Spotting Fraud Before it's Too Late. Brett Johnson Exclusive.

Show Notes

Brett Johnson joins us to talk about spotting fraud before its too late. We discuss how to limit cyber risk for small business, ways to identify refund fraud, AI implications in cyber security today,  best policies to limit cyber liability and how can we spot fraud in business. We discuss how to protect families online, latest security expert insight, password management, and Deepfake technologies. Don't miss Brett's show too: https://thebrettjohnsonshow.com

Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

• Watch Video Episodes! And Please...Subscribe to our YouTube Channel.
  • Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
  • Submit Your Questions Direct and Find out more www.CyberCrimeJunkies.com
  • Stay up-to-date on Cybersecurity with VIGILANCE Newsletter.
• Want Gear? We love our Small Business Sponsor, BlushingIntrovert.com. has it all. Women’s clothing, cool accessories supporting Mental Health Research. https://blushingintrovert.com

Transcript

spotting fraud before it's too late Brett Johnson Exclusive.

spotting fraud before it's too late, ai implications in cyber security today, behind scenes cyber criminals, best policies to limit cyber liability, best practices fraud protection, best practices identifying fraud, best ways to protect business from cyber crime, do americans value their personal data, effective ways to protect business from cybercrime, how can we spot fraud in business, how small businesses can limit cyber liability, how to limit cyber liability, how to protect families online, latest security expert insight, password management, password security in cyber security,



If you don’t know his  name you have likely seen him on national TV shows like Pirce morgan, FOX, CBS Dateline, Youtube and others and  he is an international public speaker..


Brett Johnson (00:00.726)
Hehehehe

D Mauro (00:01.563)
They're gonna just boot us out eventually. So welcome everybody to Cybercrime Junkies, the FBI most wanted cyber criminal, now good guy, former US Secret Service target and then the US Secret Service actually noted and called this gentleman the original cyber crime godfather, host of the Brad Jotson show. I encourage everybody to check it out.

will be in our show notes and a new show that he's got called Criminal Thoughts, the Criminal Thoughts podcast, which I believe is part of, we'll get into this, I believe it's part of the Brett Johnson show. That's outstanding as well. Brett, sir, welcome to the show in the studio. David, it has been a minute and thank you for having me back. Oh, you are always welcome, sir. Your insight, your experience and

Brett Johnson (00:49.774)
David, it has been a minute and thank you for having me back.

D Mauro (00:59.739)
The way that you can see through the BS of what we are seeing out there is always interesting. Oh, it's crazy. So, well, let's start off with what we were talking about backstage. So what do you think of our new studio? Like this is our new studio. I like it. It's pretty nice. Like look at the... it's got tall ceilings and stuff. I like the FBI hat in the back. Yeah, you like it? It's actual? Yeah. Yeah, you know, I have been, I've taught it...

Brett Johnson (01:07.146)
Oh, it's crazy. I mean, it is.

Brett Johnson (01:15.562)
I like it. Yeah. I like the FBI hat in the back.

Yeah, you know, I have been, I've taught it, well, I've lectured at Quantico, and I have not, I've got the challenge coin, the t-shirts, I've not gotten the hat, I'm jealous right now. Yeah.

D Mauro (01:27.999)
Lectured at Quantico. Yeah, and I have not I've got the challenge coin the t-shirts. I've not gotten a hat I'm jealous. I get the hat man. Yeah, I'll My wife has a store. I'll have her make you one. It's just very well I'm actually meeting we want the originals though You don't want to just make up one like then that's just that's anybody can do that The real ones are the cool stuff. So what were you gonna say? Sorry?

Brett Johnson (01:41.187)
Well, I'm actually meeting with, I've got a meeting scheduled.

Brett Johnson (01:53.93)
I say I've got a meeting scheduled with some law enforcement individuals and I'm going to ask them, hey, get me back at Quantico at the CISO Academy so I can get a frigging hat.

D Mauro (01:54.507)
I say, I've got a meeting scheduled with some law enforcement individuals, and I'm going to ask them, hey, get me back at Quantico at the CSUN Academy so I can get a frigging hat. Absolutely. So, for those that might not know you, tell us a little bit about you. Let's say we're at a dinner party and we meet, and I'm like, hi, I do investment banking on Wall Street. What do you do? Like...

What do you say to that guy? Like, how do you introduce yourself? Well, it's interesting how I introduce myself. At a conference, typically what I'll do is I'll walk up to someone and I'll say, Hi, I'm Brett Johnson, criminal. And he's still in the hand. Just criminal and you just gauge their facial expression. Just let it drop right there. Okay. So that's what I do at a conference. You know, if I'm really talking to someone,

Brett Johnson (02:27.734)
Well, it's interesting how I introduce myself. At a conference, typically what I'll do is I'll walk up to someone and I'll say, hi, I'm Brett Johnson, criminal, and extend the hand.

Brett Johnson (02:43.382)
just let it drop right there. So that's what I do at a conference. You know, if I'm really talking to someone, and here's what's important, you know this, David, I am not, there's no pride to be had in stealing money from people, all right? There's not. Yeah.

D Mauro (02:51.731)
And here's what's important, you know this David, I am not, there's no pride to be had in stealing money from people. Oh, of course not. No, but the story in the arc is where the value is. Yeah, so you know, the Secret Service, as you pointed out, they called me the original internet godfather. And the way I got the title was I pled guilty to 39 felonies. I was on the United States most wanted list. I had an escape from prison. So not one.

Brett Johnson (03:06.782)
Yeah, so, you know, the Secret Service, as you pointed out, they called me the original Internet Godfather. And the way I got the title was I pled guilty to 39 felonies. I was on the United States most wanted list. I had an escape from prison.

D Mauro (03:22.023)
Not one felony. Not ten. Right. You did 39. Right. You're like if I want like I want Travis Kelsey numbers, I want like Michael Jordan numbers. If I'm going down, I want 39 of them. So wow, that was a bad day. It was it was not a good day. That's not a good day. The actual indictments there were like 70 felonies. There was a bunch in the actual indictments.

Brett Johnson (03:23.431)
Right.

Brett Johnson (03:42.166)
It was not a good day. So the actual indictments, there were like 70 felonies that I was indicted for. Yeah, the plea agreement came down to 39 and I happily agreed to plead guilty to those because if I would have taken it to trial, I would have gotten a lot of prison time.

D Mauro (03:51.087)
we talked about. Yeah, the plea agreement came down to 39 and I happily agreed to plea guilty to those because if I would have taken it to trial, I would have gotten a lot of prison time. Yeah, exactly. And we would not be doing this podcast. Oh, I mean, maybe I could come visit. I have gone and visited prisons and stuff, but I don't like the food. So, right. But you know, it's, I was, it was interesting. I was talking to a kind of buddy of mine, Matt Cox over at Inside True Crime.

Brett Johnson (04:02.974)
We would not. We would not.

Brett Johnson (04:09.578)
Right. But you know, it was interesting. I was talking to a buddy of mine, Matt Cox over at Inside True Crime. And we were talking about this. You know, it's the story, you know, that life of crime that opens a door for me. But once that door is open, you see, do I have any value in today's world? And it turns out I do. So, you know, I use that story to open a door.

D Mauro (04:19.759)
And we were talking about this, you know, it's the story, you know, that life of crime that opens a door for me. But once that door is open, you see, do I have any value in today's world? It turns out I do. So, you know, I use that story to open a door. And then at that point, I kind of forget about that story. We talk about today's fraud and cybercrime and the problems in cybersecurity and things like that. Well, look, everybody makes mistakes in life. We all do.

Brett Johnson (04:36.646)
And then at that point, I kind of forget about that story and we talk about today's fraud and cyber crime and the problems in cybersecurity and things like that.

D Mauro (04:48.971)
Everybody has done some things, right? Not necessarily to the degree and scale, but when there's greatness and you do things well, right? You're like, okay, I stole a candy bar. Well, okay, that's fine. Don't do that, right? Bad. But when you're really good at something, right? You create Shadow Crew on the dark web and you amass

of fortune and draw attention and have people underneath you that have been subject of several of my episodes. I'm still wondering where Jerry Cotton was. If you don't know that episode, please go check out our episode. All our episodes are free here at Cyber Crime Junkies. You can find them on cybe or on our YouTube channel. But please look at the Jerry Cotton episode because I still think he's alive. I'm still convinced that he will resurface.

And he by, he ran for those who don't remember, he ran the largest, most anti-fraud, like certified by the Canadian government as part of the anti-fraud league up there. The anti-fraud crypto exchange, one of the largest, the largest in Canada at the time, and then immediately disappeared at the age of like 30, 31, allegedly died in a little town in India, which is known for.

where people can recreate their identities. And there's like hundreds of millions of dollars missing. They're all gone. Nobody's ever seen the body. They don't know where he is, but it's a long story, but check that episode out. Anyway, he used to work. No, it's well worth watching. He used to work. Really is. For Shadow Crew under this fine gentleman here, where they would sell, among other things, among like Weber grills and.

Brett Johnson (06:30.41)
Nah, it's well worth watching. Really is.

D Mauro (06:43.959)
hats and other stuff they would also sell like Amazon they would also sell like identities. So he knew how to do that was my point. So that's all I wanted to say. That's why I'm going to bump into him. To give my own plug, Cyber Crime Junkies you should not miss out on all of the episodes. That episode is very good, but David does an outstanding job. So absolutely tune into it. Well, I am humbled, but thank you very much. So let's, so...

Brett Johnson (06:55.418)
No, and just to give my own plug, Cybercrime Junkies, you should not miss out on all of the episodes. That episode's very good, but David does an outstanding job, so absolutely tune into it.

D Mauro (07:10.383)
Brett Johnson. So, and the point is, is look, everybody, like people do bad things, but some people don't learn, Brett, like some people don't ever change because, you know, you can, you can make more money faster criminally sometimes, right? In a short term, but long-term it's not sustainable. So you've learned and you have dedicated your life for a long time now doing a lot of good and dedicating your life.

protecting organizations, a global, well-in-demand speaker. You've been interviewed by the finest. I'm not included in them. I'm just lucky that you're here. Yes, you are. But no, but like Lex Friedman, are you gonna be on Piers Morgan too? I am. Wow, that's big. That's huge. Well, you can't make him mad.

Brett Johnson (07:47.914)
Yes you are.

Brett Johnson (07:54.148)
I am.

Brett Johnson (08:00.138)
Yeah.

D Mauro (08:02.907)
That you can't do to him what you did to that other guy. What are you gonna? Doesn't he always already start out mad over there? He kinda does. He's gonna say a couple quips and I know the hair on the back of your neck is just gonna go up. You're gonna be like, listen Pierce, like let me tell you, I am outside your house with a telescope and a box of donuts. Let me tell you that. Like, don't you go there. That'll be an interesting one. When is that coming up?

Brett Johnson (08:06.538)
Doesn't he always already start out mad over there at Pierce? Yeah.

Brett Johnson (08:32.458)
So they're supposed to reach out to me this week to set a date. I am not sure if that's going to be remote or in person. So I guess we'll have to see on that.

D Mauro (08:32.783)
Is it set yet? They're supposed to reach out to me this week to set a date. I am not sure if that's going to be remote or in person. So I guess we'll have to see on that. In person would be exciting. I'm hoping for that. Yeah, that would be great. They do a lot remotely though now. Yeah. You know? So, I didn't know that channel is evidently one of the fastest growing YouTube channels on the planet right now. Oh yeah.

Brett Johnson (08:42.78)
I'm hoping for that.

Brett Johnson (08:50.378)
But I didn't know that channel is evidently one of the fastest growing YouTube channels on the planet right now.

Yeah, hopefully, hopefully it will translate into my podcast and YouTube channel, getting some more subscribers.

D Mauro (08:58.199)
It's big. Well, I mean, he's got hopefully it will translate into my podcast and YouTube channel, getting some more subscribers. Yes, absolutely. Which is what we can all use because it just it's that algorithm, man, that algorithm just kind of beat you up. We got good content and then nobody sees it. So like, yeah, we've got good. You've got good content. I like to think I do and you definitely just we don't talk about the stuff that mass audiences really well if we insert

Brett Johnson (09:08.331)
Yes.

Brett Johnson (09:14.378)
Yeah, we've got good, you've got good content. I like to think I do. And you know, it's just, we don't talk about the stuff that mass audiences really want to listen to.

D Mauro (09:24.779)
Like taylor swift into every sentence that we talk about it might work Like yes, so that is a great point brett. You're like the taylor swift of cybercrime Like we could just say that and then the algorithm will pick that up and be like hey These guys are talking about taylor. I think we need to listen to them Tell you what i'm going to do tomorrow. I'm recording an episode where i'm calling out this refund.ai company I posted on linkedin about that today. I saw that

Brett Johnson (09:28.438)
Yes.

Brett Johnson (09:44.962)
Tell you what I'm going to do tomorrow. I'm recording an episode where I'm calling out this, this refund.ai company. I posted on LinkedIn about that today. During that episode, I will refer to myself as the Taylor Swift of cyber crime.

D Mauro (09:54.927)
During that episode, I will refer to myself as the Taylor Swift of CyberCry. It was coined here. Exactly. You are, give me a plug, you are the Taylor Swift of CyberCry. You're really, like it's all authentic. You originated, you wrote it, and think about it, like she did where she has to recreate her old albums but make them better today. That's what you're doing. You're taking the lessons you've learned, you're recreating them new. It's like you had a...

Brett Johnson (10:02.73)
Exactly, I'll give you full credit.

Brett Johnson (10:20.106)
I like it.

D Mauro (10:24.975)
bed contract with some record company, man. That's all it was. At the end of the day. Yeah, except this record company was the federal government. Yeah, and they can kick our butts. But yeah, that's the issue. So we've got some good topics today to talk about. One of the ones is what we were talking about earlier before we started this recording. And that was the story of Joshua Moses. So for those who don't know...

Brett Johnson (10:29.603)
Yeah, except this record company was the federal government.

Brett Johnson (10:35.213)
Hahahaha

D Mauro (10:53.211)
who Joshua Moses is. Brett, could you just explain to us who he claims to be? And then let's digest a little bit of your recent episode, which I encourage everybody to go see at the Brett Johnson show, Criminal Thoughts, you can find the interview of Joshua Moses. Very interesting topic. As soon as I started watching it, I felt uncomfortable. It like started, I felt like I was in, I felt like a kid again, and my dad was yelling at my brothers. Like that's what I felt like.

Brett Johnson (10:58.562)
Sure.

Brett Johnson (11:21.538)
HAHAHA

D Mauro (11:23.183)
You know what I mean? I was like, oh my God, like somebody's getting in trouble. And I don't know my basketball. I mean, what do I do? I can't go play basketball. It's dark out. What do I do? So, well, so Joshua Moses, he reached out to me. He was on the Matt Cox YouTube channel. Matt told him about me. So Joshua reaches out to me because I'm this guy that I will help you if you are trying to gain some traction in cybersecurity. If you've

Brett Johnson (11:26.862)
Thanks for watching!

Brett Johnson (11:32.458)
Well, so Joshua Moses he reached out to me he was on the Matt Cox YouTube channel Matt told him about me So Joshua reaches out to me because I'm this guy that I will help you If you are trying to gain some traction in cybersecurity if you've if you've led that nair-do-well life And you've turned your life around. I'm more than happy to try to assist you So we have a phone call and during this phone call. He tells me that he used to work for

D Mauro (11:49.707)
If you've led that ne'er-do-well life and you've turned your life around, I'm more than happy to try to assist you. Absolutely. So we have a phone call And during this phone call, he tells me that he used to work for He says the dni And i'm like dni so for listeners can explain what that is Department of national intelligence. I think is what that is So it's like

Brett Johnson (12:00.75)
He says the DNI and I'm like, that's interesting. Yeah. Department of National Intelligence, I think is what that is. So it's like, so you've got the CIA, you've got military, you've got all these different intelligence agencies and DNI is one of those. It's a big one. Okay. So he tells me this and he makes the statement that after he was convicted of

D Mauro (12:14.071)
So you've got the CIA, you've got military intelligence, you've got all these different intelligence agencies and D&I is one of those. It's a big one. So he tells me this and he makes the statement that after he was convicted of breaching Walgreens, he got away with trying to steal $1.7 million from PayPal and he claims to be this huge hacker from the mid 90s.

Brett Johnson (12:30.37)
breaching Walgreens, he got away with trying to steal $1.7 million from PayPal, and he claimed to be this huge hacker from the mid-90s, late 90s through early 2000s, when I was doing my bullshit. So he makes a statement that he worked with this intelligence agency, did not lose his

D Mauro (12:42.499)
when I mid to late nineties through early 2000s when I was doing my bullshit. Right. So he makes a statement that he worked for this intelligence agency, did not lose his intelligence clearing security clearing, but it timed out on him. And then later on after he was convicted, was able to regain that security clearance again. That was our phone call.

Brett Johnson (12:59.154)
it timed out on him and then later on after he was convicted was able to regain that security clearance again. That was our phone call. When he tells me that, yeah.

D Mauro (13:11.207)
Okay, hang on. So what's your impression when you hear that?

Brett Johnson (13:17.322)
So my impression, the reason I contacted him, he contacted me and I agreed to the phone call, he used a screen name that I remember from Shadow Crew, and that screen name was called Havoc, all right? So I had actually spoken to that real individual back in the day, and he was a fairly competent person. Now Joshua Moses is not that individual. But what got me was

D Mauro (13:17.891)
So my impression and the reason I the reason I contacted him or he contacted me and I agreed to the phone call He used a screen name that I remember from Shadow Crew. Oh Name was called Havoc. All right, so I had actually spoken to that real individual back in the day And he was a fairly competent person now Joshua Moses is not that individual But what got what got me was?

Brett Johnson (13:45.126)
on the phone was him saying that he had defrauded PayPal. And I was like, yeah, that could have happened. I hadn't really did any research on him whatsoever at that point in time. So as he's telling me about the security clearance, well, I mean, I've never had a security clearance, but I know people who have, and I know what that whole process is about and how often it happens. And when you don't get it, cause he was not only convicted of a felony, but he was also addicted to drugs.

D Mauro (13:45.599)
on the phone was him saying that he had defrauded PayPal. And I was like, yeah, that could have happened. I hadn't really did any research on him whatsoever at that point in time. So as he's telling me about the security clearance, well, I mean, I've never had a security clearance, but I know people who have, and I know what that whole process is about and how often it happens. And when you don't get it, cause he was not only convicted of a felony, but he was also addicted to drugs.

Brett Johnson (14:14.978)
So that right there is an automatic, you're not going to get clearance. Yet here he is saying he was able to get clearance. I'm like, okay. So I hang up with him and I immediately I'm like, you know, who is this guy? So I start searching him. I start paying attention to some other podcasts he had done, some articles that he had written, trying to find all the information I can about him. And it turns out a lot of his story simply did not add up.

D Mauro (14:15.463)
So that right there is an automatic you're not going to get clearance. Yet here he is saying he was able to get clearance. I'm like, okay. So I hang up with him. And I immediately I'm like, you know, who is this guy? So I start searching him. I start paying attention to some other podcasts he had done, some articles that he had written, trying to find all the information I can about him. And it turns out a lot of his story.

simply did not add up. For example, he's got a blog. And his blog articles are plagiarized. When he was confronted with that on my show, he says, well, I didn't plagiarize them. I used chat GPT. To which I later tell him, hey, chat GPT doesn't plagiarize. I've used it, too. So he was plagiarizing articles. He fabricated the story about being a hacker, about stealing $1.7 million off of PayPal and getting away with it.

Brett Johnson (14:44.142)
For example, he's got a blog, and his blog articles are plagiarized. When he was confronted with that on my show, he says, well, I didn't plagiarize them. I used chat GPT, to which I later tell him that, hey, chat GPT doesn't plagiarize. I've used it too. So he was plagiarizing articles. He fabricated this story about being a hacker, about stealing $1.7 million off of PayPal and getting away with it.

None of it was adding up at all. He goes on the Matt Cox show. He's got his own podcast that he's trying to launch as well. Those two stories don't match each other that he tells. Then he gets on my show and he tells something completely different. For example, on my show he said he had never been convicted of a crime until I pull his arrest record out and start going through some of the check fraud convictions that he had. Then he admits, well, yeah, I wasn't talking about those. It was just a continual lie all the way around.

D Mauro (15:11.207)
None of it was adding up at all. He goes on the Matt Cox show. He's got his own podcast that he's trying to launch as well. Those two stories don't match each other that he tells. Then he gets on my show and he tells something completely different. He had, like for example, on my show, he said he had never been convicted of a crime until I pulled his arrest record out and start going through some of the check fraud convictions that he had. Then he admits, well, yeah, I wasn't talking about those. So it was just a continual lie all the way around.

Brett Johnson (15:41.618)
Not much else to say about it other than that. My issue, yeah, it's public record. And the thing about it is, this is one of the problems that we have not only in cybersecurity, but I think that across our society, someone says that they are something, or someone presents you with a resume that looks good.

D Mauro (15:42.199)
Not much else to say about it. He knows that stuff's public record, right? Yeah, it's public record. Yeah. And the thing about it is, this is one of the problems that we have not only in cybersecurity, but I think that across our society, someone says that they are something, or someone presents you with a resume that looks good.

Brett Johnson (16:08.554)
And a lot of us don't verify anything. We just take that at face value and run with it. That's exactly right. So you take someone like Joshua Moses, someone who claims to be this upper tier hacker, computer guru that was never convicted of anything or never went to prison for these crimes, that would tend to open a door. That might get you an interview and potentially a job.

D Mauro (16:09.179)
and a lot of us don't verify anything. We just take that at face value. We trust before we verify. That's exactly right. So you take someone like Joshua Moses, someone who claims to be this upper tier hacker, computer guru that was never convicted of anything or never went to prison for these crimes, that would tend to open a door that might get you an interview and potentially a job.

Brett Johnson (16:35.83)
But what happens when you get in that position and all of a sudden you don't know what you're talking about? So you not only become a detriment to the employer, but maybe even a danger to the employer because this guy was absolutely addicted to drugs. The way he was acting on the show, he may still have some drug issues.

D Mauro (16:36.495)
But what happens when you get in that position and all of a sudden, you don't know what you're talking about. So you not only become a detriment to the employer, but maybe even a danger to the employer because this guy was absolutely addicted to drugs. And the way he was acting on the show, he may still have some drug issues. Yeah, you notice some things.

Brett Johnson (17:01.298)
Yeah, he likes to scratch a lot during the show. He's doing a lot of sniffing during the show, stuff like that.

D Mauro (17:02.027)
Yeah, he likes to scratch a lot during the show. Yeah. He's doing a lot of sniffing during the show, stuff like that. Yeah. And you mentioned that he had gone by the username Havoc, and you knew that person back from your days of Shadow Crew. So how could you tell that he wasn't the same guy? Because you had spoken to him before. So the story that he tells...

Brett Johnson (17:17.783)
did.

Brett Johnson (17:25.706)
So the story that he tells, he says that he stole 1.7 million off of PayPal, and he gives a very specific timeline for when that happened. And in one of his interviews, he said that he used a prepaid debit card. So I was the guy that across the entire cybercrime spectrum, I'm the first guy that ever used prepaid debits.

D Mauro (17:28.691)
he says that he stole 1.7 million off of PayPal and he gives a very specific timeline for when that happened. And in one of his interviews, he said that he used a prepaid debit card. So I was the guy that in across the entire cyber crime spectrum, you would have been able to pro you would have processed that purchase of the prepaid debit card. Right? I mean, I knew that game like nobody's business. So he says he used this account now card in the story that he told it. And again, it raised these

Brett Johnson (17:50.106)
Right. I mean, I knew that game like nobody's business. So he says he used this account now card and the story that he told it, and again, it raised these, these hackles on the back of my neck. He tells a story that he was receiving these mail advertisements, physical mail, trying to get him to open up an account now card. Well, back when he was saying this crime was being committed in 2002, they weren't sending out physical advertisements for these cards. They didn't even call them prepaid debit cards. They

D Mauro (17:58.499)
these hackles on the back of my neck. He tells a story that he was receiving these mail advertisements, physical mail, trying to get him to open up an account now card. Well, back when he was saying this crime was being committed in 2002, they weren't sending out physical advertisements for these cards. They didn't even call them prepaid debit cards. They called them payroll cards at that point in time because they were marketed toward Hispanic workers.

Brett Johnson (18:18.926)
pre-payroll cards at that point in time because they were marketed toward Hispanic workers. It was only later that they rebranded that understanding that 35% of Americans are unbanked to begin with and they started marketing toward those individuals. Account Now wasn't around when he was saying that he was committing the crime. So he was telling this story and I'm like, that just doesn't sound right. Then he tells a story about how PayPal doesn't call federal law enforcement. They literally call his local PD.

D Mauro (18:25.871)
It was only later that they rebranded that understanding that 35% of Americans are unbanked to begin with and they started marketing for those individuals. Account Now wasn't around when he was saying that he was committing the crime. So he was telling this story and I'm like, that just doesn't sound right. Then he tells the story about how PayPal doesn't call federal law enforcement. They literally call his local PD, which didn't make sense either. No.

Brett Johnson (18:49.846)
which didn't make sense either. So I start to research all of this and it's like, no, none of that matches up. None of it matches up. He's not able to tell how he was identified by PayPal. He obviously, he admits to committing identity theft and breaching and all this other stuff and says, you know, there just weren't any laws on the books that would have gotten me arrested at that point in time. I'm like, yeah, dude, there were. Absolutely there were laws. Yeah. So this is this guy.

D Mauro (18:53.211)
So I start to research all of this and it's like no none of that matches up none of it matches up He's not able to Tell how he was identified by paypal He uh, he obviously he admits to committing identity theft and breaching and all this other stuff and says, you know There just weren't any laws on the books that would have gotten me arrested at that point in time I'm like, yeah, dude, there were yeah, there were absolutely there were laws. Yeah Okay, so we we've given him more airplay than he deserves

But it is an interesting story that is indicative of one of the topics we were going to talk about and that is like fake resumes and profiles in cybersecurity. You had you, you have an interest in this and I'd like to explore it. So what are you seeing? I do know it is related in many aspects to deepfakes because I do know back in July of 22, the FBI issued that

Brett Johnson (19:24.107)
Yeah.

Brett Johnson (19:37.643)
Hmm?

D Mauro (19:50.783)
about remote workers applying for jobs at companies in the US, and there was over 200 examples where this has happened, where they would obtain a job using deep fake technology, fake voice, fake image on a Zoom interview, fake resume, right? And then they would get access, they would be onboarded, they would begin, and then they would go into the systems and steal that

D Mauro (20:20.887)
It's a crime, right? It's just, it's fraud. It's really not a hack because there's no technical skill or exploit or vulnerability or code being issued. It's impersonation, right? And then they get in, they exfiltrate all the data, fancy word for steal. So what is your take? What are you seeing? What are some of the stories and things that are concerning you regarding that?

Brett Johnson (20:50.166)
You know, the most concerning thing to me right now, Frank on fraud, Frank McKenna, he posted an article on his blog about bite dance and their real-time deep fakes that they're able to do now, deep fake audio, so that now it's possible for me to call a potential victim, say in the payroll department, and I can sound exactly like the CEO of the company and I can tell that victim in real time having a real-time conversation with that individual.

D Mauro (20:50.659)
You know, the most concerning thing to me right now, Frank on fraud, Frank McKenna, he posted an article on his blog about bite dance and their real time deep fakes that they're able to do now, deep fake audio. So that now it's possible for me to call a potential victim, stay in the payroll department, and I can sound exactly like the CEO of the company. And I can tell that victim in real time having a real time conversation with that individual.

Brett Johnson (21:19.17)
send the money someplace else. That is a very worrying trend. And so right now, bite dance. Yeah.

D Mauro (21:19.975)
to send the money someplace else. Wow. That is a very worrying trend. Well, that goes to correct. So right now, ByteDance. Yeah. So how is ByteDance related? So ByteDance is owned by, I mean, ByteDance is the TikTok people, right? Right. They scrape all the data on the planet, get all the information on the planet, then they use it to make products like this. Now the interesting thing is, and you know this data. So ByteDance owns one of the platforms.

Brett Johnson (21:33.262)
So ByteDance is owned by, I mean, ByteDance is the TikTok people, right? They scrape all the data on the planet, get all the information on the planet, then they use it to make products like this. Now the interesting thing is, and you know this David.

D Mauro (21:48.151)
that is creating the AI voice coding. Right. Got it. Okay. So, and the thing is, is that you get a tool like this. Right now, it's owned by ByteDance. They've not released it to the public at all. But we know that since it's been created, we're going to have public access to something very similar to that. Absolutely. Criminals are very good about using off-the-shelf products and services. They don't really create much of anything on their own.

Brett Johnson (21:50.826)
Right. Okay. So, and the thing is, is that you get a tool like this, right now it's owned by ByteDance. They've not released it to the public at all, but we know that since it's been created, we're going to have public access to something very similar to that. Criminals are very good about using off-the-shelf products and services. They don't really create much of anything on their own. So, they're going to use one of these off-the-shelf...

D Mauro (22:17.759)
So they're going to use one of these off the shelf deep fake systems to launch business email compromise attacks, social engineering attacks, social media attacks. The thing you were talking about employees gaining insider access that makes that extremely effective all of a sudden. So this is the problem that we're facing and that's just the audio part. We're going to get to real time video as well. I really fear.

Brett Johnson (22:19.074)
deep fake systems to launch business email compromise attacks, social engineering attacks, social media attacks. The thing you were talking about, about employees gaining insider access, that makes that extremely effective all of a sudden. So this is the problem that we're facing, and that's just the audio part. We're going to get to real-time video as well. I really fear that we're going to get to the point where we as a society, maybe across the planet worldwide.

D Mauro (22:44.047)
that we're going to get to the point where we as a society, maybe across the planet world, we get to the point where we don't trust anything online anymore. Right. Well, and that will torpedo the ability to leverage the advances in technology, right? Because technology, for the most part, can make our life so much better, faster, more productive, a healthier society, et cetera, when done properly. So- When done properly. Yeah.

Brett Johnson (22:48.938)
we get to the point where we don't trust anything online anymore.

Brett Johnson (23:10.058)
when done properly. So the fake profiles, man, I mean that's, so yeah, you've got the insider, it gives you insider access, absolutely it does. Today on LinkedIn, I'm calling out a company called Refend.ai. Three of these, three students from Berkeley, brilliant kids. They go off and they invent this product called, or this company called Refend that identifies

D Mauro (23:12.791)
Well, that's a legitimate concern. The fake profiles, man. I mean, that's... So yeah, you've got the insider. It gives you insider access. Absolutely it does. Today on LinkedIn, I'm calling out a company called Refend.ai. Three of these, three students from Berkeley. Brilliant kids. They go off and they invent this product called, or this company called Refend that identifies...

Brett Johnson (23:40.014)
a certain type of refunding fraud that merchants are being hit with. I had a call with them. They hounded me late November, early December. R-E-F-E-N-D.

D Mauro (23:41.007)
certain type of refunded fraud that merchants are being hit with okay and it's a refund it's REF late November early I'm sorry REF END yeah I refund okay yeah so they I had a call with them late November early December of last year and during that call I meet the three founders two of the founders tell me that the reason that their product is so good

Brett Johnson (23:53.322)
Yeah. So, I had a call with them late November, early December of last year. And during that call, I meet the three founders. Two of the founders tell me that the reason that their product is so good and that it's so effective is because they used to be refund fraudsters.

D Mauro (24:07.327)
and that it's so effective is because they used to be refund fraudsters.

Brett Johnson (24:13.118)
Yeah. So I didn't expect the company to go public as quickly as it did. It goes public, what, two weeks ago. And today I posted, hey, these guys are former criminals, maybe even current criminals. The chances of them being indicted are pretty good because the feds are busily rounding up hundreds of refunders this year. So are you going to let that wolf into the hen house? And to top it off, I've got recordings.

D Mauro (24:13.719)
Yeah. I didn't expect the company to go public as quickly as it did it goes public what two weeks ago and Today I posted hey these guys are former criminals. Maybe even current criminals the chances of them being indicted Are pretty good because the feds are busily rounding up hundreds of refunders this year, right? So Are you going to let that?

wolf into the hen house and to top it off i've got recordings of them admitting that they were engaged in refunded fraud oh they oh my gosh so yeah oh wow yeah and they oh and it was there an ipo they actually went public no they have no vc funding whatsoever they're a privately owned company okay but the thing is they're already hooked up with um

Brett Johnson (24:42.302)
of them admitting that they were engaged in refunded fraud.

Brett Johnson (24:57.262)
No, they have no VC funding whatsoever. They're a privately owned company. But the thing is, they're already hooked up with... They're in talks with Shopify, they're in talks with Loop Returns, a few other companies as well, because these companies really have a problem. Yeah, these companies really have a problem with refunding fraud. So if you have a product that can identify a certain part of that fraud, it becomes very valuable.

D Mauro (25:07.183)
They're in talks with Shopify, they're in talks with the group, returns, few other companies as well. eBay, right? eBay. Yeah. These companies really have a problem with refunding fraud. So if you have a product that can identify a certain part of that fraud, it becomes very valuable to those companies. The problem is, is that you're potentially letting in a group of fraudsters who...

Brett Johnson (25:25.93)
those companies. The problem is that you're potentially letting in a group of fraudsters who we don't know if they've actually stopped committing the crime or if they're likely to go back to committing the crime or if they are maybe going to share some of the proprietary information with their former fellow fraudsters on Telegram.

D Mauro (25:32.479)
We don't know if they've actually stopped committing the crime or if they're likely to go back to committing the crime Or if they are maybe going to share some of the proprietary information with their former fellow fraudsters on telegram, right? So, you know full disclosure somebody needs to know that stuff before they make a decision whether to hire this company or not Absolutely So you had a post and you've written about recently some people that I mean a lot of people have

Brett Johnson (25:45.77)
So, you know, full disclosure, somebody needs to know that stuff before they make a decision whether to hire this company or not.

D Mauro (26:01.279)
side gigs, right? A lot of people have Shopify shops, they have craft stores on Etsy, they have eBay shops. It's been going on for decades, right? A lot of people do it. And there's been a, seems like a massive influx on like refund fraud, right? How does, I mean, you had a recent article that you wrote about somebody that was just getting out of eBay after years of doing it.

And how does it work? Like, can you just explain to the listeners, how does that, just generally speaking, how does it work? Somebody buys something, but then they return it, but somehow they're able to still keep the product and then never have to pay for it, right? So when we're talking about refunded fraud, to give you an idea of how prolific this type of fraud has become, an article came out, I think USA Today put this out two days ago, talking about some of the numbers. Last Christmas season.

Brett Johnson (26:45.326)
Sure. So, when we're talking about refunding fraud, to give you an idea of how prolific this type of fraud has become, an article came out, I think USA Today put this out two days ago, talking about some of the numbers. Last Christmas season, the amount of refunding fraud, $26.7 billion. All right. Of all the returns that were initiated, the estimate is 16% of those were fraudulent returns.

D Mauro (27:00.539)
The amount of refunded fraud, $26.7 billion. Of all the returns that were initiated, the estimate is 16% of those were fraudulent returns. So we're talking about a very huge amount of fraud here. Now, the way that's committed, you get someone that orders a product. It can be a laptop, a cell phone, a swimming pool, filter, what have you.

Brett Johnson (27:14.358)
So we're talking about a very huge amount of fraud here. Now, the way that's committed, you get someone that orders a product. It can be a laptop, a cell phone, a swimming pool filter, what have you. Once they get it in, depending on the company that they're trying to defraud, they can tell the company that they didn't arrive, that it didn't arrive, sometimes the company will send out a replacement.

D Mauro (27:30.067)
Once they get it in, depending on the company that they're trying to defraud, they can tell the company that they didn't arrive at some, that it didn't arrive, sometimes the company will send out a replacement. Sometimes they'll say, well, you know, the box arrived, but it wasn't in the box. The company will send out a replacement. Or sometimes the most effective reason is you tell the company, that merchant, that you're going to return that product for a refund. That merchant will issue you a return label.

Brett Johnson (27:39.998)
Sometimes they'll say, well, you know, the box arrived, but it wasn't in the box. The company will send out a replacement. Or sometimes the most effective reason is you tell the company, that merchant, that you're going to return that product for a refund. That merchant will issue you a return label that you affixed to a box and send that product back. What criminals can do, it's called FTID, fake or false tracking identification. They can manipulate the shipping label

D Mauro (27:58.843)
that you affixed to a box and send that product back. What criminals can do, it's called FTID, fake or false tracking identification. They can manipulate the shipping label to make it look like the merchant has received the item back, but they never do. The merchant thinks they have, they give the money back, criminal gets to keep the product, and they get their money back at the same time.

Brett Johnson (28:10.286)
to make it look like the merchant has received the item back, but they never do. The merchant thinks they have, they give the money back, criminal gets to keep the product, and they get their money back at the same time. So that's this type of fraud that we're talking about. It actually redefines cybercrime as we know it today. Most criminals today begin with refunding fraud and then immediately start making money, use that to bankroll their education and other forms of fraud.

D Mauro (28:24.803)
So that's this type of fraud that we're talking about. It actually redefines cybercrime as we know it today. Most criminals today begin with refunding fraud and then immediately start making money, use that to bankroll their education and other forms of fraud. Right. And then move on to ransomware as a service or whatever it might be. Exactly. Wow. So yeah, it's very prevalent. I mean, it's prevalent and this goes beyond the digital realm.

Brett Johnson (28:44.215)
Exactly.

D Mauro (28:52.971)
Also, because you see this happening at the Target stores and other things where people are kind of doing this very similar thing, right? They're- Right, so think about Target or Walmart resellers, or if you're trying to sell a watch on Chrono24, any platform that allows those third party sellers. It's very easy for someone, a criminal like I used to be, to go in and defraud those people. I go and I order a watch, like I've got a Tudor on.

Brett Johnson (29:01.026)
Right, so think about Target or Walmart resellers or if you're trying to sell a watch on Chrono24, any platform that allows those third party sellers. It's very easy for someone, a criminal like I used to be, to go in and defraud those people. I go and I order a watch, like I've got a Tudor on. So if I wanted another Tudor for free, I would order the Tudor, get it in, and then I would tell the buyer that I'm going to return it.

D Mauro (29:20.675)
So if I wanted another tutor for free, I would order the tutor, get it in, and then I would tell the buyer that I'm going to return it. Okay, if the buyer actually lets me return it, I would fake the tracking label to make it look like he gets the watch back. He doesn't. Crono24 thinks he does though. They give me my money back. I get to keep the watch as well. If the seller does not let me return the item, how do I take care of that?

Brett Johnson (29:29.646)
Okay, if the buyer actually lets me return it, I would fake the tracking label to make it look like he gets the watch back. He doesn't. Chrono24 thinks he does though. They give me my money back. I get to keep the watch as well. If the seller does not let me return the item, how do I take care of that? At that point, I institute a charge back with my credit card company.

D Mauro (29:50.403)
point I institute a charge back with my credit card company. Tell them, hey, that was not as described. It does not work. It was fake. Whatever I need to tell them in order to get me my money back. I get the charge back approved to me. They put the money back in my account. At that point in time, I will usually close that account down so that they can't claw the money back later on. Right. And the thing is, is you might be talking about...

Brett Johnson (29:55.99)
tell them that, hey, that was not as described, it does not work, it was fake, whatever I need to tell them in order to get me my money back. I get the charge back approved to me, they put the money back in my account. At that point in time, I will usually close that account down so that they can't claw the money back later on.

D Mauro (30:19.131)
50 bucks or 100 bucks in one transaction, but this is done at scale. At scale. Yeah, I talked to a guy over at a seller on Chrono24. He was about to be defrauded of a $20,000 watch. So, and you're right, it's not all $20,000. A lot of it is $100 to $500, but.

Brett Johnson (30:24.702)
At scale. Yeah, I talked to a guy over at a seller on Chrono 24. He was going to, he was about to be defrauded over a $20,000 watch. So, and you're right, it's not all $20,000. A lot of it is a hundred dollars to $500. But

When you're doing this at scale, you're not hitting just one shipment, you're hitting multiple shipments a week, and you're talking about thousands of criminals on each one of these telegram channels that are doing it at the same time, it becomes a $26 billion Christmas fraud.

D Mauro (30:43.855)
when you're doing this at scale, you're not hitting just one shipment, you're hitting multiple shipments a week, and you're talking about thousands of criminals on each one of these Telegram channels that are doing it at the same time, it becomes a $26 billion Christmas fraud. So that's a good segue. So let's talk about the growth and evolution of Telegram. So for listeners that don't use Telegram or may not be familiar with it, could you explain it?

Brett Johnson (31:07.15)
Uh huh.

Brett Johnson (31:14.514)
Sure, it is an encrypted messaging platform. You can download it to your phone as an app. You can run it through your web browser. It's encrypted end to end. You can send direct messages. You can create your own channels. You can run video on there, audio, anything that you wanna run. It's an outstanding platform. It truly is. The problem is, is that it's owned by a Russian who refuses to answer any law enforcement request whatsoever.

D Mauro (31:14.727)
sure it is an encrypted messaging platform. You can download it to your phone as an app. You can run it through your web browser. It's encrypted end to end. You can send direct messages. You can create your own channels. You can run video on there, audio, anything that you wanna run. It's an outstanding platform. It truly is. The problem is, is that it's owned by a Russian who refuses to answer any law enforcement request whatsoever.

Brett Johnson (31:43.442)
So when we're talking about the evolution of Telegram for cyber criminals, there's a reason that the traditional dark web is not as in vogue as it used to be. And that reason is the traditional dark web, the Tor browser, has a lot of friction attached to it. You have to download it, you have to configure it properly, or you're going to be identified. You have to know the exact address you're going to. You have to watch out for criminals trying to fish you as you're going to these addresses, any number of things like that.

D Mauro (31:44.043)
So when we're talking about the evolution of telegram for cyber criminals, there's a reason that the traditional dark web is not as in vogue as it used to be. And that reason is the traditional dark web, the Tor browser, has a lot of friction attached to it. You have to download it, you have to configure it properly, or you're going to be identified, you have to know the exact address you're going to, you have to watch out for criminals trying to fish you as you're going to these addresses, any number of things like that.

Brett Johnson (32:12.034)
Telegram's not like that. Tor doesn't have a search function. Telegram has a keyword search function. It's almost friction free. It's encrypted end to end, so it's almost idiot proof in that respect. So as such, most beginning cyber criminals started to flock that way. Their numbers became so huge that the more experienced cyber criminals that were over on the dark web, and they're still there,

D Mauro (32:12.667)
Telegram's not like that. Tor doesn't have a search function. Telegram has a keyword search function. It's almost friction-free. It's encrypted end-to-end, so it's almost idiot-proof in that respect. So as such, most beginning cybercriminals started to flock that way. Their numbers became so huge that the more experienced cybercriminals that were over on the dark web, and they're still there,

Brett Johnson (32:37.09)
They understood that hey, a lot of the money is to be made on Telegram. So now you've got the more experienced people that are setting up channels on Telegram as well. So you've got hundreds of thousands.

D Mauro (32:37.743)
they understood that hey, a lot of the money is to be made on Telegram. So now you've got the more experienced people that are setting up channels on Telegram as well. Are they setting? You've got hundreds of thousands. Okay. So are they setting up stores like marketplaces on Telegram or is that just be used as the communication channel to the dark web to go find the store? No. So what's interesting?

Brett Johnson (33:03.062)
No. So what's interesting, and this is one of the really interesting things about the differences between Telegram and the traditional dark web. On the traditional dark web, you will have a marketplace. You'll have incognito, you'll have archetype. I'm a huge archetype fan right now. It's like the premier marketplace on the dark web. Telegram doesn't have yet that marketplace type function. So what will happen is you'll have an individual,

D Mauro (33:07.147)
So, and this is one of the really interesting things about the differences between Telegram and the traditional dark web. On the traditional dark web, you will have a marketplace. You'll have incognito, you'll have archetype. I'm a huge archetype fan right now. It's like the premier marketplace on the dark web. Telegram doesn't have yet that marketplace type function. So what will happen is you'll have an individual that will create that channel.

Brett Johnson (33:32.79)
that will create that channel, whatever the fraud channel is, AIO, darknet market forums, whatever that is. He'll create that channel. In the channel will be advertisements of whatever drugs or criminal products and services that he and other people are selling. If you want to buy that, then you have to direct message that seller, and then on an encrypted messaging, on Telegram as it's encrypted, you have this conversation with this individual.

D Mauro (33:35.907)
whatever the fraud channel is, AIO, dark net market forums, whatever that is, he'll create that channel. In the channel will be advertisements of whatever drugs or criminal products and services that he and other people are selling. If you want to buy that, then you have to direct message that seller. And then on an encrypted messaging, on Telegram as it's encrypted, you have this conversation with this individual. Yes, I wanna buy that eight ball of cocaine.

Brett Johnson (34:01.226)
Yes, I want to buy that eight ball of cocaine. Okay. At that point, he will tell you that you can pay. And this is the weird thing too. A lot of the cells accepts Cash App, they accept Chime, they accept Bitcoin. Those are traceable. Right. And that's one of the things that you see too about Telegram is the operational security from the criminal point of view is horrible. You get them posting selfies of each other, you get them doxing each other.

D Mauro (34:05.559)
At that point he will tell you that you can pay and this is the weird thing too. They a lot of the cells Accepts cash app they accept chime. They accept bitcoin and those are traceable Those are traceable Right, and that's one of the things that you see too about telegram is the operational security from the criminal point of view Is horrible You get them posting selfies of each other you get them doxing each other Um, I mean any number of things like that and as such

Brett Johnson (34:29.582)
I mean any number of things like that. And as such, law enforcement is having a field day identifying and picking up these telegram criminals.

D Mauro (34:34.611)
law enforcement is having a field day identified and picking up these telegram criminals.

Brett Johnson (34:45.622)
There was, I haven't even talked about this yet. There was a, about four days ago on Twitter, a gentleman reached out to me. He messaged, he was like, have you heard about the Quantum Exit Scam? And I was like, I was thinking it was a cryptocurrency scheme. And I asked him, he's like, no, Quantum is a drug dealer on Telegram. And I'm like, huh, no, hadn't heard of that. What's going on? Well, this guy disappears.

D Mauro (34:45.919)
Wow. There was, I haven't even talked about this yet. There was a, about four days ago, on Twitter, a gentleman reached out to me. He messaged, he was like, have you heard about the Quantum exit scam? And I was like, I was thinking as a cryptocurrency scheme. And I'm asking him, he's like, no, Quantum is a drug dealer on Telegram. And I'm like, huh, no, hadn't heard of that. What's going on? Well, this guy disappears.

Brett Johnson (35:15.33)
to the tune of $1 million. He owed people a million dollars. He had put that much money on his platform, had made that many orders with him. He was selling drugs, and he was selling account logins, things like that across the board. He was a very trusted individual on Telegram, and he helped a lot of other criminals build their channels as well. So he was widely respected. He goes missing. Most of the community, they were thinking that he had exes scammed, that he had just simply taken the money and ran.

D Mauro (35:15.687)
to the tune of $1 million. He owed people a million dollars. He had put that much money on his platform, had made that many orders with him. He was selling drugs, and he was selling account logins, things like that across the board. He was a very trusted individual on Telegram, and he helped a lot of other criminals build their channels as well. So he was widely respected. He goes missing. Most of the community, they were thinking that he had exes scammed, that he had just simply taken the money and ran.

Brett Johnson (35:44.062)
Now the problem is that he had been identified by his fellow fraudsters and drug dealers months ago. They had posted his docs, they had posted his girlfriend's name, his address, pictures of his home, everything else across the board. So I'm sitting there thinking, you know, law enforcement really likes to pick up, especially drug dealers right now because most of the drug dealers on Telegram are also involved in fraud.

D Mauro (35:44.759)
Now the problem is that he had been identified by his fellow fraudsters and drug dealers months ago. They had posted his docs, they had posted his girlfriend's name, his address, pictures of his home, everything else across the board. So I'm sitting there thinking, you know, law enforcement really likes to pick up especially drug dealers right now because most of the drug dealers on telegram are also involved in fraud.

Brett Johnson (36:11.478)
Those drug dealers have home addresses of all the people they've been shipping the drugs to. So they like to pick these guys up. And I'm thinking that, you know, maybe not an exit scam, maybe just law enforcement picked him up and he's singing like a bird right now, which is probably exactly what happened.

D Mauro (36:12.047)
those drug dealers have home addresses of all the people they've been shipping the drugs to. So they like to pick these guys up. And I'm thinking that maybe not an exit scam, maybe just law enforcement picked him up and he's singing like a bird right now, which is probably exactly what happened.

Brett Johnson (36:30.294)
But you see this stuff, man, that's the thing is, on the traditional dark web, you have an operational security, that idea of a criminal doing the things they need to do to make sure they're not identified, and they take that seriously. On Telegram, it does not work like that. It absolutely does not. On Telegram, they understand, and you'll see this in the channels being talked about, there are so many of them there that they are well aware that law enforcement cannot prosecute all.

D Mauro (36:30.471)
Wow. You see this stuff. Now that's the thing is on the traditional dark web, you have an operational security, that idea of a criminal doing the things they need to do to make sure they're not identified and they take that seriously. On telegram, it does not work like that. It absolutely does not. On telegram, they understand and you'll see this in the channels being talked about. There are so many of them there that they are well aware that law enforcement cannot prosecute all of them.

D Mauro (37:01.479)
Well, it's that whole crowd mentality, right? Like when two cops show up to a big party, they can't all like they could disperse and run away and they can only catch a couple of them until. So who do you look for? You look for the sellers, you look for the big buyers. Right. And the rest of them know. Mm hmm. Wow. But they don't have the anonymity necessarily that they do through the traditional dark web.

Brett Johnson (37:04.11)
That's it.

Brett Johnson (37:13.398)
Right. So who do you look for? You look for the sellers, you look for the big buyers, and the rest of them know.

Brett Johnson (37:29.226)
No, that's the weird thing. They don't even respect their anonymity. So it's not only taking selfies of themselves, it's not only doxing each other, it's also posting pictures of evidence of the frauds that they're committing. They'll post full credit card numbers of the cards that they're using. They'll post receipts that have the order numbers of the merchants that they've defrauded. So it becomes very easy all of a sudden to start tracking these individuals down.

D Mauro (37:29.847)
No, that's the weird thing. They don't even respect their anonymity. Yeah. So it's not only taking- They're curating their lives publicly. It's not only doxing each other, it's also posting pictures of evidence of the frauds that they're committing. They'll post full credit card numbers of the cards that they're using. They'll post receipts that have the order numbers of the merchants that they've defrauded. So it becomes very easy all of a sudden to start tracking these individuals down.

I know I've seen a lot of your posts on that and some of the guys were coming after you. It looked like one of these guys was like, I got a gun, man. Stay away from me. And you're like, okay. Really? Okay. Like if I had a dollar every time somebody threatened that, right? You're like, okay. Well, you know, unfortunately, I have had a gun pulled on me before.

Brett Johnson (38:11.128)
Yeah.

Brett Johnson (38:22.558)
Well, you know, unfortunately I have had a gun pulled on me before by law enforcement more than once. So it's not my first rodeo on that one. So, yeah.

D Mauro (38:28.919)
by law enforcement more than once. So it's not my first rodeo on that one. Yeah. Unbelievable. Well, that's so what, what do you, well, in the bottom line though, is they can't, if the people don't self disclose, they can't garner that law enforcement can't garner that information through an investigation by issuing subpoenas or anything to the owners of Telegram because

They don't recognize the jurisdiction, they're owned by a Russian, and they're just not going to pay attention to law enforcement requests. Right. And so what you've got, and this has been a problem with English speaking online criminals since hell, I was committing crime, is they talk way too much. Yep.

Brett Johnson (39:03.818)
Right. And so, so what you've got, and this has been a problem with English speaking online criminals since hell, I was committing crime. Is they talk way too much.

D Mauro (39:22.491)
Well, it's the Achilles heel of most criminals. Yeah. Right? Well, you know, when I, you say that, when I was in prison, we had a whole crew of people that would go in the TV room and the only thing that they would watch were the, you know, the real world crime shows like the next 48. Right. Where every episode ends with the guy telling on himself. Mm-hmm.

Brett Johnson (39:26.59)
Yeah. Well, you know, when I, you say that, when I was in prison, we had a whole crew of people that would go in the TV room and the only thing that they would watch were the, you know, the, the real world crime shows, like the next 48, where every episode ends with the guy telling on himself. And that was very common. And you talk to most people that are in prison, most law enforcement, I think, would agree with that most of the time.

D Mauro (39:49.987)
and that was very common. And you talk to most people that are in prison, most law enforcement, I think, would agree with that. Most of the time, these guys, you start to talk to them, they're going to tell you what you want to know. They're going to tell you enough so you can convict them. And that's still the same way it is today. Absolutely. So let's pivot for a second. I want to ask you about, we talk on our channel about, you know, cybersecurity best practices when you're...

Brett Johnson (39:56.638)
these guys, you start to talk to them, they're going to tell you what you want to know. They're going to tell you enough so you can convict them. And that's still the same way it is today.

D Mauro (40:17.671)
Just on the clear net, you're just on the regular net. And there's so many companies out there that are asking for cookies, asking for information. They're asking for information that could be used later to answer your security questions. There's so much of this. There's these platforms that essentially want your personal private information, right? But they don't necessarily need it to do their services.

So what is your take on that? You know, we've seen... What was that breach we had? The 26 billion from LinkedIn and a few of these other platforms. Yeah, the recent leak of all of that data, and a lot of it was old. Right, a lot of it was old. But the risk there, as we've talked about several times on this show, the risk there is clear, and that is most people...

Brett Johnson (40:51.114)
You know, we've seen what was that breach we had, the 26 billion from LinkedIn and a few of these other platforms. The issue is.

Brett Johnson (41:07.23)
Right, a lot of those old.

D Mauro (41:17.487)
got a good password and they love that password. They're like, there's, I put it in the, have I, how strong is my password and it's a really strong password. So I'm going to use it on everything. And that's where the problem is. That is where the problem is. And for a platform, I don't care. You know, maybe LinkedIn can make an argument for that, but TikTok can't make an argument to verify your identity.

Brett Johnson (41:34.198)
That is where the problem is. And for a platform, I don't care. You know, maybe LinkedIn can make an argument for that. But TikTok can't make an argument to verify your identity. I don't think Twitter can do that either. You know, there are always these platforms where you don't have to verify your identity in order to be able to successfully.

D Mauro (41:47.367)
I don't think Twitter can do that either. You know, there are all these platforms where you don't have to verify your identity in order to be able to successfully use that platform. Yet you've got these platforms that are wanting that information. And there's a reason they're wanting it because that information is valuable to them. It increases their bottom line at the end of the day.

Brett Johnson (41:59.502)
use that platform, yet you've got these platforms that are wanting that information and there's a reason they're wanting it because that information is valuable to them. It increases their bottom line at the end of the day. The issue that I think is

D Mauro (42:12.615)
Ah, so you're talking about when, so just to interrupt for one second. So what you're talking about is when you're using a platform, a social media platform or another platform, you're talking about, Hey, get verified. You see this on all of social media now. And then they're going to ask you specific questions, your home address. They're going to call you or text you by yourself. They're going to do all these things to verify that you are, they're going to ask you to take a picture of your driver's license.

front and back and send it in. And then you have a badge by your name that says, I'm verified, right? I'm actually who I am. The theory behind that is to stop deepfakes, to stop fraudulent impersonation. The problem with that is you are now giving these people some very personal information that they're then gonna go and sell. Yeah, they're gonna go and sell it. I mean, that's a fact. And another problem with that is, are you sure?

Brett Johnson (43:01.974)
Yeah, they're going to go and sell it. I mean, that's a fact. And the problem, another problem with that is, are you sure that the people you are giving your non-changing identity information to are good stewards of that data? Are they going to protect it? Or are they going to be like 23andMe and blame it on you when they get breached?

D Mauro (43:10.959)
that the people you are giving your non-changing identity information to are good stewards of that data. Are they going to protect it? Or are they going to be like 23andMe and blame it on you when they get breached? Don't even get me started with that. Like that is just... I did a carousel and everything. I was so mad. Like I still can't believe that. Like I understand their point about

Sure, we should not reuse passwords, but you know, but you can't you can't mishandle things and then blame people. Yeah, but that's what they do. And you know, it's not just it's not just 23andMe. No, no, it's very common. And I believe the impetus to them having to blame their own customers.

Brett Johnson (43:51.398)
Yeah, but that's what they do. And, you know, it's not just, it's not just 23andMe. 23andMe was very public about blaming the victims.

D Mauro (44:07.211)
speaking of 23andMe, was to defend a large class action suit that's coming up. Right. They have to say something. Right. They have to say something, otherwise they're going to pay 10 times as much. So they come out, they say that, they say, you know, well, the hacker had 14,000 passwords, and he used those 14,000 passwords to compromise the other 6.9 million accounts. Right. Good Lord.

Brett Johnson (44:20.098)
So they come out, they say that, they say, you know, well, the hacker had 14,000 passwords and he used those 14,000 passwords to compromise the other 6.9 million accounts. Good Lord. And nobody in security at all noticed that something was awry?

D Mauro (44:35.871)
And nobody in security at all noticed that something was arrived? Right, because that wasn't detected at all, right? Like that, of course not. And the way that they configured the inside, like through the tree, through the relative tree that you can do in 23andMe, you were able to take that access and find out all this other information from everybody else. But not only did they configure that wrong so that you could do that,

Brett Johnson (45:00.785)
Did you see the report today?

D Mauro (45:06.107)
They didn't detect that it had happened for five months while that was going on. That's one of the issues. Did you see the report today on where that information is being sold now? I have not, but please enlighten us. So it turns out that some of the 23andMe information that's being sold is directly marketing those who have a Jewish heritage. Yes. That is not surprising.

Brett Johnson (45:12.886)
Did you see the report today on where that information is being sold now?

Brett Johnson (45:20.506)
So it turns out that some of the 23andMe information that's being sold is directly marketing those who have a Jewish heritage.

So gotta love that.

D Mauro (45:35.031)
Yeah, that's wonderful, isn't it? That's fantastic. Yeah, and I'm not surprised by that because there, I remember the initial reports that the initial identities and information, the accounts taken were of specific Jewish heritage. In the beginning I saw that, but now the data that's being sold is actually of them as well.

Brett Johnson (45:55.039)
Right.

D Mauro (46:04.695)
Not surprising at all. So what do we- That's the world we live in, man. Yeah, exactly. And again, it's really become buyer beware, right? It's really become people have to take their own personal privacy as a fundamental human right. Like you can still do business with people without having to disclose, you know, where your children are going to school, where your ancestors were from, all of these things. There are still-

Brett Johnson (46:06.314)
So that's the world we live in, man.

D Mauro (46:34.651)
platforms and tools and systems that you can buy where you don't have to disclose that information Well, and the thing is we have to get to the point Hmm where we understand that Companies are not going to protect us right that we need to take an active role And our security and our privacy we have to get there I mean if we don't respect it ourselves, how can we expect the government or private companies to do that? Correct?

Brett Johnson (46:41.302)
Well, and the thing is, is we have to get to the point where we understand that companies are not going to protect us, that we need to take an active role in our security and our privacy. We have to get there. I mean, if we don't respect it ourselves, how can we expect the government or private companies to do that?

D Mauro (47:03.751)
That's exactly right, which is one of the reasons why we tell everybody not to accept cookies. Like, those can be done and, you know, to take care of, like, be careful of the platforms that you're on, right? Like, there are so many platforms, new apps that you download and people just download it, they accept the T's and C's, they don't read it. Reading those are really important, believe it or not, because so many of them track...

keystrokes. They track other things that you're going to type in later on when you're not using that app. That app's not on, but it's still recording everything you're typing in, including passwords, including searches, all of that stuff, and they have that data. Right. Unbelievable. Well, Brett, it is always a pleasure. It is always good to catch up with you, my friend.

Brett Johnson (47:54.219)
So I guess you know that I've got some apathy.

D Mauro (48:00.427)
It is always insightful. So before we end on our last topic, which is deep fakes, we, it is 2024 and we have an election coming up. Given the rise in deep fakes and the ability to lead misinformation and everything else, what is the potential for this coming election to see even more fraud than we have seen in the past? What are your thoughts on that?

Brett Johnson (48:29.858)
So thoughts on that, and here's what's really interesting. The past, you know, actually it's been more than four years. We've heard a lot of chatter about election fraud from both sides. I think that if you apply game theory to this year's election, that prisoner's dilemma, that we're going to see both sides engaged in some sort of schemes to manipulate the election.

D Mauro (48:30.383)
So thoughts on that. And here's what's really interesting. The past, you know, actually it's been more than four years. We've heard a lot of chatter about election fraud from both sides. I think that if you apply game theory to this year's election, that prisoner's dilemma that we're going to see both sides engaged in some sort of schemes to manipulate the election. Maybe not.

Brett Johnson (48:57.782)
you know, fake ballots and stuff like that, but certainly trying to skew the mindset of the electorate toward their side, that type of manipulation like that, at the very least. We've already seen that with the deep fake of Joe Biden in New Hampshire, calling Democrats saying, Hey, don't vote. It'll just embolden the Republicans. So I think we're going to see more of that as the year, actually, I know we're going to see more. Right.

D Mauro (48:58.587)
fake ballots and stuff like that, but certainly trying to skew the mindset of the electorate toward their side, that type of manipulation like that, at the very least. We've already seen that with the deep fake of Joe Biden in New Hampshire calling Democrats saying, hey, don't vote, it'll just embolden the Republicans. So I think we're going to see more of that. Which is like the opposite of what Democrats want. That's the opposite. They want a larger vote.

course but if you've got if you can come through as legitimate and a very low key type of attack like that sounds reasonable it's very it's a very effective type of attack so i think we're going to see more of that we're going to see some deep fake videos popping out um i you know who wins the election i don't know i think that we're going to see a lot of potential fraud through that we're going to see a lot of intimidation techniques

Brett Johnson (49:26.774)
But if you've got, if you can come through as legitimate and a very low key type of attack like that, that sounds reasonable, it's a very effective type of attack. So I think we're going to see more of that. We're going to see some deep fake videos popping out. Who wins the election? I don't know. I think that we're going to see a lot of potential fraud through that. We're going to see a lot of intimidation techniques.

that are coming in. You know, the last time I know the CISO over at Maricopa County, and he was telling me just some of the nightmarish stuff that happened during the last election. And this election is absolutely gonna go through the roof. So.

D Mauro (49:55.791)
Absolutely. And you know the last time I know the CISO over at Maricopa County and he was telling me some just some of the nightmarish stuff that happened during the last election. Really? This election is absolutely going to go through the roof. Wow. So well that'll be something that we watch and circle back on because as that gets closer that is going to be on the front of everybody's mind.

Right? I mean, it's going to be so prevalent because you hear it in the dialogues at restaurants and at conventions. People are like, yeah, but they stand for this or they're like, if I vote this way, they want to do this. And I'm like, where are you getting that from? They're like, well, I saw it on Facebook. And I'm like, I could have made that on Canva and sent that on Facebook. Like, easily. It's so crazy.

Brett Johnson (50:49.256)
Easily.

D Mauro (50:52.559)
disrespect to Canva. I love that platform. And they've and I've never been breached from there. But the thing is, is that look at the look at how easy it is to manipulate. I mean, creating an avatar is so easy. I mean, they have these platforms that are remarkable. And some of them have a valid reason. So one thing I would love to do is I'm going to like

do an AI episode or a deep fake episode and I'm going to invite you to attend that. Please. Because I think that would be wonderful. What we should do is either in the middle of it or in the beginning start out with you and I talking, but it won't be you and I. It'll be our avatars. It'll look just like us and it'll sound just like us, but it won't be us talking. So to do that, I asked my friend.

Brett Johnson (51:27.854)
Please.

Brett Johnson (51:43.947)
I like it.

D Mauro (51:51.335)
Paul Eklopf, what we need to do to make that happen. And he said, what I need you and Brett to do is to say the following phrase, and that is, I authorize Hay-Gen to create this deep fake version of me for education purposes. And he said, in exchange for that, we will just do it among ourselves, and then if we all approve it, then we'll actually publish that to the public. So I authorize Hay-Gen to create this deep fake of me.

Brett Johnson (52:14.286)
So I authorize Hey Jen to create this deep fake of me for educational purposes. I said it. All right. Ha ha.

D Mauro (52:21.339)
for educational purposes. That's all you had to say. Isn't that amazing? And I just said it too. So now we can take that little clip and then bring it over to our friend Paul and let's see what he makes. He already did one of me when I met with him earlier today and it said.

It was me talking and it was like, hey, I'm going to be on like the cyber crime junkies podcast. I don't want anybody to follow or subscribe. I really don't care if you do or don't. And I was like, okay, I like that. Do you mind not saying that part? Like can we say something funny? Can I insert a joke in there? I can type anything I want. Right, man? So that I think that would be fun.

Brett Johnson (53:00.802)
Can you leave that part off?

Brett Johnson (53:08.063)
I like it.

D Mauro (53:10.499)
because I think the reason why is because the old adage that seeing is believing. When we talk about deepfakes and we have to admit in the past, the deepfakes that we've seen have been kind of robotic. Like you can sometimes you can hear it. You're like you're watching YouTube and you hear this person talking and my wife's like that's AI and I'm like yeah it doesn't even sound real. You know but

Brett Johnson (53:10.55)
Yeah, let's do that.

D Mauro (53:39.167)
Some of them now, and I mean recently in the last few weeks that I've seen, I can't tell. And that's what scares me because think about that. Just like you said, it could lead to very impactful business email compromise, can't it? Right? Business email compromise is when somebody in leadership, let's say, reaches out or somebody in leadership at a vendor reaches out and says, hey, I have to change the wiring instructions on this invoice.

Brett Johnson (53:45.198)
pretty good.

D Mauro (54:08.655)
We changed banks, okay? Do you mind? Yeah, we just have to verify. Let's call the owner, right? And okay, I'll have the owner call you right now, right? And the owner calls and gives that authority. Sounds exactly like the owner. They've talked to him a hundred times. It's coming from the number. You can spoof the number, that's super easy. And then it goes through. And so here's the person who's followed the current best practices. I called, I verified, right?

I did what I was supposed to do, but it was still fraud. We still lost that $800,000. Right. It's tough. And there are, isn't there, there's a market and I know that there's several startups and some companies out there that I've seen that have run deep fake detection software.

Brett Johnson (54:58.474)
You're right, there are, but the problem is, it's not. But even then, it's cat and mouse.

D Mauro (54:59.011)
You're right. There are. That'll be interesting. But the problem is... It's not very common though. It's not on anybody's budget. Nobody has a budget. Even then, it's cat and mouse. What's our deep fake detection budget this year? No small business has that. Nobody has a line item on their budget for deep fake detection software. So that's going to be a problem. Now what were you going to say before? I'll take the huge issue. I'm sorry. What were you just...

Brett Johnson (55:21.566)
Oh, it's a huge issue. No, so those companies that recognize the deep fakes, that's more of a cat and mouse game anyway. You've got an attack that comes out, the company doesn't recognize it to begin with, they tweak their algorithms so that they now recognize that form of deep fake. The criminals then tweak theirs so that you don't find the next one, it becomes this chasing the mouse game all of a sudden. That's a lot of the issue. And I really think that there's a possibility

D Mauro (55:26.139)
those companies that recognize the deepfakes, that's more of a cat and mouse game anyway. You've got an attack that comes out, the company doesn't recognize it to begin with, they tweak their algorithms so that they now recognize that form of deepfake, the criminals then tweak theirs so that you don't find the next one, it becomes this chasing the mouse game all of a sudden. Unbelievable. That's a lot of the issue and I really think that there's a possibility with AI that we get to the point where you're not able

Brett Johnson (55:51.166)
with AI that we get to the point where you're not able to identify that deep fake in any normal amount of time at all.

D Mauro (55:55.431)
to identify that deep fake in any normal amount of time at all. No, and that's where the challenge is. Yeah. Yeah, because at a certain level, it's that balance between cybersecurity and business operations. Because otherwise, you're just going to have a policy where we're not changing anything. You have to send us a certified letter or something that says it. And we have to verify that somehow. And that's going to get in the way of doing business. Very true.

Brett Johnson (56:16.951)
Right.

Brett Johnson (56:23.534)
very true.

D Mauro (56:24.827)
because time is money. So it's definitely a challenge. So what is on the agenda? What is coming up new and exciting for Brett Johnson and criminal thoughts? Now I know that you have Pierce Morgan coming up. We're excited about that. As soon as you find out about that, I will rally the troops and get them to watch. That'll be fantastic. Thank you. We're very excited about that. So, you know, I'm doing the interviews. We've got the Brett Johnson show, which is, I'm trying to transition that into

Brett Johnson (56:35.752)
Oh jeez.

Brett Johnson (56:43.286)
Thank you. So, you know, I'm doing the interviews. We've got the Brett Johnson show, which is, I'm trying to transition that into how to be a better person. You know, that's what I wanna talk about. That's really what I'm interested in, is turning the life around, what it takes to be a better person, what it takes to just do the right damn thing, getting stories like that. That's really my interest more than anything.

D Mauro (56:56.279)
how to be a better person. That's what I want to talk about. That's really what I'm interested in is turning the life around. What it takes to be a better person. What it takes to do the right damn thing. Getting stories like that. That's really my interest more than anything. That's why we broke off a lot of the crime stuff into its own show called criminal thoughts which is available on podcast platforms and YouTube as well. Criminal thoughts, it's about all things criminal thought.

Brett Johnson (57:10.982)
That's why we broke off a lot of the crime stuff into its own show called criminal thoughts which is available on podcast platforms and YouTube as well. Criminal thoughts, it's about all things crime related and trying to gain some criminal insight, trying to share that with the audience. I am not the guy that... You get a lot of people that do these crime shows and they glamorize the criminal. That is not me. It's never going to be me.

D Mauro (57:25.191)
crime related and trying to gain some criminal insight, trying to share that with the audience. I am not the guy that you get a lot of people that do these crime shows and they glamorize the criminal. Right. That is not me. It's never going to be me. No, I think it's more about your show. And I think the most impactful ones, like what you're doing, is about discovering and uncovering the modus operandi. Right?

What is it that is driving this? What is this really about in getting down to what the truth is? Because once you identify that, you can solve it. Yeah, you can. That's fantastic. So we'll see. And as you pointed out, man, people like me and you, we don't make money on podcasts. No, this is a this is a form of professional for those listening.

Brett Johnson (57:57.912)
That's it.

Brett Johnson (58:01.602)
You know, if we can figure that out, David, yeah, you can.

So we'll see. And, and as you pointed out, man, people like me and you, we don't make money on podcasts.

D Mauro (58:20.163)
This is, we don't make money on these. This is about, this is about professional development, doing the right thing, spreading the word and raising awareness. That's what this is all about. And if we don't, like, if not for us, who? If not now, when? I believe that's Kennedy. So I'm just gonna say it was Kennedy. And if not, I'll create a deep fake of Kennedy saying it and then it will be Kennedy. How's that? I like it, I like it.

Brett Johnson (58:38.594)
That's true. I'm just going to say it.

Brett Johnson (58:46.376)
I like it. I like it. What's on the agenda for you, man?

D Mauro (58:48.199)
I'll end on that. What's on the agenda for you, man? We've got a lot of things going, a lot of public speaking, a lot of, you know, we've been doing, we're part of InfraGuard and we've been driving these public service initiatives where we're training organizations on cybersecurity best practices. We talk about cyber crime by the numbers, and then we do in different verticals, like the healthcare vertical, the legal vertical, finance, education. Beautiful. You know, we're just trying to, because people have no idea.

Brett Johnson (58:56.971)
Nice.

Brett Johnson (59:12.663)
Beautiful.

D Mauro (59:17.115)
They have no idea. They're like, they're like, yeah, if a breach happens, we'll call our IT person. Like, no, that's not what happens. Like you've got to get a, got to get on a talks channel. You've got to go negotiate with a Russian cyber criminal who's really good at his job. Are you ready? And you're going to pay him. Yeah. And it's about how much in the real like the end of the day, our goal is to keep more organizations out of the news, meaning

Brett Johnson (59:35.987)
and you're going to pay him.

D Mauro (59:46.775)
Not out of the news if they need to be in the news. I'm not saying hiding bad things. What I'm saying is if we can limit, because there's a difference between a data breach that's like a damaged device or server and it's an interruption and you can cure it and no harm, no fault. It's just a loss in business loss, right? And there's one where they are inside for months and they destroy your reputation.

and you have to notify all your customers, and you have to be in the news. And then you have like, it's devastating. And these people, it's tied to their families, these people, it's tied to their kids' colleges. It's tied to like, this is the American dream that is being destroyed. And I come from a family with a dad who had nothing and built up like a trophy and awards company.

Right. And he passed away long ago. But this like right now, cyber crime is destroying companies just like his. And like it's absolutely that's that to me is just a crime. Like that's a, that's a cancer in society that we've got to cure. Like it's just not, there's like so many people like are employed by small to midsize businesses.

Brett Johnson (01:00:50.743)
I agree.

D Mauro (01:01:07.535)
Like that's the majority of the company of the country is employed by small and mid-sized businesses that 500 employee and less. And so we can help them and educate them and just get them so that we can, you know, yeah, you might get breached, but it might just be a, like a, a virus thing. Like it might just be something nominal that we can deal with as opposed to, it's going to make you shut your doors. Like, and that's the difference. So that's what drives us. Yeah.

Brett Johnson (01:01:34.554)
And you know, that's the thing too is I don't understand. I don't know where it where it stops. I really don't. I see.

D Mauro (01:01:38.011)
I don't know where it stops. I really don't. No, right now it's going. It's just getting worse and worse. And the stories are... I mean, like, some of the Russian cybercrime gangs, they're talking about, like, do we even want to do ransomware anymore? Like, we're a ransomware game, but do we even want to? Because it's

Why don't we just go in and steal the data and then blackmail them for them? It's just extortion as a service. And that to me is way worse because that's really where the pain is. And it's easier to just smash and grab. So, but it's really interesting. Your take and you have more insight on the refund fraud. And we saw so much of it with the pandemic. I'm going to draw more and more attention to that because

Brett Johnson (01:02:34.654)
I appreciate it.

D Mauro (01:02:35.111)
That is affecting small business as well. And it's really, really tough. You talk about small businesses. One of the main targets are cameras. You have very few mom and pop camera stores anymore. And those stores operate typically on a 2% margin. So, you get hit with fraud like this, it hurts. Yeah, absolutely. What can businesses do? What in general are there...

Brett Johnson (01:02:40.214)
Yeah, you take, you know, you talk about small businesses. One of the main targets are cameras. You have very few mom and pop camera stores anymore, and those stores operate typically on a 2% margin. So they get hit with fraud like this, it hurts.

D Mauro (01:03:02.103)
if they feel they have somebody like this? Is it the FTC they call? Is it the attorney general in their state? What are small businesses to do, General? By all means, report to FTC, attorney general, federal law enforcement, make the reports, IC3. What I would advise right now, if you're a smaller store like that, one of these mom and pop camera stores, there's no way at all I would use a return center to process any returns. I would have the returns sent directly to me.

Brett Johnson (01:03:10.726)
By all means, report to FTC, Attorney General, Federal Law Enforcement. Make the reports, IC3. What I would advise right now, if you're a smaller store like that, one of these mom and pop camera stores, there's no way at all I would use a return center to process any returns. I would have the returns sent directly to me. I would not give instant refunds at all. I would make sure that I receive the product back, that it's in the exact working condition when I send it out to that buyer.

D Mauro (01:03:30.495)
I would not give instant refunds at all. I would make sure that I received the product back, that it's in the exact working condition when I sent it out to that buyer. I would pay attention to the types of payment instruments that were used, the types of items that are being purchased. Some of these stores like a music shop or a camera shop or something like that. If you've been running that business for a while.

Brett Johnson (01:03:40.198)
I would pay attention to the types of payment instruments that were used, the types of items that are being purchased. Some of these stores like a music shop or a camera shop or something like that, if you've been running that business for a while and you get a new order in, you know if that order is even looking legitimate to begin with. Is the guy coming in and he's ordering stuff that doesn't match what should be the order, stuff like that? You know if things are not right.

D Mauro (01:03:56.499)
and you get a new order in, you know if that order is even looking legitimate to begin with. Is the guy coming in and he's ordering stuff that doesn't match what should be the order stuff like you know things are not right. So it's important to pay attention to who the buyer is, how they're buying that, if they're going to return it, making sure that you get the return in hand, not just that it's been scanned or someone says that you received it, but have you got eyes on the product that's being returned to you?

Brett Johnson (01:04:09.022)
So it's important to pay attention to who the buyer is, how they're buying that, if they're going to return it, making sure that you get the return in hand, not just that it's been scanned or someone says that you received it, but have you got eyes on the product that's being returned to you. That will mitigate a lot of the types of fraud that we're seeing right now.

D Mauro (01:04:25.807)
That will mitigate a lot of the types of fraud that we're seeing right now. It's amazing that it's 2024 and that type of thing is something that small businesses could have faced back in the seventies. Yeah. And the solution to that is something they could do back in the seventies. I I'm the owner. I'm the owner. I don't see the products. You say you returned it. I don't have it. Where is it? Like

Brett Johnson (01:04:45.3)
Exactly.

Brett Johnson (01:04:52.293)
That's it.

D Mauro (01:04:54.403)
That's what they would have done in the 70s and 80s, right? And at the end of the day, I'm protected as the business owner. You see that sign on the back of my wall? No returns unless I receive the product back. That's it. Right? That's my country and that's my constitution. Right? There you go. And a lot of that. But they don't know right now.

Brett Johnson (01:04:56.866)
That's it.

Brett Johnson (01:05:07.682)
That's it.

Brett Johnson (01:05:16.97)
I don't know. You're sending.

D Mauro (01:05:16.975)
Right? Everybody wants to appease customers online and you have these bad actors going in and taking advantage of that goodwill. So you take you take a regular return now. It doesn't go to the merchant. It goes to some return facility. The only thing they're doing is they're scanning the label and saying, hey, yeah, we've got the product. Right. That's it. Meanwhile, you throw in some.

Brett Johnson (01:05:21.079)
Yeah.

Brett Johnson (01:05:25.538)
So you take a regular return now. It doesn't go to the merchant. It goes to some return facility. The only thing they're doing is they're scanning the label and saying, hey, yeah, we've got the product. That's it.

D Mauro (01:05:40.443)
fake FBI hat in that product and you don't even return the right thing. That's a real one, by the way. I still like the hat, man. I know, that's fine. I should send it to you is what I should do. No, I'll get one at Quantico. Okay, well then I'm going to be jealous. I'm going to have to get two. I'll give you the money ahead of time. I'll pay you on Telegram. Hey, there you go. Cash app me. Yeah, cash app you.

Brett Johnson (01:05:46.128)
I still like the hat man.

Brett Johnson (01:05:51.59)
No, I'll get one at Quantico.

Brett Johnson (01:05:55.992)
Ha ha ha!

Brett Johnson (01:06:03.46)
Hey, there you go. Cash app me.

D Mauro (01:06:08.079)
Brad, thank you so much, man. I wish you all the best. We will definitely circle back in the next few weeks. If that's OK, go do your Piers Morgan thing. But I'm going to get with Paul and then let's come back and let's do a deep fake episode. I think that would be so much fun. I love you. I love your show, man. That would be so much fun, man. That would be great. And plus, I can make myself say a bunch of things I would not say. And then I could just say, that wasn't me. That wasn't me. It was Brett. Brett did it. That's right.

Brett Johnson (01:06:20.834)
David, I love it. I love you. I love your show, man. You're great.

Brett Johnson (01:06:31.426)
There you go. Wasn't me. It was Brett, Brett did it.

D Mauro (01:06:36.447)
I love it, man. Thanks so much. David, take care, brother. Talk to you, buddy. See you. Yes, sir. Bye now. Bye.

Brett Johnson (01:06:37.43)
David, take care, brother. Yes, sir, bye now.