Drew Thomas 0:01
Fast fact, phishing is the most common form of cybercrime with an estimated 3.4 billion spam emails sent every day. I'm Drew Thomas, and you're listening to Bank Chats.
Speaker 1 0:36
So, on today's episode, we are going to once again revisit the topic of cybersecurity scams and related topics to cybersecurity and we're going to try to focus in on this episode on things like cybersecurity scams specifically, and there are a lot of different scams out there. Phishing scams, ransomware scams, tech support scams, social engineering scams, and we're going to touch on all of those in today's episode. If you have not had a chance to listen to our previous cybersecurity episode, you can definitely go back and check that out. It is Cybersecurity 101. It has a lot of good information; we touched on a lot of these topics in general. But there are going to be some things that you can go back to and listen to. But in that episode, you would also be able to get acquainted with our guests who have returned for us today. We have Kevin Slonka with us once again, and Michael Zambotti. They're both from Saint Francis University. And Mike just kind of gave me an eyebrow. Did I get that? Right? Absolutely. Okay. You said both of our names correctly. I was, I was looking over there, and then I got the eyebrow from Mike, and I'm like, Ah, maybe...
Kevin Slonka 1:40
Sometimes his eyebrow just twitches.
Drew Thomas 1:44
So, thank you guys very much for coming back. I mean, this, this is a really, really deep topic. And I mean, it's an ocean of information. And so, I think that's why we really tried in the first episode to just touch on the high points, give some people some identifying sort of waypoint markers for how to think about cybersecurity and what it means to them. But today, we want to really delve deep into some of the specific scams that are out there when it comes to cybersecurity, because I think they affect both consumers and businesses on a really on a daily basis. Am I right about that?
Kevin Slonka 2:18
Yeah. I mean, and you mentioned so many words at the beginning. I hope we didn't scare off people with all these words that they don't mean, don't worry, we're gonna talk about all of them.
Drew Thomas 2:25
Absolutely we are. So, before we get to that, Kevin, why don't you go ahead and introduce yourself a little bit, give some people some background about who you are just in case they haven't listened to the first episode.
Kevin Slonka 2:35
Yeah, if you haven't listened to the first episode, go back and listen to it. But if this is your first one, I'm Kevin Slonka. I teach computer science and cybersecurity at Saint Francis University. And I've also worked in industry for various defense contractors since around 1999.
Michael Zambotti 2:51
All right, Mike. And I'm Michael Zambotti, I also teach cybersecurity and Saint Francis and I also work with industry. I work with companies to develop a more secure cybersecurity posture.
Drew Thomas 3:03
Excellent, excellent. So, you guys aren't qualified at all to about this?
Kevin Slonka 3:06
I don't know why you have us here.
Drew Thomas 3:09
So, let's talk a little bit about scams. And I think that this is, you know, just to sort of lead into the topic, scams, there's a lot of terminology around scams, and a lot of it is really just designed, most of these scams are designed, to have you do most of the work in a lot of ways. It's designed to elicit information or solicit information from you to give the hacker access to your information without them having to do all the heavy lifting on their own. And it's just different ways of going about that. Is that, ss that a fair statement?
Kevin Slonka 3:40
Yeah, I think the word that you're using is right, you know, scams, instead of hacks. Because you know, when most people hear the word hack or hacker, you imagine, you know, the guy in the hoodie, and in his mom's basement hacking into things and doing super, super technical stuff. But most of the things we're going to talk about today, if not all of them are not bad at all, you know, most of the things that people fall victim to that we're going to cover are just us messing up and doing something that we shouldn't have done that we should have known better. You know, and we'll talk more about, you know, how can we know better but, yeah, it's, it's very, it's very easy, non-technical stuff from the hackers point of view.
Michael Zambotti 4:20
And scams have been around, they didn't just start with, with the internet and with technology, you know, scams have been around probably since the beginning of time. Sure. Like all things, technology tends to accelerate whatever the thing is both for good and bad. But we've seen scams a long time; now we see it in the digital age. And we see, like Andrew mentioned, getting you to do the heavy lifting, getting you to do something that's not in your own best interests with you know, thinking that you are.
Drew Thomas 4:46
So, essentially digital snake oil. Yeah. So, one of the most common scam types that I think everybody has heard at least mentioned are phishing scams. And that's P-H-I S-H-I-N-G. Because I think...
Kevin Slonka 5:01
It's not going down to the river?
Drew Thomas 5:04
Yeah, I think, I think Mike mentioned at one point that some of this stuff is spelled really weird. And different acronyms are thrown into things, things like that. But so phishing scam so, so explain the phishing scam, what is a phishing scam.
Michael Zambotti 5:17
Hopefully everybody has an email account and has gotten emails before. And sometimes we get an email that is maybe advertisements, or what we called spam. Okay, get those emails and it's, you know, this is not a product I want or need or anything, but harmless, but it's advertising and it's annoying. Phishing would be an email that's directing you to do something, whether it's click on a link, whether it's open an attachment, whether it's do some sort of activity, maybe contact the attacker, or the person that sent the phishing email, in another method, maybe a cell phone call, maybe a text message. So, the phishing email is going to call you to action. And that action is probably going to be something detrimental to yourself. Like, like I said, clicking on a link might think well click on a link, what can hurt, what could, what could it hurt, maybe you click on a link, and it goes to a landing page. And it looks really, really like Amazon's landing page, attackers will do that, they'll copy the original, and then they'll set up their own, so that whenever you type in the credentials, the credentials are not going to Amazon, they're going to the attacker. You know, in class, I do a demonstration. It's about three minutes long as a proof of concept to set up an Instagram landing page, which you can send as a phishing attack. And I show split screen where whenever you type in the password, it pops up on my screen. Wow. So, it's just that easy for an attacker to steal your passwords. Three minutes, three minutes?
Drew Thomas 6:36
Well, yeah. But I think that as we talk about these things, I think that it's important to note that the reason we're talking about these things is to help educate, it's not to scare you into never using the internet again, or to stop using your social media or anything else. It's the idea that, you know, much like fire, fire is a fantastic servant is a terrible master. Right? So, you know, if you're more in the know, if you understand what to look for, you can use your computer, you can use social media, you can use the internet much, much more safely than if you're just ignorant of some of these things. So, this isn't an episode that's designed to scare you into never using your, your smartphone. Again, it's an episode that's designed to help you identify some of these things, and hopefully avoid them.
Kevin Slonka 7:20
Just so you know, based on what Mike said, I have a story from one of the companies I used to work at. It was a managed service provider. So, they were, they acted as the IT departments for other smaller companies that may not have their own IT department. And, you know, we would always try to train everybody to detect phishing emails and show them what to look for, how to determine if something's real or not. But this one person at a company, it was a small law firm in Johnstown. So, you know, right around here, it happens to everybody. This one lady got an email. And it looked like it was from this person from a financial organization that she worked with. So, it was like dealing with some legal mortgage papers, because that was the type of law that they were doing. And, you know, it looks real, it had this person's signature, you know, the real signature of this person's email, it looked like it came from the real person, there were no misspellings. Everything was perfect. And there was a link in it, to access the documents on their secure documents site, which, you know, for anybody who's ever worked with financial institutions like that, that's a normal thing. They're not going to email you secure documents, you know, they're going to host them somewhere that is secure and make you go get them. So, everything looked real. But this lady correctly thought to herself, I wasn't working with this person today. You know, why did I get this email from her today? We don't have any business together today. So, she sent the email to us at the IT company [and] said, hey, can you just check this out? I just don't know. I didn't click anything yet, but just to be sure before I click, so I looked at it. And my first instinct was, okay, this is real. But then I started digging a little deeper. And because I know how to safely click on these links, I clicked on the link, and I saw where it took me and then I started digging around a bit. And it was exactly what Mike had just described; this link would have taken this person to a website that looked like the Microsoft Office 365 login page, looked exactly like it. If this lady would have entered her credentials and logged in thinking she was getting her secure documents, her credentials would have actually been emailed to a Russian email address. Oh, wow. So, I mean, that's the example that I always give people. If you think you're not a target, somebody from Russia was trying to attack some small law firm in Podunk Johnstown, like it happens to everybody, you are a target.
Michael Zambotti 10:02
You know, to piggyback on that there was a defense contractor in Johnston that was actually attacked by a Russian hacking outfit. And it ended up being a federal lawsuit, and you can see the name of the Johnstown contractor in there. So, you know, often people will say, you know, we're small, we're in a small town, we're not a target, you are a target. Which is, again, not to scare people, like Drew was saying, we don't want to scare anybody, we do want you to be aware of what's possible. And once you're aware, you know, like, fire, hey, you can [be] aware of bad things that can happen with it. So, you're safe around it, you have the good safety procedures.
Drew Thomas 10:36
So, it has to involve some serious talent and or manpower and or money on their end, to imitate these sites and build all these things. So obviously, this is a lucrative thing for them, right, doing this phishing, like they're not building a site that looks exactly like some other legitimate site, and not, not making a significant amount of money off of this, right?
Kevin Slonka 10:57
Yeah, I think you bring up two points there. One is the, the amount of money it takes for them to do the bad stuff. And two is the amount of money they make from it. So, I think like Mike just described at the beginning, the amount of money it takes to do this is almost nothing. Like he was showing it in class, how to duplicate these websites in three minutes. So, it doesn't take skill, it doesn't take resources, you know, anybody can go out and find tools online, that can help you craft phishing emails, and just blast them out to millions of email addresses. And that's what they do. You know, when a lot of people say, nobody's going to target me, right? Why would they target me, I'm just some random person. Well, they're probably not targeting you, you're one of a billion emails that got sent, they just have to hope that one person clicks on it and falls for it, to get a couple 1000 bucks from you. So, you know, on the other end, they are making money, because you know, even if it cost them a couple $100 to buy some software, and you know, send out those phishing emails, it just takes one person to fall for it that they can take a couple $1,000 from and they just had a nice pay day.
Michael Zambotti 12:07
Yeah. And also, we think about the motivation of attackers. Countries like North Korea and Russia, you'll have a lot of state sponsored attackers where they are given the resources of the government. And they are told, hey, this is, this is what you do. Especially in a place like North Korea, North Korea, a lot of scams come out of there. North Korea is a very poor country, there resource, don't have as many resources for the people as far as food. If you are a good cyber attacker and good hacker, you can maybe get benefits, you know, you please the government, you get better benefits. So, they have great motivation to get very, very good very, very quickly at their craft. So, you know, we see that it's not that person in the basement, in their parents' basement with the hoodie. These are professionals, these are people who do this as a living, they're very, very good at what they do.
Kevin Slonka 12:54
And that concept of state sponsored, that, that may be a term that most people have never heard of before. But it really is governments. You know, I like to explain to my students, you know, the United States has branches of our military, the Navy, the Air Force, the Army, China has a branch that are hackers. That is what they do, and their number one charge is hack other countries, like legitimately it is their military doing this. And the same with Russia, the same with other state sponsored places. So, yeah, it's a lot of people with a lot of money. And it's their job 24/7. We have this, not to throw lots of terms that people but, we have this term in the cyber industry called APT, the Advanced Persistent Threat, and that's what we're talking about. When we talk about APTs, these governments that are persistent, like it's 24/7, they never stop, you know, you have the day shift, you have the afternoon shift, you have the night shift, and they are just hacking and hacking and hacking.
Drew Thomas 13:47
I can't imagine a world where you get up in the morning, you go get your morning coffee, you go to your office building, you sit down and you try to extort money from people.
Kevin Slonka 13:56
But that's the way it is. That's what these places are. Yeah.
Michael Zambotti 14:00
Yeah, and you know, another level that these attackers have gone on, you know, we live in a subscription economy, I don't think there's anybody listening that doesn't have a subscription for something. And generally, we use the term technology as a service, okay, as a service, something software as a service, or, or whatever it is, because you're paying for it every month, rather than maybe buying a product. Well, attackers have developed what's called ransomware as a service, which is actually really genius if you think about it. We'll talk about ransomware, and what that does, and what it can do to a company or person. But generally, what it is, is that hackers will develop the software, and you as a person, you can hire them, you pay them a certain amount of money every month, and you use their malicious software, so that you don't even have to develop it yourself. You can just give them an email list and say, hey, I want to attack these people. And generally, you either pay them upfront or a percentage of the money that's gained from the victims. But it's you don't even need to have those skills and you know, to introduce another term, is that we use in technology and cybersecurity is script kiddies. Okay? Maybe people that don't have great technological backgrounds, but they're able to go online, maybe copy some code, or hire somebody else as a service, and carry out an attack. So, you don't even need the, the barriers have come down for what technological skills you need to carry out an attack.
Drew Thomas 15:20
So, since you brought up the term ransomware, let's, let's identify that. What exactly is the difference between a phishing email and a ransomware email? Or do they cross over to some degree?
Kevin Slonka 15:31
That's a good point. Mike you're gonna say something.
Michael Zambotti 15:36
Sure. And you know, I would, I'd like to make comparisons to the physical world, maybe something that you've experienced, and hopefully nobody has experienced this. But if you've ever had a boot on your car, maybe not your car, but you've seen a boot on somebody's car, the big yellow thing that's... I have never had a boot on my car... I'm happy. It's got to be a terrifying thing. You can't go anywhere; you can't drive your car. So, you can get in your car, and you can turn your car on. And you can listen to the radio, but you can't drive it, because that boot is going to stop you now, how do you get the boot off of your car? Well, generally, it's not just because you know, somebody felt like putting it on your car. You parked in the wrong spot, you have to pay the fine, maybe you have unpaid parking tickets, you have to pay that fine, that ransom in order to get your car to go again. So, that's in the physical world, we think about in the digital world, we have files on our computer, okay, and we'd like to access those files, they have information that we, we need, and we'll use. What ransomware would be, would be a digital boot on those files, the attacker would somehow gain access to your computer and make those files encrypted, which would make, kind of scramble them, if you want to think about scrambling the code, so you're not able to access those files, unless you pay them money. Okay? If you pay the money, then they will purportedly descramble those files for you, so you can access them again. So, one of the things is, how badly do you want to access this file? Well, I really need it, I have to pay a couple of $1,000 ransom to be able to access the files on my own computer.
Kevin Slonka 17:04
Wow. And that's, uh, you know, you brought up phishing at the same time. And, and that's an interesting point, because a lot of people might think, you know, how do I get ransomware? You know, how can I prevent ransomware from getting on my computer, and phishing is one way you could get it. So, when we talk about phishing emails, they could be used for various things, you know, like Mike had explained before, they can be used to just trick you into doing things. But maybe they also come with an attachment. And maybe you open that attachment, which again, if you listen to the first podcast, we said stop clicking on things, that, that goes for attachments as well. Don't open attachments when you don't know where they came from. Because maybe that attachment is that malicious, ransomware code, right, that's gonna get installed on your computer, and you know, scrambled up all of your files. So, that's a very common way that people get it. But it can also come from you visiting a malicious website too, so if you were to click on one of those links in a phishing email, go to a website, that website might automatically download something to your computer, and then bam, your files are all scrambled.
Michael Zambotti 18:12
And those attachments could look completely innocuous, it could look like a Word document that is something else. It could look like an Excel spreadsheet, a PDF, any kind of document, and you might look at it and say, well, this document is fine. If I opened it up and nothing happened. You wouldn't notice anything happening. It happens behind the scenes in your computer. And then all of a sudden, maybe weeks or months or days down the road, those files become encrypted. You know, as a history, you know, ransomware seems to be in the news recently. We hear about it maybe the last couple years. The first ransomware attack was actually back in 1989. It was done for anybody who were really want to turn the clock back, anybody remembers the old floppy disks? All right, we had the...
Kevin Slonka 18:54
You mean the save button?
Drew Thomas 18:56
The save button. Exactly. You 3D printed a save button.
Michael Zambotti 19:00
100%. You know, maybe a lot of people don't ever, never had any access to those discs or used them. They were awesome. You'd have like eight discs for a program. You'd have to keep switching them. But the first ransomware attack was in 1989, it was called the AIDS virus. And a fella took the 20,000 discs and mailed them out to people, actually physically, you know, we talked about phishing emails, but these were physical mail. They were mailed out to people, and they put, it was supposed to be about AIDS research. Now, rewind to that time, that was something a lot of people had an interest in, AIDS was up and coming, they wanted to learn about it, what was going on. So, people put it in their computer. After their computer rebooted 90 times, it would say, guess what, you can't access your files anymore unless you mail a check for, I think was like $249, to this PO box in, somewhere in South America. And then you would get a code which you could access your files. So, we hear about ransomware, we hear about cyber-attacks, and we think, oh, this is the new thing. Well, it's been around, you know, close to, you know, 35-40 years.
Drew Thomas 19:56
So, you'd said, just using that example, you know, mail a check, and then we'll send you a code to release your information. But you're also putting your faith in a criminal too, that they're going to hold up their end of the bargain. How likely is it that when you pay this ransom, and again, we're hoping to avoid having that happen to you at all, but if something were to happen, how likely is it that the hacker will or the, the scam artists will use that term instead, will release your information?
Kevin Slonka 20:27
So, I don't know that any of us actually know a percentage of how likely it is, but I can tell you what we say in our field; never pay the ransom. So, it’s because of that exactly what most companies will do. And likewise, what most individuals should do is you should always have your stuff backed up. Right? If something is important to you, you should have it in more than one place. So, whether you subscribe to some cloud backup service, or whether you copy your stuff to a USB stick and keep it somewhere else. You know, if a file is important, you should have it in more than one place. That way, if something happens to the main place, you go to your backup, and you don't have to pay that ransom.
Michael Zambotti 21:11
That goes, that's the number one thing in technology, backup can save your life. And it could be ransomware, your computer could get ransomware. Or your computer could just break. Yeah, without a hacker. Yeah, right. You know, we talked about malicious attacks, but what if your computer just the hard drive crashes? Have a backup of your data.
Drew Thomas 21:27
Yeah, I think that's really important. And you know, you mentioned like Cloud backups, things like that. I mean, or even having USB drives things of that nature. Yes, there is a cost involved in that, there's a cost usually involved in having a cloud backup, there's a cost of subscription, right? It's a subscription. Yeah. But, you know, comparatively speaking, the cost of buying those USB drives the cost of having that cloud backup is negligible, compared to the cost of permanently losing family photos, permanently losing access to your data for business, permanently, or potentially, and, again, don't do this, you know, Kevin's point, don't pay the hacker but or paying the hacker.
Kevin Slonka 22:05
Yeah, I mean, on my personal machine at home, I have a little over two terabytes of files that I consider important, you know, photos that I've taken stuff for school, you know, all the classwork I've prepared everything. And I subscribe to a cloud backup service. It only costs me, for the level that I subscribe to, like $11 a month. So, in the grand scheme of things, I think $11 a month is well worth, you know, losing 2.4 terabytes of my personal data and never getting it back.
Michael Zambotti 22:38
Because especially with photos, you can't replace those, you can't replace a memory. You can't recreate those.
Drew Thomas 22:42
Yeah, you were using the example of trying to put this into the physical world. I mean, there are people that will you know, again, not trying to encourage this, but there are people that have been known to run back into a burning house to try to save family photos, because they're irreplaceable. Yeah. What, you know, for the, for the cost of two cups of coffee, I mean, you're able to preserve all that and make sure you can have access to it no matter what happens. I think that's easily worth every penny that you're that you're spending.
Kevin Slonka 23:12
And by the way, not endorsing Starbucks.
Drew Thomas 23:15
But it's really good coffee. Yeah, I mean, it's hard to argue that.
Michael Zambotti 23:18
Or maybe if you don't want a cloud service, maybe you say, well, I want to have it, I want to touch and I want to feel my backup. You can buy a couple terabyte hard drive on Amazon for $50-$100. So, and then you just copy everything over maybe once a week, and you have your backups there in your house. So, which might bring up problems where hey, if something happens your house, well, then you lose your backups as well. That's why it's nice to have something off site. But you know, maybe you say I want to, you know, I want to have the old-fashioned way, and have, have the, you know, the so it's not cost prohibitive at all.
Drew Thomas 23:49
So, we've got a couple of I'm going to do a very, very clunky segue here. So, we've been talking about different technical options on how to back up your data and avoid ransomware, or recover from a ransomware scam, that sort of thing. You said about like Tech Support scams. So, for people that don't always know what the cloud is, we were talking a little bit again, you know, prior to, prior to hitting the record button today about the fact that the cloud is not in the sky, the cloud is a physical piece of hardware somewhere. You know, I think that, you know, people that are not potentially tech savvy might be susceptible to something like a Tech Support Scam. And I wanted to kind of touch on what those scams involve and how they work.
Michael Zambotti 24:31
Yeah, Tech Support scams would be where maybe something pops up on your computer and says, you have to contact us right away, call this number. Or maybe they call you, and maybe they call you and say there's problem with your computer, we've, we've determined that, we're from Microsoft. Now, going back to what we talked about in the last episode about fear, uncertainty and doubt. Something's wrong, I need to have it fixed, Microsoft is on the phone. Now, what I tell people is step back for a minute... how convenient... exactly. If you've ever tried to call Microsoft support, you will be on hold for a long time, days, perhaps weeks. It's like the IRS. You know, if you ever call the IRS, you don't get right through, the IRS does not call you ever. So, whenever we see this, hey, you're not talking to Microsoft tech support, they're trying to get you to do something, they'll try to get you to go to a website, give them access to your computer.
Kevin Slonka 25:21
Yeah, that's probably the number one thing that happens with those Tech Support scams is, you know, A, they trick you into thinking they're real tech support. But what do they do? They get you to install something. And what is that thing? It's remote access. So, you'll start seeing your mouse moving, right, they now have control of your computer. And now they can do whatever they want. Any website, you're logged into any password, you have saved any file that's on your computer, they have full access to your life at that point. So, yeah, nobody's ever going to call you, you know, your bank is not going to call you and say, hey, we saw your computer was insecure, we want to make sure your money is safe, can you install this? That's not going to happen.
Drew Thomas 26:04
Right. We partner with the American Bankers Association on a program called Banks Never Ask That. And it's a series of videos and things like that, that they put out there that say, you know, your bank will never call you to ask whether or not you prefer a Sega Genesis or, or a vintage Nintendo system, like, it uses sort of outlandish ideas to illustrate the fact that your bank will never call you to ask that kind of stuff, just like we will never call it to ask you your username, your password, your personally identifiable information. If you're a customer of a bank, then your bank has that information already. They will not call you to verify it or ask you to confirm it. Now, there's a difference there too. And I think it's important to touch on this because it applies to banks, but I think it applies to other industries as well. If you call us, we need to identify that you are who you say you are, right, because we're trying to protect you. So, if you call our call center, we may ask you certain things. We will never ask you for a password, we will never ask you, nobody does that. And that will even in those situations, we will not ask those information. But we will ask, you know, you to identify perhaps the last transaction total that happened on your account, or something that you would have access to that we can just confirm that you are who you say you are, when you call us, we will never call you and ask that information. It's never, it's never an incoming call that you would ever be asked that.
Michael Zambotti 27:26
If you do get an incoming call from somebody, one of the best things you can do is say, could I call you back? Give me a number to call you back. Generally, they'll hang up on you at that point. But if they do give you a number, then you can check that number. Is that actually bank support? Or better, if you get a call that's purported to be from your bank saying, I'm going to call you back at the customer service number. Call the bank's actual customer service number, and yeah, and then ask, say, hey, did somebody call me?
Kevin Slonka 27:53
And that's a really good point, because, another type of scam that people may not know about it, pretty much everybody nowadays has caller ID on their phone somehow. Caller ID can be fake. It is extremely easy for attackers to put a fake number in the caller ID of the call that they're making you. So, you may look at the caller ID and say, oh, yeah, that is my bank's number. This is legitimate. Do not believe that because it can always be fake. Yeah. So, always do what Mike said, you know, ask them for a number to call back or pop your bank's website into Google to find their real number to call back. You know, you always want to take the initiative there, because just assume everything's fake.
Michael Zambotti 28:35
Yeah, the previous episode, we've talked about spoofing, you can get a call where pops up with somebody's name and phone number. And the attacker has, has spoofed it, they've actually put that information in there to make it look like they're calling from the bank, and it looks official. You know, I've gotten text messages, maybe you've gotten them as well, that said, you have a package from the US Postal Service. It's, it's stuck in transit, we need you to verify some information, we need you to click on this link. And so, trying to get you to do some sort of activity, if you look at the link, you know, and I've opened them up in a, in a secure environment, and they look legitimate. If you looked at that, you'd say, well, this, this looks like the US Postal Service website.
Drew Thomas 29:14
Now, you when we were talking about like text messages and stuff like that, that, that also brings up the fact that most of the time you're receiving text messages on your phone, you're not, you're not necessarily receiving those kinds of messages through your, through your computer, right. So, some people might think that, well, it's not my computer, I can still click on this because it's just my phone. Your phone, your phone is not a phone anymore. Your phone is a miniature computer that you carry around in your pocket that has an app on it that allows you to use it as a phone. So, I think it's important to make that identifying thing you know, we use that vernacular because it's just familiar because, you know, oh, it's my phone, but it's really a miniature computer that, that can be accessed just like your other computers could be accessed, whether you're clicking on a link on that or a link on your, on your PC.
Kevin Slonka 30:01
Everything is a computer and that, that just opened up Pandora's box in my head of things that I want to talk about. But if you ever hear the term smart, something, I'm sure you've all heard of smart TV, smart refrigerators, smart toaster, those are computers, the exact same computer, like you have your laptop or your desktop, they are full computers. They can be hacked, they can get viruses, they can steal your information. And you may think to yourself, what information does my television, or my toaster have? Well, if they're smart, they're connected to your home Wi Fi, where your real computers are that have your real information. So, yeah, I mean, all this and especially the phone, like your phone is a real computer. It has all the information that your laptop or your desktop does.
Michael Zambotti 30:50
I've seen smart washing machines, smart toothbrushes, and I'm like, why did these devices need to be on the internet? Yeah, they don't.
Kevin Slonka 30:57
I mean, they come with great, they're sold to you like they're amazing. And, you know, I saw like a smart oven. And the goal of the smart oven was, there's a video camera inside, and there's an app on your phone. So, you can put something in to cook, go in the other room, watch TV, your phone will notify you when the timer is up, you can look at the image of what's in your oven to see if it's done without having to get up and walk over. That seems amazing. I would love to be able to walk around my house and know that my food isn't burning, right. But also, who's to say that a hacker can't break into that and set the temperature to a million degrees and make your house catch on fire. So, there are problems with everything. I won't go down that rabbit hole, back to the phone. Yes, be well aware of, you know, not clicking links on your phone the same as you would on your computer.
Michael Zambotti 31:47
Well, it's funny because we use the term dialing a phone, you know, yeah, there's no dial and it's not a phone. It really is a computer that happens to be able to make phone calls. But you know, at the end of the day, how often are you actually talking to somebody on your phone? Probably not very much.
Kevin Slonka 32:02
Yeah, I hate talking to people.
Drew Thomas 32:06
It's a digression, but, you know, we used to, there was a comedian that had a clip of this at one point, but they said about how when people used to get a knock at the front door, they would jump up to, to answer the door because they were so excited that someone had stopped by. And now if someone knocks on your door, you cringe and sort of hide behind your couch and assume that it's, who would, who would come to my house without telling me? Nobody goes outside anymore. And the same thing happens, you know, I've had people tell me, I've had people text me ahead of time and say, can I call you like we never would have thought 20 years ago that we would have to have permission to call you and talk to you using my voice, that I would have to text you ahead of time and say is it good? Is it okay? If I give you a call?
Michael Zambotti 32:49
Oh I, if I get a call from somebody, I just assume it’s bad news. Because yeah, well why is this person calling? Let it go to voicemail.
Drew Thomas 32:55
And if it is one of these hackers, it is bad news, sorry scam artists. I keep saying scams, I keep saying hackers.
Michael Zambotti 33:01
Well, you know, that's, that's a great point. Maybe we can, we can digress there a little bit, hacker is not a bad thing. You know, Kevin and I are hackers. The students that we have are aspiring hackers. And we're ethical hackers. In a lot of cases, criminals are doing hacking activities, but if you look back to the 60s where the hacker terminology came about, it was people using technology to get it to do something it wasn't supposed to do. And you know, it became a pejorative term, but these are criminals. You know, these are, these are people that are conducting cybercrime actually trying to harm us and harm society. So, there's certainly good hackers out there, the ethical hackers that are you know, working for the good.
Drew Thomas 33:42
So, one of the other things that we touched on somewhat in the, in the first episode that we had released before was, was social engineering. But I think that all of these scams to one degree or another probably rely on the term social engineering, and I want to, I want to maybe talk about that a little bit in this episode, maybe dive a little deeper into what that means. The term social engineering, what exactly is that? And how does it apply to some of the things we've been talking about?
Michael Zambotti 34:08
Sure, I think the best way to illustrate it is an example an example that we have seen in students getting emails. Now, you know, think about a student's motivation for being in college, well it's to get knowledge right to, to learn. The ultimate goal is what, it's to get a job eventually after college unless somehow, they become independently wealthy by hitting the lottery in their college time. They want to get a job. So, college students are seeking jobs. So, if I'm an attacker, you know, and put my attacker hat on, I have a group of people that are very motivated to go get a job. So, why don't I send them an email, or maybe set up a website and tell them I'm hiring, I'm hiring? Send me your resume. Oh, your resume looks pretty good. Let me set you up for an interview. Maybe, many interviews now are conducted via Zoom, not even in person. So, I could interview somebody via a call via online, and I can say wow you, you, you did well, I want to hire you. Okay, this person's thinking, this is great, I got a job my parents are gonna get off my back now. I am going to work; I'm going to become gainfully employed. And so, what's the first thing you do whenever you get a job? You have to provide, well, you want to get paid. So, you have to provide your bank account information. Okay, you provide your social security number. So, as the fake employer, I say what, here's the documents, here's an I-9, here's the documents I need you to fill out in order to hire you. So, you say oh great, okay, I want to get paid. Here's my information. And then you just provided all your information to the attacker. You thought you had a job, that social engineering, getting you to do something that is not in your own best interests. In a scenario where you think one thing is happening, and the attacker is certainly going after something else trying to get information from you. And you can see this, well, this is not a technical attack, they're not using code or anything like that. They're, they're just, they're hacking, sometimes something that we often refer to as the weakest link in security is the human, hacking the human. And, you know, computers are silicone based, right? We think carbon base, that's us in the chair, a lot of vulnerabilities, a lot of vulnerabilities there. So, we are definitely susceptible. And all of us, we are not exempt. People in the cybersecurity industry have been socially engineered. Because again, these are professionals, these are people who are very good, they do it for a living, they're good at what they do.
Kevin Slonka 36:30
And that scam that we just talked about earlier, the tech support scams, that's a type of social engineering scam, that's exactly what it is, you know, they're, they're preying on your emotions, essentially, you know? I like to always bring up you know, the fight, flight, or freeze, you know, emotion of people, you know, what, what are you going to do? Are you going to react? Are you going to think, you know, they're trying to make you react, they're trying to do something, like, you know, Mike said, I want a job, I got to fill out this paperwork right now. Or the Tech Support scam, I don't want my computer to be broken, I got to let them fix it. You know, whatever the case might be there. They're trying to get you to not think to do something before you take the time to think.
Michael Zambotti 37:11
And everybody's been in that situation. Everybody's been in a scenario where, where they did something, and then whenever they look back on it in a more calm state, they say oh, I can't believe I did that. I can't, that's not me, I would have never done that. But your, sometimes your brain short circuits.
Drew Thomas 37:26
I think it's important to remind people too that there's no embarrassment involved here. If you, if you find that you have been a victim of a social engineering ploy, or some sort of scam, you don't ignore it. And you don't hope that you know, like, well, I just won't tell anybody because man, I'm embarrassed, it's not gonna go away, it's not going to go away, you need to do something to try to resolve the situation as quickly as possible. Because a lot of damage can be done once your information is out there. Because, you know, once it's out there, it can be shared, it can spread faster than you can possibly imagine, as far as you know, being out there. And, you know, we tell our kids a lot of times, you know, posting photos online and things like that, like it's out there forever. You can put it out there. You can take it down, we see this with politicians, we see this with people all the time they put stuff on, on Twitter, or X, whatever it is today, whatever. Yeah. And then, you know, five minutes later, they take it down because it was something they didn't want to, they didn't want to, it doesn't matter, somebody has screenshot it, somebody has taken it and done something with it. And that's a long way around of saying just you know, if you find that yourself a victim of some of these things, don't, don't feel bad about it. Just take action to try to resolve it as quickly as you can.
Michael Zambotti 38:32
The internet never forgets. Yeah. And you're right. You're a crime victim. You know, we're talking about cyber criminals, you're a victim of a crime. If you got mugged walking down the street, it wouldn't be your fault. It's the fault of the criminal. So, yeah, exactly. I heard a story one time of a receptionist that clicked on a link, and it ended up being ransomware. And she got so flustered and upset, she turned off her computer and ran out of the building. Because she didn't know what to do. Yeah. And I think that comes in to awareness and education. Having people understand what's possible, what to do, you know how to be resilient. Hey, we had a, you know, I had an incident my computer doesn't work anymore. What do I do?
Kevin Slonka 39:10
And I think that's an if you don't mind, that's a really good time to bring up. What do you do? It is. We've been talking about these for the last episode for this episode, you know, what, what should you do if you fall victim to one of these things and, and there's so many things, it really depends on what the problem is. So, one of the easiest things to do, if you fell victim to a social engineering attack that made you log in somewhere, and you think you may have logged in somewhere that might have been bad. Step number one is to change all of your passwords. And hopefully, hopefully, if you listen to our first episode, you know that you should not have the same password on every website. If you do have the same password on every website, you have a lot of work to do, because you have a lot of passwords that you need to change, but you should immediately change your passwords, because assume the bad guy got your password. Now you need to make sure that they can't get into your account anymore, so go change them that that is step one. Do that within 30 seconds of realizing you did something wrong. But you know, maybe you put in a credit card to a website that you think might be bad. Well, it may be time to call the bank and have them you know, I don't some banks offer like monitoring services, because canceling a credit card is pretty awful, right? It's a pain. So, maybe they can monitor it for you. Maybe you can put a hold on it. Or maybe you just want to cancel it and get a new number. But you know, step one is to realize, you know, what do you think was compromised? Is it just my password? Is it my credit card? Is it my social security number? And that will inform you on you know, what, what do I need to do to protect those things?
Michael Zambotti 40:48
Yeah, basic blocking and tackling. You know, we see this cybersecurity seems wow, it's so confusing and hard. But like Kevin mentioned that very basic, change your password have a different password on every website? Yeah. Is it, is it hard? It's a little annoying, you know, hey, it's easy to have the same password everywhere, right? I think all of us, whenever we first started out on the internet, let's make it simple for ourselves. Let's keep functionality. But as we started to think, well, what if somebody gets that password, they have all of my passwords, you have a unique one on every application, every website, it just protects you. And that's a basic thing everyone can do. You don't need to have any technological skills or level of knowledge to just have a different password or passphrase, as we talked about in a previous episode, don't just use a word. You can use a sentence, there's no rule that says you your passphrase can't be the Steelers have won six Super Bowls. That's easy to remember. And it's really, really difficult, if not close to impossible to crack.
Drew Thomas 41:43
Yeah. Kevin, you mentioned some credit cards. And so, let's touch a little bit about like online shopping scams and things like that. I think that especially around certain times of year, and I'll say like around the holidays in general, gift giving times, things like that, you'll, you'll start to notice that you're more, you're more willing sometimes to use a website that you're not as familiar with, because you want that particular item for, as a gift for somebody or better price, or better price. That's a big deal. So, you know, what do you do when you, when you find that maybe you've visited a website, that in April, you never would have gone to but because it's that time of year and you want that gift and you want that lower price, you've, you've given your information, credit card information, things like that, to somebody like that?
Kevin Slonka 42:29
You really got to be careful around the holidays, because you know, they will attack you via all methods. You know, we've already talked about phishing, and text message, you know, smishing, you're gonna get lots of emails, you know, like Mike had given the example you know, your package is in transit, you need to release it, you're going to be seeing lots of those, in email and text messages. They're going to try to get you to log into a fake page, so you got to be really careful about your messaging. And yeah, websites. It's really hard to tell people to do this, because you want that best price, but only shop at legitimate stores. You know, don't go to JoesRussianToyStore.com. You know, because you can get a toy for $10 cheaper, like that's probably a bad idea. Only shop at reputable places because you don't know what they are going to do with your data. We would like to think that when we type our credit card into Amazon or any other shopping site, that either they are not saving our credit card, they're just using it for the transaction and then getting rid of it, or if they do save it, it's encrypted somehow. So, if a bad guy were to break in, they can't see the numbers. We would like to think that's the way it works. And maybe it does for the big guys. But not Joe's Russian Toy Store. You know they might be saving your credit card as just the real numbers, that if they were to get hacked, everybody's credit card is now stolen.
Drew Thomas 43:59
One of the things from a banking perspective that I can tell you too, is that if you ever encounter a store, a retailer of some sort that says, well we don't accept credit cards, but we want you to wire us the money. Oh, never wire, do not do it, just don't do it. Like the thing your mom told you. If it seems too good to be true, it probably is right? I mean...
Kevin Slonka 44:18
Wiring is never an option.
Michael Zambotti 44:20
Wiring is a red flag. If you hear the term, if somebody wants you to wire money either to or if they want to wire money to you and then have you wire it to someone else. That's another scam and whenever you hear that, that is a red flag. And I'll also mentioned this as far as buying things online with your credit card; you know, we want convenience, we want to use our credit card and we want to get things and there's services that will allow you to use a masked credit card number. Privacy.com is one, there's, there's several out there, which whenever you buy something on a website, you don't provide your actual credit card number, privacy.com gives you a one-time use credit card number that you can use, and you can authorize it for certain dollar amount. So, that even if somebody gets that credit card number, they don't have access to your actual credit card, they just have that one time use one. So, the scope of the damage would be much, much less. So, privacy.com is one, there's several out there, I'm not endorsing or saying, hey, go use this. It's just a resource that is available, if you would like to explore that and say, well, why am I giving the same credit card number to every retailer? Can I, you know, have a unique one. We talked about unique passwords; this is a way to you have a unique credit card number.
Drew Thomas 45:27
That's very interesting. I had never actually heard of that.
Kevin Slonka 45:29
I've actually used them. I bought something from a website that I was afraid, you know how like subscription services, if you forget to cancel in a certain number of days, they charge you again, I was afraid that might happen. So, I got a temporary credit card number from privacy.com and set the limit for only that one purchase. So, if it did renew, it would just get declined. Yeah. And that was just the way to save me that extra money.
Michael Zambotti 45:54
And those Russian nesting dolls you got me for my birthday, Kevin. Exactly. From that website. Yes.
Kevin Slonka 45:58
I mean it's a great website, it's a great website.
Drew Thomas 46:01
You know, we talked about this from a banking perspective. And having things like online banking and having certain apps on your phone too is also helpful because especially when it comes to shopping scam scenes where you're spending money because, if you're waiting for a monthly statement to be printed out and mailed to you, sometimes you can, you can be 28 days behind in even recognizing that something has happened. That an erroneous charge has happened on your account, things like that. So, having online banking, being able to look at your statement on a daily basis, your, your account information on a daily basis, is important. A lot of banks, a lot of credit cards, AmeriServ is one of them, but, but many banks, many credit card companies have the ability to turn off your debit card, turn off your credit card, if you think that it's been compromised without, without cancelling it. Yeah, it's literally an app on your phone, you go in, you log in, you toggle a little switch, and the card can't be used until you turn it back on or until you have a chance to contact your bank and have them cancel it and reissue you a new one. I can speak from personal experience, a number of years ago, I woke up in the morning. And there were three notifications on my phone that had happened at three o'clock in the morning, where they had been doing test transactions. One was for $1. One was for $5. One was for something else. And I know that I had not done them, I very quickly got on my phone, it was six o'clock in the morning, I was able to turn off my card, so that I knew that no further transactions could come through until the bank opened and I was able to then resolve it. Because you know, they'll do that stuff in the middle of the night knowing that you can't call your, you know, if you have a small community bank, you can't call them at 3:30 in the morning and have them turn off your card, and you're sleeping, and you're sleeping, you don't know that it's happening, right. So, being able to have some limited control over the way that your bank account, your credit card, your debit card are being used is very helpful. And most of those services are normally free from your bank.
Kevin Slonka 47:49
And I can give two examples of things that I do in that same vein. On my credit card I have, they have the ability to set up alerts. So, any charge above a certain amount, I get an email to let me know that this happens. And my limit is $200. Which may seem crazy, because you know a lot of, I'm a technology person, a lot of stuff I buy is over $200. But for me that was a good limit that, you know, if a lot of charges come in over $200, I want to know about it, because that's a lot of money if they start adding up. Yeah, so and what's the pain for me, it's not a pain, it's just a single email. So, even if it's a legitimate transaction, I just delete a single email. But it keeps me on top of big charges that may come through. So, setting up alerts is really good. And the other thing that I always tell people, I do this myself, if you have an iPhone, use Apple Pay. That is the number one thing you can do to protect your credit card from getting stolen. You might think oh, it's on my phone, my phone isn't secure. Yes, that, you know or Google Pay whatever they call it on an Android phone, using those services for credit card payments, like tapping, to be able to tap your phone to pay at a different retail outlet. Even websites have this integrated now that you can use Apple Pay and Google Pay through a website. So, you don't have to provide your credit card. Right. The way that this protects you is now you only have to trust Apple or Google like one company with your credit card. Every time you use it to buy something somewhere, they are generating those random codes like Mike had talked about. So, it's not your real credit card number getting transmitted to Starbucks when you buy a coffee. It's some random credit card number that for that one-time transaction is linked back to Apple, they link it back to your account so your account can be debited, the money or you know whatever. So, using those services is really, really nice and it is not, it is not insecure. It is one of the best things you can do to prevent your credit card from getting stolen.
Michael Zambotti 49:49
And, and having that visibility into what's happening on your cards like yeah, like, like Drew, Andrew mentioned, or Kevin mentioned...
Drew Thomas 49:57
One of us, one of us mentioned it.
Michael Zambotti 50:01
Having the visibility as to what's happening on your card, you know, if you have these alerts set up, then you can be aware you're not waiting for the statement to come in the mail. You know, that was the old way. Right? You got your statement, and well, 27 days ago, I had fraud. Now, what do I do now? It's almost a month later. Now you can know real time. So, there's a lot of scams, a lot of things, technology has accelerated the attackers’ capabilities, but it’s also accelerated what defenders, what us as people who want to protect ourselves can do. Yeah.
Drew Thomas 50:27
So, basically, just to kind of tie this up a little bit, you know, because, again, you know, there are other scams out there that we could talk about. And but I think that what we've touched on are probably the ones that are the most frequent, possibly, especially because they sometimes, to use your Russian nesting dolls analogy, they sort of work with each other, you know, phishing will work with ransomware, phishing can, can phishing can be an end in and of itself. It can also be a step toward another type of scam and sort of just, you know, adding them together. What really should people be doing? I mean, I know we said in the last episode, don't click on links. I think that bears repeating. I mean, if you're receiving emails and links and things like that, text message, links, things like that, don't click on the link, I want to, I want to leave it there, don't click on links, but especially if you don't know where it's coming from.
Kevin Slonka 51:19
Yeah, and I think one of the words that Mike had used earlier, skepticism, having a good level of skepticism is the number one way that you don't fall victim to these things. You know, there are lots of different scams that will try to trick you and make you feel emotions in lots of different ways. Just take a second, take a second and think about it. And you know, always, you know, one of the scams we had on our list that we didn't touch on, but it could happen like an IRS scam. You think you owe the government money. You know, that, that's one that might get, you know, a really big emotional response from people. Just take a second, maybe call the IRS yourself, and verify, hey, do I really owe $10,000? Is this real? Like, be skeptical, always check for yourself. Don't trust whatever you got that made you feel that emotion?
Michael Zambotti 52:11
Right. And to piggyback on that there's, there's other scams, and we could probably have an entire several episodes on all the scams, there's one that will come in the subject line will be a password that you've used before. So, whenever you get this email, how scared are you? Hey, that's my password in the subject. They must know something, everything else that follows must be correct, they know my password. In reality, that attackers look at data breaches that are freely available online. Yeah, and they email all the people because we have a, we have an email address, we have a password, hey, I know your password, you're gonna assume everything else is correct. And you have that fear reaction, I better send money to these people, they know my password. But, you know, take that step back, talk to somebody trusted in real life, you know, not over the internet, call somebody that that you know, and say, hey, here's a scenario, walk me through help. Help me deal with this. Don't be afraid to ask for help. Again, you are the potential victim or the victim of a crime.
Drew Thomas 53:07
When you're receiving these communications, I think too, the scammers are getting much better at making things look legitimate. But going back to that whole idea of taking a second, taking a beat, don't, don't not just reacting instantly. Does the, the email or the text messages from the IRS, is something, is IRS misspelled? Is it coming from irs.org or.com instead of.gov? Does the logo of the company that's in the email, does it look out, does it look wrong? Does it look too tall or too short? Or the wrong color? Or there are things you can look at that, you know, that might be a visual tip off to you that maybe something's not quite right with this, even though you might do business with Microsoft, you know, are you know, is it coming from, from a website like Microsof.t.com or something, something weird like that? Just that extra couple of seconds can save you so much time. Because clicking, realizing it's a scam, and clicking delete is probably the easiest thing you can do to avoid these problems.
Michael Zambotti 54:09
your best line of protection right there.
Drew Thomas 54:11
Yeah. So, are there any other, any other key issues that we haven't really touched on as far as, as far as prevention that you wanted to touch on before we wrap things up today?
Kevin Slonka 54:21
I mean, from a scam perspective, I don't think so. I think it can all be distilled to that, you know, take a second, just think it through.
Michael Zambotti 54:29
And I would just say be vigilant. Just remember an attacker only needs to be right one time. As a defender, you need to be right all the time. Yeah. That sounds daunting. It's a big as big assignment. But the tools that we talked about on both this show and, and future shows, that's why you want to stay tuned, these are the things we're going to give you the tools to help defend yourself, protect yourself, protect your family.
Drew Thomas 54:50
I heard you say future shows and that means that you guys are coming back because you guys, these are, these are great conversations, and we really appreciate you taking the time to come and sit down with us and, and talk through these things because I think people can be very overwhelmed by this topic.
Kevin Slonka 55:03
Yeah. I mean, we hope to be back, you know, that was kind of Mike's way of kind of forcing you to bring us back. We're just gonna say that every episode and then we'll have to come back.
Drew Thomas 55:11
Fair enough. All right, well, some of the information that we shared here today, we will share in the description. Some of the different websites and different materials resources that you can use to try to help protect yourself to be able to hopefully, avoid becoming an identity theft victim or a scam victim. And some of the things that you just might want to read more about, we will put in the description of the show below. And definitely subscribe to the show. If you haven't already. Not only will it make sure that you get notified when new episodes drop, but it helps promote the show to other people. And we thank you very much for listening. Thank you, gentlemen, for showing up once again today. And yeah, you're coming back, so I just want to let you know that so. Alright, thanks a lot. All right, thanks.
Speaker 1 56:04
This podcast focuses on having valuable conversations on various topics related to banking and financial health. The podcast is grounded in having open conversations with professionals and experts with the goal of helping to take some of the mystery out of financial and related topics, as learning about financial products and services can help you make more informed financial decisions. Please keep in mind that the information contained within this podcast and any resources available for download from our website or other resources relating to Bank Chats, is not intended and should not be understood or interpreted to be financial advice. The host, guests, and production staff of Bank Chats expressly recommend that you seek advice from a trusted financial professional before making financial decisions. The host of Bank Chats is not an attorney, accountant or financial advisor, and the program is simply intended as one source of information. The podcast is not a substitute for a financial professional who is aware of the facts and circumstances of your individual situation. Phishing scams are one of the most common types of cybercrime. Statistics show that in 2022, there were more than 300,000 phishing victims with a total loss of more than $52 million in the US alone. Scammers don't need to hack your computer if they can convince you to simply give them the information they need. The good news is that you have an excellent chance of avoiding these scams if you simply know what to look for. Be aware, think before you click, don't make purely emotional decisions. We want to thank Kevin Slonka and Mike Zambotti from Saint Francis University for joining us again on the podcast today. If you're interested in learning more, please visit ameriserv.com/bankchats or ameriserv.com/fraud for content on how you can help defend yourself against cyber criminals. I also want to thank Jeff Matevish for his excellent work in editing and producing the show. If you haven't subscribed yet, please consider doing so as it really helps us to reach a larger audience. For now, I'm Drew Thomas, so long.
Comment via Text Message
Leave a Comment on Our Website
In this information packed episode, Kevin Slonka and Michael Zambotti are back to talk more in depth on the topic of scams. What are some common scams to be on the look out for? What are the red flags? If you fall victim to a cyber-scam, what should you do? Learn the answers to these questions and more on this episode of Bank Chats.
Related Materials:
https://privacy.com
https://www.ameriserv.com/fraud
Credits:
An AmeriServ Financial, Inc. Production
Music by Rattlesnake, Millo, and Andrey Kalitkin
Hosted by Drew Thomas
Scams, Digital Deception
View VideoDISCLAIMER
This podcast focuses on having valuable conversations on various topics related to banking and financial health. The podcast is grounded in having open conversations with professionals and experts, with the goal of helping to take some of the mystery out of financial and related topics; as learning about financial products and services can help you make more informed financial decisions. Please keep in mind that the information contained within this podcast, and any resources available for download from our website or other resources relating to Bank Chats is not intended, and should not be understood or interpreted to be, financial advice. The host, guests, and production staff of Bank Chats expressly recommend that you seek advice from a trusted financial professional before making financial decisions. The host of Bank Chats is not an attorney, accountant, or financial advisor, and the program is simply intended as one source of information. The podcast is not a substitute for a financial professional who is aware of the facts and circumstances of your individual situation. AmeriServ Presents: Bank Chats is produced and distributed by AmeriServ Financial, Incorporated.