[00:00:23] Bob: Oh my God!
[00:00:27] Jody: They took everything.
(MUSIC SEGUE)
[00:00:33] Bob: Welcome back to The Perfect Scam.
I’m your host, Bob Sullivan.
Well that family time is precious.
But let’s face it, travel isn’t cheap.
It can feel a lot like a game but points equal family time.
And you might be surprised to learn that for criminals, points can equal money.
We love hearing from you.
Okay, now on to Jody’s story.
[00:02:20] Bob: That’s a busy home right there.
[00:02:21] Jody: Exactly.
[00:02:23] Bob: How long have you been in Vegas?
[00:02:24] Jody: Um, all my adult life.
I came out here to go to college and met my husband here, and then we never left.
[00:02:34] Bob: Jody says she and her family love living in the desert city.
[00:02:59] Bob: Um, I mean you have big acts, right?
Like the Sphere brings U2 there all the time, right?
So, have you…
[00:03:05] Jody: We saw U2.
[00:03:08] Bob: Oh, I’m sure.
What is that, what is it like in that building?
[00:03:10] Jody: Well, one thing is how steep the stairs are going down.
I was worried that I was going to um, take a fall and was taking them real slow.
But the 360-video screen is amazing.
And it was like no other concert experience we’d ever attended before.
[00:03:31] Bob: Jody and her family also love to leave Las Vegas.
And it’s been amazing to be able to travel throughout the United States, um, overseas.
[00:04:18] Bob: Uh, and I really admire that.
And to, you know, see new exciting things.
You want those experiences for your kids, right?
[00:05:20] Jody: Absolutely.
And I know at school, they’re just amazed at how well traveled our 13-year-old is.
[00:05:28] Bob: They are well traveled outside the US too.
[00:06:07] Bob: Your whole family to Europe and you didn’t pay any airfare or hotel.
[00:06:11] Jody: No.
We used points for the whole thing.
[00:06:13] Bob: Wow.
[00:06:23] Jody: That’s absolutely true.
So it’s really understanding the programs and then how to maximize the points.
I mean it’s, it’s a, it’s about being able to take family trips.
[00:06:58] Jody: Absolutely.
[00:06:58] Bob: Okay.
And so these points have a lot of value and that you have worked hard to accumulate them.
[00:07:03] Jody: Absolutely.
Well, the trouble begins with a single email and a stolen gift card.
[00:07:57] Jody: Right.
Did you authorize this purchase?
[00:09:26] Bob: Hmm.
And this was a straight credit card transactions, right?
[00:09:30] Jody: Right.
[00:09:30] Bob: It wasn’t a points thing, okay, yeah.
[00:09:44] Bob: Oh boy.
[00:09:49] Jody: Exactly.
[00:10:13] Bob: They were bypassing that two-factor authentication this way, right?
[00:10:16] Jody: Exactly, so.
[00:10:18] Bob: Oh no.
[00:10:57] Bob: Oh my God!
[00:11:01] Jody: They took everything.
[00:11:03] Bob: Another new credit card doesn’t fix the problem.
And this time, the criminals manage to steal every last travel point in the family account.
[00:11:13] Bob: Just, for instance, what can you do with100,000 points?
[00:11:36] Jody: Exactly.
[00:11:37] Bob: Wow.
Okay, so what does it feel like to see a zero balance?
[00:11:57] Bob: Okay, so now I mean where do you go from zero?
[00:12:16] Bob: Now why would you be paranoid?
[00:12:18] Jody: I can’t imagine why, Bob.
But Jody and her husband decide to take an extra step to check that their account is safe.
[00:13:02] Jody: It was, and we spent hours on the phone with Chase.
Now were you confident you got everything back?
[00:13:31] Bob: A few weeks go by, and then the criminals up the stakes.
I told him, no.
[00:14:23] Bob: Right, God, okay.
So that’s, so now the problem is much, much bigger.
[00:14:28] Bob: And then, the criminals make their big move.
[00:15:00] Bob: Oh no.
[00:15:08] Bob: But, but somebody was trying to steal $20,000 essentially from you?
[00:15:11] Jody: Yes, for the value of our points.
[00:15:13] Bob: Oh my God.
[00:15:25] Jody: Oh, it was so stressful, Bob.
So I’m talking to Chase on the Bluetooth in my car as I’m driving him over there.
Because again, the fraud department was going to close within an hour.
[00:15:51] Bob: Oh God.
[00:15:56] Jody: Um-hmm.
[00:16:12] Bob: But as that transaction is blocked, the criminals don’t give up.
[00:17:27] Bob: Wow.
Now you’re thinking whoever this is, they have the run of my whole personal life, right?
[00:17:32] Jody: Exactly.
I was worried about what don’t they have access to.
[00:17:37] Bob: Yeah, of course.
[00:17:39] Jody: And they hacked our Amazon.com account.
[00:17:42] Bob: Oh my God!
What did they do with that?
So I guess all the crime was making them hungry.
[00:18:05] Jody: No.
[00:18:05] Bob: Oh my God.
[00:18:23] Jody: Yes.
[00:18:24] Bob: So Jody has a lot more homework to do that night.
[00:18:42] Jody: Absolutely.
[00:19:05] Bob: That makes sense to me.
So they can rely on consumers not being as vigilant.
[00:19:20] Jody: I do agree.
[00:20:50] Bob: Okay, well that doesn’t sound good.
[00:21:29] Bob: Yeah, of course, everybody’s busy, yeah.
[00:22:22] Jody: Absolutely.
Or for flying a particular airline or staying at a particular hotel chain.
So things have calmed down fortunately.
We have all our credit card points back.
[00:23:04] Jody: We are very fortunate.
[00:23:52] Bob: Yeah, that, that makes sense.
It, it can feel like a victimless crime to them.
Or, as you’ve suggested, other people might not know this.
[00:23:59] Jody: Right.
May not even notice that they had the points and doesn’t even get reported.
It’s just very time-consuming and exhausting.
[00:25:03] Jody: No.
[00:25:18] Bob: So what does Jody want listeners to take away from her story?
And to double-check that’s an email that you are checking on a regular basis.
So we feel more comfortable using that email than an email we could have requested off the internet.
[00:26:59] Jody: Exactly, we’re using email that has additional cybersecurity.
[00:27:04] Bob: And this story has a very happy ending.
Since Jody got all her points back…
[00:27:10] Bob: So where’s your next vacation?
[00:27:13] Jody: So we are going to St. Kitts in two weeks.
[00:27:17] Bob: Oh my God, that’s great.
And you are going on points, I presume?
[00:27:20] Jody: And we’re going on points.
[00:27:32] Bob: Wow.
Okay, well so I always attempt to look for a happy ending in my stories.
Yours, this is the easiest happy ending I’ve been able to come with.
Some don’t ever have an ending.
So we wanted to talk with an expert about the larger issues that this story brings up.
Here’s Dan Lohrmann, Chief Information Security Officer for a cybersecurity company named Presidio.
He’s spent many years as the Chief Technology Officer for the State of Michigan too.
They can do much more than steal points, Dan warned us.
Other information about email addresses, account information related to upcoming trips.
You know, God forbid they would cancel flights potentially if they were able to get into that account.
[00:29:51] Dan Lohrmann: I would agree.
That’s, and I think that’s, that’s really disturbing to think about.
[00:31:22] Bob: And then you just have this ongoing nightmare.
[00:31:25] Dan Lohrmann: Exactly.
[00:31:48] Dan Lohrmann: Absolutely.
My wife posted something for sale on Facebook Marketplace.
I don’t want to drive to where you live, or I don’t want to do XYZ.
I want to text you something, and I want you to text the number back to me.”
So she didn’t do it, thank God, she came and talked to me.
So very much the same kind of thing that happened in this scenario with points.
And I think that is a, a major vulnerability.
That’s precisely why we make The Perfect Scam.
You don’t know what you don’t know.
I mean and that, and that line plays out so many ways in life.
You really don’t know what you don’t know.
[00:36:37] Dan Lohrmann: It is.
Or, you know, “Tell me your pin or tell me your password on the phone.”
You have no idea who that person is.
Use your own phone numbers that you know and trust and verify that it is a legitimate request.
So he can’t help but bring that experience into his job today.
And, and um, there’s a strategy on both sides.
The defense, of course, is trying to stop the offense.
[00:39:25] Dan Lohrmann: Oh yeah.
You use that kind of for preparation in roleplaying at companies, right?
[00:39:39] Dan Lohrmann: I think it’s a great point.
And I totally agree.
Don’t tell my mom and dad.
But wire me $10,000, you know, whatever it might be.
Ask your parents or ask your children, ask your friends.
What would you do, I mean just even having the conversation’s going to raise awareness.
I, you know, I don’t know.
That’s what it is.
Preparing in advance, who would you should probably contact?
Who would you talk to?
How do you communicate that?
You walk through those scenarios.
[00:41:53] Bob: So, like in sports, practice makes perfect.
But Dan also has some more specific advice for Perfect Scam listeners.
Whenever you’ve got the option to, ensure you utilize that.
A lot of people just use a username and password.
A lot of people reuse the passwords.
Of course, we don’t want to um, encourage that.
We encourage unique passwords, change your passwords, use unique passwords.
But and probably I think equally or even more important is use MFA.
Those simple steps are really, really helpful in securing your online life.
Those simple steps can help a lot.
[00:43:44] Bob: For The Perfect Scam, I’m Bob Sullivan.
Call the AARP Fraud Watch web link Helpline at 877-908-3360.
Their trained fraud specialists can provide you with free support and guidance on what to do next.
That address again is: theperfectscampodcast@aarp.org.
Be sure to find us on Apple Podcasts, Spotify, or wherever you listen to podcasts.
For AARP’s The Perfect Scam, I’m Bob Sullivan.
