Thieves used to rob banks and steal physical money, but in a digital world, it is much easier to sit behind a keyboard and deceive you into giving it to them. Fortunately, there are specific things you can do to protect your finances before scammers get into your accounts.
Today’s guest is John Buzzard. John is a nationally recognized financial industry fraud expert who has delivered significant influence in credit card fraud, risk, and security services for financial institutions throughout the United States.
“When you have a complete stranger reaching out to you, no matter how they do it, their job is to get you feeling disturbed and upset so that you react.” - John Buzzard Share on XShow Notes:
- [0:56] – John shares his background and what he does currently in the financial industry fraud space.
- [2:31] – Everything old is new again. Things come back in a cyclical fashion but have a new digital spin.
- [3:49] – There’s a price to pay for convenience especially if we don’t keep an eye on things and be aware of what can go wrong.
- [5:19] – Be conscious of where you bank and make purchases.
- [7:46] – Set up alerts so any activity in your bank accounts, including deposits, is made known.
- [11:34] – There are different viewpoints on freezing your credit.
- [17:15] – There are some capabilities in apps that can block certain types of activity.
- [20:35] – During and post-Covid, we have gotten into a “tap and go” contactless experience when making purchases.
- [22:20] – New payment techniques are safe. John discusses Apple Pay as something secure that he likes to use for safety and convenience.
- [25:40] – John explains card chips and what happens when they aren’t working.
- [27:59] – If there is fraud, it is handled differently if it is a chip transaction or a mag swipe.
- [31:01] – John shares an experience in wanting to create a new PIN for an account.
- [33:39] – What shouldn’t you share on social media to help prevent scams and fraud?
- [37:54] – When you have a complete stranger reaching out to you, no matter how they do it, they’re job is to get you disturbed and upset so that you react.
- [40:24] – Speaking in passcodes and passphrases is totally acceptable. That is often the thing a criminal does not have, even if they have your password.
- [44:16] – From a resolution standpoint, when you go to your financial services provider, as a consumer you do have rights
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- John Buzzard on LinkedIn
Transcript:
John, thank you so much for coming on the Easy Prey Podcast today.
Thank you for having me. Looking forward to it.
I’m looking forward to it as well. Can you give myself and the audience a little bit of background about who you are and what you do?
I am a fraud expert that’s been in the field of fraud prevention, both in the card space as well as in scam and general financial crime fraud prevention, for about 20 years. I’ve worked as an industry analyst for a firm that works primarily with banks, credit unions, and other corporate entities. I’ve also worked a lot with consumers around education, and spent a fair amount of time in the credit union and banking space as well.
It’s nice that you see both sides of the equation.
It’s very helpful.
And I’m sure the consumers appreciate that as well.
Consumers need every edge, and being a consumer yourself and me as well, there’s just no end to the nuances and changes that we’re seeing as we advance our society. We’re also allowing criminals to advance their attack on us. I think we all need to probably ratchet up on the communication a little bit, and come to some mutual understanding on how to curtail some of this fraud that’s going on.
That sounds like we’re going to solve this across the world in the next 45 minutes here.
That’s what we plan to do. That’s our commitment. Now whether we’ll achieve that, we’re not sure.
Exactly. You’ve been in this field for 20 years. It’s longer than I’ve been in this space. I’m just curious. What are some of the frauds and scams that you don’t see anymore that were prevalent in your earlier years?
We have a saying in the fraud world that everything old is new again. Things do come back in a cyclical fashion, but they have a digital nuance to them, if you will, time and again.
Obviously as we advance in our digital habits—we’re all using smartphones, as an example—the text theme is always something that we see today in modern times. Prior to that, though, you’ve always heard of The Flim-Flam Man or the confidence guy. A lot of the things that started out very early pre-1980s, it had to be a face-to-face or voice call scenario. Literally, there was so much more physicality to scams and fraud that we saw before.
At one point, you could rob a bank or steal from your employer, and that was financial crime at the time. But as we started to really get into the world of ATM cards—Diners Club cards, MasterCard, and Visa—we really started to take these really interesting technological leaps that have placed us in this spot today where we have all this enormous convenience. But there’s also a price to pay for that if we’re not keeping our eyes completely centered and being conscious of what’s happening around us too.
That’s part of the issue, I think. Scams just keep coming back around. They have new wrinkles.
Is that part of the challenge, at least from the banking side, is balancing the convenience, the safety for the consumer?
There are more conversations going on about balancing acts. We love to talk about having a friction-free world for our consumers. I think that if we can do anything to put a little balm on the angry souls of consumers that have tried to reach their financial institution, or perhaps they tried to log in today and had some problems that we would call friction. We obsess over it.
There really is this honest effort to try to make things easier for the consumer, but still sift out and keep the bad guys out. -John Buzzard Share on XThere really is this honest effort to try to make things easier for the consumer, but still sift out and keep the bad guys out. That’s pretty tough, actually. The first person that’s going to try and figure you out is a criminal. They’re going to synthesize you as much as possible. That’s a big challenge.
Let’s go to the consumer side because that’s predominantly who we’re talking to today. Let’s work through some of the top things that consumers need to be watching out for.
I think for one thing, if you want to keep in mind the best point of view that I try to have with my own personal finances is a mantra I use all the time: If I don’t care about them, how could I possibly expect anybody else to care as much or more than I do?
I really have invested a lot of time in how I can automate myself a little bit and have more than just one set of eyes on things. I’m always very conscious of looking at places where I bank. Any place where there’s a purchase, like an Amazon-type scenario, a Walmart, an Instacart even, all the things that people are embracing right now, we need to make sure that we’re alerting ourselves to any activity that’s going on.
We so seldom take the time. Sometimes you’ll hear people say, “Well, you need some self-care.” Well, your finances need self-care as well. You either set aside once a week, 30 minutes to really take a look at the things that are… Share on XWe so seldom take the time. Sometimes you’ll hear people say, “Well, you need some self-care.” Well, your finances need self-care as well. You either set aside once a week, 30 minutes to really take a look at the things that are important to you. You try to set up some passive alerting so that you can see what your balance is every day in your checking account, which is something that I’ve done for a zillion years.
I don’t think that consumers realize that just a simple call into the bank or the credit union or to your investment company, ask them what they have for you. You probably would be surprised in most cases. If you’re incredibly disappointed, maybe it’s time to look for a better digital experience elsewhere. They’re not all the same. But being able to create that environment where if somebody takes out more than $50 or $100 from an ATM machine, as an example, I want to know about that because that’s not the way I roll.
I’m a $20 cashback to the grocery store kind of person. Strangely $100 is a lot of money to me through the ATM, as an example. I get a little pop-up that says, “Did you just do that?” And yes, I giggle and grin whenever I go on vacation and I’ve taken out a lot of money, and I get the little pop-up and I’m like, “Yes, it’s working.” There is validation there, but I think that’s one of the big secrets for consumers. They really need to lean into that.
Definitely. Even though I travel internationally from time to time, I have an alert set up for any international transaction. Send me a text message, send me an email, and alert me in the app because, to me, that’s just one of those big red flags is I know whether I’m international or not.
You should know that. I think you need to understand, too, that there are probably some things that maybe you’ll never use. There are folks out there that just have zero interest in establishing a digital account, so they don’t want to register for something. But here’s the other side of that coin. You don’t want to do it, but do you want a criminal to register on your behalf? The answer is no. I think the option was something like that. You either have to call up and ask them to permanently—if they can do it—block access for digital avenues. Or you might just have to begrudgingly register with a secure password and claim an account before a criminal can do it.
There are folks out there that just have zero interest in establishing a digital account, so they don’t want to register for something. But here’s the other side of that coin. You don’t want to do it, but do you want a criminal to… Share on XI’m a big fan. I don’t know, are you an app user on smartphones? Do you rely on those for transactions and traveling and things like that? I do.
Yes and no. There are certain things I’m perfectly happy doing on my phone, and there are other things that I am less comfortable doing on my phone.
Sure. I think everyone is in a different place with that. What I really like about, and I’ll say legitimate, the provisos legitimate apps that you obtain from the app store, rather than, heaven forbid, Facebook or some weird website where you’re going to get a fake one are push notifications. It’s a great way to be able to quickly get into your account, but also to see some passive alerting and things.
I even get alerted when deposits are put into my account because my fear is—you asked earlier about old scams that are new—the check deposit kiting scam that people used to run all the time where they would try to put a lot of fake checks into an account when the balance would balloon appropriately, then they would do a grab-and-run and take the funds out. I want to know when money’s traveling into my account if it’s not my money. That’s one of my motivations as well for that.
I’ve known a few people in my life who accidentally got deposited in their account, and they had the moral dilemma of, do I want to let the bank know that something was incorrectly deposited in my account? You definitely want to let them know because what you don’t want to happen is you spend it, then they realize that it ain’t your money, they’re going to take it back out.
It’s going to be backed out of your account as soon as possible. That’s the rub with that. The smart guy’s going to report it as soon as possible and just get it off the books. If you share an account, the last thing you want is your significant other to say, “Wow, we have an extra $2000 to spend. I’m totally going for it.” That will be a difficult conversation to have this evening over the dinner table. Yeah, report that.
I just booked airline tickets, honey.
No, you don’t have to worry. I’ve bought my own birthday present and it’s a doozy, so thank you in advance.
I think alerts and deposits is probably not one that I have enabled, but because of that, you have a good point that's one that I do need to enable.
I’m curious if you have either done this or you’ve contemplated. What about your general credit in particular? For me, early on, as soon as there were free credit freezes through the bureaus, I immediately sat down and spent half an hour freezing my credit because I don’t want anybody else to use it. I’m not using it, but I don’t want anyone else to. I’m just curious what your viewpoint is on that, if you’ve done it or do you know much about it?
I’m trying to think of how long ago that I did that. I think when I did it, some of the credit bureaus actually charged you to freeze your credit. It was before the government said, “No, no, no, no, you can’t charge people for that.” I think that’s right around the time, just before the government said, “No, you can’t charge for that,” was when I started to freeze my credit.
I don’t think that anything happened that made me go, “Oh, my gosh.” I think we had just recently purchased a house at that point. I wasn’t expecting any more new lines of credit to be opened. I was starting to get worried about, “Well, gosh, we have assets now. I don’t need weird things to be happening. Let me just freeze everything.”
My gosh, it’s been a real pain when I’ve tried to…Here’s the funny story of how credit is so ingrained into life. We went to buy a car. We had the cash to buy it and were perfectly happy to write a check. The place that I was buying the car was, “Well, we still need to run your credit even if you’re giving us a check. We want to have the idea whether or not your check is going to bounce.”
Here’s a novel idea. Why don’t you call the bank and find out? That’s just me.
That’s what I did. I’m like, “You know? You can call the bank. Or I’m perfectly fine letting the check clear and then I’ll come back and pick up the car. I just don’t want to deal with the hassle.” Ultimately, it was a good deal. It was the perfect vehicle. They basically said, “No, this is just the way that we do things.” “OK, well, what credit bureau are you going to run? I’ve got to go home and find that 14-digit passcode to unfreeze my credit.”
It’s almost been this, I really like the fact, the freezing of credit because no one can open an account without really jumping through hoops. But there’s so much—at least at the time, I don’t think it’s nearly as bad now—friction at the time that it really made me rethink, do I really want to do this? It was the time where you couldn’t just go onto the website, type something in. You had to have that 14-digit PIN code in order to unfreeze it, or you had to wait two weeks. I don’t know. It was something ridiculous. I don’t remember the scenario.
They’ve ironed it out quite a bit. If I were giving advice to anybody, I think one of the things that I would do is load the apps to your smart device or onto your laptop for the bureaus that offer them. At least the last time I did it, two out of the three major bureaus had an app you could put on your phone, which is really super helpful.
But then when I established everything, I did use my laptop to just set everything up initially because it’s nice to be able to see a big screen in that one instance. I so seldom use a laptop for much other than work. The thing that I like about it, it’s an easy click-on/click-off scenario with the app, so that if you find yourself trying to make a purchase.
I’ve been faced with that dilemma, too, where they’ll say, “We’ll give you an extra $200 off the sofa if you open up the department store credit card,” which I do not want, but $200 is $200. You have to say, “Well, give me a minute. I’m going to turn this off, and then we’ll go through this little charade here.” It’s worth it.
What I find troubling about this world is the fact that a criminal can easily walk into a cellular store today, walk out with thousands of dollars worth of equipment and other things in your name, and they’re often gone. Then you have to explain that it wasn’t you. I think it’s a shame that legitimate victims have to spend so much time explaining why it wasn’t them. That’s why I’m a proponent of that for people that are willing to take the time and do it.
Are you a fan of credit cards and banks that allow you to freeze the credit card, not freeze your credit, but disable the credit card so you just enable it when you’re going to do a transaction and then turn around and disable it? Are you a fan of that technology?
I used to be a big fan of it. I think it’s like anything else, as long as it works, as long as the mainframes and everything that governs it work and you can use it. It’s another one of those things where you are standing in line somewhere where you want to buy something and you have to empower it.
I love the idea that you can say, “I’m never going to a jewelry store or a first store or an electronic store in my life. I’m going to partition those and not allow them.” I like that capability through some of those products. I think, why not?
I laugh because I call it the triangle of my life, which is the big box retailer down the street, the grocery store, and the gas station. If I come up missing and you can’t find me inside the triangle, I’m probably never going to be found, because that’s where I typically am going within five miles of my house.
My wife and I always joke, oh my gosh. We ate outside our little five-mile bubble.
Then your favorite places start calling you and saying, “Is everything OK? Because our net sales went down last month and we haven’t seen you in a while.” Yeah, I often think about that.
I think that’s unfortunately true in at least one or two cases.
Oh, it has to be. I would be embarrassed to know that probably most of the people say, “Oh, that’s the fried rice guy, but no egg.” They probably know my order before I place it because we get to be a creature of habit sometimes.
There was a sushi place that unfortunately has now closed, that during the pandemic, they were just doing takeout during the pandemic. We’d call and start placing the order. I’d get about halfway through the order and she’d go, “Oh, Chris, do you want to da-da-da?” I’m like, “Oh, yeah.”
Yes, I do. Yes, I am the sad man that calls once a week to feed his family. But we all do that. It was interesting to me to see from an evolutionary state with the restaurants. They really evolved quickly with some pretty slick order-on-the-fly setups.
I don’t know if you’ve noticed. Forgive me for saying the hole in the wall because I go to plenty of those, but I’m just so impressed when I pull up a GPS and I’m like, “Find the local whatever,” and the pizza joint has a better digital experience than my bank has. That’s pretty cool. It’s interesting.
It really has been interesting to see how the differences between various businesses have pivoted, and really have put into place some really interesting technical solutions to a non-technical problem at the time. There’s a place that I go that’s all kiosk ordering. You go up and you order it online, or you order on the kiosk. They just bring the food out to you. There’s no cash register. There’s nobody up at the front anymore, and it’s interesting. Then you’ve got the banks that like, “Nope, this is the way we’re going to do things, that we’re going to be really, really slow to change.”
It’s interesting. When you’re slow to change, sometimes you’re the first to grow a business. That’s a good message to convey to people. There are a lot of really great things, though, that I think most of us, now I work in this stuff, so obviously I can nerd out about it and I can use it and be enthusiastic. But I think that for Joe and Barbara consumer out there, some of the things that they’re missing the point on could keep them a lot safer too in the space of just how we transact every day.
One of them, I think we’ve had a tap-and-go revolution. During COVID and then after, I think people are really comfortable going through that don’t touch anybody or anything if you can help it. It really propelled the contactless experience.
But I think that we forget, consumers aren’t thinking about it as a highly secure, fully encrypted way to pay, and that’s what it actually is. Also, the gas pump. If you see a little NFC, a little cloudy black box on a gas pump, rather than dipping your payment card into the gas pump and maybe getting it skimmed, you can have a fully automated contactless tap-and-go right there. High encryption; super, super safe.
Same thing with people who have been reluctant with the pays that are out there, like Apple Pay. That’s something that just started at such a neolithic, glacial pace. They were tracking it there for a while and they said, “Well, it’s just young men that like to push buttons of a certain age and demographic that are using it and nobody else is using it.”
Well, I didn’t really love it a whole lot either, but I have to say now, just like with eBay and PayPal, how it’s really grown and ingrained in everybody’s worlds, Apple Pay is like that now. You can do Uber in Apple Pay. I find myself with really tiny little transactions using it because I just want to do a double-click and go scenario. But it’s also very secure.
I think circling back to the whole thing of being a little safer in your life, tiptoe out to the edge, use some of the new payment techniques, and just be a little safer. Nobody wants the nightmare of having to wait for a debit card to arrive in the mail.
I’ll put you on the spot here. It wasn’t intentional; it wasn’t planned. I’ve always been very curious. I’ll ask a question, then you can explain the technologies. Why have US credit card processors, banks, and businesses not switched to chip and PIN like the entire rest of the world has? You’ll probably have to explain what chip and PIN is.
Sure. Let’s start there. Maybe that’s the first thing. For most people, if they take a look at the front of their cards, whatever payment card you have today—other than an electronic benefit transfer card that pays you for groceries or medical expenses—those cards should have a chip on them because there’s a lot of fraud there if they don’t.
If you look on the front of just a MasterCard, a Visa, an American Express, you’ll see a little hologram, and there is a chip behind it. That’s doing a couple of things. That’s allowing what we would call a cryptographic, highly secure financial transaction to take place. When you do the little tap-and-go we're talking about, that’s what’s firing up all that.
It’s also providing what we would call a high, trustworthy transaction if you were to go to an ATM or something like that. In Europe, the market is just completely different. It’s more narrow, so they’re able to coalesce and do this chip-and-PIN situation.
Short answer is everybody knows what a PIN is. You go to the ATM to take money out. You put a four-digit or more code in. They’re marrying that with the security of the chip that’s already there to enable transactions in Europe. I can’t say that it’s any better. I think if anything, it’s probably a pain in the patootie for consumers to do both. It’s like taking two different antibiotics at the same time. Maybe it’s not quite necessary.
When you look at the American market, though, there are so many seats at the table. Everybody has a finger in the financial pie, so to speak. If you’ve ever watched a high-quality mafia movie, they always say, “I want a taste. I got to have a taste of the deal.” Everybody has some type of a financial interest in it, and it makes this incredible complex marketplace out there. I think that’s why we haven’t seen a lot of proprietary or even unification because there are a lot of different people out there that are competing and working in that space.
For me, though, I think the one thing that the US really bumbled and fumbled particularly with the card associations, is something that we would call fallback. In short order, you go to an ATM. You should have a chip on your card that works, that says it’s you, it’s your card. Everything works great.
When that chip is purist, missing, or there’s a fraud actor that’s counterfeited a card and there’s not a chip there, there should be no transaction, period. We are still in this world of the fallback, which means we fall back to the magstripe on the back, then we enable a transaction and boohoo, guess what? There’s fraud on it later in a lot of cases—just absurd.
It makes me wonder if I should just peel all the magstripes off the back of my cards, if I can.
Maybe not. That’s something that’s coming. I believe it is. I think it’s in 2026 or close to that, MasterCard is not going to have mags on the back of cards. For a lot of people, maybe it’s been subtle, but you’ll notice you don’t even have a card number on the front of your card now when you get a reissue. Things are coming along.
Now we may be dead before we see a lot of the changes, but I’m optimistic for everyone’s grandchildren. I think it’s going to be really swell maybe in the year 2099 or something like that.
That’s always made me a little bit antsy when I travel. “Hey, I’ve got this nice chip on my card, but I still have to put it through something that you can put a magstripe skimmer on that can still skim the magstripe.” I’m like, “Hmm.” Which is why Apple Pay and Android Pay are really nice because you don’t have to deal with those things at all.
And you’ve probably seen, too—and it’s a crying shame that it’s allowed—if you go to well-known businesses that are out there, they’ve even gone to the point of going to a printer and having a professional little insert created for the chip reader on their devices that says, “Oh, no. Please swipe your card.” That’s absurd. But it’s happening. They want you to swipe versus a chip read. It’s just so counterintuitive. That’s the world that we live in.
I believe that merchants are now responsible for chargebacks on magswipes, but not on PIN trans. If there’s fraud, it gets handled differently whether it’s a chip transaction or it’s a magstripe transaction. I think that was the stick against merchants to stop having magswipes—update your terminal.
Absolutely. Probably half of my career was talking about the liability shift of how do you take these handfuls of mud and push them into an accounting column so that somebody’s responsible for it. It really does come down to a lot of very complex rules that say if you accepted a high-dollar transaction and you used a magstripe, and it turns out it was a counterfeit, you are eating that cost. That is as it should be, I think.
It’s so fascinating to me today that you can go out and spend hundreds of dollars. Not only are you not looked at in the eye or addressed by the cashier who’s on their phone talking to their best girlfriend. They’re not taking your ID to make sure that your card matches. No, that’s not happening. You could be transacting in any number of fraudulent ways on the other side of the candy counter where they can’t see you, so it’s ludicrous in a way what’s going on out there.
From your perspective, most secure to least secure for a consumer at least, least risk to most risk for consumer, least risk would be Apple Pay, Android Pay, where you’re using a phone or a watch to…
Tap-and-go.
And then tap with a card, then chip transaction, then magswipe would be the… does anyone do imprint machines anymore?
The knuckle busters. I don’t think they come out very often. I would suspect that our current workforce wouldn’t even know what to do. Also as the new cards come out, there’s nothing embossed on there.
You and I know what an imprint machine is. Probably none of the listeners know what an imprint machine is.
I would say that’s probably getting less and less, to say the least. Speaking of questionable habits, I had a popup push notification from a local bank that said there’s been some security issue. They fed through a lot of transactions that showed me $50 authorizations, just multiple multiples. I called them and I said, “Would it be possible if I could come in and pick up a new card?” They offered instant issue, which was super great.
Inside my triangle of the grocery store, I drop by there and get my card. This is something that I laugh about to this day. It’s a small bank. The bank has a dozen workers inside, maybe not any other customers at that point. Towards the end of the day, I pick up my card, show my ID. I said, “Oh, you know what? I really would like my PIN number. I want to put a custom PIN number in, otherwise I won’t remember it.” The lady’s about 20 feet away from me. She says, “What’s the PIN number that you want to be on there?”
I was like, “Is this a revival of the Candid Camera show?” Perhaps some of you may recall. Then I just thought it’s just one of those things. It’s not mindful to a lot of people that that’s the last thing you would do. It should have been a training video, but you have to be careful out there.
It’s 1-2-3-4, like all the rest of my cards.
Sure. So fair warning to anyone listening to this podcast. Don’t comply with that. Require them to be a little bit more secure. It’s important.
I suppose the tip there would be anytime that you’re at an ATM, cover the PIN pad while you’re typing your PIN code in case there’s a little […].
There’s always been that scenario out there. I think it makes sense. Also, depending on your financial institution, if you want, you can queue up a cardless cash withdrawal now through your banking app. In some areas, you can do this where you queue it up inside the car while you’re sitting there, and it’s a barcode scan, so you don’t even pull your card out. You just walk up, scan it, it spits your money out, and off you go. Definitely, there are some safe things out there.
I’d say that in a lot of those areas, people are somewhat cautious because we’ve heard the story so much. I think what does bother me, though, like in our more digital contemporary world, are just the pitfalls that people find themselves in, and they don’t know how they got there—through social media and oversharing.
You can give away the keys to your identity universe quite easily through social media if you don’t know what you’re doing. I think a lot of people do not know what they’re doing. They’re oversharing quite a bit, and it leads to a… Share on XIt’s a big deal. You can give away the keys to your identity universe quite easily through social media if you don’t know what you’re doing. I think a lot of people do not know what they’re doing. They’re oversharing quite a bit, and it leads to a lot of identity fraud.
What things should people not be sharing on social media?
This is something that is a major shift. I’ve had to do this myself on the professional website, LinkedIn. Rather than documenting what you’re about to do or what you’re going to do in the next two weeks, you have to flip the table and start being like a historical reporter about yourself.
“I’m back from the banking conference in San Antonio, and it was really great.” I’m not going there. If you’d like to rob my house, call up my business, pretend to be me and have $50,000 wired out, those things happen all the time. It’s the oversharing part of that.
I also think that if you can hide your email and your phone number from any of those platforms where people can see it, because guess what? When you go to the pharmacy, what do they ask you? What’s your phone number? Or what’s your email? It’s the key to so many things. You need to keep them out of prying eyes. I think that’s a really important part.
The other one has to do with minors, children, and grandchildren. Everybody likes to brag and show off their grandkids and their children. The thing that concerns me, though, is if you are sharing a lot of images about your kids, and maybe you’re saying Joseph Michael Buzzard turned 11 yesterday. Well, you’ve just given first, middle, last name, and an image. People can do the math on dates of birth, et cetera. You’d be surprised how many children have mortgages. So be a little bit cautious of that.
I’m not saying don’t brag about your kids, but maybe siphon off some of that information. Remember, bad guys are watching. They’re also leveraging your contacts. So if you have friend groups that are visible, what’s going to happen? And this did happen to me through someone that I knew, but in a social media context. If they see that you and I are buddies, they may send me a message and they may say, “You know what? He is in jail right now. He needs some funds.” The classic thing.
There’s a new wrinkle on that as well where they say he’s in the ER. We just need to get him checked out, get his meds, and get him home. We need $500. People are complying with that because it’s new and different. It plays on the emotions quite a bit.
I actually had a dear friend of mine who worked for the Secret Service, and she was contacted, we believe, with a deep fake voice kind of thing. They told her that I was in a Mexican prison and needed bail money. If you’ve known me long enough, that’s probably not ever going to happen. Also, she was so suspended in the near awfulness of that, that she forgot she could just call me. I started getting calls from people that said, “Are you OK?”
And that’s the thing that I think you and I can chuckle about it and say, “Oh gosh, what in the world?” But we’re the one who gets the phone call. It’s not that we’re stupid. It’s not that we’re ill-informed. It’s not that we’re naive. Our brain is triggered in such a way that, in the history of human beings, it trips a part of our brain when we think somebody’s in danger. We now go into problem-solving mode as opposed to being rational and thoughtful about stuff. We act out of emotion. That’s just the way that we’re wired, and the bad guys know that.
They completely take advantage of it. It’s like the Freudian fight-or-flight reaction that you have. I think that it probably will do everybody a bit of good here to understand that this is so important. You have to take the moment and slow it down. Pretend it’s a film and you’re the star inside of it if that’s what’s going to get you through the moment.
When you have a complete stranger who reaches out to you, and it doesn’t matter how—they call you on the phone, they send you a text message, whatever they’re trying to do—their job is to get you a little disturbed and upset so… Share on XWhen you have a complete stranger who reaches out to you, and it doesn’t matter how—they call you on the phone, they send you a text message, whatever they’re trying to do—their job is to get you a little disturbed and upset so that you react. The low-tech easy fix on that, you hang up. Just be me, because I love to hang up on people. Trust me, I’ve done it a lot.
That’s what you were doing just before we started recording. You hung up on me. I thought the Internet was going out.
Here I am. I’m friendless, poor social skills. I’ve hung up on way too many people. But with criminals in mind, it’s OK to do that. My mother would never have done that. She would’ve been polite to the last moment talking to people. Get away from them somehow.
The other part of that that we’ve seen in the news, there was an elderly lady that made the news, and she was so proud of herself because she had trapped the fraud actor, the criminal was trying to steal from her. But here’s the bottom line. There are a lot of dangerous street gangs that have converted over to more white collar financial crimes because they’re easier to perpetrate. They’re high-volume, lucrative, and seldom get arrested. That doesn’t mean they’re not carrying a gun.
The idea is just disengage. If you’re so worried that your bank has turned your bank card off for some unknown reason, hang up the phone and drive down there. Or call them on the phone. Here’s a novel idea: Go use your bank card and see if it works. Wow. Low-tech, easy way to figure that out. It’s important.
The scary one to me is the deep fake that, because you and I have now done this episode, there’s plenty of audio to draw off of to create a voice that sounds like one of us, that can call someone that we know and, well, it sounds like it sounds like Chris. Sounds like John. OK, I guess it’s reasonable.
My wife and I now have a passcode that we would use in any type of situation that’s out of the ordinary, that if we don’t use this passcode, then it’s not really us calling.
I think it’s reasonable. And speaking of passcodes, it’s a reasonable standard operating practice for especially utility companies. Have a passphrase put on there if you’re worried or if you’ve had troubles. Just don’t share it with anybody. Make sure it’s something unique.
That’s sometimes the only thing that a criminal doesn’t have. They have your date of birth, social, and everything else. You don’t want them to divert your utilities, or have things changed, or the worst fear, of course, is sending money through peer-to-peer networks, things like that. It’s really important to stay safe and keep things as secure as possible.
I’m finally more trusting of the peer-to-peer financial transaction apps without saying anybody by name. For the longest time it was like, “Nope. Nope. I’m not touching this. I’m not connecting this fly-by-night tech startup to my bank account. No way am I doing that.”
I think there are a combination of things there. Part of it is the operator error—busy people, busy world. One of the things that I do like, as long as you’re paying attention to it, is if you’re going to send money to somebody and the product is showing you who you’re sending the money to, you better slow down and read that.
During the COVID period, I bought some medical masks from a lady, and when I put in the send information for the small amount of money I was spending, it came up with some gentleman’s name that did not match her last name or anything. I reached out to her and she said, “Oh, that’s my husband.” I’m like, “OK, fine.”
But in some cases, it may not be as the dollar amounts keep ratcheting up for these things. It’s better that you wrap your mind around it and understand what they do, and maybe take ownership of an account, even if you don’t want to use it. As we say, claim it, just lock it down, and keep somebody else from using it.
One of the things that I’ve done on some of these products and services, is I have, I wouldn’t call it a disposable bank account, but I have a specific bank account that never has very much money in it, that these financial transaction apps are connected to that bank, not where I do my banking on the regular.
The way I’ve always viewed it is I've set a small limit that if something goes wrong, it’s limited to that bank account that’s not tied in to where my paycheck goes or things like that.
I think that’s reasonable. I think that’s a really good one. For some people you might explore a prepaid product, but buyer beware. Some of those fees that gobble up the balance you have, you have to be super careful about it.
I would be more tempted to use a prepaid product in a travel scenario, as long as it had a chip on it that could be read if you were out of the country. Again, money that you’re planning on spending in the next 30 days, it makes more sense to do that. Everyone who has a frivolous email address for all the junk mail, and then you have a better email address, makes sense to have something like that. I think that’s all good. Whatever gets you through.
As we start to wrap up here, any last thoughts, one or two more “Don’t forget to do this; it might save your finances?”
The one thing that pops out to me is from a resolution standpoint. Let’s just say that you have found yourself on the tip of this sword and you’ve been victimized by someone. Whether you know them or not, it really doesn’t make any difference.
When you go to your financial services provider or to a retailer, of course, you can go with a similar complaint. The theme where I’m working towards is if you have a US financial institution or a lender, and you’re reporting that you have been the victim of a financial crime, and you may call it a scam, or whatever the case may be, as a consumer, you do have rights.
One of them pretty much right off the bat I’ll tell you is don’t accept ‘no’ as the answer to your request for funds restitution. In many cases, unless it’s proven that you are the perpetrator of what people sometimes call friendly fraud, yeah you deserve to not have your fraud claim paid if you tried to cheat your bank. But if you didn’t do that, there are things that you can do.
The CFPB—Consumer Financial Protection Bureau—oversees banks, credit unions, and lenders. If you feel that you’ve been denied in some way, it’s worth possibly exploring a complaint. That particular agency receives about 25,000 complaints a week.
Of course, not all of those are probably legitimate, but here’s what I would do if I were trying to resolve a matter like this. I would be 100% transparent with the company that I’m dealing with. Let’s reframe this. Remember, I’m the victim here. “I’m going to give you one chance to resolve this, and I am absolutely 100% filing a complaint with the CFPB, and I’m going to do it by Friday if I don’t hear from you.”
Make it clear what your intentions are, and explore it in that way. I think it’ll change the conversation a little bit. Not necessarily in your favor, but just remember you probably have rights that you’re not aware of.
It’s don’t accept the first no.
Also take some advice from these folks. They are great counselors. How can I be safer? What can we do so that this will never happen again? There are a lot of things.
For heaven’s sake, there are plenty of people right now that purchased McAfee 10 years ago and they haven’t updated and paid for updates. They think that that 10-year-old model on their computers keeps them safe from malware, and it isn’t. It’s a buyer beware and be aware world. Just keep your eyes peeled and be positive and proactive. I think that’s really the message there. But be persistent as well.
It’s a buyer beware and be aware world. Just keep your eyes peeled and be positive and proactive. -John Buzzard Share on XAnd be your own advocate. Don’t wait for them to advocate for you.
Absolutely.
John, thank you so much for coming on the podcast today. If people want to be able to connect with you, how can they find you?
You can come to LinkedIn and connect with me. It’s always nice to converse with people and receive feedback from these kinds of experiences that we do. I think you probably would agree. It’s nice whenever people say, “Oh, I really got a couple of good tips there.” So don’t be shy. Come and connect, and we’ll take it from there.
We love it when people say, “thank you” and, “I learned something.”
That’s very rewarding in our world. That’s why we’re here. That’s why we do this.
Again, thank you so much for coming on the podcast today.
Thank you very much.
Ronald and Donna Luethe says
I am hacked by a developer/Enterprise!