The Retirement Success in Maine Podcast Ep 050: How to Keep Ourselves Safe Online as We Age

 

 

Transcript 

Ben Smith:

Welcome everyone to the Retirement Success in Maine Podcast. My name is Ben Smith. I am joined by my colleague Curtis Worcester, the Mark Zuckerberg to my Jack Dorsey. How you doing today, Curtis?

Curtis Worcester:

I'm doing well, Ben. How are you?

Ben Smith:

I'm doing well. It's end of summer into fall right now.

Curtis Worcester:

It is.

Ben Smith:

In Maine it's really starting to happen. You're starting to see a little change of leaves and things are starting to go there. But obviously as we're thinking about changing in seasons and things that might be happening to us, one of the things we've been talking about a little bit on the side, maybe even from a client perspective is security and cybersecurity. We are at episode number 50.

Curtis Worcester:

50.

Ben Smith:

This is a pretty big episode for us. We really wanted to go and try to find someone, actually we've been searching for a while. Someone that has a high level of expertise in cybersecurity. The premise of today's show is how to keep ourselves safe online as we age. What we're finding is cyber criminals and fraudsters, they're really always attempting to go for the most vulnerable targets and really not enough is being done to protect and educate the elderly who are among those who are most regularly targeted by online scams. While we discuss a lot of things, especially stay at home right now during the pandemic, about protecting the workforce online.

Ben Smith:

But we have a lot of population as we age that are becoming more web using, tech savvy, and they're using the internet really without any in-house security team to help them navigate the dangerous posted by scammers. And as we know, we've had this happen where our clients have come to us with an email or something that looks legitimate, but criminals have always targeted the elderly in a way from the protections of an organization with firewalls, especially, but antivirus protection and other securities measures. Older users, especially those identified as wealthy are viewed as an easy target for cyber attackers, whether it be phishing emails, fake invoices, phony tech support calls, scammers are always attempting schemes against people who in some cases are really the most vulnerable targets.

Ben Smith:

But as population grows older, more and more services switched to becoming more predominantly digital and online. The issue of cyber attacks targeting the elderly is only becoming a bigger and bigger, more damaging issue if something really doesn't change fast. That's really why we want to have this conversation today, because we're starting to see this wave starting to really hit people. That's really the premise of our show today. Again, we did a really big search here looking for somebody with cybersecurity expertise. Our next guest graduated from Harvard University and studied advanced computer security at Stanford. He's the founder and CEO of Achilleion, a cybersecurity startup based in Los Angeles.

Ben Smith:

He's a software developer, cybersecurity and compliance expert, and is a serial entrepreneur. He serves as a technical advisor to several companies in the healthcare, consumer technology, real estate and financial sectors. He served as the CEO of Rizm and Equametrics, which developed revolutionary algorithmic trading technology. Rizm raised $5.1M and was acquired in 2015. He also has extensive experience building web based and mobile applications and multiple languages and frameworks. At this time I'd love to welcome Amir Tarighat to the Retirement Success in Maine podcast. Welcome Amir. Appreciate you hoping on

Amir Tarighat:

Everybody. Thanks so much for having me. Pleasure to be here.

Ben Smith:

As well with the Retirement Success in Maine podcast, we want to get to know you a little bit, Amir, in terms of who you are, what you're about, your work life, all that. Let's just get a little bit of your background and biography, including your path towards working in the cybersecurity space. Tell us little beginnings there.

Amir Tarighat:

Yeah. Absolutely. My first company was in the financial technology space and pretty much every job I've had or company I've started has been in regulated industries. Healthcare, finance, touching on areas that compliance and security are a critical component of what you're building. I've always had an interest in that. I did decide to formalize my knowledge and experience by doing the program at Stanford, which was a really great program. It's a problem and field that I've always been interested in and passionate about solving, especially on the personal side of, a lot of the industry is focused on enterprise security and corporate security, a much smaller portion of it is focused on helping individuals.

Ben Smith:

Got you. Can you tell me a little bit about, how did you develop this love for working in the computer security space? Right? Because I can imagine it's something where it's not probably from day one, you start out going, hey, when I grow up, I want to be in the computer security space. How did the that evolve for you?

Amir Tarighat:

It's a part of what every developer has to do, especially when you're in those regulated industries. I was always exposed to it. The thing that you love about it or the thing that I love about it, is not necessarily the compliance work, it's the dedication and passion you have for helping people and for dealing with issues when they happen. It really comes from the calling of doing that sort of stuff.

Ben Smith:

Awesome. I want to hear a little bit about this, because I think this will give us a little bit of framework as well. Can you talk about how your space has really changed over the past 10 years? Right? Because I can imagine what you were doing 10 years ago to what you're doing today, it's got to be worlds of difference. Can you talk a little bit about that and how it's changed?

Amir Tarighat:

Yeah, absolutely. Cyber security has changed a lot. There's been incremental, progressive changes that aren't ground shattering. A big change that happened around 10 years ago was the shift to cloud computing services. And that's still happening. It's still happening today. The way that security has done for cloud based applications and if someone else is really owning the server that your applications and servers running on, it's different. That changed a lot. That's probably the biggest shift, but the area that I've been focused on and actually probably the biggest shift in computer security in the past 30 years, just started happening in the last two to three years. And that's that, hackers have on mass shifted their focus from attacking traditional targets that we think of as companies and their systems to targeting individuals.

Amir Tarighat:

Even the really large attacks start with attacks on individuals and move into the company. The example I give for that is the Colonial Pipeline attack, which was just a couple of months ago. About a month after Bloomberg reported that the way that that attack occurred was that an individual employee was compromised in their personal life, had nothing to do with company systems, computers, anything. A password was stolen and the password that that employee used for whatever site, you don't know what site it was for, happened to be the same password he used to log into his company network. The attackers were able to log in.

Amir Tarighat:

Now what's interesting about this is that, these attacks, we like to think of them as commodity attacks on data. The people that attack that person probably didn't even know what his net worth was or what company he worked for. It was all just, this is what we can do with this. This person works here. Let's see if his password for this is the same as his work password. That's how it works from attacking individuals, which are really easy and profitable for attackers. Attackers are operating a business, and then moving into companies.

Ben Smith:

Well, that's scary, from the first part. Maybe, can you talk a little bit about then your organization Achilleion? Can you talk about what you guys do and how you help folks with cybersecurity?

Amir Tarighat:

Yeah. Achilleion is the most comprehensive cyber security for individuals. What we do is we provide security for people and we sell that directly to consumers. It starts at $20 a month. We also sell that to companies, leading companies buy it for their employees, in the scenario of Colonial Pipeline, it would have prevented that attack. What we do is, it combines three things. It's software that goes on all your devices, smartphones, computers, tablets. Monitoring, I like to explain it as ADT for cybersecurity. When something happens we're the first responders that get involved. And then the third part is risk management. There's insurance like coverages that cover you for lost funds, repair, replacement, remediation, ransoms, that sort of thing.

Ben Smith:

Another way to put that is, I know you Amir, you and I talked about this, was, hey, if you're in an organization, you're provided a lot of these kinds of resources and there's all these, maybe the firewall pieces and all these things are baked into your ordinary work life experience. But when you are maybe not working anymore or in your personal life in general, you probably don't have access to those same level of resources. It sounds like Achilleion's solving that gap. Was that true?

Amir Tarighat:

That's exactly right. Actually I remember one of our customers phrase it that way. He was like, I just retired from a large company. I'm used to having an IT team, and this replaces that.

Ben Smith:

Nice. Well, I love that. I think I'd be remiss to not ask this question Amir, was, of course anybody that comes on the show, and again, the title of our podcast is Retirement Success in Maine. Do you have any connections to Maine at all?

Amir Tarighat:

I have a few. I've been to Maine a few times while I lived in Massachusetts, drove up a few times. I had a friend that went to Bates College in Maine. I think I visited Acadia National Park once.

Ben Smith:

Nice. [crosstalk 00:11:04]. Awesome. Well thanks for that. I do want to rotate into this whole topic, what we have today. And again, we're excited to have this conversation because I think we're going to learn a lot here today as well. But this whole topic of how to keep ourselves safe online as we age, I really want to start with some foundation. Can you just give us a little bit of framework or rundown on elder fraud and why seniors are frequent targets rather than other segments of the population? And then I'll ask a follow up from there.

Amir Tarighat:

Yeah, absolutely. Elder fraud is this general category of other crimes that are targeted against elderly people. They can be, not all of them are crimes in the sense of money being stolen. Some of them are things that are scams, that just waste people's time or are intended to embarrass them or give them a hard time. But the main ones that we talk about or we see are stolen money or scams that trick someone else, socially engineer them to hand over money or account credentials or other things.

Ben Smith:

Got you. Can you talk about then, let's just maybe define the term here. I know we've thrown this out a couple of times. Can you just talk about what is cybersecurity? Because I think a definition might be helpful just to start.

Amir Tarighat:

Yeah. Yeah, absolutely. And leading into that, nowadays a lot of the elder fraud is done online or through digital means. It's critical. Cybersecurity, often people think of when they think of cybersecurity, they think of software, like their antivirus or their VPN. Typically that's not what you mean, professionals in the cybersecurity industry and cybersecurity. Those are what we call countermeasures. They do one specific thing like close ports on your router. But cybersecurity is much more general than that. It is the detection, prevention and then management of these cyber attacks or cyber risks. It's not just about preventing things. It's about identifying them. It's about stopping damage and actually addressing the issue and having plans to address the issue when it happens.

Curtis Worcester:

Nice. I like that. I want to continue on just building a foundation here for our conversation. I know you just touched on it briefly, but what are some common elder fraud schemes that are out there today?

Amir Tarighat:

They fall into a bunch of different categories. One of them you touched on is fishing. Fishing is where you get an email. It could be pretending to be an organization that you normally work with. It could pretend to be a person that you know. It could be a text message. It could be a message on a social media platform, basically social engineering you to do something. This is not something genius hackers are doing. This is as simple as I go to a public records site and I Google who your relatives are. And then I send you a message pretending to be your cousin and ask you to do something. That's it. Or one of your vendors or somebody that you know.

Amir Tarighat:

It breaks down into other categories. There's instances where someone will pretend to be a grandchild or a relative, grandparents scams, they're often called. Another big category of scams that you see a lot or hear about is tech support scams. This is where there's a fake virus. It's not really compromised your computer. It might be a pop-up from a website that makes you think to a person that's unsophisticated, who doesn't have a lot of experience using technology, that their computer has been compromised. It'll usually pop up with something like a phone number, something to call, and it will be a call center overseas. They will charge you money. It's almost fake extortion, because you don't actually have ransomware. But they convince you that you do and that you need to pay some money to do that.

Amir Tarighat:

There's a whole bunch of other ones, there are scams that relate to home repair or mortgages or financial scams. There's often phone scams that you get a phone call and people will pretend to be from the IRS or something and ask you to send money. A really nasty one that I've seen is where someone will call you, and let's say, I know what bank you use, and I have some information about you, like your username, but maybe not your password for your bank. I'll call you, tell you I'm calling from your bank, hit password reset. You'll get a code on your phone and I'll be like, hey, Curtis, I just sent you a code to make sure it's really you before we go any further. You tell me the code, and then now I'm in your bank account.

Amir Tarighat:

There's a lot of stuff like that. It's a really big category, that's the problem. If it was just one thing you could, and it's changing, next month it'll be something else.

Curtis Worcester:

True. Yeah.

Ben Smith:

Amir, I know from our end too, again, as financial advisors we use Fidelity to custody our clients accounts, right? One of the reasons why we've chosen Fidelity is just because they have a really robust team and they're really diligent about monitoring accounts for fraud. As Curtis and I can attest to even chewing transactions on behalf of the clients where we have rights, is not even the easiest thing to do at times, which is a good thing.

Curtis Worcester:

That's right. That's right.

Ben Smith:

We remind ourselves, it's a good thing as we're getting frustrated with how sometimes hard things can be to change or do. But I think from that end, we have seen some of our clients fall into or forward a message of, hey, my granddaughter's skiing in the Swiss Alps and she broke her leg and I need a wire amount of X number of dollars to this wired overseas bank account because she needs medical attention of $90,000 or something. Right? It's amazing, because somebody had hacked into their Microsoft outlook. They had gone through previous emails, they knew the granddaughter's name and they knew that it was true. She was overseas, she was packing Europe. All of these kinds of things were pretty true. Right?

Ben Smith:

And you can go, hey, if everybody across the line were not really on top of it, you could see how that could change. Again from our policies and procedures, the good part is by having a relationship with our customers and our clients, we know them, but it's something where we always do verbal authorization. We always then have this strike up the conversation, making sure it's them, all that. But it's something where, we're seeing that happen more and more and without even maybe that person knowing it, that they've again, assumed to be them and go to their trusted relationships they have out there with their financial institutions to get access to their money. I do want to ask you then just with that thought.

Ben Smith:

You've given us some of these schemes and some things that are happening. And again, there's going to be new schemes that are coming out every day, but what are some ways that our audience can protect themselves against those?

Amir Tarighat:

That's important, and there's a lot of different things that have to happen. I hate being the bad news guy and being negative, but honestly, the most important thing that has to happen if you want to protect yourself is to understand that you're responsible for your own security. By far, that is the most important thing and it's a mental shift. When you survey people and ask them, who's responsible for your security? Often they'll say things like their device maker or their bank, because their bank is federally obligated to reimburse them for fraud. And so you expect these other groups to do this for you, but the truth is that you are actually responsible for your own security.

Amir Tarighat:

If you operate with that mindset, the type of things that you do differently are, you don't sign up for everything that comes up online. You don't sign up for every newsletter or free offer, or that sort thing, because what happens is, when you have advanced dark web monitoring, it's constantly scanning for your information, you'll see that you get breaches from stuff that you didn't even know you had a relationship with. The organization you might be giving your information to, may not be bad people, may not have bad intentions, but that company uses 30 other vendors. They might use a vendor for advertising, analytics and this and that. Some of these are scamy companies. Some of these companies don't have great security. Your information ends up on the dark web, from the most random places.

Amir Tarighat:

The first step is to just not give out information, if you don't have to, don't sign up for things that you don't know, you're not confident about and limit what you use. You don't need to download every app. If something is free, it's probably, you need to think twice about it. The number of times free antivirus has turned out to be a scam or free VPNs have turned out to be scammed is astounding. Every few months there's one in the news that was just stealing people's information. Second thing that's really important, is that, especially for elderly people, you have to talk to other people when you're not sure about something. You'd be astounded at the number of people that have been victims of these scams or these cyber attacks.

Amir Tarighat:

There's a level of shame that goes along with it. They don't share that with anyone. We get to hear about it because they have this level of confidence to talk about it with us in privacy. But you'd be surprised most people have experienced something like this. They often don't tell their friends and family, hey, somebody called me. I thought they were from the IRS and I gave them a $1,000 worth of Amazon gift cards and then realized that wasn't the IRS after. Talking to people, ask that, your clients are lucky to have another layer of somebody to just talk to, like, are you sure you want to wire this money? Often people don't have that, but those are the two main ones. There's lots of tools to use. It's hard to create your own cybersecurity solution, because you do need to have a bunch of different things, but you need to use a secure device.

Amir Tarighat:

You have to make sure your device has a password. You need to make sure your devices are updated at all times using the most current version of the operating system. You should have an antivirus. Yes, even on a Mac, you need an antivirus. Those are probably the main ones. There's other things that are extra that I wouldn't say are absolutely needed. One that's really common is VPNs. People talk about VPNs all the time. Most people don't need a VPN. Most of the privacy you need is built into the browsers and websites that you use. VPNs just hand your information to another party to have.

Curtis Worcester:

I see your point.

Amir Tarighat:

Often it's more of a risk.

Ben Smith:

Got you.

Curtis Worcester:

That was good. You discussed there how to prevent or prepare. I want to lay out a hypothetical here and say that I've fallen victim to one of these schemes. What's next? What do I do? I realized that I just gave someone $10,000 that wasn't the IRS or whatever it may be. What are the next steps there?

Amir Tarighat:

It's really case by case. It depends on how it happened. What what was stolen? Was it an online account or was it money or was it that you just wire the money? Did someone else wire the money on your behalf? Usually it starts with contacting your financial institutions first, if money has been stolen. Immediately contact those places, make sure that, depending on how the fraud was perpetrated, the financial institution is responsible. There are many scenarios where the financial institution is not responsible. Those are often cases where what we think of as not fraud, but just a scam. Someone's tricked you. It turns into just like a he said, she said situation. But if it's stolen money, immediately contact your bank or your financial institution.

Amir Tarighat:

The second thing you want to do is whatever method that was used to do this. If it's a phone call, maybe there's nothing to do. But if it's an email or something through social media or a text message, or those sorts of things, you want to change your passwords, you want to shut down those accounts, change the logins, add another layer of authentication. You want to go to your credit bureaus and make sure your credit is locked, if you don't have credit monitoring already. You want to make sure, and this is probably something you want to do before an attack happens, but if you haven't already, you want to go to there, there's many services that do this. You can actually do it for free on your own. We do it for our clients. There are services that take your public information off public record sites.

Amir Tarighat:

There's all these sites that sell public records. That's how these things keep perpetrating. One person gets attacked. Take over some information about one person. Now I know everybody this person's lived with, their roommates, their relatives, every address they've had, you'd be surprised just little pieces of information will just immediately give up trust. Like, hey, I was your neighbor on, fill in this street 10 years ago where you lived, something like that. And a conversation starts. Those are the main things that have to happen.

Ben Smith:

Nice. Amir, thanks for that, because I think it's just helpful to understand what's next in the grand scheme of things. As you said, there's a lot of shame, right? All of a sudden I get a hack or I feel vulnerable. I feel violated. I'm assuming it's all my fault that I shouldn't have clicked on that thing. I'll tell a quick little story. When I was first getting into the financial services industry in the early 2000s, actually there was a gentleman who is a trust officer. He's working with high-end investment trusts, with a lot of money in them. He, himself, he was I think 55 or 60 years old fell into the Nigerian prince scheme. We all laugh about it now. Right? Everyone is like, oh yeah, the Nigerian prince and he needs help and he's locked. He needs money.

Ben Smith:

This guy sent him, I think $150,000 over a few years. But the whole, as you said, Amir, that shame, right? Is I should have known better. Even though I am in this industry, I work with people's money every day and he's saying, I fell into this scheme. I think why I'm sharing that lesson is it really can happen to anybody. Right? It doesn't have to be, I'm 94 years old and really don't know technology at all. It could be anybody at, any time, just from the methods that you're saying, that people are using. I think that's just really important to highlight. Right?

Amir Tarighat:

Absolutely. We have tons of young people you would think are extremely tech savvy that have been compromised and done all those things too. Someone once asked me, why is there so much spam or these kinds of emails? The answer is because it works. They do it because it works. One out of several thousand people might reply.

Ben Smith:

It's just a hit rate. Right? And that hit rate is successful enough to keep the business going and to make enough money. And again, as you said, it's all a business of revenue and cost. If it works, it works. I want to ask another question here, because if you can start being a little futurist here and you start thinking about more and more of our lives are becoming more and more integrated into the internet, right? We have smart refrigerators now that can order new things for you based on what's available or you ran out of milk and all of a sudden it puts it on your list. Biometrics that are on our watches and our Fitbits. So we know our heart rates. We know my buddy just went for a run 20 minutes ago and he's telling me that you need to get off your duff and go exercise.

Ben Smith:

Social media with personal networks, location tracking, Curtis is laughing how we can keep track of our, hey, where's my wife this very second? It's all there. Right? How do you think we should be balancing though the benefits of implementing technology around our lives to that cost of loss of privacy? Because as you said, this information's becoming more and more known and used and stored, it feels like we might be losing privacy. We might be exposing ourselves more to fraud or breaches, or as you said, your information is being used against you, possibly in the future in some nefarious way. How do you think, because again, we're getting more and more integrated, more data's creed. How do we balance that you think over time?

Amir Tarighat:

It's a really hard question. And actually on my podcast, I had the chief cloud officer of Deloitte, David Linthicum. This was the topic that we discussed. His point and I agree with him, is that it's a balancing act because all these devices, there's all these, what are called edge devices, your bicycle or your refrigerator or your watch, right? They do these amazing things and they're enabled by this connectivity. We don't want to stop that. It's not just enjoyable, there's also life saving elements to it, detecting that you're about to get a heart attack from your smartwatch or something like that. But how do you balance it? It's a tough one. I think that there's some stigma around privacy that's probably like I would say unnecessary, that this data say belongs to you and Facebook or my watch has it.

Amir Tarighat:

Part of that is not true. It's not really data. It's not really your data. It's useful only to them, because they have data collected around how the device is used or something like that. But there are other things that are actually, your data, your private information, your medical records associated with whatever it is. But the answer is that nobody really knows, what's happening is that there's more and more pressure being placed on large organizations. States are passing laws that have consumer privacy laws, California I think is one of the big ones that has that. Europe has GDPR. Right now, the focus has been putting more pressure on large organizations, but it's a really hard problem. No one really has a clear answer.

Amir Tarighat:

I don't have a clear answer, honestly. There's not much we can do as individuals. You can think twice about using some of these devices if you're sensitive about your privacy.

Ben Smith:

I think that's been the response I've heard is, we'll just rebel against the use of technology then, and just have your clam shell flip phone. It's this stay off the grid. That's just not realistic. Right? Because you just become more and more detached from society, is that answer of that. We hear this a lot, I think from the population of it's easy just to stay out of it. And then if I'm not on it, then I don't have exposure that way. But I think as we've found in Curtis and I, with our shows, we as humans have a need for connectivity and make relationships and make friends and keep connected to those people.

Ben Smith:

In technology, hopefully at the end of the day, it's there to ease that and make that better and make that more enriching. But again, it's tough because I think what you just said is real, nobody knows.

Amir Tarighat:

Exactly. Imagine the pandemic without all of it, without the connectivity.

Ben Smith:

It would've been terrible. It's totally terrible as it is, but talk about even worse. The only way you have is your rotary phone or something, and that's pretty much it.

Curtis Worcester:

I want to rotate a little here and ask you Amir. What advice would you give someone that would allow them to protect themselves as they age? Right? I think the point here is, starting, say someone in their 50s, they may still be adept in technology and they're still working or recently retired, but certainly as we get to our 70s or 80s or 90s, some of that capacity, or even will to stay up with technology is probably going to fade. What is, again, some advice you have there as we age to stay on top of our security?

Amir Tarighat:

What I was saying about being responsible for your own security, I think when you get to a point where you can't be responsible for it yourself anymore, somebody else has to take over that responsibility for you, if you're going to be using devices, if you're going to have access to make decisions about who to send money to or how to send money somewhere.

Curtis Worcester:

Sure.

Amir Tarighat:

There are ways to do that. That could be a trusted family member. It could be somebody that is taking care of you. You could hire a company to do it for you. Somebody has to make sure that these emails or these transactions are happening. It's not much different, honestly, for a person that's very elderly to somebody that's a celebrity, which is another group of people that we work with. Certain celebrities you can just Google their name and get their home address. If I have your credit card number or some other thing, I know where you live, right? And so often things that those people will do is have their financial statements sent to an account to an address that literally nobody knows, not even the people around them.

Amir Tarighat:

They'll use a PO box or something that's only for their financial statements and no one around them will even know that address except a select few. There's a lot of things that have to be done for those people that are similar, for probably elderly people. But again it's hard because, you have to trust that person, that person has to be a fiduciary really, because you can get taken advantage of by friends and family and all that.

Curtis Worcester:

For sure. Yeah. That's a great answer there. I want to keep digging here. I want to talk about social media. We had a recent podcast episode where we just discussed some statistics of retirees and it's becoming more and more popular that retirees are using things like Facebook or Twitter or Instagram, whatever it may be. I want to ask you, what should a retiree know when they're setting up a social media profile for the first time, and then also as they manage that back to my previous question, as they get older, what are some things they should know and should do there to protect themselves?

Amir Tarighat:

I would say, the first thing is that, and this is this probably same advice for the first point I would give anybody, is that you need to set up a safe password to log in. You need to create the account using another, usually you're required to have an email address, using another account that's secure that has a safe password and goes all the way down, because somebody steals your email address, they steal all the things associated to it. Make sure you set it up properly, set up two factor authentication if you can. That's something that's changing. That's definitely in the next few years, two factor authentication, which is to explain to people that don't know what it is.

Curtis Worcester:

Yeah, please.

Amir Tarighat:

It's where you have a second thing, like another app or a text message that, ideally not a text message, but something else that confirms that you're logging in. You enter your password, you get an email that says, here's a second code. I think everything is going to shift to that. I think everything will default to having two factor authentication and it's already starting to happen. Setting up the account in a secure way, the second thing is that, when you're on social media, you have to be careful. It's no different than talking to strangers. But in this case, these strangers are hidden by randomness and can easily disguise themselves and be completely different people than they say they are.

Amir Tarighat:

They can be, Curtis, you might know me, and then somebody is friends with me on the social media account. That doesn't mean that I actually know that person. And if that person is messaging you saying, hey, we're both friends with Amir. We both know Amir, I'm a trusted person now. You can't trust that person. It doesn't mean anything. They can have accounts that are completely made up, fake name, fake picture. They can make an account easily as somebody that's related to you or someone that they know you know, and message you. It's very sad and it's very clearly advice-

Curtis Worcester:

It is. It is.

Amir Tarighat:

... but you have to be really careful. You have to know what you're doing. You have to proceed with caution. If you can't, and this again happens to people of all ages, I have tons of friends that have met random people who they thought were a nice girl that they had long conversations with. It's like, I've been talking to this girl for two weeks. It's like, well, have you picked up the phone and talked to her? Have you had a video chat? And it's like, no, we haven't done that yet. That's weird. Maybe do that immediately for you. It's the same thing. If you can't get the person on the phone, if you can't see them, it's more than a red flag. That's enough. You don't have to wait until they've robbed you to determine that it's a scam.

Ben Smith:

Amir, it's actually going to be my next question. I want to maybe get you to expand on that a little bit more. Because I know with, again, the population that we worked with, especially as we age, typically, especially with married couples, we had an episode talking about great divorce. Great divorce is becoming more and more prevalent of people that are divorcing as they retire or vice versa, is again couples that are staying together and one passes away and their life partner's gone and they're lonely, right? That's something where, I think as we age, we just seek more and more of those relationships. And as we lose relationships, we try to fill that. As Curtis alluded to, where more and more people are getting to be online, it's well, then dating becomes the next thing online. Right?

Ben Smith:

I know obviously there's the show on MTV, Catfish and things like that, where they follow these scams and how it could be anybody that's displaying romantic interest in you and you think that it's real. Again, to your point, meeting with them and trying to make sure that they are in fact the person they say they are in real life whenever they can. I could see where somebody that's even more vulnerable. Right? Is, hey, I don't know, technology, I'm really lonely. Right? I'm just vulnerable all over the place right now, because of seeking that connection. Can you just talk a little bit about maybe how someone can detect the authenticity of somebody that's online, because as you said, it's randomness as strangers? And then if I am getting into that dating pool, how do I be safe?

Amir Tarighat:

The advice I'm going to give on this, some people are not going to like. But what I think has to happen, is that, if you start a conversation with a person and you decide that you may have some interest in pursuing any sort of relationship with them, even a friendship. What you want to do is get to a point where you're on video chat as soon as possible. You've traded a bunch of messages, not two weeks, but maybe a few days have gone by, you want to get on video chat to make sure this person is who they really are. It's not about to see what they look like necessarily, do they match their pictures exactly?

Amir Tarighat:

But you want to know, is this person the same person they're talking about? Are they really the age that they say they are? Are they really in the place they say they are? You can tell if the person isn't in, they're not here in the US, if the time zone is different or those sorts of things. Getting to video chat as soon as possible is a good idea. There's other things that you can do that, I would probably not want to communicate with people that are not nearby. I wouldn't want to talk to somebody knowing that they're halfway across the world and strike up that conversation. Maybe people have different feelings about that, but there's often a lot more risk that goes along with doing that.

Ben Smith:

Just saying. Because, again, I could also see where, and I know some technologies starting to be developed and you see this with shows right now, is this concept of a deep fake, right? And this idea of someone can mimic audio of somebody else so they can mimic video. I can see where that also even maybe video chatting in a few years, maybe doesn't become as authentic as meeting in real life. Right?

Amir Tarighat:

Yeah, absolutely. What happens now, is that the people that are doing this send videos, they won't get on video chat with you. They make a video answering a question or saying something or send a photo that can be easily doctored and send that as, hey, I can't video chat with you. I can't get on the phone with you, but here's a video I made that answers the question. Again, extremely suspicious. You don't have to wait until you've been robbed to know that it's a scam.

Curtis Worcester:

I want to rotate here a little bit and get into digital wallets and cyber security in that sense. We did a great podcast episode, a few episodes back with an individual named Tyler Frederick. He works at the Federal Reserve Bank in Boston, in their FinTech department. So really my question for you, Amir, is just, how can someone protect digital assets? Right? Think of cryptocurrencies, for example, that essentially the only wall of protection there is a password. I know that's a 10,000 foot view, but it's essentially relying on a password. Can you just dive in there and discuss ways that we can protect things like digital wallets, digital currency and that?

Amir Tarighat:

There's two buckets that this falls under. One is where somebody else is holding the currency. If you're using a broker to do that, like a Coinbase, or whatever, that is the same as protecting any other online account that you have. So secure password, two factors of authentication, connected to another account that is also secure. That's the main thing, don't share the password, change your password if that password has been breached. It needs to be unique, so that if somebody steals your Twitter account, they don't have your bank password, that sort of thing. That one is pretty straightforward. If you're holding the currency yourself, that's also pretty straightforward also. The way to think about it that way is that it's protecting any other file on your computer.

Amir Tarighat:

It's just another file. Making sure that your computer is secure, making sure there's proper antivirus, it's updated, there's a password to log in. You're not doing things or downloading software that put your computer at risk. If you have a large amount or very concerned about your digital currency that you're holding yourself, what you want to do is separate that from the rest of what you're doing. It's often called air gapping. You'll put it on a computer that you don't use for anything else, that you're not doing your web browsing and your social media stuff on that computer and it's separated. That's the best tips for that.

Curtis Worcester:

Yeah, go ahead.

Ben Smith:

And also don't lose the password. Right? You hear these stories as well as someone made a very unique password and then they lost it for whatever reason. They didn't have good record retention of what their passwords were. And then all of a sudden their million dollars of whatever cryptocurrency coin they have is not accessible because they don't have a password anymore. Right?

Amir Tarighat:

That's right. I'll just add that, cryptocurrency is not covered from my knowledge under most insurance policies. I work with a lot of insurance policies, so it's excluded. Actually the reason that other funds aren't, is because the bank has a responsibility to protect them also. It's not the case with crypto.

Curtis Worcester:

Got you. That's a good point. We have one final question for you, Amir. Kind of not really cybersecurity related. It might be, we'll see where you go with it. As we've mentioned a couple times here, you are joining us today on the Retirement Success in Maine podcast. One question that we love to ask all of our guests is what is your personal definition of retirement success?

Amir Tarighat:

That's a great question. Not something I spend a lot of time thinking about, this is good. It's forcing me to think. I would say that, probably, I would love to be in the financial position to be able to help startups and technology companies. I've gotten a lot of help from people who are a lot older than me, who've done this before and had great success. I'd love to be able to do that and invest in startups and help them.

Curtis Worcester:

That's awesome.

Ben Smith:

Nice. That's really good. Again, I think sometimes it's good to go, hey, I know what my purpose in life is and I know what makes me feel good, but also to throughput that into retirement, that's a really awesome answer. Amir, I really want to thank you for your time today. I can say just even personally, Curtis and I we've learned a lot on our conversation. I know our audience will get a lot out of this today too. I appreciate you coming on, lending a lot of your expertise to the show and can't thank enough. I could see where even in a couple years where this could totally be a dude show and something else. We might reach out back out to you if you're open to it.

Amir Tarighat:

That sounds great. Thank you both so much. It was my pleasure.

Ben Smith:

All right, Amir. You be well. Take care.

Amir Tarighat:

Thanks. Take care.

Ben Smith:

Okay. I want to say bucket list for us for this podcast check, cybersecurity expert. Because I know we've searched a lot to find someone that we thought would really be able to connect well on the topic, but not get into the whole, let's get super techy and code and all this super technical stuff that I think people might get bored with or lost in or all that. I thought Amir did a really great job.

Curtis Worcester:

Me too.

Ben Smith:

Striking that right tone today. I thought that was a really cool way to connect with somebody, obviously he graduated from Harvard and studied advanced computer security at Stanford. Right? He's doing his thing. Right? And he's doing it.

Curtis Worcester:

I think he's got it.

Ben Smith:

Yeah. He's got it. All that was really good. I think from our end, again, we wanted of course wrap up each show just highlighting some things that we learned, or things that maybe to add on to our conversation with Amir today. Maybe I'll just start real quick.

Curtis Worcester:

Go for it.

Ben Smith:

I think one of the things that Amir said that I thought was very valuable to hear from his side is, when he's dealing with people, especially people that are aging and on remediations, right? Is that, that many times even with that population even more, is that they really feel shame. They feel like it's their fault that they clicked on the pop up browser. They fell for the text message. They fell for the phone call and they thought it was the IRS and it really wasn't. And then they did buy $1000 of gift cards, or they signed up for something they didn't really know, or they gave sensitive information. All of a sudden it's like, it's my fault. I shouldn't have done. I know better than this. What am I thinking? I'm so stupid.

Ben Smith:

What he was saying happens, is that they silo their story. Is that I'm so ashamed that I don't then tell people, not only do I not tell people, hey, I need help by the way, I'm in trouble. But we also don't tell our peers, because we're so ashamed, which would also be helpful as, hey, by the way, they're targeting our whole neighborhood and everybody in our neighborhood's getting targeted with a scheme, because we're all very similar with profiles. And we won't tell each other because we shame that we're all falling for it. It would be helpful, I think if we're maybe a little more open with that of, hey, this is what happened to me, this is what I learned. This is how I could have prevented that in the future. This is how I helped solve it.

Ben Smith:

I think all of those are really valuable things. And again, I know from our podcast we've even talked about, hey, some people that are first person stories, these things are just really tough for people to open up about, of hey, from a first person perspective, I fell victim to this and this is what happened and this is how it affected me. Again, I think that's why Amir did a fantastic job of talking about his experiences with these sorts of situations. I could see where all of us and I relayed that story about a gentleman I knew that fell victim to that Nigerian prince. Again, he worked with money every day. Right?

Ben Smith:

That's something where just knowing that it can happen any one of us. And if it does happen to you is, I think going to your financial institutions first and saying, hey guys, this happened, let's work together. Where should we do something? I guess, just for me, the point I wanted to raise or the thought that I wanted to share today, because I thought that was really fantastic to hear it from him. Curtis, what did you take away from today's show?

Curtis Worcester:

I think an important piece that came up was when we were discussing how, I think the question to Amir was how we can protect ourselves as we age with technology, going from 50 to 60 to 70 to 80. It segued into the takeaway that I want to bring up. And it's just how important it is to have a plan there. He touched on it. You really almost need a fiduciary who you have to essentially entrust in your cybersecurity because, he talked about how we are responsible for our own security ultimately. If we get to a point where we feel like we can't be responsible, you have to enlist some help there and how important it is not only that step of finding someone who you trust and whether it's a family member or neighbor, whoever it is, you really got to make sure that that person is trustworthy, because you're essentially handing over the keys there.

Curtis Worcester:

But then furthermore with that, you and I just chatted about this Ben, it's almost like a part of estate planning now and in the way technology is becoming such a big part of our lives. I think it's only going to become a bigger part. As we age and as we plan, build these estate plans, I think technology and cybersecurity needs to be a part of that, because when you pass and you're left with all these accounts or say it's digital currencies, for example, that's not going to be at your bank. You got to have, and not even to get in that deep, but just social media, for example, that Facebook account could live on forever if someone could get into it after you've passed.

Curtis Worcester:

Again, it's just interesting to see, not to get cheesy in how the world's changing, but technology is becoming such a huge part that I think it needs to play a role in estate planning.

Ben Smith:

I think being thoughtful about it, right? Is to say, hey, here's the plan of handing over some of the keys to some of the things that makes my life work, whether it be my physical assets like my car, my house. Hey, somebody needs to take care of these things that mean something to me, but from a financial lens is do this on the financial and here's what's working and how this all works together and who I work with. All of that is important. But as you're saying is that next lens is digital. I could see where, I've heard stories of somebody's passed away and nobody from Facebook knows that or whatever, the social media platform. And somebody hacks it 3, 4, 5 years later.

Ben Smith:

And now I've passed, but somebody's now pretending to be Ben Smith and all the reputation that may be good or bad that I've built in my life. They can interact as me and pretend to be me and use that to an advantage, which maybe helps them. But again, if I'm passed, maybe I'm saying I don't care, but maybe I do care here. I don't want someone to pretend to be me, and then 10 years later they go, that Ben Smith guy, he's such a terrible person. Look all the stuff he did while he's online to whatever party. I think those are the things that are a little bit scarier there, and that's why, as you're saying, making sure that username and passwords are really something that do get handed to the power of attorney or again, somebody that you trust to make sure that those things are cleaned up possibly when we're done using them. Doesn't mean that we have to be passed, be done using or we're gone. I think that's a really important point.

Ben Smith:

I do want to mention to you too, again, we had Amir on and he did mention that Achilleion does do comprehensive managed security for individuals. He does the tools on all devices, antivirus, VPN. They do the monitoring like ADT, and then they have the insurance component there too. If that is interesting to you and you want to check it out, we'll have a link to, again, Amir's the CEO of that organization. We'll have the link to that website, you can go check them out and see if that's a fit for you. I believe they do have a 30 day free trial if you want to try that out. I could see where, again, we've had clients that said, look, hey, when I was at this organization, everybody did this IT stuff for me. Right? I just showed up and my computer worked and had all the latest antivirus and

Curtis Worcester:

Exactly.

Ben Smith:

... all the securities on it. I don't have to do a thing. But then when you go home, I don't know what I'm doing. I'm not an IT professional with cybersecurity, advanced computer security master degree at Stanford. That's not me. Having some value from hiring a group that does it, might be pretty helpful here.

Curtis Worcester:

For sure.

Ben Smith:

Again, check them out there. It was great to have Amir on, then you can go to blog.guidancepointllc.com/50. Again, episode 50 here. To get the show notes. Again, we'll have a link to Achilleion there to check out. We really value you tuning in again. It's been a nice little run we're still having at episode 50, our release timing has been a little bit delayed. Appreciate you staying with us there. Curtis and I are taking on a little bit more as our colleague, Abby, is out on maternity leave. Appreciate you being patient with us. We really value the opportunity to do this for you and with you. We can't wait to do it with you again. Catch you next time.