Hacking the human mind: The rise of social engineering security threat

00:00

hello again and welcome to big data in

00:03

ai toronto um so

00:06

this session again is we were talking

00:08

about

00:09

um

00:10

a cyber security issue that we're all

00:12

facing today uh nowadays it's a big

00:15

challenge and for that i am also talking

00:18

today uh with mr jim peggy amsas he is

00:21

uh an author

00:23

uh um

00:25

writer and also a podcaster he is also

00:27

my business partner for like the past

00:29

five years

00:30

uh his work was in digital marketing and

00:34

social media

00:35

and since he became my partner he's got

00:38

himself somehow involved into ai and

00:41

cyber security so uh jim welcome

00:44

uh this is your first time in um

00:47

uh big data on ai toronto

00:50

yes it is thank you for

00:53

watching some insights on this topic

00:56

yeah so the topic today we're talking

00:58

about is hacking the human mind the rise

01:01

of social engineering security threat so

01:04

let's dive in so that's me

01:06

and my uh jim we're a couple of handsome

01:09

dude we're gonna talk about this topic

01:11

today

01:12

but now let's talk about a very

01:14

important

01:15

thing that started happening so

01:18

you know that during covert everybody

01:19

said that the the hacking or the data

01:22

leaks are going to rise up but what

01:24

happened in the beginning of kobe like

01:26

let's say like the first three months uh

01:29

in in 2020

01:30

um the thing in is

01:33

that the the hacks and the cyber attacks

01:35

became less as you can see here because

01:39

and this is what what uh you know the

01:40

databases dropped significantly in the

01:43

2020 quarter because according to mr

01:45

miss eva vasquez which is the president

01:47

and ceo of the identity

01:48

uh of this resource center in united

01:51

states that organization are have become

01:53

on high alert looking for signs of cyber

01:56

attacks so it became more complicated

01:59

for attackers to come and physically uh

02:02

you know to

02:04

do that hacking or or cause the data

02:07

leaks physically from the servers so

02:09

they have to look into other options and

02:12

one of those options was social

02:14

engineering because social engineering

02:15

is the art of manipulating people so

02:18

they give up information or confidential

02:19

information about themselves that type

02:21

of information that criminals are

02:23

seeking i can vary but when individuals

02:25

are targeted by the criminals they're

02:27

usually trying to trick them into giving

02:29

them more like something like password

02:31

bank information social insurance number

02:33

uh computer security uh uh

02:36

information that they can install

02:38

malware or other stuff so they come and

02:41

gain their trust somehow uh to give them

02:44

very personal information that they can

02:45

use against them and what does a social

02:48

engineering attack looks like it could

02:50

be it looks like an email from a friend

02:52

or an email from another trusted source

02:55

or distressed call for help like someone

02:57

sends you like oh my mother is dying uh

03:01

my father is

03:02

lost my father last year my mother's

03:04

dying i need some help and so you give

03:05

them some information or your credit

03:07

card number or something like that in

03:10

you know in a like a

03:12

you're trying to help but that's what

03:14

they're gonna use against you so many

03:17

people do not know

03:18

that this was an actual social

03:20

engineering exam so there are three

03:22

types of tactics that these guys are

03:24

used in person and this is one of the

03:26

most dangerous because

03:27

the personal chemistry in people can

03:30

create a trust easily with people that

03:32

are not trustworthy

03:34

through phone you know somebody calls

03:36

you and tells you i'm from the cra or

03:38

i'm from this bank or whatever and then

03:40

the digital which is like kind of like

03:42

email

03:43

or or a

03:45

text message or something like that and

03:47

both of those oh sorry three of those uh

03:51

you like

03:52

they they use they use your emotions

03:56

to to to

03:57

to come and

03:59

either makes me fear something or you

04:02

know like feel sorry for someone so that

04:04

they could become something remember

04:06

and that's what i wanted to talk to you

04:07

about a little bit uh jim when we talked

04:10

about when did kovitz started and we

04:12

were talking too much on the phone at

04:13

the time and it was a big bit of a rise

04:17

of those phone calls from the cra i was

04:19

like oh you're in a big trouble you can

04:21

come here and you have to pay for the

04:24

cra or you're going to be in big trouble

04:26

or the uh the help from the government

04:29

uh i think uh serb

04:31

and and and that stuff

04:33

do you remember we were talking about

04:34

that right

04:35

yeah actually happened to me uh a few i

04:38

got through those calls as well and sort

04:39

of some of my friends yes they

04:42

definitely uh increased there was a lot

04:43

of uh

04:44

i got cra call a couple of years ago

04:46

actually uh even before uh

04:48

covet but yes they seem to have

04:51

come back again in 2020 so

04:54

that

04:54

is and i can say myself and other people

04:57

did get those calls yeah and you

04:59

remember just calling me about one call

05:01

that was like really like a legit call

05:03

and you just you didn't do anything but

05:05

you called me it's like can you tell me

05:07

what is it about and i told you this is

05:09

definitely a prank call remember that

05:11

one yeah i remember remember

05:13

yeah so i mean like

05:16

it's i mean i probably you got lucky

05:18

because you know someone like me but a

05:20

lot of people do not have that someone

05:24

so

05:25

i believe like what we talk about is the

05:27

awareness is very it's very important

05:29

and what is what we talked about in our

05:30

podcast is he remembers that one many

05:33

times

05:34

yeah we've talked about uh

05:37

this misinformation and and privacy in

05:40

the 21st century so yes we've talked

05:42

about these topics

05:43

yeah so uh again

05:46

uh the touch of social engineering

05:48

attacks come

05:49

in in things like we call them uh

05:51

fishing there's called spear fishing

05:54

there's wishing smishing and mining

05:57

social media i'm just gonna go through

05:58

them uh and we're gonna talk about some

06:01

examples because like phishing is like

06:03

an email that sends you and give you

06:05

some information about yourself and they

06:07

ask you for for something and most of

06:09

these as you can see from here are about

06:11

financial services come from something

06:13

that that pretends it's from your bank

06:15

or from paypal or from anything that you

06:18

use your credit card or something

06:20

uh to purchase and they and they give

06:22

you some information so that they give

06:24

them more now spearfishing is also

06:27

fishing but it's more targeted they

06:29

they might give you they might hacked

06:31

into some leaked information from

06:33

somewhere and they would send you

06:35

information that oh you have done this

06:37

purchase on that time with with this

06:40

last four numbers of your credit card

06:42

and that's something that they stole

06:44

from somewhere you know and that that

06:47

that's like spearfishing because it's

06:48

targeted to you and has very information

06:50

and so you just start doubting yourself

06:53

or giving them trust that they they

06:55

don't deserve there's also something

06:58

called wishing with his voice fishing

07:00

it's like through phone calls this is

07:02

also very

07:04

um um you know very dangerous because if

07:07

specifically if the the one in um on the

07:10

other side is not a

07:11

bot or a robot call it's a human a human

07:15

voice might also create that trust or

07:17

that fake trust so that you will be more

07:21

inclined to believe them and trust them

07:23

there's also smishing which is like

07:25

phishing through text messages or sms

07:28

that when they send you all of that also

07:30

sometimes from the cra or sometimes oh

07:32

some relative to you

07:34

from you some of your relatives died in

07:36

africa and they have like this million

07:39

of millions of inheritance and we need

07:41

some to give you some act to get some

07:43

action from you so that you will get all

07:45

of those money

07:46

a lot of this happened like all the time

07:49

but during cover it was like so big

07:51

there's also mining social media which

07:53

is like they go to your social profile

07:55

they collect a lot of information that

07:57

you don't know you were giving for free

07:59

and they pretend they know you

08:01

by

08:02

by by collecting all of this social

08:05

information about you there's also man

08:07

in the middle attack which is like they

08:09

hack into your computer while you're

08:11

working on it specifically when you are

08:13

on a public that you are in the library

08:15

or in a coffee shop or something and

08:17

they can see everything you do on your

08:20

uh um what you call it on your uh

08:23

laptop or your phone even the credit

08:26

card numbers that you get and all of

08:28

that

08:29

is is it does happen all the time

08:32

now

08:32

you know there's also mine in the

08:34

browser attack which is not they don't

08:36

hack your machine but they have the

08:37

browser but the same thing so i don't

08:40

know you remember we also talked about

08:43

like

08:43

we're telling people it's it's okay to

08:46

connect to public wi-fi it's just don't

08:48

share

08:49

personal information or financial

08:51

information they're called public wi-fi

08:53

for a reason they called public for a

08:55

reason you know

08:58

yeah

08:59

yeah yeah we talked about you know

09:02

it's something we talked this in the

09:04

privacy many times and even in person

09:06

and yeah it's just public for a reason

09:09

but i but i really believe that uh you

09:11

know they're

09:12

people are aware of it but they're just

09:14

bringing their guard down

09:15

because they're just going through their

09:17

day and i think that's important

09:20

that we keep reminding people through

09:22

these

09:23

talks and all that that you have to not

09:25

abuse that or use it too often

09:29

yeah and and uh you remember when we

09:31

when we saw that book that you wanted to

09:34

surprise me but i bought it before it's

09:36

the book that's called targeted which

09:37

talked about this social media hack the

09:40

big hack of social media the uh uh what

09:43

we call it on facebook and how cambridge

09:45

analytica used our information against

09:48

us

09:49

in many steps like one of them was was

09:50

like u.s election and brexit

09:54

yeah well i guess you're right i did i

09:56

did eventually read it

09:58

but at the end of the day what i'd like

09:59

to get tell people quickly the context

10:02

is there's a lot not great books target

10:03

is on there there's one called weapons

10:05

of math destruction by kathy o'neil and

10:07

the only reason we're mentioning these

10:09

these books

10:10

is for you to to look into them their

10:13

resources

10:14

but cambridge analytica did some very

10:17

uh

10:19

horrendous

10:20

greatest things and i'm not going to

10:22

ruin it for you because i want i'd

10:23

rather people read the book but

10:25

i mean it was crazy

10:27

what they did they swayed elections

10:29

ladies and gentlemen this way opinion

10:31

they sway people's minds

10:34

it was like it was bad but when you read

10:37

it and and then they met there was a

10:39

movie movie that came out called the

10:40

great hack

10:42

with uh shoes in it but

10:44

you know these are these are some of the

10:46

material that's out there available in

10:48

your local libraries and books so we're

10:49

just using that as context that's all i

10:52

just want to make sure we're clear here

10:54

and and and just i wanted to remember to

10:56

remind people that 620

10:59

and 30 something thousand canadians

11:02

were

11:03

were in that league and that's one

11:05

league of many leagues and we've just

11:08

heard about uh facebook scandal a couple

11:11

of days ago where we know that they

11:13

actually don't give a damn about their

11:16

customers and this is recent this is

11:18

just last week

11:19

yeah

11:20

and and it was like it was like i mean

11:23

like it was shocking but at the same

11:24

time it was not that shocking right i

11:26

was shocking you know i i

11:28

i fortunately didn't see the whole thing

11:29

but i i watched it online and it is

11:32

shocking it is shocking to to see that

11:34

they're aware of the problem and they're

11:36

not doing anything about it that's what

11:38

the shocking part is and they they have

11:40

hired those people to do those studies

11:43

and then when they looked at them they

11:45

just ignored them

11:47

right i mean this is this is again as

11:50

you said we're too much trustee we don't

11:53

give too much trust into those platforms

11:56

while

11:58

we saw what is happening but we are we

12:01

are actually submitting to social

12:03

engineering while we are totally

12:07

not aware what it's doing but we're not

12:09

we here we hear about all of those

12:11

private subjects like oh we don't have

12:13

any other option well what you do have

12:15

often don't share that much online right

12:19

and

12:20

we look you know the only thing i like

12:21

to add hashem i i let me for a few

12:23

seconds is we do we've done so much more

12:26

of this

12:27

uh even before covet hit

12:30

we've become a sharing society

12:33

um you know on facebook on twitter it's

12:36

become something

12:37

of a complete tsunami

12:40

of of of sharing it's gotten

12:43

way out of control

12:45

yeah

12:46

so uh

12:47

continue continuing with with

12:50

this one

12:51

because i wanna i wanna

12:53

talk now in numbers

12:55

uh the impact about of social

12:57

engineering attacks and as you can see

12:59

over the third of phishing attack

13:00

targets user of financial services which

13:03

means

13:04

uh

13:05

one employee will have power to see our

13:07

financial data

13:08

they give their information and all of

13:11

our financial data is in the in the

13:12

hands of hackers

13:14

uh also there's lots of associated with

13:16

security incidents in the finance sector

13:18

increased by 24

13:20

that's only

13:22

in 2014 you can imagine what is

13:24

happening right now financial services

13:26

encounter security incidents 300 percent

13:29

more frequently than other industries

13:31

this is our money this is our credit

13:34

cards these are things that we rely on

13:36

those entities to protect for us because

13:39

we cannot keep our money in a shoe box

13:42

anymore right and and we have we still

13:45

all have all of that and it's us through

13:48

giving the information or some people in

13:50

that industry so 48 of companies

13:53

that say that social engineering attacks

13:56

cost them more than 25 000

14:01

per incident that is not a small number

14:04

but only as you see here but only a

14:06

quarter of those companies are ongoing

14:08

training to prevent social engineering

14:11

what would you say when you hear that

14:13

they know that it's cost them but they

14:14

don't you know they didn't give enough

14:17

budget to train their employees on that

14:19

i mean like isn't that like

14:21

i mean like you could you could spend

14:23

much less than that on training your

14:24

employees and preventing all of this

14:27

you could and this is this is why um you

14:30

know i think it's important that you're

14:31

giving this talk and i appreciate you

14:32

allowing me to be part of it because at

14:34

the end of the day what even what

14:36

francis haugen said is that they had the

14:39

guard rails in place and they didn't use

14:42

them

14:43

ladies and gentlemen and this is exactly

14:45

what

14:46

i'm talking about they could do but

14:48

they're not

14:49

because they're more concerned about

14:50

their profit than they are about

14:52

doing the right thing exactly and this

14:54

is why talks like this are important

14:56

because now it's on us

14:58

to be aware and to know what we're doing

15:02

what we are sharing with those entities

15:05

so that we don't share much right i mean

15:08

to protect ourselves it's coming to us

15:10

to be our own guardians right yes yes

15:14

yeah and i i believe that the books we

15:17

talked about there there are a lot of

15:19

documentaries there i mean that go and

15:21

watch

15:22

yeah there's a gold

15:24

yeah there's a one called coded bias

15:27

um

15:28

uh by women and uh the one of the ladies

15:31

that was in the doc was actually from

15:32

the university of toronto that she did

15:34

some work with and kathy o'neil from

15:36

weapon to math destruction is actually

15:38

featured in coded bias it's a fantastic

15:41

film

15:41

and i know we're talking about these but

15:43

these are resources i'm going to say it

15:45

again these are resources we're not just

15:48

we're not promoting these please don't

15:49

misunderstand be very clear these are

15:51

resources for you to do to check them

15:54

out to see for yourself what's happening

15:56

exactly and and these are just examples

15:59

i mean if you don't like what would be

16:00

saying just go and

16:02

and watch something like that yes it's

16:04

what we know but there's a lot out there

16:07

and these are just examples to go and

16:09

watch i mean like

16:11

we also heard about pegasus software

16:13

which was spying on people and most of

16:14

it happened because people were just

16:16

like clicking links on whatsapp

16:19

that were implanting something on their

16:22

phones right remember also when you told

16:24

me about the uh those whatsapp messages

16:26

that you were getting and the sms which

16:28

have those links and you say like

16:31

from banks that you've never even have

16:34

any account with right yeah i don't have

16:36

an account anyways i was like

16:39

even text i was getting texts too yeah

16:41

text messages whatsapp i mean that that

16:43

is that is that's going crazy and um

16:47

you know that's again on us to be our

16:49

own guardians uh so

16:52

that was the impact of these attacks now

16:54

let's talk

16:55

about how to protect ourselves from

16:57

these social engineering attacks and by

17:00

the way

17:00

it's it's not that difficult i mean we

17:03

talked about it many times me and gemini

17:05

create strong passwords

17:08

can i try him on this one can i jump in

17:10

on this one

17:11

so i uh it's gonna be a little comedy

17:13

corner but my i have a younger brother

17:15

and he he has um warped me on this and i

17:19

think hashem knows this his his

17:20

passwords are like 15 letters long

17:22

ladies and gentlemen

17:24

15. you know i've i've gone to eight

17:27

okay

17:28

15.

17:29

and like i told hashem this and he was

17:31

like and what's your point you know

17:34

but i high i highly recommend i have a

17:36

book i have all my passwords please this

17:39

is the one of the strongest things that

17:40

i want i really that's why i appreciate

17:43

hashem allow me this is one thing please

17:46

no one two three four no

17:49

q-w-e-r-t-y

17:50

please use have a book a heart copy book

17:54

and write all your passwords in there i

17:55

know it's old school

17:57

but this is the strongest recommendation

18:00

we'll have another recommendation

18:02

besides the physical book but

18:04

but the idea here is also creating a

18:06

strong password you know yes i really

18:08

agree i agree i agree yeah and avoid

18:11

common obvious password as we just said

18:14

yes sorry you're you're strong i saw you

18:16

i stole your thunder sorry yeah no it's

18:18

fine and this is what this is why i

18:20

wanted to bring you because you've been

18:21

with me uh on this route and i remember

18:24

we talked about passwords and i was the

18:26

one who told you stop

18:28

putting those passwords they could be

18:30

hacked in a heartbeat remember

18:33

and you know there are always here we

18:35

can just tell you that there are a lot

18:36

of people to remember complex uh

18:39

passwords and create create them like a

18:41

story method

18:42

uh or do like acronyms or the loki music

18:45

where you create a scene based on

18:47

location you know

18:49

uh like um

18:51

i like uh

18:53

uh what do you call it

18:55

i scream

18:56

from uh starbucks on bloor

18:59

and bloor on dixie for example so these

19:02

are like some stuff that you can easily

19:04

remember and you can shift like uh

19:06

capital letters small letters with with

19:08

special characters and you can remember

19:10

it's not it is not that complicated if

19:13

you thought about it besides don't use

19:15

the same password everywhere that is

19:17

that is very important

19:19

yes i agree

19:20

yeah so

19:22

these are also steps to protect yourself

19:24

from from uh from social engineering

19:27

it's like when you receive something an

19:29

email or text message first of all be

19:31

cautious see what the source is is it is

19:34

it is it does it look like the source

19:36

that they send it from or does it look

19:37

suspicious spilling errors sometimes

19:39

spilling terrorists

19:41

is not sometimes spelling errors are not

19:44

because they have they're stupid or

19:45

they're doing errors no because they

19:46

want to get away from detection of the

19:49

ai detection so that they do those

19:51

spilling errors so that they will avoid

19:53

uh detection by ai now

19:56

anything that asking for an urgent

19:57

action might be

19:59

suspicious

20:00

also links we just talked about the

20:02

links that they were sent from cra and

20:05

all of these things through our text

20:06

messages and all remember that

20:08

uh check the from address so if it says

20:11

adobe.com and you just uh have this this

20:14

adobe logo look at this the the address

20:17

that comes is it come from something at

20:20

adobe.com

20:21

or not and of course if someone asks you

20:24

for a personal information

20:26

you should be skeptic without thinking

20:29

you know

20:31

uh that's that's you know like i think

20:33

this is like very very uh basic stuff

20:36

right and here's the other another stuff

20:38

to do from that what scammers and social

20:41

engineers are doing to you they also

20:43

they always request for something of

20:45

value of you they also want to keep the

20:47

matter of secret or privacy like oh you

20:50

have someone who died from your uh

20:52

relatives in kenya or whatever so just

20:55

keep it secret because there's a lot of

20:56

money in it they need to take you an

20:58

urgent action like now and just pay us

21:01

like 150 for the fees and then you will

21:03

get the millions

21:05

from your inheritance and they approach

21:07

you from a position of authority like if

21:09

you're an executive or a lawyer or a

21:12

software mechanic or something like that

21:14

so all of those are signs to look at so

21:17

that you know that this might be a

21:20

social engineering attack

21:22

now um

21:24

ai how can ai help this ai now can

21:26

detect deep fake videos we know what

21:28

deep fakes are it can you take fake

21:30

reviews it can detect back doors and

21:33

man-in-the-middle attacks it could

21:34

detect malware downloads and email and

21:36

attachment many of the antivirus are

21:38

using ai for that they can detect

21:40

phishing and spearfishing emails so ai

21:44

can help

21:45

way more than we can and we should also

21:48

invest in ai researchers into into doing

21:50

that um that was it i need you jim to

21:54

tell us like this is how you can

21:56

communicate with me and jim i need you

21:57

to have like um

21:59

we have like about

22:01

three minutes i want you to just tell

22:03

tell somebody about the experience

22:05

of learning that stuff uh through the

22:07

years

22:08

you know well at the end of the day um

22:11

yes you know wasn't a thing that i was

22:14

interested in

22:15

now the reason i was is i like to learn

22:18

and

22:20

you know the

22:21

the area for that was becoming prevalent

22:24

in the media

22:25

and uh you know i like to you know like

22:28

i said hashem i've known her for five

22:30

years but

22:31

it was on my own terms hisham never said

22:33

oh you gotta learn no it's just my own

22:35

terms so

22:36

uh the one thing i'll be honest with you

22:38

is the covers of these books are just

22:39

insane

22:41

like targeted as like a grenade you know

22:44

the weapons of mass destruction you know

22:46

is uh uh you know it's a skull you know

22:48

it's like

22:50

it's a it's a skull with uh you know

22:52

crossbows

22:53

um but at the end of the day is i think

22:55

we have to be more aware

22:57

of what's happening and you know there's

22:59

great books out there there's

23:01

documentaries there's solid information

23:03

out there and it's only a lot to be more

23:05

aware of myself

23:06

and uh so that's why for me uh if you're

23:10

loved to read there's lots of great

23:12

books you can watch movies uh on you

23:14

know whatever streaming service you have

23:16

so um that's what the thing is but it's

23:18

also to be

23:20

conscious

23:21

that the world is changing um you know

23:22

i've been teaching social media for a

23:24

long time this added another toolbox for

23:27

me too for people to understand it

23:28

better we talked about in our podcast we

23:31

talked about privacy we talked about

23:33

crypto we talked about misinformation

23:36

these topics are still important look

23:38

what happened with facebook ladies and

23:39

gentlemen this is very fresh

23:41

so

23:42

um that is why uh i've done it and i

23:46

continue to do it

23:47

and i think i encourage you that to

23:49

implore you

23:50

that um

23:52

this is information that's out there

23:53

your local library your local bookstore

23:55

go and learn more about it because your

23:58

information at the end of the day your

23:59

information is your information for a

24:01

reason

24:02

i think we have to be that and one more

24:05

thing that i'd like to really um think

24:06

is yes

24:08

be careful using public wi-fi

24:11

especially it's very important so with

24:14

that i appreciate thank you michelle for

24:16

having me on today and just be more

24:18

aware and composite of when you're using

24:22

yeah so i guess what jim is trying to

24:23

say because he doesn't come from a

24:24

technical background if i can do it you

24:27

can do it right okay and

24:30

all right that works yeah awareness is

24:33

the key it doesn't matter what industry

24:36

you are in this is a this is a public

24:37

awareness i believe now everybody has to

24:39

know it

24:40

uh so thank you jim for being here and

24:43

give our audience uh your own

24:46

personal experience into this thank you

24:49

everybody for being here you can contact

24:51

me or jim through our twitter accounts

24:53

or anything you can find us everywhere

24:55

and uh

24:57

this is this is it for this session and

24:59

we're gonna take your questions