Easy Prey

Cybercriminals are accelerating their attacks in ways that weren’t possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what’s genuine and what’s fake is closing fast, making it harder for both individuals and organizations to defend themselves. I’m thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help organizations adapt their defenses. Brett previously served as Okta’s Regional CISO for Asia-Pacific and Japan and started his career as a journalist covering information security before moving into leadership roles in banking, government, and technology. In this episode, Brett explains how AI is reshaping the speed and scale of cybercrime, why trusted platforms like email, SMS, and collaboration tools are being targeted, and what practical steps can reduce risk. He highlights the growing importance of phishing-resistant authentication methods like passkeys, the need for clearer communication between service providers and users, and the role of collaboration across industries and law enforcement in pushing back against attackers. Show Notes: * [00:00] Brett Winterford introduces himself as Vice President of Okta Threat Intelligence and explains how identity-based threats are monitored. * [02:00] He shares his career path from cybersecurity journalist to CISO roles and now to leading threat intelligence. * [05:48] Brett compares phishing campaigns of a decade ago with today’s AI-driven ability to launch attacks in minutes. * [08:00] He notes how reconnaissance and lure creation have become easier with artificial intelligence. * [10:40] Brett describes the shift from banking malware to generic infostealers that sell stolen credentials. * [12:30] He explains how cryptocurrency changed the targeting of attacks by offering higher payouts. * [14:21] We learn about the Poison Seed campaign that used compromised bulk email accounts to spread phishing. * [15:26] Brett highlights the rise of SMS and other trusted communication channels as phishing delivery methods. * [16:04] He explains how attackers exploit platforms like Microsoft Teams and Slack to bypass traditional defenses. * [18:30] Brett details a Slack-based campaign where attackers impersonated a CEO and smuggled phishing links. * [22:41] He warns that generative AI has erased many of the old “red flags” that once signaled a scam. * [23:01] Brett advises consumers to focus on top-level domains, official apps, and intent of requests to detect phishing. * [26:06] He stresses why organizations should adopt passkeys, even though adoption can be challenging. * [27:22] Brett points out that passkeys offer faster, more secure logins compared to traditional passwords. * [28:31] He explains how attackers increasingly rely on SMS, WhatsApp, and social platforms instead of email. * [31:00] Brett discusses voice cloning scams targeting both individuals and corporate staff. * [32:30] He warns about deepfake video being used in fraud schemes, including North Korean IT worker scams. * [34:59] Brett explains why traditional media-specific red flags are less useful and critical thinking is essential. * [37:15] He emphasizes the need for service providers to create trusted communication channels for verification. * [39:29] Brett talks about the difficulty of convincing users to reset credentials during real incidents. * [41:00] He reflects on how attackers adapt quickly and why organizations must raise the cost of attacks. * [44:18] Brett highlights the importance of cross-industry collaboration with groups like Interpol and Europol. * [45:24] He directs listeners to Okta’s newsroom for resources on threat intelligence and recent campaigns. * [47:00] Brett advises consumers to experiment with passkeys and use official apps to reduce risk. * [48:00] He closes by stressing the importance of having a trusted, in-app channel for security communications. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Brett Winterford - LinkedIn [https://www.linkedin.com/in/brettwinterford] * Brett Winterford - Okta [https://sec.okta.com/hackers/brett-winterford]

Trying to erase yourself from the internet sounds simple until you start counting up old accounts, scattered social media posts, and the hundreds of data brokers quietly collecting and selling your information. The reality is messy, and for most people, the idea of fully disappearing online is more myth than possibility. But there are practical steps you can take to cut down what’s out there and regain some control. My guest, Max Eddy, is a senior staff writer at Wirecutter who covers privacy, security, and software platforms. For one of his projects, he set out to see how much of his own digital footprint he could realistically reduce. Max shares what he discovered along the way and what worked, what didn’t, and how even small changes can make a meaningful difference. In our conversation, Max talks about the value of using password managers and email masking, what he learned from testing multiple data removal services, and the emotional side of deleting old social media history. He also explains why perfection isn’t the goal, and how thinking differently about privacy can help you stay one step ahead of scammers, marketers, and anyone else trying to piece together your personal information. Show Notes: * [00:50] Max explains why he got into covering privacy and security and what keeps him motivated in the field. * [03:27] We discuss the Wirecutter project on disappearing online and why it resonated with readers. * [04:12] Using Have I Been Pwned, Max was able to reduce 350 online accounts down to 27 that needed immediate attention. * [09:10] Max describes the tactics he used to break the links between his online accounts with fake names, masked emails, and random images. * [11:55] We talk about data removal services, their limitations, and the challenges of removing certain public records. * [17:52] We learn how scammers can piece together a person's complete profile from inconsistent, fragmented data from different data brokers. * [18:54] We discuss how Google's removal tools only make information harder to find, but don't delete it. * [23:15] We talk about the emotional side of deleting social media history and the automation tools he used to make it possible. * [29:40] Max discusses the risks of deleting accounts entirely, from impersonation threats to losing important communication channels. * [32:28] We talk about the value of taking a gradual approach to improving your digital privacy and how small, steady steps are most effective. * [38:44] Max shares his key takeaways from the project: first, ask why you want to disappear, and second, remember that any effort to reduce data is valuable. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Max Eddy - Wirecutter [https://www.nytimes.com/wirecutter/authors/max-eddy/] * I Tried, and Failed, to Disappear From the Internet [https://www.nytimes.com/wirecutter/reviews/how-to-disappear-from-the-internet/] * Max Eddy [https://infosec.exchange/@maxeddy] * Have I Been Pwned [https://haveibeenpwned.com/]

Cyberattacks aren’t just about hackers in hoodies anymore. Today, we’re up against professionalized, well-funded organizations that run like businesses. They use AI to crack defenses, run labs that simulate the tools we rely on, and rake in trillions while defenders struggle to keep pace. The scary part? Even the strongest companies and governments can fall behind when the threat landscape moves this fast. My guest, Evan Powell, has spent nearly 30 years in the cybersecurity world. He’s the founder and CEO of Deep Tempo, and a serial entrepreneur who’s helped industries from cloud data to resilience engineering make big transitions. Evan knows what it looks like when attackers have the upper hand, and he’s seen firsthand how enterprises try to shift the balance. In this conversation, Evan explains why compliance checkboxes aren’t enough, why raising the cost of an attack is often more realistic than stopping one outright, and how AI is reshaping both sides of the fight. He also shares the creative ways defenders are adapting, from honeypots to sock puppets, and the simple steps every one of us can take to make life harder for attackers. Show Notes: * [00:57] Evan Powell introduces himself as founder and CEO of Deep Tempo, with nearly 30 years in cybersecurity and tech innovation. * [02:39] He recalls a high-profile spearphishing case where the CIA director’s AOL email and home router were compromised. * [03:51] Attackers are professionalizing, running AI-powered labs, and making trillions while defenders spend billions and still fall behind. * [07:06] Evan contrasts compliance-driven “checkbox security” with threat-informed defense that anticipates attacker behavior. * [09:40] Enterprises deploy creative tactics like honeypots and sock puppet employees to study attackers in action. * [12:22] Raising the cost of attack through stronger habits, better routers, and multi-factor authentication can make attacks less profitable. * [15:01] Attackers are using AI to morph and simulate defenses, while defenders experiment with anomaly detection and adaptive models. * [20:56] Evan explains why security vendors themselves can become attack vectors and why data should sometimes stay inside customer environments. * [24:50] He draws parallels between fraud rings and cybercrime, where different groups handle exploits, ransomware, and money laundering. * [26:29] The debate over “hacking back” raises legal and policy questions about whether enterprises should strike attackers directly. * [30:18] Network providers struggle with whether they should act as firewalls to protect compromised consumer devices. * [34:59] Data silos across 50+ vendors per enterprise create “Franken-stacks,” slowing real-time defense and collaboration. * [37:28] AI agents may help unify security systems by querying across silos and tightening the OODA loop for faster response. * [39:10] MITRE’s ATT&CK framework and open-source collaboration are pushing the industry toward more shared knowledge. * [41:05] Evan acknowledges burnout in cybersecurity roles but sees automation and better tools improving day-to-day work. * [42:59] Final advice: corporations should rethink from first principles with data-centric solutions, and consumers must build protective habits like MFA and secret family phrases. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Evan Powell - DeepTempo [https://www.deeptempo.ai/who-we-are/evan-powell] * Evan Powell - LinkedIn [https://www.linkedin.com/in/epowell/]

Scams aren’t what they used to be. These days, AI can write perfect emails, mimic voices, and even fake a video call so well you’d swear you were talking to the real person. The problem is, the timing of a scam can be just right when you’re distracted, busy, or looking for exactly what they’re offering. That’s when even the most careful person can get caught. My guest, Ritesh Kotak, knows this world inside and out. He’s a cybersecurity analyst, an Ontario lawyer, and a tech innovator who’s worked with Fortune 500 companies and served in policing, where he helped start one of Canada’s first municipal cybercrime units. He’s got a BBA, MBA, and JD, all focused on privacy, cybercrime, and the way emerging tech impacts everyday life. In our conversation, Ritesh explains how criminals are using AI as a weapon, how it can also be a shield, and why simple, low-tech steps, like having a secret phrase with family or confirming a request through a different channel, are still some of the best defenses. He even shares a close call he had himself, which is a good reminder that nobody’s immune when scams are this convincing. Show Notes: * [00:50] Ritesh shares his background as a lawyer helping clients navigate AI, tech, and cybercrime. * [01:18] His fascination with technology began at age three after taking apart his father’s computer. * [03:59] In policing, Ritesh saw early signs of cybercrime blending with physical crime. * [06:55] He demonstrates cybersecurity risks by live hacking a police chief, leading to the creation of a cybercrime unit. * [09:16] A near-miss phishing scam involving discounted amusement park tickets highlights how timing plays a role. * [15:14] Spoofed calls and evolving scam tactics make detection harder despite telecom safeguards. * [17:09] Ritesh explains AI as both a sword for criminals and a shield for protection. * [20:00] Generative AI enables flawless phishing emails, fake websites, and realistic deepfake audio and video. * [28:00] Simple defenses like secret phrases and multi-channel verification can stop many scams. * [31:45] Reporting scams to police can help investigations and sometimes recover funds. * [33:17] Ritesh advocates for centralized fraud response centers to improve victim support. * [36:45] Calling a lawyer can help victims navigate legal and civil remedies. * [38:05] Final advice: pause, verify, and use low-tech habits to prevent high-tech crime. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Ritesh Kotak [https://riteshkotak.com/] * Ritesh Kotak - LinkedIn [https://www.linkedin.com/in/riteshkotak/?originalSubdomain=ca]

Privacy in the digital age has grown from a background concern into one of the defining issues of our time. What began with simple questions about online safety has expanded into a complex, global conversation about how artificial intelligence, biometric data, and massive data ecosystems are reshaping daily life. Pam Dixon has been at the center of these discussions for more than two decades. As the founder and executive director of the World Privacy Forum, she’s worked across the U.S., Europe, India, Africa, and beyond, advising governments, international organizations, and policymakers on how to create effective privacy protections.  In this episode, Pam takes us through the history of modern privacy law, the ways different regions approach the challenge, and the new frontiers like collective privacy, AI governance, and health data that demand fresh thinking. She also offers a grounded perspective on how to build systems that safeguard individuals while still allowing innovation to thrive, and why getting those guardrails right now will shape the future of trust in technology.  Show Notes: * [4:49] Pam identified privacy risks in early resume databases and produced a 50-page report on job boards, now known as job search platforms. * [8:56] Pam now chairs the civil society work at OECD in AI, contributing to the Organisation for Economic Co-operation and Development Privacy Guidelines (first adopted in 1980). * [11:17] The launch of the internet marked a major shift in privacy, transitioning from slower, isolated systems to globally connected networks. * [11:46] Early adoption of the internet was limited to academia, government, and tech enthusiasts before reaching the public. * [12:45] Privacy frameworks were built on Fair Information Practices, developed in the United States in the 1970s by the Health, Education, and Welfare Committee (later HHS). * [15:58] GDPR was developed and enforced in 2018 with extraterritorial provisions applying to companies worldwide (General Data Protection Regulation, enacted in 2016 and enforced in 2018). * [18:59] Large language models and deep machine learning advancements have created new and complex privacy challenges. * [22:06] Some countries approach privacy with more flexibility and openness, while maintaining strong guardrails. * [23:37] In June 2023, a University of Tokyo study on data privacy was presented at an OECD meeting, highlighting evolving global strategies. * [26:30] Governments are working together on “data free flow with trust” to address cross-border data concerns. * [28:09] Pam warns that AI ecosystems are still forming, and policymakers need to observe carefully before rushing into regulation. * [28:31] She emphasizes the emerging issue of collective privacy, which impacts entire groups rather than individuals. * [29:04] Privacy issues are complex and not linear; they require ongoing adaptation. * [30:24] ChatGPT’s launch did not fundamentally change machine learning, but the 2017 transformer paper did, making AI more efficient. * [31:53] Known challenges in AI include algorithmic bias related to age, gender, and skin tone. * [33:07] Legislative proposals for privacy now require practical testing rather than theoretical drafting. * [35:39] AI legislative debates often center on fears of harming innovation, but scientific data should guide regulation. * [40:29] NIH reports caution participants in certain medical AI programs to fully understand risks before joining. * [41:59] Some patients willingly share all their health data to advance medical research, while others are more cautious. * [43:50] Tools for privacy protection are developing, but the field remains in transition. * [48:56] Asia and Europe are leading in AI and privacy transitions, with strong national initiatives and regulations. * [52:42] The U.S. privacy landscape relies on sector-specific laws such as HIPAA (1996) and COPPA (1998) rather than a single national framework. * [54:48] Studies show that wealthy nations often have the least trust in their digital ecosystems, despite advanced infrastructure. * [56:19] A little-known U.S. law, A119, allows for voluntary consensus standards in specialized areas, enabling faster innovation compared to ISO processes. * [56:48] Voluntary standards can accelerate development in fields like medical AI, avoiding years-long delays from traditional approval processes. * [57:32] An FDA case study on an AI-driven heart pump showed significant performance changes between initial deployment and later use, underscoring the importance of testing and oversight. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes [https://podcasts.apple.com/us/podcast/easy-prey/id1488678905] and leave a nice review.  Links and Resources: * Podcast Web Page [https://www.easyprey.com/] * Facebook Page [https://www.facebook.com/EasyPreyPodcast] * whatismyipaddress.com [https://whatismyipaddress.com/] * Easy Prey on Instagram [https://www.instagram.com/easypreypodcast/] * Easy Prey on Twitter [https://twitter.com/easypreypodcast] * Easy Prey on LinkedIn [https://www.linkedin.com/company/easy-prey-podcast/] * Easy Prey on YouTube [https://www.youtube.com/channel/UCCgy_xKrjiXghSgGFEAFdTQ] * Easy Prey on Pinterest [https://www.pinterest.com/easypreypodcast/] * Pam Dixon [http://www.pamdixon.com/] * Be Your Own Headhunter Online: Get the Job You Want Using the Information Superhighway [https://www.amazon.com/Your-Own-Headhunter-Online-Superhighway/dp/0679761934] * World Privacy Forum [https://worldprivacyforum.org/] * World Privacy Forum - LinkedIn [https://www.linkedin.com/company/world-privacy-forum/] * Pam Dixon - Carnegie Mellon University [https://www.cmu.edu/cee-tp/ict/people/bio-pam-dixon.html] * UNSD [https://unstats.un.org/UNSDWebsite/] * Health Data Collaborative [https://www.healthdatacollaborative.org/]