Holiday Scams Unwrapped | Tips to Stay Safe This Season

Welcome to the Security Cocktail Hour. I'm Joe Patti.

I'm Santa Claus.

You're Santa Claus. Well, why aren't you wearing your hat?

I don't have a Security Cocktail Hour hat.

Well, I have an unofficial Santa hat. It's not a Security Cocktail Hour hat, but I'm not going to wear it because I just got a haircut the other day for the show. And, you know, I'm vain. What can I say?

Me too. I got a haircut for the show too.

I can tell. All right. It is our holiday episode, as you might have guessed. And we're continuing our tradition for the second year of having a holiday episode.

Can we be transparent here?

Absolutely. Always.

Thanksgiving hasn't even happened yet.

Don't you remember we're supposed to be using like movie magic here and not telling people when we record things and how long it takes us to get things out.

Oh, boy, man, it was. I am full from all that turkey. That's right.

There we go.

That's the spirit. Let me wishbone.

Okay, but a little business first. Everyone remember, please, if you're watching us on YouTube, like and subscribe and turn the notifications on and comment. We love comments, especially comments on this episode, because we're going to tell you a lot about holiday scams. We want to know if you're finding them useful. Follow us on Spotify and other podcasting platforms. Just generally, you know, Engage us in engagement, Adam. We got to get that algorithm going.

We're getting a little bit of hate mail. Like, why are you doing this? Why are you doing that? So we're getting there.

That's true. We did have the guy who said he wants 30 seconds of his life. Yeah, I like that one.

I sent him a gift card to Amazon. 30 seconds of your life back. That's pretty good.

I think we should do that.

Well, let's talk a little bit about, you know, the holidays are coming up. You want to get your significant other or family member a gift. What would you get them?

You know what I can think of? Something that will keep security on their mind all year round, like a security cocktail hour coffee mug. I think that's a great idea. You've got the same thing. Or what else could they possibly want? Or a sticker. No, it's not a sticker. Oh, that's the patch. That's the patch. Well, your internet stinks. I'm getting a lousy, lousy picture from you.

Are you really? I'm getting a great picture of you and me.

Yes, an official security cocktail hour patch. Awesome. And it's got the build pro on the back, right? Yes. So I can stick it to stuff.

And in case you want to write something, you can get a pen.

You got to not cover the logo with your finger when you show stuff. You see, we're not like much professional here.

It's Amish night. What do you want from me?

It's Amish night.

I drank too much from Thanksgiving.

I guess so. And, and we got, oh, the holiday M&Ms. That's right. So we've got two meals covered. You can have coffee in your coffee mug and you can have dessert in your M&M's. And Adam is modeling a piece of the wardrobe for us, a polo shirt in the traditional security black.

So hopefully by the time you watch this episode, we'll have our store hosted on our website and you can buy a couple of things. You know, help support us support you.

That's right. We're not making a fortune off this. We're not making any money. We're trying to, if we're losing money, we're trying to cover some expenses here. So come on.

And then you can, you can gift us too. You can turn around and sponsor an episode if you're interested in that as well.

That's all right. We'll take, we'll take money. You know, I'll put something on your answering machine.

And this is all about, you know, let's not get scammed for the holidays. What we're asking you to do or buy gifts is not a scam actually.

No, that's right. It's not a scam. This is real stuff.

We got M&Ms by the way. Go ahead.

You're not supposed to eat the merchandise.

I am now.

Okay. So anyway, this is our special holiday episode and like the last one, we're going to talk about scams, but we're going to do something a little bit different. And here's why you have seen that movie, the beekeeper, right?

Maybe.

Okay. Well, you know, it's not like it's 30 years old. You shouldn't remember it. It's just like fairly recent.

I'm not even 30 years old.

That's right. I forgot. I forgot about that. Anyway, so if you've seen The Beekeeper, it's about, uh, the whole thing starts off with a scam where, uh, you know, I don't want to give the whole thing away, but it starts at the thing that precipitates the whole action stuff. It's a revenge story where someone gets scammed and the guy then goes like old John Wick on the scammers and everyone involved, which is actually pretty entertaining if you like that sort of thing. The scam part of it, believe it or not, is pretty realistic. Not actually the organization. They, they Hollywooded that up, right?

Yeah. No.

Yeah. Well, well, they got the scammers as like, you know, these guys, they're, they're in this place with like, you know, all neon and screens and they've got a runway stage and the guys all dressed, you know, like, I don't know, like a fancy guy or something. Not, not an office in a, you know, the country that we don't want to name where people are toiling like, like serfs. But anyway, that part a little less realistic, but the realistic part was the way they scammed someone was, and the way they show them, you know, getting the person's money was, that was pretty real. Okay.

Well, I feel like I should have some security cocktail al popcorn to listen to this.

People have to make some up. Now you think of it. Oh, that's right. You're chowing M&Ms. I don't want to interrupt you if anyone's listening on video. If anyone's listening on audio only and like, you know, getting that yucky sound coming from Adam, it's him chewing. I guess I should edit that out.

No, no, leave it there because they're going to hear it. They're going to want M&Ms.

going to not want M&M's ones. I don't know. Okay. But anyway, so it is somewhat, um, realistic and interesting that the actual scam that they betray and it is perpetrated unfortunately on an elderly person and a person who does not know very much about these things. And so what we figured was that, you know, Adam, you and I know all the scams for the most part.

I don't want to sound cocky and arrogant. I don't know all the scams and we don't know all of them. I'm also capable of being scammed too. I mean, everyone thinks like, well, guess what? These guys, you know, they talk about scams. They're not going to get scammed. Everybody is vulnerable. Every everybody. So everyone's got to be on guard. You really do.

Well, you're absolutely right.

Well, um, you know, let me just bring this up. One quick thing. I was looking at LinkedIn, I think yesterday or today. And I saw that one of the CEOs of a threat Intel company was sitting at a dinner table with one of his colleagues from his organization, I believe. And it said, hey, this is blah, blah, blah. I need you to reach out to me. Can you reach out to me as soon as possible? And then the gentleman picks up the phone, looks at him across the table and says, you just texted me. It's a well-known Intel company that you and I know. That's cool. We used before.

That's cool. Did he fall for it?

He was sitting right there.

But well, we don't know, we don't know all the schemes, but we know the classics and we're kind of up on the newer ones. As I believe much of our audiences, though the audience tends to be people who are kind of interested in security and are into this stuff. You're using the wrong mug. That was a Mickey Mouse mug. There you go. That's better. Plug the merge and don't get us a copyright strike, please. Okay. Anyway, our, uh, you know, audience tends to know about these things, but one thing you may not realize is you probably know a lot of people who don't, and a lot of people close to you perhaps, and you'd be surprised what people fall for. What, what we may think is very natural and obvious is not so obvious to other people. And that's why they work. And that's why they keep keep keep plugging it.

So well, I want to add some there, right? You can be obvious about the scam and you can know there is a scam and still be scammed, even though you weren't scammed. What Adam, what did you just say?

I'll give you that's very metaphysical, but I'll give you an example.

My mother in law, she basically hung up on somebody that was scamming her kind of scamming or trying to scam her. They sent something unsolicited in the mail, the U.S. Postal Mail. Unbeknownst to us, we signed for it. And then the scam is used as proof that my mother-in-law signed the contract, which she never did. They said, look, here is the signature of her accepting the contract. Not the signature on the contract, the signature of accepting the paperwork in the mail. So and my point is, is people manipulate other people into believing that this is accurate and this is real. So while my mother might not necessarily been a part of that scam per se, she was a little bit, but now you're being manipulated. So if you get something in the mail unsolicited and you're like, oh my God, what is this? And you sign for it, that organization could say, well, they received the paperwork. I can't send you the paperwork because it's confidential, but I can show you that they did receive it. And some people might accept it as proof, so.

Yeah, some people might, or they may think that they've committed themselves to something, which we will say as usual, we are not lawyers. But I'm really sure that if you sign to accept a package, you're not accepting the contractual terms of any documents within.

Except when you buy a baseball ticket to a stadium and you're accepting the fact that if you get hit in the head, they're not responsible.

Yeah, you know, it's a sad commentary that that needs to be a legal contract for people to realize that. That's another show.

We're going to talk about baseball in another show?

Well, eventually, but baseball season's over and I don't want to talk about the, I don't want to talk about the Yankees. I do not want to talk. I don't want to talk about it that way.

Okay. Sorry.

I've, I've moved on to the Giants. My sorrow needs to go somewhere.

Wait, that's the New Jersey Giants, right?

Yeah. The New Jersey. Blame everything on Jersey. It's all that chromium out in the meadowlands where they play.

I'm smelling smoke from you guys. The wildfires are coming over here.

They might. It's really dangerous. Okay, now everyone knows what we're doing this, but yeah, it's been very dry. Boy, it's cold out. There's so much snow. That's right, more turkey. Okay. Anyway, so let's start with the, with the hot stuff, with the new stuff. And we've talked about AI a lot on the show and AI scams, but this is when they're going to ramp up. Don't you think? We've talked a lot about the voice and video cloning. Which kind of is sort of like the scam you were talking about, but even taking it to the to the next level of, you know, that's actually what I was thinking of. Were you going to say that there was like a video of the guy sitting next to him supposedly calling him and it looked real? That would be crazy.

Yeah. You know what's funny? I think if I understand correctly, there's a new malware for your phone when you go to call out to your bank. It unbeknownst to you redirects it to a different phone number. I forgot what malware that was, but like you're calling, I'm calling Chase. And meanwhile, it's calling the fake Chase. It rediverts the numbers now.

That's terrible. That's really bad.

You don't even know you're being scammed and you're being scammed because you're being scammed.

Well, you don't even know it. And you know, you may be doing the things that we always tell people to do, like call the number on the back of the credit card. Don't click a link or anything, but if they've managed to reroute you on your phone, oh, that's nasty.

So like, like the old Kevin Mitnick trick, um, you know, unfortunately Kevin Mitnick passed away, but his, one of his things was, you know, they send you an email or a text, you call the number on the text. And then when you call it, it's actually really calling chase, but they do a man in the middle attack. So, We're in violation. We found that somebody's using your credit card illegally. Please call this number so not every number is visible because some numbers are like the The Ford hotline it might not be the regular chase number or the regular city number It's a chase Ford hotline or city hotline you end up calling it. But what this would do is do a man-in-the-middle attack as you're calling they use an asterisk to grab your digits and So you call and go, you put your your your account number, you put your pin number in, whatever you're doing. And it says you have one thousand five hundred and thirty seven dollars and sixty three cents. And you're like, yeah, I really do. Thank God nothing happened. You hang up. Now they got your digits. They call back, chase themself. And now they're in your account.

Well, that's that. OK, you got to explain what asterisk is. We don't want the little thing on the on the phone dial.

Go ahead. You explain it. You're better than me.

asterisk is, um, I don't know if they still call it a PBX, open source PBX, open source PBX, which means it's like a phone system, a free version of the phone system that you'd have have in your office and you can hook it up to the phone network. So, you know, you can have your own office phones or whatever. It's kind of becoming a little less used than in the past, but you can have that. And, and so these guys have figured out how to, uh, set up the call routing. So when you, you think you're calling chase, but. It causes the malware in your phone. Your phone instead doesn't call that number. It calls them. And then they connect it from there to the real place you're trying to get to. It's called a man in the middle attack. So you think you're talking to them directly, but you're not. And like Adam said, then these guys can trick you. They can get your credentials and your information and try to go to the bank themselves. That's a really nasty.

It's so simple.

It's simple in concept. It's not simple to execute.

Well, it's not it's not terrible to execute. I mean, I bet you can download a free asterisk appliance already made to do a man in the middle attack if you want to.

Yeah, but you got to get the malware on the phone. No, no. Two different things.

So the malware, unbeknownst to people, the malware is is embedded in you kind of poisoning the well. So you download something that you think is good. Like let's say you go to download. Chat GPT. but you download chat GPT TT, which is somebody else puts it into their store. And you're like, Oh, cool. This is real chat GPT. I'm using it. But meanwhile, in the white space or in the space where there's no code, it's executing other instructions to say to your, like, like you allow permissions for anyone who has an Android phone. I don't know much about iPhone. You say, allow Mike, allow access to, uh, to uh my keypad allow access to my speaker allow access to my contacts well when you allow all this access now this malware can do whatever it wants with it it can listen to you it can know the gps if you allow that and everything else so you got to be very careful the permissions but i guess where i'm really getting at is you got to be careful what you add to your phone because just because it's something that actually works it doesn't mean that there's nothing nefarious within it as well

Yeah, that's very true. And, you know, I, I found it's very, very similar thing when you get an app and it wants to use the camera, the mic, whatever it asks you the first time. And, you know, we'll give you the same advice. We, we, we've given people for years on stuff. Don't just say yes. If it seems like this thing has nothing to do with that, don't do it. Or even if it is something like, if it gets, IQPT, it has this really cool voice thing. Um, you know, well, if you're not planning on using it, just don't give it access. You can always change it later.

Well, I'm laughing because I remember back in the day before there was a real flashlight function built into the phones, you had to download a flashlight app to turn on the flashlight. Do you remember that on your phone?

I remember even before that, you know where they got that idea?

Where?

I think it was in the New York blackout of like in 2003, whenever that was, and before even smartphones, I think, and people like were stuck on the subway or stuck in a tunnel or something, and they were taking their flip phones and opening it up and using that light, just that light to find their way.

So the point I'm making, which is the funny part about it, right? The point I'm making is that when you downloaded the flashlight app back in the days when it first came out, can the flashlight app have access to your GPS? Can the flashlight app have access to your microphone? Can the flashlight app have access to your contacts? Wait, wait. Why does my flashlight app need access to my contacts? So think about it logically. If you're downloading something and it's a recipe program and it's saying I want access to your microphone, think about it logically.

But you need to be vigilant too, because sometimes you will be downloading something and using it where, you know, maybe it's a, it's a photo app. So it needs to get access to your, to your camera. It's like, well, then it's a little trickier. So be careful what you download. What else do we have? Yeah.

Well, you know, I was going to say a lot of people are traveling these days and when you're traveling, you tend to use a lot more tolls is a big thing with EasyPass. People are texting you saying you're in violation. And you need to fix these tolls really quickly. So be careful. Go into your E-ZPass app. Don't click on a link. Most of the time, most people are not going to text you with, oh, you have an issue. You know, if you haven't gotten an E-ZPass violation text before, you're probably never going to get one in your life unless they enhance it.

So if you, if you've been on vacation in Europe and easy pass tells you, you just got an old violation. If there's someone stolen your car, it's a scam. But you know, there's another thing you can do too, because one of the reasons they do stuff like that, you know, one of the reasons they do stuff like that is they probably don't know you have easy pass, but they figure. New York, New Jersey, probably on East coast, virtually everyone does. Yeah. Pray and spray. They're just hitting everyone. And at the holidays, those get particularly effective because with the package delivery stuff, because everyone's getting packages from Amazon or many other places. And so that's it. They just send it to everyone. And you know, you've got to make sure you've got to really look at it and say, is this what I really ordered? Go to the Amazon website. And please tell your friends and your family, the same thing, especially if, you know, someone like an, like an older person says, uh, you know, Oh, I got this thing from Amazon. I'm going to ask you, is this real? You know, something about, you know, security or it, whatever, tell them, say, look, look, look into it. You know, don't, don't accept all that, all that stuff. Um, because, because people just will do it very naturally. And, you know, unfortunately a lot of people. Even if they haven't seen something like that before, they'll say, oh, this great new service, this is wonderful technology and go for it. They're not even thinking about whether it's real or not. So, you know, try to help people. We try to be helpful. Right, Adam? And encourage others to do the same thing.

So let's talk about sexploitation. I have a funny feeling that the people that send out the sexploitation emails, and I'll explain what that is in a minute, they need some money to pay for some of their family's gifts. So you're going to see a probably a rise of those again. Sexploitation for those people don't know it is they send you an email saying hey If you know this this email most likely this is how it's structured. It's coming from your own account I've hacked your account and I have access to your camera and your microphone You've been very naughty lately You've been doing things. You shouldn't have been unless you want your family and your friends to see the pictures of you Taking care of yourself you better send Bitcoin to this address. You have 24 hours to do it or naughty, naughty. I'm sending your emails to all your family.

Yeah. And it's fake. You know, we don't like to say always old stuff, but with these things, you know, 99.999 time. Hey, And, and I'll give you a little tip with that. I mean, you know, people ask me all the time, is this really look professionally? And, and I used to joke around and say, well, what have you been looking at? You got anything to worry about? People don't react to that well. And it's probably not very helpful being a wise guy like that. I think it is much better.

A lot of people probably do do it.

So well, that's it. A lot of people do that. That's why it why it works. So even if people are doing something naughty, it's virtually certain, virtually certain that it's not legit. And tell them, say, I mean, don't say even if you look at it, something is bad, say this stuff. It's it's not really odds of it being real are.

Mind you, so what I do is I cover all my laptop my laptop cameras with a slide. It used to be that you had the sticker. I don't like the stickers, but I put it on top and, um, unless I'm using the camera, I cover it up. You know, that gives you a little bit more, not perfect confidence that, um, if somebody should compromise your computer for some strange reason, um, and keep in mind people that are compromising you, it's either spray and pray or you're being targeted. And if, if, if, if, Targeting is another whole world. We're not gonna even go into that but springing prey you have to basically run an execution executionable or executable Program and you have to give a permission and you have to run it. I'm not saying it's impossible certainly possible to do but You know Cover your cameras. You never know though. I I'm hearing now this they call them good loaders and The good loaders now is you go to the wrong website by mistake. I think you're talking about Australian cats or something people are typing Looking for Australian something something something and they go into this Like website and this good loader is able to actually run and take passwords off your machine now That I saw that yesterday. So be careful the websites you go to also. It's a good look at it

Does that have anything to do with covering your camera or did you just move on?

I moved on. I, you know how I am.

I'm a little stream of consciousness.

Yeah. It's kind of like a lateral movement from one malware to another malware. I apologize. This is just who I am sometimes.

There you go. That's right. It's like a lateral movement of hackers or what we use to call being scatterbrained.

Well, it's most likely the second over the first.

I just have so much knowledge he wants to share.

You want to get a lot at once. So much empty knowledge, but what I'm getting at is just be careful. Be careful. Go to the trusted websites. And this is why we talk about, what did we talk about? Like, you know, zero, we talk about having zero trust. You know, like if we block everything and only allow what's right, people won't be doing this, but you're not going to have zero trust in your own machines. Too much to manage.

Well, well, look, zero, zero trust. We've talked about it a little bit before. It is kind of a technique or an approach. People, people differ on what it means, but it basically means you don't inherently trust something just because something shows up on the network, whether it, when it's a, when it's a person and they're coming from some, somewhere, or this seems like they're using a particular machine, you don't immediately assume they are where they, where they say they are. And, and you know what, that's a very good thing.

to do in your in your life and encourage other people that now we're not saying don't trust it you have to trust people but make sure that the person you're trusting or the entity you're trusting is who you think it is that's what it's about and it's the same thing with websites we we all only probably go to maybe a hundred i'm making this up but a hundred websites a hundred things in our life we don't really go more than that so if you're trusting only those hundred things uh and then you block everything else You know, you're not blocking, you're allowing only 100 websites and everything else is basically blocked because you're not allowing it. Then you won't get in trouble, but too much work.

Yeah, but that's that's hard. And you know, it's 100% hard. And you know, what's funny, too, is, you know, when somebody. No, the thing when it, even when you're doing stuff like that, you've got the permissions off or the mic permissions off when it pops up and it's like, Oh, do you want to do this? People say yes, a lot without checking. So we try to encourage people to don't just click it. Get first. Yeah. I'll make sure it really is who you think it is to the best of your ability.

So let's talk about gift cards now.

Yes, the gift card, the gift card scam is always a classic and a popular one.

So I'm going to role play here. Let's let's pick somebody. Hey, Jason, do me a favor. This is Adam. I know you're involved in the whole recruitment business to help us get more followers. We're looking to give out five gift cards at $50 each. I need you to go to CVS. I'll pay you when I see you. Go to CVS, pick up five gift cards for $50 each, scratch them off, take pictures of it, so I can send it out to the people that won the contest.

That's right. And then I can be the recipient of it and say, hmm, this guy wants a bunch of money, and he's a friend of mine. And you know what? I snubbed him and didn't invite him to the holiday party. So I'm feeling guilty. So I'm going to send him the gift cards.

You had a holiday party?

But seriously, what they will prey on is things like friendship, but we've talked about it before also. They'll also prey on, you know, fear, like if it's your child or a parent or something. And that's something you really got to talk with your whole family about now is the scam thing that, you know, you know, we talk with Jen Gold too about having a code word. to make sure you know, it's really them. But so that applies to the gift card scam, and a lot of other things. And one of the twists on the holiday gift card scam is always gone. But you know, during the holidays, people send more gift cards. So you may, you may see more stuff. And also there's a gift card charity scam that I heard about when someone says, Oh, buy a gift card for charity, the charity, this is what they do. This, this is how we want you to donate to us. I'm, I'm not aware I'm not an expert, but I'm not aware that most charities ask for gift card donations to Amazon or Red Lobster or something or wherever the hell it is.

How about the one where a woman goes into a store, an older woman, more of a senior, she was told that her electricity is being turned off and if she doesn't get, if she doesn't pay for her electricity, which is I say $252, she's going to have electricity turned off. She walks into a store. I need X amount of dollars in gift cards. And then the people behind the counter say, don't do this. It's a scam. No, no, no. I don't want to lose my electricity. The store owner sells the gift cards to the person, calls the police. The police show up, a police officer shows up, says to the woman, give me that phone. He goes like, this is Sergeant blah, blah, blah. Who are you? Oh, no, no. She has electricity to be turned off. He ends up saving her from giving the gift cards to the person. But if somebody's asking you to pay for something in a form of gift cards, it's probably not good. That's right.

You know, the thing that's really tough about the gift card thing and a lot of other scams is that they do prey on fear, you know, of like, we're going to turn off your electricity or you know, in a job, it's your boss and you're worried you're going to get fired if you don't send them this stuff to help them out. And, you know, during the holiday though, holidays, though, you know, it's especially tough, you know, on the, on the elderly and on people who, you know, they're going to prey on your, well, if your family may be very insecure, the economic times are a little tough and, you know, it's, it's really hard to protect against that. And, you know, probably one of the few ways is to just talk to them about it. just say, hey, you know, be on the lookout for this. Proactively careful. Yeah. Proactively before. So even if they start to fall for it, at least it's in their head. And then maybe if they do go to the store when the clerk says, you know, this is probably a scam, they're going to say, oh, maybe I heard this before from someone I trust. And this is and this is real. You know, it's it's really a nasty thing.

My wife gets a WhatsApp message. classic scam Her her cousin's husband says I need you to send money to my son in another country I'm unable to send the money from this country because they don't allow us classic scam. I said to my wife Ask that person to come on Whatsapp turn the camera on and And we all know there's also deepfakes, but we can kind of vet that out.

They're not so prevalent, especially for something spontaneous like that. Right now, it has to be well planned for them to use that kind of stuff.

So my wife has her cousin's husband get on WhatsApp. I think it's like four in the morning where they are. And he gets on and goes, yeah, it's really me. I really need you to send the money. Western Union does not allow us to send money from this country to this country. It was legitimate.

So it wasn't a scam, it was real.

But it seemed like so much it was a scam. But the point here, the moral of the story is, just vet the person. It takes only a couple of minutes sometimes, not all the time. Go on WhatsApp, go on camera, call the person the number you know. If it's originating from the number you know, just because it originates from the number you know, doesn't mean it's not a scam. That means somebody could have taken over that account. But have them go on WhatsApp, have them go on video. have them answer a question like, where did we go in the summer of 2000 and where did we go in the summer of 1968? That's when I was about 50 years old. But if you can ask a question and get an answer that you think only that person knows, then you've vetted the person.

Right. And also see if it makes sense. I mean, that's a really good thing there, because, you know, if if I got that, you know, Ninety-nine percent of my family is in New Jersey. We're so, you know, we're so worldly. It's like, you know, if my cousin calls me or something and says, oh, I'm in some country that they don't accept Western Union from, I'd be really sad, like, what are you doing there?

But like, and that's the other scam, right?

Yeah, but it's real for you, but it wouldn't be real for me.

No, I know. But like, here's the other scam, right? All these scams come up during the holidays, even though they're not holiday scams. You know, Joe Jr. got into a car accident and he's being held by the police and he needs $500 for bail. Go buy 10 gift cards at $50 and send it to this location.

I'll tell you what I like. I do like the, and I think we've talked about this before. Maybe I did a short on it, but I like the, uh, the tap to pay stuff. Um, I love using my phone and not having to take out my wallet and it is really secure, uh, more so than, you know, the old slide things. Skimmer doesn't work. And I think even if you tap. Um, whatever, if the card's got the chip, which I think most do now, that's really helpful. Yeah. It had some cryptography and stuff, but I, I love the phone. I especially love the phone. Well, it's not a holiday thing, but I especially love the phone now on the subway. And I think every agency has it now where you're not, you probably got your phone out and you're looking at it anyway, where you just tap the thing. You don't have to take out your wallet or get your car or do anything like that.

Somebody said, Oh yeah. Tap the pain so we can steal your information. Okay. Look, you can steal your information so many ways. You can scam and take people's information so many ways. You have to do what's comfortable for you. I also realized if you have tap to pay and your phone is stolen from you by force and your phone is unlocked, they can do whatever they want to do. I get it. I've heard all the counter arguments to why they do this and why not to do this. Look, all you have to do is do the best you can. to have situational awareness. Keep your phone locked when you can, force it to lock almost within a minute or two. If somebody steals your phone, you're still alive, hopefully, right? So you gotta weigh the good and the bad.

It's all about risk and making decisions. But the thing is now, a lot of the newer methods and things, like how to pay, like the phones and everything, It really is just as easy or easier than the traditional methods. And, you know, I encourage people to use it. I use it myself. And, you know, I try to encourage my family too. It's like, I know you got to set it up and I know it may seem a little daunting and real, but once you get it set up, it's so easy, you know, really is really as easier.

And, you know, the top to pay is also good. And I know, I know this is going to be an argument too. And someone's going to ask me for the 30 seconds of their life back. But, um, you can use tap to pay for your kids. If your kid, cause the kids carry their phone all the time, God forbid they need money for food. Assuming that you can afford it, right? Like you give your kids access tap to pay. You can watch what they're buying and you can also see, you know, and if they need something, a sense of urgency, they can do it. Hopefully they'll, they'll, they'll practice, you know, uh, good health and hygiene with the phone and hopefully, They won't do anything nefarious because most kids really won't. If you train, if you teach them right, or say train them, train them is horrible. Teach them right. Tap the beat is good.

there is a certain amount of like, you know, you need to teach your kids, but you also need to train them. If you give them something, you should be training them to, to use it correctly. I mean, you know, we, we talk a lot about, you know, we often focus, or I say about the family, like half of the elderly, but your kids too, you know, these kids, they're tech savvy and that they're, you know, digital natives or whatever they call it, you know, they're used to these phones, they're used to all these things working. But one of the things that surprised me is that, you know, when, when Adam and I were, were kids, If you had all these gadgets and everything, you're usually pretty tech savvy and you knew how they worked and you knew something about them. I know my kids know nothing about technology. They have phones, they use them, they do all this stuff, they play video games and all, but they do not know how it works, which means they also don't know about a lot of these scams. So, you know, if you're going to give them this gear, and especially if you're going to give them payments, I mean, I just had to sign my daughter up for something. And I said, look, you need to be careful with this. You don't just give it to anyone. You only give it to reputable places. You know, you call me if you're not sure. You got to tell your kids about that stuff, you know.

Well, I'll tell you an example, right? About two, three years ago, my wife went to go buy flowers for somebody and they did it by mistake because they recognized it. Instead of typing $55.51, I typed $555.51. They realized it, they canceled it, but it takes 24 hours sometimes for it to come off too. And that's the other thing. I personally recommend do not use debit cards most of the time. Use your credit cards and then pay your credit card as soon as you can within 24 hours because this way you have one, you have insurance over, God forbid, that the payment that you made is wrong or the product that you got or service is wrong and you can dispute it. I also realize, counter to that, people like using debit cards sometimes. in cash because debit in cash a lot of times people will not charge you extra fees. Let's leave it at that. Yeah. Um, but you know, you gotta pick what you gotta, you gotta pick your poison. Do you want to not incur the extra fees for using your debit card? Cause some people won't charge you for the debit or, or cash, or do you want to protect yourself and use the credit card? If you use a debit card and somebody, puts the wrong amount in, that money comes out of your account and then you got to fight it. So if you're paying mortgage, if by mistake it was supposed to charge you 500 and they charge you 50,000 and somehow or another that went through, which I don't have 50,000 in my account by the way, um, you know, you lost that money until you get it back. You have to dispute it. So you're going to have to bounce a lot of things for a while.

Yeah. I mean, I've never been a fan of debit cards and I, I am one of those people who doesn't like to pay credit card fees, but I do use the debit functionality with these things, but very, very sparingly and only with places that I really know and that are really, you know, trustworthy, you know, so be very careful when using it, please.

And I'm not looking to get into Europe versus America. A lot of places in Europe, they'll bring the credit card machine to you. They swipe it right in front of you and you pay it right there. In America, they take your card to the back room or to the register. They have possession of your card. I've also been in places even recently where my card disappeared by mistake because they dropped it and then they had to go look for it and find it. So like, oh, they put it into the folding thing where you had the receipt and you sign it. I'm like, where's my card? Oh, it was there. No, it's not there.

I only tend to use my card in bars. For some reason, it seems to be a problem there.

That happened to you. I recall, remember. But the point I'm making is if your debit card disappears, your money disappears. If your credit card disappears, yeah, it's a little different now. The money's got taken out of the account. It's being added to your amount of credit you owe. And they both suck, but I'd rather have the cash still in my account and dispute the credit charged in my account.

Yeah. The other thing too, though, Adam, is believe it or not, I know I A couple of years ago, first post-COVID trip to Europe, I was stunned and pleased to see how much they were using the little machine that comes to you. I'm seeing that more and more here in the U.S. Even small shops, I guess they're starting to do that and restaurants and things. I think that's getting better and I would encourage you to have a choice. The place either uses it or they don't, but that's a good thing.

Well, I went to a farmer's market in Ithaca New York my kid goes to school in Ithaca and a farmer's market keep in mind There's nothing there. There's really no electricity. There's really no anything no internet no infrastructure So what a lot of people are doing these days is they use their phone and they use the square Or other types of devices to ring up your stuff right there and then so there's an advantage to doing that but the problem is The problem for restaurants is it's not really per se networked with their point of sale. However, your phone is your whole entire cash register right there. So these days, a lot of independent people, when they're doing services, they go right to their phone, right to the square, tap to go, and boom, you're paying the person there.

Adam, I hate to tell you, but that's really not new. People would sell phones in a little shop. No, I know that.

I've had a square for years. It's more prevalent now than it was before because I'm seeing it more and more now that people are originally people like, oh, let me send you an invoice. But now people are literally like, I've seen it. I haven't seen it as much in the past as I see it now. People are literally doing this more and more now because all these apps are out there, which is one of the reasons why we spoke about doing our store online, right? The PayPal's of the world. Now they accept other people's, um, debit and credit, uh, like, uh, like the sales and everything else. So what I'm saying is once we set up a store, we can go to a place and start selling our clothes right there and go right through PayPal.

Adam, that's well done. That is such a subtle reminder. Plug in the merch again. We're getting good at this.

Yeah. Well, if we were getting good at this, we would have 55,000 followers and 20 of our episodes backed. But as a matter of fact, I just saw a message from one of our friends, Joe. And I asked, I said, do you want to do you want to handle or do you want to have a sponsoring episode? And he said, potentially.

So I got to take potentially that's something that's movement. But, you know, so so you're texting while we're recording the show.

No, I saw a pop up on my screen while you saw a pop up.

Of course, we're fully focused on on what we're doing.

Hey, I'm trying to move stuff, moving and shaking here.

Move that, move that merchandise. I'll tell you another thing to watch out for over the holidays with your family. That's not a scam, but it's kind of a funny story. You know, subscriptions, you know, very often you sign up for a subscription at the holidays and you think it's nice and you know, it's always auto renew. They don't, you know, Have someone come and knock on your door at renewal time and say, Hey, do you really want to renew it? You know, they make it as subtle as possible. Um, and, and can use what's called dark patterns. And that's when it's like really hard to. unsubscribe or you got to like pull over or do something ridiculous to go. You got to watch out for that. Um, but also watch out for prank things for your, for your family. I'm going to tell you something funny happened with my dad a couple of years ago when Spotify came out, you know, got it, loved it. And we're not, not plugging Spotify because we're on Spotify, we're on everything else too. I get the Spotify thing. And then I realized I'm like, oh, it has virtually everything. And I'm like, oh, my dad, he's like all this old stuff, like big bands and all these things. I said, he'd probably like Spotify. So I get him a Spotify account, you know, not realizing at the time, probably not very intelligently that I was going to be paying for it for the rest of my life, because it ends up, he loves it. He says all the time, this is the best Christmas gift I ever got. And it's the gift that keeps on giving.

It's a bill that keeps on billing.

It's the bill that keeps up But it's for my dad doesn't matter.

It's fine. Well, that's watch out for that stuff It should tell you dad. Guess what? Guess what?

I got you for Christmas a Spotify subscription again Actually, you know what I should remind them every year like put a little card or something like it I'll get some get some points for that. Yeah, that'd be funny All right. Well Adam, I think we're kind of getting to last call or at least I My official security cocktail hour coffee mug is empty.

Well, my yeah, my official security cocktail hour cup is empty. But speaking of security cocktail cups, get yours at a local retailer near you or reach out to us at what email address, Joe?

You can reach us at feedback at security cocktail hour.com. You can, you can DM us on Twitter. We're secure till hour. Um, we haven't posted to Twitter, but you can reach us through that. We're also, you can get us on Instagram, post to Instagram or on LinkedIn, even on a website, go to the chat.

That's right.

We have a chat on the website. Um, so we are easy. Fine. And we'll be happy to send you whatever you like.

Yeah, you should buy a dozen of these, give them out to all your friends and help sponsor our podcast.

OK, so besides the shameless plugs, any other final thoughts?

Yeah. By the way, we have a secured home kit.

Don't overdo it. We've already overdone it.

Yes. Just be careful. Maintain situational awareness. Don't let people get near you because, you know, people will try to pickpocket you and take your card and take your access. And that's really it. Have a safe and joyful holidays.

All right. Just be careful. Enjoy the holidays. Enjoy it with your family and try to encourage your family to do the same. All right, Adam. This is always fun.

Yeah. Hold on a second. Let me go close my window. It's really cold out.

That's right. I'm going to go out and shovel some snow. Yeah, there we go.

Me too.

All right. Take it easy, everyone. Happy holidays.