As a real estate agent, I constantly receive emails from fake title companies asking me to open an attachment. I also receive emails from fake agents or buyers asking me to open attachments . I am usually smart enough to spot the fakes, but some can seem very real or even appear to be from someone I know. It is pretty easy for someone to get hacked through their email, and being hacked is not a pleasant experience. On today’s episode of the InvestFourMore Real Estate Podcast I talk with Idan Udi-Edry, who is the CEO of Trustifi. Trustifi is a company that specializes in cyber security, and we talk about a number of topics, including the prevalence of hacking, how to spot fake emails, what a hacker can do if they gain access to your information, how to protect yourself, the liability from handling other people’s private information, and much more.
Click the green button below to listen to the podcast
How easy is it for a hacker to get into your computer?
Even though I write a blog and may seem tech savvy, I am not. I have a lot of help on the back from people who keep the site running, and I am pretty sure I have more problems with technology than anyone else in my office. In this episode, I learned a lot about how hacking works. I also learned how easy it is for someone to get information from your computer. Idan explains that 95 percent of cyber crime is committed through email. Cyber crime is also the FBI’s 3rd highest priority as far as all crime in the United States goes.
If you do not have the proper protection on your computer, all you have to do is open the wrong attachment, allowing someone to see everything you do on your computer. Once someone gets into your computer, they can see passwords and banking information, which can allow them to steal money or even your identity. I think many of us receive bogus-attachment emails. However, it is often tough to know if an email is real or not. Hackers are able to send emails that appear to be from your friends or colleagues, even though they are not.
What can people do to protect themselves from phishing emails?
Here are a few of Idan’s tips for avoiding malicious emails:
- Always double-click on the name of a sender if the email looks suspicious. Even though an email may appear to come from a colleague or friend, the email address may not be your colleague’s or friend’s email. Make sure the email address matches who you think is sending it.
- If you are going to open an attachment, check the file name to see if it makes sense. If you are expecting to open title work on a property, is the file named 123 5th st title work, or does it have a strange name that makes no sense? Be very suspicious of any file names that do not make sense.
- Completely delete any emails you suspect are phishing for information. Idan suggests emptying your trash can often, not just deleting your emails from your inbox. When you empty the trash can on your computer or delete the trash emails on your email server, those emails are deleted forever. If you simply delete the emails from your inbox, they stay on your computer or server, and you could accidentally open them in the future.
Why should people in the real estate industry be more concerned about hacking and phishing emails?
Real estate agents and investors deal with a lot of money and are a big target for hackers. Wire fraud is a common crime where an email tries to get people to send bank wiring information, or they pretend that they are a title company and hope the real estate agents sends them a wire. Real estate agents also deal with personal information all the time. They handle financial information as well as social security numbers. If a hacker can get access to an agent’s email, they have access to not only the agent’s information but also any client information they send through email.
I ask Idan about the liability those in the real estate industry face if they give away client information to a hacker. He said real estate agents, title companies, banks, and almost anyone else who loses client information because they were not protecting it properly can be held liable for damages. This is one reason I love to use Transunion Smartmove and TurboTenant to screen tenants because I don’t need their social security numbers.
How can you protect yourself against hackers and liability?
Idan is the CEO of Trustifi, which is a cyber security company that helps people encrypt their emails. Right now, Trustifi works with B to B business companies but they are going to start working with consumers in September. My experience has always been horrible with encrypted emails because I need a password, it doesn’t work right on my phone, and it takes forever. However, Idan explains that Trustifi is working to simplify the encryption process. Once you use their program on one device, you no longer have to enter passwords, and a couple clicks will allow you to encrypt important emails. You can find much more information at Trustifi.com.
Getting hacked is not fun and can make your life a nightmare. If you do get hacked, you need to call the police right away, change any passwords that may have been exposed, and cancel any credit cards that could have been compromised. It is much easier to be careful with your email, have the proper protection on your computer, and handle client information very carefully!
[0:00:13.9] MF: Welcome to the Invest Four More Real Estate Podcast. My name is Mark Ferguson and I am your host. I am a house flipper. I flip 10 to 15 houses a year, I own 13 rental properties with a goal to buy 100 by 2023. I’m also a real estate agent. I’ve been licensed since ’01, I run a team of nine and we sell close to 200 houses a year.
So on this show, we’d like to interview house flippers, landlords and the best real estate agents in the business. So stay tuned for some great shows, if you want more information on my rentals, on the numbers, on how I buy properties, check out investfourmore.com.
[0:00:58.9] MF: Hey everyone, it’s Mark Ferguson with Invest Four More, welcome to another podcast on the Invest Four More Real Estate Podcast. Today, I have a very interesting guest, a very interesting topic he’s going to talk about. Idan Udi Edri, I hope I didn’t butcher it too bad is the CEO of Trustifi which is a company that specializes in providing cyber security for email and other encryption services and this is something that if you’re in the real estate world, if you’re an agent, you have seen fraud attempts.
People trying to send wires that aren’t on the up and up, it is becoming a more prevalent crime, in fact it’s one of the FBI’s most investigated crimes now. Idan is here to talk to us about it, give us some background on his experience and how people can prevent the fraud and the crime that can happen through simple emails as well.
Thank you so much for being on the show, how are you?
[0:01:55.9] IUE: Thank you very much Mark and it’s a pleasure to be on your show.
[0:01:58.8] MF: I appreciate it. First off, I’d love to start with kind of some background on how you got into this industry and how your career progressed all the way up to CEO of Trustifi.
[0:02:09.3] IUE: Perfect, thank you for the question. I really started 15 years ago with military background, I was serving as a captain in the Israeli Air Force dealing with telecommunication security and data encryption and infrastructure, which is back in the days the word cyber was still not on the main topic or the main agenda.
Yet we were starting to deal with what we call the digital world security. Having said that, along the years have developed into more and more and then I transfer myself, telecommunication into the data area where the digital started.
That’s where my most professional background coming from perspective of cyber and after wards I ran one of the biggest advanced data security solution for government infrastructure under the company that I was serving which is one of the biggest telecommunication company in Israel and afterwards I joined another company which is Mishini, which dealing with industrial internet things cyber security.
Over there we were focusing on the operational technology side of the organization and how to secure it from cyber-attack. Started as a director all the way to CIO, CTO and CEO of Mishini and then recently a couple of months ago, just joined Trustifi as their CEO that they hired me based on my experience into cyber security arena and basically to take the solution and commercialize it into the market and of course enhance the technology and make it much more accessible for several type of industry within United States.
[0:03:50.7] MF: Great background, obviously you have a lot of experience in this particular industry. I guess, it’s hard to figure out where to start, such a broad subject but as far as emails go, as far as everyday real estate agents or real estate investors who are closing on houses or selling houses, how big of a threat is fraud and why fraud and cyber attacks?
[0:04:15.0] IUE: You know mark? When I’m answering those type of questions, I always like to take the person to the facts. The facts are that at the moment, cyber crime is the third top priority of the Federal Bureau of Investigation, the FBI in the United States. This is a fact that something we cannot argue.
Now, if we’re drilling down inside the cyber crime, we can see that email fishing is 95% of the cyber security threat of today and that’s again, coming from the report of the FBI. Now, if you want to go another drill down within the 95% cyber security threat of email fishing, we can see that for example, the Chicago field of the FBI, released that 551 cyber security complaints are coming from real estate transaction which is equivalent to 64% of the entire cyber crime only in the area of Chicago. These are numbers and those numbers are actually saying that the industry needs to be aware of the fact that they are targeted. They are targeted because you’re dealing with a lot of things that the hackers would like to put their hands on.
This is a really quick background for you to understand why we’re doing this at the moment.
[0:05:42.9] MF: Now, I’ve seen this emails come through, sometimes they’re in my spam, sometimes they’re in my inbox but it looks like it’s a title company sending an email or another agent but it’s really, has not information, it’s like please see the attached closing instructions or something like that.
I imagine that’s one of those attacks right?
[0:06:00.2] IUE: Correct, well email fishing can be a simple email that you’re getting and saying please find attached or one of the new things is to put on the main subject, “following our conversation,” which you never had any conversation with this person or in the subject, they’re going to put something that will take your eyes and basically give you the curiosity to click on the attachments.
For example, please find the agreement or please find attached wire instruction or wire confirmation which is a normal person that deal in this industry will basically, “Oh my god, here, I closed a deal, let’s see who is it.” Then you open the attachment and then this is where the problem starts.
But these are just an example, what you just mentioned that you’re getting a lot of title company, you’re definitely right. One of the biggest problem today is that when you received an email, it was the display name that you are familiar with, whether it’s your colleague, somebody you used to work, whether it’s a buyer, seller, the realtor that represents the other side of the deal, you see the display name but you never double click on the display name to make sure that that’s the right email of this person.
Or this is the person that you’re really talking to. This is where basically the fishing starts, you are opening this email because you see that in the display name is the person that you are familiar with but actually, behind this email, there’s nothing else but a way to take your data and basically sit on you and from this moment, all your information is being tracked into this.
That’s one of the biggest problem that we experience today.
[0:07:31.2] MF: If I click on one of those attachment, I’m not a super tech savvy person, I have a couple of people in my team who are much more savvy than me, if I get one of those emails, I forward it to them, “is this fake? I don’t want to touch it” but let’s say, if I get that email and I click on the attachment and open it up, am I in trouble just for opening it up or do I have to do something with that attachment.
[0:07:52.2] IUE: If you are not – if you don’t have any type of protection on your laptop, pc or whatever you use that detects malware or files or any type of associating logs coming with these attachments, you are definitely in the big risk. Definitely in a big risk. That means that when you open the attachment, you basically doing nothing else but opening your house front door to whoever wants to come in.
In most of the cases, what they’re doing, they’re basically implemented on your computer some type of a fishing tool that’s starting to record your information and send it to the destination where the hacker wants to have it. From this point basically, all they have to do is just basically to start to tail you and see exactly what are you doing, who are you talking to and what type of information is worse for them to take from you.
To answer very clearly your question, once you open the attachment and you don’t have the necessary tools to protect you which most of the case is those people don’t have, you are definitely in a risk.
[0:09:02.2] MF: Okay, I imagine they can get bank information, they can get wire information, they can get passwords pretty much everything you’re doing on your computer at that point?
[0:09:10.6] IUE: Correct.
[0:09:12.7] MF: Definitely need to be careful with all emails and it’s tricky too. I’ve seen those emails where it looks like it’s coming from a friend or another agent but they just look weird, like something’s obviously not right in the wording or what they’re asking for and you click on the name or the email and you see it is some weird email address, it’s not the right email address but it looks like it’s coming from them.
[0:09:31.8] IUE: This is why a part of our recommendation to customers and our clients today that they are not allowed to open any attachment before they’re making sure first, double click on the display name of the person that sent them the email, verify that that’s a legit email address, once you verify this one, before you open the attachments, see if the attachments has a weird header, what we call the file name, whether it’s a file name say contract or something that makes sense and if it doesn’t make sense, don’t open the attachment and simply not only delete the email but shift delete it.
When I say shift delete it, it means take it out of your inbox completely and don’t put it on the trash mail.
[0:10:19.3] MF: What are some of the risks if you don’t delete it complete and it goes into your trash email?
[0:10:23.9] IUE: Because what can happen is that once you leave it physically to file and still sitting in your inbox, it’s still basically dancing there, when I’m saying dancing, nothing is really happening but if you by mistake will go into the trash mail and start to retrieve those emails that you basically deleted and you’re going to put them back in the inbox.
You’re putting a risk that you might double click this file which you’re trying to ignore because it’s sitting in a trash, you completely forget about it, you have a lot of emails during the day so our recommendation is if it’s something that is fishy and you’re not sure not only that you delete it, you are shift deleting it, take it completely out of your computer.
[0:11:07.5] MF: That makes sense and yeah, excessive times, I’ll weed through the stuff in my trash file and especially my phone, maybe you click like the wrong button or you have a fat finger and hit the wrong link, you don’t want to hit that attachment that you’re trying to get rid off.
[0:11:20.5] IUE: Correct. By the way, you mentioned mobile, if I’m allowed. We’re talking about – when we’re talking about mobile, that is actually one of the biggest problem of today’s world because people think that if they delete the email on the mobile, actually the email is being deleted and it’s actually not, it’s going to the same trash as the same trash you have on the desktop.
What we are always asking the people is not only to delete it from the mobile on the trash but also go after which to the trash, simply empty the trash, exactly like you empty the trash in your home. Exactly the same. No different.
[0:11:58.6] MF: I know with my bank and with some other tile companies, they will send me an encrypted email where I have to type in a password and go to another website to see what’s in there. Is that necessary for most emails? Should we all be doing that or are there ways to avoid going through all those extra steps?
[0:12:18.1] IUE: I love your question because actually, this is exactly what Trustifi is focusing on the moment. You’re perfectly right because your question is “Okay, now what? Every email I’m going to have to do double click, log on into some type of a dashboard, put some pin code, put some password,” and then actually this whole procedure is becoming a hassle and a nightmare, right?
[0:12:42.3] MF: Yes.
[0:12:42.7] IUE: Upon perspective of a user experience. That’s exactly one of the things that Trustifi is solving. We created the same infrastructure that give you again the encrypted trustified and certified email but with a much more ease of use approach, meaning we’re not enforcing you to go into a specific dashboard or go on to a specific link, put million type of password, not at all.
We are basically giving you the flexibility to use the same infrastructure as we use today with a simple add on that sits on the outlook which is our software that actually gives you the capability to choose whether you want to encrypt or not encrypt the email and when you open it, you have nothing else to do but to identify your device one time and from this moment, the email will be opened automatically because our system is doing the verification behind the scene that this is really you, with a special unique patent that we developed on the software.
This is basically the end result that makes your user, you don’t really feel that you have something that protect you but you do have something that protects you and we didn’t interfere your way of work.
[0:13:50.8] MF: No, that’s great because I get those emails and I dread them because I can’t remember my password, I can’t open them on my phone usually. Sometimes I don’t even open them because it’s such a hassle, so that’s good to know that there’s other ways to do it.
[0:14:06.2] IUE: You’re definitely right and by the way, that’s why we focused on this and to solve this. Ease of use is one of the most biggest barrier for the industry at the moment.
[0:14:15.5] MF: For these people who are fishing, trying to get financial information, wire information, are they from different countries? I mean, it seems like you’re in the United States, you should be fairly safe, if someone does this, they’re breaking the law but I think one of the problems is they can attack from anywhere and it may not be that easy to find them, is that the case?
[0:14:34.4] IUE: Well, here, I’d like to say the following, you can see better than me that at the moment, the email infrastructure problem is actually became one of the biggest problem in United States, it’s actually affecting the whole election. I mean, the old problem that we have today or were the oldest discussions surrounding Clinton or Trump or whatever happen with the email investigation or the relationship with Russia.
You know, if you’re going to go deep into the detail, you’ll see it’s all surrounding, at the end of the day, the same issue which is the protection of the email, the protection of the privacy, the protection for the infrastructure that you have when you work.
That’s exactly the main topic. When you say different country, when we’re talking about real estate, we cannot necessarily say that this is a country involved that has an interest to influence the industry but – when you said in United States we’re fairly safe because it’s considered to break the law, unfortunately I cannot agree with this thing because it’s not working like this.
Even if you’re breaking the law today, hackers are still doing it because classic ransom cases, whether you eliminate a full hospital and ask for a ransom or stealing new information of wire transaction for a real estate deal, at the end of the day, it’s the same crime but it’s still happening every day.
I can say that one of the biggest problem of today is actually the awareness and the fact that people are still – didn’t change their state of mind by saying the same way that you Mark or any person buy a house and when you buy a house, you also buy some type of security system and I promise you you’re going to have a lock on the front door because you don’t want your house to be open and you put maybe a camera or some type of alarm system.
Then you buy insurance to protect yourself. The same state of mind, the same way of thinking needs to be today when you open a free email account. Gmail, Yahoo, whoever infrastructure did you want to choose to work with. At the end of the day, you must take under consideration that you need to buy this lock of the front door also for your email.
That you have to buy some type of encryption or software that will protect your privacy and your information the same as you buy a camera system for your house. This is one of the biggest barrier that we’re trying to do with the help of people like you whether they’re running a podcast or a blog or a journalist to increase the awareness of the people by saying — The state of mind of today needs to change, free email services does not necessarily mean that it comes with security. If your privacy and information and your data that you’re sharing, your bank account, your kids, anything you’re doing over email today which is almost 99% of your entire life, sitting on those email boxes, it’s about time that you will think also how to protect it.
[0:17:33.2] MF: That’s a really good point because you look at some of the biggest corporations in the world like Target and I forget which other ones that got hacked and I’m sure they had pretty – well I hope they did, pretty massive security majors to protect people’s data and yet it’s still got out there, I don’t know if you can speak much on those situations or not.
I mean, it seems like if those giant companies can lose information and get hacked, it would be much easier for individuals using like you said, free email or just regular email to get hacked as well.
[0:18:04.8] IUE: Yeah, I mean, in this respect I can say very clear that and I’m not giving any news, you know, everybody knows that, you know that even big governmental infrastructure are being hacked and we’re talking about the top security and the top secured offices or government officials that are secured and they’re being hacked. I mean, why we need to go so far?
I mean, the whole Clinton case is based on the fact that she used apparently what they said to use her private email and the work email of the same device which creates problems but she didn’t know what exactly she’s using at the moment where she’s starting to send the email, which caused the infringement.
You’ll have to take under consideration as I said that when you open an email and when you use it, what is the protection you need to implement in order to keep your privacy and your data secure?
[0:18:56.9] MF: That’s great. As far as your company and the industry in general, I mean, hacking is kind of like, there’s been movies about it, it’s kind of not really glamorous but kind of like the new crime. Some really smart people obviously are hacking people, are developing new ways to get in to systems and I imagine, it’s a constantly changing environment where your company or any other company providing security has got to be always changing and always developing new stuff.
I mean, is it pretty crazy how fast things move and how fast you have to develop new techniques?
[0:19:35.7] IUE: Yes, this is a great point Mark, one of the most challenging industry of the world of today is actually the cyber industry. Exactly because of the reason of what she said, when we developed the cure, the hackers are already in the next disease and that’s the best metaphor to show it and that’s the reason, as a cyber security company, we’re investing a lot of efforts, resources, money and people on what we call reconnaissance. Reconnaissance is one of the most important tool we have today as a cyber security company or any cyber security company in the world.
That doing the researches behind the scene, whether it’s going offline, whether it’s going dark net and try to work as much as possible by getting the right intelligent and reconnaissance to understand what is the next problem, what is the next, let’s just say disaster or zero day attack we might experience and we’re always trying to go into the hacker’s mind by saying, “what is the target” or the easiest approach of them to reach the same results.
By the way, here I can mention that you know, when I went to CEO of my former company, actually there was the – when we discovered it, one of the most biggest vulnerabilities of the big industry players of today is actually the operational technology.
Because nobody really pay attention to this area become vulnerable because it’s talking to the same IT network and nobody take under consideration how to protect it. Then the hackers detect that this is one of the biggest vulnerability point so they can use this area to make the same attack, getting the same results with less effort.
This is what I’m calling, getting in to the hacker brand, the where and how and what they want to achieve and how we’re going to stop them before it’s happening.
[0:21:29.2] MF: I imagine it’s almost kind of like the CIA or you know, the government secret agencies where they’re sending in spies and people to infiltrate criminal organizations, you’re almost trying to do the same thing.
[0:21:41.4] IUE: It is, reconnaissance it’s again, is the most important tool that you need to take under consideration today.
[0:21:49.1] MF: Now, with all the hackers out there, with the government trying to track down people, are there, as far as your company goes and other companies that provide security, are they helping find these hackers and turn them in, do you guys have any part in that side of it?
[0:22:05.9] IUE: Well, there is a lot of consortiums that’s activating and call of writing with a lot of startups that did with cyber security because you know, in cyber security there’s a lot of domains.
There is the domain of IT, there is kind of the TO, there is the domain of the emails, there is the domain of the network. Those consortiums are actually the best ecosystem for cyber security company and cyber people to work surrounding and to create better ideas and to participate and also to share this information with the government institute like FBI or secret service or whoever responsible for the security of the people in the United States.
[0:22:42.2] MF: No, that’s pretty cool. It’s an exciting and changing industry you’re part of, that’s for sure. If someone gets caught hacking? I imagine it depends greatly on the crime they’ve committed and if they’ve actually stolen money or not but what kind of penalties do they face? What are the governments doing to stop the hackers and try and put some fear in them that they will be punished if they got caught?
[0:23:04.8] IUE: I think that the FBI today is putting a lot of effort on joining and participating in cyber security conference and I am a witness of it because I see that there is a huge corporation of the FBI today with cyber security company and start up and CEO’s and CIO’s of organizations and the FBI is actually activate as a technology unit to learn, to study and to share information with the industry and with the cyber people.
Actually to increase the awareness and to show that they are here to support and to help whoever got the attack hacks infringe and to give them the first, let’s just say incident response team that will help the customer, the client or the citizen to overcome the problem he’s experienced. So I think from the perspective of the government there is a lot of cooperation running right now and I can only witness on the FBI because these are the people that I see mostly.
In the conference I’m participating and talking to and I think this is a major change and one of the most important change that happened today in the FBI specifically and in the United States because there is no other way to learn how to protect from the bad guys if you’re not joining those ecosystems, share the information, talk to other startup companies that are doing a lot of amazing work of finding and fighting to get the best technologies out there to protect us from those bad guys. So really in this respect, I can tell you that the FBI is doing a lot of work in this area.
[0:24:44.9] MF: Very cool and I don’t know if you can answer this question or not. If you can’t that’s fine but I am just curious, as far as the governments go and the private companies go, is it a mix of who’s coming up with new technology and new policies to fight it or do you think it’s mostly private companies coming up with new ideas or is it governments with their massive funding coming up with new ideas to fight crime? Can you say which one is doing more or less?
[0:25:11.3] IUE: I will say that it’s a combination of everything because first of all, I can’t specify specifically who’s doing what but I can say that it is definitely a mutual effort of a combination of everything together and it’s not necessarily a specific government or a specific private company that is doing it. It’s a combination of everything. I think that is the best answer in this respect.
[0:25:39.5] MF: Okay, that makes sense. All right, so changing subjects slightly what if somebody gets hacked and they lose, you know someone gets on a computer, they get a bunch of their personal information, what do they have to go through? How horrible is it first as to what might happen to them and then what do they have to do to fix that situation and get back to normal life?
[0:26:00.4] IUE: First and foremost, I am going to play the role of the FBI in this perspective and I will say contact immediately the FBI. If you’ve been hacked and I am talking about industry or of course, I’m not talking about individuals because if your son or your kid or your wife get hacked and somebody took her information then obviously she needs to complain to the police but I am talking about specific clients or industries or commercial companies.
First, contact the FBI because it’s important because of several reasons. The FBI cannot learn or cannot perform any due diligence or intelligence or reconnaissance if he doesn’t know that it’s happening. So that’s number one, inform, give them all the details, let them do the investigation because this is how they find the bad guys fast and much more efficient. Second is, understand the damage. Understand what exactly has been hacked, what is the type of information was there and make immediate actions.
Don’t wait, don’t estimate, don’t think that, “Okay it is not a big deal” every piece of information today is a big deal. If you lost your driver’s license picture or a simple insurance card, every piece of information inside at the end could be a boomerang effect and come back to you from a different angle. Whether it’s just security questions, whether it’s your online banking, all those other different things that you are doing online today.
So first understand what is being hacked, what type of information is now in the hands of somebody else and always, always, always, hope for the best but expect the worst. If you are not going to worst case scenario, you’re going to take it easy and you do not understand that you are basically at the moment very much honorable. So if you’ve been hacked as I said, if you are a big company inform the FBI immediately. If you are an individual client, you have to go to the police station and report it.
They have a local cyber team and they would know what to do whether it’s financial or simply identity fraud. Two, understand what exactly is being hacked and immediately perform the action. Change your ID, go to the DMV and report it if it is a driver’s license. If it is a passport copy, obviously go and change your passports, change any type of information that might be hurt in the future but the credit card, obviously cancel the credit card immediately.
But the most important thing, once you perform all of those changes change your password no matter what as a source reaction and don’t use passwords and this is one of the things that I am always saying in client cases, 1234, 4 times zero, your birthdate or your social security number, these are not passwords. The password needs to be complicated and it needs to involve a lot of these letters and characters on the keyboard to make as hard as possible to hack.
So changing passwords by the way generally speaking is something you need to do every month and not just the way that it is going to happen and number two, after you have been hacked, ask yourself the following question if my email is being hacked, “is the password I’m using for my email services is the same password for my social network, for my bank, for my online activities?” If the answer is yes, then obviously your first reaction is to change the entire password of everything you have online.
If the answer is no, go ahead and change where you think it might be possible that you’re going to be hacked on the next stage.
[0:29:45.4] MF: All right so that’s some great information there. One thing that’s popping through my head when you were talking about the easy passwords was when you watch these movies where the hackers have these programs that run through thousands of different password possibilities to try to find the right one? Do they actually use those? Are there programs? Are there bots like that that they will use to try and find those easy passwords?
[0:30:07.0] IUE: Yes of course and today, actually the effort is being invested in not trying to find and reveal the password but actually to retrieve the password based on the security questions and again, the reconnaissance is coming into the picture. In most cases, people use the same security question statistically. “What school did you learn, what’s your mother’s maiden name, what is your first car?” for example, a lot of people are using the same questions.
So if you’re doing reconnaissance on your target and you go to Facebook on his social network, his Instagram, I promise you I can find a picture of his car, I can find background information on his mother or his father or his entire family and I can find a lot of information that will help me to answer those security question and retrieve his password. That’s the reason why we’re always saying from a cyber-perspective to make it hard as possible.
Use a two-factor authentication wherever you can and wherever the services that is giving you the opportunity to use two-factor authentication and today, Facebook and every social network even email infrastructure giving you that possibility to use two-factor authentication. I am telling you and I am telling everybody who listens and read your podcast, that is the most important thing. Use two-factor authentication because it is a really big barrier for a hacker to attack your infrastructure.
So to answer your question, yes there is of course tools and programs to reveal password of people even a simple sniffing to your keyboard or where you type your password is also something that is very common to a hacker to listen to your keyboard. This is how we call it but on the other hand, if you use two-factor authentication you eliminate all the password retrieval because it is not going to help. The factor number two comes into the picture.
Whether it’s your phone, your SMS or any type of information you deliver for giving the two-factor authentication and this is where you basically block the potential hacking to your system but most of the effort today is actually on the retrieving of the password less of the revealing of the password. I hope I made it clear as much as I could.
[0:32:28.8] MF: No, that makes sense and just to clarify, explain what the two factor password is exactly.
[0:32:34.6] IUE: Two-factor authentication means that the first log in attempt you’re going to use your password whatever password it is but then, it’s going to ask you to enter another code which in most of the cases is going to be a dedicated text message that you are going to get to your phone that you put on the two factor authentication enrollment. So whether we are talking with a bank, the bank even went another step forward and actually they are recording the machine that you are using.
Whether it’s a laptop, computer or a mobile they are recording some type of information to verify whether it’s the same computer you’ve always log on to your bank account and if it is not the same computer, it’s going to ask you to recognize that you are using a different computer to log onto your bank account, please chose the following authentication level, a text message, email or a phone call. This is exactly the factor number two.
In a very simple word it means this is not only your password that require you to log into your information. It is a password and another factor whether it’s a text message, whether it’s a phone call or a different email address that only you know in order to log into the account.
[0:33:54.0] MF: That’s great and so when you do use and I’m sure everyone has got a note where maybe it’s a hotel computer or a friend’s computer and they ask you for that extra level of identification, it’s not being a pain. It is protecting you so that’s a good thing.
[0:34:09.7] IUE: Let me ask you and this is exactly the state of mind I’ve mentioned before, when you go and buy a house, if you are leaving your front door open would you feel comfortable sleeping in this house?
[0:34:22.6] MF: Right, no.
[0:34:24.5] IUE: Probably no and that’s the answer you’re going to get probably from any normal person right? It’s the same thing. If you are using your email and you don’t put a lock in your front door whatever opened this email to the world, are you feeling comfortable to scan your bank statement, to run a real estate deal, to scan your password for your travel agent, do you feel comfortable leaving it so wide open for everyone who just want to see it? I don’t think so and that’s exactly the state of mind we need to change.
[0:34:53.7] MF: That’s great information. So with Trustifi and what they’re doing, can you talk more about if people want to protect themselves more how your programs work, how they can get in touch with you and how to get started?
[0:35:07.4] IUE: Yes, Trustifi at the moment releases the first version for B2B meaning our targeted audience at the moment are businesses but starting on September this year, we’re going to release the first version of a software that actually will talk to any consumer, what we call in the business world B2C that any consumer heads home that use no matter what he’s using, his Gmail, Yahoo, Outlook, whatever infrastructure he would like to use for his email, all he needs to do is to go to Trustifi.com.
And on the website, he’s going to download our software and this software will sit on his computer and basically create an icon on every email he is going to send and this icon is going to ask him, “Do you like this email to be encrypted? Yes or no?” very simple. You don’t need to understand nothing in the technology. All you need to do is to download the software, follow a simple five step installation process and from this moment you’re going to be asked whether you use your Gmail, Yahoo.
Or if you are about to compose a new email, it’s going to ask you, “Would you like to have this email encrypted? Yes or no?” that’s question number one. Question number two, this is where the certification comes in place, “Would you like that this email would be certified?” this means that you want to make sure that the destination of this email is really the destination you wanted to approach from the beginning.
So if we take a simple example, if Mark now is closing a real estate deal and now he is sending his bank statement with basically all of his private information over a bank account to the other realtor of the deal and he wants to make sure that this is really the person who opened this email and saw this information, then he’s going to use the certified and when you click on “certify” it’s going to ask you to put some details of the person that’s receiving this email and I am talking exactly on two details.
His phone number, his email address and another factor that we’re going to choose for you. You’re going to click this information in and then the person will get an email from you saying: “Mark sent you an email. This email is encrypted, please double click on the file and follow procedure” this person will click on the file and then he’s going to automatically get a text to his phone and with this code he’s going to open the file and done deal.
You as a person will get a notification that this is the person for sure who opened the email, that’s the target, that’s the time you open it and it’s certified meaning the person really opened the email, the person that you wanted really is the one who opened the email. Now of course behind the scenes it sounds very, very simple from a user perspective but from our technology perspective, we are combining a lot of different tools.
Cyber tools, profiling tools, information tools of your destination email to understand and to make sure that first, your files are encrypted, cannot be hacked and second, the person who opens the email really is the person you’ve met.
[0:38:17.1] MF: Oh that’s awesome and another question popped into my mind while listening to that and that is let’s say as a real estate agent I’m sending someone’s personal financial information to a bank lender and let’s say I don’t encrypt that email or do anything special to protect it and someone else gets that information and hacks my client. Can I be held responsible for not protecting that financial information?
[0:38:48.3] IUE: That’s the perfect question and I would like to address here one domain. I just came from a conference dealing exactly with this question and the conference I came from is actually a Travel Conference, the Travel Tech industry saying that, “Okay I am a hotel and I checked in and now when I checked out, 90% of the people today don’t really go to the receptionist to check out. They just leave the hotel and then they email in the folio, arrive to your email and then that’s it.
Their credit card is on file and if you have a problem you are calling them especially if you are a business person. So here’s the question that’s been asked in this conference, what happens if a different customer getting the room statement of mine and the room statement basically contains my address, my name, the last four digits of my credit card, sometimes it’s my membership number of the hotel chain whether it’s Hilton or any different hotel in the world and the person can also see exactly what was my activity in this hotel.
Where is my room number, if I watch porno or if I made a call for any type of call line, what are the number I’ve made a call to because everything is on the statement, basically the hotel breached my privacy and then the question that came online was, “Does the hotel liable to the customer privacy uses his infrastructure?” the answer is completely yes because if you are going now to a hotel and you log in into the hotel Wi-Fi and you being hacked, it’s the hotel’s responsibility.
To make sure that the Wi-Fi network is secured enough that you’re not going to be vulnerable as well as your information. When the hotel sends a billing statement, he needs to put some tools to make sure that you are really the one who gets the bill statement. What happened if my wife got the bill statement and I watched porn over there? Imagine the discussion I’m going to have at home afterwards and this is breaching of privacy of a customer.
So which brings me again to the solution like Trustifi and of course, there are other companies that’s playing in this field that is saying, “Okay, what are you as the hotel or the hotel chains or the travel agency or the lending company, what are you guys doing in order to protect my privacy and how do you make sure you’re not going to send my information to the wrong person?” and that’s where the liability comes online and definitely those companies are liable for our privacy as their customer.
[0:41:22.2] MF: Yes, so real estate agents, title companies, lenders, we all have to be extremely careful when handling private information especially financial information through email.
[0:41:33.0] IUE: Exactly and you know better than me by the way, in real estate when you try to apply for a finance or even just to buy a house or to rent a house, in most of the cases they are running background check and in order to run a background check, you need to give information such as your social security and a lot of different private information which is being held on the hands of the realtor.
[0:41:53.8] MF: Yep, exactly. That is one reason for my rental properties, we use Trans Union to do our background checks and credit checks because the user, the renter can enter their information directly on their site. We never see it, we never touch it which I love because I don’t want that liability. I don’t want somebody’s social security number.
[0:42:12.6] IUE: Exactly, it is solving you one part of the problem but it doesn’t solve you the other part where it’s the bank statements and other couple of information running on your email as a realtor.
[0:42:21.7] MF: Yep, exactly. Great information, now Trustifi.com obviously where people can go to learn more about your company. Is there anything else that we left out? Anything else you want to cover while we still got you on the line?
[0:42:35.0] IUE: I believe we covered everything and of course, that’s the time to say that the first of July, we’re going to push online the new website with a lot of information talking exactly what I just described and everybody can go online and learn and I am not giving now a sales pitch or something but really from a perspective of learning and understanding where are we vulnerable as clients, as customers, as citizens and to learn from our website and if they want of course to try the software and to see how they can protect their privacy.
And always remember and this is my last statement in this respect, the same way you make sure you have a lock on the front door of your house is the same way you have to make sure you have a lock on your emails.
[0:43:22.6] MF: Yeah, that’s great information. I know a lot of people are out there or in the past say “It’s never going to happen to me you know I’ll be okay” but if it does happen to you, it can be a nightmare to fix it and change everything and get everything back in order and it may never quite be right again from what I’ve heard with some identity theft cases.
[0:43:43.3] IUE: Correct and you are going to regret that you didn’t put anything to protect you at the moment it happens.
[0:43:48.2] MF: Yep and I am going to start doing more on my end too because there’s so much out there or people are careless and it just takes a few simple steps to protect it and it can make a huge difference.
[0:43:59.0] IUE: I agree.
[0:44:00.2] MF: Well Idan, thank you so much for being on the show. I really appreciate it. I learned a lot. I think you helped our listeners learn a lot as well about how prevalent hacking is, how it works, how to protect themselves. I’ll write up some show notes and of course link to Trustifi.com and thank you again for being on the show and I really appreciate it.
[0:44:19.1] IUE: Thank you very much for your time and thank you for everyone.
[0:44:22.1] MF: All right, have a great weekend and I will keep in touch.
[0:44:25.3] IUE: Thank you, buh-bye. Have a great day, Mark.