Scams: What to Look Out For, Recovery, AI, and How to Protect Yourself

Episode Notes

Transcript

Steve Weisman:

We call it zero trust. And this is where everything has to be absolutely confirmed. And when it’s a check, you have to make sure it is actually cleared. So it’s kind of a sad world we’re in, but it is, trust me, you can’t trust anyone.

Announcer:

Welcome to the award-winning podcast, Lawyer 2 Lawyer with J. Craig Williams, bringing you the latest legal news and observations with the leading experts in the legal profession. You are listening to Legal Talk Network.

J. Craig Williams:

Welcome to Lawyer 2 Lawyer on the Legal Talk Network. I’m Craig Williams, coming to you from Southern California. I write occasionally a blog named May have please the court and have three books out titled How To Get Sued the Sled in my newest book. How would You Decide 10 famous Trials That Changed History? You can find all three on Amazon. In addition, our new podcast miniseries in Dispute, 10 famous trials that changed history is currently featured here on the Legal Talk Network and on your favorite podcasting app. Please listen and subscribe well from Veterans Administrator Imposter Scams to free piano scams. Scammers will stop at nothing to lure you in and take your money. With the introduction of AI into our everyday lives, scammers have used it as a tool to deceive individuals, leaving victims’ penniless or even stealing their identity. So how do you identify a scammer and is there anything you can legally do to stop them?

Well, today on Lawyer 2 Lawyer, we will spotlight scams. We will discuss what to look for, how to navigate through a scam, recovery, AI and scams, and how to protect yourself from all of these scams. And to help us better understand today’s topic, we’re joined by our special guest, Steve Weissman. He’s a nationally recognized expert in scams identity theft and cybersecurity, as well as a lawyer, college professor and prolific author. He’s a college professor at Bentley University where he teaches white collar crime and is the author of more than 10 books, including The Truth About Avoiding Scams. You can find out more about Steve on his website, scam Aside, at scam aside.com. Welcome to the show, Steve.

Steve Weisman:

Oh, it’s great to be with

J. Craig Williams:

You and we’re thrilled to have you, especially given how many scams are going on in this days. Well, my first question to you is how you got interested in scams and did you yourself get scammed?

Steve Weisman:

Didn’t get scammed, but I was a victim of identity theft, and this was many years ago, and it was something that came as a bit of a jarring event and it got me interested in this also have always kind of been interested in crime and criminal law. I was a criminal defense attorney at one point. I also, before I taught at Bentley University where I teach now, I taught in the state prison system and met a lot of rather interesting scammers and old criminals and just was fascinated by the psychology of it. And also it is just such an incredibly huge problem that it’s like peeling the onion. You go layer to layer to layer and it just fascinates me.

J. Craig Williams:

Well, I bet that some of those scammers were what we used to call cons, and perhaps I think scamming has changed. Is it true now that scammers are all here in the United States or are they overseas? Where do we find these people?

Steve Weisman:

Wherever you want to look, they are absolutely everywhere. The biggest product of North Korea is scams and cyber bank robberies. You’ll find them. Certainly we’re familiar with Nigerian emails. There are Nigerian gangs, one of them most prominent called the Yahoo Boys who are particularly prolific at scams. We see them in Eastern Europe in Russia, you see them from Brazil. You see ’em from the 14-year-old kid down the block. And as a matter of fact, there is a hacking, a loose hacking group called Scattered Spider and Scattered Spider has attacked. They were behind the ransomware attacks on the casinos a couple of years ago. They’re going after airlines now, and they are teenagers. They are teenagers in the UK and the United States. So basically it has become anyone’s ballgame. And part of that is a lot of the really sophisticated ransomware and malware and delivery systems were developed by these cyber criminal geniuses. I call them the L Luthers of scams. And what their business model has become is they go on the dark web, that part of the internet where criminals go to buy and sell goods and services and they have these wonderful retail websites where they will offer their malware, their support services for a little bit of a piece of the action so they lease it out. So the short answer is, anybody and everybody is involved with scams.

J. Craig Williams:

Well, what are the current scams going around? I took a look at your Scam Aside website and you’ve got a whole list of them.

Steve Weisman:

Yeah, it’s interesting. I started scam aside about 10 or 12 years ago and I decided I would have a scam of the day, but I kind of wondered if I would be able to come up with a new scam every day. Now, 5,000 plus scams later, there’s no shortage. They develop, they evolve. I mean, some of the scams, the Nigerian email scam is just a variation on something called the Spanish prisoner from the 15 hundreds. But right now a lot of the scams are on text messages before email was the preferred method for sending out scams and still is used quite a bit. But text messages, one of the big ones is the phony toll or parking ticket. You get a text message that appears to come from a legitimate source in your estate. You owe money, you need to pay the credit card or you’re going to lose your license.

And this one has just grown tremendously over the last couple of years where also it’s summertime and the scamming is easy. So for instance, there’s one that’s been around for a couple of years, but it keeps popping up, particularly in the summer, has to do with the site booking.com and booking.com is a legitimate site. But what’s been done is hackers have used social engineering. This is not terribly sophisticated technology, but what they do is they use a knowledge of psychology that Freud would’ve envied. And what they do is they will call, and this is something that Scattered Spider has used before where it wasn’t technologically very sophisticated. They’ll call tech support or in this case they’ll call the hotel and they’ll just convince the hotel to somehow changing a password. They’ll say that they’re an employee of the hotel, the hotel changes the password for this person, and they’re into the computers of the hotel.

So once they’re in the computers of the hotel, they’re able to send out emails from the hotel finding out who’s been booking through booking.com, and this time they’re asking for a payment to be made. Now you get one, it comes from a hotel that you have a reservation with, even though you got it through booking.com, it looks like it’s connected with booking.com. They’ve got your reservation date. So many times people will send that money thinking it’s going to the hotel when it isn’t. The real thing to do here is if you book through booking.com, you should never make a payment directly to the hotel. You only make a payment through the official app or on their website, but people don’t necessarily know it, so they will fall for this scam.

J. Craig Williams:

That’s kind of crazy. But you’re talking basically almost like a data breach. How is that different than a scam and what are the consequences of data breaches to consumers?

Steve Weisman:

Yeah, data breaches are really very, very troubling. And there are more and more class actions that are starting to come out against companies that suffer the data breaches because what happens is your personal information, and maybe it’s your social security number, maybe it’s your credit card, maybe it’s your bank account information suddenly gets gathered up. And here often with the data breaches, it is massive data breaches caused by the really sophisticated criminals. And then they go on to the dark web and sell this material, which is also one of the places that we find out that the data breaches have occurred because you will have law enforcement and people involved in protecting against scams, they’ll be monitoring the traffic on some of these dark websites and they’ll see and find a connection of all of this information that’s coming out. Although sometimes the hackers will actually brag that this is the information that they’re getting from a hacking of Prudential or any kind of a company that suffered it.

The problem is this information can really, really be harmful. Perhaps the most harmful is when you’re talking about data breaches that involve health insurance and healthcare information. And the whole healthcare industry is a major target for data breaches. One reason is that hospitals, for instance, and doctors’ offices have to be able to be reached by insurance companies, by labs, by other doctors. So the more people that are going to be connecting, the greater chance that someone’s going to be able to hack through that with the least security to get into the information. So here’s where the real problem comes in. Medical identity theft can actually be fatal. And what happens is they collect your, most of the time what they want is your health insurance information, and then they sell that for use by others. When people use that health insurance information, the person who they’ve sold it to, their medical records get interspersed with that of the actual person whose health insurance is being used, and it will corrupt that file.

And what can happen is you can even have the wrong blood type occur on your medical records, and someone can be looking at that medical records and not notice that they’re picking up that of an identity thief. But one of my mottoes is things aren’t as bad as you think. They’re far worse. So here’s the far worse on this. You find out that you become a victim of medical identity theft. Someone is accessing your health insurance, your privacy and medical records have been invaded, so you try and get that removed from your form. But under the HIPAA law, HIPAA privacy records, it actually is considered in many instances to violate the privacy rights of the identity thief. And it is almost impossible to get this false information off of your medical record so you’ve got that hanging over you like a large sort of Damocles.

J. Craig Williams:

Sounds like we need some new legislation there.

Steve Weisman:

Yeah, we really do. And there hasn’t been enough legislation when it comes to data breaches. The Federal Trade Commission was starting to take action against more and more companies for lacks cybersecurity, but they haven’t done this enough and they’re certainly doing it less now under the present administration.

J. Craig Williams:

Let’s take a quick break to hear a word from our sponsors. We’ll be right back and welcome back to Lawyer 2 Lawyer. I’m joined by Steve Weissman, a nationally recognized expert in scams identity theft and cybersecurity as well as a lawyer, college professor and prolific author of 10 books. This is a crazy world that we live in. I mean now we’re seeing voice recognition, face recognition, really sophisticated ai, what are the consequences from that whole genre of issues?

Steve Weisman:

And that’s just opened up a whole new ballgame. Craig, I testified a year ago before the Senate’s Select Committee on Aging about artificial intelligence and scams attacking seniors. And as bad as has gotten, it’s gotten so much worse. And here again, what you’re having is the access to AI is so easily obtained by scammers where English may not be their primary language, that they can now make their scams look and sound easier, including things like if you’ve got the romance scam where someone prays upon someone else falling in love with them immediately online, one of the things we used to, and then they hit them up for a variety, variety of scams, including investment scams, or I’ve got an emergency and I need you to send me some money. One of the things we used to say is that you need to be able to see that person on a video, and there’d always be a reason why you couldn’t.

Well, now what we’ve seen is gangs such as the Yahoo Boy Gang in Nigeria doing these romance scams. And this time you are looking at someone who appears to be the person they’re pretending to be when they don’t look anything or sound anything like that. But AI allows them to do this. The same thing we are seeing AI in the infamous grandparent or family emergency scam where the grandparent or other family member gets a call in the middle of the night, there’s a terrible accident, or I’ve been arrested, you’ve got to send me some money. And before the voice wasn’t the same, they would kind of hope that people were a little bit disoriented at night. Now what these scammers do is they go onto social media, they pick up as little as 30 seconds of audio from that grandchild from something they’ve posted, and they’re able to use voice cloning to sound exactly like that child.

So AI has worked to attack the individuals. It’s attacking companies. There’ve been companies, we used to call it the business email compromise where you’d get, companies would get a email from the CEO or CFO about sending a check or wiring funds to someone. And generally it would even be posing as a company with which they did business. But now it comes from a phone call with a CEO or appears to come from the phone of the CEO through a technique called spoofing, make the phone. They can manipulate caller ID and make the call sound and appear to come from whatever number they want. And then it is the voice of the CEO making that demand. And in fact, companies have lost hundreds of thousands of dollars doing this.

J. Craig Williams:

I’ve kind of harkens back to the old railroad car scam that was done on paper. That’s kind of a crazy thing. They sold a railroad car, somebody presented a bill and nobody checked it and sold the railroad car. And off we go to the con. Well, now you’ve got me really scared. How can I detect these kind of scams? What can I do to protect myself?

Steve Weisman:

And that’s the thing, because to a great extent, the place to find a helping hand is at the end of your own arm. All of the legislation and punishments don’t really mean a lot because in many instances it’s very hard to locate the scammers in other instances. Yeah, we locate the scammers and hackers and they’re in China, they’re in Russia, but no one’s going to be extradited. So when it comes to this, one of the first things you have to do is recognize the psychological tools. And so one of the things with all of these scams is they create an emergency and emergencies appeal to a part of our brain called the amygdala. Sometimes the amygdala is called the lizard brain. And the lizard brain, the amygdala developed early on in evolution to make us make snap decisions when we needed to protect ourselves from some emergency.

Now, at that time, it was probably to protect from the saber tooth tiger who was lurking in the bushes. And so boom, we saw the bushes rust, and we needed to make a quick decision. But that amygdala is still going to trigger when suddenly someone has stolen our identity, someone has access to our bank account, we get this from the bank, and in fact it isn’t from the bank. And they’re luring you to click on a link, download an attachment, make a payment, or to provide personal information. So you really need to step back. Anytime you are asked to make a payment by phone and with phone, you can’t trust your caller ID by an email. You can’t trust an email. And sometimes in many instances with the emails, it would be a botnet, and in other words, it would be sent out in massive amounts with stolen email addresses that are being used.

So you get something from Citizens Bank, but the email is from [email protected]. So you take the time to see that it’s not really from them, and a lot of people don’t do that, but making it worse. Again, sometimes the email address will look perfect, including the fact that a lot of the hackers will use the Relic alphabet, which is used in Slavic languages. And first time I saw this, I knew what I was looking for and it took me a long time to actually recognize it. So maybe it is something from Chase Bank, but instead of Chase Bank, the A is with the Relic alphabet. And unless you are actually peering to make that distinction, you’re not going to recognize it. You’re going to think it’s really from Chase. So anytime you get an email, anytime you get a text message, anytime you get a phone call, anything asking you for personal information to make a payment or do anything, click on a link. You’ve got to confirm that it’s legitimate before you do, and those are really the best ways of protecting yourself from being scammed.

J. Craig Williams:

All right. Let’s say so far, I’ve not recognized the scam. I’ve fallen for it. I’ve lost my identity, I’ve lost money. My health records are messed up. Things have gone completely awry. As you said, things can only get far worse. What do I do now?

Steve Weisman:

It depends upon the type of scam. And unfortunately, in many instances, the law’s really not protecting us. Senator Elizabeth Warren has been very, very active in trying to get the banks that are dealing with Zelle and Venmo to be reimbursing people when they’ve been scammed. And in fact, in New York Attorney General Letitia James has taken action against certain banks that are not doing enough to protect and reimburse their customers. And I’ll give you an example. The banks are trying to take the position that you got scammed. You asked that the payment come out of your bank account or your credit card or whatever. It wasn’t our fault. However, the banks do have an obligation to kind of monitor and know their customers. And one of the things in Letitia James’s action against the bank, she talked about someone who, an older woman who had never wired money before, and she empties her bank account, wiring it to someone outside of the country.

Now she has fallen for this scam. She sees this emergency where she has to do this, but the bank doesn’t see this as an emergency. The bank should be monitoring and picking this up. And here again, is where AI can do a better job actually helping with the defenses. So hopefully we’re going to see more responsibility on the part of banks and brokerage houses and others. If you are victim, you can report it to the Federal Trade Commission. Chances are they’re not going to be able to get your money back, but they do in some instances.

J. Craig Williams:

Let’s take a quick break to hear a word from our sponsors. We’ll be right back and welcome back to Lawyer 2 Lawyer. I’m back with Steve Weissman, a nationally recognized expert in scams identity theft and cybersecurity. He’s also a lawyer, college professor in Massachusetts, and a very prolific author. All right, well, let’s talk about our favorite subject attorneys. We fall prey to these scams. I’ve seen them myself, where I get a new client, supposedly they’ve roped me into this. I’ve tried to check ’em out on the internet. They seem real. They send me a check, they tell me to deposit it into my bank account, and then whoa, all of a sudden there’s a settlement and send me my money. Is that the way it goes?

Steve Weisman:

That’s one of the many. And of course, what happens is the check that they sent you and it looks exactly like a legitimate certified check is counterfeit. People deposit that check and then they go back a few days later and they see, aha, it’s cleared. It hasn’t cleared. The banking laws is such that you get provisional credit after a few days and are required to do so, but that provisional credit gets taken away after the week or so it takes to clear the check, and suddenly you’ve wired money out of your account and you’ve lost it. Let’s make it worse again. There have been instances now and there’s litigation going on with lawyers who are trying to use their insurance to be compensated for being scammed in that fashion. And here again, when it comes to the kind of insurance we have, the companies are refusing to pay in many instances. So yeah, attorneys are getting hit, and the kind of scenario you gave is a typical one. Accountants are also a major target, and here again with attorneys and accountants, they’re also stealing information with accountants. A lot of that is to do income tax, identity theft. But here again, we call it zero trust, and this is where everything has to be absolutely confirmed. And when it’s a check, you have to make sure it is actually cleared. It’s kind of a sad world we’re in, but it is, trust me, you can’t trust anyone.

J. Craig Williams:

I never knew there was a difference between the bank telling me my check was cleared and provisional clearance. That’s a new one.

Steve Weisman:

Most people don’t.

J. Craig Williams:

Well, let’s dive a little bit deeper into the insurance issues. What coverage is it that the attorneys think they’re triggering, and what exclusions are the insurance companies using to deny coverage?

Steve Weisman:

Yeah, they’re saying that you voluntarily sent this money and therefore it is not covered by insurance that you may have been harmed with.

J. Craig Williams:

What do cent say provides coverage in those insurance policies? I mean, is it stupidity?

Steve Weisman:

Yeah, unfortunately. But the thing is, here again, there have been companies that have cyber insurance and we see we got scammed through this cyber attack and they’re going to say, well, if you were hacked, if you were hacked, we’re going to cover it. But where you voluntarily, as you say, it fell prey to our own stupidity, they’re not going to cover it. And this is something where other attorneys are looking at what is the precise language in these policies now?

J. Craig Williams:

All right, well, we’ve gone through the whole scheme of things. I’ve lost my money, I can’t get it back. Now, I want justice. You talked a little bit about where I go, but where do I go? Do I call a class action attorney? What kind of remedies are available to me to get justice?

Steve Weisman:

Yeah, there have been some class actions mostly in the areas of data breaches, but when it comes to most individual scams that we’ve lost money about, the only place that we can really start looking is similar to what Attorney General James in New York is doing saying, because we are not actually the check we’re sending, the money we’re wiring is coming from our brokerage account or it’s coming from our bank account. And here we really should be having the banks, the brokerage houses and others who shouldn’t be preyed to the psychological attacks that we are getting, do their own kind of due diligence and hold payments rather than just send them out and that there is some responsibility to their clients and customers. And that’s, I think, a trend that I’m going to see more of, although quite frankly, the present administration certainly has not been amenable to this line of reasoning.

J. Craig Williams:

Well, I’m going to ask you a personal question before we wrap up. Tell me your favorite movie is Dirty Rotten.

Steve Weisman:

I did love dirty and dirty rotten scoundrels. The psychology of these people are incredible, and the stories are wonderful right now for a quickie. There are many North Koreans who are posing as Americans and trying to get jobs in tech firms, and once they’re in there, they steal information, they steal money or they even get paid and send that back to North Korea. There have been recent studies that have shown that a pattern among them, they are fans of the Minion movies, and so there will be all kinds of references in their names and in their resumes to minion characters. So I mean, you really can’t make this stuff up. It’s a wild and crazy world.

J. Craig Williams:

Well, Steve, it’s time to wrap up and get your final thoughts and perhaps some further advice for our clients and give you the opportunity to tell us about some of your books and how our listeners can reach out to you to get some more information.

Steve Weisman:

Yeah, one of the biggest things I would say for protecting is you want to have a strong, unique password for each of your accounts so that if there is a data breach and your password at Amazon gets compromised, they’re not going to get at your bank. So you want to do that. A password manager is also a good place to go. You want to have a good security question because someone, a hacker can just go onto your email and say, I forgot my password, and answer your security question. And quite often those security question, the answer is easy to get. What is my mother’s maiden name, but it doesn’t have to be my mother’s maiden name can be firetruck. You can pick something that is so ridiculous, you’ll remember it, but no hacker is ever going to be able to find that information and then use dual factor authentication because anytime anyone can get hacked and suddenly if they have your email, they have your password, they’re going to be able to get into your account.

But if you have dual factor authentication, they won’t. But even there, they have something called sim swapping, which is most dual factor authentication. They send a quick code to your phone, but what the scammers do is they call your cell phone provider posing as you, they answer a security question and they get your sim card sent to them defeating your dual factor. So along with the dual factor authentication, you want to tell your cell phone provider that you have a special pin in order to change that. Those are big things people can do. I would really urge everyone to consider, its free to go onto scam aside, S-C-M-I-C-I d.com each day there is a new scam of the day and always a way to protect yourself, and it’s a good place if you want to contact me is through the Scam Aside website as well.

J. Craig Williams:

Great. Well, Steve, it’s a pleasure having you on the show. Thank you for all your thoughts and your great advice.

Steve Weisman:

I really appreciated it.

J. Craig Williams:

Well, here are a few of my thoughts about today’s subject. After our discussion when we were signing off, Steve mentioned that probably one of the best things that you can do is freeze your credit, but sometimes even if you freeze your credit, the scammers break into the credit agency. It’s a terrible world out there. It’s something to be very diligent about. And if you are any word thinking it’s a scam, it probably is. If you like what you heard today, please rate us on Apple Podcasts, your favorite podcasting app. You can also visit us at the legal talk network.com, where you can sign up for our newsletter. I’m Craig Williams. Thanks for listening. Please join us next time for another great legal topic. Remember, when you want legal thank Lawyer 2 Lawyer.

Announcer:

Thanks for listening to Lawyer 2 Lawyer produced by the broadcast professionals at Legal Talk Network. Subscribe to the RSS feed on legal talk network.com or on iTunes. The views expressed by the participants of this program are their own and do not represent the views of nor are they endorsed by Legal Talk Network. Its officers, directors, employees, agents, representatives, shareholders, and subsidiaries. None of the content should be considered legal advice. As always, consult a lawyer.

Continue Reading