Easy Prey Podcast Por Chris Parker arte de portada

Easy Prey

Easy Prey

De: Chris Parker
Escúchala gratis

Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim. Biografías y Memorias Crímenes Reales Política y Gobierno
Episodios
  • Identity without Passwords

    Identity without Passwords
    Mar 25 2026
    Every day, employees at hotels, restaurants, and resorts across the country are doing exactly what they were hired to do: being warm, responsive, and eager to help. It's what makes hospitality work. It's also what makes hospitality one of the most targeted industries in cybersecurity. When your entire workforce is trained to say yes, teaching them to be suspicious is an uphill battle. The smarter solution might be to take the target off their backs entirely. Jasson Casey is the co-founder and CEO of Beyond Identity, a company built around one idea: making identity-based attacks impossible. With over 20 years of experience designing large-scale security infrastructure for global enterprises and carriers, Jasson has spent his career thinking about what happens when stolen credentials open doors they never should have. Beyond Identity's answer isn't better passwords or more authentication hoops, it's eliminating the credential that can be stolen in the first place. Josh Johansen is the Director of IT Systems and Technology at Brandt Hospitality Group, an owner, operator, and developer of hotels under brands including Marriott, Hilton, Hyatt, and IHG. Josh came up through hotel operations, not a computer science program, and that background shapes how he thinks about security practically, from the floor up. He knows his workforce isn't looking to become cybersecurity experts. His job is to build systems that protect them anyway. We talk about why the hospitality industry is such a rich target for phishing attacks, and what happened when one of Josh's general managers nearly paid a fraudulent invoice because she couldn't log in without a password she no longer had. Jasson breaks down how device-bound passkeys work, why most consumer passkeys aren't nearly as secure as people think, and what separates a real security system from one that just looks like one. Josh shares the lessons learned from rolling out this technology across a multi-brand hotel portfolio including what he'd do differently and what it means for an industry still wrestling with shared logins, high turnover, and workers using four different brand systems before lunch. Show Notes: [3:05] A cyber insurance mandate pushes Brandt Hospitality Group to find an MFA solution, and complaints about authentication fatigue make the obvious options the Brandt partners are already using feel like the wrong fit.[4:03] After months of evaluating vendors and completing a full proof of concept, the leading candidate drops smaller accounts without warning, sending Josh back to square one and into a same-day demo with Beyond Identity.[5:09] Beyond Identity moves fast, puts together a rapid proof of concept, and earns the business. Josh describes meeting Jasson in person for the first time at BeyondCon shortly after signing on.[5:45] Hospitality is uniquely vulnerable to phishing attacks, and the industry's culture of helpfulness connects directly to the behaviors bad actors are counting on.[6:49] A general manager calls convinced she needs her password to pay an overdue vendor invoice. When she can't get a login prompt, the situation is recognized immediately as a phishing attempt she nearly fell for.[7:33] Reflecting on that moment, someone sharp and experienced nearly became a victim, and removing the password from the equation entirely turns out to be the real breakthrough.[9:05] The conversation turns to the limitations of cyber awareness training, and why even well-intentioned employees with heavy workloads cannot be expected to function as a reliable last line of defense.[11:13] Jasson describes how Beyond Identity works, using the analogy of a monkey in a jail cell to explain how a signing key stored in a secure hardware enclave can authenticate a user without ever leaving the device.[12:06] The concept of stealable credentials expands beyond passwords to include API tokens, session cookies, SSH keys, and anything else that can be copied and lifted from a system.[17:33] The discussion shifts to agentic identity and AI-driven workflows, with customers on opposite ends of the spectrum — some where agents make up the majority of their workforce, others who paused rollouts after discovering how easily prompt injections could expose sensitive data.[19:17] The biggest mistake organizations make going into a passkey rollout is diving in without a clear understanding of how their identity environment is actually configured and what that means when things don't behave as expected.[20:35] A lesson from their own deployment — initially limiting passkeys to senior staff and leaving line-level employees on passwords — makes clear that partial coverage leaves meaningful gaps.[22:58] Most organizations under active phishing load will experience an incident during a mid-deployment window, and that moment often becomes the event that accelerates full adoption.[24:33] The shared workstation challenge in hospitality comes into focus, along with how the device-bound ...
    Más Menos
    39 m
  • When Cybercrime Gets Personal

    When Cybercrime Gets Personal
    Mar 18 2026
    Most security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage. My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and eBay, and she brings a distinctly mission-driven lens to the work, shaped equally by a career in business and a background as a Krav Maga instructor. Unit 221B operates less like a typical security vendor and more like a specialized investigative unit, with a team that includes tenured ransomware experts, incident responders, and former law enforcement, all focused on one outcome: criminal arrest. May has seen firsthand how ransomware gangs operate with their own codes of conduct, how a younger generation of cybercriminals is throwing those rules out entirely, and why paying a ransom is increasingly a bet that doesn't pay off. We talk about why social engineering has overtaken technical hacking as the dominant attack vector, what organizations and individuals should never do in the aftermath of a breach, and how crimes against children online often go unreported for the worst possible reasons. May also shares a story from her own experience being scammed on eBay, and what she did about it, which tells you everything you need to know about how she approaches this work. Show Notes: [1:28] May shares her background and how she came to lead Unit 221B, a threat disruption company serving enterprises, law enforcement, and government.[1:41] May traces her path into cybersecurity, explaining how a lifelong sense of justice and a friendship built through Krav Maga training led her to a team of investigators doing real criminal work.[5:55] May recounts being scammed while selling luxury shoes on eBay, describing how a fraudulent PayPal email convinced her the sale had failed after she had already shipped the item.[8:22] Rather than accepting the loss, May engaged the scammer directly, intercepted her own shipment through FedEx, and used a photoshopped payment screenshot to flip the situation on him.[11:36] The story ends with May recovering her shoes, followed by a candid note that this approach carries real risk and is not something she would recommend to others.[12:57] May outlines Unit 221B's core work, including criminal investigations, threat intelligence, pen testing, and incident response, all oriented toward federal prosecution and criminal arrest.[16:52] The evolving threat landscape, contrasting professional ransomware organizations that tend to honor agreements with a younger generation of cybercriminals who operate without limits.[18:44] May describes this younger criminal group in detail, noting members are predominantly 14 to 26 years old, English-speaking, and motivated as much by social status as financial gain.[21:49] May explains why wiping systems and restoring backups after a breach is one of the most damaging mistakes an organization can make, eliminating evidence and removing any path to prosecution.[23:04] She walks through Unit 221B's incident response process, covering digital forensics, insider threat identification, and determining who is behind an attack before advising on next steps.[26:32] May addresses the ransom payment question directly, recommending against paying as a default while acknowledging that knowing your adversary is essential to making the right call.[28:04] The discussion covers the legal and PR dimensions of a breach, including notification obligations and why some organizations choose to go public about what happened.[31:08] May pushes back on the perception that law enforcement doesn't help, explaining that federal agencies are understaffed and must prioritize cases, but are genuinely committed to the work.[34:08] The issue of victims deleting evidence before reporting, and how frequently this forecloses any possibility of investigation or prosecution.[34:55] The conversation turns to crimes targeting children, including sextortion, and why open dialogue between parents and kids is critical to getting victims to come forward before lasting harm is done.[37:18] May reflects on a keynote she gave at Harvard's Bold Conference for young women, describing the tension between advice to build an online presence and the real safety risks that come with it.[38:51] May shares practical security guidance for young people online, including being mindful of what appears in video backgrounds, using strong passwords, and enabling two-factor authentication.[40:35] May identifies AI-assisted attacks and social engineering as the two most significant forces reshaping the threat landscape, with...
    Más Menos
    46 m
  • Stopping Phone Scams

    Stopping Phone Scams
    Mar 11 2026
    Phone scams get dismissed as background noise or just annoying interruptions and unknown numbers with robotic voices we learn to ignore. But behind that noise is an industry built on psychology, automation, and staggering profitability. My guest today is Alex Quilici. He's an engineer, entrepreneur, and the CEO of YouMail, a company focused on protecting consumers and businesses from unwanted and fraudulent calls. Alex has spent years analyzing how robocalls and scam campaigns are designed, how they evolve, and why they continue to work despite better technology and increased awareness. What began as a voicemail platform shifted into fraud prevention after users unintentionally revealed a powerful truth that even small friction can disrupt scam operations. He shares how his own father got pulled into a tech support scam which cemented his mission to move beyond blocking calls and toward tracing and stopping scams closer to their source. We talk about how scam calls are engineered, the tactics that trigger panic and urgency, and how criminals use data breaches, AI tools, and impersonation to sound convincing. We also explore what's changing, including fewer random calls, more targeted attacks, rising text and messaging scams, and the difficult balance between stopping fraud and allowing legitimate calls through. Alex shares practical ways consumers and businesses can reduce risk, along with a candid look at why this problem is so persistent and where it's likely heading next. Show Notes: [2:23] Alex explains how YouMail shifted from a voicemail company into fraud prevention after noticing users using an out-of-service message to deter robocallers.[3:25] Discussion turns to robocall volume, with Alex estimating billions of calls per day and roughly five billion robocalls per month.[4:10] About half of all robocalls are unwanted, while the rest include legitimate reminders from doctors, hospitals, and financial institutions.[5:05] Alex notes that legitimate telemarketing still exists but is now heavily overshadowed by sketchy and scam-driven campaigns.[6:40] Scam calls have declined in raw volume, yet attackers are becoming more targeted and efficient.[7:15] Scammers increasingly pivot to texts, email, and messaging platforms where third-party blocking is harder.[9:27] Alex describes limited progress shutting down shady telemarketers but better success against large-scale illegal robocall operations.[11:05] Sense of urgency emerges as the dominant tactic, often involving fake charges, legal threats, or financial panic triggers.[13:10] Modern scams combine spoofed caller ID with breached personal data to create highly convincing impersonations.[16:27] Scammers are compared to extremely motivated marketers who rapidly adopt AI and optimization techniques.[17:30] The economics are startling, with scam campaigns generating enormous profits at extremely low cost per call.[18:44] Alex advises letting unexpected calls go to voicemail and returning calls through verified, official channels.[20:50] Panic-based bank account scams are highlighted as particularly dangerous because fear overrides logic.[23:19] Businesses are identified as vulnerable targets, especially through employees' personal mobile phones.[31:52] Enforcement efforts are increasing, and Alex predicts stronger regulatory pressure over the coming year.[35:54] Impersonation scams tied to toll roads, DMVs, crypto, and romance schemes are flagged as growing threats.[38:19] A simple defensive principle is reinforced: pause, disengage, and verify independently before taking action.[41:44] Alex outlines YouMail's call-screening approach, adding friction that blocks automated scam systems while allowing real callers through. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestYouMailAlex Quilici - LinkedIn
    Más Menos
    45 m
Todavía no hay opiniones