We live in a digital world where everyone is connected like never before. It’s created amazing opportunities for closer communication and learning for our children, but also led to a lot of dangers to them and other more vulnerable family members, like parents and grandparents. In this webinar we broke down how you can keep yourself and your loved ones safer in our online world.
Our featured guest for this webinar was Kerry Tomlinson, who is a cyber news reporter who works to help people stay smarter and safer online. She spent three decades as an investigative journalist, often going undercover to investigate crimes, winning multiple Emmys and other local, regional and national journalism awards. Now she travels the globe, both real and virtual, looking for creative and compelling ways to show people what is happening in the digital world and how it impacts them.
The hour was chock full of great recommendations from Kerry, as well as the audience! Scroll below to view the recording as well as a full transcript of the session. 💥As a bonus, enjoy this additional resource on protecting your family that you can share with employees through your security awareness program.
Catch the replay below or continue scrolling to see the full transcript of our lively discussion with Kerry Tomlinson, hosted by our VP of Marketing, Cassie Fulton Flores.
Cassie Fulton Flores:
Hello everyone. Thanks for joining us today. I see folks are rolling in. Go on the chat, tell us where you're calling in from today or joining us from, what you had for lunch, what your weather is like? We'd love to hear from you. Hello from Colorado. Great. Hey Josh. Portland, Austin, Montreal, Toronto. Great. Love seeing some international friends from the northern lands. Kerry, there are some fans for you in the audience.
Kerry Tomlinson:
Good. Hello! Thanks for having me.
Cassie Fulton Flores:
If they're not your fans now, they will be in the next hour.
Kerry Tomlinson:
Okay. Good. We have lots of good stuff to talk about.
Cassie Fulton Flores:
All right. Well, let's see. We're three after the hour, folks are still rolling in, but let's go ahead and get started. We have such a great hour together today. I want to make sure that we're able to cover everything. So hello everyone and thanks you for joining us. I'm Cassie Fulton Flores, I'm the VP of marketing here at Living Security. I'm really excited about today's topic. This session is just a little bit different from the others in our monthly webinar series. Those topics are usually relevant to your enterprise's security and how you're training your employees. Today, we're going to take a little bit of a different approach.
Cassie Fulton Flores:
Because cyber threats are happening all around us as individuals and for the people that we care about, there's just so much that's coming our way with new threats, new scams, deep fakes. How do we keep ourselves and our loved ones safe? So I'm really excited about our guests today, an the expert on this topic. A couple of quick housekeeping things before I introduce her. I want to make sure that everybody is aware that we will be recording this session. So you can go on to the Living Security website under resources, and we'll also email one out for you as a followup today as well or as a followup to today's session as well.
Cassie Fulton Flores:
We will have questions going on in the chat, so there will be a couple of folks that will be able to answer those for you in real time. We'll also have a couple of pauses in our presentation today where we can kind of choose as a pick our own adventure on the various topics that Kerry has brought to us. So there will be a couple of quick polls around that and what you want to hear about next. So we'll take the couple of highest ranked topics and focus on those today. As well, we'll also have a couple of swag packs to deliver, randomly to the folks that are joining us today. So if you're interacting with us in the chat, that's how you get entered into the contest to win the swag packs.
Cassie Fulton Flores:
So lots of good stuff. This is going to be a really interactive session through the chat and really excited again about, and honor to have Kerry here talking with us today. So with that, let me introduce Kerry. So Kerry Tomlinson is an Emmy award winning journalist and cyber news reporter with Ampere News. So with that, Kerry, I'm going to hand it over to you to get us started.
Kerry Tomlinson:
Wonderful. So glad to talk to everybody today, so a little bit about me, I am based in Portland, Oregon and if you're from Portland, Oregon, you might remember seeing me on television for 20 years in local television news. I've actually worked in television news and radio news for 30 years. I started when I was a teenager, and in Portland, I worked on Channel 12 and Channel 2 for a while. Anyway, worked in TV news for about three decades, winning multiple awards, Emmys and other journalism awards, doing investigations, launching investigative units, all that good stuff. And I decided to try something new a few years back and launched my own cyber news organization, focusing on cyber news, why?
Kerry Tomlinson:
Because there was so much stuff happening in the digital world, but most of the organizations talking about it were focused on tech people who have lots of tech knowledge and tech skills and that is great, and that is wonderful, but what about the rest of us who may not have those tech skills, those cyber skills yet, or maybe we never will. I wanted to translate what was going on for everybody. So that's what I'm doing now on my site called Ampere News. Ampere like amp, the unit of electricity. What I do is I look at threats all day long, and then I find out what is impacting us? How is it impacting us and is there anything we can do, some steps we can do to change that or just be aware of it.
Kerry Tomlinson:
So since I look at threats all day long, what I love to do is do presentations so I can share the threats with you, so you know, what is actually happening and what you can do with that information. What's the stuff that you really need to pay attention to, and what's the stuff that you can kind of just put on the back burner. What is most important? So that's what we're going to do today. We got lots of good, interesting cases to look at. Cannot wait to share them with you and see if you have any questions about them.
Cassie Fulton Flores:
Thanks so much, Kerry, let's go ahead and dive in to the content.
Kerry Tomlinson:
You want us to get started right now, sorry about that. I was just getting all excited, thinking about all the good stuff that we have to talk about. So hopefully you can see the title slide, keeping our loved ones safe online and that is the goal with all of this and we're going to start with a little story out of France, a little town called Messanges in France, you see where it is on the map. It's a surfing community in France, actually, very popular. Well in January, there was a report that the town was losing its internet and cell phone communications between midnight and 3 AM every day. Why was this happening? No one could figure it out. No one could make a cell phone call.
Kerry Tomlinson:
No one could use the internet between 12 and three. Well, what if there's an emergency? This became a problem. So investigators started looking around and they followed a signal and they were finally able to figure out what had happened. They tracked the signal down to a family's house, and what they found was this, here's the headline for the news story, "Dad takes down town's internet by mistake to get his kids offline." So what he was doing was using a jammer, that's what you see here. That's the actual jammer that he used to try to keep his kids off of their phones and off of their laptops between midnight and 3 AM, because apparently during the pandemic, they really got into this very bad habit of doing it.
Kerry Tomlinson:
He was trying to protect his loved ones online. He was, he was trying. Unfortunately, it's illegal and he could pay fines and have all kinds of difficulties. So you don't want to use a jammer, but we do want to try to protect our loved ones because we love them. We don't want bad things to happen to them. So here's the number one thing that I am going to tell you, I have children, I have two teenagers and this is what works with them and what works with me and what I think can work with you as well, and that is simply tell them about it. Tell them stories about some interesting case. You heard, about some interesting event, there was this dad who wanted to protect his kids from the internet, and he ended up using an illegal jammer and got himself in big trouble or whatever it is.
Kerry Tomlinson:
It doesn't have to be that story because that's not really the point of this, but the stories that we'll show you are going to be stories about some crimes that are happening. So if you talk to your loved ones about these things, they will at least know that this is happening and they'll keep it in their heads. First off, we'll talk about something that affects kids and teens. This is an interesting case and some interesting info you can use with your kids and teens. This is a real game, you could say, that was advertised on YouTube and on other media channels, the Theme Zone Shawky App. The ad that was run for children claimed, "Shock your friends. Free trial," with a theory that if your friends touched that little button on your phone, they would get shocked.
Kerry Tomlinson:
Who wouldn't want to try that? Download it for free, to see if it works. My gosh. Reality was however, according to researchers at cybersecurity company Avast was, there was no free trial. You had to pay and when you did pay, there was no shock involved, it was just wallpapers. There was no game and then, there were frequent ads even after the payment. It was a huge dud, so people ended up paying a lot of money, mostly kids it seems, were downloading this by the tens of thousands, paying money and then finding out that it was no good. How can you encourage your kids and teenagers and even adults in your family to not fall for this kind of thing? First of all, warn them, if it's being advertised on social media, be very careful and don't click on anything, but the reviews are a big help.
Kerry Tomlinson:
In this case, the reviews were 2.3 stars. Now, I know from what my kids do and say that they want this app so badly, that they will just dismiss this, but we need to look at the reviews. You will see fake reviews, saying how great it is and then you will see real reviews that reveal that this thing is a scam. My theory with reviews is that I read the negative ones because I want to know what the complaints are about it and if I do, you decide to download it, what I'm going to be facing. This has turned me away from many bad app. So always encourage your kids, even though they really want to download that app right now to stop and look at those reviews. Important reminder, fakery is everywhere.
Kerry Tomlinson:
The next cases we're going to look at are about fakery and this is the important takeaway, especially now with what's going on in the geopolitical crises, right now around the world. We are all targets of misinformation and fake accounts, so we want to take some good steps to prevent ourselves from being manipulated and abused. First off fake accounts on Skype and other social media platforms. This guy, this is actually a very sad case out of England. This fellow was sentenced in January. Investigators say this man, Robert Davies, he made fake accounts and catfished people, but he was targeting women and unfortunately teenage girls, including a girl who was 11 years old.
Kerry Tomlinson:
He would connect with them with fake pictures and a fake profile and then he would convince them to click on something and he would download malware onto their device, and he was able to spy on them and get intimate pictures of them using their devices. This kind of thing is real and does happen. Our kids really like the idea that the person they're talking to, that they can take them at face value, that when they say they're a nine year old, who also likes Minecraft, that they really are. That's not always the case and they're disappointed when you talk to them about this kind of stuff, but if you can just drop this kind of story from time to time, depending on the age of your children, obviously, and how you say it.
Kerry Tomlinson:
That will plant that seed in their head that this does really happen. Now, here are fake accounts for adults. This woman, Vicky O'Shea-Fowler. She contacted me on LinkedIn and wanted to connect with me. Isn't this great? She's a CEO. She's co-founder at Data Smart Consulting, but if you take a closer look at her picture, she is fake. She is a deep fake, she does not exist. I have studied deep fake photos and one of the key things that is pretty consistent is issues with earrings. So that was one problem with Vicky. Also, the deep fake stare, deep fakes currently used for this kind of use, this kind of purpose generally are staring off into the distance, kind of like she is doing.
Kerry Tomlinson:
So when you see that stare, you want to look a little more closely. It's not always the case, but in this case, she is fake. I ended up doing an investigation on it. Vicky doesn't exist, deep fakes in your LinkedIn. Why? Because this problem is rampant on LinkedIn, thousands of deep fake accounts and because Vicky connected with hundreds of leaders in tech and cybersecurity around the world, and when I spoke to cybersecurity experts about this, they said, she's probably already launched her attack, that by the time the rest of us know about someone like Vicky, she's already launched her attack, could be ransomware, could be spying. She connects with you online, end up talking back and forth, sends you a link, you click on it and you have malware on your computer.
Kerry Tomlinson:
We Sourced her, we tracked her to a company in the Ukraine-Russia area. So you see how advantageous it would be for people working in that geopolitical crisis to create an account that would attack cyber security and tech leaders in the US and around the world. This is real and this is happening. Just a fun part of the investigation, I checked on Data Smart Consulting, the company that she claims, and it turns out to be located, not in North Carolina, as she said, but in Morocco. I spoke to the other employee listed here, who by all accounts appears to be a real person and she says, there is no such person as Vicky O'Shea-Fowler.
Kerry Tomlinson:
Just confirmation of what we knew, but sometimes it's just making that extra step where you really want to find out what's going on. Like I said, it is rampant. Here are two other people that are connected to a company that Vicky is connected with, both of them are deep fakes. Both of them are not real people and when I contacted the company about it and said, "Hey, what's going on?" At first, they didn't answer and then after we published the story. They said, "Oh yeah. Every company ends up with deep fakes." I'm like, "No, they don't. No, they don't." Okay. Other fakery for you to be aware of. This is an issue that's going on right now, where attackers are sending you messages for fake video meetings.
Kerry Tomlinson:
Well, you already know about that. That's not new. Definitely something to be aware of, but the new wrinkle, according to the FBI is that attackers are pretending to be your boss for these video meetings, that's why we have this picture of a lion, holding a Zoom meeting with a bunch of animals that the lion would love to devour. In this case, the FBI says what they're trying to do with this video meeting, besides the fact, they obviously won't have video of your boss, they'll probably put up a still picture of your boss, and they may either use deep fake audio to sound like your boss or say the audio is not working properly and do the chat function. They're setting you up for doing a transfer of money in most cases.
Kerry Tomlinson:
So they'll say, "Hey, we're working on this deal. I just wanted to let you know about it. I guess this video meeting isn't working, but watch out for the email." Then they send the email and you transfer the money off, or you click on something or you do something, but they've set it up with this ingenious method of using something you are accustomed to like a video meeting to tell you to expect the next step of their scam, pretty clever. If we're aware of this and we talk about this to our friends and family and say, "Hey, you know what, I heard these fake zoom meetings or fake video meetings are going on and attackers are pretending to be bosses, so it's a good idea to verify."
Kerry Tomlinson:
That's good helpful information for all of us to know. Another new case that has come out, the headline says, "Hackers slip into Microsoft teams chats to distribute malware." This is an image from the Teams site. Just to give you an example, in case you're not familiar with Teams, it's a chat platform, also does video meetings. What hackers are doing are stealing our passwords and breaking in and pretending to be us on Microsoft Teams. So what's the danger of this? Well, in this case, they're sending out a link and saying, "Hey, you need to download this app for work," and you think it's a coworker.
Kerry Tomlinson:
In addition, the company that looked into this called Avanan, a cybersecurity company, they found that hospitals, not all of them, but a number of hospitals were using Microsoft Teams to talk about patient information, to talk about our information, because they assume it's secure and safe and they should not and we should not because hackers are now breaking in, attackers, malicious hackers are breaking in, pretending to be us, collecting the information they need and then, giving us malware that then takes over our computer so they can steal our passwords. They can take over our mail accounts. They can use our computer to launch ransomware against the company. They can steal money from our bank accounts, all of that stuff that we really don't want to happen.
Kerry Tomlinson:
They can also sell access to our computer on the dark web, can and do so you may not get attacked right this very moment, but maybe in a few months or in six months or in a year and two years, you may get attacked by the attack or who goes, "Ah, I will use this computer for that purpose." This one, another bit of fakery that you need to know about, you may be looking for some productivity apps. So you Google or do a search on whatever search engine you like, free productivity apps installation, say or free software development tools installation. You're looking for some free tools and you get this search result and you see, well, Visual Studio 2015 is available for a free download.
Kerry Tomlinson:
You think, okay, well, I would like to download that for free. Well, this search result is fake. It is fake. It is done by attackers. They buy the ads and the AdWords that they need to move up in search engine optimization, SEO, that term you may have heard and maybe use all the of time. They'll do that. So they get towards the top of your search results. You click on it. What do you see? Well, this is a real site, a real blog site, but attackers ... according to the security company, attackers have modified it so that if you go to the forum, you see this big download button and you click on it and you download and you get that malware on your computer, which can be used for all kinds of things.
Kerry Tomlinson:
Think about it in case of war or cyber war, even if we are not the countries directly involved, they would love to get access to our machines as many of them possible. So you really want to be aware of what's going on right now. A couple things to look for, a couple ways we can help ourselves because it is kind of scary having all this going on, and really, I don't want you to panic at all. The key is just being aware. So check out this, download for windows 11, get windows 11. Let's look at the site address, windows-upgraded.com. If you're not paying close attention, and maybe you get an email with a link to this or there's a message in social media or someone post it on social media and you go, "Oh yeah, I want to do that," and you go there. The problem is that the real download site is not named anything like that, microsoft.com/software-download, et cetera.
Kerry Tomlinson:
So unless you start really paying attention and actually research the web addresses yourself, you can be tricked into something like this, another good example and this is something for your kids, you may have heard of Discord. It's a place, a lot of kids and adults use to communicate. This is a fake page for it. This is the real page. What is the web address? Well, on the fake page, they wrote, "Discord app app app," which is nothing like the real one discord.com. If you are a kid or an adult who is moving quickly, you definitely wouldn't be paying attention to that. Unless you really say, "Hey, I need to pay attention to this. I need to verify separately. I do not want to click on that link that someone has emailed to me or something I've seen on social media or a message someone has sent me.
Kerry Tomlinson:
I want to go to that business or that site independently on my own and separately," and do not type in the web address that I see in that potential scam message. Instead, do a search on your own and you will be better off. Finally, for this, this is a really important one for keeping maybe older family members safe and that is the romance scam. This is an actual message from a romance scammer. I did a story about it. Absolutely heartbreaking story about this and before you say this only happens to stupid people, I've interviewed many, many people who've fallen for this and they're not stupid people. What they are is really looking for someone to love them and the scammers know that.
Kerry Tomlinson:
I spoke to, my gosh, a former coworker's mother. She fell for this and she has given away everything. She lost her job. She lost her house. She's living with her daughter now. She lost everything because she keeps sending money to this person who she believes to be her lover and her family has tried to tell her it's not real and she says, "You'll see, you'll see, in the end, it will be real." In this particular case, this man said that he was Michael Lawrence and he wrote these amazing messages of love to this person in Georgia. A very lovely woman in Georgia, very nice sweet person and sent her pictures, ended up on a ship. He said, he needed her to do a transaction for him because he was actually not just on a ship, but he went to an oil rig he said.
Kerry Tomlinson:
Needed her to do a transaction for him and she did the transaction for him. This was the bank account that she actually did it on. It was an actual webpage that actually looked like a bank where you actually put in a username and password and a code, a security code and you got in and you saw something that looks like this account. Unfortunately it was fake and she lost a lot of money, and you see this man, he actually was a Russian fellow. He is not the scammer. His pictures have been used for many romance scams, but his real name is Alexei Sitnikov and they simply took all of his pictures from his Facebook page. So what you want to do is tell them about it, the fake apps, the fake accounts, the fake meetings, the fake search results, the fake love.
Kerry Tomlinson:
You want to tell them about it so they can hear and know that this stuff is really happening and that kind of awareness will arm them to be safer when they're online. So with that, we get to move on to choose your own adventure, where you get to choose which topics we cover next.
Cassie Fulton Flores:
This is so great, Kerry and so Brandon is going to launch the poll. So everyone, as you're reading through the options here, select one and what Kerry will do is take the top two and speak to those topics over the course of the remaining time that we have together today. So Kerry, lots of interesting things coming through the chat as well and maybe you can give a little context to one of the questions that came in while we're waiting for the poll results. So one of the question was, do you have any tips around explaining some of these romance scam things to unexpecting mums in this case?
Kerry Tomlinson:
Yes, it is very important to talk with them before this happens. It can still happen, even though they know about it, but if you can, initiate that conversation before it is too late, because it will be easier. Once it happens, the scammers are so good, they have a playbook and they're so good at tricking that person into believing that they have found their true love, the love of their life, that it may be too late, once it has already happened. I recommend that you show them one of my videos on the news site. That's what the news site is for, and there are two excellent videos on there about this topic. One of them is called Anatomy of a Romance Scam, and that is going through each step of the scam and how it worked and how they tricked her, and the advice that this poor woman has for us.
Kerry Tomlinson:
Then, the other video is Three Tech Tricks That Romance Scammers Use Against Us, looking at some of the technology that they're using, because they don't just sit around and wait for technology to come to them, they're early adopters. They go out and find the technology and ways to use the technology to trick us. That way, if you can get that information in front of your loved ones who are older, and actually it does happen to younger people as well. What happens with older folks is it's just a little bit more easy to get in there and have them give away their life savings than it is with a younger person, especially because a younger person may not have that much money to give away yet. Older folks often have more money to give away or they'll give away everything that they have.
Kerry Tomlinson:
So watch those videos with them, talk about it. If you don't want to watch videos, I have articles on amperenews.com, those same articles and just talk with them about it happening, and that way you'll have that connection, and at least they've heard that.
Cassie Fulton Flores:
Really good advice, so the poll has closed and we have two clear winners, which I think everyone is commenting to these being all really great topics and being hard to choose, but social media, tips ... or social media tricks and traps is the leading result with four steps to home internet safety coming as a close second, so let's cover off on those two and maybe we'll do a future session where we talk about the remainder.
Kerry Tomlinson:
That's fantastic. They are all great topics. You guys made excellent choices. Okay. So social media tricks and traps. I shortened it to social media scams, so you can see what's going on. So here's the big deal. The Federal Trade Commission just announced that for 2021, we lost a record 770 million dollars to social media scams, tricks and traps. That is compared to just 258 million in 2020, and in 2017, 42 million dollars gone. We are falling for this. More and more attackers are using this, more and more. So we need to be aware of what the biggest scams and frauds and tricks and traps are out there so that we do not lose our money to this. I do not want you to lose your money to this. I want scammers to go out of business. One of the big ones is cryptocurrency scams and tricking people out of their cryptocurrency.
Kerry Tomlinson:
Right now, not a lot of people have invested in cryptocurrency. I mean, yes, a lot have but it's certainly not the majority of the population, but there are lots of tricks to getting people to click on links that will allow them to get their cryptocurrency stolen. So if you do have cryptocurrency, please do research how to protect it. Another huge one that is being reported in that money lost are romance scams, as we talked about and then this is the best. This is a combination, cryptocurrency and romance scam rolled in into one. This is huge right now and I did a story about it because it is huge. Here is an actual message from a cryptocurrency romance scammer, and we'll go through it so you can see what is the tactic that they use. So they get to know you either right away, or even after a month of chatting.
Kerry Tomlinson:
They say something very similar to this, "My aunt graduated from the Massachusetts Institute of Technology in the United States and has 30 years of financial experience. She currently works as an executive at Citibank in Hong Kong and has a professional market analysis team. Since she will retire next year, I will cherish every trading opportunity," and then they say, "You are my love and I want you to get in on this opportunity as well. We can get rich together," and they have answers for all of your questions. Ultimately, things tend to go down two paths. Either, they have you invest your money in cryptocurrency. They explain how to do it. You're a novice maybe, and you don't know what to do. They explain how make it so easy, but they have you invest on a fake app that they have created.
Kerry Tomlinson:
So you are really just investing money in a scam or they will have you invest on a real app, but they do it in a way where they will end up with your money. We are seeing people losing hundreds of dollars to thousands of dollars, to tens of thousands of dollars with this particular scam. It is very popular right now and they're using all kinds of crazy things. This is a very international scam, so people from countries around the world are doing this on dating platforms. One thing they're doing is they will hire someone to do the video chat or the voice chat with you so that you will get the voice of the person who matches who you think you're dating online, whether it's a young man, older man, young woman, an older woman.
Kerry Tomlinson:
Whoever you're dating, they will hire out to get you a voice or a face to match that, to make it seem real, so if the person you're dating online talks about investing, I say steer clear, not worth it. One of the hugest ones, really where people are losing the most amount of money is shopping scams, and this is ads that appear on social media platforms. The number one place for the scam ads, according to the Federal Trade Commission is Facebook and Instagram, the two of them. Here's an example of the kind of thing that is happening. So look at this great toy that you can get for your child. It's a remote controlled Velociraptor. This ad appeared on Facebook among other places, and you think great, click on it to take a look, $34.99. What kid would not love this? I want this. I want three of them.
Kerry Tomlinson:
I want them for all of the kids in my family and all of the adults in my family. This is so great. So you click on it and you order, and this is what you actually get. Victims say they got a tiny little plastic, not remote that it sort of only remote, if you throw it across the room, which this person probably did. This is very common. My general rule is I do not respond to ads directly on Facebook or Instagram or social media. My general rule is I go separately to the website. We're going to give you some extra tips to help you with this, because this is really the number one cause of the scams that the Federal Trade Commission is talking about. Remember that crooks copy photos. We've seen many cases where they just simply copy photos, say from Etsy shops.
Kerry Tomlinson:
Etsy is that sort of eBay for art, you might want to say. They also can send you pretend tracking numbers to pretend that the info was arriving or fake screens showing that the package is arriving. So you really want to research the product independently of the ad. You want to research the company independently of the ad. Does the company have complaints? An easy one to do is put the name of the company and then just put the word complaint into the search engine and see if you can come up with something. See, if you can find some kind of track record on that company. Look at the reviews. My gosh and if the reviews are all great, do remember that attackers can simply go to gig websites like Fiverr and TaskRabbit and pay five bucks and get people to do fake reviews.
Kerry Tomlinson:
It is not hard and they have ways of doing it, so these people appear verified. Verify separately, that's what we're talking about and finally, stay away from the crazy deals because that is how they draw you in, that's the number one way. That is the end of our little session on social media tricks and traps. There are many, many more out there, we could definitely do an entire webinar on that, but I wanted to get you the basics on the biggest ones that are affecting all of us every day, so that you are aware of what to do. Going to stop sharing now and go to our next one, which is home router safety, home internet safety. It take me just a moment. I don't know if you guys have some things to chat about, in the meantime.
Kerry Tomlinson:
The home internet safety is actually really super important and I was a little concerned that you all might not choose that one. The reason I was concerned is because this is the actual most important part of it for all of us. Now, I am going to share because if we're not doing this, then a lot of the other stuff we do doesn't matter. So here is the front door for your house and here is also the front door for your house. That is your home router. This is your digital front door, and this is how you interact with the digital world, and the question is, are you locking your front door. In most places in the United States, you want to lock your front door when you leave the house but are you locking your router? What we're seeing is since the pandemic started with so many people working from home and doing so much more at home, the number of attacks on home routers has jumped dramatically.
Kerry Tomlinson:
The blue dots are attacks on corporate routers, office routers and the dots that are actually gray are attacks on home routers in the pandemic. You see, there are so many gray dots that it looks black because the attackers know that. They know that we are not necessarily locking our front door. This is what can happen, if you don't block your router. Here are some of the things that can happen. This is a very sad case out of England. The headline is, "Did weak wifi password lead the police to our door." The answer is yes and no. So this is a family that was just at home one day when police raided their homes. Kate, the mom, not her real name says, "They took everything, our desktop computer, both our laptops, our mobile phones, a laptop, I had borrowed, even old mobile phones that were lying around in drawers." Why?
Kerry Tomlinson:
Because their home router was showing that they were dabbling in child pornography. Of course it wasn't them, it was attackers using their router, but police did not know that. They were investigating and it took months to get it all figured out. Would you like to be without all of your computers and phones for months? No, I don't think so. Maybe in the fantasy world, we think that would be wonderful, but reality is we wouldn't be able to do much work. It turns out it wasn't a weak wifi password and this a bit of a distinction. There's the password you use to get into your wifi, like guests come to your home, you have them type in that password and they can use your internet connection.
Kerry Tomlinson:
Then there's the password for the router and running the dashboard of the router itself, the administrative dashboard, and that's the one that they had a weak password on. It was in fact, the default password that came on the router when they bought it and they just never changed it. Those passwords are searchable online, crooks use automation, they scan and they find home routers that are using these weak default passwords, and they just jump right in. We'll go through a checklist, so you don't have to worry about that, about remembering exactly what to do. Another thing they can do is redirection. This is a fake bank website, and what crooks can do is if they have control of your home router, you can go to your bank and type in, "Oh, you start to type in the name of your bank," and they will redirect you to a pre-made fake bank website.
Kerry Tomlinson:
In some cases they have as many as 60 pre-made bank websites waiting for you. So, obviously the 60 most popular banks for your area, so whatever you start to type in, they will redirect you to that site. The way to tell is by looking at the web address, so this an actual fake bank website, and the address is not the same web address as the real, not West Bank that you would use if you were actually going to use it. That's really the only way to tell it with redirection is to pay attention to the web address. If necessary, do a search separately and say, what is the actual web address. You can bookmark your bank web address, so that you can then verify, have I been redirected to something different than what I actually use? Then they like to sell your router. This is an actual ad from the dark web, talking about selling people's routers.
Kerry Tomlinson:
They can sell access, for example, to the child pornographers, they probably sold access to that family's router, to the child pornographers, so they could do their thing without worry of being caught by law enforcement. They can also send out attacks, the famous DDoS attack for distributed denial of service, long phrase, meaning just bombarding a system or a site with so much traffic that it can't function, and that is what has been happening in Ukraine over the past week, actually. For years in Ukraine, this kind of things been happening, but specifically over the past week in preparation for invasion. They were doing that to, for example, the military sites and bank websites, to try to prevent people from using the sites.
Kerry Tomlinson:
And it did actually work, and can you imagine it's been done, attackers will do it say to hospitals, they'll try it on hospitals during peak moments of the pandemic to try to pressure the hospitals into paying money or some other reason, so do you want your home router to be used to attack your bank website, so you cannot get into your bank website? You probably don't want that. So that's the good reminder, another good reminder that we need to focus on that home router security. So what are we going to do? We're going to win and back our routers. These are the four steps, the four basic steps that we want to take to make sure we are using the internet safely at home, protecting ourselves, our families, our loved ones, our bank accounts, our work stuff, everything.
Kerry Tomlinson:
First of all, we need to get to the router, and if you have any questions about your router, I encourage you to do a search because that is how cybersecurity experts do it because there are so many different kinds, brands of routers that no one person is going to know exactly what to do. So what you want to do is you want to say, "How do I access my blank brand router," go to the manufacturer's site? They'll tell you how to log in. And you will see a screen like this, a dashboard. It won't be exactly like this. There are many different kinds. I picked this one because it was actually kind of the most interesting of the screens.
Kerry Tomlinson:
Some of them are not very interesting, but get used to looking at the dashboard, if you are not familiar with this, if you are not comfortable with this and start to say, "Okay, this is the kind of thing I need to at least learn a little bit more about it." You don't have to learn what everything means at all. You can only learn what a few things mean, and you'll still be able to do things to keep yourself safe. So this is the preparation for the four steps that we are going to do. We're going to get onto the router and learn what to do. First, we need to change the default password, just like that family that had the police rate for child pornography. The default password is often something like admin123456. I do see some companies are randomizing their default passwords.
Kerry Tomlinson:
You need to change it. You need to change it so that your router is not used for things, and so you don't suffer because crooks are using it, and then, what you also get is the bonus of what this meme shows, "What you see versus what your family sees when you reset the router, so you're just clicking the button on the left, but see you as a technician, an experienced seasoned technician, you will get to feel the same way when you change your default password on your device, you'll be like, "Wow, I am a tech guru. Look at me go." The next thing you want to do is update your router. We talked to a cybersecurity expert, who said if you update your router, you're pretty safe. The bad thing is people don't normally update their routers. Strive to keep them updated.
Kerry Tomlinson:
So what does it mean to update? A lot of people say, well, does updating your router mean buying a new one that is up to date, that's more modern than the one that I have. That is not what we're talking about. What we're talking about is updating the security on your router. The digital security, it's technically called the firmware, sort of like software, but on your device. That means you download the security update, and if you're on that dashboard screen, you'll see something that'll tell you how to download that update or you can simply do a Google search, do a search engine search, how do I update my blank brand router? Why? Because what happens is, after a piece of technology is built and sent out and marketed, people look for ways to break into it.
Kerry Tomlinson:
Researchers look for ways to break into it, to try to find that before the attackers find it and attackers spend a ton of time and money learning how to break into routers. So either A, a researcher will find a vulnerability and say, "Hey, manufacturer, I found this, let's fix that before the bad guys know about it," then the manufacturer sends out the update and then, we download that update. So attackers can't get in, or the attacker finds it before a researcher does and the attacker doesn't tell anybody and starts attacking your router and other people's routers. Then people find out about it, and then the manufacturer sends out an update, and then we need to download that. This is a crucial, crucial part for all of our devices, but especially the router, which is the front door to our digital world, our digital home.
Kerry Tomlinson:
Some routers will allow you to set it to update automatically, do that if you can and if not, experts say, maybe check every six months to see if there was a new update. You can also try doing a search about your router and see if there are any updates. This is a crucial, crucial, step. Number three, change your encryption. Encryption is the scrambling of the data from your router, so hopefully attackers aren't able to listen in when you send things like, "Oh, your bank account passwords," that kind of crucial thing, so they don't drain your bank account. You want to set your encryption. You'll look on that dashboard. You'll look for the word encryption and if you can't find it, you can do the search. How do I change the encryption on my blank brand router?
Kerry Tomlinson:
Look for WPA2 or WPA3, wifi protected access two or three, and if your router cannot do that level, which is the level that experts say you need to have to be protected, then you do really need to buy a new router, which is true to true, because this is the sort of basic minimum protection that experts want you to have. Then last but not the least, change your wifi password. So we were talking about those two different things, the wifi password, that is what you use to sign on to the internet that to ... a guest comes to your house, you give them, "Oh, what's your wifi password?" It's whatever funny thing you've made up for the moment. Hopefully not 123456.
Kerry Tomlinson:
Then there is your router password to get to the administration of the device, so you can do all these fun steps that we're talking about. You also want to change your wifi password, if it is something easy or maybe, who have you given it to in the past, and you aren't sure if you still want them to be able to access your device, change your wifi password. So we're going to look at these four steps so that you can really focus on that. Why change your wifi password? Because this meme says it, "Are you my home router, because we connected automatically?" Meaning if someone has connected to your wifi in the past, they can connect automatically unless you change the password. So here are the four good things that we want to do. The four basic steps to be as safe as possible at home, these are really where you got to start.
Kerry Tomlinson:
Change the default password, update the router, change the encryption and change the wifi password. What I hear from people when I talk about these things is they say, "Wow, thank you." Some people are on top of this and done this and they've done this. A Lot of people are intimidated by their routers, which is understandable that we don't. There's no class in school that we went to that said, here's how to update your router, it's something that as adults, we have to learn how to do. So, what I encourage you to do is to hug your router like this cat. If you're intimidated by it, grab it, touch it, look at it. You don't have to know what the numbers mean or what the letters mean, but we do need to recognize that this thing protects us from the bad people who really want to do bad things.
Kerry Tomlinson:
In fact, one thing that criminal gangs do is they fight back and forth over your router. They'll get on there. They'll download their malware onto your router. They'll use you to attack maybe hospitals, maybe your bank or they'll sell you. Then, another gang will come along and will rip out their malware and ... the original malware and install their own malware and it can go back and forth this battle that's going on, on your router in the corner of your house, without you even knowing, unless you take these kinds of steps to protect yourself. So that is the end of this particular presentation. I hope it helps if you have any questions, let us know and we will get you good info to help you stay safer.
Cassie Fulton Flores:
This is so great, Kerry, thank you so much for sharing all of your knowledge with us today. There were just a couple of questions that came in that I want to take to us a minute to answer. One was if you found a brand of router through your research that you would recommend is better from a security point of view.
Kerry Tomlinson:
And that is a great question. I do not recommend any particular brand of anything, what I tell people to do and what I do when it's time to do something like that is I go to reputable sites that review these kinds of things, and the two sites that cybersecurity experts recommended to me when I started working in this field and that I recommend to you are PC Mag and Tom's Guide. Those two, every year they do reviews of routers, VPNs, password managers, all of this good stuff. Sometimes the content is technical and detailed, but you can just read through in a general way and get a sense of what would work for you and what would not work for you. That to me is the easiest way. If you go online and just say, "Oh, best routers 2022," you're going to get a lot of scam results. So instead, go straight to those resources and maybe we can put those in the chat so you can see them.
Cassie Fulton Flores:
Yup. I jotted those down. We'll send them in the followup email too. One last question, is using data on the cell phone safer than wifi at home?
Kerry Tomlinson:
Yes, and the answer ... I ask this question of cybersecurity experts to get the latest answers and at home, if you are doing these steps for your router, your wifi should be protected if you're doing those four steps. So at home, using your cell phone would not necessarily be safer. However, when you're out and about and you're using public wifi, experts say using your cell phone data is safer than using the wifi. However, you can also use a VPN, a virtual private network, which is basically something that allows you to do your stuff safely, when you're in a place like on public wifi. You can use a VPN and use the public wifi and in theory, you will also be safe. That is definitely something that I do. For example, when I'm traveling, I travel internationally a lot and I will make sure I have an international plan so that if I'm in a sketchy wifi area, I will switch over to my cellular data.
Kerry Tomlinson:
If anyone has questions about that, that's just on your phone, where you turn off the wifi, you can turn off the wifi and it automatically switches over to cellular data.
Cassie Fulton Flores:
Yeah. Great. Well again, Kerry, thank you so much for spending the time with us today. This was really helpful. I think there's a lot of great comments in the chat. Just thanking you for the time and for the content as well today. I'll send those to you too because you've been presenting here and you haven't been able to see the chat so you can see that too. Anyways, thank you so much, Kerry. Thank you everyone for joining us today and spending the time and look forward to seeing you next month, the topic will be ransomware and you'll be seeing more information coming out soon around that. So thanks everyone. Have a great rest of your day. Take care.
Kerry Tomlinson:
Thanks so much. Bye everybody.
Cassie Fulton Flores:
Bye Kerry.