Darknet Diaries: 138: The Mimics of Punjab

Okay, so I've got a good story for you today.

But when I was researching this episode, I came across something that wasn't

exactly hacker related, but it captured my curiosity for like a good 30 minutes.

And maybe you'll find this interesting too.

So apparently people in India like flying kites.

But when I think of flying kites, I think about doing it in a park or at some

beach someplace wide open, right?

Yeah.

Well, that's not how kite flying happens in India.

They like to fly kites on their rooftops in populated parts of the city, like

on the tops of low rise apartments, and you'll sometimes even see them hanging

over their balcony or flying the kite right out the window.

I never even knew you could fly a kite out a window.

Three stories up, but yeah, they're doing it.

And I saw videos of this on YouTube.

And so on nice, breezy days in India, you may look up and see some people

on the rooftops flying kites right in the middle of a busy city.

Anyway, kites alone aren't that exciting to me.

But here's the part that surprised me.

Apparently there are kite fighters among these people.

And this gets wild.

They take kite flying to a whole new level, if you ask me.

So the idea here is to knock someone else's kite out of the sky with your kite.

So like if you're on the rooftop and you see a kite flying a couple of rooftops

over from you, the mission is to knock theirs down.

And so the first thing you have to do is to get your kite near theirs, or at

least near their string.

And that takes a bit of skill to get your kite close to the person's kite, who's

like three rooftops away from you.

And I don't even understand how they do this.

Like, how do you send your kite over to someone else's where you can't even move

off your balcony?

I thought the wind decided where your kite went, but apparently they're able

to let out the string more or wait the kite down or something to get it to go

where they want.

Now, I've flown a kite too close to someone else's kite before.

And what happened to me is that the kites got tangled up and both of our kites

crashed to the ground.

But the kite fighters don't want their own kite crashing to the ground.

They want to win this battle.

So what kite fighters do is they coat their strings with something sharp to

turn it into a skyward saw.

Some use wax, but I think a lot of people are buying strings that are coated in

little pieces of glass, making it sharp and scratchy.

So if you can get your string to touch theirs and then just at the right time,

give it a quick tug, it'll scrape your string across theirs and it may cut their

kite string, sending their kite to float off freely and eventually crashed

to the ground, but like a block away, leaving yours in the air as the victor

of the battle.

It's wild.

You can watch these videos where you see somebody taken out like one kite after

another on rooftops.

And I can't tell if the other flyers like this or hate this, because if you had

like a nine year old trying out a kite and their string gets slashed by some

teenager looking for some sky fight, that kid's going to be crying.

But anyway, that's kite fighting or locally in India, it's known as manja.

And you can buy like sharpened manja strings and stores and online.

But hold on, this gets even crazier.

So you have these razor sharp kite strings flying around in the air, right?

All from rooftops and residential areas.

But these are in some busy areas with lots of street traffic.

So like motorcycles and cars are whizzing by down on the streets below.

So what happens sometimes is when these losing kites crash into the ground,

sometimes they get tangled in weird ways on its descent.

Like the string may get snagged up on some tree branch or a sign or something.

But then the kite floats to the other side of the road and gets tangled on that

side, essentially making a little tightrope that goes across the street.

And when someone drives by, the car can get snagged on it and pull the string

in weird ways.

Well, the real problem comes with motorcycles and bicycles.

There have been a lot of incidents where the string gets caught around

the neck of a motorcyclist and cuts their throat.

Bad scratches, gashes and cuts.

But some have even died from getting their neck slit by a glass covered string.

Yeah, people have died from this kite fighting stuff.

So what motorcyclists do in the areas where it's popular is to install

a small bar on the front of the motorcycle to catch any of those strings.

It kind of looks like a little antenna on the front of the motorcycle.

And it's there just to catch any kite fighter strings from killing the rider.

It's always interesting to me to see the downwind consequences of something

that we didn't immediately think would be a problem.

These are true stories from the dark side of the Internet.

I'm Jack Reissider.

This is Dark Net Diaries.

This episode is sponsored by Threat Locker.

These days, one wrong click of a button can lead to a catastrophic

cyber attack on your organization, and nobody has time to keep training poor

Doris and accounting on what not to click.

Cyber attacks are devastating to businesses.

And without the correct solution in place, your operation remains at risk.

Threat Locker has built an endpoint protection platform that strengthens

your infrastructure from the ground up with zero trust security posture

that protects business critical data while also mitigating cyber attacks.

Threat Lockers allow listing, ring fencing, storage control, elevation control

and network control solutions to name a few, give you a more secure approach

to blocking the exploits of known and unknown threats and application vulnerabilities.

Working together to deny applications by default, block inbound network traffic

and ring fencing your applications.

Threat Locker provides zero trust control at the kernel level.

If you're looking for a proactive solution that will keep your business

better protected in the face of cyber attacks, check out Threat Lockers

Cyber Heroes at www.threatlocker.com.

That's Threat Locker.com.

This episode is brought to you by Spy Cloud.

For some people, ignorance is bliss.

But for you, as a security practitioner, that's not the case.

I went to spycloud.com to check into my dark night exposure.

And I won't tell you what it is, but spoiler alert, I found some things

that are pretty eye-opening from breach exposures to info stealing malware infections.

Knowing what criminals know about you and your business is the first step

to setting things right. Resetting stolen passwords and addressing

the enterprise access points that have been stolen by malware helps you protect

your business from ransomware, account takeovers and online fraud.

With Spy Cloud, you have a trusted partner to fight the good fight with.

They're automated solutions, which is built on over 350 billion

recaptured assets from the criminal underground.

Ensure you're not in the dark when it comes to your company's exposure to cyber crime.

To get your full dark night exposure report, visit spycloud.com

slash dark net diaries at spycloud.com slash dark net diaries.

All right, I got an interesting story for you today.

And let's just jump right into it here. Listen to this phone call.

Okay, this phone call is in the Punjabi language.

It's from India, but I really want you to hear this.

So one second.

Okay, there I've translated the audio and had it

re-recorded in English. Now, take a listen.

Hello.

Hello, Raj. This is Jagga, your cousin calling from Canada.

It's been such a long time since we spoke.

Oh, Jagga, is that really you?

You sound different. It has been a long time.

Yes, yes, absolutely. How is the farm back home in Punjab?

Yeah, the farm is going well.

We had a dispute with Harijit, but it's finally over.

And he paid me for pulling the fields near the canal.

Oh, they finally sent you the money.

God bless us today. How are you?

Yeah, yeah, I'm doing well.

Good, good. If you need something, anything, call me brother.

It won't be a problem.

Yeah, thanks for letting me know.

It's been ages since we have spoken and you've always been like a brother to me.

So I wanted to call you because I've got a problem.

OK, first I wanted to call my family, but and please don't tell anyone.

I worry I'm going to lose their respect if they find out.

Absolutely. OK, OK, I understand.

Raj, you're my cousin and the only person I feel safe enough to tell.

So please don't tell anyone else.

OK, OK, yes.

Don't tell my dad or my brother.

Have you seen them recently?

Yeah, I saw them last month.

Your dad is doing well after his heart attack in November.

OK, so last night I went out for a friend's birthday party here in Canada.

We went to a club, had some food and drinks,

but my friends also started getting high.

OK.

I guess the combination of drugs and alcohol really got to one of my friends

because out of nowhere, he took a bottle and smashed it onto the waiter's head.

Blood went everywhere.

Oh, my God.

They called the police, my friends ran away, but I didn't run.

And the police arrested me for the fight, even though I'm innocent.

I have been charged for hitting the waiter.

I have a lawyer from Punjab, though, who's going to help me get out.

Why didn't you call your dad?

No, no, no, no, I can't call dad.

He thinks I'm working hard.

What would he think if I tell him I have been arrested?

He's already had an heart attack and I don't want to risk causing another.

Everything with the party happened last night.

And as soon as I called, I called you.

I just need you to talk to the lawyer and say that you're my cousin.

I still think your dad should know, but okay, what can I do?

I'll pass you over to my lawyer.

All you have to say is the boy is innocent.

The boy has done nothing wrong.

Please leave him be.

My ATM card, my identity card, all the money from my wallet, it's in custody.

I can't do anything.

OK, OK, let's talk.

Talk to my cousin.

Hello. Hello.

What is the lawyer?

Yes, my name is Lakwinder Singh Laka.

How are you related to the boy, sir?

Yeah, yeah, he's my cousin.

Right, I met with the officers on duty and I've spoken to them.

Now, you tell me about the boy.

Should he be punished or released?

Let him go. He's innocent.

You know, foreign laws are very strict and very different to Punjabi laws.

And so that it's clear, your cousin may be charged with being an accomplice in a murder case.

The waiter is under intensive care in hospital.

This is an extremely serious charge, one that will ruin your cousin's life.

We will have to prove him innocent to save him.

OK, sir.

I will have to say that those who are his friends are not his friends.

He went alone to the club, drank only water and was alone at his table

until he was rudely interrupted by these people who then started a fight.

If we do not prove him innocent, he will go away for 25 years.

Do you understand?

Yes, I understand.

There will be a cost if you want to save his life.

We will have to encourage the officers to remember events the way we want them to.

Some money put into their pockets.

Think of it as a small fine.

I will need you to send money to help him.

But wait, he has more money than me. Can't you take it from him?

That's not going to work.

Talk to your cousin, Jaggi. He'll tell you what to do.

Hello, Raj.

How much money do you have?

Raj, Raj loads it by account, but I don't have any access to it.

You must pay it off, however much it costs.

I will take you back.

I swear by Guru Granth, I'll repay you as soon as I get out.

We need your dad's help for this one cousin.

Please, please, please, don't call anyone.

I'll be ashamed for eternity.

I'm begging you, please.

Uh, my family is going to realize if money goes missing.

No, no, no, it won't be that much.

Talk to the lawyer and he'll give you an idea.

My life will be wasted if you don't help me out now.

Okay, okay.

Here, talk to him.

Hello?

Lawyer, how much money is needed?

It will cost about $2,000.

$1,500 is needed just to pay for damages to the club.

Okay, listen, Lawyer, I have one request.

Yes?

I want you to leave my cousin in prison for a long time.

What? Why?

Because he's a terrible person.

He tried to scam me for $2,000.

You're both sick to act like my cousin

and try to steal money from me.

I know my cousin Chakka and it does not sound like that.

I've recorded this entire call

and I will share it with the police.

I find this call interesting.

The victim recognized that this was an attempted scam

right away and recorded the whole phone conversation.

And it's very good for him to notice it that soon

and hit record for the whole call.

But would you have noticed this was a scam so early on?

If your cousin called you out of the blue and was in trouble,

would you have been tempted to send him $2,000 to free him?

Apparently, this kind of scam is becoming more popular in Punjab,

which is an area in India and Pakistan.

And what you're hearing behind me here

is a clip from a YouTuber called Sukh Vairal

highlighting how people are getting hit with this scam.

The idea here is simple.

The scammer will pose as someone you know

and ask you for money.

It's not always the same scenario though.

Let's hear another one of these calls.

Hello?

Hey buddy, how are you doing?

Yeah, I'm good. Thanks. And you?

Yep, all good here.

What have you been up to?

Do I know you? Sorry.

What? You don't recognize my voice?

No, sorry.

What?

I'm sure your daughter's creedian Rani would recognize my voice.

It's Tarun. I'm calling from Kannada.

Oh, Tarun. Hi. I didn't recognize you.

I'm calling you because I'm in trouble

and I need your help.

Oh no, what happened?

You know, I went to Kannada to do my studies, right?

Yes, I know.

So, first I moved in with a girl while going to school

and I tell you cousin, I never did anything wrong to her.

But we did something together

and she took a video of me naked in her bed

and now she has accused me of raping her.

Oh, this is so embarrassing to say out loud

because it's not true and just so awkward.

I know you will help me.

Why don't you call your dad or sister?

Oh, no, no. You know my parents.

If they get to know about this, they will be panicked

and really upset.

Let me get out of this trouble

and I will let them know personally.

But I don't want them to know right now.

My dad will not believe me, cousin.

It's too embarrassing and he will be angry.

He's already unhappy about my grades.

I don't want to make it worse.

So, what can I do?

I've talked to a lawyer

who says he can get me free from this charge

but he's expensive and I don't have the money.

How much money do you need?

The lawyer is also from Punjab

and he wants to help

because we're both from Punjab,

he's giving me a discount.

He says for 40,000 rupees,

he can free me from the charges.

That's what, 2,000 Canadians, is that right?

Yes, cousin.

I'm sorry to ask you like this

but you would be saving my life.

Imagine, if I don't do anything,

I will go to jail for a long time.

Okay, okay, I will help.

How can I send you the money?

Okay, so I have my lawyer right here.

He can tell you.

I will give the phone to him now.

Here.

Hello?

Hello.

We think we can free your cousin from the charges

but we need 40,000 rupees to get started on the case.

Are you able to send that?

Yes, I will send it.

Okay, the fastest way to send the money

is through Western Union.

Do you have a pen?

I will tell you the name to send it to.

Yes, yes, please tell me.

I will send it right away.

Okay, you must send it using Western Union to Neil Shankar.

Okay, I will.

Thank you.

Bye.

Goodbye.

Tarun's cousin was convinced he spoke to Tarun on the phone

and wanted to help him.

So he sent $700.

But ouch, this was a scam.

He was out all that money

and almost immediately after sending the money,

the scammer called back asking for another $1,200.

Tarun's cousin said okay

and started trying to get more money to send

but then started having second thoughts

and decided to call Tarun's sister

and just told his sister,

hey, can you check on Tarun to make sure everything is okay?

My name is Tarun and I'm living in Canada

basically from India and Punjab state.

This is the real Tarun,

the guy that the scammer was impersonating.

We'll start from the beginning.

At one day I woke up early, around 4 a.m.

and I saw some missed calls from one of my family members,

my cousin, and one from my sister.

And I called my sister first and she said,

hey, where are you?

And are you okay?

She seemed panic to me and I asked her what happened.

She said, okay, call your cousin,

he will tell you the whole story.

Tarun was confused.

The whole story?

What's the whole story?

Something very strange was going on here

and even his sister won't tell him what's going on.

But okay, Tarun ends the call with his sister.

Then I called my cousin, he said, hey, are you okay?

And I said, yes, I'm okay, I'm at my house, what happened?

He said, somebody impersonated you and called me

and said that I'm in trouble, I'm in jail

for doing something really embarrassing.

So I was surprised at that moment

and how could somebody like involve my cousin

or my relative in such kind of things.

You gotta probably like appreciate your cousin

for helping you out.

Like if you get in jail, he's gonna send you $1,200.

Yes, exactly, yes, yes.

Actually, after a few months,

I sent him the money that he lost.

He wasn't asking for it,

but I thought I should pay him back

because it was all from his resources

and what would happen if he'd send another 90,000 rupees

to the scammer who lost around all of his money?

Like he has kids to raise and a family.

So I thought, okay, I would send him the 40,000 rupees

that he lost.

Hmm, wow, what even is the morally right thing to do here?

On one hand, his cousin is the one who made the mistake

and Tarun did nothing wrong.

But on the other hand, Tarun's cousin came to his rescue

even though he didn't actually need help

and sent money to a scammer and not him.

But to just call someone out of the blue like that

and they immediately send you $1,700,

that's a great cousin to have.

I think Tarun did a standup move

by sending his cousin the money he lost.

Now how this scam works seems kind of familiar to me actually.

I've always been warning people

about scammers targeting elderly people

to try to tell them their grandchild or something

is in trouble and needs help to get out of a mess.

Because some elderly people think

that family is above everything

and they'll just immediately try to help their family

without thinking about it or validating it.

So like if a scammer knows someone is traveling abroad,

they could call back home to the grandparent

and say, your son has been arrested here

and needs money to bail them out of jail.

And the grandparent might just pay right away

because it's very difficult to like work through time zones

and phones and stuff.

And so the grandparent doesn't wanna drop the call

since it may be really hard to get that person back.

Who's in another country?

Calling long distance and getting a person

who can speak their language is sometimes pretty tricky.

The other thing I'm starting to see arise in

is AI scammers.

This is where they get like some clips of audio

from the person that they're trying to imitate.

And then they get AI to clone that voice

so that AI can just talk like that person for them.

And then this is when they called a victim

and their voice sounds just like their real cousin

or brother or whatever.

Tarun and his family did not know

that these kinds of scams were going around

and they paid a price for it.

But once it happened,

they started seeing how other families

were getting hit with these kinds of scams too

and noticing post after post on social media.

As the time passed, like after several months,

I got to see same stories or same scams on Facebook

happening to other people as well.

Now what's surprising to me when I first heard

about Tarun's story is that I think everyone's heard

about these Indian scammers trying to call you

and act like they're Microsoft tech support

so you can send them some money or something.

But I've not heard of Indian scammers

scamming other people from India.

But apparently there's a reason for this.

Like I come from the Punjab in India

and so most of the population has migrated

to foreign countries like Canada, Europe,

Australia, New Zealand.

And so there's hardly any person in India or in Punjab

who doesn't know anybody in one of their relatives

or friends who is living abroad.

So these scammers is taking the benefit of this fact

that if you go to any random person in Punjab

and ask them if he or she has any relative living abroad,

I don't really think that anyone would ever say no

to this fact.

And it's also really tricky when scammers say,

oh, don't tell mom or dad, you know how they are,

they'll have a heart attack, which is such a powerful line,

especially if the target's dad did have a heart attack,

you know, it's a great reason not to tell them.

But these scammers are even more tricky than that.

In the end, when he gets the trust of the entity

and he said, hey, are you alone?

I want to talk to you something in private.

If you're not, just get out of the house

and you want to say something or I want you to do my favor.

And here's another red flag.

When a scammer tries to isolate you

and get you to not tell anyone else,

that should be like a warning sign.

Like, wait a minute, why is this a secret?

I think I do need to bring this up

with someone else in my family.

But it's crazy that just a little bit of small talk

is how you can get your target to do this.

I'm still not convinced that these scammers are from India,

scamming other people from India.

Stay with us, because when we come back from the break,

we learn where they're really from.

Support for this show comes from Exonius.

Gain visibility into your entire attack surface with Exonius.

Exonius is the solid foundation you need

in your security program

to adapt to change and control complexity.

The Exonius Cybersecurity Asset Management Platform

correlates data from existing tools

to provide an always up-to-date inventory,

uncover security gaps, and automate response actions.

Go to exonius.com slash darknet

to learn more and to get a demo.

That's Exonius, spelled A-X-O-N-I-U-S.

Exonius.com slash darknet.

Okay, so these scammers speak fluent Punjabi, right?

And that's a language spoken in the Punjab region.

But that region is very interesting.

The thing is, the Punjabi is half-lead

divided in Pakistan and some other regions of India.

So if somebody is talking in Punjabi,

that's the same language as the people living in India side as well.

Yeah, Punjab is actually a really big area in South Asia

and is shared between Pakistan and India.

The two countries have a long-standing feud for loads of reasons

and a similar feud is seen between the Punjabis in India and Pakistan.

So even though they share the same language

and live right next door to each other,

they do not always get along.

And this may be a reason why people in this area are being targeted.

It could be part of the continued feud between Pakistan and India.

Tarun actually saw a video of someone

who recorded one of these scam calls.

The scammer, he calls someone and the guy on the other side of the phone,

he recognized him.

Hey, I know you are a scammer.

You've been calling to people in such a way and collecting the money.

Why would you do that?

And the scammer, he just got straightforward.

He said, hey, you know, everything is not going in Pakistan.

We don't get any jobs.

We are like unemployed.

So in any way, we have to get the money from the people.

So this is the easiest way we can get money from the people.

The language difference between Punjabi spoken in Pakistan and India

is close enough that it can trick a lot of people.

Yes, because there are some parts in the Punjab

who are like on the border side of the Pakistan.

So their accent in the Punjabi is kind of similar.

So you cannot really tell.

As Tarun researched this scam more,

he saw some other method scammers were trying to do.

Another one he saw was where the scammer says this.

Hey, I'm coming in India or Punjab in the next few months

and I want to send some money to you so that you can keep it safe

because if I send it to my family, they will just spend it all.

And so the target gets some kind of confidence that, okay,

he's sending me the money, so it is kind of legitimate.

And the target says, okay, I will send you money

through Western Union or any other mode of transport

and I will let you know.

Now, of course, the scammer does not actually send this money to the victim.

What they do instead is they get a different scammer

to call up the victim and pose as the bank or Western Union

and say something like, hello, this is the bank.

We're calling to let you know that there's been a large deposit in your name.

Someone has just put $9,000 into your account

and it's ready for you to pick up at any time.

But then before that person can leave the house and go get the money,

they get another call from the same scammer once again.

So he gets another call and he says, hey, have you got the money?

And he said, yes, I got the money, I got a call from the bank.

So, okay, so everything is going really well.

And in the end, he says, hey, I have a friend living in your area,

maybe other side, and he got in trouble and he needs some money as quick as possible.

So can you send him some amount of the money that I sent you earlier?

Like say, 1,000,000 Indian rupees or 2,000 credit in dollars.

After a while, he sends the money to the scammer.

And by the time the target realizes that he got scammed, it's over.

It's too late for him to know.

Oh man, those jerks, these scammers are sneaky.

But again, this scam requires a bit of research by the scammers to be so successful.

You got to know someone's details to convince them who you're impersonating.

And it sounds like Tarun's cousin was tricked into thinking the scammer was Tarun

by giving him details that only Tarun would know.

And I wonder, how did they get that info?

Did they find Tarun on Facebook or something and that's why they decided to target him?

I think this could be a possibility, but usually I don't share a lot of details about my family on the social media.

So, maybe there could be another way.

Well, if the scammers are not grabbing people's details from social media,

what other methods are there to get info on someone?

Tarun kept watching videos about these scammers on Facebook and noticed something in one video.

In one scam call, the victim was like,

No, no, no, I'm no sucker, I'm not getting scammed by you.

So, the target he said, no, I'm not gonna, like, fall into such a trap with you.

You had to, you had to drop this, you had to drop this side, this is not good.

But the scammer said, yes, like, but we have to earn some money in some way.

So, the scammer, he asked him to do him favor, the target.

He said, if you could give me details of your relatives or anyone in your friend's circle,

and whatever the money I will get from them, I will send you the 20 or 25% of it.

Whoa, whoa, whoa.

So, the scammers making what deal again?

Yes, he said, like, if you give me details of your, like, anyone in your family or anyone in friend's circle,

whatever the money I would get from them, by scamming them, I would send you, like, 20 or 25% of it.

So, this is, like, a win-win situation.

Why would somebody give that up?

Oh, because they want 25% of it.

Man, that's messed up.

To say, oh, yeah, you can scam my cousin.

Yes, so then remember, I told you that how this is, I guess this might be the way the scammer will scam my cousin.

He might have caught some details about me and my cousin.

Maybe from my family relatives, because I know them how they are.

Not blaming them, but I think this has more possibility.

Dang.

Think through your family relatives for a moment.

You think there's anyone in your family or friends that would give your details to a scammer in hopes to make a few hundred dollars from it?

I mean, your family wouldn't be scamming you directly.

They'd only be giving information about you, like what city you're in, what children you have,

what jobs you have, just enough information to impersonate you on a basic level, and, of course, phone numbers.

I know there are people in my family that may do it.

One of my cousins is currently homeless, and last we spoke, we got into a fight.

Who knows what that kid's out there doing for cash right now?

I don't know.

I just think that this is wild, that scammers are getting caught in the act, but then offering to pay you for information on any targets that you can give them.

Offering 25% of the cut even.

And you know, now that I think of it, that's probably a scam too.

If you give them information, you are probably never going to see your cut of the money.

I mean, did your cousin open a police report or anything?

I guess not, because if he went for the guy, there would be no help from the police, I would say.

I heard from some people on Facebook, like they got scammed around $10,000 Canadian dollar, $15,000 Canadian dollar in Punjab, and they reported an FIR to the police, but I never heard any of them getting to the scammer.

So I don't really think that police would ever make any effort to catch the guy, because they have a lot of stuff to do.

So people in Punjab who are scammed for more than $10,000 can submit an FIR, and that's the first incident report, which is the first thing you should do to register an issue with the police in India.

But then a lot of times nothing happens of it.

I guess this is why it's rising in popularity, because it's so easy to get away with.

I don't even understand the border situation enough down there to know what region has jurisdiction over each other, or if anything can be done about this.

I mean, suppose they do track this to be someone from Pakistan.

Can the Indian police arrest someone in Pakistan?

Would the Pakistani police do something with that information?

I have no idea.

But I still think if you're a victim of a scam and lose money, it's a good step to issue a police report if you can.

There have been some cases where scammers were caught, and you may be the person with the information that can help catch them.

I don't know the stats.

I imagine it's a slim chance that your report will do anything, but I still think having that hope can sometimes keep you going.

Once Tarun got privy that this kind of scam is going out there in the wild, he became a target of the scam himself.

Even myself, I got two calls from a number in the Pakistan.

It has the ID code of plus 92, and somebody said, hey, how are you?

I said, yeah, I'm good. How are you?

He said, hey, recognize me?

I said, yes, you are that person.

And I just made up some scenario.

I said, hey, what happened to your wife?

I heard he ran away with some other random guy.

He said, oh, yes, it happened.

It happened.

I asked him, hey, tell me how extremely hard it happened.

He said, no, no, no, I will explain that to you later.

Then he hung up the phone.

I think this is a brilliant way to combat this kind of scam, to do a verification check of some kind.

You could ask them to confirm something that only they knew.

Like you could trick them and say something like, oh, do you remember that one summer we went to the lake together?

That was fun, wasn't it?

And when they say, yeah, yeah, I do.

But you never went to the lake with that person.

Now you know they're lying.

I know as my dad, we have some code words that if one of us is in trouble,

we have to say the code word to prove it's you.

And I've told him if he ever gets kidnapped and someone calls me to pay the ransom,

my immediate reaction is to not believe them unless I hear the code word.

So you got to tell your kidnappers the code word if you want me to send you money.

Otherwise, I'm just hanging up the phone and he's cool with that.

But stories like this really do bring my focus back till looking after our digital privacy online.

And someone who knows a lot about digital privacy is Naomi.

I'm Naomi Brockwell.

I run a media platform called MBTV Media and we focus on helping people protect their privacy online.

In this story, the scammer seems to know quite a lot of information about the victim that they're targeting, right?

They know this person's kid's names, where they live, what cousins they know from abroad and this sort of thing.

Do you have any idea where a scammer might be getting this kind of information from?

I think we give away all of this data voluntarily online.

I think we're incredibly lax with how we don't protect our data these days.

I interviewed someone recently.

It was an interesting story.

He bought a new car.

It was a used car, actually.

And just by looking through the details in the car, he was able to find out the name of the previous owner,

that the previous owner had two daughters, where they went to school, that she was a breast cancer survivor.

All of this stuff was literally just the data that the car itself was collecting.

So now if you zoom out and look at all of the information that we're posting on social media of our own volition,

just handing it over all the personal details about our lives,

it's incredible how much information we are just giving away online.

It's incredibly easy for anyone to find out anything they want about us these days.

And that's mainly our fault.

It's mainly because we are really not thinking about how to protect our data online.

I think we need a major mind shift in this digital age.

And we need to really start to be aware of how much information we're putting out there.

I don't think it's always your fault.

Do you ever think about that of just like we're living in this world where stuff just gets leaked and it's not your fault?

That's definitely part of it.

But I do think that individuals do have to take some responsibility for how they navigate their digital lives.

I think we need to stop being naive.

I mean, it's 2023.

We've had computers for a long time now.

We've had the internet for a long time now.

And I don't want to blame people for not being aware that their data is being collected by every corner of the internet.

There's third party trackers everywhere.

There are data brokers scraping all of our financial data, all of our legal records, all of our social media posts.

I mean, there are nefarious actors out there who want to collect our data.

There are non-nefarious actors who just want to monetize our data.

And so I don't think that it's our fault, but I also don't think that we need to be passive victims.

I don't think that it's OK for people in 2023 to say, you know, oh, well, you know, I am putting all this information out there publicly,

but I didn't think someone would use it against me because clearly this is being used against people all the time.

If we just zoom out, like not even talk about scammers.

If we just think about the hundred billion dollar industry or potentially trillion dollar industry that is the data brokerage industry,

it's incredible.

They are making so much obscene amounts of money just from collecting our data, from scraping social media,

from ingesting data breaches that are out there, from scraping our financial records.

I mean, our banks are selling all of our records, right?

We know this.

They tell us when we sign up, they literally say you are giving us permission to hand over all your financial data to third parties.

Wait, banks, hold on a second.

This bank's thing is is frustrating to me.

I think like banks are a private sanctuary and they should not be doing this.

What do you know about this?

There are a lot of laws that have been passed that basically say, listen, your data is not your data anymore.

It is something that you voluntarily handed over to this third party and they're allowed to do with it.

What they want.

And financial data used to be this sanctuary and you have famous places like Switzerland where, you know,

they'd have these banking laws and you'd have this private contract with your financial institution there

and you'd think that everything you did was just between you and the bank.

And that's just not the way of the world.

Not only has the US actually broken this banking system, but they've completely undermined those laws in the US as well.

So now we're in a situation where due to things like the third party doctrine,

the government says that if you hand over your data to a third party,

you no longer have any reasonable expectation of privacy with that data.

And that includes financial institutions because governments want that data as well.

And so it's not in their interest to create laws that are going to protect your data.

It's in their best interest to make it as easy as possible for these organizations to not have liability for handing over your data.

So that's the way that the arrangement goes.

I just recently learned about this third party doctrine and it's really frustrating me.

Yeah, as Naomi says, the US has a legal principle that says,

if you voluntarily give your data to another company,

you no longer have the reasonable expectation of privacy.

What? Excuse me.

This essentially means that every email I've ever written is no longer private.

Every private message I've ever sent is not actually private.

My phone's GPS location isn't private.

This is awful.

But not only that, the US government made all kinds of laws

which require you to give up certain information to do things like open bank accounts.

So yeah, all your banking information is no longer considered private

due to this third party doctrine.

And guess what the downstream consequences of this is?

Criminals, scammers, stalkers, thieves, and people who want to target you

can now easily get data on you.

The more we become a digital society,

the more important it is to protect our digital privacy,

that the laws seem to be going in the opposite direction.

And it makes me furious.

Have you ever heard this term?

Oh, nobody would target me.

Yeah, everyone says it.

It's very naive.

I think that people haven't quite adjusted to the digital world, right?

We're used to nefarious actors maybe being there in person,

someone who's going to hold you up at gunpoint.

They're physically there.

We understand the threat model.

It's a person, they're near you.

They want to steal your handbag or whatever.

But we live in the digital age where the people who are attacking us

are not next to us.

They're sometimes over the other side of the world.

And sometimes they're just completely indiscriminate about who they target.

So when someone says, no one's going to target me, I'm unimportant.

I think that it is naive to underestimate your digital significance in today's world

because the current situation is that scammers are not targeting you.

They're indiscriminate with how they attack victims.

They are casting a giant wide net that you will inevitably fall into.

And this is just the current reality.

It doesn't matter whether you think you're important or not.

It doesn't matter whether you think that you're a worthy target,

whether you're rich or anything, whether you have status.

You're going to be targeted because you will be inevitably captured in this very wide net.

That's just how scammers work.

The reason they do this is because there's a very low cost to them casting this wide net.

And there is a potential big payoff.

Even if a tiny fraction of people fall for their scams,

there's a huge potential payoff.

So what can we do to be a self-advocate of our digital privacy?

There are lots of things that you can do to make a big impact on your digital privacy.

First of all, be mindful of the companies, the services that you're using.

Start using tools and services online that don't collect your data.

Your email provider, think about which email provider you're using.

Are they a company that is capturing the contents of every one of your emails

and they're analyzing it and adding it to a profile about you and selling it?

Maybe stop using that.

Maybe start using a company that respects the individual's privacy

and takes that data out of their own reach.

The same thing with private messaging apps.

Start to choose apps that protect your privacy

and don't actually access the contents of your messages.

So you can start using other privacy tools online.

All of this stuff goes a really long way to helping you protect your digital identity

because the more careless you are with putting your data out into the wild,

allowing these companies to collect it, the easier it is for scammers to target you.

So you need to start being mindful of that and making smarter choices in your digital life.

Susan B. Anthony changed the world.

She grew up in a time when women did not have the right to vote.

It was illegal even.

And she said, screw that and went down and voted anyway.

And she was arrested for voting.

She was thrown in jail and she went to court and she was found guilty.

But she refused to pay her fine.

She had to break the law to go against the government in order to make change happen.

And now she's highly celebrated even to the point that her face is on the quarter.

I think about her sometimes and I wonder, what should I be doing that's wrong but right?

Now what I keep thinking about is our digital privacy.

The government is stripping away our privacy from us.

Corporations are being so grabby of our personal data in a predatory way.

And they do it so much that it just seems normal at this point.

But they are wrong.

So what's the right thing to do?

I imagine a world where our privacy actually matters and it's not some meaningless double talk.

Companies who actually take your privacy seriously are companies that either don't want your data at all

or encrypt it in such a way that they can't even see it even if they want it.

This way no amount of data breaches or subpoenas can expose you.

And you don't have to worry about these companies looking at your stuff sharing your stuff or selling your stuff.

Because it's all garbled and only you can ungarble it.

Isn't that the normal you'd rather see in the world?

Companies like Google, Apple and Facebook all say that they tank your privacy seriously.

But then they proceed to collect every data point about you that they can.

Your location, your contacts, your address, your phone number, your work history, your sexual orientation,

the car you drive, political affiliations, financial data, all communications with your friends and family.

And then they analyze this and study you.

And then they store it all in a database so they can keep building a profile on you.

All this data is a huge liability for them and for you.

And they absolutely 100% positively don't need any of it to do what they do.

I've had enough of this and switched from an Android phone to a privacy phone.

I exclusively use end-to-end encryption for all my text messaging where nobody can see the chats but me and the person I'm sending it to.

And I moved my email to one that encrypts my emails on their server so they can't even read them.

I stopped using search engines that try to learn everything about me and I've switched to ones that collect zero data on their users.

I've stopped using browsers that send my web history somewhere I always use a VPN.

And I'm so mad at banks for giving my financial data away that I'm ready to just start using cryptocurrency everywhere I can or go back to using cash.

I'm exercising my rights and I'm being self-advocate of my digital privacy and I want you to be a self-advocate too.

Major tech companies aren't going to give you privacy.

The government isn't going to give you privacy but you can take it.

I need you to take it.

Take your digital privacy seriously because you know it's the right thing to do.

A huge thank you to Tarun for coming on the show and sharing the story with us.

I particularly love this story because it gave me a glimpse into a pocket of the world that I had little knowledge of and I feel smarter from having met him.

Oh and thank you to Naomi Brockwell for coming on and telling us about digital privacy.

She always gets me so revved up about it.

She's got an awesome YouTube channel called NBTV Media which can really level up your digital privacy.

And there's a book I also recommend for protecting your online privacy which is called Extreme Privacy What It Takes to Disappear.

I'll have links to all this in the show notes.

The show is made by me, The Bloodhound Knight, Jacque Sider.

This episode was produced by the two-handed backslashing Tristan Ledger mixing done by Proximity Sound and a big thanks to all the voice actors we had on this one.

Our theme music is created by the mysterious breakmaster cylinder.

Oh no.

My robot's trying to run away.

Quick, grab the botnet.

This is Dark Knight Diaries.

Machine-generated transcript that may contain inaccuracies.