We Got Conned! Our Conference Proves It Can Happen To Anyone - securing sexuality podcast episode 5710/22/2023
Securing Sexuality is the podcast and conference promoting sex positive, science based, and secure interpersonal relationships. We give people tips for safer sex in a digital age. We help sextech innovators and toy designers produce safer products. And we educate mental health and medical professionals on these topics so they can better advise their clients. Securing Sexuality provides sex therapists with continuing education (CEs) for AASECT, SSTAR, and SASH around cyber sexuality and social media, and more.
Links from this week's episode:
In today's digital age, where technology has become an integral part of our daily lives, the need for caution and verification in protecting our bank security cannot be overstated. With the ever-increasing sophistication of cybercriminals and the rise in online financial transactions, individuals and organizations must take proactive measures to safeguard their financial assets. One of the fundamental aspects of protecting your banking security is exercising caution while conducting online transactions. This entails being vigilant and aware of potential threats, such as phishing attempts, malware, and identity theft. Phishing attacks, for instance, involve fraudsters impersonating legitimate institutions and tricking individuals into revealing their sensitive information, such as usernames, passwords, and credit card details. By being cautious and verifying the authenticity of any communication or website, you can significantly reduce the risk of falling victim to such scams.
Verifying the legitimacy of websites and online platforms before entering any personal or financial information is paramount. Always ensure that the website address begins with "https://" and has a padlock symbol in the address bar, indicating a secure connection. Additionally, double-check the website's domain name for any misspellings or variations that could indicate a fraudulent site. It is also advisable to avoid clicking on suspicious links or downloading files from unknown sources, as these could contain malware designed to compromise your bank security. In addition to exercising caution, employing strong authentication measures is crucial to protect your banking security. Simple passwords are no longer sufficient to defend against determined attackers. Implementing two-factor authentication (2FA) adds an extra layer of protection by requiring users to provide additional verification, such as a unique code sent to their mobile device, in addition to their password. Significantly reducing the risk of unauthorized access to your bank accounts, even if your password is compromised. Regularly monitoring your bank accounts and transactions is another essential practice in ensuring your banking security. By reviewing your account statements frequently, you can quickly identify any suspicious activity and report it to your bank or financial institution. This proactive approach not only helps protect your financial assets but also enables the authorities to investigate and take appropriate action against cybercriminals. Furthermore, keeping your devices and software updated with the latest security patches is crucial. Cybercriminals often exploit vulnerabilities in outdated software to gain unauthorized access to sensitive information. By regularly updating your operating system, web browsers, and security software, you can ensure you utilize the most secure versions available, effectively reducing the risk of exploitation. Educating oneself about the latest security threats and best practices is essential in protecting your banking security. Staying informed about emerging trends in cybercrime and understanding the tactics employed by hackers can empower individuals to make informed decisions and take appropriate actions to safeguard their financial assets. Many financial institutions offer educational resources and security awareness programs to their customers, which can be an invaluable source of information and guidance. Lastly, it is crucial to maintain open lines of communication with your bank or financial institution. If you notice any suspicious activity or have concerns about the security of your accounts, promptly contact your bank's customer support. They can provide guidance, investigate potential security breaches, and take immediate action to protect your interests. The importance of caution and verification in protecting your banking security cannot be overstated. By exercising caution, verifying the legitimacy of websites and platforms, employing strong authentication measures, monitoring your accounts, keeping your devices up to date, and staying informed, you can significantly reduce the risk of falling victim to cybercriminals. Remember, safeguarding your financial assets is a shared responsibility between individuals and financial institutions, and by working together, we can ensure a more secure digital banking experience for everyone. Key Concepts:
[00:00:00] : Hello and welcome to securing sexuality. The podcast where we discuss the intersection
[00:00:04] : of intimacy and information security. I'm Wolf Goerlich. He's a hacker and I'm Stefani [00:00:09] : Goerlich. She's a sex therapist and together we're going to discuss what safe sex [00:00:14] : looks like in a digital age, and we're hot off our Detroit event. The thing we've [00:00:19] : been telling you guys about all year long happened and it was pretty cool, actually. So [00:00:26] : we're gonna go quick to one audio clip to give you a sense of what it was like. What [00:00:33] : have you liked most about the conference thus far? I think what I've enjoyed the [00:00:38] : best is being able to bring my IT husband to the conference because as a therapist, there [00:00:45] : are so few times it feels like we can integrate what we do together. But this is [00:00:50] : just another opportunity to engage and see that there are ways that we can make parallels [00:00:55] : to our careers, and the good thing about that is that it lets you have those metaphors [00:01:00] : and those journeys with other organisations and other careers, and I think it's just [00:01:06] : another great opportunity for us to see there's so much that we can do together for [00:01:10] : the people that are coming and seeking out our help throughout any resource or for [00:01:15] : any resources or any career path. So, yeah, that's been a really cool time to see [00:01:18] : that was what I was hoping to get out of this, right? Stephanie has, like, this idea [00:01:26] : of community and and togetherness and this idea of being authentic and this idea [00:01:31] : of from your world bringing the the rigour and from my world bringing the, uh, eccentricity, I [00:01:38] : guess. I just think. And so, uh, sold out, uh, packed event. But at the height of [00:01:49] : everything, going great at the height of like, this is our moment, right when you [00:01:54] : and I are about to take the stage and introduce our keynotes. And we've got, uh, you [00:02:00] : know, all these people in the ballroom and they were downtown Detroit, and it's a [00:02:03] : beautiful day and the sun's coming in and you can see the Detroit landscape. Uh, and [00:02:08] : the food is coming, you know, in the back of the room, you can smell the food and [00:02:12] : everyone's ready. We're about to take the stage. That's the moment where we almost [00:02:17] : lost it all. Yeah, I mean anybody that's known us for more than 30 seconds or listened [00:02:23] : to more than one episode of this podcast will know that you and I don't do anything [00:02:28] : on easy mode, and we always walk away with the story. I feel like I had expected [00:02:34] : our story to be. We did a conference, and it was awesome, and everybody wants us [00:02:40] : to do it again. And that is that is part of the story. But there's also like this [00:02:46] : whole secret backstory that, um, a lot of our conference attendees didn't know about. Didn't [00:02:51] : see a couple of them heard about it after the fact. But this is this is sort of the [00:02:56] : big reveal of what happened behind the curtains at the securing sexuality conference. So [00:03:02] : to set the stage we had, we'd expected something might go awry. Right? We had some [00:03:08] : controversial speakers. Um, this idea of protecting Bali autonomy and this idea of [00:03:16] : protecting, uh, the pursuit of pleasure isn't necessarily always viewed positively [00:03:21] : in all circles of the world. Uh, we we had expected that not everyone is gonna appreciate [00:03:28] : what, uh what was going on? Uh, and so, as people were were filing in and you and [00:03:36] : I were getting ready to take the stage. A series of texts comes in. It started out [00:03:40] : just one text, and it was one that looked like a million other text messages that [00:03:46] : I've gotten right. It was it was from our bank, and it just said, you know, hey, somebody [00:03:51] : tried to buy something at best. Buy, uh, for this amount was that you press one for [00:03:57] : yes or two for No, it clearly was not me. So I pressed two for no, and I went about [00:04:02] : my business. And just a minute or two later, my phone rang and they told me it was [00:04:09] : our bank's fraud alert division that they had registered, that I had said two for [00:04:14] : no and that they wanted to reach out because they also saw a pending um, zelle transaction [00:04:19] : trying to come out of our account for $5000. And they're like if this best buy transaction [00:04:24] : isn't you. We wanted to call and make sure that this Zel was you. And, um, dear readers, it [00:04:30] : was not in fact, me. And that began our grand adventure. And so a couple of things [00:04:37] : here, first off the the text message was from a number that had texted us before, Uh, from [00:04:46] : the bank. The phone number was actually from the fraud department. So it was the [00:04:51] : the same number that you would call if you were gonna report fraud. Yeah, OK, so [00:04:56] : the phone call starts off a about 45 minutes of me on the phone, and, you know, at [00:05:05] : any other point in time, I'm I'm married to a cybersecurity expert. Usually I would [00:05:11] : pull you aside and throw you on the phone. This is this is what you do. This is your [00:05:15] : wheelhouse, not mine. But again, this happened as all of our conference attendees [00:05:20] : were pouring into the ballroom for our first keynote on our first day. And so you [00:05:27] : know, I, I can handle it. I just I step out of the ballroom. I'm frustrated because [00:05:30] : I'm missing our amazing speaker. But it's a really easy thing to get resolved. And [00:05:35] : I'm on the phone, and at a certain point, they say, um, we're going to send you a [00:05:40] : push notification. We need you to do what the instructions say. And this is where [00:05:46] : sometimes being frazzled and distracted and maybe a little literal comes in really [00:05:52] : handy because the message that I got said, you know, please type in password. And [00:05:59] : in hindsight, I suspect they wanted me to tell them our password. But again, I'm [00:06:05] : greeting people as I'm on the phone, I heard people stopping to ask What's going [00:06:09] : on? Why I'm not at the talk. I'm really frustrated that I'm missing our talk. I'm [00:06:14] : even more frustrated that I'm missing lunch. And so I do exactly what I am told to [00:06:18] : do, and I type the word password and I hit Send that part of it just just amuses [00:06:25] : me. Please type password. All right. Password done. Right. It it feels very much [00:06:30] : like, uh, say the word friend and enter right. That amused me. But at that point [00:06:34] : in time, we thought, uh, that this was someone taking a run at their bank account [00:06:41] : and that the bank was helping us out. And it it sort of made sense. Um, a transfer of [00:06:48] : that size is a is above the, you know, automatic minimum. So that would have raised [00:06:53] : red flags. Uh, gift cards on our debit card would have raised red flags. Uh, I am [00:07:00] : a staunch believer in never using a debit card. If you have a debit card, you set [00:07:04] : it to a pin that you promptly forget. And you put the debit card in a drawer where [00:07:09] : it's promptly forgotten. And you don't have to worry about, uh, fraud in those cards. Because, of [00:07:15] : course, debit cards are not protected to the level of, like a a credit card. But [00:07:21] : also, as I recall, they, like, verified a lot of stuff with you. This this was th [00:07:26] : this seemed like the bank because they were verifying What? What do they What do [00:07:30] : they confirm with you? They knew our address, so they confirmed our address. They [00:07:36] : tried to confirm the last four of the bank account, but this is both a saving grace. And [00:07:46] : also it could have been if I had, you know, known my accounts by heart, but perhaps [00:07:50] : the red flag a little bit sooner. We have obviously multiple accounts, right. We [00:07:57] : have our nonprofit that we have set up. I have my clinical practise. We have our [00:08:01] : individual banking accounts. I don't know all of those off the top of my head. And [00:08:06] : so they were trying to confirm the last four of an account, and I actually do know [00:08:13] : my personal account, the last four by heart and because this was happening in a situation [00:08:20] : where I was surrounded by people and had lots of things going on and was very distracted. I [00:08:25] : didn't recognise the account number they were reading to me. And if I had, I would [00:08:29] : have noticed, you know, to your point about debit cards that the account they were [00:08:33] : asking about is not one that we use frequently that it's not one that I would expect [00:08:39] : the bank to reach out to me about, because it's not one that we we make everyday transactions [00:08:45] : or purchases with. So had I been a little bit more on the ball or the kind of person [00:08:51] : that memorises all of her bank account numbers by her, I might have noticed something [00:08:55] : a little bit sooner. But I didn't. It was easy for me to say, Yeah, that sounds like [00:09:01] : it could be right because they had already called my phone number. They had already [00:09:07] : given us our business address or given me our business address. There was a lot of [00:09:12] : information that they had that they didn't need to ask me for. We're we're trusting [00:09:16] : that this is the bank and they are trying to resolve. And I'm saying resolve in air [00:09:22] : quotes uh, this problem with Zel, right? There's this this transfer, which seemed [00:09:28] : weird because from a foundation perspective, from a nonprofit perspective, you you [00:09:33] : take in donations and you pay bills. You don't. It's not like a personal account [00:09:38] : where we're selling cash all over the place. So that seemed weird. I recall that [00:09:42] : they, like, put you on hold, and there's this whole long conversation about it. Well, that [00:09:45] : was part of what made it seem like a fraud was happening because we don't send or [00:09:50] : receive sales from our nonprofit account. So it makes perfect sense that if there's [00:09:55] : a Zel trying to come out, that would be a fraudulent Zel, because that's not the [00:09:59] : purpose of our of our foundation counts. But this was taking a really long time, and [00:10:06] : when I say a really long time, I mean a good long time of me sitting on hold. While [00:10:10] : they told me that one fraud person was talking to the Zel fraud person and these [00:10:15] : were not conversations, I was privy to I was literally just sitting on hold, and [00:10:19] : after about 45 minutes, I was getting really frustrated because we were throwing [00:10:24] : a conference and there were things I needed to be doing, so they came back on. They [00:10:29] : said, This is gonna take a while for us to untangle. We have to talk to the Zel team. We [00:10:34] : have to work on the fraud team. Is there a time when we can call you back and we [00:10:39] : set up an appointment for them to call me back at 4. 30. And so at that point, you [00:10:44] : know, I got off the phone, I went back into the ballroom, I very quietly told you [00:10:49] : that they had caught the fraud, that nothing was going to come out of our account, that [00:10:54] : they were working on the cell piece and that they were going to call us back later [00:10:56] : that afternoon. And you and I went about our day thinking that everything was pretty [00:11:01] : much squared away. And so, for the next few hours, So the keynote was, uh, at 11. Um, the [00:11:08] : keynote went great. Although you you missed it. I'm sorry, but she did a fantastic [00:11:11] : job, and I think it was very eye opening for both the technologists and the sexologists [00:11:17] : in the room. Uh, after that, we had a game. Uh, did you make it back in time for [00:11:22] : the game? I did get to see our jeopardy. Yes, Sex tech jeopardy went like gangbusters. Yeah, that [00:11:28] : was so cool. So I like, uh, obviously, jeopardy is a protected term. So this is jeopardy, inspired [00:11:34] : by our tribute to jeopardy and the slide deck that we use spelled jeopardy with a [00:11:41] : T. And so we had some some great questions there. One of the things that was amusing [00:11:47] : to me is hacker Jeopardy is a long, uh, storied tradition. Uh, in a hacker summer [00:11:55] : camp, uh, ran by, uh, a couple of our friends and one of our our speakers and one [00:12:02] : of the, uh, village, the Internet. Uh, toy hacking village. Uh, render man of the [00:12:08] : internet of dons project I had reached out to me was like, Hey, I am the, you know, ex [00:12:12] : time winner of Hacker Jeopardy if you want. If you want contestants. And I'm thinking [00:12:18] : some of our questions were like, What is a password and what is multi factor? You [00:12:23] : you, Uh, you you you would really quickly overpower uh, the idea and the spirit of [00:12:29] : this. I mean, we wanted to use it as a chance for our therapists to test their technology [00:12:35] : skills. And that involves starting with, um you know, we we don't start out in expert [00:12:42] : mode, but we got there and some of those $1000 questions were hard and they were [00:12:46] : getting them. You know, the thing that struck me as being just like so wholesome [00:12:50] : is we didn't know why. One of the person one of the contestants was trying to not [00:12:57] : answer all the questions because, uh, this particular contestant was clearly dominating. And [00:13:02] : why was that? They wanted prizes from second place. So when the game wrapped up, all [00:13:08] : three contestants get together and they laid out all the prizes and they took turns [00:13:14] : picking out, divvying them up in a fair and equitable way, and that just that seems [00:13:19] : so wholesome to me. It's very much my world coming to the table. I. I loved it every [00:13:24] : time that contestant buzzed in or got a question right, we could see them getting [00:13:30] : more and more frustrated and I couldn't understand why So it was really lovely to [00:13:35] : find out afterwards. It's because they really want it to be second place and so that [00:13:40] : redistribution of prices, um, kind of made my day. That was lovely. It was an It [00:13:45] : was a great moment. It was a lot of fun. And then we head into our afternoon sessions [00:13:49] : and and talks are going on. Um and we knew we had this, like 430 call coming up and [00:13:56] : they called early. They did. They called it four. And because I am nothing if not [00:14:04] : chill and low key, my reaction was not concern but frustration because they made [00:14:10] : me walk out of another talk. And guys, we had really good talk. These were people [00:14:18] : I had been looking forward to hearing and learning from all year. And so getting [00:14:22] : pulled out of a second one didn't did not mean that I answered my phone with, you [00:14:28] : know, the greatest of tact or or diplomacy. But I did and I asked them why they were [00:14:35] : calling me early and they said that they had to call back sooner because they, um, had [00:14:40] : been working on the Zelle piece and now they could see a $40,000 wire transfer trying [00:14:46] : to come out of our account. And they wanted to know if that was us. And that's when [00:14:51] : I was no longer chill. And that was when I started to panic a bit and thankfully, right [00:14:57] : around the time they're telling me this, uh, the talk set out, and I see you walk [00:15:02] : out of a room and you're talking to somebody. And I believe I literally grabbed you [00:15:07] : by the shirt sleeve and dragged you away. Because at this point, I am tagging in [00:15:11] : the hacker husband. This is above my pay grade. This is beyond my skill set. And [00:15:16] : now I want you on the phone with the fraud people. Now, one of the things that had [00:15:21] : happened the first time that they called you was they sent a, uh, S MS code. So a [00:15:29] : text message with a one time password or OTP code. Uh, and so we're we're sharing [00:15:34] : this so that we can verify your identity. Please read it back to us, and, uh, and [00:15:40] : of course you did. Um and so we get, I get involved, and this person is very brusque [00:15:49] : and very high. pressure, which never goes well with me either. I'm like, please hope, uh, and [00:15:58] : and so, by the way, uh, one of the things about social engineering is oftentimes [00:16:03] : security awareness, training or whatnot will teach you the tactics, like, look for [00:16:07] : a misspelling or look for a bad logo, uh, or, you know, check the email headers or [00:16:13] : any sort of things. But realistically, all K for as long as the con game has been [00:16:19] : afoot involve a couple things. They involve the threat of loss. Uh, they involve, uh, high [00:16:26] : pressure. We gotta take care of this right away. Uh, and they tend to hit at a point [00:16:31] : in time when we know that the person is distracted or otherwise, Not at their best. Right? If [00:16:37] : you're at your cognitive best, that's not when a con artist is gonna go after you. Uh, so [00:16:42] : this started to have all those same same senses to it now, I didn't quite get that [00:16:48] : yet, but I knew enough to say this is a good moment for me to pause and think I'm [00:16:55] : like, please hold. And we walked back to our room and then put him back on speaker [00:17:00] : and I think I slid you a piece of paper that said, Are you really sure this is the [00:17:04] : bike? And at that point, I said, I don't really know and we asked them to give us [00:17:11] : a minute to log into our bank account. That way we could see what they were seeing, because [00:17:15] : at this point, they have been telling us they have frozen our account that we don't [00:17:21] : need to worry about the pending cell or the pending wire transfer because they frozen [00:17:25] : the account. Now they just need to make sure that we're protected and where you and [00:17:30] : I finally had the quiet and the privacy and the space to breathe by. Going back to [00:17:35] : our rooms was when they tried to lay the trap, which was we need to move your money [00:17:43] : into this other account to make sure it doesn't come out with that wire transfer. And [00:17:48] : you and I said, Great, we have several other accounts. We can do that right now. And [00:17:53] : that was when the, um, bank fraud person got really frustrated with us. He he did. He [00:18:02] : did. He's like, Well, I'm trying to help you, I. I can't just keep on the phone, blah, blah, blah. I'm [00:18:07] : like, what? Please hold. We weren't seeing fraud alerts on our side. We weren't seeing [00:18:14] : pending cells. When we looked at our bank information, we weren't seeing AAA wire [00:18:18] : transfer request and nor were we seeing our account frozen. Everything looked totally [00:18:24] : normal on our side. And I don't remember what we said. But you took him off of hold [00:18:30] : and said something. And the the bank fraud alert person hung up on us? Yes. And that [00:18:37] : I think the point when we went OK, Clearly, this is not our bank. The concern I had [00:18:44] : was we did see a pending transfer. That was the transfer. This, uh, I'm using air [00:18:52] : quotes. Banker was trying to get us to collect to process. And this pending transfer [00:18:58] : would have transferred all our funds to this other bank account. And this other bank [00:19:03] : account ostensibly was set up for us. Uh, but we had no way of logging into it. And [00:19:09] : this other bank account, uh, ostensibly was meant to protect, uh, the funds from [00:19:15] : being stolen from our nonprofit, but they were very reticent to allow us to move [00:19:21] : those same funds to one of our other accounts. And also this transfer, I mean, literally, guys, it [00:19:27] : was down to, like, one click. All they need to do is convince us to click this one [00:19:31] : button to send these funds. Um, and my question was, that sounds like a a great idea. Mr. Banker, Uh, we [00:19:41] : I love the fact that you've set up this other account for us and and saved us all [00:19:45] : sorts of time. As I'm remembering how long it took us to set up our nonprofit bank [00:19:49] : account in the first place. How much documentation we had to present? Uh, but let [00:19:54] : me ask you this. We have pending checks, you know, speakers and for food and for [00:19:58] : facilities and everything else. What's gonna happen to those checks? And do you remember [00:20:02] : what the the the friendly Banker told us? Yes. They could close out our account and [00:20:08] : move the funds into another account and the checks that I had written for our speaker [00:20:12] : honorariums and for our venue and for our caterers and for our a V, those would still [00:20:19] : go through because for 30 days the bank would honour the checks I had written off [00:20:24] : of what was ostensibly about to become a closed account and then had me wondering [00:20:28] : First off, what a great bank to give us 30 day line of credit. And second of all, what [00:20:34] : a great bank to open up account, which the first time we did it took us well over [00:20:39] : an hour. And, uh and that was about the time I think they hung up on us. And so we [00:20:44] : very quickly we we we went to a bank. Yeah, And when we say quickly, we mean it was [00:20:50] : after 4. 30. By the time this call ended and we had 30 minutes to get to the bank [00:20:58] : and have the bank help us. And let me tell you, dear listeners, when the bankers [00:21:03] : stay late for you, you're in trouble. This is true. So we we book it into the bank, we [00:21:11] : explain what happened. Uh, we withdraw the funds because we can't be sure what how [00:21:16] : far the adversary has gotten into the account. Clearly, they've done quite a bit. Uh, we, you [00:21:23] : know, burn the account number and the debit cards to the ground. We we move everything [00:21:27] : over. One of the things that really frustrated me was it turns out, not surprising [00:21:33] : anyone at this point in time, our our friendly bank fraud department was not the [00:21:38] : friendly bank fraud department. Our friendly bank fraud department was someone in [00:21:41] : Texas, uh, who had an android phone and that S MS text message to verify our identity [00:21:46] : was actually them, setting up the account on the android phone with the the mobile [00:21:53] : bank APP, which they then set up this transfer and again, all they had to do was [00:21:58] : convince us to click the button, transfer the funds. This would have been the very [00:22:02] : last year of our conference, very last year because, as you and the actual bank fraud [00:22:09] : people who we spoke to sitting in the branch told me, if they move the money out [00:22:18] : of our account, it's a crime. But if they can convince us to move the money out of [00:22:23] : our account, we just made a tragic choice. So there's nothing anybody can do, right, right, right. And [00:22:31] : so, sitting in the bank at the banker's desk with the actual fraud department on [00:22:40] : the phone, which we had called, um, the actual fraud department sends us a text message [00:22:46] : to confirm our identity and asks me to read them the code. And I'm like, Wait, this [00:22:54] : is exactly what got us into trouble four hours ago. What are you doing? And and the [00:23:00] : fraud person says And I quote, but I'm actually with the bank so you can trust me. And [00:23:07] : And to be clear, I had spent the last hours feeling incredibly stupid and incredibly [00:23:13] : naive, and it just III. I was in a in a shame spiral. And this was my moment, I think [00:23:21] : of sort of like mental vindication, because when they sent through that text message [00:23:27] : with the code, they needed me to read back to them. It came up in the exact same [00:23:32] : text thread that the fraudulent notifications had come up in. It didn't even come [00:23:39] : up as a separate text, which means that they had spooked things well enough that [00:23:46] : had those alerts come in. Those initial 11 a.m. alerts come in. While I was sitting [00:23:52] : in a bank with a banker and you sitting next to me, they still would have looked [00:23:56] : exactly like the bank because they did look exactly like what the bank sent us. Yeah, Yeah, we [00:24:05] : learned a few things or rather remembered a few things, and I'm going to go over [00:24:10] : them in just a minute. But one of the things I thought was really fascinating about [00:24:15] : our conference was October is Cyber Security Awareness Month, which I always tell [00:24:22] : you is a big deal. And you always look at me and say No one knows this and no one [00:24:25] : cares. That's not true. I see no one outside of your world knows this and no one [00:24:29] : outside of your world cares. So. Cyber Security Awareness Month is apparently only [00:24:34] : for cybersecurity people. We all make each other aware of how no one's aware of this. And, uh, historically, I [00:24:42] : don't feel that awareness has been all that good or all that useful. But one of the [00:24:48] : things that we saw again and again in this conference because of the sexologists [00:24:53] : and technologists coming together because of the therapists and hackers hanging out [00:24:57] : uh, because of the way that we're mixing things up and making things relevant, was [00:25:03] : that I I we actually started to see some like changes, right people, uh, adopting [00:25:08] : password wallets and one of my favourites was and I think this is the Internet of [00:25:12] : dogs talk again. So again shout out to to render Nicole, who have also been on a [00:25:17] : podcast before. They said, Hey, who's using a password? Wallet and out of the back? One [00:25:23] : of the therapists yells out, I can't I just learned what it was the last session, and [00:25:30] : I thought that was so great. So we told the story and we're we're doing, um, we're [00:25:36] : we're, you know, paying bills. And we're, you know, paying the honours. And I love [00:25:40] : the speakers who reached out and said, OK, uh, so on the topic of bank fraud, I don't [00:25:44] : know if I should trust this. Did this really come from you guys like Yes, Good. We've [00:25:50] : made some progress. Why? I wanted to tell. The story is, you know, partly because [00:25:55] : Wolf and I live for a good story and how how can you not tell the tale of almost [00:26:01] : getting hacked at the hacker con you threw to help teach the non hackers how to not [00:26:05] : be hacked right? Like that's just Chef's kiss. Also, because Wolf is a hacker and [00:26:14] : I have spent the last nine years living with talking to socialising with and hanging [00:26:20] : out in Hacker spaces, and we almost fell for it. You guys like a lot of times when [00:26:28] : people get breached or when people fall for the stupid fishing attack their boss [00:26:35] : sends them or any number of things there is the They feel dumb. They feel stupid. They [00:26:41] : feel like they should have known better. They should have seen it. They somehow should [00:26:44] : have known. And this story is our proof that even people who come here and talk to [00:26:49] : you about this stuff for an hour every week and spend a year and a half organising [00:26:55] : an entire conference about it, full of our friends and loved ones who do nothing [00:27:00] : but talk about cybersecurity awareness month to each other. It can happen to us, too. It [00:27:07] : can. Even the people that know don't always see it. Yeah, and I think the the you [00:27:15] : said shame spiral Is that the phrase you used? I think the shame sprout or that type [00:27:21] : of sense of, uh, emotion prevents people from sharing when things happen, and that [00:27:27] : prevents the next person from knowing what's going on right. If you haven't heard [00:27:33] : about this, um, and suddenly someone calls up and says, Oh, by the way your bank [00:27:38] : is under attack. And don't worry, we've saved you. We've moved all your money. Um, you [00:27:42] : you got a very limited ability to recognise that attack is happening. And so I. I [00:27:48] : think it's really impactful to share these types of events. And it's that sense of [00:27:53] : shame and sense of embarrassment that keeps us from sharing. And we know the criminals [00:27:57] : share, right? They they share all practises all the time. Uh, which puts the, uh, the [00:28:03] : good guys, the victims at a disadvantage. Yeah, And so that's why oh, you know, we [00:28:09] : wanted to tell the story of Stephanie being so distracted that when somebody asks [00:28:13] : for her password, she literally types the word password. That is not a story that [00:28:18] : makes me look intelligent friends. So let's let's talk about a couple of ways that [00:28:26] : this could have been defeated. First off, when the bank texts you asking for a password, that's [00:28:32] : probably a good indicator that it's not the bank. Uh, they should never ask you for [00:28:36] : a password or pin. Now, obviously, as I mentioned, they did ask us both the real [00:28:43] : bank and the fraudulent bank for for S MS OTP or that second factor password. Interestingly, we [00:28:50] : went back into the bank, uh, this week. So we're still reestablished the account [00:28:56] : and everything, and they did the exact same thing. And I said, Why do you guys keep [00:28:59] : doing this right? So if you are on the bank fraud team, please do think of a better [00:29:03] : way to authenticate real people than doing the same tactics that the criminals are [00:29:07] : doing. Please, that would that would be lovely. Uh, so that that is that is one indication, another [00:29:14] : thing that's incredibly important. Now, this got left out of the story. But they [00:29:19] : also provided a case number through all this. So when a bank calls you, it's very [00:29:25] : easy to spoof a phone number, incredibly easy to spoof a phone number, and just about [00:29:30] : anyone can do it. The phone number system is is old and antiquated. It's gonna happen. So [00:29:35] : if a bank calls, you call them back, take the case number, take the information, call [00:29:42] : them back. We never wanna do that because like, oh, God, I'm gonna be put on hold. It's [00:29:46] : gonna take forever, and I get that totally get that, but call them back because one [00:29:52] : of the things that made this look realistic and one of the things that made this, uh, possible [00:29:56] : to get this far is the fact that they called from the right banking number. So keep [00:30:03] : an eye on what they're asking and keep an ear out for anything that doesn't sound [00:30:07] : right. Call the bank the number you have for the bank to make sure that it is not [00:30:14] : a spoof number. And it's right. And then just be ready to say please hold right, be [00:30:21] : ready to to pause. Uh, if there seems to be high risk if there seems to be a lot [00:30:26] : of pressure, Uh, if it seems to be, uh, like the person on the other phone isn't [00:30:31] : isn't taking no for an answer or isn't being so, you know, if they're if they're [00:30:34] : really pushing into something, it's probably not real. It's probably not, uh, not [00:30:40] : a good situation you're in. Yeah, you know, in hindsight, I, I am thinking back on [00:30:46] : all of my times, working crisis lines, right? A. A good portion of my career has [00:30:53] : been working on crisis lines, and the thing is, is that the people that are helping [00:30:57] : you when you're in crisis should be the calmest people on the. And when I had people [00:31:06] : calling to tell me that they were literally having their lives threatened in the [00:31:10] : very moment on the phone, my reaction my training was never to become equally distressed [00:31:18] : and equally freaked out and start yelling back. And so, you know, in hindsight, as [00:31:23] : I reflect on this experience, it occurs to me that the sense of urgency from the [00:31:29] : collar should have been a red flag for me. The actual fraud people, when we got to [00:31:35] : a branch and called them, were unflappable to the point of frustrating. Well, like [00:31:44] : I wanted them to take it a little bit more seriously because they were so calm. And [00:31:51] : that, I think, is one of my big takeaways is that if somebody calls you and says, I'm [00:31:56] : trying to help you and I'm trying to help you right now, and why won't you let me [00:31:59] : help you? Oh, my God. They're probably not trying to help you. The people that are [00:32:06] : there to help you in a crisis are going to be calmer than you are. And if they're [00:32:09] : not, they're trying to rile you up, and I suspect they're not trying to help. Absolutely, But [00:32:17] : we survived. The nonprofit survived the event, survived the next day went much better [00:32:23] : at from the perspective of someone trying to empty out our bank account. Day two [00:32:30] : of the conference was phenomenal, like Day two goes way better when you've survived [00:32:35] : Day One and I think that's true for any event, but especially when you're fighting [00:32:38] : off a an active, you know, sort of in hack or criminal threat or any number of things. I [00:32:46] : like Day two way better when people left us alone and we could just enjoy ourselves [00:32:50] : and I don't mean our guests. I loved every conversation we had, but I mean, there [00:32:54] : were no outside adversaries actively trying to attack and destabilise our event, and [00:32:59] : that made it for a lovely conference. I highly recommend folks attend conferences [00:33:04] : where the organisers are not being breached. Good, good advice. And I think we stayed [00:33:11] : up to, like, two in the morning both of those days. Uh, Thursday and Friday we were [00:33:16] : definitely out for for a long time with the friends in the audience. I want to play [00:33:20] : one more clip of audio from, uh, from folks talking about what it was like to bring [00:33:26] : those communities together. What has been your favourite session so far? And what [00:33:34] : did you like about it? OK, so I don't know if there's a particular session that's [00:33:39] : been my favourite, but I really love just the environment and like the community, I [00:33:44] : think it was like coming into it. I was kind of thinking, Oh, how are like hackers [00:33:49] : and sexuality professionals like, How is that all gonna tie together? And I think [00:33:53] : it's been really like a beautiful and very complimentary relationship, and I feel [00:33:59] : like we've both been able to learn so much from each other, and that is what I'm [00:34:06] : most proud of, right? I was expecting people to tell us that they learned a lot or [00:34:11] : that they made some new network connections. What I was unprepared for was the number [00:34:16] : of people who told us that the best part about the securing sexuality conference [00:34:21] : was that they could relax and be their authentic Selves for two days without stress [00:34:28] : or worry or fear or push back. And I heard that from so many different kinds of people [00:34:36] : from different professions and different walks of life and different relationships [00:34:39] : and different identities. And you and I try to foster kindness. And so it shouldn't [00:34:48] : surprise me because that's what I want For people that hang out with us is for people [00:34:54] : to feel like they can be themselves. But to have so many people use that word to [00:34:59] : say they could be their authentic Selves and not have to worry and not have to be [00:35:05] : afraid was not what I thought the biggest thing would be. And that, I think, is what [00:35:11] : I'm most proud of. Um, I am so grateful to everybody who came and helped us build [00:35:17] : a space where everybody could just be their genuine Selves for 48 hours to learn [00:35:24] : together, to teach one another, to laugh together, yes, at times to comfort one another. There [00:35:31] : were some distressing events that happened in my community in the middle of the conference, and [00:35:38] : there were moments where people who had flown in from across the country to teach [00:35:42] : we're just holding my hand and to have a space where that learning happened and that [00:35:49] : fun happened that our original goals right academic rigour and hacker fun we made [00:35:54] : that happen. But to see the community that was built was I. I wanted it, but I couldn't [00:36:04] : have possibly been prepared for just what it was. And I am so, so grateful to everybody [00:36:10] : that made that happen. And we did it, right? It it it worked. It was quirky. It was [00:36:17] : weird. It was fun. Uh, so for those of you who were there for those couple days, thank [00:36:24] : you so much for coming out. I'm sorry we sold out. Uh, we are looking at ways to [00:36:29] : use more of the venue space for future events. But thank you for spending that time [00:36:33] : with us and to our listeners. Thank you so much for tuning into securing sexuality. Uh, your [00:36:39] : source of information. You need to protect yourselves. Your relationships. Uh, and [00:36:43] : your bank securing sexuality is brought to you by the Bound Together Foundation. A [00:36:48] : 501 C three nonprofit that is still solvent to everyone from the bedroom to the cloud. We're [00:36:56] : here to help you navigate safe sex in a digital age. Be sure to check out our website [00:37:02] : securing sexual dot com for links to more information about the topics we discussed [00:37:06] : here today, as well as our live events, including photographs and feedback from, uh, last [00:37:13] : week's event that you couldn't be there and you want to see what you missed. Go and [00:37:20] : check out the pictures. If you were there and want to see photos of your new friends, go [00:37:25] : and check out the pictures. It's all on our website and join us again for more fascinating Comments are closed.
|