- [Narrator] Live from your public media studios, WVIA presents Keystone Edition Business, a public affairs program that goes beyond the headlines to address issues in Northeastern and Central Pennsylvania.

This is Keystone Edition Business.

And now, moderator Kris Jones.

- Hello, I'm Kris Jones.

With more and more of our daily lives being conducted online, You may be putting your personal information at risk and not even know it.

More than 4 billion were lost to cyber crime in 2020 in the United States alone.

Do you know how to protect yourself from an online scam?

It may not be as easy as you think, but we have experts here to share what to keep an eye out for and what to do if you get caught up in an online crime.

Email us at keystone@wvia.org, tag us on social with the hashtag #keystonebusiness.

But first, WVIA's Paul Lazar takes a closer look at cyber crime.

- [Paul Lazar] There are cyber crime attacks on organizations every day, but the problem may be worse than anyone thinks.

Data shows there are more than 722 million attacks worldwide in the 30 day span last year.

According to the FBI, internet crime complaints went up by almost 70% in 2020 compared to 2019.

More than 28,000 of those complaints were COVID-19 related scams.

The top three reported crimes were phishing, non-payment, non-delivery, and extortion.

Victims lost the most money through business email compromise scams, romance schemes, and investment fraud.

Now that many people are working from home or homeschooling, there's more opportunities for cyber criminals to find their way in.

Here are some ways to keep yourself safe.

Don't click suspicious links, watch for misspelled words and strange requests, and be careful about what you share on social media.

For Keystone Edition Business, I'm Paul Lazar.

- Now, let's meet our panel of experts, here to discuss how to stay safe from cyber crime.

Alec Ryncavage is the Founder and CEO of Offprem, a cyber security company based here in Northeastern Pennsylvania.

Dr. Larry Snyder joins us here in the studio from Bloomsburg University, where he's part of the Mathematics and Digital Sciences department.

Brian Linder is in the Office of the CTO at Check Point Software Technologies, a global cyber security company that offers a variety of training for businesses.

Guests, welcome.

- Thank you for having us.

- Thank you.

- Alec, it's really a privilege to have you here in studio.

I have followed your career, and for those people that don't know who you are, you're a 20 year old young entrepreneur in Northeastern, Pennsylvania, correct?

- That is correct.

- You know, and you got started as an entrepreneur when you were only 14 years old and kind of highlighted some of your success in the Northeast Business Plan Competition.

So it's really a privilege to have you here with us.

- [Alec] Thank you.

- We're gonna have you set the stage, right?

This is an industry that you've been following very closely.

Tell us more what cyber crime is and how prevalent it is here in the United States, and Pennsylvania in particular.

- Yeah, so thank you, Kris.

I describe cyber crime, really as any way using technology to manipulate or exploit somebody into doing something that they otherwise wouldn't have done, or maybe getting them to actively do it.

A sort of vivid analogy that I can think of is there used to be, traditionally, there used to be a physical element to theft.

If you wanted to steal, you know, somebody's purse on the sidewalk, you had to plan how you were gonna run up to that person, grab that purse, look at them in the eyes, and then you had to plan how you were gonna get away with it, right?

The movie cinematic way of getting away with the big crime.

Sort of what's most dangerous about cyber criminals is they're almost disconnected to the victim.

It almost feels to them as if it's a victimless crime.

They don't care necessarily who you are, what type of family situation you have.

They don't care if you have a cop in the family or what your political affiliations are.

They're essentially out there sometimes throwing a thousand different pieces of spam out there, trying to take your information.

And that's why this is a conversation that really everybody should be listening to because it's found its way into every household in America.

- Yeah, that's incredible.

And thank you for that setup.

So how common is this?

How big of a problem is it?

- Well, for an example, I run a cyber security company that protects small businesses and their employees, and I have family members that fall victim to cyber crime all the time.

And I get my fair share of attempts as well.

Certainly there's a targeted aspect to cyber crime where they're going to, you know, unfortunately the way it is, these criminals tend to target the aging population.

They tend to look at people who, you know, a generation that believes in the common good in every person and wants to go out there and extend a hand help you, but really that's what makes this such a hard problem to solve.

- [Kris] Yeah, in the setup, Paul Lazar mentioned just how prevalent this is in the state of Pennsylvania.

It turns out that we rank in the top 10 of most ways of measuring how this is impacting people.

And to your point, you know, the elderly population, it does tend to be victimized more than others.

That's not to say that we all aren't impacted, 'cause we are.

Dr. Snyder, my question for you is my understanding is that there, the federal government is very actively involved in trying to stop cyber crime, but it's hard to do, to Alec's set up.

They have an organization called the IC3, which is the Internet Complaint Organization.

Can you tell us more about IC3?

- [Dr. Snyder] Right, yep, so IC3 is really the one place that consumers, whether it's, you know, the average ordinary consumer or a small or medium sized business can go and actually report complaints about potential fraud that they've experienced through some sort of online interaction.

And you, you know, the important part here to remember is it really does take the pressure off the consumer to try to figure out how to actually handle the complaint.

One of the challenges with online crime is figuring out, well, who do I report to?

Is it a local problem, is it a state police issue, or is it something federal?

That's what IC3 does.

They take the complaint and then they figure out, you know, what's the appropriate agency to report to, which is traditionally always been a problem with internet-based crime, it's just figuring out, well, what agency should handle this type of issue?

- [Kris] I think one of the important things to stress to our viewers is that the IC3.org, right, is that sort of central repository that all cyber crimes should be reported to, correct?

- [Dr. Snyder] Yeah, absolutely.

You know, one of the challenges with cyber crime is that we really don't know how big it is.

We have such a small portion of the crimes actually being reported.

And you think, well, what difference does that make?

Well, that's a resource issue, right?

How does law enforcement respond to something if they I don't know how big of a problem it is.

So having a place like IC3 to aggregate that data is really, really essential for trying to changing the tide as far as, you know, prevention and then, you know, hopefully arrest, and that type of resolution.

- Sure, sure.

You know, for the viewers, we're gonna be talking about a lot of sensitive, you know, topics here tonight regarding cyber crime.

It's scary.

The wvia.org website has a number of resources on there that could help you better understand how to report crime and ultimately how to get help if you've been a victim.

Brian, we're gonna come to you.

It's a real honor to have you join us tonight.

You do these types of interviews nationally, and it's a real honor to have you with the connection here to Northeastern Pennsylvania.

My question to you is can you speak more specifically to just how costly this is?

And then number two, I want you to talk about this idea of social engineering and how you think about that as a cybersecurity expert.

- Well, first of all, the cost is literally staggering, and in the macro, the numbers are interesting.

I mean, we're talking billions and billions of dollars.

We're talking, as you said, 4 billion.

Just for victims over 60 was about a billion back in 2020.

But I think for most people watching, they'd be concerned with very specifically their own hits and you know, how it could hit them personally.

And, you know, the losses could range from $2,000 to hundreds of thousands of dollars in, say, an investment scam.

So we all should be paying very close attention and watching this 'cause it could result in losses to us.

Now talking a little bit about social media, and I'm sorry, social engineering, the way that we become victims, we are human, and the bad actors, these criminals know that we are the weakest links.

So there are tried and true techniques that these bad actors use to capitalize on things.

I'll give you some examples.

One of them is creating a sense of urgency, sending an email that says you must act right away to pay this bill or this deal will expire in an hour.

And naturally, people feel that sense of urgency and maybe will tend to act on it or maybe they're capitalizing and offering something too good to be true.

We all want something too good to be true, we all want the best deal, and we want something for half off.

Well, those things are tactics that are frequently used to begin to groom and target people to then set them up to give up their credentials or money.

So social engineering is where it all starts.

And I mean, all of us, you, me, all of our viewing audience, nobody's immune to it.

- [Kris] That's just terrific.

Really appreciate that point of view, as we dive a little bit deeper and peel back the onion on this very important topic.

But before we get there, I wanted to share with our audience that if you are a victim and you end up being frauded out of money, the federal government actually has the a force.

They call it the IC3 Recovery Asset Team.

And that group, in 2020, had about an 82% success rate.

So for the 463 million dollars in losses occurred, from that amount, about 380 million dollars was frozen and, or in the process of being recovered.

So this is good news.

It is very scary to think that someone is going to take the money, and you're never gonna see it again.

And we're gonna talk more today, tonight, about some of the way that cyber criminals try to dupe you, including cryptocurrency, which we're gonna get to.

But now let's dive deeper into this topic of cyber crime.

My goal is to have you, as the experts, tell us more about some of the most common forms of cyber crime, and then maybe offer our viewers some ways to protect themselves so that they could avoid being a victim in the first place.

Alec, we're gonna start with you.

Let's chat about phishing, vishing, smishing, farming, and spoofing.

So just talk to us more in general about what these types of things are and how we could be on the lookout for them.

- So those are big words, and I'm sure a lot of our viewers think that were all the, you said the same thing six times over, right?

But phishing is certainly one of the largest targets when it comes to cyber security.

And basically the concept we're talking about is appearing to be somebody that we're not.

So this could be something like Facebook, sending you an email, telling you that you have to reset your password, but maybe it's not actually from Facebook.

And so the goal, what we wanna have with our viewers is to have them to take a minute to breathe, as was said earlier, you know, they try to create this sense of urgency.

One of the greatest examples I saw during the COVID pandemic is we all got so much more integrated with technology, but there was a brief period where unemployment compensation was paused.

And unfortunately, cyber criminals take advantage of you when you're most vulnerable.

And so you had, you know, a community of people who were waiting on their unemployment compensation, you know, they barely can feed their families, maybe they lost work.

And then they get this magical email that says their unemployment compensation is right there, ready for them to accept, or maybe checks were already sent out and they got that last one, and they think that it's going to be renewed a third time or a fourth time.

That's what you need to look out for is they're really trying to take advantage of you when you're most vulnerable.

But then there's also the types of attacks that are just completely random, and they're not targeting you necessarily, but you can fall victim just as easily as the next person.

- [Kris] How does this relate to this idea of ransomware?

- [Alec] Yeah, so ransomware is where they're going to try to use you to be the gatekeeper into, you know, a much larger scheme.

So they may send an email, they may send a text message.

A common one I also see is I'll get a text message every now and then that says I have a package on the way with a tracking number, and that tracking number is actually a link, and when you click that link, it actually starts to download or install some kind of virus or ransomware, as you said, either onto your phone or onto your PC.

And the idea is to steal your identity and take as much information as they want.

Again, back to my analogy, back in the day, if you wanted to steal a couple bucks from somebody, you had to physically take that money.

Now, with something as easy as your Facebook password, we can and gain access to your bank accounts, we can gain access to your email accounts.

and, you know, that's just opening up a can of worms.

- Very, very interesting and important.

Dr. Larry, email is obviously a target for these types of people.

Business email compromise and email account compromise are one of the most prominent forms of cyber crime.

Can you speak to those?

What is it, what should people be looking for?

And then importantly, how could they avoid being a victim?

- Right, so when we're talking about business email compromise, you know, we're looking at organizations losing control of their communication streams.

So, you know, and what that is used for is so that they can send out legitimate emails to victims to try to engage them in some sort of fraudulent activity.

So what to watch out for, you know, I think it's pretty much the same thing as Alec mentioned, you know, unexpected emails, things that seem to be too good, you know, too good to be true, click for a 10% discount and you know, that type of thing.

But I think it's also important to remember that, you know, a lot of times that we find ourselves being victimized, we kind of give that information to the businesses we do business with anyway, right?

I think there was a survey that came out, Reuters did a survey, 80% of American consumers have a discount card, and that discount card to get it, it was give me your email, give me your home address, maybe your phone number, and maybe if it's check cashing privileges, well let me have your account as well.

And we're placing a lot of faith in third parties, like businesses to hold that information secure, and for very little in exchange, you know, 10% off on a purchase, a few bucks off on gas.

We just have a problem here in the United States where we don't necessarily think of our personal information as a commodity that we should hold onto and not necessarily give away in exchange for discount.

- [Kris] Brian, we're gonna get to you in a second.

We're gonna talk about one of the ones that terrify me the most like this confidence romance fraud.

But before we get there, the business side of this.

I have, from experience, some concerns where people will try to take on the identity of executives and just change something nuanced about an email, they'll use subject headers, you know, from the CEO.

Do you have any tips?

And I know that your expertise at Bloomsburg University is really trying to better understand how cyber fraud impacts businesses, but do you have any ideas or tips there you can share?

- So I'll give you an example.

A few years ago, when I was teaching at a different university, there was an accountant person at a local government who received an email from an executive, asking her to transfer some money.

Immediately it was important that it be done to pay a budget.

It came in at a really odd time, right before the end of day, 4:45, 4:50.

And she did it and it cost the small community, you know, a couple hundred thousand dollars because it was a sense of urgency.

It was her boss, he was looking for money.

So it's the same basic thing that we tell everyone else, right?

You know, you get an email from the CEO asking you to do something.

If you're not sure that it's them, just stop and make a phone call.

It's hard to get that money back once it leaves the organization.

And, you know, and, you know, many times, unfortunately, people are terminated because they make a mistake, and there's still not that forgiveness kind of approach to recognizing that, you know, if humans are the weakest link, then perhaps we ought to give them a little bit of slack and, you know, give them another swing at it.

But, you know, it's just, it's that same type of thing where they're just, you know, cyber criminals are just fraudsters.

That's all they are.

And they're just really good at understanding the nuances of how businesses work, and when, you know, employees are most vulnerable, right before lunch, first thing in the morning, Monday mornings are a great time, Fridays at 4:45 is another great time because we're thinking about other things, and that's where the vulnerabilities come in.

- [Kris] Excellent, really appreciate your expertise.

Brian.

Confidence and romance fraud.

Can you speak to that?

I mean, it's terrifying to think it through.

- It is terrifying and it can potentially very devastating.

First of all, these romance scams or confidence scams tug at our heartstrings or appeal to our emotional side, so that's the way the victims are identified and targeted by these bad actors.

They say, hey, I'm gonna court you on a dating site.

I'm going to look at pictures of your social media and try to identify what your interests are.

And this is how it all starts.

So we're all willingly sharing all of our information.

Many people in the pandemic for example, are lonely, they want companionship, so they're open to it so it makes them, unfortunately, victims, potential victims.

Beware if anyone seems too good to be true, or if you're on a dating site that's a reputable dating site, if they're asking you to come off of that dating site and directly communicate with them, that's a red flag.

Beware if anyone tries to isolate you from either your family, your friends, tries to gather pictures of you or financial information that could be used to later extort you.

Beware in particular, if they promise to meet you in person, but there's always a reason they can't, there's always an excuse given, and it all seems to make makes sense, but yet that is a cause for great suspicion.

And finally, never, ever send money to anyone you have only communicated with online or by phone.

Never give into that, no matter how much you think you trust them.

So we can all fight this if we're aware of it.

But again, that social element is something that makes people vulnerable in times like this, especially.

- Thank you very much.

Alec, back here in the studio, let's talk about tech support fraud.

- [Alec] Yes.

- Right?

That's an area that particularly older people might feel uncomfortable with in general so they're gonna give a lot of credence to the person on the other end.

So tech support fraud is actually a really prevalent form of fraud.

And can you speak to it and maybe some tips for how to avoid it, becoming a victim?

- Yes, so tech support fraud, and a lot of these are actually very strategic.

So before we go into tech support fraud itself, you have to understand the timing of some of these cycles that these fraudsters are gonna use.

So, you know, it's IRS tax season so you're gonna be getting emails and phone calls saying that the IRS doesn't have your tax refund, or maybe you have some kind of tax form waiting on you.

And then, you know, as times change, the schemes that they're gonna use are also gonna gonna change.

So, you know, when it's not tax season, a great one that they love to use is tech support fraud, and that's because a lot of the aging communities, they don't understand, you know, a lot about their computers.

And so they get somebody on the phone, sometimes they're calling you directly, sometimes they're sending you an email, sometimes it's even software that's already installed on your computer, telling you that like, hey, you know, you have this problem and we have a solution for you, right?

And this solution only costs you X amount of dollars.

The easiest way to spot these is they're not gonna ask for direct cash.

They may, so that's not a, you know, that's not a hundred percent given, but your first thing that should tip you off is if they're asking for gift cards, or if they're asking you to convert, you know, dollars into Bitcoins and go to westernunion.com, and to enter an amount and send it somewhere.

Those should all start sending red flags in your head.

- [Kris] Yep, yep.

Larry, we're gonna continue with you on this idea of, I think Brian's recommendations on romance fraud were just totally on point.

Fraudsters tend to want to, Alec's point, try to get you to convert money into crypto or gift cards.

Can you speak to that?

What other kind of things should a potential victim be looking as just tell-tale signs that something is not right?

- Yeah, so pretty much if they're asking you to pay for the solution without actually examining the machine, you know, or downloading an application so that they can take control of your machine and examine it, it would be pretty much a red flag.

But, you know, I've seen folks get calls for Apple Support without actually having a Mac or an Apple machine or phone in their possession.

But the high pressure of the call convinced them to actually send them money.

It's just, you, you know, I think that's what we have to recognize is that it's not a casual conversation that you're having with the individual on the other phone.

It is a high pressure sales approach to convince you that what they're selling is what you need, even if you don't have the product.

And for, you know, it's unfortunate that they do find most success with older folks, because it's a lot of information to absorb and make a quick decision.

But if they're asking you to pay, probably should just say, you know what, I'm not going to, I'll call you back, give me a phone number, but then go to the internet and look up Apple Support or Microsoft Support and call the number that's on the website or the same with, you know, if someone's calling you and telling you there's a problem with your credit card.

You know, there's a phone number on the back of the credit card to call.

Don't necessarily call the number on your caller ID or the one that they give you.

Use the source that you know to be good, which is the one on the card.

- [Kris] Great, great, great advice.

Brian, investment fraud, you know, tends to be something that any age group could really fall victim to.

Can you speak to it and, and maybe what to avoid?

- Yeah, first of all, it comes back to if it's too good to be true, it probably is.

Follow your intuition.

Don't go chasing after a get-rich quick scheme online.

Most people have at least a basic awareness of that.

Where we see the most, I guess, vulnerable population would be older people, because, again, they tend to be more trusting.

You see these cases where older people are going into the bank and withdrawing their life savings, which is a tragedy to see really.

There's a particular twist on that where they may, the attacker may start suggesting that a grandson or a daughter is in jeopardy, and this isn't exactly investment fraud, but it's still terrifying.

A grandmother hears that and says, you know, I have to go withdraw money to get my grandson out of, you know, out of a bad situation.

So again, it plays on emotion.

Don't send money to an investment you have not fully vetted with your financial advisor or at least crosschecked.

Never, ever act on impulse with money on an investment online.

Don't get baited by a website that looks very slick.

It's very easy to build a fancy website so don't let that be your decision factor.

Always check and double check, and don't fall victim to the, again, urgency factor, hey, act now or the offer will be gone and you will have missed it.

So those are some ideas.

- Perfect, perfect.

We're gonna come back in studio here for the final question.

Lottery and sweepstakes fraud, you know, is something that hit my own family years ago, but can you speak to it?

And with about 45 seconds left, maybe offer some things to be careful of.

- [Alec] The easiest thing I could say is if something is free, then you are the product, right?

We talked earlier about the information that you put out there.

If they're asking for a phone number, if they're asking for an email, if they're asking for an address, that information is going to be used somehow, most likely against you.

Because again, if something is free, they're gonna get something out of you down the road.

So with sweepstakes fraud, they're essentially, you know, painting this picture that you are a winner.

Everybody wants to be a winner.

They're saying that you won a million bucks, you're getting your house renovated.

We sound like a broken record as we talk here, but you have to take a break.

You have to come back to reality.

A great tip is to you basically just say, hey, I will call you back or I'll reach out to you.

If they're saying, oh, the offer's only good for the next 15 minutes, that's not the case.

I mean, you'll see this even with products that they wanna sell really quick, as they'll say the offer expires in 14 minutes and you'll see that the countdown clock, you know, going down, but if you refresh that website, the clock is gonna restart no matter what.

- [Kris] That's great.

- Great.

Well, thank you for joining us.

For more information on this topic, please visit wvia.org/keystonebusiness, and remember, you can rewatch this episode on demand anytime online or on the WVIA app.

For Keystone Edition, I'm Kris Jones.

Thank you for watching.

(dreamy hip hop music)