Cyber Crime Junkies

FBI vs Cyber Crime. EXCLUSIVE Scott Augenbaum Interview.

Cyber Crime Junkies. Host David Mauro. Season 5 Episode 7
Former FBI Special Agent who served with the FBI’s original Cyber Crime division, well respected public speaker, author and TV consultant on personal cybersecurity education Scott Augenbaum joins David Mauro in the studio.

We discuss: how a cyber security mindset works, how fbi fights cyber crime,
personal cybersecurity education, cyber security mindset, individual user audits, how to educate users, and how cyber crime is like the mafia.

Send us a text

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446

Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Former FBI Special Agent who served with the FBI’s original Cyber Crime division, well respected public speaker, author and TV consultant on personal cybersecurity education Scott Augenbaum joins David Mauro in the studio to discuss:

https://CYBERSECURITYMINDSET.com

FBI vs Cyber Crime. EXCLUSIVE Scott Augenbaum Interview.

Key topics: How A Cyber Security Mindset Works, how fbi fights cyber crime, fbi vs cyber crime, how the fbi helps fight romance scams, how the fbi helps fight crypto scams, crypto currency role in cyber crime, how the fbi fights cyber crime, personal cybersecurity education, cyber security mindset, scott augenbaum, individual user audits, how to educate users, how cyber crime is like the mafia, how to measure security awareness, ways to improve security awareness education, how to improve security awareness education

Summary

In this conversation, David Mauro and Scott Augenbaum discuss the state of cybercrime and the challenges in combating it. They explore the increase in cyber attacks and the efforts of law enforcement to disrupt organized crime units. They also discuss the evolving tactics of cybercriminals, including the amalgamation of different types of attacks and the use of social engineering. Scott emphasizes the importance of having a cybersecurity mindset and implementing multi-factor authentication. They also touch on the dilemma of using risky platforms like TikTok to reach a wider audience. Scott emphasizes the importance of individual user audits and personal cybersecurity education. He shares his frustration with trying to change corporate behavior and highlights the need to focus on individuals and their families. Scott discusses the challenges of measuring the impact of cybersecurity education and the importance of combining education with technology. He also mentions his passion project, the Cyber Secure Mindset, and offers listeners a free audio copy of his book.

 

Takeaways

  • The volume of cyber attacks has increased, but law enforcement has made progress in disrupting organized crime units.
  • Cybercriminals are combining different types of attacks and using social engineering to exploit individuals and organizations.
  • Having a cybersecurity mindset and implementing multi-factor authentication are crucial for protecting against cyber threats.
  • The use of risky platforms like TikTok poses a dilemma for cybersecurity professionals trying to reach a wider audience. Individual user audits and personal cybersecurity education are crucial for preventing cybercrime.
  • Changing corporate behavior is challenging, but focusing on individuals and their families can make a difference.
  • Measuring the impact of cybersecurity education is difficult, but success can be seen in individuals who have avoided falling victim to scams.
  • Combining education with technology, such as identity theft protection and good antivirus software, can enhance cybersecurity.
  • The Cyber Secure Mindset is a passion project that aims to educate and empower individuals to protect themselves and their families.
  • Scott offers a free audio copy of his book to those who reach out to him.

Chapters

 00:00 Introduction and Background

00:59 The State of Cybercrime

09:34 The Importance of a Cyber Secure Mindset

15:26 Securing Online Accounts

23:15 The Importance of Individual Cybersecurity Awareness

24:21 Challenges in Changing Corporate Behavior

25:42 The Frustration of Limited Time for Cybersecurity Presentations

26:24 The Difficulty in Measuring the Impact of Education and Awareness

34:50 The Power of Combining Education and Technology for Cybersecurity

 D. Mauro (00:04.366)
You know, one of the greatest things about having this podcast is meeting people like our special guest. Today we sit down with former special agent Scott Augenbaum, who headed up the original FBI's cyber security and anti -cyber crime division. He's a well -known public speaker, television consultant, author, and we are going to address some phenomenal

topics, including a special offer for you, the listeners that is included right there in the middle toward the end, kind of like three quarters of the way through. Check it out. You're not going to want to miss it.

D. Mauro (01:06.286)
You know, one of the many benefits of this podcast are the people that we meet, the listeners, helping them connect the dots to, you know, incredible resources to help them address personal attacks of cyber crime. And we realize that there's a lot of individual cyber attacks that are rising. There's a lot of romance scams.

and cryptocurrency scams. And one of the other benefits of this podcast is not only for our professional development, but all of the great interviews that we get to do, the access that we get, the research that we conduct, the undercover kind of behind the scenes stuff that we get to do. But the people that we get to interview, many of them become very close with us and very close friends and somebody that we consider not only very well respected.

But also somebody that we consider a friend is former FBI special agent Scott Augenbaum. Scott was with the FBI's original cybercrime division and he's a well -respected public speaker, author and TV consultant on topics like personal cybersecurity education. So he joins us. He has a site, cybersecuritymindset .com. Check it out. And today we're going to talk about how the FBI fights cybercrime, how that's evolved over time.

And we're also going to talk about how to improve security awareness education. How do we normal people, right, that aren't cybersecurity engineers and that aren't FBI agents, how do we learn it so that it changes behavior? We're also going to address the rising concern of cryptocurrency and the cryptocurrency role in cyber crime. It's an excellent episode. Listen, especially toward the end.

And in the middle, there's some great insight and some very cool resources, kind of an Easter egg for you. So watch this one all the way through or listen to it. I know you're going to get benefit of it, including a special offer that we even have. This is the story of special agent Scott Uggenbaum and how a cybersecurity mindset works.

D. Mauro (00:01.902)
Welcome everybody to CYBER CRIME JUNKIES I'm your host David Mauro and in the studio today we have former FBI special agent who served with the FBI's original cyber crime division, a well respected public speaker and security awareness trainer, author and television consultant on cybersecurity insights, Mr. Scott Augenbaum Scott, welcome to the studio, sir.

Scott (00:26.046)
Great to be here. Thank you for having me on. How long ago was it that we had our discussion?

D. Mauro (00:31.854)
It was about two years ago, I think the first time we had you on. Yeah, it's been a while. Absolutely. You did that last time. I wasn't prepared last time.

Scott (00:37.118)
Okay. So listen, I want to ask you a question because I must have missed Red Hour. I must have missed Red Hour's show notes. I thought I was interviewing you. So Dave, thanks for joining me today. I want to ask you a question. I mean, you're on there all the time. We're on the cyber. You know, you're doing an amazing podcast. I love what you do. But I was on two years ago. I just have one simple question to ask you. Has the problem gotten better or worse since we've spoken?

D. Mauro (00:58.574)
Yes.

D. Mauro (01:03.534)
Okay, not to be a consultant, but it depends on how we slice the data. It has clearly gotten worse, in my opinion. Overall, it's the volume of attacks have gone up, but certain things have gotten better in the sense that I believe that international law enforcement has done a very good job disrupting

some of the dominance that some of the organized crime units have had. And they've gotten a better job at breaking up and really hunting down some of the bad guys.

Scott (01:34.75)
huh.

Scott (01:43.102)
You know, unfortunately, this would be a great conversation. I don't agree with you one bit. I think that, yeah, absolutely not. I mean, this is what's great about this. This is going to be an awesome conversation.

D. Mauro (01:46.958)
Really? Okay, well, let's see. Well, I, I will, I have three examples. I've got three examples. I've got lockbit, right, the disruption dismantling of lockbit. I've got black hat, right, where they, they basically did an exit scam, but they had been dismantled in the fall. And their infrastructure was taken down and a lot of the decrypt keys were given to victims save.

Scott (01:57.054)
Mm -hmm.

D. Mauro (02:16.142)
lot of people a lot of money. And then just recently, scattered spider one of the head ringleaders 22 year old lad over in Spain boarding a boarding a flight to Italy was just picked up and they were as you know, they were in tie with black hat to conduct a lot of the big breaches that have been in the news like the MGM and Caesar's breaches. So that's what I was basing my

my assumption, but I thought that things were getting worse overall.

Scott (02:45.278)
No, listen, the FBI and the secret service do an amazing job and I give credit for that, but it's kind of like when we go back and when we were saying, Hey, look, we're winning the war on drugs because we make a couple of high profile arrests. There was a couple of years ago, I did an interview because one of the leading kingpins in the business email compromise.

D. Mauro (02:52.398)
Yes.

D. Mauro (03:00.846)
Yeah, that's a good point. That's good.

D. Mauro (03:12.046)
Mmm.

Scott (03:12.734)
aka Hush Puppy was arrested and everyone was patting themselves on the back and they did an amazing job. But let me ask you, are we any safer today? Absolutely not. The fact that we got three kingpins that showing a message that, look, law enforcement will lock you up. However, now all that stuff is out. It's in affiliates hands. It's out of the bag over here.

D. Mauro (03:14.862)
Yeah.

D. Mauro (03:24.046)
No business email compromise has gotten worse.

D. Mauro (03:34.766)
Mm -hmm.

Scott (03:41.502)
And now that could get into anyone's hand with crimeware as a service where you can buy this stuff. So to me, I think the problem is continuing getting worse. I hate to be negative about it. And that's what really we're going to talk about this. I'm not here to say we have to give up all hope because in my world, a lot of the cybercrime stuff could be prevented.

D. Mauro (04:04.077)
great.

Scott (04:04.126)
So this is I'm so excited that you had me on here again. So let's kind of I promise I'm not going to take over the interview. Well, maybe I'll be for five minutes.

D. Mauro (04:10.862)
No, this is great. I welcome an open discussion. Like this is great. I mean, my first question I had was how has it evolved since you first started dealing with it? You know, we just started on that topic. I mean, to me, what is what I'm seeing and what is concerning to me, and this is what I want your insight on, is the amalgamation of things. It's the blurring of the lines. You used to have like,

the Russian ransomware or the Eastern Bloc ransomware gangs, right? And then you had these groups of like kids and script kiddies and social engineering groups. But what we saw in the Caesars breach and the MGM breach was they had combined forces, right? That was an adversary, a very worthy adversary, right? And now we're seeing, we used to see phishing emails. We used to see...

Scott (04:57.886)
Mm -hmm.

D. Mauro (05:07.278)
spearfishing emails, business email compromise, and then you would hear things like high tech and things like that. But now you have deep fakes and the, you know, in combination with other social engineering attacks and the whole orchestration of it, that blurring of the lines, it's much more effective. And that's bad for bad for business, bad for organizations and their security.

Scott (05:23.518)
Mm -hmm.

Scott (05:32.926)
Yeah. Well, let me give you a little background on where I'm coming from, because some people here might say I have a little lack of empathy. And who do I have lack of empathy for? Large organizations, the information security marketplace and consultants. Okay, listen, I've been dealing with this problem for 20 years and I tell people, look, has anyone here heard me my presentation from 10 years ago? And I go, listen, I got nothing new to, I don't have anything new to say.

D. Mauro (05:46.766)
Yes.

D. Mauro (06:00.206)
Exactly.

Scott (06:01.758)
We're talking about the same crap day in and day out. And while you might hear these large organizations who get impacted with ransomware and data breaches because they're in the news, I don't lose any sleep over that, Dave. I'm sorry, because you want to know what I deal with every day? I deal with what I just dealt with the other day where I had an individual who contacted me because they got tricked.

D. Mauro (06:04.814)
Yeah.

Scott (06:30.526)
on a cryptocurrency investment scam and they lost $600 ,000. And when we talk about the four truths to cybersecurity, you know, the things that this person never expected to be a victim. Law enforcement's not coming in with a magic wand to fix the problem. There's no reset button. We're not getting the money back.

D. Mauro (06:54.03)
Right.

Scott (06:55.198)
Putting these evildoers in jail is really, really challenging to say the least. And it could have been prevented. And then I was feeling really bad about this guy. I mean, it was haunting me. I mean, he loses $600 ,000. I haven't thought about him in a couple of weeks. You know why? Because I got a call a week later from someone who lost $5 .8 million. These things don't go on and do it.

D. Mauro (07:04.75)
Absolutely.

D. Mauro (07:11.79)
Mm.

D. Mauro (07:21.71)
Unbelievable. These are in you know, and these, these don't just this isn't all clicking on a link in a phishing email. A lot of this, that tactic might be part of the whole scheme. But some of this is based on pig butchering or or romance scams. There's a lot of ways.

Scott (07:38.59)
It's social engineering. It's social engineering at its finest. And now when we sit here and, you know, I was invited to do a...

D. Mauro (07:42.094)
Yeah.

Scott (07:48.35)
a discussion on how artificial intelligence is going to be used to fight cybercrime from a couple of vendors. And I was like, hey, man, I'm not the right guy for this. Because you know what? When we talk about social engineering and, you know, I have a company who goes, hey, this is great. We got an AI based agent that could look at your emails. That's only a small part of social engineering, Dave.

We're talking about text messages. We're talking about telephone calls. We are talking about social media hijackings. We're talking about malvotizing. We're talking about pop -ups. And then I just built out a talk track for senior living for elders on 24 different types of fraud attempts.

D. Mauro (08:15.15)
Yeah.

Right.

Scott (08:41.15)
using social engineering. And then when I go over and I'm sitting here and you know, I see organizations are selling solutions. I'm like, I don't care what solution you buy. If you don't do what I tell you to do for free, it doesn't matter. And it doesn't it's not even my stuff. I'm not the hero in the story. I don't come across as that I'm the guy who just happened to listen.

D. Mauro (08:58.254)
Right.

D. Mauro (09:04.494)
You're pointing to common sense. You're pointing to reasonable efforts, right? Right.

Scott (09:08.766)
But common sense is in common practice and we cannot expect that when we put my mother -in -law in assisted living at 82 years old and we give her an iPhone because it's so incredibly simple and say, here you go, mom, here is everything. And now she's getting text messages, she's getting telephone calls, she's getting emails.

mom, here, communicate on Facebook and everything so you can see the pictures and everything. And now we, so I hate to say it's not the common sense, it's technology is so easy and simple to use and the cyber criminals are exploiting it.

D. Mauro (09:51.95)
Well, what's amazing to me is another aspect too, and you bring this up a lot, and that is it used to be back when you started, right? Right around the turn of the century when everybody was worried about Y2K, right? Like that's when I got involved. Like that was supposed to be this horrific thing and the clock turned and we were fine. But you had to be kind of technical back then. You had to have some technical chops, it seemed.

to really get into the whole hacker space, right? And today, these criminal platforms, now that I've seen them, actually seen them, their plug and play, they work like the best computer software that's on the regular market, right? If not better. And you don't need to be technical anymore. You just have to have criminal intent. And there's a lot more of people like that.

then there are people with the technical chops.

Scott (10:52.99)
Yeah, and it's so easy and simple. Let's just kind of go through, you know, because I've spent a little time talking to one of the scammers and just yesterday, you know, just went over here, got a quick text message. Hi, I'm Diana from HireWell. I'm contacting you for a job offer. Can I please share the job details?

Now think about this, we're all in this gig economy, we all want to work from home, we get this text message, and what's the first thing that they do for me? They go, listen, we need to contact you on WhatsApp or telegraph. Why are they doing this? Because they're not based here in the United States. And then one thing, yeah, mm -hmm, thing number one. And then,

D. Mauro (11:14.286)
Yeah.

Right.

D. Mauro (11:28.814)
Yeah, there you go.

Right, they want to take you off channel, off the regular channels.

Rule one, right?

Scott (11:40.798)
And then once you get there, they're going to ask, hey, we got this great gig. It's such a simple scam. And I mean, let's even think about it. If my kid who's 21 years old, home for the summer, he's looking for a job. Now he goes over there and all they ask him to do is say, hey, this is great. You can work from home.

All we need from you is to fill out this application, your name, your address, your date of birth, your social security number. And then at this point in time, they're going to say, hey, we need your bank account routing number so we can put some money into your... Boom! Right there. No technical expertise required right now. And now you can sit here in some foreign country.

D. Mauro (12:09.838)
Right.

D. Mauro (12:17.262)
Right, so we can pay you. Yeah. Yep.

Scott (12:30.302)
and be able to prey on U .S. citizens and do this. This is what we're not hearing about. And this is why...

D. Mauro (12:35.95)
Right. Well, because they're in the industry doesn't have a solution for it. Right. Like there's no security out of a box that they've figured out that's going to cure that. And so that's why we don't hear about it. And it's really something that is affecting everyday citizens constantly because it's hitting them from all ends. It's hitting them. It's on Facebook ads. It's on social media.

Scott (12:51.87)
And that's why I've been.

Scott (12:57.694)
And that's why I've been focusing.

D. Mauro (13:03.726)
TikTok, you name it. And it seems like whatever you want, whatever's important to you, they're going to use that to lower your guard and act like they're going to give it to you. And that's how the social engineering. Yeah.

Scott (13:17.182)
of social engineering. And it's something here that we're, and that's why I've created what I call the cyber secure mindset.

D. Mauro (13:25.486)
Yeah, I wanted to ask you about that. So you have the four truths and you swiftly articulated them before.

Scott (13:30.622)
And let's just cover that up quickly because nobody ever expects to be a victim. Okay?

D. Mauro (13:36.878)
Right. Number one. Correct. Yep.

Scott (13:38.91)
I don't fit the victim profile and if you have an email or a text or a message, you're going to get targeted. Bad guys steal your stuff. You contact law enforcement. Law enforcement doesn't have a magic wand to fix the problem. And especially when your kids are victimized by sextortion or your elderly parents lose their life savings. So many of us in the cyber secure mindset was developed, created because so many of us have to worry about our parents and our kids.

And then business. Putting bad guys in jail is not easy. Bad guys are located overseas. That sounds really depressing. But really about 90 to 95 percent of all these bad things that I deal with, I rarely get a call from a victim today, even on business situations, that I can't finish the sentence and go like this, well, if you just would have done this, this wouldn't have happened.

D. Mauro (14:08.974)
Yep.

Scott (14:38.654)
But wait a second, my MSP told me that I was going to be safe. Well, I thought the cloud was safe. Well, you know, I just had a HIPAA assessment. Well, we're PCI compliant. And it goes on and on and on again.

D. Mauro (14:56.11)
Mm -hmm.

Scott (14:58.366)
And I'm here to say to you that, listen, having a cyber secure mindset is really understanding, having the repetition, you know, listening to what you do. It's not a one and done situation. You can't just go like this. This is like health. This is like oxygen. This is like breathing.

D. Mauro (15:17.454)
Mm -hmm.

Yeah, it's a habit, right? It's really a habit of being more vigilant. Right.

Scott (15:26.27)
Well, it's changing behavior and that's what if you ask me, what do I do? I try to change behavior, but here's the challenge. How do you change behavior from a world that really all they want is an easy button. Let's think about it. All we want is the easy button. We want six minute abs. We want TikTok. When a TikTok video is more than 30 seconds, it's way too much.

D. Mauro (15:48.782)
Mm -hmm.

D. Mauro (15:55.598)
Right.

Scott (15:57.054)
You know, so, and even when I go in, like I built a customized program for an organization because they wanted it. And I thought this would be really easy because now I can recycle that content, but nobody wants an hour long training for their organization on how to stay safe.

D. Mauro (16:17.934)
Right, they all want it in short snippets.

Yeah. So how do we solve it? So, yeah.

Scott (16:24.798)
Hey, can I ask you a question? I want to ask you another question. What do you think about this? Somebody told me that I should be putting my, I need to bury the hatchet with TikTok. Okay. And I need to go where the people are to keep people safe because there are no cybersecurity influencers who know what they're talking about on TikTok. And if you are there, I apologize that I should be starting.

D. Mauro (16:51.374)
There's not that many. There's not that many.

Scott (16:53.95)
But I should, and I use TikTok because I like recipes and stuff like that. And I have an expect, I have no expectation at TikTok or Facebook, but I don't know. I'm having a hard time with that. I just feel like.

D. Mauro (16:58.126)
Yep.

D. Mauro (17:06.062)
I am too. I mean, well, there's a couple, there's a practical end and that is we don't know until the fall whether it's going to actually be ripped away. And if it, you know, and if it, but if it got ripped away, that would be a lot of effort to, to push out content and then do it.

Scott (17:16.894)
It's not going away.

Scott (17:23.294)
Nah, I don't think so. I don't know. I just think that I'd have to swallow some heart. You know, that's something that I wrestle with all the time. I'd love to hear from the audience when they hear this. What do you think? You know, because I've been on the news quite a bit talking about the dangers of TikTok, but there's 175 million people in the U .S. who are on it who all need to be safe.

D. Mauro (17:29.984)
Yeah.

D. Mauro (17:48.238)
Right. Well, I know that, you know, there's there's a lot of people in the community that are that share the view that we've we've shared the same view that you have. And that is that it is it's dangerous by design, right? Like it's kind of coded in a way. It's designed in a way the algorithm is fantastic. But it is designed in a way to capture far more of our data than we are generally aware. Right.

and to capture, you know, things that really concern people when they care about privacy. But it helps people to get your message. And you do a great service to people when they hear your message, Scott. So it is something to consider, right? You want to reach the people that you right you want.

Scott (18:38.686)
I know, I know. Well, thanks for being part of my therapy session this morning.

D. Mauro (18:45.038)
Yeah, I mean, you wanna reach the people that you wanna help, right? And if that's the platform that they're on, maybe we use a proton email when we sign up for it, you know?

Scott (18:58.014)
I don't, well, it doesn't even matter if we do because we still downloaded the app on a phone or a computer. I mean, I won't put the app on my computer, but I don't know.

D. Mauro (19:02.862)
Yeah, I know. That's the issue, right?

What are we supposed to do? Like get burner phones just to use TikTok? Am I supposed to go to Walmart and get a $9 phone to use TikTok? Made in China. And just use all different passwords when I'm doing it. I guess that would be a very safe way of doing it. But then we can get our message across.

Scott (19:11.614)
And you know what? The cheapest wines will be the... Made in China.

Scott (19:24.414)
Yeah.

D. Mauro (19:32.206)
Yeah, I mean, that would be for those startups in Silicon Valley, that would be a good solution for you to solve. Like, how do the people that care, that want to educate and share awareness, right? How do we use dangerous platforms or risky platforms?

Scott (19:32.51)
Okay.

Scott (19:47.358)
Well, and you know what's interesting? Years ago, the best advice I ever gave someone, and it was 10 years ago, was get a, have two computers, one for work and now one for business. But even now we've crossed so many different lines. I mean, I'm the guy who said eight years ago, I would never be on social media.

D. Mauro (19:57.486)
Mm -hmm. Yep.

D. Mauro (20:09.71)
I know.

Scott (20:10.494)
And now I got a tribe with 15 ,000 people on LinkedIn who are waiting for my message. That's kind of business, you know? So it becomes, and now we're talking about TikTok. We're talking about how we do things. And that's why to me, you know, I have to realize that at any moment in time, the cyber criminals are going to get my stuff and I better be using, and this is the big takeaway. And I've been talking about this for decades.

D. Mauro (20:17.966)
Right.

D. Mauro (20:38.894)
Multi -factor authentication. Right.

Scott (20:39.134)
If you don't have two factor authentication on every bit of remote access on your life, if you haven't identified your mission critical platforms, the cyber criminals are going to get your stuff. That's simple.

D. Mauro (20:51.95)
Right. And, and I mean, I mean, it gets down to that cybersecurity mindset, right? That cybersecurity mindset. If you don't have robust password system in your life, right? Like so many people you had mentioned earlier, when you come back and you do the trainings, right? Well, when I've done the trainings and I'm going back a second time to the same group, I've had, I can't tell you how many people have come up to me and said,

I took your advice. I have a really good password. Now I use it on everything. And I'm like, no, no, that's not what we said. Right? Like you have to have different the reuse of passwords is really risky. It's really dangerous.

Scott (21:37.918)
Yeah. And it's really for me, and that's why I kind of created like a really basic framework that if I could go back in time and I could, and the framework, you could tell it in two minutes, 10 minutes, an hour or a workshop. But these are the things, if I can go back in time and I can sit with my victims, these are the points that I would tell my victims.

D. Mauro (21:44.59)
Mm -hmm, that's good.

D. Mauro (21:58.574)
Mm -hmm.

Scott (22:02.718)
Well, first of all, you need to understand the four truths. The four truths are what changes our behavior. You're not getting your stuff back. Nobody's going to jail, but it could be prevented. So what are these things? I want to gloss over them really quickly and then have you, if you want a deep dive, let me tell you what my victims did not realize. And it's to this day, number one is social engineering is the number one tool in the cyber criminals tool belt.

And it is so much more than just emails. You have to understand social engineering at its finest. What is it? It's tricking us into doing things we normally wouldn't do. And now technology is assisting us. That's number one. Number two is all the cyber criminals need to steal from you today to wreak havoc on your life is your username and password.

The account compromise is where most data breaches are occurring for small and medium sized businesses because they do not know where their information is. They do not know how many different cloud based platforms they have in their organizations that they are overlooking that are not in control of. First of all, let's just assume that these small businesses do not have an information security person.

They do not realize that the HR platform, the marketing platforms, the accounts payable, the QuickBooks, all these different cloud -based platforms are what the cyber criminals want. And they're banking on a couple of things. 66 % of the population is using the same password from multiple platforms.

And that's the question I ask all the time. Are you using the same password from multiple platforms? Then you need to identify, you need to do this audit. And this is the audit that's being missed in all the risk assessments. All the check the box risk assessments are not looking at this. And we're setting up strong robust passwords for each one. And then we're using two factor authentication on every bit of those.

D. Mauro (23:53.134)
Right.

D. Mauro (24:03.182)
Mm -hmm.

Scott (24:19.262)
That is 90 to 95 percent of today's victimizations that are occurring across the board.

D. Mauro (24:28.846)
And what's amazing is that while it seems arduous, it's not, right? And it would solve so much of it. And it is something that is not on most, like you said, it's not on most audits or assessments, that individual user audit, right?

Scott (24:43.415)
And you know why we're not doing this?

Scott (24:53.719)
Yeah, and that's why to me it's so important that we do this at the individual level and when I sit here and I'm

D. Mauro (25:00.59)
I agree completely, I agree completely with that.

Scott (25:03.511)
And I'm doing my conferences and I'm speaking. I'm like, look, here's the list. Here you go. Here's my book.

I have tried to change corporate behavior more than anyone. I have sat down, I mean, I could tell you stories about companies that are in the news that I have told them decades ago they need to do this. I can't change corporate behavior. I'm not trying to change it, but I can make sure you and your family stay safe. That's my hook.

D. Mauro (25:39.086)
Right. Yeah.

Scott (25:41.079)
That's where I end up getting into these organizations to be able to do it. That's why for me, you know, I'm a content creator. So I'm getting the calls from the companies that are dealing with the no befores of this world. And they said, Scott, we're having a problem. Could you create content for our organization and can you make it personal?

And I hate to say it, if I can really give you the basic things, like, so, and I tell organizations, I go, you want to make it fail? Here's what you do. Tell them Scott Augenbaum, retired FBI agents coming in to keep the, to teach you how to keep the company safe. Nobody cares. Scott Augenbaum's coming in to build content to teach you how to keep your family safe and keep yourself safe. And then the C -suite's like, whoa, whoa, whoa, whoa, whoa, whoa.

We want to hire you to keep the company safe. And I'm like, trust me.

D. Mauro (26:40.974)
But if you do that, that's what we do. So when we're educating, we're doing security awareness, we give everybody that attends some take -home resources so that they can figure out how to freeze their credit, how to Institute multi -factor, how to do better passwords, because the organization benefits, don't they? I mean, if their employees for their own interests, because they want to protect themselves and because they want to protect their families, if they have better cyber hygiene,

and those habits and they bring it a cybersecurity mindset, right? And they bring it to work with them, the organization benefits.

Scott (27:19.383)
In theory. And that's why to me, it's just a, to me also, you know, I feel like I get very frustrated at times about this. I was recently called in by an organization who said, Hey, could we hire you to come talk to our board?

I was like, yeah, sure. Hey, listen, easy money. This is great. I do what I love to do. And I'm like, OK, what do we got going on? Because, you know, they're hiring me because I have this superpower that you don't have. All I get to do is say, well, when I was with the FBI, if these people just would have done this.

D. Mauro (28:01.55)
Right.

Scott (28:04.727)
it's a living, don't judge me, okay? but, so, y -you know well, you think, you think for so -

D. Mauro (28:06.862)
Ha ha ha ha.

But it's good, it's doing good work though, right? I mean, spreading awareness is invaluable, in my opinion.

Scott (28:19.191)
I don't know. Unfortunately, I think so often and this is why to me I'm spending the rest of my time focusing more on individuals and organizations. No, individuals, you know, that's why I love to say I have a passion project life. The cyber secure mindset is a passion project. And as a result of that, I get hired by companies. And if you ask me what I do, I'm an entertainer. They pay me well. I check a box.

D. Mauro (28:43.182)
Mm -hmm.

Scott (28:45.879)
And here's some of the frustrations, David. And tell me how do you think I should reply? So I get called by an organization, a conference organizer, and they're like, hey, we'd love for you to put on, we really care about our people, can you do a presentation for us? I go, sure, just give me an hour and a half. And they go, an hour and a half, we only can give you 45 minutes. And then I have to remember, I'm not a government employee, you're supposed to charge as much for as doing as little as possible.

And I go, but hey, wait a second. I said, they're not going to remember anything in two or three days. I mean, let's think about it. I said, I have a bunch of videos. I said, I'll license you the videos as part of the engagement so they can be reminders. I can come back. I said, all for the same thing. I can do a webinar. And the conference organizers get way stressed out and they're like, no, we don't need that, Scott.

D. Mauro (29:25.838)
Right.

D. Mauro (29:43.214)
Right.

Scott (29:43.511)
We just heard you're a good speaker. Do you want the gig or not? And I'm like, all right, I'll take the gig.

D. Mauro (29:47.726)
Right.

D. Mauro (29:51.47)
Yeah, it's very frustrating. It's very frustrating, right? When they want it done in 30 minutes to 45 minutes. It's tough. I mean,

Scott (29:54.423)
No.

Scott (29:59.543)
But they pay me. I mean, let's be in all honesty. Like I sit here and I talk to my wife and she's like, stop your bellyache and you get paid to do what you love to do. But I really want to help people.

D. Mauro (30:08.078)
Right. I know I hear the same thing, but. Right, right. And even a little bit is better than an hour and a half, but it does take an hour and a half to really explain the context. And because here's what you're doing, in my opinion, is you're getting people to care when people think generally making a generalization. But generally, when people think of cybersecurity, they think the IT department or they think the tech guys.

and they think that's their job. I'm in my job. And I think the goal of spreading awareness is for them to realize in general, every time we get online, it's everybody's job. I mean...

Scott (30:52.631)
Absolutely. And you know how passionate I am about this for anyone here who has listened to us and they're here, I'm going to put a little Easter egg in here. So if you have gotten this far into our podcast, go to my website, cyber secure mindset .com and leave me a message and I'm going to send you the audio copy of my book.

D. Mauro (31:01.646)
Excellent.

Scott (31:17.016)
the secret to cyber security. But don't put that in your show notes, okay? They have to listen to that part over here. So just go there and say, I want my book and I'll do that.

D. Mauro (31:22.446)
Okay, deal.

D. Mauro (31:27.246)
I will do that.

There you go. And you will get it. And it's a good book. I will tell you like this.

Scott (31:33.911)
Let me give you my basic plug on my book. If you're looking to read a good book by an FBI agent who saved the day, put a lot of bad guys in jail and is really smart, not my book. I'm not your guy. Go wait for Darren Mott to write. Go read Darren Mott's book. Yeah, go read his book. I love Darren. I need to... But I'm not the hero in my story, okay?

D. Mauro (31:51.534)
He's got a new one. Darren's got some new one coming out. I did too. He's awesome. It's great.

Scott (32:01.271)
I am not the FBI agent who saved the day. I'm the FBI agent who learned from all these bad experiences and I put together.

D. Mauro (32:12.078)
Yeah, you're hearing constantly from the actual individual victims and that gives you a unique insight.

Scott (32:18.391)
Yeah, yeah, and that's so important.

D. Mauro (32:20.11)
Yeah, it's really tough. It's really tough when when the individuals because after we started this podcast, we've had individuals reach out to us either on LinkedIn or YouTube or our website, and they will explain how they've been ripped off. And it's tragic. Yeah, it's really tragic. And you know, we guide them a little we but the

Scott (32:40.791)
I'll just grab one last night and...

D. Mauro (32:47.95)
But the truth is, is we kind of explain your four truths. We kind of explain to them, look, nothing's gonna happen to these guys, right? Like all you can do is learn from it. And...

Scott (32:57.751)
That's what drives me, okay?

Yeah, but when you're sitting here like I am, and this is what I tell everyone during my conferences, I'm like, take advantage of what I want to do, what I'm giving you. Because when you call me, unfortunately, I'm going to take your call, but I can't help you.

D. Mauro (33:11.662)
Mm -hmm.

D. Mauro (33:18.574)
Right. It's too late.

Scott (33:18.903)
And then I get some grief from the law enforcement community today. You know, I'm working with a group on pig butchering and they really were not happy with me when I said we are not going to arrest our way out of this problem. Law enforcement loves to do cases. They love to arrest people. But when the bad...

D. Mauro (33:32.974)
Right.

D. Mauro (33:37.166)
Yeah, because you can close it. I mean, there is there is circular there is execution at the end. And then there's a feeling like a neurochemical feeling that it's solved in this isn't solved. Right? Like, yeah.

Scott (33:46.263)
I've lived this for decades.

Scott (33:53.271)
I lived it for decades, I experienced it, and I'm not trying to diminish it. I'm just trying to say that do we need to hire more FBI agents who can't put bad people in jail if 90 to 95 % of it could be prevented?

D. Mauro (34:11.95)
Well, I think here's the thing is the metric that you're succeeding at isn't one that is trackable or tracked, meaning by raising awareness and preventing someone from falling forward in the first place, there's no way of tracking that. There's no way that you can say because of all of our combined efforts,

Scott (34:33.399)
Well, and that's.

Scott (34:38.219)
no.

D. Mauro (34:39.182)
We have educated X thousands, tens of thousands of people, and they have the wherewithal not to do this and that. And therefore they didn't fall for these scams or they didn't fall prey to this social engineering. There's no way of knowing that.

Scott (34:57.751)
One of the things that I'm exploring now is partnering with certain pieces of technology that are open to the education side. Because if you take my education piece and you tie it with...

D. Mauro (35:08.174)
Mm -hmm.

D. Mauro (35:12.27)
Mm -hmm.

Scott (35:14.743)
identity theft protection, a good antivirus like my friends at PCmatic, a good at -home router. If you bundle all of that stuff together, then you can make progress. Because you know what? You can listen to my training all day long. You know what? But eventually you're going to click on a link, okay? Eventually you're going to... So there are so many pieces of technology. I'm just trying and I'm working on a project right now.

D. Mauro (35:16.654)
Right.

Yep.

D. Mauro (35:34.222)
Right.

Scott (35:42.615)
Because a lot of the tech, you know, when I sit here with companies that are doing these types of things like dark web scanning, I go, what's your education platform? And they're like, well, what do you mean? Education and technology has to be the mix. And occasionally you can see they have some chat GPT generated articles. And I'm like,

D. Mauro (35:50.286)
Yep. Right.

D. Mauro (35:58.638)
Absolutely.

D. Mauro (36:03.534)
Mm -hmm.

Scott (36:05.463)
So that's my project because I hate to say it. There's times I went out, I did that conference. I told people, hey, listen, everyone here gets an audio copy of my book. Out of 70 people, five people took me up with it, took me up. I get it. Nobody has time to read books. You know, so.

D. Mauro (36:23.726)
Mm -hmm.

Right. But the audio is a lot more palatable for a lot of people. They could do it.

Scott (36:31.383)
So sometimes I can't even give it away for free.

D. Mauro (36:33.998)
Yeah. Yeah, but with the audio aspect, you're able to do that while you're driving, while you're on the treadmill or the bike, things like that, right? When you're at the gym, there's a lot more opportunity to still have the message resonate.

Scott (36:49.463)
And that's where I'm trying to really start to read some of these books more like by Anthony Robbins and try to condition people to do this. Because look, I picked up the Anthony Robbins book. I read it 32 years ago when I was 20 some odd years old.

D. Mauro (36:57.006)
Mm -hmm.

D. Mauro (37:06.318)
Mm -hmm.

Scott (37:10.551)
And man, if I would have followed everything 32 years ago, I would have, and you know what, and I'm going to bring up that habit. I see atomic habits behind you, right? And I see Chris Voss's book behind you, right? Read those books. I can't tell you how many times I've read those books and I still, I'm like, man, I got to start enjoying the process instead of the goal. It's really, I think it's our human nature that we need the constant reinforcement.

D. Mauro (37:19.086)
Yeah, love it. James Clear. Yes. Chris is fantastic.

Yeah.

D. Mauro (37:33.07)
Yep.

Scott (37:39.863)
That's what I'm trying to figure out. How do you do that in the world of cyber crime when people, all they want to learn about is health, wealth and relationships, not protecting wealth.

D. Mauro (37:51.982)
Mm -hmm. Right.

Well, I think that's the whole point though, right? So I think what we have to do is the message I'm hearing, Scott, is we have to get on TikTok with a workout video on how to get rich. And by the way, and by the way, have like a bunch of music and some rappers and some, you know, yeah, we'll do something like that. And then we throw in there and by the way, change your password.

Scott (38:10.775)
and pick up girls, you know?

Scott (38:19.671)
Maybe I'll get Darren we'll do a viral dance.

D. Mauro (38:27.374)
Like that's the end message. Right.

Scott (38:28.531)
Hey listen, if that'll work, I'll try it, you know?

D. Mauro (38:33.986)
I absolutely love it. Hey, let me before I let you go, what are some of the more memorable cases that you've worked on? Share with us something that.

Scott (38:48.471)
I don't even think they're memorable. I mean, when I was a young FBI agent, I had a blast. I mean, it was simple to define the role. Bad people did bad things to good people. I worked with state and local cops. We happened to make, we made the community safer. In cyber crime, I hate to say it,

D. Mauro (38:51.31)
Hmm.

Hmm.

Scott (39:10.391)
It's the more times like I would sit here and talk to companies and companies would go, I get it. And I really do not have a lot of success stories today. I have dealt with some major fortune 500 companies. I hate to say my efforts were wasted when I was an FBI agent, but to me, when somebody calls me up and says, Hey, I put two factor authentication. Hey Scott, what you said really, really made sense.

D. Mauro (39:40.43)
Yeah.

Scott (39:41.335)
That to me is really, really touching. Or when somebody takes me up, you know, I get asked all the time to do presentations. I get paid for them. I do just as many for free because they're good efforts. You know, I graduated community college by the skin of my teeth. I never turned down community colleges to help talk to young people and students. You know, I'm living, I love what I do.

D. Mauro (39:49.07)
Yep.

D. Mauro (40:04.302)
Never. No, not at all. Yep.

D. Mauro (40:10.862)
Yeah, absolutely. Well, even though it's anecdotal, I still find when I speak to somebody who said after the after the education session, we've done this and we haven't been harmed since then. We don't know. We might be harmed tomorrow, but we haven't since then. And we were really under attack before. You kind of have the sense that it's it's helping. Right. And.

Scott (40:39.415)
It's hard to quantitize, it's hard to quantify it.

D. Mauro (40:40.622)
But it's really hard to measure it. It's very hard to measure it.

Scott (40:45.079)
You know, when people were asking me, you know, Hey, Scott, with your training, what's your percentage rate of aging behavior? And I'm like,

D. Mauro (40:57.07)
Yeah, I'm like, that's, yeah. As soon as humans stop being humans, we'll be able to measure that stuff.

Scott (41:00.215)
You know, it's not like fishing training.

You know, you can quantify phishing training, but you can't quantify text messages, telephone calls, account compromises, using two -factor authentication, freezing your credit, explaining to your kids about sextortion, telling your elderly parents about the government imposter syndrome. How do you quantify that?

D. Mauro (41:07.598)
Sure, of course.

D. Mauro (41:13.71)
Mm -hmm.

D. Mauro (41:29.006)
Right. Or when they see an ad on social media and they realize that looks like a scam or that looks like that would have adware spyware in it and they scroll over it. Right. There's no way of knowing that nobody's

Scott (41:41.911)
Mm -hmm or even so many of us are going to Facebook marketplace Which is one thing after another but you know

D. Mauro (41:52.494)
It's like the telegram of it's like the telegram of the of the it's it's it can be really risky. Yeah.

Scott (41:57.495)
Yeah, but here's what's going to happen. You're going to find something. You're going to be your typical consumer. You're going to find something that looks like it's two neighborhoods away. And the person's going to say, hey, do me a favor, send me a deposit and I'll take it off. So you're going to send them a $200 deposit. And all of a sudden, that's like giving someone $200 cash.

D. Mauro (42:06.99)
Mm -hmm.

D. Mauro (42:21.134)
Right.

Scott (42:22.487)
Those are the things on the cyber secure mindset. That is what's so important.

D. Mauro (42:27.758)
Yep. Absolutely. Scott Ongbem, always a pleasure, sir. Thank you so much. And for listeners, we will have a link to your website in the show notes. But for the listeners that listened this way through, you know, to reach out to Scott and request the audio copy of the book.

Scott (42:50.359)
Yeah, reach out to me and I'm gonna send you a copy of my book or even say it again!

D. Mauro (42:54.766)
It's a good book. Useful stuff.

D. Mauro (43:03.566)
Well, Scott, thank you so much, sir. We appreciate it. And we thank you for all you do. Just keep doing it. And we very well may see you on TikTok at some point. And we don't know. Never say never.

Scott (43:06.775)
Awesome.

Scott (43:14.359)
Awesome. Thank you.

Scott (43:19.351)
I don't know. Never say never. I said I would never... Listen, I got two friends who said to me, you know, when I told them I'd never be on LinkedIn.

Okay, so I guess you can edit out the rest and stuff. This was a fun time, Dave.

D. Mauro (43:34.094)
Yeah, no, it was really good.


People on this episode