he wouldn't do it. He definitely didn't wanna show his face. I I can tell purely because he volunteered at the Zoom call. So, obviously, he has been set up. You know, they they've got their whatever software they're using to do the kind of overlay of the face, but it's only the face you could see him reach behind everything Yeah. That was that was working. But The fingers in front of the face, that is a good way of seeing whether it's deepfake or not. Thank you for covering those, especially. I know we're gonna have a whole ton of questions, and please don't hesitate. Keep them coming. I think it would be awesome for us to dive into, hey. What are some of the tells? How do you identify this? How do we I don't know. Get back in action. How do we fight back against scams that are targeting you, your business? Strangely, it is just what I want to talk about because AI is one thing. It's not just about your adversaries using AI, of course. Your own business, I'm sure, will be using AI to an extent. I I'm certain Huntress is doing this as well, but fighting AI with AI is always a good thing. I'm going to talk about one of the characters that I use. So I give myself several aliases, and one of whom is called Orson Cart, and Orson is an older gentleman with cat pictures on his desktop. So whenever scammers connect to my computer, they see lots of pictures of cats. They've got kind of a a large background. This is my AI face of the guy whose pic photographs you'll see if you ever connect to my computer. He has his own electricity bills in the same way that your fraudsters will kind of, you know, impersonate people. I'm impersonating a victim here, and I have my own fake passport. You saw a better version of this from other scammers, but I have my own one with Orson Cart in here as well just in case. But sadly, even though I'm using AI in kind of a basic level, unfortunately, I do see the fraudsters upping their game with AI. And one of the annoying updates that they have is the fact that they'll use it for robocalls. And I'll play a very quick clip here, but this is what I'm beginning to hear when it comes to normally, you saw rooms full of people making those robocalls, making those fake calls. This is what I picked up the other day. Hello? Hello, Ronnie. This is Sydney calling from Mempool. How do you feel today? I I'm okay. I'm okay. And you'll get the gaps between sent Reason of my call is that you have initiated a withdrawal request. So did you get your funds? And, again, I'll pin I'll ask her what do it to repeat things. So, obviously, this is a bot. Of course. The reason I'm calling is because you initiated a withdrawal request. Sydney. Sydney. Can you hear me? Yes. I can hear you clearly, Ronnie. You can hear the beep sound like a bot. While accused of being a bot and what our answer is is I understand that, Ronnie. Well, are you? I'm a see No, Ronnie. I'm a senior support agent at Mempool. I'll not play anymore of that, but you get the idea. And the only reason why I knew immediately that it was a bot or an AI voice was it had an American accent. I don't normally get people using American accents. Or if I do, it'll be one of those kind of speech to text to text to speech type audio messages, and that's as much as it goes. So, anyway, that sadly is going to be the future of robocalls. They will get quicker. And I know that AI, of course, is getting more sophisticated, so those are all telltale gaps in the conversation. That will change soon as well. And it will be harder to spot whether you're speaking to a bot. That's all I comments on this. Horrifying. Yeah. I mean, that is both scary. And, like, I know we, you and I, and everyone tuning in, like, we've got context. We knew, okay. Sure. That's a scam. That's fake. That's that's AI. But for mom, dad, sons and daughters, grandma, grandpa, coworkers, peers, and colleagues, if they just you know, we're trying to be polite on the phone. You let the other person speak, and we could catch the oh, sure. They got literally truncated and cut off in their sound clip and the the real time processing to wait to get a new response after it's parsed and proceed. But other than that Yeah. You would be convinced that that sounds Yeah. Definitely. Yep. So That does anyway, we're we're kind of approaching the end of this. There are other ways of fighting back. I am currently working with a group in in the UK, who have created something called Daisy. Some people in Skull may have heard of this, but I'll let Daisy introduce herself. This film isn't about getting scammed. This is about getting even. Meet my friend, Daisy. Hello, scammers. I'm your worst nightmare. I'm an AI created by o two to waste phone scammers' time. So w's then a dot. Three times w and then dot. I think your profession is bothering people. Right? I'm just trying to have a little chat. It's nearly been an hour for the love of Gosh. How time flies. It's showing me a picture of my cat, Fluffy. It's showing you the picture of your cat, Fluffy. So you get the idea. And, you know, again, just to have somebody like Daisy answering scam calls is a big victory. And the reason why the cell phone company wanted to do this is actually not only is to showing off the technology, but they have a load of phone numbers which are genuinely not connected to real people. So if they can divert the calls to Daisy in this case, they will actually make the revenue from those calls. And they're looking to see, for example, if you get a someone that you know sounds like a scammer, you can forward the call to Daisy and have a little listening to it and kind of amuse yourself that way. So it's kind of a win win. You're you're wasting scammers' time, and the mobile company who are developing this can make a little bit of money from it. So always good thing to kinda keep scammers at bay. So I I any more thoughts on AI, John? Well, one of the wildest things. Right? I know when we're sort of putting robots against robots, putting them together like this, if it ends up wasting scammers' time and I know that's exactly what you're up to in scam baiting and this whole effort. But Daisy and a solution like that, there's a funny line. I know she says, like, look. I've got all the time in the world. I'll I'll just play it up because that's just what she's gonna say. Got it, dear. Because while they're busy talking to me, they can't be scamming you. And let's face it, dear, I've got all the time in the world. That that that just sums up Daisy exactly, and and, yeah, I'm all for that. There used to be something called rescan. In fact, rescan is still around, and that's used for emails. But only emails, you can forward your email to me at rescan dot org if you wanna look that one up. So if you're getting email scams, that's one way, but this is kind of the the voice equivalent of rescan. Well, honestly, Jim, hey. Thank you. Because I know there is a real community, of folks that are kind of willing to go into this effort. And we've been together with a handful of other creators like yourself, Skip or Payback. We've seen, Pleasant Green and Kit Boga. I know he's building his own army of these, robot calls that can help fight back with AI. And it's really inspiring, especially to us because we're wanting to and we're diving in. We're all over AI to go toe to toe with the adversary. You know, we're protecting, like, over ten million identities, over at Huntress, and that's an incredible thing. But I know when I say you or I or scammer payback or Kipburger or members of the community, hey. That's awesome. But it also can't scale between just the one person. Having this extra automation, having together supplementing human and AI in the agentic world is is pretty cool to bring this all together. With that, I think we've got a little extra fireworks that we might be able to showcase if you are willing to keep hanging out with us for a little bit past the hour. I know we have, Jim, I don't know if you'll believe it, like, three dozen questions in our q and a pool. It will be a lot to talk about. Oh, that's good. Yeah. For folks that are willing to hang after the hour with us, we'll absolutely dive into some of those. But, we can pull up my slides again real quick. I do wanna get us to the end, clean this thing up to fit all in for the top of the hour. Let's celebrate that sweet giveaway and the big winner. I don't know if you caught it. Maybe a little bit of a secret, but when we popped up that poll, we wanted to see, hey. Who is willing to jump in and be part of the conversation right away? So, hey, today's winner is Adon l or Adon l. First name, a d o n, last name with a initial of l. We'll be reaching out, after the webinar to get shipping details situated, but thank you so, so much. Thank you all for being here. And I do wanna let you know, Declassified. Right? That was a cool new fun series and series premiere that I'm so thankful that you all joined us here for. Look. We wanted to talk about your hidden competition, and I think we're keeping the party going now with maybe some self fails. But Truman Truman Kane, our principal product researcher, will be showcasing that. Coming up next, the second segment episode two of Declassified on May twentieth, and the title, your breach is on the calendar. So big props. I hope you tune in for that. I think we've got some more polls running around to let you learn a little bit more about Huntress and see how we could join in the fight. But, Jim, can I ask you again? I I'd love to just get your honest take. We reached out. We wanted to spend some time with you for this incredible show together, but what do you why were you willing to do this thing? Why why Huntress? Can I ask you? Well, I mean, obviously, the the massive massive pay for it. No. Only joking. No. We're we're in this it's a common fight, and that is the real reason. My YouTube channel is all about education. And, honestly, for me, being an engineer and listening to fellow engineers, I'm guessing a lot of people who are on this call are also, you know, tech guys, IT guys, girls. I find scams, scammers, and digging into this sort of material fascinating, and I think that's probably the reason why a lot of people are here. Understanding your opposition, you know, going toe to toe against the people who are trying to decimate your business, who are trying to attack you, is always going to be interesting. Unpicking them, I always find fascinating. I hate to say this. Have a sneaking admiration sometimes for people who run those scams because you could be doing a normal job, but instead, you think you're competent enough to steal money effectively from other people. And that mindset fascinates me, and that is part of the reason why I got into this. I can't understand why you can't use the Internet for good. But if there are people out there who are prepared to attack you, attack your systems, your business, the best way of defending yourself is to understand how they do this, who they are, and how they work. And if you understand all of that, you're far better able to protect yourself. And that's exactly why there's so much overlap between what you do, what I do, what Huntress does. And I think just to have this as a as a team effort, if you like, to say, this is what really happens in the real world. It's always a good thing to do. So, yes, it was just the short answer is overlap. And thank you. Thank you for helping to shine the spotlight really on what we consider, you know, that your your hidden competition, and it's a whole attacker business model. I'm hoping this is still stuff that you could bring into, I don't know, board meetings, budget conversations, like, knowing what the threats really are that are out there. And we don't mean to bring this to you all as, like, a fear by any means. That that's not that's not the goal. It was constructive urgency. We want you to know what you're up against, and I hope you've been able to get some extra insight on that with all of the things that we got to see today. So, hey, please don't just hang out in the chat. We do wanna let you, hey. Join the party. There were some sweet Huntress demo things if anyone wanted to learn a little bit more out and about. But I think we are at the top of the hour, Jim. I know we wanted the main course, the entree for our show to be tight and cutting it in there. But with, holy cow, forty five questions now in our q and a, would you like for us to Yeah. Show any more of your visuals, show any more of your bonus content, or should we dive into questions, or what's the plan? Mean, I'm I'm happy to do I have, like we were together in a room last year. I do have a little bit of video where we kind of collaborate a little bit on that. But, honestly, I think given that there's so many questions, I think we'll maybe dive into the questions. I will try and answer them. If we run out of time or people get a little bored of what we're talking about, then I can show them a little live demo or live demo from last year at least and have a bit of fun at a scammer's expense. Any questions that stick out to you in your mind already? I'm just scrolling through them here. I noticed Daniel Rock is saying we he needs my biometrics to prove I'm the real Jim Brown. I'm hoping my voice will do it, and I'm able to hold up the three fingers as well even though I'm in disguise. So hopefully, that covers that one. I'm just scrolling back through these. Right. Interesting thought. I I see one of them from Kevin Walker. Interest in Jim's thoughts on Mohammed Mazir Red Bull on people being forced to work in scam call centers. This particular one and I know that you have your interest has dug quite deeply into quite a number of what they term pig butchering scams or pig butchering is a term just used for a cross between both a romance scam and an investment scam. And, sadly, the a lot of the people who are involved in those scams are human trafficked. They are literally sleeves to the scam call centers. And what are my thoughts on it? Well, my thoughts are this is an absolute disgrace. The people who are being forced to work there are being forced into this. So there is no way that I can directly blame the people who are trafficked to do this. I have personally been involved in closing down some of those scam call centers in or the one there was one two years ago now in Dubai. Now that happily, most of the people over there weren't human traffic, but they were taken advantage of, shall we say. And I worked with the police in Dubai to help bring that down. So what do I think of it? They're a disgrace, and I would love to do more on them. But they're notoriously difficult to shut down because they're literally in war zones. So, yes, I'll still try and do my my bet from that too. Don't know. Any thoughts from yourself, John, on this? Or No. We had a webinar previously, a time with Red Bull that was just Yep. Moving, kind of the gravity of the situation. It was with Andy Greenberg. It was with Jen Easterly and Kyle Hansloven, right, CEO over at Huntress. But I I can't say any more than that they already have that. Please do tune in to the recording or check that out because there's so much there. But I would not do it justice. The it is a certain thing to see for yourself. Yeah. Yep. I've got another one. A lot of scams call center videos when you guys get in and break their stuff. There are other scam beaters who do actually break their stuff. I tend not to because what I try to do is actually get the police, the authorities involved, and get them raided. And it is far better to have an intact scamming PC sitting there as evidence than it is for someone to go in and destroy it. Now that said, sometimes the authorities are not interested at all. And, possibly, I can see justification in destroying PC if I thought that it would do a good personally, I don't do that for that reason that I am hoping the police will turn up. It's far more valuable if it's intact. I don't know if there's any any questions which jump out at you there, John, as well. There was a silly one. Hey. How often are you recognized by scammers or groups before you are too often in the mix? Thankfully, because of this, it's only my voice. But believe it or not, there are people who recognize me just from my voice. And I do have a it's kind of hidden away here, but I have a voice changer. When I talk to a lot of scammers, I'll sound like an old lady for that very reason. Downside with a big YouTube channel is you do get recognized if only for your voice. Would you be willing if you wanted to pull up any of the extra extra bonus content? And again, huge thanks to everyone still hanging out with us. I know this is, after show. We're letting our hair down, But if we've got some more fun, let's do it. We do. Let me just reshare. I will and I can give a little bit of background context while you're pulling it up if that's a okay. Yep. Yep. Hopefully, you can see this one. Jim and I and I am just so grateful. They let me kinda join the party, really just fly under their wing because they're doing the incredible work. But there have been some get together events, things like the people's call center, to be able to get all the great minds together to do some of this work to disrupt scams, to, stop and put a dent in their operations. But I I wanna be real with you. These are things that are trying to be preventive to scams and to save a victim mid scam. So we do a couple silly things. Like, there's some hijinks. There are things that are just intentionally maybe they sound and look goofy to us listening in, but they're very strategic and purposeful to save a victim so that the scam can't continue. But there are incredible people that we collaborate with, and I think you'll see Pleasant Green and some others that Yes. Showcase this in action. Yeah. Let me actually, just before we do that, let me show you the actual tool he's about to use. So yeah. I think that's safe. Let me just do that. And that this is the actual tool that he will use. Okay? And it has got a few functions at the top here. And one of them is the word listen. So I can listen in to individual calls. And when I do that, I can change the, basically, the pitch of the voice of the scammer, not the victim, but the scammer. And I can change them into a chipmunk, baby chipmunk, and so on. But equally, I can also mute the agent or mute the customer, and that is actually a very effective tool. Well, both that and the chipmunk. But you're about to see this tool being used live by our friend, the scammer well, no, Ben from Pleasant Green. And this happened when we were all together in last year's people's call center. So John and I were there and a few other well known scam bidders. So You might be able to see me cheesing in the background, but I had fun playing with the tools just well. You're you're you're there in the background somewhere. But, yeah, this is Ben of Pleasant Green. If you don't know his channel as well, have a look there. And he's using the tool here. Verify your details, and they will help you with the paperwork. I would request you, please do cooperate with the verifiers. The verifier might ask you the same question. Please do cooperate with them. You you you get the idea anyway. I mean, I could I could play this free. Just it it never gets old. Oh, did just hang up? But but that's the whole thing about it is as soon as you change their voice, not only can they not be understood, but they think it's a prank at that point, and most people hang up. So it's a very, very effective way of getting a scammer to to hang up without being obvious. And, you know, if we tore down the call, which in theory we can do, then, you know, they're gonna know something's up and things change. If you make them squeaky without them realizing, of of course, it's going to be really effective. So the the whole load of those, you can have a bit of fun at a scammer's expense. There's nothing quite making them sound like a chipmunk though to have a bit of a laugh. I I I enjoy doing that, and I know John, I think I think last year, it was it was good fun to be able to do that too. My favorite is when you turn the pitch down and they sound like a spooky, like, super low tone demon, and it does just Wait. Wait. We actually have one of those. I I think this one has a little bit of that as well. You. This is this time. Let me see if I can get one here. That's still that's baby chipmunk and there's baby chipmunk. Let me see if I have it. Yeah. Back to human. No. Maybe I haven't got that one. But, yes, as you say, we can alter the pitch, and you can make them sound like a demon or worse. I'm just as happy tell you. Always good for a laugh, but, yes, that that's exactly how we do it. And thanks to the author of this. This is when we got together. The person who wrote this little tool was actually there with us and was developing the tool as we were there. So many thanks to the author. I'll I'll not name the author, but, yeah, I will say it was good fun to use it. Well, Jim, I know we're about maybe ten minutes or so past the hour. Any other questions that are coming through that you tend to see that look really good? I know a lot of folks might be asking to learn a little bit more about your tricks of the trade. I know how not everything that we could particularly say or talk about, but even some of the more defensive things of, hey. How do you identify this? What's the telltale on the call? What's the indicator that, hey. This could be a scam. And for the folks that are still with us, I really wanna drive the point home. I I think sometimes, you know, we might think, look. This is something that affects an end user or an individual, but it bubbles up. It it boils to a business, an organization because think of, even just, oh, hey. Getting something done on your work computer. Maybe you got a shared device. Maybe some things just intermix and bleed together for business and, individual, and business email compromise is still something that opens the door for a much wider blast radius. You understand? So Yeah. Yep. So yes. And I'd just like to thank you, and I know there's loads and loads of questions in there. I know I can't possibly get through all of we've now gone up to sixty. Yeah. Yeah. I'm just having a look here to see if there's anything. I'm yeah. Again, I appreciate everybody who actually tunes in to this sort of webinar because it's good to spread the word, and you guys who are in the webinar are equally responsible, whether it's for yourself or for your organization or for your family and friends. It's just good to talk about these things. So, you know, mention this to other people. I think the webinar will be available online, I think, as well, John. Is that correct? Yes. We'll be sharing the recording and all for everyone. So we'd absolutely wanna make sure this can be well known for what we got to see here. Thank you. Yeah. Yep. Okay. Thank you very much. Well, thank you again again, everybody. I won't keep yapping for the sake of, oh, ad nauseam talk, but this has been a real treat. I hope you tune in to Declassified episode two next time around, but thank you. Thank you all.

Alright. Welcome everyone to Declassify episode two, unfriendly followers, the black market for your identity. I'm my name is Truman Kain. I am a principal product researcher here at Huntress. In past life, I conducted authorized social engineering attacks, against all types of companies, small, large. I posed this IT. I've, gotten people's passwords over the phone. I've gotten into buildings. I've stolen sensitive data. I've sent millions of phishing emails at this point. Maybe some of you on the on the call received them. Sorry. Hopefully, you reported it. Now, of course, to help people defend against these attacks here at Huntress. For anyone new to Huntress, we help businesses stay ahead of cyber threats across endpoints, identities, logs, and humans through our security awareness training. The identity piece, though, is especially important today. As I'm sure you know, adversaries are increasingly going after people first, but they're using things like stolen credentials to turn your identity into access. So while we're going to be talking about OSINT and what attackers can learn about you, we're also talking about why identity has become such a valuable path into the organization. I think I was supposed to have this slide up while I talked about myself. But we are also joined by Jai Mitten. Not just gonna be me today. Jai Mitten is also from Entrance. He'll be joining us for a couple of segments. He's an absolute wizard. Hackers literally fear the guy. I'm not kidding. He's that good at threat hunting and detection engineering. And, of course, we are joined by our very special guest for the day, the one, the only, Caitlin Sarian, otherwise known as cybersecurity girl. Caitlin, I'm sure just about everyone here is familiar with you. But in case some viewers are not, can you tell us a little bit about yourself and why today's topic is so important to you? Yeah. Hello, everyone. I'm so excited to be here and joining the Huntress team. This topic is so important to me because this is literally what I talk about every day on my channels. The whole point of why I started Cybersecurity Girl, one of the three reasons, was to educate the public on how to be safe online and look out for scams and how they can take simple steps to protect themselves, and it's not supposed to be scary. I felt like, know, five years ago when I started this, everyone was like, oh, so scary. All this stuff happens and, like, doom and gloom. And, like, the whole point is, like, yeah, there are scary things, but if you take the right, like, steps, you can start protecting yourself from majority of the scams. And so I love being able to work with you guys because, you know, you guys are able to show kind of what the hackers and get get into the hackers' minds because I was never an ethical hacker. I did some ethical breaking in from consulting standpoint, but I never was an ethical hacker from a hacking standpoint. So I love being able to have that, like, yin and yang of, like, you guys are showing what hackers do and how they can get your information. And us me just kind of going in and saying, like, yeah. Well, this is also all the open source intelligence and all the open stuff that anyone can get to, and here is how you can protect yourself. So I'm very excited because we're gonna go through everything, and, yeah, let's just dive in. I'm very excited as well. We're so happy to have you here. And before we get started, we are going to spend the next hour, roughly, talking about digital risks. So we figured, hey. Let's add a little analog fun to the mix. So we are giving away not one, not two, but three Polaroid cameras. How do you win? Very simple. All you need to do is engage and chat. We already see a bunch of you who are already eligible. Ask questions, leave comments, and at the end of the webinar, we are going to choose three winners and get these shipped out. Okay. So now I think it is time for us to kick things off with a segment from Jai. As I mentioned, he's a brilliant cybersecurity practitioner. He is really gonna set the stage for what we are covering today. I was targeted by a fake recruiter. They sent an email. It was a phishing email. Luckily, it wasn't successful. But I wanted to touch on a few interesting parts of this email. First off, it was sent from Gmail. This is very easy to register. They don't need to spoof someone's email that might be caught by DKIM, DMARC, or other types of security technologies. It was destined for my work email. So they obviously knew the email naming convention used by Huntress. They were posing as a legitimate recruiter using some flattering language to try to build up rapport, setting the stage for a sense of urgency, throwing in some more flattering language, and even including some sort of incentive for me to respond based on real data from a trusted third party. All of this to have a quick chat and share details. Two minutes later, they hit my personal email. It's an email that's come up in data breaches before tied to my real name. In fact, none of my online accounts use this email. Now I will call out that this email is rendered in plain text, so this link here is actually the legitimate Palo Alto logo that you can see contained within a mail signature, and it also contained a resource for tracking if someone opened up these emails. They wanted to ensure whenever someone opened this email, they would be notified that this has happened. OSINT and information from data breaches or data aggregators has likely been used to come up with this identity that is Jymington to be able to send this email. Now what was the end goal? Well, it was information and money. They impersonate Palo Alto Networks acquisition staff, so recruiters. They are scraping LinkedIn and targeting senior level professionals to create highly personalized lures. Anyone can impersonate you or your contacts to gain trust with you, but you're not always the end target, and what you share online is valuable to an attacker. So regardless of the technology used, if someone is using trust, urgency, and some level of personal context, this can be the difference between a successful, sophisticated attack and a failed scammer. You know, what's crazy to me is not that this happened, but just how frequently this happens. It's it's it's literally happening every day. So to everyone watching, throw it in the chat. Have you ever received a message like this? Any sketchy outreach from recruiters? Anything weird on LinkedIn? We would love to hear about it in the chat. And while that chat is filling, Caitlin, I'm curious, have you ever gotten a message like this? Someone posing as a recruiter or anything similar to that? I I get them, like, all the time, and I feel like everyone I mean, maybe not all the time because I've tried to wipe my information from public sorts sources, so I don't give as much as I think a majority of the people. But, like, my fiance, my my family, they all send me messages, like, and sends them to oh my gosh. You got another one. I got another one. And I'm like, just don't respond. Don't click. And by the way, if you're getting these, report them as junk. Don't just delete it. Reporting them as junk actually helps, like, the companies like Verizon and AT and T, all the cell companies actually start blocking it for other people if enough people report it as junk. So they'll they'll use that number, and they'll block it saying this is used as spam. So don't just ignore it. Delete it and report it as junk. That will help a lot of other people. That's a great point, and that even reminds me at which it sounds like you may be referring to in part is, you know, nowadays, they're moving off of emails into text messages. Oh, hey. We we I'm a recruiter. They'll send an image about some job and how the pay is astronomical, and all you need to do is join this WhatsApp group or what Whatever it is. So like like you mentioned, reporting is junk, whether it's an email or a LinkedIn message, or a text message. Great. Yeah. And and companies also allow you to like, for your company, most companies will allow you to report it as spam. So then that company can then review and then block it from going to other people too. So it's not just on your phone and text messages that you can report as junk. You can report it as spam through your company. You know? There there's a certain way that you can do it through your company, and I definitely would suggest doing that too. Don't just delete it. Definitely try to report. Great points. Awesome. So let me see here. Jai just set the stage. Let me find my notes. K. Jai just set the stage with the phishing attempt, against him himself. What I'm wondering what you may be wondering is how the scammers got this information. How did they build this campaign against him? They knew a decent amount of information about him. The answer is open source intelligence. For those of you I wanna hear how you describe it. How how do you describe open source intelligence? Throw it in the chat. And while you do, I'll kinda break down how I describe it, which is information that is widely available, actionable, and can be used to achieve a goal. You know, it doesn't always need to be used for bad. You can use OSINT to snag a PS five during the release. You know, that was a few years back at this point, but the point is OSINT can be used for good and for bad. What we're talking about here today is OSINT being used for bad. And as you can see on the screen, attackers are collecting and analyzing the information. For example, the things you see on the left, that helps them conduct attacks like you see in the middle. And, of course, they're doing it for an outcome, the things you see on the right. So in a little bit, we're gonna actually show you an interactive threat simulation we created as part of Huntress managed security awareness training where you get to actually be the attacker and use OSINT in order to compromise the target. You're also gonna get free access to it so you can play through it yourself or send it to employees, friends, family, coworkers, whoever you want. It's pretty cool, so stay tuned for that. But some people are under the impression that in order to collect OSINT and use it against the target, you need to head to the dark web. You need to put on your hoodie, say your prayers, head to the dark web search engine into breach forums as you're gonna see here. So they think you need to go to a data, I mean, website. You need to find breach forums, And you need to, let's say, try not to get banned in the process or have FBI banned pull up outside your house. You're gonna find breach databases, all sorts of various leaks. You're gonna find gigabytes upon gigabytes of emails, passwords, accounts they unlock. Maybe you'll find a nice bundled up list of French bank customers, top secret missile documents, semi private jet info, or you run-in the middle millions of Instagram and Facebook records. And while it is true that things are nice and kinda bundled up on the dark web, attackers don't actually need the dark web. Why? Sometimes all attacker needs to start building their dossier on you, we're gonna use that word a lot, at least I am, is to head over to some places that you and I can access at any time, like LinkedIn. So this is a real life look at OSINT. I can go to LinkedIn. I can type in first day, hashtag first day, new job, whatever it is. In the LinkedIn search bar, I'm able to find a post many posts about somebody's first day on the job. There are literally thousands like this every day. So I'm able to see their job, their past, where they've been, people they know, and start to, again, build out that dossier to be used against them in an So as you can see in in this example, it is trivial to, within minutes, have a very have very personal information about someone who is already vulnerable. You I'm sure you're thinking, okay. Sure. Anyone knows that you can find a name and find a phone number and find an address with some exceptions, people who have gone out of their way to remove that information online. But this person just started a new job. They're not yet familiar with the security process in place, and they want to do a great job. And now I have their phone number, their address, etcetera, to use however I want. So, Caitlin, I'd love to hear from you. What what is one way that people can stay safe if they're posting about work, like a new job, and what is one way to to be safe if you're looking for a job? Yeah. I mean, I think it's the same kind of both ways. Right? So you always wanna think like a hacker. I always, like, put my hacker hat on or, like, a bad actor. Right? Like, I want to think, okay. If I posted this, what could happen? Like, who could have access to it, and what could they do with it? And same with, like, if, you know, I'm trying to get a job, I wanna do research on the the place I'm getting a job at. I wanna do research on the interviewer that I'm gonna talk to. I'm gonna do research on the HR person, and I'm gonna do the same thing that they're doing to me. Right? They're gonna be looking me up on LinkedIn. They're gonna look at my social media. They're gonna look at any open source. Like, they're gonna go Google my name. I should do the same. And so I would just be mindful of, like, all the little things that you, post because even if you're not a target for a scam, your stuff, your detailed information that you're sharing willingly to everyone could actually be used to target other people, and we're gonna go through that in a little bit. But just be mindful of what you post and do the research on on them as they're gonna be doing on you, hopefully. Yep. Great points. Okay. So let's get more into attacks. So a a nice continuation of that dossier we were just building out in our target in the last slide is a very simple attack, gift card scams. If you know what a gift card scam is, throw it in throw it in the chat. And what it is is really quick cash. The attacker is reaching out. Often, they know you're new. They although, you know, people can get gift card scam texts and emails all the time, but the ones that are really highly converting, which again, as an attacker, I'm thinking about this from a marketing standpoint. I want high conversions. I'm looking at it like sending down an email campaign, a marketing campaign for a clothing brand, for example. How many clicks did I get? What's my conversion rate? That's how attackers are looking at it as well. That that's why they're always tweaking and tuning campaigns to try to get the highest conversion rate they can. Anyway, they they reach out. They often know you're new. They ask you to help them with an urgent task. And within a few back and forth messages, it's it's literally go pick up some gift cards and review the the numbers. Now the key component here is they're often acting as the CEO. So you think people would not fall for it, but this is happening every single day. So another question for the audience. Have you ever gotten a text? I'm sure some of you I I think I see some of you already in the chat saying yes. But if you have gotten a text like this from someone claiming to be your CEO, let us know. And, Caitlin, while they're filling that out, can you take us through, like, maybe one, two ways you've seen attackers use social osint in the corporate world? Yeah. Well, obviously, we've seen the gift card hack, happen all the time. It's not really a hack, but, like, gift card scam. I also wanted to talk about the badge pictures that we see on the right of the screen because when we were you know, badges are a huge thing. Like, we used to do physical security tests, and I think you did too, where companies would hire us to try to break into their actual physical, office and see what we could get. See we would look at, you know, computers and see if there was any, username and passwords on a sticky note at the bottom of the screen to see if we could log in. We would look at what was printed on desks. We would try to find all this stuff and just try to, like, break as much stuff as possible and then walk out and see what information we got. Obviously, when you post the badges, it makes it a lot easier for us for that are doing physical security test to just duplicate the badge, put our face on it, and we don't look as sketchy walking into your building. They might not work, but, honestly, people let me tailgate all the time. I'm a nice I'm a nice girl. They think, you know, oh, she my her badge isn't working. I'll just scan her in, or I'll just open the door. So if if I had a badge like this, which I did, I would get in every single time without even having to scan it. But that stuff doesn't really happen anymore. Especially after COVID, we're not really in physical security offices. So we are now really seeing them social engineer in a different way. Like, for example, bad actors really can kind of be friendly with you on LinkedIn. Like, they can see, oh, it's your first day. Like, what are you doing? What are what's your role? Like, what is what's your goals? What do you have? Like, those are trying to figure out what access you have in the company, and that can even be a target for you. Right? Like, if you're, like, a a manager and you actually have admin access to a certain tech stack, then you're gonna be a bigger target because people are like, oh, well, then if she's an admin, I will if I can get into her account and I can specifically target her, I'll get admin accounts to x y z, you know, things. So you not only the badges don't really matter as much anymore, although I think we're going back into physical security offices. But what you need to start realizing is, like, everything that you post online, it's building a bigger and bigger profile on you. So it's not just LinkedIn. Right? You're like, even if you post a picture of your office, now they know where your office desk is. They know where you work. They know what time you're in the office, and you're just building a bigger profile, a digital footprint of you, which makes you a bigger target because it's easier if I'm like, hey. It's ten AM. I know she's in the office right now. She's probably sitting at this desk staring at this, and here's how we're gonna target her because I know she likes x y z from her photos. So your digital footprint is really anything that you're doing online. Right? Any account you download, shopping app, post, like, profile that you make. And the bigger it is, the lot bigger of a target you are. And, well, as we continue to go through this presentation, we'll talk about it a little more. And, like we said, we have an example at the end for you to see how easy it is to kind of take all that open source intelligence and really target you. So, yes, badge is not the best thing, to post, not as big of an issue as it used to be. But just be mindful even like, oh, if you say I'm a senior manager of x y z company and I manage this tech stack, like, you will be a target because people know that you have access to certain things that other people don't. So there you're always painting a bigger and bigger target on your back, but the whole point of this is to teach you what you can do and how to take control because everyone is a target at this point. It doesn't matter who you are. So how do you make yourself less of a target? Yep. Attackers, by and large, are looking for easy targets, looking for low hanging fruit. So the same way that people lock their front door, Hopefully, you all lock your front doors, not because you're just expecting at any moment for someone to try to come in and burglarize you or do a home invasion, but because it's like, it takes two seconds. And why wouldn't you? Just to stay a little bit safer. You know, you want to become a harder target because attackers are going to move on to someone easier, same way burglars are just gonna go to the next house that has an unlocked door. So that's kind of the the what my how I see kind of what we're teaching here today is just these simple things you can do to make yourself a harder target. It's not that you need to be super paranoid and you gotta lock everything down and you can't have any any life at all. It's just just do the things that that make you harder targets so that the attacker moves on to, the next victim. So at this point, we have established that while there's a lot of information on you publicly that maybe you've put out there on your own, not needing help from anyone else, maybe we can really boost our dossier by seeing if there's any breach data on you. And so as you're about to see, you actually do not need to be a hacking genius or even go to the dark web to acquire this stuff, and we're gonna show you. So I'm heading to dehash dot com. This is a website on the open Internet. I'm not on the dark web, and I'm searching in. Now this is gonna be sanitized, what you're seeing here, so I'm not doxing anyone. But if I were to search an email and click through some records, as you can see, there's five pages of data here. And I'm clicking through some records. Maybe the first one, okay, doesn't have a password. We don't have the the the gold yet. We just have a username. But I'm clicking through some different records, and now I'm starting to see some good stuff. We're seeing some credentials. So I add that to my list of of passwords to try. I see another credential. I'm gonna add that to my list of passwords to try. And down here, look, I see a social security number. Add that to the dossier. So we're building this picture of of and building these data points about our target that we can use against them. One, whether we try to log in to a bank using this previous password or whether we try to send a phishing email saying, hey. Here's a partial password to make it a phishing email super convincing. We're gonna use this information that we have. And and that is, actually, I think we're gonna get to that a little bit later, with this Shiny Hunters breach. But what you just saw was an individual targeted. An organization could be targeted this way as well. We could search tiktok dot com instead of a specific user's email address. In that case, it was a Gmail. But we could just put a domain in of a business, tiktok dot com, and see the breach data of TikTok employees and use that to gain entry. So speaking of, TikTok, and corporate, Caitlin, you used to work for TikTok, helping their corporate team stay safe. Right? What is the what is the a big takeaway from your time there? Yeah. I think the reason why I loved working at TikTok was because we got to be very creative in the way that we do things. We didn't have traditional training. And when they hired me to help with all the internal training awareness, and I also helped with external, like, teaching the users on the platform what they can do to be safe, I the best the best tip is to meet people where they're at. Right? And that's really one of the reasons why I started TikTok because I was like, okay. Yeah. I can make these training videos and post them on LinkedIn, but it's not gonna go anywhere. Like, where people are is on social media, and they're scrolling, and they want short form, and they want relatable, understandable, digestible, bite sized content pieces. And so I love being able to do that at TikTok. I mean, really, again, meet the people where they're at because no offense to most people on this call. I think most of us like cybersecurity, but a lot of people don't. And they're not gonna wanna watch a cybersecurity training video. So I think I that was, like, my biggest takeaway. Just, like, meet people where they're at and make it relatable and understandable for people because cybersecurity is needed for literally every person. Anyone that has any piece of technology, you need cybersecurity. It's not like a for experts only. It's for everyone. Yep. Totally agreed. And what's interesting is, like, I don't know. I'm a big proponent of starting people young, like kids and teenagers learning about cybersecurity because in the end, they end up taking that into the corporate world. The and the cyber hygiene that you have at home transfers over into work. Cyber hygiene you have at work transfers over into home. So you're you'll see a graphic coming up where these these personal and work life kind of intertwine, and so building up that cyber hygiene is extremely important, as you mentioned. Yeah. So another place that is ripe for information is corporate directories. Rocketreach is an example. Again, LinkedIn. Even sales enrichment tools. I've used sales enrichment tools that salespeople will use on calls to to have a really good idea of who they're talking to. Well, guess what? Hackers, that's like a treasure trove. Those are gems for hackers to use as well when kinda building that dossier and sending out a highly convincing whatever it is, any type of social engineering attack. So it's all about adding context in order to make the social engineering campaign more convincing. And earlier, Jai mentioned, that the attempt to phish him went to two separate email addresses. One personal, that had been leaked in a breach. The other was to his corporate Huntress Labs account. How does an attacker get this info? Takes two seconds. Head into head to Rocketreach, type in a company, and once you have the right email, there are a few things that you can do from here. You could hit the target with run of the mill fish. Hopefully, don't notice the sender. You know, there's there's the there's these common red flags. Like, is the sender off? Did you hover over the links? Did you check the URL bar? Or another way to go is something like device code phishing that you see on the right. So instead of the target needing to enter their credentials on your phishing site, all they need to do is enter eight characters that you provide them onto the real Microsoft site. As you can see there, that is the real that's not that's not fake. That is the real Microsoft site. You are entering the in entering in the eight characters that the hack that the attacker has provided you, and the attacker gets persistent account access. So now the goals have have shifted. Usually, we say the goals goalposts have shifted, and that's worse. No. For the attacker, the goalposts have shifted closer. Or let's say we wanna increase our odds even further, we can, you like, for most organizations, you can actually spoof the sender and deliver an email that looks just like what someone would be expecting. So the device code fish, like the initial fish that lands in the inbox, could look, for all intents and purposes, like it came from a coworker, an internal address, or maybe you're swinging for the fences, you're trying to get a routing number updated for a large wire transfer. So, again, just to break down these two examples, it's like like, you can go to d marketing dot com slash domain dash checker. You can enter in your organization's domain, and you can check unless like, if it's red or orange, what that means is someone can send in like, someone could send an email address to you that looks just like it came from a coworker of yours. It has the it the domain shows up correctly in the the front email address, or, you could you could send it like, you you could target a company and kind of do impersonation that way. Like, you don't need to get in and do true business email compromise. This is literally this is called email spoofing. And so what we've been building through this episode is exactly what we're seeing more and more of in our threat research and our SOC instance, hackers attacking identities to breach a business. So more data, as as I think I mentioned at the beginning, is stored in the cloud now than than ever before. Like, for example, if I have the choice between one endpoint and that user's access to their their company's Google Drive or their SharePoint, I'm going for the Google Drive or SharePoint because they have access to to everyone's info. Organizations typically are not super locked down with their with their controls and permissions in regards to files and folders and things like that. And Jai actually has an example of how this played out in two notable attacks over the last year. Sometimes it's about your identity and access. So not too ago, Jason Simon had his account compromised, and this led to the Axios supply chain attack. And they gained access to it his account by specifically targeting him. They masqueraded as the founder of a company. They cloned that company's likeness. They invited him to a real Slack. This had channels where they were sharing LinkedIn posts and talking like any business would. They scheduled a meeting to connect with him, and in that meeting, it said something was out of date on his system and that he had to install something. Now what he was installing was actually their backdoor. He describes this as an extremely well coordinated attack done in a professional manner. Now we've reported on something similar in the past. A cryptocurrency foundation employee received a message from an external contact. They were sent a link, a Calendly link. Several weeks later when they joined, there were deepfakes in that meeting. They wound up being told that their microphone couldn't work and they had to install an extension. Once again, this was where the compromise took place. Now we'll highlight that in both of these cases, this was an attack likely to have been perpetrated by North Korea. However, that's not the only threat actor that's getting involved in osin. Google put out a really good blog post on unk six six six one. This is a threat actor that pretends to be IT staff, calling employees at target victim organizations. What actually happens is that they're creating victim branded harvesting sites. So they know who they're targeting, and they're building the infrastructure to specifically target the victims they're going after. Then they register their own device for multifactor once they get on and move laterally to other software as a service applications where they can steal information. They're specifically targeting individuals via phone calls and video phishing to be able to gain access to specific accounts that are then gonna give them access to that organization. I was just laughing in the comments about saying one one way to test if someone One way to test if someone's doing deepfake, call it the John Cena the John Cena chair waving the hand of. I love it. I literally laughed at that too. Whoever it was, I was like, so smart. And they also must have watched your huntress declassified episode one. Yes. Because we talked about you guys talked about that on episode one too. Yep. That's right. I don't think you guys referenced John Cena, but I really feel like now you should go back, dub over, and say it's the John Cena method. I agree. I agree completely. So what we saw there were two it could be three depending on how you're counting attacks, but two specifically that had both endpoint and identity elements as many attacks often do. But these were highly targeted. The attackers knew a lot about who the victims were. They absolutely had the dossier filled out. I know it sounds corny to say that, but, like, this is this is what, attackers do, especially APTs and and, attackers working on very lucrative campaigns. And then the Axios case, which was a very high end, high profile case, the the attacker spent many, many weeks preparing. And in regards to the bad actors on video calls, it actually turns out that Jai's story is not so unique. We actually saw something very similar play out at Huntress not too long ago. So what you're about to see is real footage from a Huntress job interview, and I think you'll recognize the playbook pretty quick. Hello, Ryan. Hey, Andrew. What's going on? Yep. I'm good. I'm good. How are you? I'm doing good. I was curious real quick here, Andrew. I've got a little bit of a concern. I can't do you have your LinkedIn profile in front of you? Yep. Yep. Yep. I have. Well, I was curious. Are you, taking a look at the your LinkedIn profile's picture? Yep. Well well, it's it's somebody besides you, so I'm concerned. Like, who why is the picture different? Are you still there? Andrew, are you still there? Andrew was not still there. And if you didn't kinda if it did click, Andrew was a catfish. And I you know, we we asked, can we please show this video without the face blurred? We even wanted to show you the LinkedIn of the the real LinkedIn that Andrew used in the application. Looks totally different. Nothing like Andrew. Now we will never know exactly what this person's intentions were. Could have been corporate espionage, could have been financial gain, could have been something else entirely. But what we do know is they used publicly available information to steal and build a believable identity, and it was good enough to at least land an interview. And in many cases, these people end up getting jobs. So, Caitlin, I'm curious to get your reaction to this. Yeah. I mean, I I literally have seen this clip, like, eight times. I've posted this clip, and it's still like, I, like, laugh inside every time. It's the same laughter. Just like, this is insane. Like, this is a world we're living in. But do you know what's even more wild is, like, people are like, oh, it's just interview. This is really not. Like, this has been happening for so long. It's we're using other people's photos. We're basically catfishing. Right? Catfishing has been around. It's this guy used someone else's photos to catfish a recruiter and hope that it worked. And very interesting that you think that would it would work because, obviously, you look completely different than the photos. But if you're a recruiter and you're not doing your research, you're gonna you're gonna find or you're they're gonna pass through the the system, and you you're never gonna know. But, like, for example, ten years ago, when dating it or ten plus years ago when dating apps were first out, I had multiple people message me because my profile back then was public on Instagram, which I still have to have a public profile because now I'm an influencer. It's my job. But, like, I would for for sure lock it down. But when it was public, you know, I think it was years ago. It was my first thirteen years ago when I first started cyber, I had people message me and say, like, my my pictures were being used on dating profiles, and I couldn't do anything about it. I just tell them, like, okay. Report it. So we're really seeing and, like, the best way to do this is, like, reverse image search and reaching out to whoever is the real person and making sure that you're contacting the best person. So just being mindful that this is happening, and just know that even if you aren't getting scammed, your information could be used to scam other people. And that's exactly what this this example, and that continues to happen every single day. So we'll talk about some of the steps that you can take to kind of lock yourself down and hopefully protect the people around you as well. Yep. Yep. That's exactly right. What what you just mentioned, you know, the the attacker there was using the personal information to actually attack an organization. He wasn't using it in the way that we had been talking to, about up until now. He wasn't he wasn't targeting the the guy on LinkedIn. He was targeting an organization using the guy on LinkedIn's information, the data from someone else. And that person has no idea that that's going on. And it's like, you know, they're not necessarily gonna it's what am I supposed to just delete my LinkedIn? No. It's just kind of building awareness that this is even a thing. Like, for example, who knows if this person would end up getting a job? Maybe they're using a driver's license from breach data for this. Maybe they used Andrew's persona because they've already found Andrew's driver's license in a breach. So it's like just knowing that this stuff is possible and can be out there, maybe having credit monitoring, things like that. We'll get into more of the tips and tricks as we go. But that's really kind of what this diagram is about is that there's no longer a clean line between your work life and your personal life. So there's this gray zone in the middle, the sweet spot trackers, which is the reuse passwords, the bring your own device, the public social media. This is really where attackers live. You know, sure, they'll they'll live on one end to the other, but what makes it easier is to start in the middle and then go left or go right. They don't really care which side of the circle they get in through or they get to as long as they get in. So, Caitlin, this is where I really wanna bring you in because this does not just affect you at work. Again, as we mentioned, it follows you home. Yeah. So, obviously, we saw this following everyone home, like, the last few weeks with the Shiny Hunters hack. And so for those of you guys that didn't see it in the last few weeks, Shiny Hunters is, a hacking group that actually hacked into Instructure, which is a company that owns Canvas. And Canvas is actually, a company that's in like, integrated into three thousand schools. It's like an online portal for your kids. And they were they basically broke into three thousand schools. And if we wanna go to the next slide, we can see kind of the ransomware note that whenever your kids tried to sign in, on the left, we can see that the ransomware note, that Shiny Hunters left for their kids. And what this means is now these hackers have everything within Canvas for over three thousand schools, and I think it was millions of students. That means that they had, you know, their full name. They had their messages to potentially guidance counselors, messages to teachers, what classes they're taking. And all of this, makes you makes your kids and yourself as a parent an even bigger target because now they have all this data on you. Now I will say, you know, Canvas actually it was a ransomware, so they they paid the ransom to get their information back. But with ransomware, you actually never we have a whole debate in cybersecurity world of do you pay the ransom? Do you not pay the ransom? That's a a whole discussion for another time, but you don't actually know. Like, they they claim Shiny Hunters claims that, you know, they're not gonna do anything bad with their data. You're gonna they're gonna delete it once they send it send it back to you. But since, Shiny Hunters is really a decentralized hacking group, you don't know which hackers have access to which data. You don't know if that's already out on the dark web, which means it's also probably out on the regular web in some way, shape, and form too. And we're already seeing there's an example on this. We're already seeing, that this information is out in the wild because this was an account termination, message that one of, Huntress, my colleagues, got about their kid's students. So or their kid who is a student at at one of the Canvas schools. And it's just making you an even bigger target. As a parent, if you got an email saying, hey. Your student, you know, got failed a a test in this class. Like, click here to see, like, how you can remediate. Like, wouldn't you click that? Like, it's it's that's the targeted information that we are now getting on everyone else. And it's not just obviously this Canvas breach, but, like, with your kids on Fortnite and Roblox and Snapchat. Think about Snapchat. Like, your kids are taking pictures, and they're thinking, oh, this is gonna go away. But with every picture, you can screenshot. You can take a picture of your camera. Like, if you have two phones, you can take a picture of the of the picture on the other phone, and you'll never know. And with reverse image search and AI, you can get so much information about, you know, where your kids live, what where they go to school. With Roblox, you're having, you know, like, hackers literally looking for kids that are using cheat codes, and that is really, like, a gateway into hacking. And and then they're, you know, potentially grooming your kids is a whole thing. So all of these things are personal things that actually take you know, get into your personal life, but also can wreak havoc from a company perspective too, but really just more from a personal family side. And it's the same situations. Like, obviously, we're showing personal examples, family examples, but this stuff happens in real life in corporate settings too. So we'll go to the next slide because we we don't I feel like a lot we'll go through really good examples. So we're kind of going through, like, fake posts, real risks. So all these are fake posts, by the way. But I want you to think about, like, all the things that we post. Right? Like, everything that we post on social media, whether that's like, oh my gosh. I got you know, I'm going to Hawaii. Here's my boarding pass, and it's, all of your information, the airline you took, the exact flight you took. It's it's all of the inform like, I I see a lot of, like, I I just got my green card, or I'm on a I'm here on vacation at the Marriott in the Bahamas, or, it's literally, like, the life updates that you're constantly posting because you're proud of it, and that's a normal thing. That is very normal. But we wanna make sure that you start realizing that every single piece that you post is more and more data on you to make you a bigger target. And if someone said, why would you do that? I know from a cybersecurity perspective, we're like, why would you do that? But this is what people like to post. They like to share their life. Even the first day of school pictures, which I see all the time, they're a little kid holding, like, I'm going to first grade. My favorite food is this. My favorite color is this. I'm this tall. I'm this weight. I feel like drop in the comments if you've seen that. I see that, like, all the time on the first day of school. And all of those are, like, you wanna share, but you're you're giving more and more and more details of your family, and those are just risky posts. So, like, if you want to post a vacation, whenever I go on vacation, I post after I come back, and I don't post exact place I say. I just say, like, I'm in Miami. Like, that's a very broad place to be. You know? It's not, like, super targeted. So just be mindful of the digital footprint you're leaving because if people want to target you and you're, you know, giving all this data willingly to the public, you will be a lot easier to target because they know exactly who you are, what you like, what your turnout like, all that stuff. So just be very mindful of of the post that you post. Anything I miss, Truman? I feel like I went through that a lot. But No. No. I I think you nailed it. It's, it's really like I know it can be a little bit hard. You I think the the way to go about it when you are thinking through what you wanna post is not necessarily like, oh, man. Attackers are gonna target me. Like, the the way I flip it, it takes a little bit of a mischievous mindset, but I like to think of things as, like, if I were an attacker, would I be able to use this against someone else? Like, could before you post or when you're conducting yourself online, it's could an attacker use this against me? It kind of turns it into a fun exercise where you get to again, think like an attacker just seems to be the easier way for me, and I and I think we found with other people as well that lets it flip from defensive exhaustion to kind of exciting offense, like you think like an attacker, and that's going to help you in turn discover the things that, oh, wait a second, like, that could be used in this way. And it's not that some things you accept the risk and move on just knowing now that that's going to be a thing. Like, okay, I know by posting this that someone is gonna know this thing about me that they could use to make a phishing email more convincing. Or, okay. I know about the Canvas breach, and now I know that there may be emails coming in that may have very convincing details that seem like an attacker couldn't know that. They couldn't know the ID of the course that I'm enrolled in. Well, they do. So so keeping aware of that thing is important as well. But I think there's there's maybe more actionable advice for families that you have. Is there any others that you wanted to touch on, Katie? Oh, yeah. I mean, well, we talked about all the risks that are coming, right, from, like, games and all of that. But I wanna start talking about, like, what you can actually do to protect yourself. I think the first and the most important thing is having that open line of communication with your kid, which I know is a lot easier said than done depending on your kid's age. But Yeah. If you start talking to them about the risks that like, if they were part of the Canvas hack and say, like, hey. This means that you might get more targeted messages. You might get message like, weird messages from people or about your your classes or whatever. Talk to them about the risks that are going to be happening because they are going to get it no matter what. So if you start talking about it, it's gonna help help them identify what's happening. And also, like, the risks of online gaming, the risks of all of that, talk to them about some of the stuff that we've seen, some of the scams that are happening, and then make it make sure that they are aware that it's like an open line of communication. Like, this is probably going to happen to you, and we don't want you to freak out. Like, we are here to figure it out together. And you want them to be able to come to you when they feel uncomfortable, when something's off, if they get a weird message. You want them to be thinking that you are their source of truth and that you are their safe zone. So open line of communication is absolutely important. The other thing I say is, like, make your kids' accounts kids' accounts. Right? Like, there's a you can have a general account, But if your kids you could have like, I think there's an under seventeen or an under thirteen account for YouTube or depending on what social platform you're on. I know with Roblox, you can actually turn off direct messages, which is so important. I would definitely go recommend turning off. Make sure you turn off any message settings on your kids' accounts. You do not want random strangers messaging them at all. I always tell tell parents, like, go talk to your kids and say, don't talk to anyone that you've never met in person in real life. You do not need to make friends on the Internet. You just don't. And then the other thing in, like, that's super easy is freeze your kid's credit. I always talk about freezing your credit, but your your kids have their own credit too. And what you don't realize is people if your if their information is out there, hackers can literally, like, use their identity for years, and you would never know until they turn eighteen or until you wanna give them a credit card or until they they want their own credit card. And then it could be way too late because that their attackers are using their identity already. So I don't know why anyone would need to, like, keep their kids' accounts open. Just freeze them. Like, if if you wanna give your kid a credit card or a debit card just to start their, you know, credit history, that's fine, but then freeze them after. You could still have a card and and freeze your accounts. So that's super easy to prevent identity theft. And, again, I think the the biggest thing is, like, there are a lot of like, I'm gonna this is sad, but true. There are a lot of risks out there online. There's, like, grooming. There's extortion, identity theft, voice cloning, deep fake scams. All of that, it's gonna be hard to talk to your kids about, but you need to talk to your kids about it because it's happening every day. I get messages every day from families being like, what do we do? And, there are a lot of, good resources out there for kids under eighteen if they are going through, you know, sextortion or, you know, if their if their image was like, AI image is generated about them or anything like that, and I would I would tell you to go to, there's take that down. And I think we can we can put it in the trap chat after, but, there's a lot of, like, a center for missing children, which sounds weird, but it they also help with online, protecting your kids online. So just having those open lines of communication is so, so important. Yep. I completely agree. Yeah. That was I mean, that was a ton of excellent info. And one thing is, you know, this kind of touches back on the Risky Post slide. Having a some somewhat of a sense of fall of somewhat of a false sense of security. So let's say you have your Instagram private. Okay? But you're commenting on things left and right. I would I would urge you to Google your username in quotes on Google. And what you're gonna find most of the time is that those comments show up. And typically, people are commenting on things that they have feel a close connection to. So it's and it you might think, oh, I'm good. Like, my Instagram's locked down. So if someone messages you with something and they have just read reading you like a book based off your Instagram comments, that can be a way in for an attacker as well. That gets into a little the a little bit more of the complex, but it's knowing how attackers can get in and having that visibility. Even if you do think you're locking things down, just know that there are sometimes other things you're doing that are kind of exposing you. And, again, it's not that you can't comment. It's just that know that, like, Instagram, for the most part, indexes these things, and I I don't wanna make it platform specific. Just something to be aware of. So we have if you haven't seen enough examples today of how attackers use OSINT against you, we are going to show you another one. And this one's gonna show you how you can be impersonated by an attacker. It's gonna look into one of our threat simulations that we have released as part of our managed security awareness training, where you actually get to be the attacker. And in the simulation, your mission is to get an account takeover on a professor that has won a grant. So you want the money. So you're gonna be scoring OSINT preparing for a call to IT to get a password reset to get that account takeover. It's a really cool thing we worked on, and I'm gonna show you it now. So you're going through here, and you are taking notes, noting down any information that could potentially be useful during a phishing attack, voice phishing or phone phishing attack. So you're doing the same things an attacker would do. You're looking at the faculty page, and this could be the same as looking at an about us page on a company website for your target company. Happens all the time. And then you're also maybe looking at breach data. So I'm I'm marking down in my little notepad, and attackers do the same thing. Putting down, let's see, second floor. And we're gonna click back over to so we've got our target. We're we're reading about them, and now we're going back to source selection, and now we're gonna go on to the dark web. We're really it's not even the dark web. I think marketing wanted me to change the word in dark web. But really, this is modeled after something you probably just saw, which is dehashed that you saw just a few minutes ago. We called it dark web. But we are then going to bop talk, our version of Facebook, where I, as the attacker, are kind of taking stock about those details that to you posting on Facebook seem perfectly innocent to post. But when you're being honest on your security questions, that can be what gets your account stolen. So you don't need to say in the chat whether you use real answers to your secure to your security questions, but you probably shouldn't. And and you're you're seeing why here. It's because I'm gonna make this call, and I'm I'm locked out of my account. I'm pretending to be the professor. So I'm the attacker impersonating the professor. I'm being asked questions. Look, I'm I'm looking at my notes and I am now including or, you know, answering these questions. I know the answer's cold play, but I'm gonna show you here that we did not make this like an everyone gets a trophy experience. If you get enough wrong answers, you lose and you have to actually retake the simulation. And as you probably noticed up top there, we have a time limit. So if you go too slow, you lose. We made this you know, wanna make it fun, but we wanted to make it challenging and get the critical thinking kind of firing on all cylinders. So now I'm gonna show you, actually losing on a deal breaker question. This is a deal breaker question. If you don't know your date of birth, well, that's a sign that something's wrong. And look look at that. You failed. If you wanna see how you can win, you should go play it yourself. And we are actually putting a link in the chat. Is available right now. You can try it yourself after we finish here today. And as I kinda made pretty clear, it's a safe, fun way to get into the attacker mindset, and, that showed you a little bit of how public information can be used to and and, like, turned into a successful impersonation attempt. So, Caitlin, you've seen lots of different types of security awareness training, I'm sure. Is is this something that feels unique to you? Do you think this this is helpful for learners or humans? They they kind of getting to be the attacker component. Like, what does that do for the learner putting the attacker hat on? Yeah. I I love this. Like, I wanna I wanna go do this after. But this might be kind of a funny little bit, but I feel like there's a lot of women out there that like to do, like, their own OSINT, but they don't realize they're doing OSINT on, like, future boyfriends or, like, friends of you know I mean? Like, we we are very good at detective work, and we like, you know, watching detective shows like Law and Order:SDU. And I feel like people would want to do this because it's the same it's this is literally what hackers do. I mean, that's what they do. They look at open source intelligence. They also obviously can look at the dark web too, but, really, most people don't look at the dark web anymore. It's really just open to the public. And so I think this is such a cool way of showing people, and it's way more fun. It's kind of like the board game Clue a little bit, but, like, you get to be doing all the stuff yourself. So I I love it. Awesome. Yeah. I love your your not only detective work. You know, the the what we were going for in, like, a sentence with that simulation, which will be which OSINT's not the only one. We've got a we've got a bunch. We're cooking. We're just about to I think Deep Fake's the next one we're working on, but you have free access to the OSINT one. All of these are part of managed security awareness training in Huntress. But the in one sentence, like, the goal of it was to as an example, if you're about to go post something on Facebook, but you just played this game and you just hacked it into someone's account by looking at what's put at what was posted on their Facebook, is to get you to stop and think, like, wait a second. I just hacked someone doing what I'm about to do. So so maybe think twice about what you post, lock things down, or just have the general awareness that this can be used against you. I think what we were talking about earlier with the Instagram and social media and things like that is, like, you know, even if your account's private, you might have people following you who you're like, wait a second. I don't really know who this is. I don't even I don't even really remember accepting them as a friend. So you can go through every once in while and kind of pare down that list as well to people that you know and trust so that you kind of, again, make yourself harder to target because you otherwise, you're you're just it's just you don't really know the information that has been giving out to to whom and and for what purposes. So, Caitlin, we covered a lot today. We're starting to get to the end here. We have some closing tips and guidance. Everything here is important, but I am curious. Which of these do you think is the one that most people miss? I mean, as much as I wanna say it's not passwords, because I hate saying passwords, I, like like, making sure I don't even know if passwords are on here, actually. Yeah. They are. Treat security questions like passwords. It's super important, like, having unique passwords. And I wouldn't say for every single account because I know a lot of people, you know, we have millions not millions, but we have hundreds of accounts now. I would say, like, try to limit creating accounts and have strong and unique passwords for your for your key accounts because people just don't. And I saw a lot of comments in the chat about password managers too. So just, yeah, have strong unique passwords, and try not to create so many accounts under your emails. Like, you're just creating a bigger and bigger digital footprint on you, so just limit that. I think those are the I mean, all of these are so so important, but those are my favorite. What about you? Yeah. It is hard to pick just one. You know, the keeping devices and apps up to date, many people don't really understand why. Like, it it really is that all of these are extremely important. It really is hard to just hard to just pick one. But most people don't really understand that when device and application updates are coming out, it's not just to fix little bug fixes and add little enhancements. It is often because there were high and critical severity vulnerabilities that were discovered and fixed, and now they need to roll out this patch so that you're not a sitting duck. So the longer you go without updating your phone or your computer or certain applications, the more likely it is that you you then an attacker will be able to literally just walk right in. I mean, you hear of vulnerabilities that will happen. It's like once every few months or maybe a few times a year that there will be vulnerabilities on phones where it's like zero click. Like, you an attacker just sends you a message and you're and you're owned. So I think keeping device and apps up to date is very important. Not re not reusing passwords is very important, but they they really all are. And and I like the one of of treating the security questions like passwords. That's one that most people doesn't really click forward. It's like, you're allowed to lie on security questions. It doesn't need to be the truth. I use a password manager, and I generate fake answers to those security questions, so I suggest that as well. I love that. I think the security questions too, I always tell people to have, like, an ulterior persona when you go online. Like, you don't have to give your real name, and you don't have to give your real birthday, and you don't have to give real answers to the security questions. You could be, like, Cherry I don't know. Somewhat you could just make up a name and just looking at cherries on my desk. But you could, like, make up a name and be like, yeah. I grew up in in somewhere in Tennessee. I don't know. Find a cute little town. And, like, use that as your security questions for the rest of the time, and it wouldn't even be you. It would all be fake. So I always tell people, like, generate your own persona online. You can be anyone you want. There's literally like, no they don't need to ever know your real name. Like, even if you're, like, buying stuff, why do they need to know it's going to your address. Who cares if it's your name or not? Doesn't matter. They don't need to know your birthday. When does anyone online needed to know your birthday? Yeah. Yep. I completely agreed. Yep. It doesn't matter if they send you that, hey. Here's ten percent off your order because it's your birthday. It doesn't matter if that comes a week earlier, a month earlier, whatever it is. Yeah. And and you can switch around the years. You don't have to say your real birth year either. I mean, there's so many things, but I, yeah, I try to, like, disguise as much as possible, but I love all these tips. Awesome. Alright. Well, everything we have talked about today we do have a little bit more, by the way, so stick around if you can. Everything we've talked about today was about understanding what attackers can see, what they can infer, and how they can turn that into pressure against you, fear, urgency, whatever it is, to get access. So if you wanna see how Huntress helps teams spot suspicious logins, abnormal account behavior, signs of credential abuse, these are things that, like, you know, everything we talked about today, it's going to happen to a percent of the people. With Huntress ITDR, that's what helps teams actually figure out what's going on once it happens. So it's like, you have to assume you have to assume breach. You have to assume attackers are going to get in. It's more about detecting that it happened. So if any of that's interesting to you or raise any questions about what is going on in your organization, you can scan this QR code. I promise this one's safe to schedule a Huntress managed ITDR demo. And now we are going to announce the winners of the three Polaroid cameras. We've got Michelle a d are the first two letters. I know I was gonna just do the first letter, but I know there's probably multiple Michelle a's on the call. We got Michelle a d. We got Doug, m e. We have Tim, w a. K. Those are just the first two letters. I'm not saying your last name necessarily is wa. Last name starts with w a. So we got Michelle, d, Doug, m e, and Tim, w a. Major congratulations to you three. You will be getting an email so that we can kind of orchestrate setting everything up. Thank you very much, and I hope you enjoy those that kind of turned back to the analog age. A little bit of nostalgia there. Thank you very much, Caitlin and Jai. We have a little bit of a bonus for you. Oh, boy. This is is a let me see here. Let me see if I can close this. This is a deepfake of a voice mail. Okay? So I looked at Caitlin's videos online, and I just looked at maybe, like, thirty seconds of of audio pulled thirty seconds of audio from cybersecurity role, and this is what we got. Hey, mom. Your phone went straight to voice mail. I need help. I'm in the hospital, and I lost my phone. Call me back at three one zero five five five zero one nine four, and please hurry. Kayla, what are your thoughts on this? Kinda sounds like me. It always makes me laugh. I mean, I it's always scary. I know that, like, we're in this industry, so we see it all the time. I had just told my parents and my family, like, we have a family safe word. And for those of guys that don't aren't aware of what a family safe word is, it's if if my mom gets a call like this and she's, like, freaking out, the way that she can confirm it is me is, like, say, okay. If it's you, what's the family safe word? And if I don't know the family safe word, then she's like, this is a scam, and she hangs up. So it is really scary to know that, like, I mean, especially since I'm on social media, I literally post, like, two or three videos sometimes a day with my voice. I'm on stuff like this. So anyone could get samples of my voice. And FYI, I know that it didn't sound exactly like me, but I'm pretty sure, Truman, you made this in, like, maybe a couple minutes. Yeah. So if if act people actually wanted to target me with something real, they maybe would need to spend an hour, and it'd be, like, way better. But, yeah, the only way to really prevent this is to have a family safe word. And I always tell my parents also, like, don't answer phone calls from numbers you don't know. If it Yep. If it's not coming from me, don't answer it. And then some I mean, obviously, now there's spoofing and stuff, so they could technically come from me, but that, like, is a whole another level. But, yeah, don't answer phone calls from people that you don't know and has a have a family safe word. Yeah. Couldn't have said it better. Yeah. I it was it's stunning to me the amount of people that do not screen calls and someone calls them, and they just answer the phone. And it's like there's very few people. I think it's like salespeople for the most part are are the ones that are, like, gonna pick up a call and just know going in that they're at a higher risk because they're they're opening up that attack service by picking up. I completely agree about the safe word. That's really the only way to defend against it. And so here is another example. This one is a little bit more fun, a little bit more dramatic. I wasn't going for perfect. The point is to show that we can put, you know, anyone in whatever environment we want saying whatever they want in in literally just a few minutes. So imagine what a determined attacker can do in a few hours. I'm stranded, but I wasn't going to miss the opportunity to share this quick cyber If Truman tells you to go to the middle of the jungle, verify your sources, and bring extra water. My name's Caitlin. I'm a cybersecurity expert, and I'm here to help you stay safe online. Caitlin, what are your what are your thoughts on this? Like, is that what I really look like? No. Kidding. No. I mean, it's it's the same thing. Right? Like, this stuff is, is going crazy, and it's not as readily avail I mean, obviously, you can tell that you've made this in a little a short amount of time, but you could probably trick my grandma with that, honestly, because she doesn't have the best eyes anymore. She's in her nineties. But, I mean, there's still, like, technology now that, like, hackers are getting their hands on that are a lot more sophisticated, and I think you'll probably go maybe even go through that in your next declassified episode. So you guys should all you guys should all turn tune into that. But I think it just I mean, all you can do right now, like, there's no reason to to to have fear with this. Like, this is a this is the life we're living, and so you just have to protect yourself, and you have to know how to protect your family. So, again, the only way I know how to protect myself is Family Safe Words. And so that's what my family has. And you can rotate Family Safe Words. If it's, like, been a year and you're like, I think we should get a different Family Safe Word, do it. But, yeah, I think it's it's funny, and it's crazy, but it's very interesting. So Yep. Thanks. Thanks for making me jungle woman. That was pretty fun. You're welcome. That was fun. And, really, the inputs there were an image. I basically took a photo of Caitlin. I I'm not gonna tell you everything I did, but the the the point is I don't wanna make it too easy for you all. The point is to get the video, it was really a photo and an m p three input, and it just turns it into a video. This stuff is much easier than you think, and we're not kidding when we say this took about five minutes of time. Yeah. So if you liked what you saw today, please join us for episode three of Declassified on July twenty eighth where John Hammond, the great John Hammond, he was on the first episode. He's back in the hosting scene for episode three. He actually helped me with a little of this dark web stuff, don't tell anyone, that you saw today. And we are going to or he and a guest are gonna dive into unwanted interruptions. This is how cybercriminals use clinical timing to shut down your business. So, again, that is July twenty eighth, and I think you see the little poll there that you could fill out if you're interested. Alright. We are basically at time. We're gonna get to some questions. You you know, if you don't if you don't wanna stay for the questions, don't have to, but let's answer a few questions. So one, this I'm gonna go to you, Caitlin. Oh, boy. Besides going off grid, which is not practical as as we discussed, it's a great point, what are some real steps people can take to help protect from the impacts of these things? No roadblocks, Never allow someone to copy your driver's license? Hide in a cave? Well, hide in the cave is no. I'm kidding. I I honestly so if you go to my channel or even Truman's channel, he has an amazing channel too on on social media. We kinda go through a lot of these steps, but the point is to integrate these simple habits into your life. Right? So, obviously, if you aren't a public figure or you don't wanna be a pub public figure, lock down your account. And not just lock down your account, but see who's following you and kick them out if you don't know them. Like, I it's the same steps that you should tell your kids. Like, if you've never met this person in real life, they should not be following you. You should not be talking to them. You should not be interacting. And, like, that seems like a lot of work, but it's a onetime thing. Right? Once you lock it down, you kick all the people out, you know exactly who's following you, that that's great. And the same with, like, I also just never click on any link, like, literally ever. I know that sounds crazy. I I instruct everyone on my team. We we go through kind of a lot of hoops to try to figure out if we absolutely need to, But there's ways around it. Like, if you're getting any text message, I take nine seconds or email phishing emails, take nine seconds to step back, see if that's urgent, see, like, what the URL is, all of that stuff. But also just, like, don't click if it if, you know, Bank of America is emailing me. If I don't have Bank of America right by the way, I named what I don't have. If Bank of America is emailing me, I'm gonna go to Bank of America and be like, I'm gonna go to their actual website, type it in, and go to them, or go on the back of the credit card and type call the actual number on the back of my card. I will never use any of the information in any email or I won't click on any links. And then, again, I it's open lines of communication. Kinda keep yourself updated with the latest scam. So if you know about it and it happens to you, then you're like, oh, this is a scam. You'll you're more able you're more easily able to recognize that it's a scam. What about you, Truman? Well, yeah, I I I completely agree with everything you mentioned. The other thing is, like, yeah, don't feel the same way that in physicals, like, people get in you were talking about tailgating in with ease. It had it's, ninety nine percent. I mean, it's probably a hundred percent of the time you were able to get in through tailgating. It, like, works every time because people feel bad not holding the door for someone. It just seems rude unless the security team has told you, like, no. You're straight up going to get in trouble, which is what I've always recommended. The security team say, you're straight up going to get in trouble if you if you hold the door for anyone. In the same way, if someone calls you, you might feel rude hanging up and calling back. Like, if someone's calling you, even if it looks like the Wells Fargo phone number on your phone, and they are saying that there's suspicious activity on their account, and they need to run you through some authorization checks or whatever it is, be like, okay. I'm gonna call you back. Hang up. Call back. Phone numbers can be spoofed. Never feel bad about being rude to protect yourself. So that's that's something I'd say. And let's get to a last question. How do you complete an OSINT audit, Caitlin, on yourself and family members in order to bring awareness to what data needs to be deleted or or removed from public spaces? I honestly just Google myself. Like, I that's the best way, and you can Google yourself in, like, different ways. Right? Like like, Truman, you mentioned earlier on the on the show. Like, if you do, quotes and then you put your username your handle in, you can see what comes up. I do quotes of I'll do, like, you know, my my family's name, and then I'll do, like, phone number and see what phone numbers come up. I'll do like, you can do Google yourself in multiple ways. Like, if you if you've heard of Google Dorking, look it up. It's great. It's ways that you can kind of understand how Google works. Now you don't even need Google, honestly. You could probably use AI to see what information is out there and scrape different different sources for you too. So I honestly, just like every maybe year, kind of Google myself. I do pay for a deletion service company to delete my data from data brokers. I used to do that all manually, and then I found a company that I I trust. It it's not a, you know, silver bullet. You still have to kind of make sure that you're locking everything down. But, yeah, I think if you're just, like, googling yourself, kind of Google dorking and using AI to figure out who can find more information about you, that's the best. And then, obviously, just minimize what you you post throughout the year. What about you, Truman? No. I I completely agree. Googling yourself is the easiest way to go. You can go to some like, you don't need to if you wanna go to the deeper level, have I been pwned is a great website to go to to put in your emails and and like, you don't necessarily need to go to dehashed and and and things like that. You can just sign up for service like having pwned, is great, which is gonna tell you when your email where your credentials are included in breach data. That's another way to go. But I think, like you said, the great starting point is Google and use those double quotes to, like, sift through the noise, pull out the signal, and determine, like, what needs to be taken down. Have I been told was my first viral video, like, three months into my posting. I was talking to people telling people how they could figure out if their data was breached and which breach it was and, like, to change their, change whatever was breached. So it's a great source. Yep. Completely agreed. Okay. So we have someone we're gonna close out here. We're gonna show you where you can follow us on social media. We have someone who asked about, OSINT, that OSINT simulation. They wanna share it with their company, and they don't wanna have to input their email. I would reach out to someone at Huntress, or maybe we can follow-up with you, Melissa. We want to get this ungated. I personally don't think a email should be required, but for now, it is. If you're wanting those in simulation, you wanna share it, you don't need want your employees to have to put in an email address, I would reach out to someone at Huntress and they'll let us know, and that'll kind of up the tally on us getting to remove that gate. So thank you so much for everyone joining today. Caitlin, tell, people where they can find you online because you you are a treasure trove of information. For those of you, again, that don't know, I'm sure everyone here did, but Caitlin has hundreds and hundreds of excellent videos covering everything in cybersecurity. Where can they find you? Yeah. So, like, slide says, find me on most channels as @cybersecuritygirl. If you wanna follow me on LinkedIn, it's just literally my first and last name, so would love that too. I will I will give you a little precautionary warning that I do post every day, and you will see a lot of posts. But you can use that to share with your friends, because there's there are posts all over about different scams and alerts and when you need to update and all that. So, like, my whole goal is to protect you, your family, and your loved ones. And I know that once cybersecurity starts at home, that's what I always say. And then I think because and Truman said that, you know, he's echoed that sentiment earlier on. And then I know that it'll, you know, kind of leak into your corporate life too. So follow me on as cybersecurity girl and then also Truman. He has amazing account. I'll let you talk about your account too. Thank you. Yeah. It's just know, I I'm more about the like, not more. We we cover some some same content, some different. I like to try to show what's going on daily in terms of, like, attacks, like, specific attacks and maybe how they work, like, little bit under the hood, like, talking about click fix and fake capture attacks and things like that, how they work, like, what attackers are doing technically. So it's a mix of technical information and a little bit more kind of family friendly, higher level. Yeah. We we are so and that's @Trumancyber. No spaces or underscores or anything like that. So, again, thank you so much to everyone for joining today. We were truly happy to have you here. Hopefully, you'll join us again for episode three. And with that, we will close it out. Thank you for every all the engagement in the chat, by the way. We love to have you all. So have a great day. Everyone. Appreciate it. Have a good day.