Podcast: Play in new window | Download
Subscribe: RSS
Hackers can break into your life in a lot of ways. Protect yourself with today’s tips.
Welcome to part 2 of our series on getting hacked and identity theft. If you missed part 1, you can click this link to listen to our story of being hacked and having our identity stolen.
Recently Hackers broke into everything we had online: our websites, our social media accounts and even made attempts to log directly into our bank.
We put ourselves at risk for identity theft in a number of ways, and you probably are too.
Do you use the internet? Unfortunately you’re at risk and you should start taking actions to cover some of your vulnerabilities, which we’ll cover in today’s episode.
We’ve learned a lot about social hacking and how hackers are now spending time researching their victims (not just running a piece of software).
You might not realize how much information people can glean by diving into your social profiles.
On top of social hacking, viruses, malware, and your hardware is potentially at risk.
In today’s show we discuss how hackers attempt to break into your systems, and what you can do to protect yourselves from the bad guys.
Help keep people safe! Share this on Twitter, Facebook, and Pinterest.
You will learn
- Learn what social hacking means.
- Why throwback Thursdays aren’t as fun and innocent as they seem.
- Why the street you grew up on plus your pet’s first name is NOT your superhero name
- Why your social media accounts are like open windows for online thieves
- Which email you should use to log in to all your accounts
- Why you should enable 2 Step Authentication (and why it’s safer)
- How to protect your security questions and secret hints
- How to protect yourself from malware and viruses.
- Why you should NEVER skip a software update
- How hackers use Skype to break into your machine
Links and resources mentioned in today’s show
Enjoy the podcast; we hope it inspires you to explore what’s possible for your family!
Click here to leave us an iTunes review and subscribe to the show! We may read yours on the air!
Can’t Miss Moments
Each week Jocelyn and I share moments that we might have missed if we had not started our online business. We hope these moments inspire you to see the possibilities and freedom online business could provide for your family.
You can connect with S&J on social media too!
Thanks again for listening to the show! If you liked it, make sure you share it with your friends and family! Our goal is to help as many families as possible change their lives through online business. Help us by sharing the show!
If you have comments or questions, please be sure to leave them below in the comment section of this post. See y’all next week!
Can’t listen right now? Read the transcript below!
JOCELYN: Hey y’all. On today’s podcast we’re gonna talk about how people get hacked and what you can do to prevent identity theft.
Welcome to the Flipped Lifestyle podcast, where life always comes before work. We’re your hosts, Shane and Jocelyn Sams. Join us, each week, as we teach you how to flip your lifestyle upside-down by selling stuff online. Are you ready for something different? All right, let’s get started.
SHANE: What’s going on guys? Welcome back to the Flipped Lifestyle podcast. It is great to be back with you again this week. For those of you who are listening, who are new to this show, you may not know who we are; we are Shane and Jocelyn Sams of flippedlifestyle.com. We are former teachers who started an online business, we started making money online, and we eventually made more money in a month than we were making in a year at our teaching jobs. So we decided to quit our jobs and work full time online. We’d like to say that online business flipped our world upside-down but in a very, very good way, and we now run flippedlifestyle.com and this podcast which airs three times a week where we help other families start online businesses and flip their lives as well.
JOCELYN: So if you’re new to the show, maybe someone sent it to you or shared it with you on social media, welcome, we’re glad you’re here. Our session today is actually part two of a series we’re doing about online security, and we were recently the victims of hacking on several of our websites, as well as an attempt at identity theft. And we’re hoping that by sharing what happened to us and everything that we learned, other people might be able to avoid some of the stress and the bigness that we found ourselves in during this event, and we really hope that you will help us to get this important message out to other people. So with that in mind, please share this podcast with anyone you care about who uses the internet, anybody who’s on social media, and especially people who run online businesses. We are certainly not the only people who are at risk but definitely having our online business may possibly make you a bigger target.
SHANE: Most of the time during our podcast, we like to share success stories from our listeners right now, but we’re gonna jump straight into our content today. We’ve got a lot of ground to cover and we wanna make sure that we can do everything we can to keep you guys safe. So we’re gonna kind of change our format up a little bit and just talk immediately about how people get hacked and all the different ways that you can do to keep yourself safe. As we mentioned last week, we learned more about getting hacked and identity theft than we ever wanted to know over the last month, and it’s just been really overwhelming and really eye-opening to see all of the different ways that might not only hackers try to get in and get your information, compromise your data, but just how many ways we leave ourselves open to attack. I mean there’s no way that we could cover every single thing, every single vulnerability that we have, in this podcast series but we’re gonna try to go over some of the big wins, the biggest things that you can do, that you can look at in your own systems to not only protect yourself, but all the little doors you may be leaving open that are letting the bad guys in and putting your data at risk, putting your identity at risk, putting your bank accounts, your WordPress logins, your email logins, all of the stuff that you do every day, how you’re leaving yourself open to attack. We’re gonna cover three primary ways today that hackers try to get into people’s information. These are three of the ways that we believe that our data was compromised. These are the mistakes that we made and we learned from. All of these information is 20/20 hindsight for sure, but we’re gonna try to tell you exactly what we know about getting hacked, and all the ways that we have done to protect ourselves since we learned all the doors that we’re leaving open for the bad guys. Okay, the first way that hackers try to get into your information or that you leave yourself vulnerable to be attacked by hackers or anybody trying to get out there and steal this data to try to, you know, get into your bank accounts and stuff like that, is called social hacking. Now I did not know about this, we learned about social hacking while we were looking back and deconstructing all the vulnerabilities in our systems. And the way social hacking works is that hackers study your public information, the things that you share on Facebook, the things that you share on Twitter, all of the public records that are stored throughout the internet in the government, you know like where you live, your property information, things like that, they get it all. And what they wanna do is collect as much information as they can publicly so that when they’re ready to start guessing things like your password or they’re ready to go after your money or break into your website or whatever, they can really narrow it down to a set group of parameters, and make it much easier to break into your information. They look up things like your mother’s maiden name, I mean if you’re friends with your mom on Facebook, it’s not really hard to figure out, you know, your mother’s maiden name; your kids’ names, we all share pictures of our kids on Facebook, on Instagram, all the time. Birthdays, I mean, our birthdays are such public information and common knowledge that it’s just like a game just to tell people “Happy birthday” on Facebook. Crazy things like your brother’s middle name. Whatever they need, they just study you and your friend’s list, and they go out and they crawl that information. Even a quick Google search can give them a ton of private personal information that you hold close to yourself that allows them to break into your system. Hackers will start games on social media, like “Hey, post the street you grew up on and your pet’s first name. That’s your superhero name.” Those are not just your buddies thinking up these games and posting them. Hackers will actually start those games, spread them and share them, that’s why they always say share with 10 people you know, and they’ll go out and get that information to collect things like your pet’s first name, or the car that you first drove, a Buick or a Camaro, or whatever. And they’re using this information to guess those secrete passwords, to try to get parts of your passwords, to guess those secret hints and questions that are – if you forget your password it’ll let you have access to your email or your systems. Throwback Thursdays we found out are things that phishers and hackers started to collect information that may not be online anywhere else or it existed before the internet. Like it’ll say, you know “Post a picture of when you played, you know, sports in high school” well then all of a sudden, now they have your football number, they have information of, you know, what you like to wear, what color, what your favorite colors, whatever. All these things that we share from our past can be used against us to guess passwords and to guess secret keys to get into our accounts. All of this information that hackers use to collect your information on social media, on Google, on the internet, they use it to try to narrow down those passwords and break into your information quicker, or they can even say “I’m having trouble logging in” and now they’ll just start answering your secret questions. How many times have you, you know, put in your actual mother’s maiden name? Well if they just go to Facebook, they can get that, guess your secret question, and they can totally get into your information without ever having to type in your password. And they also watch you on social media, that’s a very important part of social hacking, you know, we are very public with how we live our lives and we were sharing things in real time. We actually got attacked; we were hacked while we were on vacation in Disney World. The hackers knew when we were most vulnerable because we were sharing information in real time, where we were, what we were doing, and once they realized that our location was compromised, you know you can’t fight a hacker in the middle of Disney World. You just can’t. I mean you’re not able to do that without your laptop, without sitting at home and having all the access to your information. So they’ll also attack you on weekends, whatever, whenever they see that you’re not home or that you’re vulnerable, or they know that you can’t easily get access to customer service because of where you are or maybe it’s a Saturday at midnight, they go in and they try to get into all your information when you’re most vulnerable and you’re susceptible to those attacks. These are very sophisticated people, it’s not just, you know, like a hacker sitting there with a program, like in the movies, and he’s trying to break into all stuff. They’re just collecting the information that we make public, stealing, trying to use that to break into your information, and attack you in places like your bank account, hijack your social media, or take over your website.
JOCELYN: Thankfully there are some ways to stay safe from social hacking, and I would say that the first one probably is to keep all of your social media accounts private, and that’s something that I have started to do. I only will accept people as friends that I have personally met, and if maybe you have been on my friends list when I haven’t personally met you, you’ll probably be going away soon, and that’s not –
SHANE: Sorry guys.
JOCELYN: That’s nothing personal; it’s just that I want to keep my information as secure as possible.
SHANE: New rule: If you’ve not hugged us live in person, we’re probably not going to accept the friend request anymore. That’s why we have a public Facebook page and Twitter profile, where you can reach out and connect to us. So yeah, that’s one of the ways that we think we left ourselves vulnerable.
JOCELYN: And that’s not to say, you know, don’t have social media or don’t get on the internet, don’t have anything, because the truth is every person on the earth pretty much is in some type of database and has some type of information out there on them. So this is just to help you to stay safe and to keep that information more secure than maybe it is right now. So the first thing that you can do is to make sure that you have long passwords that do not contain any dictionary words, and that is forwards or backwards, because that’s still pretty easy to figure out even if it’s backwards.
SHANE: And it also includes names, like we were stupid and some of our passwords had our kids names in them, and everyone knows our kids names who listens to the podcast. So don’t put names or anything like that, generally that’s easy to spell word, you know, Isaac and Anna, not very hard to figure out. Try not to use anything that’s a real word in any of your passwords.
JOCELYN: You should be using capital letters, lowercase letters, numbers and symbols if they’re allowed in the type of password that you’re using. Some things allow symbols, some do not, so if you can use them it makes your password that much more secure. A good way to get to passwords is to use a password generator like random.org. There’s a password generator on there, you can have as many characters as you’d like and I use those that give you so many passwords, like they can give you up to five at a time or something like that, and I just take parts of each one of them. So I’m not using the entire string. Length is key; make sure that you make them, the passwords as long as they can be, that makes them that much more secure.
SHANE: Someone told me the other day, we were looking at different passwords, and they showed me a password that was basically like capital A, lowercase B, and then like a dollar sign and then it was all periods, and then it was a – then it was a, the password, but it was like 18 characters long and then like the password right below it was like 15 characters and had all sorts of numbers and symbols and things like that. So they both had numbers, symbols, capitals, and lowercase, but the longer password, I was told, was 90 times less likely to be broken by hackers’ software because the longer you make something, it just adds so much more exponential, what’s it called?
JOCELYN: Complexity?
SHANE: Complexity, that’s a great word, thank you for that. I went to the dugout and I got the relief. So basically use the longest pass, if it’ll let you use a 15-digit password, you should do that with whatever you’re signing into because it’s gonna be safer.
JOCELYN: Okay, the next way that you can stay safer from social hacking is to use an email for your username that maybe you don’t use anywhere else. Maybe it’s just your login email, and we’ve actually just done this. We just went and created – I went to Last Pass, I got a string of characters, you know, QZY, whatever, and that’s really not what it is, obviously, but –
SHANE: We’re not announcing our podcast, or emails on podcast.
JOCELYN: But I didn’t give that to one single person, I mean it is pretty much written down in a notebook that only I have access to and written in secret code, so.
SHANE: That email address is like Fort Knox lock-down. Nobody knows it, I don’t even think I know it; I don’t even have it written down anywhere.
JOCELYN: No.
SHANE: No.
JOCELYN: And you won’t.
SHANE: And I never will, ‘cause I might be the source of the hack, you never know. Right?
JOCELYN: Yeah, right.
SHANE: And the reason we say to use a different email than what’s public is because if they get your username or your email, they have half the equation, now all they need is your password. So you should be, not, don’t use a public email address to login to WordPress, that’s crazy. We realized that, we were doing that, and that was one of the ways we got easily hacked. So go make up a random email address that you use for secure things to login into, if it requires that for a username, because that’s gonna keep you a lot safer than Shane@flippedlifestyle.com because now they have to guess multiple ways, multiple things to login to your information.
JOCELYN: The next way to keep your stuff a little bit safer from people who are trying to socially hack you is to enable a two-step authentication on anything that you can get it on. Not all services or logins have a two-step authentication and what two-step authentication means is that not only do you use a username and password to login, but you also get texted a code to your phone that you have to put in as well. So theoretically if someone doesn’t have your phone, then they can’t login and get your information because even if they can guess your username and password, they don’t have that two-step authentication, that phone code that only you would have. And it also lets you know if somebody’s trying to login to your account. If you get a text that says here’s your code and you didn’t request a code, then something’s probably up. All right, the next one, and this one’s a little bit controversial in some circles but, it’s to use Last Pass or One Password, some type of password services that basically acts like a vault and it protects and encrypts your information. And you can use these services to keep all your passwords safe and to login to websites without worrying about people stealing your information.
SHANE: And Last Pass basically means you have one password that will log you in and it’s encrypted and it will get you like to a list of all of websites you have. You can actually go into Last Pass, click on those, and go to the website from within Last Pass. That way you’re not having to type in all these passwords so that encryption is another layer of protection because you’re not physically typing them into your computer. And also, you can enable two-step authentication and things like that on Last Pass which will then protect all the passwords you store there. So if all those passwords are secret, all of them are long, all of them are complex, and all of them are behind that vault, that firewall that’s created by Last Pass or One Password, then without that two-step authentication, nobody, theoretically, can get back into Last Pass or One Password to get to any of your information. We were actually using Last Pass pretty wrong, we had a very simple password, it was totally wrong, we weren’t using two-step authentication and that was part of our compromise is that we were not using all of the tips before Last Pass and One Password to properly protect them. But we are using them now because we feel like, there’s like five or six other ones and we’re not gonna announce publicly which one we’re using, but the basic principle is it will protect and encrypt everything in the background so that nobody – if they can’t break into Last Pass, they can’t get to any of your other passwords as well.
JOCELYN: And this can be a double-edged sword if you’re not using it correctly. If you are just using a password, you don’t have the two-step authentication in place, I mean theoretically if someone gets your one password that you use to login then they have everything that you have. So just make sure, if you don’t do anything else from listening to this podcast, if you were using a password manager like Last Pass or One Password or something like that, please, please, please, pause this thing right now and go put two-step authentication on it immediately.
SHANE: And make the password very complicated, don’t let it be something simple, something that could be easily spoofed, and also too, we have stopped using browser extensions and things like that for Last Pass because those can be spoofed and those can be hacked we found out, which we’re gonna talk about a little bit later in the next segment of this podcast, but we only go to the website, we login to Last Pass with the two-step authentication, and we actually click on all of our stuff from within Last Pass or One Password or whatever you wanna use. So login to the thing; if it’s One Password, use the app login; if it’s Last Pass, login. What’s the other one? We found out another one too, there’s all kinds of different ones, you’ll have to look ‘em up and compare them to see which one serves you best, but we go to the app, we go to the website of the one that we use, and actually login there and click out from there, okay?
JOCELYN: All right, the next tip that we have for you here is to lie on your secret questions.
SHANE: Lie, you dirty liars, don’t tell the truth.
JOCELYN: That’s right. We don’t really encourage lying most of the time, but when it comes to secret questions and your personal information, we absolutely encourage you to not use the correct information, and there are a variety of ways to do this. I mean, you could use completely random stuff like random strings of characters. I actually use parts of the truthful information but I add extra things into it. So it maybe a word and I’ve added extra characters or numbers or symbols.
SHANE: Like the symbols in between it or something.
JOCELYN: Yeah, and I have all those written down because the chances of me remembering it is like zero. So I have all those written down in a little notebook that I keep all the stuff in so that I can remember what I said and you know, in the event that you need your secret question, assuming that you’ve done all the other things that you’re supposed to do like keeping your passwords in the vault –
SHANE: Writing them down somewhere else.
JOCELYN: – and accessing them through the password manager, you know, theoretically you won’t ever need those secret questions, but if you do make sure that you have them down somewhere.
SHANE: So when the, when your bank asks you “What’s your mother’s maiden name?” Don’t say “Smith” say “Encyclopedia.” I mean just use a random word that’s not the correct answer. When they say, you know, “What was the model of your first car?” Don’t say, you know, a “Buick” you know, say “X4397261” or something. Don’t ever – ‘cause those secret questions are a back door. If you totally forget your password, they will go to the secret questions and on some services, some banks even, if you answer three secret questions correctly, “What’s your mother’s maiden name?” “What’s the first model of your car?” “What street you grew up on?” that’s also your superhero name, whatever. But like if they answer those three questions, they get access, they don’t even get the password and then they get to go in and change the password in the background. So your secret questions are a major vulnerability and they pretty much eliminate your password from the equation. So if you have your stuff that is honestly answered, you need to go change that right now, especially your banks, especially your PayPal’s, your financial information, especially your email addresses, because if you don’t, you’re basically handing the keys to the kingdom to all the bad guys.
JOCELYN: All right, moving on to the next tip for ways to stay safer when it comes to social hacking, it is to be careful what you share on Facebook or other social media. Don’t participate in those games, you know, “what’s your superhero name”, “what’s your stripper name”, whatever. Please don’t participate in those because people are looking for that information and even if your profile is set to private, if you posted on someone else’s post there’s a possibility that other people could see that. So just make sure that you’re not doing that. Just don’t, don’t put that information out there. There’s no chance that somebody’s gonna get it if you don’t put it out there; a lot of these things that people might not have access to otherwise. Don’t share pictures or information on like Throwback Thursday. We do those occasionally, we’ll share a picture but you know –
SHANE: Be careful what you say in the text, that’s what they’re farming from.
JOCELYN: Just don’t put any identifying information. Anything that could potentially be contained in a password or anything like that, which won’t be contained in a password because you’re gonna go change them all after this podcast, right?
SHANE: That’s right. They should’ve done that last week actually ‘cause that was our tip last week, so –
JOCELYN: Yeah.
SHANE: – go change your password.
JOCELYN: At the very least, I mean change it for all your financial information, for sure. I mean do that like today. The rest of the stuff, you know, if they wanna pay my bills, I’m not gonna stop them, but it’s still a good idea to change those passwords as well. Let’s see, the next thing is to set your social media to private, we already talked about that a little bit, and we say only accept friend request from people you know and you have met in real life.
SHANE: In person.
JOCELYN: If you’re going through your friends list and you can’t picture the face of somebody who’s on it then, I’m sorry, I’m gonna say “See you later.”
SHANE: And on mine, I’m actually doing the hi-five and the hug rule. If I never gave you a hi-five or a hug, you’re probably getting deleted from the list. I mean it’s just the bottom line because it’s just – we opened ourselves up to attacks by doing this. Some people disagree with this, some people say, you know, innocent until proven guilty, add everybody and blah, blah, blah, because of the social capital, but here’s the deal: I can do the same thing with our public accounts that we can do with our private accounts and we’re better protected there, so. Hi-five and a hug, if I haven’t seen you in person, that’s probably the rule we’re gonna use on our private accounts, for me anyway from now on.
JOCELYN: Yeah, and I agree with that, and if I haven’t seen you in 20 years and haven’t spoken with you in 20 years –
SHANE: Un-friend, sorry.
JOCELYN: You’re probably going bye-bye too, so. Okay, the last thing, the last tip that we have for you on keeping yourself safer from social hacking is to use common sense, and this seems pretty self-explanatory, but you wouldn’t go out on the corner of the street and shout out all your information.
SHANE: “I grew up on 5th street!”
JOCELYN: But technically –
SHANE: “I drove a Buick!”
JOCELYN: Technically, that’s what you do online, and just remember that it’s not always just friends or family that’s watching you online. There could be other people as well. So if you take these few precautions to protect yourself, then that’s really gonna help you to just keep that information safe and where only, where only people you personally know are going to see this.
SHANE: Yeah, alright. So that concludes pretty much our talk about social hacking and everything we’ve learned about that throughout our hacking ordeal and identity theft, and that’s a really, really big problem right now that people are not even aware of and I cringe now when I see people participating in those crazy games where it’s like, “Share this with 50 friends, and, you know, if you love me and love Jesus, you’ll share this” you know those kind of things. Don’t do those, they’re not fun anyway. I don’t know why people even participate in them, but the people following those are bad, bad people and they’re trying to get information to hurt you. So there’s no reason to do that at all, avoid them when you can, and if people keep sharing those things, you need to maybe un-follow the people that are sharing them because they may already be hacked and they’re just trying to spread more misinformation. All right, the second way after social hacking that hackers get out there and try to get your information is they use software. They use viruses, they use malware which is a software with malicious intent and they use bots. Just like Google crawls the web looking for information, hackers create algorithms and programs that crawl around the web and they look for vulnerabilities. They look for holes in the system, you know, the hole in the fence that they can climb in, break in, and try to do damage or try to steal something. Hackers themselves create viruses and malware and they send them out. They work like a Trojan horse, you get them on your computer, you do something to activate them and all of a sudden, the bad guys are into the system, and they’re robbing, stealing and creating more back doors and more holes in the system, in case you lock them out, to get back in. You actually accept or download these files and programs, or the bots might find a vulnerability. If you’re not updating your plugins, those plugins that are not updated may have holes in them that hackers can get in. They create back doors into your WordPress site, boom, the program starts running and they have access to all your information, everything within that system. Hackers can use these programs to literally hijack your browser, and I wanna say this because this is a big misconception, a huge myth out there, every browser and every computer has vulnerabilities and can be hijacked. Safari is vulnerable, Chrome is vulnerable, people make fun of Internet Explorer, that’s fine, it might be more vulnerable but it – Firefox is vulnerable. All of the browsers, no matter what company makes them, can be vulnerable. Don’t buy in to all the marketing that something is safer than the other, we have Macs and we use Chromebooks, and you know, Chrome browsers, and we got hacked on a MacBook with a Chrome browser. Our Safari got hacked, we got hacked and we own MacBook Pros. So it’s not just a PC problem, you might think that you’re completely safe because you own a Mac, but I’m telling you right now that you’re not, because we weren’t and even though we thought we were. MacBooks can be hacked, so can the Chrome browser. So don’t think for a minute that just because Google or you know Apple, their marketing says you’re safe, remember their job is to sell things, they’re gonna tell you what you want to hear. Anything is vulnerable if you’re not careful. Hackers will come in with their virus and their malware, and their bots, and they will spoof web pages. Once they hijack your browser or once they take over your computer, they’ll create fake web pages and redirect you to them. So you might think that you’re logging in to your WordPress dashboard or you may think that you’re logging in to Facebook or your bank, and what really happened was they created a look-alike page and anytime you type in Facebook.com or you know ‘My WordPress Dashboard’, you know, to login, you go to the page that they created, you get redirected automatically, and when you type in your username and password, it’s emailed directly to the hackers. So now they can go to the real login page and they can login on your information. They can break into your Facebook, they can do anything with that.
JOCELYN: But typically there are clues about this as far as the spoof goes. Be sure that when you go to a webpage that you’re looking up at the top corner for the URL, make sure that it has that little lock that says “HTTPS” if you’re typing in any kind of sensitive information like usernames or passwords, just make sure that it always has that. Make sure that it doesn’t have anything weird at the end, like if you’re trying to login to Last Pass or whatever, make sure it doesn’t have a slash and a bunch of characters–
SHANE: Random crap, yeah.
JOCELYN: – that you don’t really know. I mean that, those are all clues. Just make sure that the URL is spelled correctly. A lot of people get into trouble on this on Facebook. I see a lot of times people getting hacked on Facebook and I think it’s because –
SHANE: They’re not paying attention to the URL.
JOCELYN: Yeah.
SHANE: It’s like Twitter. That one time, someone tried to hack us, remember that one that had Twitter and it was two Vs?
JOCELYN: Yeah.
SHANE: Somewhat said, it said, it wasn’t Twitter.com, it looked exactly like Twitter and I looked up at the URL and it said that it was T-V-V-I-T-T-E-R, so the two Vs together looked like ‘Twitter’ but it was actually just phishing for my information and that would be so easy to accidentally type in, but the hackers are really tricky like that.
JOCELYN: Just be aware of that and when you go to web pages, just make sure you’re landing on the correct webpage.
SHANE: Once they hijack your browser or your computer with this virus or malware or these bots that get in through back doors and the plugins and stuff like that, they can even install programs onto your computer called “key loggers” and what happens is everything you type into your computer is being tracked by that software and sent to the bad guys. So if you type in usernames, passwords, you type in your secret code, you type in all these things, these key loggers can actually track all the things you do. So social hacking is a way that they can break in easily or they can narrow down the ways that they can get into your system, but a lot of times you will just accidentally download something or open a link or click on something, like, you know, a picture and that’s gonna put a virus or malware on your computer and give access to your programs to the bad guys.
JOCELYN: There are several common sense things that you can do to protect yourself from a virus or a malware that has been sent out by hackers. The first thing is to update. If your phone, if your computer, if your website, if anything says it needs an update, don’t just press ignore, ‘cause those updates are really important. When you see that it says “Update” update right then if you can. If you can’t update right that second, update that evening, maybe when you go to bed, something like that. You need to do it that day, it really is that important. They’re not always just new features, new bonuses, things like that that go along with your programs or your phones or whatever. A lot of times it’s because some kind of security loophole has been found and it’s repairing that. So make sure you update everything as soon as you see that little notification. Make sure that you have the update notifications on. If you have a phone, if you have a computer, make sure that it is telling you when it needs an update. The second thing is to be really careful about what you open. Don’t click on links from emails from people you don’t know. If it’s somebody on Facebook you don’t know and they send you a picture and say “Check this out,” don’t open it.
SHANE: No matter how good it sounds, you did not inherit money from the king of Zimbabwe, there is no Prince that is in trouble that is trying to reach out to you, and Aunt Martha is not stuck in Europe without cash and she needs you to wire her 1,000 dollars. Anything that sounds too good to be true or is from a stranger is probably bad.
JOCELYN: Yeah, I see this stuff all the time.
SHANE: All the time.
JOCELYN: Just a few days ago, I mean as ridiculous as it sounds, I see this every day. Just a few days ago on Facebook, I saw this thing going around that they were wanting people to share, it was, “If you spend at least 225 dollars in Kroger, you get 200 dollars off.”
SHANE: Oh my God.
JOCELYN: I mean seriously?
SHANE: It’s not real, yeah.
JOCELYN: Seriously? No, people.
SHANE: Yeah, don’t click on that stuff.
JOCELYN: So if you’re not sure, you know, something sounds too good to be true, check it out, look it up online. There’s a website Snopes, S-N-O-P-E-S dot com.
SHANE: Please use Snopes. Oh my gosh, if people would just go to Snopes.com on everything they thought sounded too good to be true, I’d say like half the identity theft in the world would probably stop.
JOCELYN: So just be really careful about that. I see this stuff all the time, so just really, really be careful about that.
SHANE: Be careful.
JOCELYN: Be careful about what images you’re opening. Viruses and all of these different kind of malware, a lot of times they’re delivered just by a simple picture or what you think looks like a picture. So make sure if you’re opening a picture from somebody that you know them and you know what is contained inside. If you’re using a username or password, we mentioned this earlier, be sure to look at the URL, make sure that it doesn’t look suspicious. Make sure that it is correct for you bank or whatever it is that you’re logging into. I actually don’t even like to type in URL up at the top bar. I usually will search for it in Google, even if I know the URL.
SHANE: That’s a good tip.
JOCELYN: For my bank, I search for it every time because that way I know for sure that I’m not mistyping something –
SHANE: Right.
JOCELYN: – and I know that it’s gonna go directly to that page. The next thing is to be careful where you go on the internet and this seems like pretty common sense, basic level information, but people do this stuff every day.
SHANE: And you can get, you can really get lost on the internet very quickly. Like, if you haven’t noticed lately, like all the major websites, ESPN, CNN, what’s another official website, like Fox News or whatever, like these people are letting in some kind of shady advertisers. So when you see those related stories, don’t ever click on things that are like related stories or from around the web, because those are probably like literally two clicks away from a porn site or a spam site or something awful. You just don’t know who is actually advertising in those networks so be very careful. Even when you’re on a regular site, you know those people are there to make money and they’re selling advertisers to people who are not always properly vetted. So be very careful, you can end up in the red-light district or the bad place on the internet very fast.
JOCELYN: This one pretty much goes without saying but in case, don’t install or run any strange programs; that’s never, never a good idea. Be really careful where you buy plugins, only visit official app stores, marketplaces like Amazon, iTunes, those are probably pretty safe. Just make sure that you are in fact logged in to the right place.
SHANE: Even when we buy plugins off like a marketplace, like we bought a plugin one time to see, what did it do – oh it did pop-ups, and I wanted to use this plugin but it kinda looked, I don’t know, it didn’t look very hi-tech, the sales page. So I actually call, I actually reached out to the person who owned the plugin, they wrote me back, and I asked for references, and then I looked up other places on the web that were using this plugin. I actually vetted it before I bought it and downloaded it to make sure that someone that I found for real was using it and it didn’t have any problems.
JOCELYN: We recommend that you do buy all programs, plugins, apps, things like that. A lot of people wanna try the free trial and –
SHANE: Bad idea.
JOCELYN: Remember there’s just no such thing as free, really. It’s just like our kids, when they wanna download games like on their iPads, I would rather buy the paid version any day of the week. I hate all those ads, I hate all of the notifications that come up about buying something or whatever.
SHANE: “Pay a dollar to get the next sword” when you could just pay 5 bucks to get everything.
JOCELYN: It’s super annoying. So not only is it annoying but it could also open you up to accidentally clicking on something or you know, even downloading something that you don’t want on your computer. So just make sure that you’re aware that there is nothing out there that’s really free and it’s always better to buy stuff if you can.
SHANE: Yeah, especially if you, if you search marketplaces for cracked programs and things like that, well here’s the deal, someone basically cracked – like say you’re downloading Microsoft Office and you say, “Oh I found this cracked version for free” you know there’s a lot of searches for cracked Microsoft Office or cracked, I don’t know, Photoshop or whatever, hacked, but like someone bad did that to steal that program from a company. So if someone bad was bad enough to steal that and break it and open it for everybody else, they’re probably bad enough to put in malware and viruses into that cracked program you’re downloading for free. So you’re much safer to just buy the thing, get it over with and protect yourself upfront from anything like that from happening. All right, so that covers number two, our viruses and malware and the bad programs that can get on to your computer, and in our third way we’re gonna talk about how hackers actually break in to your hardware. How they actually can take over your router, how they can take over your machine, and how they get in to that, and this is actually – we have learned the most dangerous thing that can happen, if people get access to the actual hardware in your house, you’re in trouble because they pretty much have an open door into everything that you do. So the third vulnerability that we really want you to watch out for is the actual machines, the hardware, the computers, the routers, all those things in your house that could be compromised that run the actual software in your business. A lot of people think about how hackers can take over your computer, but what we learned is the most vulnerable place in your – what would you call it, like a network or system, Jocelyn, the string of stuff, connects you to the internet?
JOCELYN: I guess I’ll just say network.
SHANE: The network, all right, the most vulnerable part of your network is actually your router, it is the door in and out of your house, out of your computer network, and all hackers really need is your IP address and some form of connection to your machine and they can hijack that and basically wedge a door open into your life that they can get access to all the time. Any open connection that you have with anybody else, like if you have a Skype call, a Skype call or like those fake ads where people send you, you know add, add me as a contact “prettygirl71” or “hunk224”, you know we all get those random things. Those are hackers out phishing for people to create some form of Skype connection or maybe this happens on a FaceTime or you know, I’m not sure about Google Hangouts, but their goal is to find out your IP address. If you connect to someone on Skype and you talk to them, they can run software that identifies your IP address, they can then use that IP and software, specially designed software, to break into your router, they’ll change the password of your router, they’ll turn your firewall off, and that gives them access to your network. Once they have access to your network, they will take over your machines, and that opens the door, opens the gateway and they can do anything that you can do on your computer. They can redirect all the traffic out of your network, so when you get online and you start searching for things on the internet, all that information can be redirected to the hacker’s server, he can decrypt it and look at it, and use it for nefarious purposes and then sends it on so you don’t know. And hackers know that our routers are very loosely protected, it’s the part of the system that most people forget about. We have weak passwords on our Wi-Fi routers, you know we have like we name our routers things that obviously tell people, you know, who they are like “Sam’s family router.” I mean how many, think about the name of your Wi-Fi network right now, I mean you’re telling the world here’s all my good stuff, come break into it. We use crazy passwords because we wanna remember them easily or we want to, you know, if friends and family come over we wanna share ‘em, like “Wait, what’s your password?” “Well, it’s my kid’s name” that’s pretty much it. So your router and your Wi-Fi network are very, very vulnerable. We believe this is one of the main compromises that we had during our breach that someone actually broke through our router and they turned our firewall off, and then they took and assigned a static IP address to one of our computers which basically made the network think that our location, our static IP was that machine and they had direct access to our computer, they could turn on the camera if they wanted to, they could probably see what we were doing, they could turn on the microphone, they could hear what we’re saying and they definitely could see all of the data in and out of our network when we were typing on anything. I mean that’s a very scary invasion of privacy to think about, but the router is the doorway in and the machine once it’s compromised, it’s just like when you connect to somebody with GoToMeeting or you’re sharing screens with someone, they can get in and look around, they can go in and do anything you want. I remember, 20/20 hindsight again, we were looking back, a few weeks before all the hacks started, I remember sometimes I would get up at like late at night, you wake up 3:00 or 4:00 in the morning, go get yourself something to drink, and I remember that my screen was on, on my computer, and there were – you know it was like, it was like something had made it come on like when you move your mouse. But I had the screen saver and everything set to hibernate, I never really thought why like, “Huh, that’s weird” I would just shut my monitor or shut the door on the laptop but it turns out someone was probably actually on that machine really late at night when they thought nobody else was doing it, and they were compromising our information. They can set it up to where your machine never turns off, even when you shut the laptop so like they can still get in to all of your data and information, even when you think you’re powered down. So your hardware is a major, major vulnerability in your system, especially your router, that little forgotten thing that’s out of sight, out of mind, in the bedroom that’s broadcasting your internet, your Wi-Fi, that could be a way that people are breaking in to your information.
JOCELYN: This actually can be kind of tough to prevent but we actually have to do business online of course, and that requires us talking to people and often over Skype and it does opens us up to this vulnerability, but there are a couple of things that you can do to protect yourself. The very first thing is whenever you connect to a stranger on Skype or FaceTime, well the first way is probably not to connect to a stranger on Skype or FaceTime.
SHANE: Yeah, not a total stranger right, anyone that you don’t know really well basically.
JOCELYN: But if you do, if you have to, if you’re in online business, or do something like we do, then you can use a VPN, and a VPN is a Virtual Private Network, and basically what happens is that you connect to the VPN and then you connect to the other person through the VPN. So it’s not a direct connection to your router. The second is, just what I said before, don’t talk to strangers if you can help it, and if you do, get a little bit of background information, don’t just start talking to somebody just because, because you never know what their motive really is.
SHANE: Hotgirl56 is not really a hot girl on the other end of that Skype connection, so when you get that random, you know, “Accept me as a friend, I’d love to talk to you” sorry guys, it’s not true, that’s not really happening.
JOCELYN: And if you do get those friend requests, I’ve been reading to not, not accept or decline them.
SHANE: Just ignore them.
JOCELYN: Just leave them alone, and I always decline them, so yeah I did in the past, so now I’m not doing that anymore.
SHANE: The reason you don’t do that is because just by hitting decline, they can watch the IP addresses on when they’re going back and forth, and the packets in and out of your system will give them a clue if it’s your real IP address or not. So they don’t even care if you accept it as much as they just want you to take some action to tell them where you are.
JOCELYN: The next thing is to check your router often, and we are now doing this pretty much daily. Make sure your firewall is always on, that no one has turned it off, and that your IP address should only be applied to the router and not to an individual machine on the router. Your machine should have local IP addresses and they should start with 192. If your IP is assigned to a machine or a device, or if your firewall is off, you might have been hacked. So go in and check to see if you can. If you’re not sure how to do it, call your service provider and ask them I just wanna check my firewall setting, show me how to do that, and they should be able to show you exactly what to do. Be sure that you have a great password, something long for your router and for your Wi-Fi, don’t make it easy on these people to get in, and those things alone should help keep you safe as far as that goes.
Shane: The bottom-line is guys, that the bad guys are out there and we just want you to be aware of the problem. Be vigilant in setting up your security. It can be inconvenient at times, but the alternative is what we just went through. Your sites can be hacked, identity theft, and it can cause your business a lot of problems, but not just that it can cause you’re a lot of problems in your personal life if somebody gets access to information. We’ve met people, and talked to people during this process who had this happen to them and it was even worse than what happened to us. They took over people’s social media, they pose as them, and started saying bad things and they caused problems for other people through the hack. So it can be inconvenient and, it’s a much more inconvenient and stressful on the back end of getting this hack or having an identity theft problem than it is to just set this stuff up once. Get it done and give yourself as much protection as you can.
JOCELYN: And the purpose of this podcast was not like scare you away from using the internet because let’s face the facts, even if you don’t log on to the internet at all yourself, your banks do, the stores that you shop at, they do. There’s more information out there on you than you realize.
SHANE: Yeah, and you can’t stop using the internet, you have to use the internet in the modern world, even just to run your business or to communicate with the people that you know. So you can’t get away from it, you just got to be able to fight it.
JOCELYN: So if you just take these simple steps that we talked about today, that should help keep you a lot safer online. Nothing is fail-proof, you know, there’s no way to keep you a hundred percent from getting hacked, we can’t make any guarantees, but what we can do is make it harder, and Shane always talks about how, do you wanna talk about like what you said about the alarms and all that?
SHANE: Yeah, it’s like a thief like, you know, if your house, you know, if you’ve got a dark house with no lights, you’ve got no security, and you know, you don’t have a dead bolt on your back door and you got, you know, and it’s real easy to see your movements come and go, well a thief is gonna identify you as an easy target, kick in your back door. But really all he’s there for is to get in quick, grab something valuable and get out. If you have a dog in the backyard, a light on the back door, a big padlock and you got a security system that goes off when the door gets kicked open, you’re much less likely to be the victim of like a robbery. These thieves and guys out there, the hackers, are the same exact way, they want easy targets. Listen, they don’t go after normally people who are online and public and making money and doing podcasts, all these things, they would much rather attack an easy target, steal your information and take out a credit card in your name and spend twenty grand on you. Don’t make it easy on them and they will avoid you and go on to the soft targets, just do all the things we talked about today and that’s going to show you, that’s gonna keep them away from you and they’ll move on to something else.
JOCELYN: We’re just trying to help you to stop putting the key under the “Welcome” mat.
SHANE: Exactly. That’s a bad idea, with a sign that says “If, you know, if you need the key, it’s under the welcome mat.”
JOCELYN: Yeah, so that’s what we’re trying to help you to avoid today. If you can take some of these precautions, there’s a lot less of a chance that you are going to be the victim of identity theft.
SHANE: Go through what we did.
JOCELYN: So we wanna finish up our shows, we do all our shows with a Can’t-Miss Moments, and these are things that we might not have been able to experience if we had not started our online business. And this week’s Can’t-Miss Moment is a trip to Dollywood, down in Tennessee. We took our children and a friend a few days ago, and just trying to get away from some of this madness of this hacking, and it was really good time, and it did – it did help us just to sort of unwind and just –
SHANE: Have some time with the kids.
JOCELYN: Forget about some of this hacking madness for a few minutes, so –
SHANE: Jocelyn like looked over at me last Wednesday, last week, it was like Wednesday or something, and we just looked at each other and we both froze, you know that moment you get when you’re totally overwhelmed and paralyzed, and I was – we were froze and we were like “Let’s leave.” The kids got home, we got in the car and we just left, and we went down there and had a good time, so, definitely, I felt a lot better when we came back because, you know, except for the teacup ride, we rode the teacups and I was sick for like two days, I’m getting old or something like, yeah that’s a bad idea.
JOCELYN: Yeah, the spinning rides just aren’t good for me anymore.
SHANE: The kids loved it, but man, I was going about Mach 10 in that thing, I might have threw out of the teacup, so, other than the teacups, that was definitely, I could definitely miss that moment of riding the teacups at Dollywood. We wanna thank you guys for listening. If you’re new to our program or you just wanna learn more about us and online business, we’d love to help. You can head over to flippedlifestyle.com/flipyourlife and you can learn more about what we do. And finally we’re gonna start something new here on our podcast, you know we know a lot of guys and girls out there that are podcasting include inspiring quotes in their shows and we thought we would start doing something like that as well at the end of each podcast. As Christians, Jocelyn and I draw most of our inspiration from the Bible, so we’re gonna start by including a power verse for you guys, a verse form the Bible that’s impacting our lives at the moment, and today’s power verse is kind of aimed directly at the hack because it was one of the verses that I really clung to during this entire event, and it’s Isaiah 54:17 which says, “But in the coming day, no weapon formed against you will succeed.” And you know as believers we really claim that to be true, and all the attacks that came against us, we’re still coming out on the other side, we like to say we know the hack has stopped, but we’re not for sure that it’s over, they could always come back but we know that the Bible says that in the coming day, no weapon turned against us will succeed. So we are confident that we will come out victorious during this hack and identity theft event. Thank you guys as always for listening, for all of your support, you’ve really been a crutch to us during the last few weeks, and we are so thankful for all the kind words and emails, messages on social media, everything that you sent to us. Get out there, stay safe online and do whatever it takes to flip your life. We’ll see you next week when we’re gonna talk about what to do if you get hacked, you know, we just talked about preventing it, last week we talked about what happened to us, next week we’re gonna tell you all the steps that you can take as soon as you know that your data has been compromised to mitigate all of the damage and maybe protect yourself from a major loss. So that will be next week’s episode and until then we will catch you all on the flip side. See you later.
JOCELYN: Bye.
Neil Miller says
Thank you for sharing your story, you have provided invaluable information. Most of the tips you gave I have never thought of or heard about.
I also wanted to show my appreciation for you ending the podcast with a Bible verse. That was refreshing to hear, I don’t think I have ever heard an online marketing podcast even mention God before. When we think we have things under control God shows us who is in charge…
Shane Sams says
Thank you Neil! Your comment means a lot to us!
Becky says
Thank you thank you thank you for all of your inspiration and seriously useful advice. Your interview with Pat Flynn got me inspired to create my business, your podcast has been walking me through it, and your recent ID theft experience has really opened my eyes to the security threats out there. I’m so sorry your family has had to learn this the hard way, but THANK YOU for helping the rest of us become smarter and safer. Sending you love and appreciation with each listen.
P.S. Your can’t miss moments often bring tears to my eyes and keep the fire in my belly crackling.
Shane Sams says
You can do it Becky! Make some can’t miss moments of your own! We believe in you!
Hero says
Thank you Shane and Jocelyn! I signed up for LastPass because of this podcast (and used a long, secure password 🙂 ).
I’m confused by one thing mentioned in this episode (maybe I misunderstood what you meant): How do you log into different websites from the LastPass website without the browser extension? Do you manually copy/paste the user names and passwords from the LastPass website into say, Amazon, after clicking on the Amazon link from LastPass?
Thanks again for this security series! It was a real eye opener that hackers target regular folks over high profile celebrities.
Shane Sams says
That was confusing the way we said it. What we are saying is, we do use the browser extension in the case that it is installed.
But we don’t go to the SITE and trust the extension to populate everything.
We go to lastpass FIRST, click the true link to the site, THEN the extension can fill it in.
Just to make sure we always land on the correct site and its not a spoofed site. Make sense?
Sorry for the confusion! Thanks for the great questions and giving us the opportunity to clear that up!
Jocelyn Sams says
It’s a standard form. Give a false name if you’re not comfortable using your real one, or just provide your first name.