Smashing Security podcast #074: Smashing Security isn’t bullsh*t

Industry veterans, chatting about computer security and online privacy.

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 / grahamcluley

Smashing Security #074: Smashing Security isn't bullsh*t

Crime forums on Facebook, fraudsters pose as anti-fraud hotlines, and how big advertising companies are in bed with the rampant data collection of internet giants.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest B J Mendelson, author of “Social media is bullsh*t.”

Show notes:

Please check out the show notes for this episode of the podcast on the Smashing Security webpage.

0:00
0:00 0:00
0:00
Show full transcript
TranscriptThis transcript was generated automatically, probably contains mistakes, and has not been manually verified.
GRAHAM CLULEY
You say he's a powerful guy, but Brian Krebs doesn't have 702,048 followers on Twitter, Carole, like some people do.
BJ MENDELSON
That's true, and I can tell you though—
CAROLE THERIAULT
You're just jealous, Graham, it's disgusting.
Unknown
Totally, totally. Smashing Security, Episode 74: Smashing Security Isn't Bullshit, with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to another episode of Smashing Security, episode 74. My name is Graham Cluley.
CAROLE THERIAULT
I am Carole Theriault.
GRAHAM CLULEY
And we're joined today by a special guest, new to the show, BJ Mendelson. BJ, you're the author of Social Media is Bullshit and a new book entitled Privacy and How to Get It Back.

Welcome to the show.
BJ MENDELSON
Well, thanks so much for having me. You know, I'm really happy that that second book title does not have a swear word in it.
CAROLE THERIAULT
I was just thinking, do we have to censor the name of this book?
GRAHAM CLULEY
Yes, we will.
CAROLE THERIAULT
It's going to be Social Media is Beep.
GRAHAM CLULEY
Bull. I think bull is all right, isn't it?
BJ MENDELSON
That's how Amazon abbreviated it. If you go to search for it within Amazon, it'll only go to bull and then stop.
GRAHAM CLULEY
Oh really? Now, BJ, I'm fascinated by your first book, Social Media Is Bullshit, came out. So you're obviously not a big fan of social media, right?
BJ MENDELSON
That's putting it mildly.
GRAHAM CLULEY
So explain to me how somebody who thinks social media is bullshit— I'm going to be putting in that bleep sound a lot. Has 702,048 followers on Twitter that you nurture.
BJ MENDELSON
So I've been on Twitter for about a decade now. I did my best for about 5 years to troll as many of those followers as I could and get rid of them.

I succeeded in doing about 300,000. But where those people came from, Twitter— this is a little bit of a history lesson for Twitter.

When they first launched, they used to have a little sidebar on the right back when it was just marketing people talking about how great Twitter was.

They would suggest other accounts to follow. And I was very early on there writing jokes as a comedian.

So it was me and then the guy from Marvel, Agent M, and then a few other people that were on the sidebar being featured.

And then during the depression, which I don't call it a recession, I call it the depression here in the States, because that's what it was.

During the States when I was working as a mall Santa, I got really desperate to find a job.

And so I applied to Twitter to be their secretary because I don't know a thing about coding or anything else. So I said to them, hey, you know, I'm a breast cancer advocate.

I'm doing this thing on the side where we're raising money for different nonprofits. Could you promote my account the same way you used to?

I didn't hear anything from them for about two months. And then all of a sudden, they roll out this suggested user list.

And so it was 30 celebrities, and then you would scroll down the list, and then there was my ugly face at the very... And then here's the best part. You had to bulk follow everybody.

And so no matter what you did when you signed up for Twitter, you would follow Bill Cosby back when he was a comedian, not a monster.

You would have Bill Cosby and all these comedians and celebrities that you would be following me. So that's, you know, I was almost up to a million followers at one point.
CAROLE THERIAULT
Did it go to your head?
GRAHAM CLULEY
No.
BJ MENDELSON
You know, and that's sort of where the book came from is because I realized real fast it didn't matter.
CAROLE THERIAULT
They weren't going to go to your funeral if something—
BJ MENDELSON
Exactly. Well, they wouldn't meet me at the Dunkin' Donuts.
CAROLE THERIAULT
They wouldn't even meet you for a donut.
GRAHAM CLULEY
We'll all go to Bill Cosby's funeral. That's what he's hanging on for. Don't worry, Bill, we'll be there.
BJ MENDELSON
Well, let me tell you, so the best part was, so my ex-wife and I— and this is why she's my ex-wife— we decided to do this nationwide breast cancer outreach tour, and we had the bright idea of doing it entirely through Twitter.

So we would go to different places and be like, hey, if you're on Twitter, come and meet us at Washington, D.C.

and come to the Dunkin' Donuts or come meet us at the Sheraton in Raleigh, North Carolina. And so no one showed up. And this is with a million followers.

And so I said, all right, maybe, maybe they're shy. Maybe they're like me and they're just, you know, antisocial atheists like I am.

And so, right, lazy antisocial atheists, which is the title of my next book. And so I was like, all right, let's do a fundraiser for a nonprofit.

I'm going to ask all 1 million of you or whatever it was at the time to donate $1.

And if you could do that, then this will be, you know, even a fraction of you do that, this will be a big success. And can you guess how much money we actually raised?
CAROLE THERIAULT
I'm going to guess. I'm going to say 1,500 quid, 1,500 bucks.
BJ MENDELSON
Lower. No. Yeah, it was $1 and it was donated by my ex-wife. And so after that, I was kind of like, okay, either I'm doing something wrong or it just—
CAROLE THERIAULT
They're all bots, right?
BJ MENDELSON
Or it's bots, or it doesn't work the way it's been advertised. And so I started to do the research and that's where Social Media Is Bullshit came from.
GRAHAM CLULEY
How fascinating. But you must have been able to use this platform to support the other things you do. You said that, you know, you're a comedian and you're a comic book writer.
BJ MENDELSON
Yes. But the funny thing is the answer is no. So what I'm finding is I have a very small, I have a cult following is what I, how I describe it.

Social Media Is Bullshit is a cult classic around the world. You know, it was printed in Russian and Polish and Spanish and all over the place.

And so what I found though is that no matter what I do, if it's a comic book or talking about the book, I have the same thousand or so people that will show up and interact with me.

And then occasionally there's a couple of drive-bys that don't involve bullets, I'm pleased to say. But that's it.

My audience is mostly people that read about me or listen to podcasts. It's not people that follow me on social. On social, it's just that core group that I've had since 2008.
GRAHAM CLULEY
Hey, yeah, I mean, you've got 2,508 followers on Instagram. That's 2,508 more than I have.
BJ MENDELSON
Well, they're probably all bots.
GRAHAM CLULEY
They're probably all under the control of Vladimir Putin, aren't they?
BJ MENDELSON
Well, either that or they're from Bangalore.

And I can tell you for a fact because I hate the term growth hacking, but I ghostwrote a book for a tech company CEO and it was about growth hacking and all the funky bullshit that companies like Airbnb and Facebook actually did to grow and not what they were telling people.

And so we went and we were working with bot farms and all that.

So I have no doubt that most of those Instagram followers are probably based out of Bangalore and were part of that project.

Thanks to MetaCompliance for supporting this episode of Smashing Security.

People are the key to minimizing your cybersecurity risk posture, and MetaCompliance makes this easier by providing a single platform for phishing, cybersecurity training, policy, privacy, and incident management.

Listeners can get a 10% discount off the high-quality cybersecurity e-learning catalog by quoting the code SMASHING. Just visit www.metacompliance.com. That's www.metacompliance.com.

And welcome back.

Now, as you know, and you're probably aware of this, some big companies are now doing their utmost to scare the willies out of us, aren't they, about the dark web and the personal information that has been exchanged about us and shared between criminals on the computer underground.

And there seems to be a lot more awareness of the dark web right now, and it seems that more and more companies are using the phrase the dark web to get you interested in things.

I saw an ad from Experian, for instance, recently, which featured none other a cybersecurity celebrity than Rudy Giuliani. And let's take a look at it right now.
BJ MENDELSON
With constant cybersecurity threats, Americans need to take responsibility and protect themselves from identity theft.
CAROLE THERIAULT
That's why Experian monitors the dark web globally and alerts you.
GRAHAM CLULEY
The thing I love about this video is, do you see how he's looking at his smartphone? That look he has as he looks down at his mobile, that sort of old man look of—
CAROLE THERIAULT
I can't see my screen really. I'm pretending I'm looking at it.
GRAHAM CLULEY
It's like I'm peering at this thing and I have to hold it this far away.
BJ MENDELSON
Now, every American needs protection from the dark web. Protect yourself and your family.
CAROLE THERIAULT
So this is Rudy Giuliani of New York fame.
BJ MENDELSON
Alleged America's mayor.
CAROLE THERIAULT
Friend of Donald Trump.
BJ MENDELSON
Yes.
GRAHAM CLULEY
Who runs a computer security firm that no one's quite sure what they do.
BJ MENDELSON
Is that true for most security firms, that no one really knows what half of them do?
GRAHAM CLULEY
Yeah, but at least most of the computer security firms claim what they're doing on their web pages, whereas this one keeps it a bit quiet.

Maybe that's the definition of proper security. We're not going to tell you what we do, for God's sake. Just give us your cash.
BJ MENDELSON
It works well in the States.
GRAHAM CLULEY
Videos like this are very good about worrying people about the dark web and thinking, oh, you should do a dark web scan for your information.

But sometimes this exchange of your personal information is being done in broad daylight on places like Facebook. And maybe sometimes it's been going on for years and years.

Facebook has just deleted over 100 private discussion groups which were helping identity fraud and cybercriminals share information and get involved in these various crimes.

And it's been going on for years uncontroversially, completely cool in the open.
CAROLE THERIAULT
So Facebook were aware of these discussion groups and chose to turn a blind eye. And now because of all the pressure, they've gotten rid of them?
GRAHAM CLULEY
Not quite. No.

What happened was this: cybersecurity hero Brian Krebs, who we all know, of course, he spent a couple of hours last week using a highly sophisticated technique called searching to find these groups on Facebook.

So he was sort of putting credit cards, you know, carding, spamming, botnet help desk, DDoS.
CAROLE THERIAULT
Legit terms that anyone of us would apply to cybersecurity and cybercrime.
GRAHAM CLULEY
Lo and behold, he found hundreds of these groups. In fact, he found groups which contain more than in total 300,000 members.

And they were just openly advertising what they were doing. You know, they weren't claiming to be the Black Hand Gang or something like that.

They weren't being all sort of, "Ooh-hoo," you know, a bit mysterious about things. It was right there.

And you could apply to join these groups, and then you could begin exchanging your credit card details, or rather the ones that you'd stolen from other people, with other criminals.
BJ MENDELSON
Any story involving Facebook where they say they don't know, it just frustrates me because I know for a fact that they do know, and they've just succeeded over the years of just pretending that this stuff is magic and, oh wow, well, I didn't know that was happening.

It's a lot like, do you remember this story with the Fappening over on Reddit?
GRAHAM CLULEY
Yes.
BJ MENDELSON
Yeah, where the pictures were there for over a week, and then finally Reddit turned around, went, oh, this is happening in our backyard, we'll get rid of it right away.

Yeah, yeah, they do, because they had most of their traffic for the past two weeks was coming from people looking at those pictures, right?
GRAHAM CLULEY
Because they were nude female celebrity photos, weren't they, which had been stolen by hackers and placed up on Reddit and many other sites.

And they were on all the social networks, I'm sure people were posting them up there, but they were claiming ignorance.

The thing is, even though Facebook's community standards don't allow the sale of illegal goods or services such as credit card data used by online fraudsters, right, waits for users to report the activity.

And the criminals who participate in this group are unlikely to report the group which they are profiting from.

So all it takes is someone like Krebs just to spend a couple of hours noodling around on Facebook, and he finds so much evidence of this, some of which had been going on for, you know, well, up to 9 years these groups had existed and nothing had happened.

It's only when you report these groups that Facebook's team then, you know, sort of races into action. To review them and consider what it should do and hopefully locks them down.

Now they have shut them down in this particular case, but far too often Facebook doesn't really seem to be policing itself. It's leaving it up to you.
CAROLE THERIAULT
Pretty hard to police though. It's pretty ginormous and I'm not defending them, but you know. Whoa, hang on a minute. I mean, they're kind of hiding things. No, no, no, no, no, no.

Facebook had— I kind of understand the cybercriminal's point of view on this. Pretty smart, right? I mean, there's millions and millions and millions of people on there.

Let's just hide in plain sight. Let's just call our group Cybercriminals Unite.
GRAHAM CLULEY
Facebook has the resources to build a facial recognition database to analyze every image which has been uploaded and compare it to facial templates which it's collected of all these other Facebook users, and then auto-suggest, oh, that could be a photograph of your Auntie Marge.

It doesn't have any problem with that.

What is so difficult about them writing a routine looking maybe for common phrases being used by criminals online and then tipping off their team to say, maybe you want to have a look at these groups.

9 years gone. On average, around about 2 years these groups had existed.
BJ MENDELSON
Yeah, one of the things that frustrates me is— so I've worked with a lot of startups, including companies in the Valley, and people who have worked at Facebook.

The basic answer is they don't want to spend the money. Yeah, and that's what I mean. I hate to sound like that, but that's what it comes down to.

I've always had this discussion of, well, why don't you just hire more moderators?

And you always see the same expression across Silicon Valley where they furrow their brow and then they say, well, humans don't scale.
CAROLE THERIAULT
Yeah.
BJ MENDELSON
Yeah. So we don't want to pay for it, basically. And so whenever I see stories like this, I mean, it's true.

It's easy to hide in plain sight because no one is sitting there monitoring this stuff. But the other side to it is that it's just not a priority for them.

As long as it's not a priority, they're just not. This has been going on for years.

You could buy fake traffic on eBay right now, and I can tell you for a fact that eBay knows that you can purchase fake traffic, and they've only gone and scrubbed that stuff when reporters ask about it.

Otherwise, they just don't want to spend the time or resources to take it down.
CAROLE THERIAULT
And hey, if these people are on the platform and using it every day, it bumps up numbers, particularly if it's hundreds of thousands, right? So everyone's back gets scratched.
BJ MENDELSON
That's right.
CAROLE THERIAULT
Right.
GRAHAM CLULEY
Chances are that Krebs has only just sort of chipped away at the top of the iceberg here. He only spent a couple of hours looking. He limited himself to English-speaking groups.

He didn't count groups which had less than 25 members.
CAROLE THERIAULT
But what a powerful guy, right?

The fact that he can go spend a few hours looking at this, drop an email, and the sites are scrubbed completely, and probably what happened in less than 3 days.
GRAHAM CLULEY
You say he's a powerful guy, but Brian Krebs doesn't have 702,048 followers on Twitter, Carole, like some people do.
BJ MENDELSON
I know that's true. And I can tell you though, here's a fun game.
CAROLE THERIAULT
You're just jealous, Graham. It's disgusting.
GRAHAM CLULEY
Totally. Totally.
BJ MENDELSON
Well, here's a fun game that everyone at home can play. If you find, so, I mentioned eBay and so I'm going to use them as an example.

If you find a page on any of these platforms where something illicit is happening, it doesn't matter how many followers you have.

If you report it to them, if you say, hey, I'm a reporter and they see the keyword reporter or journalist, within an hour, I promise you they will go and scrub that entire page and that entire group because that's what happens.

I found at least 10 pages worth of people selling traffic from Russia over on eBay.

And I said, look, I'm friends with— or not my friends, but I was working with NBC at the time producing a segment. I said, can you comment on this?

And within an hour they went and wiped the entire thing. So it doesn't matter how many followers you have.

I mean, look, Brian Krebs is my personal hero when it comes to cybersecurity. But it doesn't matter.
CAROLE THERIAULT
Don't cry, Graham. Stop. Just wipe your tears.
BJ MENDELSON
Graham, you're a close second.
GRAHAM CLULEY
Just big deep breaths. I'm not Krebsy.
CAROLE THERIAULT
No, you're not.
BJ MENDELSON
It's only because I found Krebs first by accident. And so, he was my first and you were my second. Never forget.
GRAHAM CLULEY
Never forget.
BJ MENDELSON
This is true. This is very true.
GRAHAM CLULEY
So the moral from all this, I think, is that you don't need to resort to scanning the dark web to find out if your personal information has been disclosed out there and is in the hands of criminals.

You can just as easily find this stuff publicly online being shared.

So chances are your details are already up for grabs following large major-scale breaches like the ones which happened at Equifax not so long ago either.
CAROLE THERIAULT
Good old Equifax.
GRAHAM CLULEY
BJ, what's your— by the way, BJ, before we go on to your story, I have to ask.
CAROLE THERIAULT
Oh God, he's gonna ask about your name. I'm warning you.
BJ MENDELSON
That's okay.
CAROLE THERIAULT
Ask about the initials. You're sure?
BJ MENDELSON
That's all good.
GRAHAM CLULEY
Is it a euphemism for bubble jet printer? I'm just wondering.
BJ MENDELSON
I wish it was. The downside to being BJ is that when you go into a Starbucks and you tell them what your initials are, they laugh at you.
GRAHAM CLULEY
As if anyone would be that immature. What's wrong with bubble jet?
BJ MENDELSON
I don't get it.
CAROLE THERIAULT
Yeah, you know, we all had one back in the day.
GRAHAM CLULEY
What's your story for us this week? BJ Mendelson.
BJ MENDELSON
So I did something a little different. I wanted to show people where the money is and why we have to deal with what we have to deal with in the security world with our data.

And so a lot of people don't realize that WPP is one of the world's largest advertising agencies.

And between them, Google, Facebook, there's just this constant flow of billions of dollars going between them and their clients and these tech companies that's entirely fueled by your data.

And that's why, you know, when we read all these stories about why Facebook does what it does or why is Facebook creeping on you, not that Mark Zuckerberg would ever do such a thing, but it's because there's billions of dollars at stake.

And Facebook actually has employees embedded with WPP and vice versa. And so it's just this disgusting little orgy. Yes, that goes on. And so a lot of people don't understand that.

And so I thought I would bring up that as a topic this week because Martin Sorrell, who is in charge of WPP, is actually resigning.

And so what does that mean for WPP then if he resigns? Hopefully, well, so there's the good situation and the bad situation, right?

Like with anything in life, the bad situation is nothing. It's just, you know, the world keeps on spinning and our privacy keeps just dribbling away. Exactly right.

So that's the bad side. But the good side is that there's been a lot of smoke and hopefully some fire about WPP breaking up because the advertising industry is really an oligopoly.

It's, you know, there's not a lot of ad agencies. There's like three or four large companies that own every single ad agency around the world.
CAROLE THERIAULT
Yeah.
BJ MENDELSON
Sorrell was the one that kind of took this company that was— WPP was nothing. Like they were basically owning parking lots and grocery stores.

Like they were just this tiny little thing that just started to buy up all these ad agencies. And he figured out if he keeps buying ad agencies, he can become a billionaire.

And so that's really where he came from. Yeah, that was his plan.

And so the idea being if he steps away, they might break it up and that might be really good news for everybody because if you break up the ad companies and you don't have as many corporate MBA types making the decisions who are completely fascinated and mystified by digital metrics, as opposed to more traditional PR and advertising metrics.
CAROLE THERIAULT
I just was thinking, because I met one guy from WPP who was pretty high up in the chain, and he was coming to do a pitch for a company I worked for.

And he came in wearing this beautifully cut suit, but he was also wearing leather slip-on slippers, literally.

So he stepped out of his limo and walked in with his slippers and his suit and conducted the entire meeting that way.
BJ MENDELSON
That sounds about right. I mean, look, I've worked in the advertising industry or up until I retired, quote unquote.

And so having seen the inner workings, you know, they were not dealing with people that listen to this podcast because people that listen to this are beautiful and smart and intelligent.
CAROLE THERIAULT
And yes, they are.
BJ MENDELSON
Yes. And they're able, they're able to do so.
GRAHAM CLULEY
That's right.
BJ MENDELSON
Well, one of them. So, yeah, sorry. It's true. I revel in my ugliness.

So a lot of people don't understand that when you deal with data and when you have these discussions, it's because the people within these agencies don't know any better.

And so if Facebook and Google and Amazon comes to them and say, well, this data is worth a fortune, these metrics are the thing you should pay attention to, then that's the thing they pay attention to.
CAROLE THERIAULT
And so hopefully to scratch each other's back.
BJ MENDELSON
Exactly.
CAROLE THERIAULT
And we are the victims of it.
BJ MENDELSON
We are.
CAROLE THERIAULT
It's what's being sold and we're getting no piece of that pie.
BJ MENDELSON
No. And that's my whole thing is I think people should be paid for their data. I don't— yeah, that's not an original idea.

You know, Lawrence Lessig talked about that in 2000 and Jaron Lanier talked about that in 2011. So I'm just part of a long line of people that have suggested that.

But it's not a hard system to implement. I'm a little bit of a crypto pessimist, but I do think that there's space there that we could start compensating people.

And if WPP breaks up, then maybe that opens up the reins a bit for us to try that.
CAROLE THERIAULT
But I was going to ask, do you think that agencies aren't getting the returns they want?
BJ MENDELSON
Oh, they're not. They're totally not. I mean, so here's the crazy thing. I've sat with, I'm trying not to name names. I've sat in the room after a campaign ended and, yeah.

Oh, well, I can, we can spend the whole episode talking about that campaign.

And they sat there trying to fudge the numbers because they didn't get as many impressions as they thought. And they just sat there saying, you know, the client doesn't understand.

So we're just going to say they had a half million impressions as opposed to 2,000 impressions, because no one knows what the fucking impression is.

And so they were able to do that. And that's really what you're dealing with.

And that's why Facebook is worth as much as it is and Google is worth as much as it is and your data is worth as much as it is.

Because you're just dealing with idiots, for lack of a better description.
CAROLE THERIAULT
Because how many social media departments and marketing departments have targets on how many people view a page or get clicks or get likes or get influencers?
BJ MENDELSON
Right.
CAROLE THERIAULT
They're motivated to inflate their numbers, and that works very much into Facebook, Google's favor.
BJ MENDELSON
And if you believe that most of the traffic on the web and most of the traffic that comes through Facebook is fake or bot, for lack of a better description, then you have to wonder why am I paying all this money on Facebook advertising?
GRAHAM CLULEY
So we shouldn't just be angry at Facebook and then the privacy and security debacles which surround Facebook.

There are also these other companies which are enabling Facebook, and that includes both the big brands which advertise on Facebook, but also these advertising agencies, these marketing goliaths like WPP, who've been supporting them as well.

They've been getting money out of people, out of businesses, been pouring it ultimately into Facebook, who've turned themselves into a humongous company with perhaps not the fantastic results which those companies may have wished for, but marketing agencies have been pulling the wool over the bosses' eyes as to the success of campaigns.

And everyone's thinking, well, we've got to go digital, haven't we? We have to do it this way, even if the results aren't actually as impressive as they are sometimes portrayed.
CAROLE THERIAULT
I mean, there's a lot of good practical advice actually in BJ's book. I'm about halfway through BJ, so, but you've got a lot of really good stuff in there.

So I would recommend if anyone of our listeners want to kind of get a better handle on their privacy. I like actually the way you divided it.

You kind of said, look, you can do this by kind of campaigning in your state to try and increase laws to help prevent this stuff, or you can actually, if you don't like having more laws, you can also just employ better tools to help improve your privacy.

You give a good list in your book as well. It's a good read. I recommend it.
BJ MENDELSON
Well, thank you.
CAROLE THERIAULT
Unless the end goes really bad, in which case—
BJ MENDELSON
That is always possible. Spoiler alert, everybody dies at the end.
GRAHAM CLULEY
One of the things which concerns me is in the media, since Zuckerberg was appearing in front of the Senate, etc., a lot of people—
CAROLE THERIAULT
Nervously drinking water.
GRAHAM CLULEY
Well, that's it.
BJ MENDELSON
That's it.
GRAHAM CLULEY
A lot of people focused on his physical demeanor and haha, he's a bit like Data from Next Generation, you know, Star Trek. I didn't see that. Oh no, it's very He was.

It's very easy to repeat those things, but it's no, no, no, you're missing the point. Yes, of course you want to slap him.

Of course he's a bit weird, but there's something much, much more serious going on here.
CAROLE THERIAULT
And so this is Trump though, right? It's the same thing. You're getting swayed by the looks.
BJ MENDELSON
Well, I guess that the lack of hair flapping in the wind does do it for some people. And then the pasty orange. You're right.

And then, so I watched the hearing, and I, you know, I'm friends with a lot of journalists, and they were just piling on how he looks and how he acts and how dumb the senator seems, you know, because that was the other thing.
GRAHAM CLULEY
Yeah.
BJ MENDELSON
So this is what I've encountered with promoting my book. Nobody wants to talk about privacy because to them, people don't care or it's too hard.

And so it's easier for, at least from the American media perspective, to be hey, look at Mark Zuckerberg, he's a dork, haha, and tell that story, as opposed to, no, this is what's happening with your data.
CAROLE THERIAULT
Yeah, there was actually a really good piece on social and privacy problem on an NY Mag Select All. It was published, I think, on the weekend called Internet Apologizes.

And it's a really good piece. I'll put a link in the show notes. But it just talks about the people that built the internet and how they've realized they've created a monster.

So it's the people that have kind of exited, Tristan Harris and them.
BJ MENDELSON
Although, can I just add, I kind of have an issue with those people too.
CAROLE THERIAULT
Oh, tell me.
BJ MENDELSON
I do. Okay, so I know Tristan Harris, he was promoting a book and he was on 60 Minutes and there's a whole bunch of ex-Facebook and Google employees.

They're all, "Oh, look at all this evil stuff we've done." And I'm thinking, if it was that evil, why'd you do it?
CAROLE THERIAULT
You know, I don't know if they knew at the time, though.
BJ MENDELSON
I think they did, though. So, okay, here's my argument.

Having worked with these people and knowing that they believe that people don't scale and, you know, you're talking about 19, 20-year-olds that have billions of dollars being dangled over their head, they are incentivized to do evil to make that money.

They may not perceive it as them being evil, but the actions... Airbnb, they hired a notorious spammer as their CTO. They knew right from the start, that's how we're going to grow.

We're going to do this little Craigslist hack and we're going to spam people.

So to me, at least from my own experience and that's all I could speak to, the people that I've interacted with, they knew well what they were doing.

So I just don't buy the "Oh, look at how terrible this thing is."
CAROLE THERIAULT
Hey, if they're saying sorry, mea culpa, then we gotta listen. We gotta listen, right? You're not gonna— you're gonna be bitter old man if you carry on this way, BJ.
GRAHAM CLULEY
Jesus.
BJ MENDELSON
Well, I'm 35. I'm just about to turn 35, so I guess that's old, BJ.
CAROLE THERIAULT
You're definitely very old.
GRAHAM CLULEY
Stop kidding yourself.
BJ MENDELSON
You're old.
GRAHAM CLULEY
That's the end of it.
CAROLE THERIAULT
Hope you have a retirement plan.
GRAHAM CLULEY
Oh, I do.
BJ MENDELSON
Stage clown.
GRAHAM CLULEY
We'll have to leave that for another podcast. Carole, what's your story for us this week?
CAROLE THERIAULT
So I want to talk about Action Fraud. Now, Action Fraud is the UK National Reporting Centre for Fraud and Cybercrime.

So this is where you go if you've been scammed, defrauded, or experienced cybercrime, right?

This is similar to the USA's FBI Internet Crime Complaint Centre, IC3, or Canada's Anti-Fraud Centre.

So they're all basically nationally recognized trusted places where you report a cyber incident.
GRAHAM CLULEY
Yep.
CAROLE THERIAULT
So boys, imagine you guys get scammed, right? And you get scammed and you log a report with Action Fraud.

And a little while later, you receive a robocall that says, "Press 1 if you have made a report to Action Fraud." So what do you do?
GRAHAM CLULEY
So you're getting an automated phone call saying, "Press 1 if you've made a report." Yeah, I'll do it in the voice if you want.
BJ MENDELSON
Okay.
CAROLE THERIAULT
"Press 1 if you've made a report to Action Fraud."
GRAHAM CLULEY
Well, you have made a report to Action Fraud, so I imagine many people would press 1.
BJ MENDELSON
Yes.
CAROLE THERIAULT
Exactly.
GRAHAM CLULEY
Thinking, okay, they're getting back to me.
CAROLE THERIAULT
You're thinking you're getting a callback. That's how actually Apple support works, right? You log an online request and they call you back. It's brilliant.
GRAHAM CLULEY
Oh, right. Okay.
CAROLE THERIAULT
Now, if you hadn't reported a scam and you received this call, you'd probably just roll your eyes and hang up, right? And this is exactly what the scammers are hoping for.

Scammers are pretending to be Action Fraud. They are robocalling UK residents in the hopes of snagging an individual who has actually recently logged a complaint with Action Fraud.
GRAHAM CLULEY
That's a little ironic. So, so the fraudsters are pretending to be the people you report the fraud to?
CAROLE THERIAULT
Yes.
BJ MENDELSON
It's kind of genius.
CAROLE THERIAULT
And they're trying to catch that tiny, tiny little sliver number of people that said, yes, that's me. They're finally calling me back.
GRAHAM CLULEY
Okay, all right.
BJ MENDELSON
Yeah.
CAROLE THERIAULT
So when the call is answered, an automated voice says, "Press 1," and the responder presses 1. They are transferred to a fraudster, a live fraudster.

Some of the names that have been used according to Action Fraud are Officer John Thompson.
GRAHAM CLULEY
Oh, he sounds trustworthy.
CAROLE THERIAULT
I'm sorry, Officer John Thompson or David Jones because we're in the UK.

These are names that have already been used, and they introduce themselves and inform the victim that his or her computer has been hacked, which has led to their online bank account being compromised and funds being withdrawn.

I mean, this is a great way to encourage panic in a potential victim.
GRAHAM CLULEY
And fantastic social engineering, isn't it?

Because you absolutely reported some sort of shenanigans going on, maybe with your credit card or something online, and now it appears as though the authorities have contacted you, said, 'Thank you for your report.

We've investigated this. You've got a problem with your computer.' And yep.
CAROLE THERIAULT
Now, to gain trust, they will actually confirm some of your personal details. So that can happen. They may know your name, your address, your email address, that sort of thing.

And they may also try and gauge your knowledge with questions. So one of them was, "Is your broadband router displaying flashing lights?" Right?
GRAHAM CLULEY
And, "Oh, you see, there's criminal activity going on." Sorry, Carole, I'm going to have to interrupt you right now because I've just looked down at mine and mine is flashing.

So I think an attack could be happening.
CAROLE THERIAULT
Okay, so what I need you to do now, Graham, is I need you to give me remote access to your system so I can help fix the problem.
GRAHAM CLULEY
Okay, username admin, and password is— yeah, password is just password, so you should be able to get in on that.
CAROLE THERIAULT
Yeah, if you can give me your admin— exactly, that's what I need.

Okay, and then once I have— obviously, as the fraudster gets remote access to the machine, it's game over, right?

You can intercept login pages, install keyloggers, record passwords et cetera.

This is just one of many scams, and it serves to highlight the problem of scams and fraud, because there's a lot of it.

According to the Office of National Statistics in the UK, they've recorded more than 5 million incidents involving fraud and computer misuse between 2016 and 2017, and 65% of those were categorized as fraud.

So it's a big deal. It's happening a lot.
BJ MENDELSON
Yeah.
GRAHAM CLULEY
I mean, and those are the ones which are actually getting reported as well. Chances are that there's even more than this occurring.
CAROLE THERIAULT
Oh yeah, because you only report it once you're aware of it. If someone is smart enough just to take £5 out of someone's account on a monthly basis and just dribble out accounts.

People may not even notice that happening.
GRAHAM CLULEY
And I used to report these kind of things to Action Fraud, but ever since they rang me back and scammed me out of even more money, I'm kind of reluctant.
BJ MENDELSON
Oh man. I feel bad because you know that there's a lot of people out there that will fall victim to this and not report it because they don't want to look dumb.
CAROLE THERIAULT
Yeah.
BJ MENDELSON
Yeah.
CAROLE THERIAULT
It's like it happened to someone in my family. They had a problem with their Kindle. And so they did a search for, can I get some Kindle support?

And the first link was in one of the ads, but it was a criminal one, right?

So she called up and gave all access, gave all the passwords to her Kindle, and then basically got defrauded. So advice time.

Graham, I think we should have music for when we have our advice section, because we do it a lot. I might find some music for this recording. We'll see.

On the live show, you guys are enjoying it for the first time.

Even if a caller is able to provide you with details such as your name, don't give out any personal or financial information. Don't confirm that information.

Never grant remote access to your computer to anyone. Never go to the website they give you on these calls. Never install software as a result of the call.

And make a note of all the details of the call and report it to Action Fraud or your local national report centre, because every report matters. And that's it.
GRAHAM CLULEY
Isn't this a terrible thing, Carole?

I mean, your advice, although correct, it's just such a terrible indictment upon us because basically what you're saying is if someone phones you up, be very, very cynical.
CAROLE THERIAULT
Yeah, and be suspicious and don't believe anything they say.
BJ MENDELSON
Right.
GRAHAM CLULEY
And you know, what kind of world is that for us all to live in?

You know, because what will have happened is these scammers will already have got some of your details, maybe your phone number, your name, maybe even some digits from your credit card from some other scam which has occurred, some other data breach, maybe an ISP got breached or something like that.

They've already got all of those details about you. And so they're saying, can you confirm this is your name? And you want to be helpful. You want to say yes.
CAROLE THERIAULT
And going back to things like the Equifax data dump, I mean, they may have a lot of this information from you because it's just floating around the web.
GRAHAM CLULEY
Right.
CAROLE THERIAULT
So, yeah, they're able to confirm some things, get more information out of you.

In one case, they were actually told one of the recipients of the call, the potential victim, that £40,000 had been fraudulently taken from their account.

So I was thinking, how would they know?

And maybe just even through things like Google ad searching, you can actually put in what is your income bracket, so you can make an educated guess in those cases.

Anyway, there you are. So beware of scams. I know that's not new, but I thought this was quite an ironic way of it working.
GRAHAM CLULEY
I think it's definitely one to be aware of, the fact that they're pretending to be Action Fraud.

And of course, in different countries around the world, they may pretend to be other agents as well.
CAROLE THERIAULT
So keep your wits about you and don't get too paranoid.
BJ MENDELSON
It's always good to be cautious. You know, I know some really smart people that have logged into fake banking accounts.

And otherwise, you know, these people would otherwise have master's and PhDs, and they walk around telling people how smart they are, but they fall victim to this all the time.

So it's always good to just be ridiculously cautious because we're gullible as people.

I think that a lot of the reasons this stuff works is we have that lizard primate brain that sometimes overrides everything else.

And so if someone calls you up and offers you help, you know, the lizard brain goes, oh, okay, I should trust you.

The logical, the higher functioning brain doesn't step in and save you. So I think that stories like this are important and just constantly reminding people to be vigilant.
CAROLE THERIAULT
I bloody hate it though. I want the world to be a nice happy place where you can trust your neighbor. I hate all this. But you're right.
GRAHAM CLULEY
Where everybody knows your name.
CAROLE THERIAULT
Right?
GRAHAM CLULEY
Exactly.
CAROLE THERIAULT
Yeah, it was just right on tune. Right on tune.
GRAHAM CLULEY
Thank you. I can't remember what the tune was.
CAROLE THERIAULT
Sounded like the real thing there. Hey, Graham.
GRAHAM CLULEY
Yep.
CAROLE THERIAULT
It's almost time for our favorite time of the week. Yes, it is.
BJ MENDELSON
Yes.
GRAHAM CLULEY
And thanks once again to MetaCompliance for supporting this episode of Smashing Security. People are the key to minimizing your cybersecurity risk posture.

You can save 10% as a Smashing Security listener off the high-quality cybersecurity e-learning catalog by going to metacompliance.com and quoting the code SMASHING.
BJ MENDELSON
And welcome back.
GRAHAM CLULEY
It's our favorite time of the show, the part of the show which we like to call Pick of the Week.
CAROLE THERIAULT
Pick of the Week. BJ, can you say it too?
BJ MENDELSON
Oh, Pick of the Week. Sorry. I was mesmerized for a second by the cat cleaning himself. It was just a mess over here.
GRAHAM CLULEY
His lizard brain kicked in.
BJ MENDELSON
That's right.
GRAHAM CLULEY
Oh, cat's licking itself.
CAROLE THERIAULT
I wish I could do that.
GRAHAM CLULEY
Do you?
CAROLE THERIAULT
No.
BJ MENDELSON
I do. Who doesn't? Any guy that tells you that they wouldn't is lying. I'm convinced of that.
CAROLE THERIAULT
Yeah, I'm a girl though. Yeah, just saying.
GRAHAM CLULEY
Pick of the Week is that part of the show where everyone chooses something they like.

Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, podcast, whatever they like. Doesn't have to be security-related necessarily.

Now, my pick of the week is something you've probably all heard of and is a bit rubbish, because why am I recommending this? Well, I'll explain why I'm recommending.

I'm recommending tunein.com, which is also an app which allows you to listen to radio stations all around the world, or podcasts.
CAROLE THERIAULT
I never use TuneIn. And I saw this as your pick of the week and tell me why you use it.
GRAHAM CLULEY
So obviously you can use it to listen to podcasts, you know, but there's plenty of other podcast apps.

You can listen to news and you can listen to radio stations from around the world as well.
CAROLE THERIAULT
All in the same app.
GRAHAM CLULEY
Yes, and if you're prepared to give them $9.99 per month, you can listen to live sports like NFL and MLB— I don't even know what these are.
CAROLE THERIAULT
Yawn.
GRAHAM CLULEY
MLB, NBA.
BJ MENDELSON
MLB is the only one that matters.
GRAHAM CLULEY
Is it? Okay, what does that mean?
BJ MENDELSON
Major League Baseball.
GRAHAM CLULEY
Okay, so American sports where people run around and get hot and sweaty and those sort of things. If you want to, you can do that.
CAROLE THERIAULT
Very important stuff happens.
GRAHAM CLULEY
But the reason why I have started using tunein.com is I have a new favorite Trump crush. What?

Now, a Trump crush is something— is a term I have adopted for someone who I enjoy listening to when they discuss the fascinating soap opera which is American politics.

Speaking as a European, only respite I get from our terrible Brexit situation is to look across at America and say, well, at least we're not quite in the same mess as those chaps over there.
BJ MENDELSON
It could be worse.
CAROLE THERIAULT
Misery does love company.
GRAHAM CLULEY
Misery loves company.

The thing is, if you're over here in the UK, you can't watch CNN, you can't watch the American version, you only get the Europe— whereas the American version of CNN is pure 24-hour Trump, right?
BJ MENDELSON
Yep.
GRAHAM CLULEY
And similar MSNBC. So I'm able now via TuneIn to listen to the soundtrack of MSNBC. And so I'm able to catch up on my Trump crush.
CAROLE THERIAULT
You need to get a freaking life.
GRAHAM CLULEY
Rachel Maddow. I think you'd quite like her.
CAROLE THERIAULT
Oh, would I?
GRAHAM CLULEY
She—
BJ MENDELSON
Yes.
GRAHAM CLULEY
Oh, she has an hour-long show where— and I love her delivery— where she talks about what's been going on during the day in the crazy world of Trump and associated cronies.

And that is why I use tunein.com.

And if you're not fascinated by Trump, maybe you just want to listen to podcasts or music or live sports or any of those things as well, or internet radio.

Go and check out tunein.com, which is my pick of the week.
CAROLE THERIAULT
Hmm. Interesting pick of the week.
GRAHAM CLULEY
Now I've lost half of our American audience again.
BJ MENDELSON
I will, but you'll get, you'll gain them right back. I think MSNBC, just taking a step back at just the historical context of MSNBC.

They always thrive when we have an idiot in the White House.
CAROLE THERIAULT
Yeah.
BJ MENDELSON
So they were great when Bush was in office for both terms, and they've been wonderful with Trump in probably both of his terms because that's how Americans vote.

But yes, I do highly recommend Rachel Maddow for anyone listening. She is terrific. MSNBC in general is generally terrific.

And now that I've said that, I'm sure Fox News will never invite me back. And that's okay.
GRAHAM CLULEY
Well, I've heard Sean Hannity's quite entertaining this week.
BJ MENDELSON
Oh yes.
CAROLE THERIAULT
You know, Graham, since now that he recommends Rachel, I now am interested.
GRAHAM CLULEY
Oh, I think you would be interested, Carole. Yes, I'm sure she does do a podcast as well, so you can tune in on your regular podcast app just to her show.
CAROLE THERIAULT
Okay.
GRAHAM CLULEY
So BJ, what's your pick of the week?
BJ MENDELSON
I have this thing about zombies. I'm afraid of zombies.
CAROLE THERIAULT
Oh really? I think they're so great.
GRAHAM CLULEY
I have them around for tea all the time.
BJ MENDELSON
I have them in my graphic novel where, you know, there's a picture of them going by on a golf cart and the zombies are playing on their phone and just, I'm terrified of them.

So for me, I will generally avoid zombies in the media. And the reason why I mentioned that is I found I really enjoyed Santa Clarita Diet on Netflix.
CAROLE THERIAULT
Ah, yes, I've seen that. Santa Clarita Diet.
BJ MENDELSON
I've always been a sucker for Drew Barrymore. I mean, you know, she was in high school. I had a big crush on her and, yeah, and she's just very funny.

Her timing has always been wonderful. And even that wasn't enough to sell me on the show. But I decided just randomly not to do work, which is odd for me.
CAROLE THERIAULT
Very important.
BJ MENDELSON
I'm a workaholic.

And so I was like, all right, I'm just not going to do anything for the next day or two and I'm going to binge watch something that I otherwise wouldn't have taken the time to.

And it was Santa Clarita Diet and it's wonderful.
GRAHAM CLULEY
What's the premise of the show?
BJ MENDELSON
So the show is Drew Barrymore and her husband are realtors, and she, under mysterious circumstances, becomes a zombie.

And the family goes to these hilarious lengths to try to cover it up.

And what's great is that instead of doing a typical American sitcom where they reset the show at the end of the season or they reset at the end of the episode, the situation just keeps getting crazier and crazier.

As it goes. And as it builds into the second season, there's this whole world of things that you're introduced to.

And I just, I just love the sheer insanity, the bit of batshit craziness of it.
CAROLE THERIAULT
So, but it's also gruesome. It is gruesome. Like she's sitting there chewing on a leg and covered in blood.
GRAHAM CLULEY
Like The Walking Dead or something.
BJ MENDELSON
It's not as gruesome as I'd say, like The Walking Dead. Like I've seen some stuff from that, that was just, I couldn't watch it after watching.

But yeah, the first 6 episodes are a little rough, pretty graphic, but it does kind of settle down a bit.

And into the second season, it focuses more on the comedy aspect of it, which I think just really works.

And now that I've discovered it, I find that I can't wait for the next season. And I don't remember the last time I've said that.
GRAHAM CLULEY
When you say it's funny, view it as a sort of a zombie version of Weekend at Bernie's.
CAROLE THERIAULT
My favorite movie of all time.
BJ MENDELSON
I would love that.
GRAHAM CLULEY
But in this case, horror. The undead.
CAROLE THERIAULT
I'm hearing a lot of clinky clinky. I don't know who's clinky clinking.
BJ MENDELSON
That's the dog. Sorry, she just made her grand entrance into the room. So far she's well behaved. So if it's just clinking, we're okay. But yeah, so I mean, I love the show.

It's— I can't recommend it enough.
CAROLE THERIAULT
Did you— do you know the show? I can't remember the name of it. Have you seen Braindead? It was on Amazon Prime.

And it's a kind of political alieny rather than zombie, but I think you might enjoy it. It's wonderful.
BJ MENDELSON
I saw promos for that. It was on CBS, I think, here in the States. I got to check it out.
GRAHAM CLULEY
Hmm.
BJ MENDELSON
And that was my pick of the week.
CAROLE THERIAULT
It's a good pick of the week.
BJ MENDELSON
Thank you.
GRAHAM CLULEY
Carole, what's your pick of the week?
CAROLE THERIAULT
Mine is not gross. Mine's really useful. So I live in a modestly sized house, but it has super solid walls, and anyone who has solid walls knows solid walls are not good for Wi-Fi.

So most people say, oh, what's the big deal? Just get a Wi-Fi extender. But so many are annoying, right? Because you're constantly switching between access points.

It interrupts service, especially when you're on a call.
CAROLE THERIAULT
So I've been looking for a solution and I think I've found one. Enter Devolo. So I bought the dLAN 550 Wi-Fi Starter Kit Powerline. I know, the most snappy headline ever.

But you can set it up to clone your router SSID. Which means you don't keep dipping in and out of access point. And it's really easy to set up.
CAROLE THERIAULT
So you get two adapters in the box, right? You put the first Powerline adapter, plugs into the router and plugs into the power socket.

The second one, you plug into wherever you need to extend your connectivity. So if you're up in the attic, you plug it up there. If you're in the garage, you plug it in there.

If you're in the back room, whatever. And then you press a button and boom, strong Wi-Fi across the entire house.
GRAHAM CLULEY
Hopefully not actual boom.
BJ MENDELSON
Well, it depends on what you're into.
GRAHAM CLULEY
But the idea is that you're basically extending your wireless network using the electric wires of your house, your existing—
CAROLE THERIAULT
Exactly, it's a dLAN. Yes, exactly. And it's kind of cute because they've even added an extra socket on the adapter so you don't lose a power socket, which is nice.

And I've been using it for about two weeks, and I think it's absolutely awesome. It costs about £100 or $150. The one thing I don't know is how much power this actually uses.

So until that's clear, I'd say it's wise to turn it off when it's not in use. But really easy just to plug and play.
GRAHAM CLULEY
Really, I imagine— okay, the nerd in me is going to ask this question.

I would imagine that you can encrypt the communication going down your power line if, for instance, Carole Vladimir or Donald wanted to snoop upon your communication via my electrical wire.

I know it's a little bit extreme, but it would be fairly easy for them to encrypt those messages as well. I imagine they're doing that, aren't they?
CAROLE THERIAULT
And yes, they do.
GRAHAM CLULEY
Cool. Well, that sounds like a good solution for you.
BJ MENDELSON
This is great. I just bought a range extender for my dad and all the issues that you were talking about, I was just sitting here and nodding my head. Awesome. Yep. Yep. That's it.

So this sounds wonderful.
GRAHAM CLULEY
Because this is the quintessential thing. Suddenly in my family, it matters less if the power goes out or the water is stopped than if the Wi-Fi stops.

That is the thing, as my position of CTO of my house.
CAROLE THERIAULT
Well, the extender will not work if you have no power though.
GRAHAM CLULEY
Oh yeah.
BJ MENDELSON
Good point.
CAROLE THERIAULT
And there you go. That's a perfect end. End scene. And click.
BJ MENDELSON
End scene.
GRAHAM CLULEY
Well, I think on that bombshell, we've just about wrapped up this week. If you want to follow us on Twitter, you can do so @SmashingSecurity, no G.

Twitter wouldn't allow us to have a G. We've got an online store where you can buy stickers and t-shirts and things at smashingsecurity.com/store.

And I guess we have to also thank BJ. Thank you very much, BJ, for coming along today and joining us.
CAROLE THERIAULT
Yes, you were a brilliant guest.
GRAHAM CLULEY
Thank you so much. If people want to find you online? What is the best way for them to do that?
BJ MENDELSON
Honestly, it's just BJMendelson.com. I use Twitter, but I mostly tweet about comic books and professional wrestling. So if you're into that, you can follow me @BJMendelson.

But, you know, the thing I wanted to share was I am giving away free copies of Social Media Is Bullshit in its PDF format.

So anyone who texts me at— I'll give the country code here. 1-646-331-8341. That's my actual number too, by the way. So I'm going to give it again. It's 1-646-331-8341.

That's sheetrock, and it's spelled exactly as it sounds, I will send you a free PDF copy of Social Media Is Bullshit.
CAROLE THERIAULT
BJ, are you single?
BJ MENDELSON
I am.
CAROLE THERIAULT
And anyone who's interested in asking BJ for a date, please use this number.
BJ MENDELSON
I am all for it. Yes.
GRAHAM CLULEY
But don't text in the word sheep for us. Thank you for tuning in. If you like the show, rate it on Apple Podcasts. It really does help new listeners discover us.

And you can go to www.smashingsecurity.com for past episodes and for details of how to get in touch with us. Until next time, thank you very much. Cheerio. Bye-bye.
CAROLE THERIAULT
Adieu tout le monde. BJ, you can say bye.
BJ MENDELSON
Oh, bye everybody.
CAROLE THERIAULT
I love that it happened twice.
BJ MENDELSON
You stay classy, San Diego.
CAROLE THERIAULT
Stay classy!

Hosts:

Graham Cluley:

Carole Theriault:

Guest:

B J Mendelson – @bjmendelson

Sponsor: MetaCompliance

People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Listeners can get a 10% discount off the high-quality CyberSecurity eLearning catalog by quoting the code SMASHING. Visit www.metacompliance.com now.

Follow the show:

Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.