I just interviewed Adam Levin who is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud and personal finance. He’s also the co-host of the What the Hack with Adam Levin podcast and author of the book Swiped.
Adam was kind enough to take all of my questions on how travelers can protect themselves against getting scammed. We talked about everything from paying for gas at the pump to how to detect hidden cameras in vacation rentals. Below you can listen to the interview on my podcast, YouTube or read the partial edited transcript below.
Johnny Jet: Since you’ve been around, you know all the scams that people are trying to pull on travelers.
Adam Levin: Every kind of scam! Part of my background is also I was Consumer Affairs Director for the state of New Jersey for five years so you get introduced to every possible scam.
I think that one thing people always have to keep in mind, is we all have day jobs, we’re working. We’re raising a family. We’re running a business. We’re involved in philanthropic or educational activities. That’s our day job. But to a hacker, a scammer, an identity thief, we are their day job.
Scammers will swoop in and remember they’re creative, sophisticated and extremely persistent, right? So what do you think is the most popular or most common scam that people do? And how about the one for the state of New Jersey? Well, in those days, scams were just everything from people offering incredible deals to presenting, for instance, a car deal, except they had only one car in stock that met those specifics so people would rush in and they were immediately bait and switched.
You know one of the big scams is they’d be delivering your oil, except that your oil bill didn’t match the number of gallons because they had adjusted the meters, or you go to a gas station and the meters had been played with or there were skimmers.
I mean skimmers have been around forever where you would, you know, insert a credit card and it would take your information and transmit it to the hackers.
Johnny Jet: You still have to worry about skimmers.
Adam Levin: Today, oh, absolutely. Skimmers in gas pumps, skimmers in ATM’s ….
Johnny Jet: When you’re at the gas station, how do you pay?
Adam Levin: Well, I insert my credit card at the gas station and use the gas pumps closest to the office. Just like when you are using an ATM machine. Be very careful when you use an ATM machine that’s out in the wild. Try to use ATM machines that are either attached to financial institutions or in actual the glass sections of the financial institution where you go in. If they’re not, there’s a higher likelihood that they could be manipulated, whereas in a bank or attached to a bank, there are cameras that are mirrors.
Johnny Jet: I also avoid ATMs in hotels.
Johnny Jet: I assume you’re not going to rent a house just on any website other than a reputable site like AirBnb or VRBO?
Adam Levin: I mean, there’s nothing more dangerous than responding to a pop up ad that offers you the deal of the century. Because as you and I both know, if it’s too good to be true, 99% of the time it isn’t true.
Johnny Jet: And you never pay with a gift card or a debit card. Always a credit card.
Adam Levin: Always a credit card, because remember with a credit card, it’s the bank’s money. With a debit card or a gift card or cash, it’s your money.
Johnny Jet: There’s even a big scam where people are just showing up to people’s houses because they’re now taking pictures off of Redfin or another rental site or realtor site creating a fake vacation rental. So people are actually showing up with their bags because they legitimately thought they paid for it, which they haven’t.
Adam Levin: So that’s why it’s very important to use reputable sites and make some calls. Talk to some real estate people in the area say, could you run a check? Look at Google maps.
Johnny Jet: Every time I’ve rented from Airbnb or VRBO I always only rent from like their star renters. Then you’re pretty much certain you won’t have any problems. You know that you’re going to have a great vacation and you’re not going to run into issues because they’ve been vetted so many times, or I ask my friends who have they rented from. Never rent from a first time renter.
Adam Levin: It’s always important to do a point of reference and like we say with anything, whether it’s downloading an app, whether it’s going to a website to read reviews, and pay particular attention to the negative reviews.
Johnny Jet: Right, but some of the reviews are fake, correct?
Adam Levin: If it sounds too glowing, you know, be careful. Just take your time and read various reviews. If they all seem to have the same theme, if they all seem to be written sort of the same way. Also do reverse look ups on some of the photographs of the real estate and if it shows up in other places with different addresses, that might give you a clue that that’s an issue.
Johnny Jet: Do people have to worry about finding cameras in their vacation rental or even their hotel room?
Adam Levin: Yeah, you have to worry about that. You know, turn the lights off. Turn a flashlight on if you see things flashing back at you or there are mirror images and those kinds of things. That’s kind of a tip off. It’s not unusual for people to have security cameras in their homes, just not in their bathrooms, bedrooms and closets, right?
Johnny Jet: And they’re getting tricky with these cameras. I mean, they could actually be in a fake outlet or a teddy bear or a smoke detector? I mean, you really have to look everywhere, correct?
Adam Levin: You do. You know it’s better to be safe than sorry.
Johnny Jet: Right, but it doesn’t happen very often, so I don’t want to scare people.
Adam Levin: Well, not in well reviewed, well vetted properties.
Johnny Jet: There’ are also devices that I’ve heard about that you can buy on Amazon that will actually help detect if there’s a camera in the room.
Adam Levin: I’m not that familiar with them, but I think you’re correct.
Johnny Jet: How about connecting to Wi-Fi when you’re traveling. Do you always use a VPN?
Adam Levin: I always use a VPN. It’s not going to save you if you already have some kind of malware on your device, but at least it will keep you as hidden as possible. Just remember with VPNs … use ones you pay for. Free ones sometimes collect your data. Also, make sure that you’re using the Wi-Fi from a particular home. Find out as much as you can about the security of the Wi-Fi, and then make sure that you’re actually using the specific letters that make up the name of the Wi-Fi or the numbers because someone could easily make just a slight derivation of that. It could be a hack.
Adam Levin: I’ll tell you a funny story. At CyberScout, we used to have an event every year. It was called the Privacy Exchange and one year we had one of the top election hackers in the world who came and did a presentation for us. One of the things he did was set-up a fake Wi-Fi network titled: Fake Wi-Fi network. Do not connect to this. 37 people out of 400 attendees actually connected to that network.
Very important whenever you’re at a conference. Whenever you’re at a hotel, make very sure that the system you’re connecting into is the official system. The other thing too is just remember don’t do anything sensitive when you’re connecting to a network that’s not secure, and especially if you’re on notice that it’s not secure.
You really want to be as safe as possible. We created something in the book Swiped, about the 3Ms. How do you minimize your risk of exposure by reducing your attackable surface? How do you monitor yours effectively? Know that you have a problem and then if you do have a problem. How to manage the debt? And minimizing risk is everything from password protocols or using the password manager two-factor authentication, not clicking on links or opening attachments that don’t look familiar. And even if they do look familiar, being very careful. Especially if you get texts, just don’t click on texts because that’s where you can run into problems.
When you’re creating answers to security questions, lie like a superhero. Because so much information is out there on social media about us, and much of that information finds its way into the answers to security questions. If you lie like a superhero, the website or the account only cares that you’re consistent, not that you’re being truthful, so that’s important.
Freezing your credit, that’s important. And then the second M, monitoring check your credit reports, monitor your credit scores, have transaction alerts, even check explanation of benefits statements you get from your health insurers to see if that’s really you. And the final M. How do you manage the damage? A lot of people don’t realize that through their insurance companies, many of their financial institutions and now a significant percentage of employers. There are programs available to help you through identity incidents, giving you access to professional fraud. Check with your agent or your Rep or your HR department and say do you have a program that will help me?
Johnny Jet: I’ve gotten hacked a couple times. Actually once was in New York City a couple of years ago. I’m not sure how they did it and then just two months ago. All of a sudden I started seeing some charges from this one company on two credit cards including my bank card and I have no idea how they got it because I don’t use those cards.
Adam Levin: Likely is that your user ID and password showed up on the website. Have I been pawned, for instance, because there has been a breach of an institution where your user ID and password were in it was in their database. If you think about it, we’ve had just thousands upon thousands of breaches that are announced every year, right? I mean Equifax alone, you’re talking about 150 million people with everything from their Social Security number to driver’s license to personal identifiable information. Mortgage companies, hospitals educational institutions. The list goes on and on and on, so I I think people have to understand the fact that our information is out there and that that we have to be mindful of that.
Johnny Jet: So do you recommend people checking haveibeenpwned.com?
Adam Levin: Absolutely. You can put in your cell phone and you know for years everybody was saying it’s Social Security number. That’s your most ubiquitous number. the truth is today your most ubiquitous numbers, your cell phone, ’cause nobody changes it. And it’s on you. It’s literally attached to your appendage. Practically, it’s another arm, and everywhere you go, people don’t think twice about giving out their cell phone number.
Johnny Jet: Right, should they be giving out a burner number?
Adam Levin: Would be better if they did. Would be better also to have you know, a burner e-mail too.
Johnny Jet: I know there are apps and sites that will actually give you a different phone number that will actually redirect to your number.
Adam Levin: Yes, you know Google Voice for one.
Johnny Jet: My last question for you. Do you put a piece of tape over the camera on your laptop?
Well, actually I have a sliding cover. But you should definitely. I mean, if it’s good enough for Mark Zuckerberg, it’s good enough for the rest of us.
Adam Levin: There was a rat scandal a few years ago where there was a Russian website that had the activities of 77,000 households worldwide. The hackers had gotten into, and they were basically transmitting images to this one website. You could go on and see what everyone’s doing. Like the movie sliver.
Johnny Jet: Oh my God.
Adam Levin: You don’t want to be the star of your own reality show.
Johnny Jet: That’s why I put a piece of tape on my lens right when I finish my interviews. Thank you again for taking the time.