Big Data in AI Toronto: Social Engineering Security Threats

hello again and welcome to big data in ai toronto um so this session again is we were talking about um a cyber security issue that we&#39;re all facing today uh nowadays it&#39;s a big challenge and for that i am also talking today uh with mr jim peggy amsas he is uh an author uh um writer and also a podcaster he is also my business partner for like the past five years uh his work was in digital marketing and social media and since he became my partner he&#39;s got himself somehow involved into ai and cyber security so uh jim welcome uh this is your first time in um uh big data on ai toronto yes it is thank you for watching some insights on this topic yeah so the topic today we&#39;re talking about is hacking the human mind the rise of social engineering security threat so let&#39;s dive in so that&#39;s me and my uh jim we&#39;re a couple of handsome dude we&#39;re gonna talk about this topic today but now let&#39;s talk about a very important thing that started happening so you know that during covert everybody said that the the hacking or the data leaks are going to rise up but what happened in the beginning of kobe like let&#39;s say like the first three months uh in in 2020 um the thing in is that the the hacks and the cyber attacks became less as you can see here because and this is what what uh you know the databases dropped significantly in the 2020 quarter because according to mr miss eva vasquez which is the president and ceo of the identity uh of this resource center in united states that organization are have become on high alert looking for signs of cyber attacks so it became more complicated for attackers to come and physically uh you know to do that hacking or or cause the data leaks physically from the servers so they have to look into other options and one of those options was social engineering because social engineering is the art of manipulating people so they give up information or confidential information about themselves that type of information that criminals are seeking i can vary but when individuals are targeted by the criminals they&#39;re usually trying to trick them into giving them more like something like password bank information social insurance number uh computer security uh uh information that they can install malware or other stuff so they come and gain their trust somehow uh to give them very personal information that they can use against them and what does a social engineering attack looks like it could be it looks like an email from a friend or an email from another trusted source or distressed call for help like someone sends you like oh my mother is dying uh my father is lost my father last year my mother&#39;s dying i need some help and so you give them some information or your credit card number or something like that in you know in a like a you&#39;re trying to help but that&#39;s what they&#39;re gonna use against you so many people do not know that this was an actual social engineering exam so there are three types of tactics that these guys are used in person and this is one of the most dangerous because the personal chemistry in people can create a trust easily with people that are not trustworthy through phone you know somebody calls you and tells you i&#39;m from the cra or i&#39;m from this bank or whatever and then the digital which is like kind of like email or or a text message or something like that and both of those oh sorry three of those uh you like they they use they use your emotions to to to to come and either makes me fear something or you know like feel sorry for someone so that they could become something remember and that&#39;s what i wanted to talk to you about a little bit uh jim when we talked about when did kovitz started and we were talking too much on the phone at the time and it was a big bit of a rise of those phone calls from the cra i was like oh you&#39;re in a big trouble you can come here and you have to pay for the cra or you&#39;re going to be in big trouble or the uh the help from the government uh i think uh serb and and and that stuff do you remember we were talking about that right yeah actually happened to me uh a few i got through those calls as well and sort of some of my friends yes they definitely uh increased there was a lot of uh i got cra call a couple of years ago actually uh even before uh covet but yes they seem to have come back again in 2020 so that is and i can say myself and other people did get those calls yeah and you remember just calling me about one call that was like really like a legit call and you just you didn&#39;t do anything but you called me it&#39;s like can you tell me what is it about and i told you this is definitely a prank call remember that one yeah i remember remember yeah so i mean like it&#39;s i mean i probably you got lucky because you know someone like me but a lot of people do not have that someone so i believe like what we talk about is the awareness is very it&#39;s very important and what is what we talked about in our podcast is he remembers that one many times yeah we&#39;ve talked about uh this misinformation and and privacy in the 21st century so yes we&#39;ve talked about these topics yeah so uh again uh the touch of social engineering attacks come in in things like we call them uh fishing there&#39;s called spear fishing there&#39;s wishing smishing and mining social media i&#39;m just gonna go through them uh and we&#39;re gonna talk about some examples because like phishing is like an email that sends you and give you some information about yourself and they ask you for for something and most of these as you can see from here are about financial services come from something that that pretends it&#39;s from your bank or from paypal or from anything that you use your credit card or something uh to purchase and they and they give you some information so that they give them more now spearfishing is also fishing but it&#39;s more targeted they they might give you they might hacked into some leaked information from somewhere and they would send you information that oh you have done this purchase on that time with with this last four numbers of your credit card and that&#39;s something that they stole from somewhere you know and that that that&#39;s like spearfishing because it&#39;s targeted to you and has very information and so you just start doubting yourself or giving them trust that they they don&#39;t deserve there&#39;s also something called wishing with his voice fishing it&#39;s like through phone calls this is also very um um you know very dangerous because if specifically if the the one in um on the other side is not a bot or a robot call it&#39;s a human a human voice might also create that trust or that fake trust so that you will be more inclined to believe them and trust them there&#39;s also smishing which is like phishing through text messages or sms that when they send you all of that also sometimes from the cra or sometimes oh some relative to you from you some of your relatives died in africa and they have like this million of millions of inheritance and we need some to give you some act to get some action from you so that you will get all of those money a lot of this happened like all the time but during cover it was like so big there&#39;s also mining social media which is like they go to your social profile they collect a lot of information that you don&#39;t know you were giving for free and they pretend they know you by by by collecting all of this social information about you there&#39;s also man in the middle attack which is like they hack into your computer while you&#39;re working on it specifically when you are on a public that you are in the library or in a coffee shop or something and they can see everything you do on your uh um what you call it on your uh laptop or your phone even the credit card numbers that you get and all of that is is it does happen all the time now you know there&#39;s also mine in the browser attack which is not they don&#39;t hack your machine but they have the browser but the same thing so i don&#39;t know you remember we also talked about like we&#39;re telling people it&#39;s it&#39;s okay to connect to public wi-fi it&#39;s just don&#39;t share personal information or financial information they&#39;re called public wi-fi for a reason they called public for a reason you know yeah yeah yeah we talked about you know it&#39;s something we talked this in the privacy many times and even in person and yeah it&#39;s just public for a reason but i but i really believe that uh you know they&#39;re people are aware of it but they&#39;re just bringing their guard down because they&#39;re just going through their day and i think that&#39;s important that we keep reminding people through these talks and all that that you have to not abuse that or use it too often yeah and and uh you remember when we when we saw that book that you wanted to surprise me but i bought it before it&#39;s the book that&#39;s called targeted which talked about this social media hack the big hack of social media the uh uh what we call it on facebook and how cambridge analytica used our information against us in many steps like one of them was was like u.s election and brexit yeah well i guess you&#39;re right i did i did eventually read it but at the end of the day what i&#39;d like to get tell people quickly the context is there&#39;s a lot not great books target is on there there&#39;s one called weapons of math destruction by kathy o&#39;neil and the only reason we&#39;re mentioning these these books is for you to to look into them their resources but cambridge analytica did some very uh horrendous greatest things and i&#39;m not going to ruin it for you because i want i&#39;d rather people read the book but i mean it was crazy what they did they swayed elections ladies and gentlemen this way opinion they sway people&#39;s minds it was like it was bad but when you read it and and then they met there was a movie movie that came out called the great hack with uh shoes in it but you know these are these are some of the material that&#39;s out there available in your local libraries and books so we&#39;re just using that as context that&#39;s all i just want to make sure we&#39;re clear here and and and just i wanted to remember to remind people that 620 and 30 something thousand canadians were were in that league and that&#39;s one league of many leagues and we&#39;ve just heard about uh facebook scandal a couple of days ago where we know that they actually don&#39;t give a damn about their customers and this is recent this is just last week yeah and and it was like it was like i mean like it was shocking but at the same time it was not that shocking right i was shocking you know i i i fortunately didn&#39;t see the whole thing but i i watched it online and it is shocking it is shocking to to see that they&#39;re aware of the problem and they&#39;re not doing anything about it that&#39;s what the shocking part is and they they have hired those people to do those studies and then when they looked at them they just ignored them right i mean this is this is again as you said we&#39;re too much trustee we don&#39;t give too much trust into those platforms while we saw what is happening but we are we are actually submitting to social engineering while we are totally not aware what it&#39;s doing but we&#39;re not we here we hear about all of those private subjects like oh we don&#39;t have any other option well what you do have often don&#39;t share that much online right and we look you know the only thing i like to add hashem i i let me for a few seconds is we do we&#39;ve done so much more of this uh even before covet hit we&#39;ve become a sharing society um you know on facebook on twitter it&#39;s become something of a complete tsunami of of of sharing it&#39;s gotten way out of control yeah so uh continue continuing with with this one because i wanna i wanna talk now in numbers uh the impact about of social engineering attacks and as you can see over the third of phishing attack targets user of financial services which means uh one employee will have power to see our financial data they give their information and all of our financial data is in the in the hands of hackers uh also there&#39;s lots of associated with security incidents in the finance sector increased by 24 that&#39;s only in 2014 you can imagine what is happening right now financial services encounter security incidents 300 percent more frequently than other industries this is our money this is our credit cards these are things that we rely on those entities to protect for us because we cannot keep our money in a shoe box anymore right and and we have we still all have all of that and it&#39;s us through giving the information or some people in that industry so 48 of companies that say that social engineering attacks cost them more than 25 000 per incident that is not a small number but only as you see here but only a quarter of those companies are ongoing training to prevent social engineering what would you say when you hear that they know that it&#39;s cost them but they don&#39;t you know they didn&#39;t give enough budget to train their employees on that i mean like isn&#39;t that like i mean like you could you could spend much less than that on training your employees and preventing all of this you could and this is this is why um you know i think it&#39;s important that you&#39;re giving this talk and i appreciate you allowing me to be part of it because at the end of the day what even what francis haugen said is that they had the guard rails in place and they didn&#39;t use them ladies and gentlemen and this is exactly what i&#39;m talking about they could do but they&#39;re not because they&#39;re more concerned about their profit than they are about doing the right thing exactly and this is why talks like this are important because now it&#39;s on us to be aware and to know what we&#39;re doing what we are sharing with those entities so that we don&#39;t share much right i mean to protect ourselves it&#39;s coming to us to be our own guardians right yes yes yeah and i i believe that the books we talked about there there are a lot of documentaries there i mean that go and watch yeah there&#39;s a gold yeah there&#39;s a one called coded bias um uh by women and uh the one of the ladies that was in the doc was actually from the university of toronto that she did some work with and kathy o&#39;neil from weapon to math destruction is actually featured in coded bias it&#39;s a fantastic film and i know we&#39;re talking about these but these are resources i&#39;m going to say it again these are resources we&#39;re not just we&#39;re not promoting these please don&#39;t misunderstand be very clear these are resources for you to do to check them out to see for yourself what&#39;s happening exactly and and these are just examples i mean if you don&#39;t like what would be saying just go and and watch something like that yes it&#39;s what we know but there&#39;s a lot out there and these are just examples to go and watch i mean like we also heard about pegasus software which was spying on people and most of it happened because people were just like clicking links on whatsapp that were implanting something on their phones right remember also when you told me about the uh those whatsapp messages that you were getting and the sms which have those links and you say like from banks that you&#39;ve never even have any account with right yeah i don&#39;t have an account anyways i was like even text i was getting texts too yeah text messages whatsapp i mean that that is that is that&#39;s going crazy and um you know that&#39;s again on us to be our own guardians uh so that was the impact of these attacks now let&#39;s talk about how to protect ourselves from these social engineering attacks and by the way it&#39;s it&#39;s not that difficult i mean we talked about it many times me and gemini create strong passwords can i try him on this one can i jump in on this one so i uh it&#39;s gonna be a little comedy corner but my i have a younger brother and he he has um warped me on this and i think hashem knows this his his passwords are like 15 letters long ladies and gentlemen 15. you know i&#39;ve i&#39;ve gone to eight okay 15. and like i told hashem this and he was like and what&#39;s your point you know but i high i highly recommend i have a book i have all my passwords please this is the one of the strongest things that i want i really that&#39;s why i appreciate hashem allow me this is one thing please no one two three four no q-w-e-r-t-y please use have a book a heart copy book and write all your passwords in there i know it&#39;s old school but this is the strongest recommendation we&#39;ll have another recommendation besides the physical book but but the idea here is also creating a strong password you know yes i really agree i agree i agree yeah and avoid common obvious password as we just said yes sorry you&#39;re you&#39;re strong i saw you i stole your thunder sorry yeah no it&#39;s fine and this is what this is why i wanted to bring you because you&#39;ve been with me uh on this route and i remember we talked about passwords and i was the one who told you stop putting those passwords they could be hacked in a heartbeat remember and you know there are always here we can just tell you that there are a lot of people to remember complex uh passwords and create create them like a story method uh or do like acronyms or the loki music where you create a scene based on location you know uh like um i like uh uh what do you call it i scream from uh starbucks on bloor and bloor on dixie for example so these are like some stuff that you can easily remember and you can shift like uh capital letters small letters with with special characters and you can remember it&#39;s not it is not that complicated if you thought about it besides don&#39;t use the same password everywhere that is that is very important yes i agree yeah so these are also steps to protect yourself from from uh from social engineering it&#39;s like when you receive something an email or text message first of all be cautious see what the source is is it is it is it does it look like the source that they send it from or does it look suspicious spilling errors sometimes spilling terrorists is not sometimes spelling errors are not because they have they&#39;re stupid or they&#39;re doing errors no because they want to get away from detection of the ai detection so that they do those spilling errors so that they will avoid uh detection by ai now anything that asking for an urgent action might be suspicious also links we just talked about the links that they were sent from cra and all of these things through our text messages and all remember that uh check the from address so if it says adobe.com and you just uh have this this adobe logo look at this the the address that comes is it come from something at adobe.com or not and of course if someone asks you for a personal information you should be skeptic without thinking you know uh that&#39;s that&#39;s you know like i think this is like very very uh basic stuff right and here&#39;s the other another stuff to do from that what scammers and social engineers are doing to you they also they always request for something of value of you they also want to keep the matter of secret or privacy like oh you have someone who died from your uh relatives in kenya or whatever so just keep it secret because there&#39;s a lot of money in it they need to take you an urgent action like now and just pay us like 150 for the fees and then you will get the millions from your inheritance and they approach you from a position of authority like if you&#39;re an executive or a lawyer or a software mechanic or something like that so all of those are signs to look at so that you know that this might be a social engineering attack now um ai how can ai help this ai now can detect deep fake videos we know what deep fakes are it can you take fake reviews it can detect back doors and man-in-the-middle attacks it could detect malware downloads and email and attachment many of the antivirus are using ai for that they can detect phishing and spearfishing emails so ai can help way more than we can and we should also invest in ai researchers into into doing that um that was it i need you jim to tell us like this is how you can communicate with me and jim i need you to have like um we have like about three minutes i want you to just tell tell somebody about the experience of learning that stuff uh through the years you know well at the end of the day um yes you know wasn&#39;t a thing that i was interested in now the reason i was is i like to learn and you know the the area for that was becoming prevalent in the media and uh you know i like to you know like i said hashem i&#39;ve known her for five years but it was on my own terms hisham never said oh you gotta learn no it&#39;s just my own terms so uh the one thing i&#39;ll be honest with you is the covers of these books are just insane like targeted as like a grenade you know the weapons of mass destruction you know is uh uh you know it&#39;s a skull you know it&#39;s like it&#39;s a it&#39;s a skull with uh you know crossbows um but at the end of the day is i think we have to be more aware of what&#39;s happening and you know there&#39;s great books out there there&#39;s documentaries there&#39;s solid information out there and it&#39;s only a lot to be more aware of myself and uh so that&#39;s why for me uh if you&#39;re loved to read there&#39;s lots of great books you can watch movies uh on you know whatever streaming service you have so um that&#39;s what the thing is but it&#39;s also to be conscious that the world is changing um you know i&#39;ve been teaching social media for a long time this added another toolbox for me too for people to understand it better we talked about in our podcast we talked about privacy we talked about crypto we talked about misinformation these topics are still important look what happened with facebook ladies and gentlemen this is very fresh so um that is why uh i&#39;ve done it and i continue to do it and i think i encourage you that to implore you that um this is information that&#39;s out there your local library your local bookstore go and learn more about it because your information at the end of the day your information is your information for a reason i think we have to be that and one more thing that i&#39;d like to really um think is yes be careful using public wi-fi especially it&#39;s very important so with that i appreciate thank you michelle for having me on today and just be more aware and composite of when you&#39;re using yeah so i guess what jim is trying to say because he doesn&#39;t come from a technical background if i can do it you can do it right okay and all right that works yeah awareness is the key it doesn&#39;t matter what industry you are in this is a this is a public awareness i believe now everybody has to know it uh so thank you jim for being here and give our audience uh your own personal experience into this thank you everybody for being here you can contact me or jim through our twitter accounts or anything you can find us everywhere and uh this is this is it for this session and we&#39;re gonna take your questions

hello again and welcome to big data in ai toronto um so this session again is we were talking about um a cyber security issue that we&amp;#39;re all facing today uh nowadays it&amp;#39;s a big challenge and for that i am also talking today uh with mr jim peggy amsas he is uh an author uh um writer and also a podcaster he is also my business partner for like the past five years uh his work was in digital marketing and social media and since he became my partner he&amp;#39;s got himself somehow involved into ai and cyber security so uh jim welcome uh this is your first time in um uh big data on ai toronto yes it is thank you for watching some insights on this topic yeah so the topic today we&amp;#39;re talking about is hacking the human mind the rise of social engineering security threat so let&amp;#39;s dive in so that&amp;#39;s me and my uh jim we&amp;#39;re a couple of handsome dude we&amp;#39;re gonna talk about this topic today but now let&amp;#39;s talk about a very important thing that started happening so you know that during covert everybody said that the the hacking or the data leaks are going to rise up but what happened in the beginning of kobe like let&amp;#39;s say like the first three months uh in in 2020 um the thing in is that the the hacks and the cyber attacks became less as you can see here because and this is what what uh you know the databases dropped significantly in the 2020 quarter because according to mr miss eva vasquez which is the president and ceo of the identity uh of this resource center in united states that organization are have become on high alert looking for signs of cyber attacks so it became more complicated for attackers to come and physically uh you know to do that hacking or or cause the data leaks physically from the servers so they have to look into other options and one of those options was social engineering because social engineering is the art of manipulating people so they give up information or confidential information about themselves that type of information that criminals are seeking i can vary but when individuals are targeted by the criminals they&amp;#39;re usually trying to trick them into giving them more like something like password bank information social insurance number uh computer security uh uh information that they can install malware or other stuff so they come and gain their trust somehow uh to give them very personal information that they can use against them and what does a social engineering attack looks like it could be it looks like an email from a friend or an email from another trusted source or distressed call for help like someone sends you like oh my mother is dying uh my father is lost my father last year my mother&amp;#39;s dying i need some help and so you give them some information or your credit card number or something like that in you know in a like a you&amp;#39;re trying to help but that&amp;#39;s what they&amp;#39;re gonna use against you so many people do not know that this was an actual social engineering exam so there are three types of tactics that these guys are used in person and this is one of the most dangerous because the personal chemistry in people can create a trust easily with people that are not trustworthy through phone you know somebody calls you and tells you i&amp;#39;m from the cra or i&amp;#39;m from this bank or whatever and then the digital which is like kind of like email or or a text message or something like that and both of those oh sorry three of those uh you like they they use they use your emotions to to to to come and either makes me fear something or you know like feel sorry for someone so that they could become something remember and that&amp;#39;s what i wanted to talk to you about a little bit uh jim when we talked about when did kovitz started and we were talking too much on the phone at the time and it was a big bit of a rise of those phone calls from the cra i was like oh you&amp;#39;re in a big trouble you can come here and you have to pay for the cra or you&amp;#39;re going to be in big trouble or the uh the help from the government uh i think uh serb and and and that stuff do you remember we were talking about that right yeah actually happened to me uh a few i got through those calls as well and sort of some of my friends yes they definitely uh increased there was a lot of uh i got cra call a couple of years ago actually uh even before uh covet but yes they seem to have come back again in 2020 so that is and i can say myself and other people did get those calls yeah and you remember just calling me about one call that was like really like a legit call and you just you didn&amp;#39;t do anything but you called me it&amp;#39;s like can you tell me what is it about and i told you this is definitely a prank call remember that one yeah i remember remember yeah so i mean like it&amp;#39;s i mean i probably you got lucky because you know someone like me but a lot of people do not have that someone so i believe like what we talk about is the awareness is very it&amp;#39;s very important and what is what we talked about in our podcast is he remembers that one many times yeah we&amp;#39;ve talked about uh this misinformation and and privacy in the 21st century so yes we&amp;#39;ve talked about these topics yeah so uh again uh the touch of social engineering attacks come in in things like we call them uh fishing there&amp;#39;s called spear fishing there&amp;#39;s wishing smishing and mining social media i&amp;#39;m just gonna go through them uh and we&amp;#39;re gonna talk about some examples because like phishing is like an email that sends you and give you some information about yourself and they ask you for for something and most of these as you can see from here are about financial services come from something that that pretends it&amp;#39;s from your bank or from paypal or from anything that you use your credit card or something uh to purchase and they and they give you some information so that they give them more now spearfishing is also fishing but it&amp;#39;s more targeted they they might give you they might hacked into some leaked information from somewhere and they would send you information that oh you have done this purchase on that time with with this last four numbers of your credit card and that&amp;#39;s something that they stole from somewhere you know and that that that&amp;#39;s like spearfishing because it&amp;#39;s targeted to you and has very information and so you just start doubting yourself or giving them trust that they they don&amp;#39;t deserve there&amp;#39;s also something called wishing with his voice fishing it&amp;#39;s like through phone calls this is also very um um you know very dangerous because if specifically if the the one in um on the other side is not a bot or a robot call it&amp;#39;s a human a human voice might also create that trust or that fake trust so that you will be more inclined to believe them and trust them there&amp;#39;s also smishing which is like phishing through text messages or sms that when they send you all of that also sometimes from the cra or sometimes oh some relative to you from you some of your relatives died in africa and they have like this million of millions of inheritance and we need some to give you some act to get some action from you so that you will get all of those money a lot of this happened like all the time but during cover it was like so big there&amp;#39;s also mining social media which is like they go to your social profile they collect a lot of information that you don&amp;#39;t know you were giving for free and they pretend they know you by by by collecting all of this social information about you there&amp;#39;s also man in the middle attack which is like they hack into your computer while you&amp;#39;re working on it specifically when you are on a public that you are in the library or in a coffee shop or something and they can see everything you do on your uh um what you call it on your uh laptop or your phone even the credit card numbers that you get and all of that is is it does happen all the time now you know there&amp;#39;s also mine in the browser attack which is not they don&amp;#39;t hack your machine but they have the browser but the same thing so i don&amp;#39;t know you remember we also talked about like we&amp;#39;re telling people it&amp;#39;s it&amp;#39;s okay to connect to public wi-fi it&amp;#39;s just don&amp;#39;t share personal information or financial information they&amp;#39;re called public wi-fi for a reason they called public for a reason you know yeah yeah yeah we talked about you know it&amp;#39;s something we talked this in the privacy many times and even in person and yeah it&amp;#39;s just public for a reason but i but i really believe that uh you know they&amp;#39;re people are aware of it but they&amp;#39;re just bringing their guard down because they&amp;#39;re just going through their day and i think that&amp;#39;s important that we keep reminding people through these talks and all that that you have to not abuse that or use it too often yeah and and uh you remember when we when we saw that book that you wanted to surprise me but i bought it before it&amp;#39;s the book that&amp;#39;s called targeted which talked about this social media hack the big hack of social media the uh uh what we call it on facebook and how cambridge analytica used our information against us in many steps like one of them was was like u.s election and brexit yeah well i guess you&amp;#39;re right i did i did eventually read it but at the end of the day what i&amp;#39;d like to get tell people quickly the context is there&amp;#39;s a lot not great books target is on there there&amp;#39;s one called weapons of math destruction by kathy o&amp;#39;neil and the only reason we&amp;#39;re mentioning these these books is for you to to look into them their resources but cambridge analytica did some very uh horrendous greatest things and i&amp;#39;m not going to ruin it for you because i want i&amp;#39;d rather people read the book but i mean it was crazy what they did they swayed elections ladies and gentlemen this way opinion they sway people&amp;#39;s minds it was like it was bad but when you read it and and then they met there was a movie movie that came out called the great hack with uh shoes in it but you know these are these are some of the material that&amp;#39;s out there available in your local libraries and books so we&amp;#39;re just using that as context that&amp;#39;s all i just want to make sure we&amp;#39;re clear here and and and just i wanted to remember to remind people that 620 and 30 something thousand canadians were were in that league and that&amp;#39;s one league of many leagues and we&amp;#39;ve just heard about uh facebook scandal a couple of days ago where we know that they actually don&amp;#39;t give a damn about their customers and this is recent this is just last week yeah and and it was like it was like i mean like it was shocking but at the same time it was not that shocking right i was shocking you know i i i fortunately didn&amp;#39;t see the whole thing but i i watched it online and it is shocking it is shocking to to see that they&amp;#39;re aware of the problem and they&amp;#39;re not doing anything about it that&amp;#39;s what the shocking part is and they they have hired those people to do those studies and then when they looked at them they just ignored them right i mean this is this is again as you said we&amp;#39;re too much trustee we don&amp;#39;t give too much trust into those platforms while we saw what is happening but we are we are actually submitting to social engineering while we are totally not aware what it&amp;#39;s doing but we&amp;#39;re not we here we hear about all of those private subjects like oh we don&amp;#39;t have any other option well what you do have often don&amp;#39;t share that much online right and we look you know the only thing i like to add hashem i i let me for a few seconds is we do we&amp;#39;ve done so much more of this uh even before covet hit we&amp;#39;ve become a sharing society um you know on facebook on twitter it&amp;#39;s become something of a complete tsunami of of of sharing it&amp;#39;s gotten way out of control yeah so uh continue continuing with with this one because i wanna i wanna talk now in numbers uh the impact about of social engineering attacks and as you can see over the third of phishing attack targets user of financial services which means uh one employee will have power to see our financial data they give their information and all of our financial data is in the in the hands of hackers uh also there&amp;#39;s lots of associated with security incidents in the finance sector increased by 24 that&amp;#39;s only in 2014 you can imagine what is happening right now financial services encounter security incidents 300 percent more frequently than other industries this is our money this is our credit cards these are things that we rely on those entities to protect for us because we cannot keep our money in a shoe box anymore right and and we have we still all have all of that and it&amp;#39;s us through giving the information or some people in that industry so 48 of companies that say that social engineering attacks cost them more than 25 000 per incident that is not a small number but only as you see here but only a quarter of those companies are ongoing training to prevent social engineering what would you say when you hear that they know that it&amp;#39;s cost them but they don&amp;#39;t you know they didn&amp;#39;t give enough budget to train their employees on that i mean like isn&amp;#39;t that like i mean like you could you could spend much less than that on training your employees and preventing all of this you could and this is this is why um you know i think it&amp;#39;s important that you&amp;#39;re giving this talk and i appreciate you allowing me to be part of it because at the end of the day what even what francis haugen said is that they had the guard rails in place and they didn&amp;#39;t use them ladies and gentlemen and this is exactly what i&amp;#39;m talking about they could do but they&amp;#39;re not because they&amp;#39;re more concerned about their profit than they are about doing the right thing exactly and this is why talks like this are important because now it&amp;#39;s on us to be aware and to know what we&amp;#39;re doing what we are sharing with those entities so that we don&amp;#39;t share much right i mean to protect ourselves it&amp;#39;s coming to us to be our own guardians right yes yes yeah and i i believe that the books we talked about there there are a lot of documentaries there i mean that go and watch yeah there&amp;#39;s a gold yeah there&amp;#39;s a one called coded bias um uh by women and uh the one of the ladies that was in the doc was actually from the university of toronto that she did some work with and kathy o&amp;#39;neil from weapon to math destruction is actually featured in coded bias it&amp;#39;s a fantastic film and i know we&amp;#39;re talking about these but these are resources i&amp;#39;m going to say it again these are resources we&amp;#39;re not just we&amp;#39;re not promoting these please don&amp;#39;t misunderstand be very clear these are resources for you to do to check them out to see for yourself what&amp;#39;s happening exactly and and these are just examples i mean if you don&amp;#39;t like what would be saying just go and and watch something like that yes it&amp;#39;s what we know but there&amp;#39;s a lot out there and these are just examples to go and watch i mean like we also heard about pegasus software which was spying on people and most of it happened because people were just like clicking links on whatsapp that were implanting something on their phones right remember also when you told me about the uh those whatsapp messages that you were getting and the sms which have those links and you say like from banks that you&amp;#39;ve never even have any account with right yeah i don&amp;#39;t have an account anyways i was like even text i was getting texts too yeah text messages whatsapp i mean that that is that is that&amp;#39;s going crazy and um you know that&amp;#39;s again on us to be our own guardians uh so that was the impact of these attacks now let&amp;#39;s talk about how to protect ourselves from these social engineering attacks and by the way it&amp;#39;s it&amp;#39;s not that difficult i mean we talked about it many times me and gemini create strong passwords can i try him on this one can i jump in on this one so i uh it&amp;#39;s gonna be a little comedy corner but my i have a younger brother and he he has um warped me on this and i think hashem knows this his his passwords are like 15 letters long ladies and gentlemen 15. you know i&amp;#39;ve i&amp;#39;ve gone to eight okay 15. and like i told hashem this and he was like and what&amp;#39;s your point you know but i high i highly recommend i have a book i have all my passwords please this is the one of the strongest things that i want i really that&amp;#39;s why i appreciate hashem allow me this is one thing please no one two three four no q-w-e-r-t-y please use have a book a heart copy book and write all your passwords in there i know it&amp;#39;s old school but this is the strongest recommendation we&amp;#39;ll have another recommendation besides the physical book but but the idea here is also creating a strong password you know yes i really agree i agree i agree yeah and avoid common obvious password as we just said yes sorry you&amp;#39;re you&amp;#39;re strong i saw you i stole your thunder sorry yeah no it&amp;#39;s fine and this is what this is why i wanted to bring you because you&amp;#39;ve been with me uh on this route and i remember we talked about passwords and i was the one who told you stop putting those passwords they could be hacked in a heartbeat remember and you know there are always here we can just tell you that there are a lot of people to remember complex uh passwords and create create them like a story method uh or do like acronyms or the loki music where you create a scene based on location you know uh like um i like uh uh what do you call it i scream from uh starbucks on bloor and bloor on dixie for example so these are like some stuff that you can easily remember and you can shift like uh capital letters small letters with with special characters and you can remember it&amp;#39;s not it is not that complicated if you thought about it besides don&amp;#39;t use the same password everywhere that is that is very important yes i agree yeah so these are also steps to protect yourself from from uh from social engineering it&amp;#39;s like when you receive something an email or text message first of all be cautious see what the source is is it is it is it does it look like the source that they send it from or does it look suspicious spilling errors sometimes spilling terrorists is not sometimes spelling errors are not because they have they&amp;#39;re stupid or they&amp;#39;re doing errors no because they want to get away from detection of the ai detection so that they do those spilling errors so that they will avoid uh detection by ai now anything that asking for an urgent action might be suspicious also links we just talked about the links that they were sent from cra and all of these things through our text messages and all remember that uh check the from address so if it says adobe.com and you just uh have this this adobe logo look at this the the address that comes is it come from something at adobe.com or not and of course if someone asks you for a personal information you should be skeptic without thinking you know uh that&amp;#39;s that&amp;#39;s you know like i think this is like very very uh basic stuff right and here&amp;#39;s the other another stuff to do from that what scammers and social engineers are doing to you they also they always request for something of value of you they also want to keep the matter of secret or privacy like oh you have someone who died from your uh relatives in kenya or whatever so just keep it secret because there&amp;#39;s a lot of money in it they need to take you an urgent action like now and just pay us like 150 for the fees and then you will get the millions from your inheritance and they approach you from a position of authority like if you&amp;#39;re an executive or a lawyer or a software mechanic or something like that so all of those are signs to look at so that you know that this might be a social engineering attack now um ai how can ai help this ai now can detect deep fake videos we know what deep fakes are it can you take fake reviews it can detect back doors and man-in-the-middle attacks it could detect malware downloads and email and attachment many of the antivirus are using ai for that they can detect phishing and spearfishing emails so ai can help way more than we can and we should also invest in ai researchers into into doing that um that was it i need you jim to tell us like this is how you can communicate with me and jim i need you to have like um we have like about three minutes i want you to just tell tell somebody about the experience of learning that stuff uh through the years you know well at the end of the day um yes you know wasn&amp;#39;t a thing that i was interested in now the reason i was is i like to learn and you know the the area for that was becoming prevalent in the media and uh you know i like to you know like i said hashem i&amp;#39;ve known her for five years but it was on my own terms hisham never said oh you gotta learn no it&amp;#39;s just my own terms so uh the one thing i&amp;#39;ll be honest with you is the covers of these books are just insane like targeted as like a grenade you know the weapons of mass destruction you know is uh uh you know it&amp;#39;s a skull you know it&amp;#39;s like it&amp;#39;s a it&amp;#39;s a skull with uh you know crossbows um but at the end of the day is i think we have to be more aware of what&amp;#39;s happening and you know there&amp;#39;s great books out there there&amp;#39;s documentaries there&amp;#39;s solid information out there and it&amp;#39;s only a lot to be more aware of myself and uh so that&amp;#39;s why for me uh if you&amp;#39;re loved to read there&amp;#39;s lots of great books you can watch movies uh on you know whatever streaming service you have so um that&amp;#39;s what the thing is but it&amp;#39;s also to be conscious that the world is changing um you know i&amp;#39;ve been teaching social media for a long time this added another toolbox for me too for people to understand it better we talked about in our podcast we talked about privacy we talked about crypto we talked about misinformation these topics are still important look what happened with facebook ladies and gentlemen this is very fresh so um that is why uh i&amp;#39;ve done it and i continue to do it and i think i encourage you that to implore you that um this is information that&amp;#39;s out there your local library your local bookstore go and learn more about it because your information at the end of the day your information is your information for a reason i think we have to be that and one more thing that i&amp;#39;d like to really um think is yes be careful using public wi-fi especially it&amp;#39;s very important so with that i appreciate thank you michelle for having me on today and just be more aware and composite of when you&amp;#39;re using yeah so i guess what jim is trying to say because he doesn&amp;#39;t come from a technical background if i can do it you can do it right okay and all right that works yeah awareness is the key it doesn&amp;#39;t matter what industry you are in this is a this is a public awareness i believe now everybody has to know it uh so thank you jim for being here and give our audience uh your own personal experience into this thank you everybody for being here you can contact me or jim through our twitter accounts or anything you can find us everywhere and uh this is this is it for this session and we&amp;#39;re gonna take your questions

Transcript for:Big Data in AI Toronto: Social Engineering Security Threats

Transcript for:
Big Data in AI Toronto: Social Engineering Security Threats