Cyber Crime Junkies

Star Athletes & Influencers. Identity & Brand Protection

November 09, 2023 Cyber Crime Junkies-David Mauro Season 3 Episode 16
Star Athletes & Influencers. Identity & Brand Protection
Cyber Crime Junkies
More Info
Cyber Crime Junkies
Star Athletes & Influencers. Identity & Brand Protection
Nov 09, 2023 Season 3 Episode 16
Cyber Crime Junkies-David Mauro

NEW! Text Us Direct Here!

 
Tim Flynn, Cybersecurity and Cloud expert has delved deep into NIL and has some outstanding exclusive insight to share.

Topics: secret security risks in name image licensing, security risks in name image licensing, security risks for name image licensing, security risks to nil stars, security risks in nil, security risks for athletes in name image licensing, pros and cons in name image licensing,  identity and brand protection , identity and brand protection online, best practices for protecting personal data online, Brand protection with identification authentication, best policies to limit cyber liability, best practices for protecting personal data online, best practices identity protection, best security practices for individuals, best ways to protect people from cyber crime, how ai will effect cyber security,, science of social engineering explained, psychology of social engineering explained, how neuroscience hacks humans, the science behind hacking humans, hacking humans using science,                                               

 Subscribe to our YouTube Channel for FREE: @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg

For more real cybercrime stories, visit our website at https://cybercrimejunkies.com.

Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.

Visit kiteworks.com to get started. 

We're thrilled to introduce Season 5 Cyber Flash Points to show what latest tech news means to online safety with short stories helping spread security awareness and the importance of online privacy protection.

"Cyber Flash Points" – your go-to source for practical and concise summaries.

So, tune in and welcome to "Cyber Flash Points”

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
πŸ”— Website: https://cybercrimejunkies.com
πŸ“± X/Twitter: https://x.com/CybercrimeJunky
πŸ“Έ Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
πŸŽ™οΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
πŸŽ™οΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
πŸŽ™οΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: πŸ’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Show Notes Transcript

NEW! Text Us Direct Here!

 
Tim Flynn, Cybersecurity and Cloud expert has delved deep into NIL and has some outstanding exclusive insight to share.

Topics: secret security risks in name image licensing, security risks in name image licensing, security risks for name image licensing, security risks to nil stars, security risks in nil, security risks for athletes in name image licensing, pros and cons in name image licensing,  identity and brand protection , identity and brand protection online, best practices for protecting personal data online, Brand protection with identification authentication, best policies to limit cyber liability, best practices for protecting personal data online, best practices identity protection, best security practices for individuals, best ways to protect people from cyber crime, how ai will effect cyber security,, science of social engineering explained, psychology of social engineering explained, how neuroscience hacks humans, the science behind hacking humans, hacking humans using science,                                               

 Subscribe to our YouTube Channel for FREE: @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg

For more real cybercrime stories, visit our website at https://cybercrimejunkies.com.

Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.

Visit kiteworks.com to get started. 

We're thrilled to introduce Season 5 Cyber Flash Points to show what latest tech news means to online safety with short stories helping spread security awareness and the importance of online privacy protection.

"Cyber Flash Points" – your go-to source for practical and concise summaries.

So, tune in and welcome to "Cyber Flash Points”

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
πŸ”— Website: https://cybercrimejunkies.com
πŸ“± X/Twitter: https://x.com/CybercrimeJunky
πŸ“Έ Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
πŸŽ™οΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
πŸŽ™οΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
πŸŽ™οΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: πŸ’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

TIM FLYNN STAR ATHLETES & INLFUENCERS.  IDENTITY & BRAND PROTECTION

Find more at CyberCrimeJunkies.com

Topics: secret security risks in name image licensing, security risks in name image licensing, security risks for name image licensing, security risks to nil stars, security risks in nil, security risks for athletes in name image licensing, pros and cons in name image licensing,  identity and brand protection , identity and brand protection online, best practices for protecting personal data online, Brand protection with identification authentication, best policies to limit cyber liability, best practices for protecting personal data online, best practices identity protection, best security practices for individuals, best ways to protect people from cyber crime, how ai will effect cyber security,, science of social engineering explained, psychology of social engineering explained, how neuroscience hacks humans, the science behind hacking humans, hacking humans using science,                           

[00:00:00] Come join us as we dive deeper behind the scenes of security and cybercrime today, interviewing top leaders from around the world and sharing true cybercrime stories to raise awareness. But first a huge thank you to all of our executive co producers who subscribed to our Prime membership and fueled our growth.

So please help us keep this going by subscribing for free to our YouTube channel and downloading our episodes. on Apple or Spotify podcasts, so we can continue to bring you more of what matters. This is Cyber Crime Junkies and now the show.

Welcome everybody to Cyber Crime Junkies. I'm your host David Mauro. In the [00:01:00] studio today is Tim Flynn, Timothy Flynn, a cyber security expert with decades of experience who serves in various capacities throughout North America. And, he's an author, has several different, takes and, writings on a really unique approach, that we're going to talk about today involving NIL, N I L, which is name, image, and likeness, and how that relates to cybersecurity for the many people that are involved in it.

Tim, welcome to the studio, sir. Thank you for having me. Looking forward to the discussion. Yeah, so, for people that, don't necessarily understand what NIL is, N I L, it's name image likeness. Can you kind of elaborate just generally what that concept is? Because it's big business today, and it's, it's, it's...

It seems like the insipidus of [00:02:00] it, or the, the exponential growth at least, occurred when they made the changes in like college sports, where student athletes could be compensated. Yes. There, there had been a lawsuit. Ed O'Bannon, the Olds UCLA basketball player was one of the major players in the lawsuit.

But what the, the lawsuit led to was legislation being passed, or student athletes could get paid for their name, image, and likeness. Prior to that, if they were compensated in any way. they would lose amateur status, therefore disqualifying them from sporting activities. So what this has done, and it was passed just about a little over two years ago um, that they could start taking advantage of it.

And you're seeing athletes All capabilities and all visibility or, or all sports take advantage of it. It's not just, we hear a lot [00:03:00] about, you know, the high profile athletes in the money generating sports, but all types of athletes from the, you know College Basketball excuse me, Volleyball Teams, Golf Teams, Track and Field, they're all taking advantage of how they can leverage their name and likeness in an influencer way to drive some revenue during their college career.

So, and this is, there are many organizations that I'm not even sure if many of our listeners are aware of this, but there's a lot of organizations out there that will drive that revenue for them. They will help them with their branding, help them with their, with their is it their trademarking? Like, do they create, you know, logos and things like that for them?

Or is it, or is it really their name and their brand like, like Jordan has and things like that? Yes, for some of the higher profile athletes, there's more extensive marketing and branding. But what you're seeing is there's, [00:04:00] you know, some leading what they call marketplaces. In these marketplaces, essentially it's like an Amazon.

of athletes. And you can pick your school, your sport and you know, it has pricing from everything from a video message, a happy birthday, it's promoting products in a lot of where their influence is based upon or their, their money generating capabilities are how many followers it's becoming an influencer market.

And we're, we're seeing it on the corporate world where. More large corporations are incorporating influencers into their marketing campaigns. But this is really heavily based upon how many influencers, how or excuse me, how many followers do they have on the major digital platforms. anD you can pick and choose and it's really created, okay, since it's driven by how many followers.

Now, how can I build my brand? So there's a lot of other companies that have [00:05:00] come to help them. How do you create more followers? How do you build your visibility to, you know, the outside world, so to speak? And then you have a variety of, you know, how do you know that you're making money? You're becoming a business, so how do you deal with the financial aspects, the legal aspects, the taxes, all these other components that are, you know, they're needed in everyday business, but the more conversations I had, the one glaring item that was not coming up is, How do you protect your brand?

You're using digital platforms that are constantly under attack, that in the corporate world, the number one priority is cyber security protection. And, you know, where it started off as me, just as the average fan, curious about it. My business mind started getting involved and saying, well, I continue to hear no one's helping them protect their brand at a time [00:06:00] that we see that it's most important.

Absolutely. And it's really an interesting take on it because, so, so let's take a couple steps back. The, the NIL, the N I L do you pronounce it N I L first of all? I say NIL, some people call it NIL. NIL so that they know what it is, right. Okay, so, like, the NIL agreements, they have these kind of marketplaces, right?

So a company that wants to sponsor, you know, an energy drink or whatever it is, right, they can go in and say, well, our drink sales are down in the Southwest, right, they can go and find some of the student athletes located in those geographies, let's say, and get them to sponsor. Have a social media campaign with some of them sponsoring and look at how many followers each one has, right?

And then they're compensated for it. Is that a sample of it? Yeah. Yes I think the marketplaces are great because it aligns student athletes with Absolutely, and [00:07:00] even individuals, you know, there's a lot of individuals that you know want to support their school, but They don't have the resources to be a big donor, so this allows, you know, there's a lot of positive, but these marketplaces do connect companies with student athletes so that they can, you know, drive business together.

Okay, and when you think about that student athlete who's building their, their NIL, their name, their image, likeness, their brand, let's just call it, right? Well, like all startups, right? One of the last things they ever think about is security. And we see startup after startup go under as their platforms start to, you know, delay and there's customer satisfaction issues.

And lo and behold, it had to do with a security breach. Right? Because they're just not thinking about that. It's a major blind spot, right? And, yeah, and so you're, you're, you're seeing this as a major [00:08:00] blind spot for the, for the student athletes and the people that are managing these NIL brands. Absolutely.

In a, you know, I think that's a great analogy to compare it to startups, but where I think the student athletes had an even bigger disadvantage, a lot of startups, the individuals started at a corporate job. And in these corporate jobs, You know, these corporations are implementing security process. They have to do the trainings.

They're getting, you know, they're, they're more engaged on those security protocols where an 18 to 22, 24 year old they're coming from the high school world. To college with that adjustment now they get to the structure, right? They're not used to the structure all the things that go into a P& L a profit and loss statement Like they're they're not used to that world Absolutely, and that's why a lot of these, you know These support [00:09:00] companies are great because they're helping them go through that process of taxes in you know You know just because you get paid, you know 100 You're not getting a hundred dollars, you know, you're going to have to get taxes back, but you know, Who's this FICO guy and why is he taking our money, right?

Yeah, but the glaring gap is there's no one helping them navigate the security, the security components. And when you look at how they're building their brand. They're using, using digital platforms that are constantly under attack. So it's imperative that they do take these security measures to minimize their risk to their brand.

Well, and the leveraging of social media platforms too raises alarms, right? Because the social media platforms themselves are... akin to either a full blown breach or at least data scraping, [00:10:00] right? Impersonations you know, other social, social engineering deepfakes. There's, there's some other components of, of cybercrime that still lurk.

You know, very prevalent in the social media platform. I know you're absolutely right. I think, you know, there, there's a variety of risks that I don't think there's enough conversation about. If you look at the high profile athlete, they're extremely visible. Right. And, you know, these threat actors where it's important for these high visibility student athletes to, you know, share, be, be more you know, in touch with their, their fans, quote unquote.

But also that's providing avenues where these threat actors can know what their favorite restaurant is, where they like to hang out. And, you know, they have to worry about, you know, things like spoofing and account takeover because it can be very malicious. And then you have... [00:11:00] Absolutely. Or SIM swapping, right?

SIM swapping. Like being able to socially engineer somebody to click on something on their phone and do an eSIM, SIM swap, and then once... Once a threat actor is able to take control over a mobile device, they have your identity. And they have access to any cryptocurrency that you have, they can access your private keys.

There's numerous crime stories involving that. I mean, there's a whole host of things, right? Well, even, you know, something like an account takeover, we, we see it a lot, you know, and it gets publicized, but I think, you know, a person that's not in the security space just looks at it as PR. We, we, we've heard of those athletes that they say, Hey, look, I've been hacked.

I did not post that. And. It comes back that, you know, a lot of times they could have been hacked because they are a target and usually when these threat actors, you know, take over an account, they're not posting, [00:12:00] hey, I had a great meal, they're doing something to malicious to cause reputational damage and the society we live in today, you know, it's, it's great.

We, we don't hear what happened at the end sometimes we just hear, Oh, he sent out this bad tweet. You know, and they move on and everybody just thinks it's, you know, someone that just got over emotional, said something he or she shouldn't have, but the reputational damage is there and it continues on.

But then you even have the, the non high profile athlete and they are, you know, they still use these digital platforms in their daily life. And they're susceptible to risk via third party. I mean, Twitter has been hacked twice or breached twice in the last, last year. Over 450, you know, million credentials stored now on the dark web.

And so. They're at risk. You know, Uber's been, you know, hacked too many times. Yeah, we have several [00:13:00] episodes on the Uber breaches. Yes. You know, and so just all these indirect attacks where, you know, they, you know, So that's why it's important, you know, for everybody. It's not a certain group. It's not a certain type of company.

It's a, it's an everybody problem. And that's kind of the awareness. What do we say? What do we say? And I mean to cut you off. Okay, so what do we say to a athlete that says, why me? They're not gonna, I've got 30, 000 followers. I understand, but. I mean, it's just my Twitter account, or it's just my social media account, or it's my Instagram.

What all could really happen? What do we say to them when they don't think that cyber criminals from, you know, the Eastern Bloc of Europe would target them, right? What do you say to them? You [00:14:00] know, I explain a couple things. You know, from one perspective you know, they're going to... Higher Educational Institute.

They're one of the most attacked industries in the United States. They're constantly getting attacked. So when you look at it from that perspective, just you're going to school and having a school email address and, you know, your information is at risk but as far as the social media, they're not, they may not be looking specifically at you, the individual, but they're looking at that large pool of users in, you know, X or Twitter, whatever they call it, Facebook, Instagram, these all have a high profile of a user community, and these, you know, one They're automated attacks, so they're just trying to...

Just collect as much data as possible. And they realize with these [00:15:00] large community pools, there is a substantial subset that does not have very good security posture. So they might hit, they might get lucky on one or two or, but by attacking these large communities. Of users and these, these platforms that have a larger user base, it gives them more opportunity to leverage the data or trip over something just because people are not following this the security pro protocol.

So um, and then I give an example where, you know, I talked to an an NFL agent who had um, a, a, an athlete that, you know. He, it was an indirect attack. It wasn't, he wasn't targeted. It was indirect, but he lost all his NIL earnings. From the previous year because, you know, they were able to, I think it was his financial institution and collect, you know, get into his bank account, among other things.

[00:16:00] So the risk is there. Unfortunately, not, it's, it's not something that gets publicized. Because, you know, for individuals to say, I was hacked it's not something you want to share with people, even, you know, a lot of these student athletes don't want to share it with their closest friends because, you know, of, you know, perceived embarrassment but what that's leading to, the fact that it's not being shared, is that it's, it's not happening.

Which, which it is, you know, and you see all these NIL stories about it's, oh, how, you know, this person made this much money and this, you know, there's all these different angles of, you know, from a legal perspective, what this legislation means, but no one's taken on the subject, the very real subject of the lack of cyber security awareness and what these athletes can do to protect themselves.

And before we get into [00:17:00] like some of the best practices and what some practical things that athletes can do themselves let me, let me, like, are you familiar with the story of, like, Plug Walk Joe, who just got sentenced to five years? There's a whole host of... These this group from LULSAC, or forgot the name of their group, I, I think, I think that's them, and, or no, I'm sorry, LAPSIS, the LAPSIS group, and what they were doing is targeting, Celebrities, right?

Targeting them going after their, their accounts, and they were in part kind of compromising or exploiting the Twitter hack, like what you had mentioned, right? And when they get that, they're able to then go and bribe, right? Or coerce, or some way, get somebody at one of the mobile phone, Retail stores or, [00:18:00] or corporate offices pay them a lot of money or otherwise give them some incentives and they can conduct these SIM swapping attacks.

And by doing that, it allows them then when you log into these accounts, you know, there's usually two factor authentication, multi factor authentication, where it sends a A code or a a notice that you have to approve. Well, when they control the other person's phone remotely, then they can confirm those, right?

Reset people's passwords and have a full, complete account takeover. And with that there's several high profile and then some mid profile people that have been compromised. And there's, there was hundreds of thousands and millions of dollars taken. Right, through, through cashing out or accessing crypto, but also accessing personal banking information because they have all of their credentials.

And so... What that story means to me, and I [00:19:00] want to get your feedback, is it shows that there are groups out there that want to do this, right? Especially as somebody builds up a recognized NIL, right? You become a target, right? So the more successful you are... The higher the risk almost seems to go for for these cyber criminals because yeah, absolutely, you know, these, the college athletes are becoming just as popular.

A, as you know, the professional athletes and you know, just like with professional athletes where it's documented of, you know, it's very open information of what they make. You know, they, these marketplaces and some of these, you know, NIL websites put their evaluation of what they are worth from an NIL perspective, that you just click on their profile and you say, oh, this person's worth $3 million, this person's worth.[00:20:00] 

So, that visibility and transparency is always good, but there's, you know, when it comes to cyber... But when, but when somebody sees that, you're going to be a target, right? And you can be a target in a couple different ways. Like, there could be somebody that could just compromise your credentials and they might not work for a...

Ransomware gang or a cybercrime gang, but they'll go flip that information on the dark web. They become these groups that are known as IABs, right? Initial Access Brokers. So if they've got access into your account, they're just gonna sell the access. Make three to five thousand dollars for password and login information for several different accounts.

And that happens every day. It's, we see it for sale all the time on the dark web. And that's what I was going to say, you know, I do a lot of brand protection you know, for, for companies which, you know, part of that is, you know, looking at. the, [00:21:00] the dark web to see how their brand is being compromised.

And it's surprising one, how sophisticated it is, how it looks exactly like it would come from this person or, or organization and it's for sale. It's, it's for sale. And anyone with a few dollars in malicious intent can. You can do a lot of damage. So, so yes. And with the advance of AI, now you don't have the, it used to be a clear red flag about misspellings or improper syntax or improper grammar, right?

But all that's been solved, right? That's like the, you know, they don't have to even speak your language and they can write a Pretty persuasive email to arise emotional response and get you to want to click. I absolutely. When you combine that with, you know, The Student Athlete [00:22:00] Influencer, they're putting a lot of their personal information out there.

So, yes, they are connecting with, with their, their fans and, but at the same time, they need to consider that other people, you know, they know they like Target. They know they like this, this restaurant. Next thing you know, they've collected a lot of data that. Can be very compelling to you. That's not hard.

It's not hard to do. And you know, it's, it's scary, but you know, just some basic steps could go a long way to reduce the risk. Absolutely. And if, and in just awareness, I think it all has to start with awareness. I mean, if student athletes could be aware that when you post a video, right. And you're in front of a house or you're in front of an area.

Right? Just a five second video portion, right? They're, [00:23:00] they're the OSINT tactics that, that open source intelligence tactics that they train both ethical hackers and, and threat actors, you know, learn. These skill sets, like any, any video, I mean, this would apply to, to children and teenagers too, right? But it's, it's, it's the same kind of lesson that any disclosure of that, like you might not think, well, I didn't say where I lived or I didn't show my address.

It doesn't matter, right? They're gonna be able to tell exactly where you live. I mean, I have done it myself. I've seen it done hundreds of times. Like, they're able to part and parcel. Use all open source, free tactics to piece all these data points together and find out exactly the time of day. What direction you are facing, where you are, who lives there, who owns the property, what they pay in taxes.

You'll be surprised in a matter of about an hour to two [00:24:00] hours what could be found out. It's shocking. It blows people's minds. I know, and that's a great point. You see videos, unfortunately, and they're taking a video in front of a car. It's just fully visible and they don't think about that. You know, it's the, the, the risk, but that is just, here's the keys to a lot of information in a very short period of time.

And you can tell, right, because they're out there putting their name out there and their brand likeness and the products that they might be promoting, right. Or the other brands, then you can, you can know, okay, well they like, like you mentioned, they, they. They are promoting Target, for example. Okay, well, then you can craft social engineering tactics toward that person about Target, because the odds are they have a Target account.

Maybe they have a Target card. Maybe they have, you know, like, communication from internal branding from Target. Like, you can think of all the different Social engineering tactics that could be [00:25:00] targeted at that person. Well, if you look at, you know, it's one of the top risks or, you know, in the cyber security space, we always talk about it.

It's the human element because that's the one area you can't control. You can put devices and protocols, you know, make it the most robust. Security infrastructure, but it comes down to the weakest link, which is the human element. Yeah, it's not, yeah, security doesn't come out of a box. It's not coming out of a box, there isn't one thing that anybody can buy that's going to keep them secure.

It's just about different layers, right? Exactly, and that's why some of the biggest breaches were created by someone just... Unaware in clicking on something and [00:26:00] You know, and that's, that's the part that I see the biggest challenge in NIL is awareness or the lack there of awareness you know, and just having these conversations as a standard part of business.

You know, what, what can a student athlete do? Like, what, what are, what are some of the top best practices that somebody who's building a NIL brand? Well, I got a whole handful. I'm just curious, like, what do you, what do you, in your experience, like, what do you think they should be doing? Like, what can they do?

Clearly, just get more aware, lean in, learn a little bit about this, right? But there's, there's, there's some practical things they can all do. Yeah, so the awareness and I keep hammering on this and I realize it, but It's just amazing in all the conversations, the business conversations, not the, the sport of it, the [00:27:00] business aspect, how it is, the, I get the same reaction.

It's, you know, that makes sense, but no one's having the conversation. Right. So being aware and, and, and educating the athlete to say, look, here are all the risks. It's not a scare tactic. It's. The part of doing business, and it can be really scary if you do nothing because essentially it's not a matter of if, it's when and how severe.

so The awareness is is important. Be proactive with the conversations. When you're talking to... And I'm a little bit surprised on this one. When you work with marketing agencies and branding agencies they have an advantage. They're, they're working hand in hand with the security team, the IT team um, leadership at the company to make sure that everything that they [00:28:00] do.

With their, you know, online digital campaigns are not exposing the company from a security perspective. The same tactics are used from, you know, the NIL marketing companies, but they don't have the advantage. The student athlete doesn't have a security team to work with, and so it's important that, you know, these NIL, you know, marketing teams and, you know, the athletes have realistic conversations about the risks, because having a conversation is going to continue to Continue to expand, you know, the conversation, but also expand their knowledge.

And they're going to continue to think. But, you know, just basic things. When you turn on your computer, realize there are dangers. You know, be aware. You know, just basically, you [00:29:00] know, at first I think it's a multi phase. Keep it simple. Don't, you don't want to give them a list of 10, 20 things to do because you do that, you, you, you, they're not going to do, they're going to just say this is too much.

They have too much going on. But keep the awareness, take a security first. How many of them use the same password? You know, passwords and other basic thing. Yeah. I mean, I mean, look, I mean the, the, the, the fundamentals, like there are things you can do for yourself. First, freeze your credit, right? Like personally go in, there's no reason to not have your credit frozen all the time.

Like we tell people. Constantly to do this because it will protect you. It'll, it'll cut out 80 percent of the account takeovers, right? They're not going to be able to do anything with it. They're not going to be able to run up credit in your name. And if you want to go buy a car or an apartment or a townhome, whatever, you literally [00:30:00] press a button, you unfreeze it, they run your credit check, you press a button, you freeze it back.

Right? All three credit bureaus do that. If anybody has questions, they can reach out to you on how to do that. They can reach out to me on how to do that. It's very, very simple. It takes a, you know, it takes a little while to do. It's actually three different forms. It's maybe a half an hour of time and that's it.

And you are protected. It's a really, really smart thing. Enable multi factor authentication. What do you think about that? I mean, using it, you can, you can turn it on. Yes, it's a little inconvenient, but you can turn it on for all of your social media accounts, right? And unless they take that drastic effort of actually SIM swapping you and taking control over your phone.

Which is a pretty rare instance. It's not, that event doesn't happen every day. You're, you're, you're protecting yourself. And, like you said about the passwords, right? People can have the greatest password, and they're like, Oh, I've got this great password. And [00:31:00] they'll use it. On Twitter, and then they'll use it for Instagram, and then they'll use it for LinkedIn, and then they'll use it for their work email and everything else.

And what you have to understand is, people sell your data. There's these data brokers, right? So when you click Accept Cookies, you're sharing all your interests and all of your likes and a lot of this stuff, and your data, your password, oftentimes, gets sold, right? Whether it's hashed or not, whether it's encrypted or not, but...

A lot of your data gets sold to a third party who wants to market you and sell you products, and that data gets sold to somebody, and that data gets sold to somebody, and they could get breached. So oftentimes there's websites like Have I Been Pwned, right, which you can look at. Put your email address in, you can find it if you've been part of a breach and I encourage all of our listeners all the time to do that because I do that and I'm like, wow, I got breached by this company.

I have no idea who they are. I've never done business with them. Yeah, but they were [00:32:00] sold our data. Here, here and here, like three layers down and then they got breached, right? It was outside of our control. So, the key question is, is if they got breached from here or let's say on Twitter, are you using that same password?

Because if you are, now they know your password. For your finances, for your work email. It takes two minutes to log in and do that. And then if you don't have multifactor authentication, they're just gonna reset your password. Right? Yes. And the monitoring I think is absolutely critical because Absolutely, you're not going to stop being briefed.

You know, you're, unless if you have any sort of digital presence, you're, you're going to, at some point your information's gonna be part of the breach. Absolutely. But it's just how severe. and understanding, you know, if you're breached in that way, you can take the necessary steps to, I'm going to play it safe.

You know you know, [00:33:00] you can do, it's very easy to do, you know, once, once a week, once a month, when, you know, I'm going to check with the amount of breaches that happen. I would do it more often than not. Or there's, there's ones that I need to. You know, it's very low cost or, you know, where you can do proactive monitoring.

So you're automatically notified if your, your information has showed up. So you can be proactive in limit the damage, but to your point. A lot of these athletes are not monitoring it, they're not their passwords, they're, they're keeping it consistent throughout all their platforms, and usually it's something basic that they can remember, you know?

Right, exactly. Or, or it's something that... is reflective of of something that they admire. Like if they're a fan, they're a Steelers fan, and it's like [00:34:00] Steelers 2023 or something like that. It's like, it's so easy to figure out what you like, and then to do various variations of that password. There's software platforms that will do that.

Billions of combinations in nanoseconds, right? They can go through all of it. It's not like somebody has to type in. You know, Stealers 2023, Stealers 2022. No, it's, all those combinations are done in, billions of those combinations are done in seconds. And it, it, it can crack the password super easy. And, and that's, you know, I think part of the education.

It's, you know, not, it's no longer just, you know, a couple of people or a group of people. And yes, there are, there are cyber games, but they're using automation. They're using technology. Absolutely. I always use the one that resonates with Ticketmaster in the Taylor Swift fiasco, you know, that

was [00:35:00] not in the cyber security or technology space was just thinking that Ticketmaster's call center was not prepared for the volume of requests. And it's, they weren't prepared for a cyber attack, you know, because of the automation and the bot attacks that these cyber criminals are using, you know, they're just going, you know, seeing what they can collect in a short, you know, short amount of time.

Absolutely. Yeah. And they're very well funded. They're very bright. Like first, one of the biggest. Mistakes, I think a lot of people make is underestimating the opponent, right? They're very, very bright and thinking that they're like street criminals or street thugs. Like these people are extremely well funded.

There's been year after year. The, like, cybercrime industry has eclipped the international drug trade, [00:36:00] year after year, exponentially. So think of, you know, Pablo Escobar and how much money those guys had, and these guys have more. This is not buy big mansions type money, this is buy an island type money.

This is literally what they say on their recruiting sites for these cybercrime, right? These are, you know, millions of dollars a week. Hundreds of thousands of dollars a week involved in this and so they've got access to the greatest technology. They've got the translation skills down And they've got the wherewithal so you just have to but even so the fundamentals can block 80 90 percent of it, right?

And so many, especially student athletes, they're kind of like startups, and they're like, nobody knows me yet, I've got to get my name out there. It's like, but you've got to do that good cyber hygiene right from the beginning. [00:37:00] Yeah, you've nailed it. You know, just having, you know, a proactive approach, an aware approach, can, you know, eliminate 80 percent of the risks.

Or, you know, again, this isn't, you know, I kind of use the analogy, if you look at a car, a car is very beneficial to your day to day activity, but you don't just say, here's a car, go take it. There's, there's a process, you take some training, then, you know, once you've taken enough training, then you use it, then, you know, there are all of these rules and regulations to, to minimize your risk.

Instead of just going a hundred miles an hour not knowing where you're going and your risk is is higher So, you know, it's you know basic in a lot of ways It can look overwhelming when you see all the breaches and you see all the different ways of [00:38:00] attack But just going in it with a mindset of being aware, being proactive, and taking those little steps of MFA, of under, you know, monitoring monitoring your, your email addresses to see if they've been breached.

Freeze your account. How many people have been unaware that they've been breached? They go for a credit check, and their credit has changed significantly because someone got their credentials and was buying something.

So, what how can people get in touch with you, Tim? yOu can reach me excuse me, my website is datamolly. com, I'm a consultant or timflinn at datamolly. com. That's great. Well, thank you so much. I think this was this is a really interesting take, right? Because it kind of takes all of the lessons and the best practices that we hear, and it's a, it's a [00:39:00] slice of a really exciting part of our culture right now.

Like the, the NIL, that Name Image Licensing, those young student athletes that are building their brands, like we all see them. Right? They're all on social media and we see people pop up. We see all these rising stars. It's kind of really exciting to watch. So it's really just more of a matter of how do we keep them protected so they can keep building their brand and not get torpedoed along the way.

Absolutely. And I think the more awareness that, you know, not only with the, this, the student athletes, but the businesses that are supporting them, because at the end of the day, these are startups, you know, like a startup and just like they have to do certain things on the business end. One of the key components is that is on the security end.

Yep. Absolutely. Thank you so much, sir. We really appreciate it. Thank you. Absolutely, Tim. Thanks so [00:40:00] much. Reach out to Tim, and we thank you all for listening and watching. Great, great discussion today. Thank you.

Well, that wraps this up. Thanks for joining everybody Hope you got value out of digging deeper behind the scenes of security and cybercrime today Please don't forget to help keep this going by subscribing free to our YouTube channel at cybercrime junkies podcast and Download and enjoy all of our past episodes on Apple and Spotify podcasts So we can continue to bring you more of what matters.

This is cybercrime junkies And we thank you for joining us.