The Mel Robbins Podcast - #1 Cybersecurity Expert Reveals: 5 Ways to Protect Yourself Online (Starting Tonight)
Episode Date: February 19, 2026If you’ve ever clicked “Accept All Cookies,” ignored software updates, saved your passwords, or logged into free Wi-Fi, you have to hear this. The little “harmless” things you do online are... exactly what scammers count on. In today’s conversation, Mel sits down with award-winning cybersecurity expert Caitlin Sarian (aka “Cybersecurity Girl”) to give you the short and simple checklist of things that protect your money, your identity, and your privacy online. You don’t need to understand cybersecurity. You just need to stop treating online habits like they’re harmless, because they can leave you open for a scam. This isn’t about being paranoid, it’s about realizing that a few tiny changes can shut down most online threats. This conversation will educate and inform you. In this episode, you’ll learn:-The biggest cybersecurity mistake almost everyone makes (and how to fix it fast)-The #1 Venmo scam happening right now, and exactly what to do if it happens to you-What to do immediately if your phone is lost or stolen-The 5 essential moves that protect you from most online threats-The fastest way to spot scam links, fake emails, and panic-based phone calls-How to protect your parents, your kids, and your entire family from getting scammed-Simple settings to check tonight: camera, microphone, location, and account accessBookmark this episode and share it with your partner, your parents, and your friends.This is the kind of information that can prevent a mistake you can’t undo.For more resources related to today’s episode, click here for the podcast episode page. If you liked the episode, check out this one next: The 7‑Day Habit Reset: Start Today, Feel Different By Next WeekConnect with Mel: Order Mel’s new product, Pure Genius ProteinGet Mel’s newsletter, packed with tools, coaching, and inspiration.Get Mel’s #1 bestselling book, The Let Them TheoryWatch the episodes on YouTubeFollow Mel on Instagram The Mel Robbins Podcast InstagramMel's TikTok Subscribe to SiriusXM Podcasts+ to listen to new episodes ad-freeDisclaimer Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
Hey, it's your friend Mel, and welcome to the Mel Robbins podcast.
Here's something I did that I'm not proud of, but I'm going to tell you anyway.
So yesterday I got this pop-up notification that said, update Apple settings, and you already did click, ignore.
Then I got another one from Zoom, and you know what I didn't? Click, ignore. You ever do that?
I mean, why do I need to update all this stuff all the time?
Maybe you're a little bit like me in that way. You kind of accept all the cookies on every website.
You share your locations so Uber Eats can find you no matter when you're ordering.
You grant camera access to apps so that you can use them, duh.
Well, our guest today, a cybersecurity expert told me that all these little things that I'm doing,
and I know you do them too, they are making you and me an easy target for scammers.
In fact, I bet you lock your door at night.
But here you and I are leaving the door wide open for hackers to just walk
right into our accounts. Now, before I even get into this, I need to tell you something. I didn't think
I needed to care about cybersecurity. I thought cybersecurity was something for like tech people or banks
or corporations or governments. I didn't think it had anything to do with me and you. Then I met
Caitlin Sarian, also known as Cybersecurity Girl, to the millions of people that follow her online.
And she told me that all these little things that you and I do, you know what we're doing? We are giving
the keys to our accounts, to hackers, they can get in less than 30 seconds. And I thought,
oh my gosh, this isn't just a tech person's problem. This is everyone's problem.
Caitlin has worked in cybersecurity consulting for over a decade. She's an award-winning
cybersecurity expert. At EY, for example, she performed global cybersecurity awareness assessments
across 20 key cyber sectors. At TikTok, she was the global lead of cyber security.
cybersecurity advocacy. And now, well, now Caitlin travels all over the world. She works with publicly
traded companies consulting on compliance related to data, our data, and privacy laws. She's here to give
you and me the step by step simple things that we need to do, that you need to do with your kids,
that you need to do with your grandparents and your aging parents. She's going to tell you the number
one scam right now on Venmo. And if you don't hear about this, you're going to fall for it.
She's also going to tell you the five simple things that you can do as soon as you're done listening or watching this that will protect you from 95% of the threats online.
Caitlin says everyone.
That means you.
That means me.
It's an easy target to be scammed online because we were never taught how to properly protect ourselves until today.
Hey, it's your friend Mel and welcome to the Mel Robbins podcast.
It is such an honor to be together.
and to spend this time with you, I am so glad you're here. And if you're a new listener,
or you're here because someone shared this with you, I just wanted to take a moment and
personally welcome you to the Mel Robbins podcast family. Today, you and I are going to learn
to protect yourself online from award-winning cybersecurity expert Caitlin Sarian.
Now, Caitlin has been working in cybersecurity for a decade. At EY, she performed global cybersecurity
awareness assessment across 20 key cyber sectors. She then went on to TikTok where she was the
global lead of cybersecurity advocacy. And now she travels the world, working with publicly traded
companies, helping them with cybersecurity and compliance with privacy laws and data. And for the
last three years, Caitlin has been on a mission to make cybersecurity easy, not just to the big
companies she's consulting with, but to real people like you and me, she has been recognized with
multiple awards, including Cybersecurity Woman of the World, Cybersecurity Educator of the Year,
top cyber news magazine 40 under 40 in 2024. You're going to love her. She's brilliant, down to earth,
and she's going to teach you and me the simple fast changes that will protect you, your money,
and your privacy. Please help me welcome Caitlin Sarian to the Mel Robbins podcast. Thank you,
much for having me. I'm honored to be here. This is one of these conversations that I am equal
parts so excited for, and I'm also feeling a little nervous because I know I'm going to learn
that I'm doing a lot of things wrong. So do you get that a lot with people? Yeah, but the thing is,
you're not supposed to know all this. Like, we were never taught this. So you shouldn't feel,
like, embarrassed or ashamed by it. Okay. We're going to, like, empower you with the right things to do.
Okay. I love that. And here's where I want to start.
What could change about my life?
If I take everything to heart that you are about to teach us about cybersecurity,
protecting ourselves, making smart decisions, especially online,
what could change about my life if I apply everything you're about to teach us?
Yeah.
So cyber scams are massive right now.
And actually, that economy is the third largest economy in the world.
That's how much money they're making from these cyber scams.
Wait a minute.
The third largest.
U.S., China, cybersecurity.
security scams. What? Yeah. It's more than, I think, Germany and Japan's economy combined. So
it's not a matter of if it happens to people, it's a matter of when. And no one's talking about it.
And a lot of times when people are getting scammed, they're ashamed of it. So the point of this
podcast is to empower you and give you cybersecurity routines that you can do, simple, easy,
actionable tips that you can take back and start incorporating into your life so you feel safer
and more protected online. Wow. Well, you've made cybersecurity.
relatable for millions of people who follow you online, who watch your content in the ways that you
consult. What is it the wake-up call that you want people to have in terms of what we're
going to talk about today? Yeah. So if you're listening to this on a phone, an iPad or a computer,
like this is for you. Because what people don't realize is they don't think they need cyber. But
anytime you go online, you need to understand like these cyber tips and like really protect yourself.
because no one has taught us how to protect ourselves.
We're given a phone before we can even speak,
and then all of a sudden we're expected to know what to do with it.
But no one's ever taught us the key things of like,
hey, this is what's happening in the background.
Here are some simple things you can do to protect yourself.
So this is why it's so important for everyday people
to be listening to this and to learn.
And again, it is not supposed to be scary.
This is not scary.
This is for everyone.
And it's just simple things that you can start incorporating and weaving into your life.
So it's sort of like when you learn to drive a car,
they teach you to put the seatbelt on. They teach you to look right or left. They teach you where the
brake is. And so you're going to teach us how to put the seatbelt on and be a little safer with our
cyber life. Exactly. Brush your teeth and wash your face. I mean, those hygiene tips were always like
really hard to learn when you're a kid, right? You think it takes extra time. Like, oh, I want to just go
to bed. Like, do I really have to? And those extra, you know, one or two minutes really saves you in the future.
So it's literally the exact same thing as cyber. Ultimately, cybersecurity is a risk-based decision. I'm going to
give you why they're collecting this data and what they do with it and how it can be used against
you. And you can decide, hey, I don't think that's really a risk for me and my family. Or you can say,
hey, that is a risk. I'm going to start trying to implement, you know, X, Y, Z. Well, what worries me is
that we're at a point where the technology and AI in particular, it just feels like the scams are
getting worse and worse and worse. You just said it's the third largest economy. Right. And so while
these may have been things in the past that we felt like, eh, not that big of a deal,
I'm starting to feel like maybe it's becoming a bigger deal.
Yeah, it is becoming a bigger deal.
Let's start with the basics.
Yes.
What exactly is cybersecurity?
To me, cybersecurity is protecting your digital footprint.
And your digital footprint is pretty much every single thing you do online.
So give me an example of what is part of your digital footprint that might surprise you
that, oh, that's part of my digital footprint.
Yeah.
Any of the apps that you use, the games that you play on your phone, the websites you're
you go to the accounts that you make online, like every single thing that you're doing
builds a larger and larger digital footprint.
Everything.
Everything.
So it's all being recorded in some way, shape, or form.
All of it?
Yeah.
Even when I think it's not.
Yeah.
And then the incognito is actually not incognito.
That is incognito for your browser.
So people are like, oh, if I go on, you know, private mode that's going to help protect,
no, that is private mode for you.
So you go in incognito mode when you might want to buy your husband a gift, and your
husband will go on your computer that you won't see that you went on that website.
But that website is still able to see that you went on that website.
Okay, so hold on a second.
See, already I'm like, wait a minute.
We'll get into this.
We'll get into this.
So you were talking about incognito mode,
where you're like, okay, I think I'm going to be sneaky.
Yeah.
And I'm going to put onto my browser, whatever browser you use,
the incognito mode where I think if I go to a website,
the website doesn't know that it's Mel Robbins there.
But that's not what's happening.
No.
What's happening?
What's happening is that your computer is not saving the cookies and tags
and pixels that are are automatically loaded.
So cookies tagged in pixels,
you accept cookies pretty much every time you go on that.
I do.
It's really annoying.
And then I want,
well, we're going to get into this.
Okay.
But yeah, so it actually just doesn't do it on your own computer,
but they can technically still see who on the other side who's on.
Whoa.
Yeah.
Okay.
But don't worry.
I'm feeling like I've made a lot of mistakes.
Okay.
There's no such thing as mistakes.
There's lessons learned.
Okay.
And you have so many specific lessons and specific things that you want us to do
starting now. And so I want to start with some quick fire questions. And so as an expert in
cybersecurity, you never hand out your real birthday or name or phone number online. Why?
Correct. Before we even get into that, I want to say one thing, because I think we're going to
go to this list and people are going to be like, oh my gosh, I do all these things. At the end of this
podcast, I'm going to give you the five things that are like absolutely essential. Okay.
These ones are like a little bit more for like people that want more privacy like myself.
So I don't want people to get worried, like, you know, a couple questions in like, oh my gosh, I do this all the time.
I'm going to explain why.
And I'm also going to go through the pros and cons, right?
So back to your question with like why I don't give like my real identity out online.
My question back to you is why do they need it?
So they can ship me all the stuff I'm buying that I don't need?
But why do they need your name?
Why do they need your phone number?
How does they ever call you?
No.
But it's required.
If you have a Google voice number, Google allows you to generate a number that gets forwarded to your real number.
Okay.
So I kind of usually give that if I absolutely need to give a phone number.
I don't ever give like my real information.
Okay.
And that's because there's constantly profiles being made about you.
And the more information you have online, the more it's sold to more and more people.
My manager, for example, got a letter, like a handwritten letter in her mail with a picture of her house saying,
we're in, we know exactly where you live, we've been tracking and monitoring you.
What?
We'll take it. Don't worry, we'll be nice. We'll take it out if you pay us this much money in
crypto. That's because her address was online. These scams are getting more and more intense.
And so if I don't have to give like my real information, especially to like places that aren't
shipping to you, right, if you're just like signing up for an account, like why, why have we thought
we need to be so truthful about who we are online? So I always tell people make up and like all
alternate persona. Different name, different date of birth, you know, technically not a different
address unless it's a, you know, shipping to you like Amazon, you obviously have to give your right
address. But like, if it's for a movie theater, why do they need to know your address?
It's so true. I hadn't even thought about this. And I guess it's because I have such a hard time
keeping track of the actual information. But if you have a alias, so you have a name that you use
whenever you sign up for a newsletter.
You have a phone number,
and you just mentioned that you could get
a free Google phone number.
It can be forwarded your phone or not.
And that's the one that you use.
You have a different email address
that is only for sign-ups,
and now you are limiting
the information that's out there,
and it didn't even occur to me
that you could ship packages
to your address to a different name.
Yeah, it's your house.
It doesn't matter who's addressed to it.
Wow. Okay. You never create online accounts that you don't need. Why?
Well, again, more information out there. Like, again, every single website wants you to create an account because that's the marketing world that we live in, right? It's way better for them. And we don't need to create an account. It's like, again, movie, everything, movie theaters, reservations. We went to a spa here and, like, please create an account. I was like, I told my boyfriend, give me your phone. I'm going to create an account. And it's like, again, a random email.
There are also sites out there where you can generate real working phone numbers and emails,
and it will just all go to the one app versus, like, you know, going actually into your inbox.
Well, I'll tell you, I've changed my cell phone number probably three times in the last four years because it's ended up online.
Yeah.
And I have changed my email.
I don't know how many times.
And because of that reason that people find it, I end up on email list.
It's just unbelievable.
You know, as a cybersecurity expert, you also never post vacation photos.
while you're still away. Why? Yeah. So besides like the actual physical threat, right, like everyone's
like, oh, you know, people know that you're away from your house or going to, you know,
burglarize, which is still accurate. Scammers now are getting even more specific on what they can do.
So there's a lot of, it's called open source intelligence. It's anything you do online is really
easy to find if you're, if you're public, right? And so for open source intelligence, if they see
you and they say, oh, you're at a Marriott Hotel in the Bahamas, okay, I'm going to call the Marriott
hotel, pretend I'm you, and try to get more information, maybe get your credit card, do whatever,
just cause like a mess. So there's a lot of social engineering from that perspective. And also
scammers have gotten really, really smart with timing when they do scam calls. So say, for example,
someone wanted to call my parents and say they're me, right? This scares the hell out of me.
Yeah. And they wait until I'm on a flight. So if my parents get a call from me, they can't actually
get a hold of me because my phone is off. And that's actually like a real life thing. I've talked to
many people in the cyber industry saying that that has, like, ramped up. So there's a lot of
weird risks that you don't realize that come with it. So whenever I go anywhere, I post after,
at least a week after, and I don't actually post the exact location. I'm not going to post the exact
hotel. I'm not going to post the flight I was on. But I am going to post like, hey, I went to the
Bahamas, wherever that may be. Usually just tag the city. I don't have to tag exactly where I
stayed. I don't have to tag exactly where I went. And it's fine. You're still there. I mean,
what's the difference? The people that know that you're in the Bahamas at time know that you're there.
And the other people that don't need to know, find out a week later or two weeks later.
I mean, it makes perfect sense. As a cybersecurity expert, you also warn people about free Wi-Fi. Why?
Yes. So the free Wi-Fi is not free. I always say if there's any free product or app, you are the product.
Okay, say that again? If there's any free product or app, you are the product. They are using your data and
selling it in some way, shape, or form, or selling you ads.
Like, you are literally the product of anything that's free.
Okay.
So that's one thing.
Free Wi-Fi, especially, there's different types of free Wi-Fi, right?
There's, like, free Wi-Fi in, you know, airports where, you know, you connect to the free Starbucks
Wi-Fi or there's free Wi-Fi in airplanes.
So we're going to go through a few different ones.
Okay, please, because now I'm thinking about, okay, what's happening here?
So I want to just let you kind of visualize how Wi-Fi works, right?
Okay.
You're connected.
and let's say you go on Facebook
and you send a message to your friend.
That message is literally like flying through cyberspace.
Just imagine your own little tunnel.
It's flying through the tunnel to your friend, right?
The issue is when you're on open free Wi-Fi,
it's usually unencrypted,
which means that anyone can go in and out of that tunnel
and see what you're doing if they want to,
if they know how to.
Okay.
So hold on.
Let me just make sure I'm tracking.
Yeah, yeah.
So if you're sitting at a airport
and you've logged on to the free Wi-Fi,
Right. Okay. And I'm texting my husband who's back at her house and I'm texting him something related to a bill that came in and banking information and, hey, I forgot my credit card. Could you send me a photo of the back of the card kind of thing? You're saying that since it's not encrypted, it's just floating through the Wi-Fi. If there's somebody that's really smart and knows how to get into those pipes, they can see the stuff.
Yes.
What?
So every time you do any data, like you do anything online.
Well, the good thing is, you're not an idiot.
You're not an idiot.
The good thing is most of the U.S. websites now are secure.
How do you know?
If you go to the website, the URL, the www.
whatever.
Yes.
It says HTTS.
Yes.
The S stands for secure.
Oh, hold on.
So if it's only HTP?
Not secure.
What?
The S means it's secure?
S means it's secure.
Why do I not know this?
A lot of people don't know this. It's like a normal thing. Like people don't know this. No one's what is this.
You're here, Caitlin. Thank God you're here. Okay. So H-T-T-P-S. I'm looking for the S. Did you get that? Look for the S. If you're watching this on YouTube right now, I want you to look up at the U.R.R. And see if there's an S.
Yeah. So if there's an S and most, I would say a majority of in the U.S. It's pretty secure. Like almost every single website is H-T-TPS.
But it gets a little fishy is when you go overseas and you start connecting to random Wi-Fi.
Because, you know, when we're overseas, we just don't want to use our data. It's expensive and people want to connect to Wi-Fi. And that's where I feel like a lot of people get in a pickle.
So what do you do instead? What do you do, like, what would be the thing that you should do if you're in a situation where you're on Wi-Fi?
Yeah. And it's not encrypted, but you need to send something.
So first, I would, if you really, if you need to be on Wi-Fi, I would just, like, connect to public Wi-Fi. But I would,
wouldn't do anything like that secure. Like no banking or like really intense stuff. Like scrolling
Facebook, TikTok, whatever, social media, fine. Getting a map down so you can figure out where you're
going. Totally fine. Music, whatever. But if you're starting to do banking, that's where it gets fishy.
So what I would do before connecting to public Wi-Fi, I would probably try to tether my phone
instead and use my phone data. Okay. That's way more secure, completely different. If you have to
use Wi-Fi, I would get a VPN, which is a virtual private network, literally as it sounds, it makes your
network private. It gives you your own little freeway separate from the public Wi-Fi. So is a VPN
the same thing as when you go to your cell phone provider and you get a little like block that's like
a mobile network? No, that's a hotspot. Okay. See, I don't know what I'm talking about. So hotspot does provide
Wi-Fi and you can use that too. But it's not necessarily secure? I don't know if there's a, I don't think
there's a VPN built in, no. Okay. No. All right. So let me ask you this, though, because we were
talking about airplanes. Yeah, yeah. What about on an airplane? Should I not be using Wi-Fi?
Well, what's happening? I want everyone to realize anytime you log into anyone's Wi-Fi,
you are on their network. It's like on borrowed time, right? Like, you are doing things on their network.
So whether you're doing things on the free Starbucks Wi-Fi or the airplane Wi-Fi,
you are still on, like, say, for example, if you fly American, you are on American's Wi-Fi,
and they could technically have your data, unless you do a VPN. Okay. Which is why a lot of, like,
companies when you travel, they're like, you have to use it RVPN in order to make sure that it's
safe. But when you're on your question that I have about plane Wi-Fi, and I don't know why
I'm asking this about planes, but for some reason I feel like you're in a seat, the laptops
open, is there some, you know- Do you have a privacy screen? No. Okay, no, we'll go through it.
Okay, well, so, so, you know, you're like, is there a hacker sitting near me somewhere that's,
no, okay, that's not happening. No, no, good. Thank you.
Thank you. You're good. The point of this is not to ever scare you. It's just to teach you what people can do. Is it going to happen like that frequently? This stuff, not often. Wow. Yeah. One other thing as a cybersecurity expert that you never do is you never save your logins in your notes or in your browser. Why? Well, so for iPhone specifically in your notes, it gets updated to ICloud, right? And if your ICloud gets hacked, which a lot of people have like hacked accounts, especially I
Clouds if you're reusing your password, that means they have your passwords to every single thing.
However, if you have a password for your notes, like there's a new way now you can lock down
your notes on your actual phone. Oh. You can, yeah, you can set a password or you can use your
face ID and it will double lock it. So I would definitely do that. Okay, I'm making a note right now
that I just put a password on my notes. Again, see these little things like once you turn that on,
you don't have to worry about it, right? Like it's like little things where you're like, okay,
I don't want people to have access to it, but I also want it easily accessible.
I personally use a password manager.
Like what's a password manager?
So there's like software is that like help you create and store like.
I mean like last pass?
Yeah.
Yeah.
Last pass, one password, keeper security.
And then even iPhone has a password manager on the new phone.
Oh.
Yeah, for free.
But that one's safe.
That one is safe.
As a cyber professional, I try to not have all my eggs in one basket.
And since I use iPhone all the time, I'm like, well,
they get into my iPhone somehow, I don't want them to also my passwords, but it's still secure.
I'd rather have you do that.
So is the password safe on your iPhone unlocked by your iPhone password?
No. I think you can set a separate account.
Okay, so that's how you would protect yourself. Yeah. Okay, got it.
I think it's a biometric thing on your phone. And unless they, like, obviously, if they steal
your phone or they get into you, they aren't going to have your biometrics. Why not use your
browser? Well, tell me about the danger of this, because I'm so lazy. And you're probably going to
kill me because I've literally not only, I feel like I'm about to get cyber attacked because I'm
confessing all this stuff right now. This is what most people, what most people do.
Well, well, I'm even thinking about the fact that every time I buy something, they're like,
you want to save your credit? I'm like, yep, because I want to make it easy for people to steal for me.
Like I, I'm thinking now about how this is all saved. Yeah. So the only issue with browsers is
there's two things. One is, it depends on your browser, right? If you have Google and you use Google
Chrome and you're saving it on your browser. And if anyone is able to access your Google Chrome
on another computer because you reuse your password, they might be able to get your password from
that. Okay. But most of the time browsers is actually stored locally. So the only time there
could be a real issue is if they actually physically steal your computer, which is not necessarily
likely. Okay. So the browsers aren't as bad, in my opinion, as like an unlocked note app.
As a cybersecurity expert, you say never use your mom's maiden name for security questions.
Yeah.
Why?
You'd be so surprised at how much data is out there on us.
It is very easy now to find your like parents' full name and parents' address, your kids, your, like, you can see.
And if you Google me or if you used to Google me, you'd be able to see like my brother,
or my sister, my grandparents, where each of them lived, even IP addresses.
So it's all public knowledge.
Again, Oson is open source intelligence.
And a lot of times people are like, oh, I'm going to get hacked.
And it's not a complicated hacker.
It's literally someone that's like doing their research on you and finding out the answers
to your security questions.
So think about all the security questions, right?
Like your high school, that can easily be found out.
Like your mother's maiden name also easily found out.
And it just, the more information that you put out there online, the more information
you're giving these people that it's easy for them to hack.
And I want to give you a little story.
So there is a company that I have been like,
like partnering with, and they really specialize in OSIN, which is open source intelligence. And
they have been able to generate emails and try to find like basically everything about you within
20 seconds using AI. They like scrape all of anything open, which is if you've ever created a
wedding registry, all of your social media posts, anything that you've ever said online. And
they've been able to piece together who people are in like 30 seconds from that. They even found
the name of someone's dog because on their wedding registry they had a dog bow and it said like
for archie and it was like their dog's name is archie. A.I is so crazy and it's so easy to be able
to pull information out from anything that's open. So again, Facebook posts, social media posts,
TikTok, blogs, news articles, wedding registers, anything that you've ever like sent to someone
that's about you that they can read that's not like locked down can all be scanned.
in a matter of seconds. And so I don't need to give my mom's maiden name as a security question
because it's pretty easily accessible at this point. What, like, do you just pick a different
one? That's a little bit more. Super persona. Okay. Like, again, my persona has like the same,
it, I create a persona and I have like the same four or five security questions and I have like
a whole like monologue in my head about like who this person is. I need to do this. And it's not,
it seems a little difficult, but it's actually like, it gets fun. It's like a fun game you can play.
I can be a completely different person online.
So you as a cyber security expert,
you always do the automatic software updates.
Why?
Yes, without a doubt.
The way that software updates work is usually the software has a hole in it,
like a flaw, a vulnerability.
Okay.
That hackers have been able to find.
And the reason why a lot of software updates happen
is to patch that hole.
Say like, hey, we just found out
that someone got in doing this.
So we're going to patch that.
And so they can't do that anymore.
Really?
I thought that they were updates
because the software's getting better.
It could be both.
But you can now find out
what the software updates about.
So I just...
When they say fix bugs,
they mean holes that hackers kind of.
That's exactly what it is.
I'll be damn.
And most of them, I don't know.
I don't have the statistic,
but I honestly think that like 90%
of software updates are to fix
some type of bug or vulnerability
because hackers are getting so much better
and like you're only as strong
as your weakest link.
There are always so many holes
when you're building softwares.
And so it's better to...
I mean, what's the harm in having an auto update?
Again, another thing takes two seconds.
every time you download an app, just have it on auto update.
Not a big deal.
Once you have that on, then you're good to go.
I'm the weakest link.
That's what I'm realizing.
Everyone is the weakest link.
People are the problem, but they're also the solution.
Okay.
And I know we're going to get to the solution.
As you're listening, if you're not panicking as much as I am,
don't worry, I'm panicking for both of us because I've made every single mistake.
It's true.
And we're all alive right now.
So it's good.
And now we learn from it.
That's true.
And I consider myself to be somebody who is pretty savvy around tech, but I am not savvy around cybersecurity is what I'm understanding.
Here's one that I found fascinating.
As a cybersecurity expert, you never plug your phone into a random charger.
Yes.
So there's a thing called juice jacking.
So if you have like, you know, the USB plugs at the hotel where you can plug it in to charge your phone.
Yeah, of course.
And every time you say trust this device, right?
Because you're like, I need it to charge my phone.
Yes.
When you trust it, it can do multiple things.
It's not just charging.
You can, like, send and receive things from that port.
And so a lot of times in cyber warfare and cyber espionage,
like spies would literally manipulate that in certain areas
to get information out of your phone and plug.
So as a spy, they never plugged that in.
And it's, to be fair, two-second fix.
You don't have to plug it in the USB.
Just plug it into a wall.
I can't happen in a wall.
But the USB, there's a way to actually, like, manipulate it
where you can download and receive files from and off phones
or even install, like, bugs onto your phone so they can start seeing.
Is it likely going to happen to people?
No, but as a cyber professional, it's not that hard for me to plug it into a wall versus
plug it into a USB.
You also refuse to think, oh, hackers aren't interested in me.
That is like everyone's going to be the biggest downfall because it doesn't matter who you are.
They just want money.
Like, if you are an easy target, you're an easy target.
And everyone is going to be an easy target because we were never taught how to protect ourselves.
So we're reusing the same passwords and they're going to be very easy passwords.
And it's not that hard for hackers to like find one account and then get into another.
It's very easy.
And so again, if you're an easy target, they're going to go after you because they want money.
My jaw is already on the floor.
And I certainly didn't know a lot of what you've already shared, Caitlin.
And there's so much more that we're going to get into.
And as you're listening and watching us, I'm guessing you probably didn't know a lot of this either.
Do me a favor.
Do not keep this information to yourself.
Please share this episode.
with the people you love who you also want to protect.
I'm talking your partner, your parents, your kids, your coworkers.
This conversation might be just the thing that protects them from making a mistake they can't undo.
And don't go anywhere.
After a short break and a few words from our amazing sponsors,
Caitlin has so much more to teach you about how to protect yourself online.
And I promise you, you do not want to miss the number one scam on Venmo.
because you and I will fall for this if you don't know about it. So stay with me.
Welcome back at your buddy Mel Robbins. You and I are learning how to protect yourself online,
how to stay safe from award-winning cybersecurity expert, Caitlin Sarian. So Caitlin, what's the number one
way that people are getting hacked right now? There's two ways, right? There's reusing passwords,
so they're getting into their accounts that way, because what people don't realize is they have a lot,
a strong base password, I like to call it.
So, for example, let's just say your base password is let them.
It's not, by the way.
It's not.
It's not.
It's not.
I'm not that, though.
So you say it's let them and or let them theory.
And then your next password, you're like, oh, I have to update this password again.
Let them one.
Let them one, two, three.
Let them one exclamation point.
A lot of people use that same base password and they've had that same base password for
God knows how many years.
And what hackers can do is in seconds, they can run a,
algorithm that runs 10,000 variations of that base password that was leaked and in the public.
Oh, my God.
And get into your accounts.
And then once they're in your accounts, they'll use it to scam other people or use it to scam you.
And so there's a lot of issues with reuse passwords.
The main other issue that I see is like actual scams, like call scams or fishing
scams on emails.
So we're going to go through a lot of them.
But one of the call scams that I've heard a lot is the FBI or like some police agency
e-calling. And again, it's not them, but it's really, really obvious. They know a lot of information
about you because, again, your information is out there for the public. It's, you can buy your
information for pennies. Like, you can probably buy social security numbers for like $2. So it's not
that difficult to find. And people get calls and they're mortified. And the way that these calls work,
scammers literally know exactly like the psychology behind getting you to react. What is the
scam? They call and they say, oh my gosh, you missed either.
like a court hearing or you got a ticket, you never paid, or you missed jury duty. Oh. You have to pay us
or we're going to come and arrest you. What? Yeah, it's a whole thing. And they know exactly where you live.
They're like, we know that your, you know, parents' address is here. You're here. You've lived at this
address for how many years, like, they go through the whole thing. And people are mortified.
They're going to get arrested. And they're like, we need you to go send crypto. First of all,
if anyone needs you to send crypto, let's just be red flag. But again, you're in the situation.
No, if somebody's asking you to send or wire crypto, it's a scam.
It's a scam.
But when you're in the situation, it really feels real.
Like, they're calling your personal phone.
They know exactly who you are.
They know who you're, like, married to.
They know everything.
And so these scammers are so, so good at just getting you to react.
And so a lot of it is, like, phone calls or even, like, just regular fishing scams that we've seen,
but they've gotten so much more in hands.
Wow.
How do you know if you've been hacked?
So this is, I mean, it just depends on like what, like, if you're talking about your phone or your computer.
Let's go through each one.
How do you know if your phone's been hacked?
How do you know if your bank account's been hacked?
How do you know, like, how do you know if your Amazon account's been hacked?
So a lot of times with pretty much any account, you can see who's logged in.
Like if you go on WhatsApp, you can see like the last session that it was on.
Oh, really?
And where it's, yeah, even on your phone right now.
If you pull out your phone, you can see who's logged into your iPhone and where they're located.
Okay.
I got to go do that.
It's not, yeah, it's not that hard to do, but I always kind of look every couple, like, months,
I'm like, who has been logged in on my account or, like, on my WhatsApp or on my iPhone or on my
Gmail?
You can see, like, you can go to your Gmail account history.
You can go to, like, my activity, and you can see all of the logged in sessions and where
they're located.
And you can do that with Instagram and you can do that with social media.
For me, that's the easiest way to tell if someone's in there because there's, like,
a history of who is there and where they're logged in from.
And what about like banking?
Like I've heard like if you get a weird like hit on your account for like a dollar or two dollars,
that's somebody now penetrating a charge before they're going to hit you big.
It's harder to do banking because there's so many banking frauds out there.
Like I don't want to tell you to do one thing when like, you know, they do another thing.
So for example, I don't want to say, hey, you're never going to get a text from the bank because a lot of people get text messages.
So if you're getting a weird message that you didn't anticipate, every single time I've ever,
gotten that, which hasn't happened a lot. It's happened once. I immediately call my bank. I like,
go to my bank card, look at the back on the phone number and get the phone number for my bank.
And I call them immediately and say, hey, I don't know what's going on. I just want to make sure.
Because even the fake text messages, right? Right. That you think they look real into something.
Look real. They look real. So anytime, first of all, this is a separate thing. I never answer phone calls
from people I don't know. And my voicemail does not have my name. It does not have a greeting.
because if people are calling me, they know it's me.
Hackers use that same thing and they say, one,
okay, we're confirming that that's her number now.
And two, they're getting your voice to potentially use for voice scams
or getting your voice to potentially use to authenticate you into banks.
So they can record your greeting saying yes or no, right?
A lot of times if you answer the phone and you're like,
they say, hey, is this Kailen and I say yes,
that yes can be used to authenticate into a banking phone.
So these sounds scary again, but if you don't answer the phone,
for people that you don't know. And if you don't, like, have a voicemail, you're avoiding it.
It's so true. You know, there's so many of us, I'll speak for myself, and I'm sure as you're
listening or you're watching this on YouTube right now, that you're doing nothing to protect
yourself online. Like you think you are. Right. But as I'm listening to this, I'm just thinking of
the huge digital footprint of all the information and the fact that they can then probably
spider it to my son's information and my daughter's information and my husband's information and my
parents' information and just like one giant family tree. It's now one giant digital footprint.
What do you say to someone like me and the person who's listening right now who feels so
overwhelmed by the idea of needing to protect themselves online?
I would just say, like, again, if you start implementing these simple routines,
you'll feel so much more empowered.
Okay.
In the future.
Like, it seems very difficult, but like I said, okay.
So don't answer the phone and don't have a voicemail.
That solves your problem right there.
Done.
Check that.
Do that for the one thing for the week.
And then you're moved.
Next week, you can do something else.
But it's just simple little things that you now know that you're empowered with, like,
that information to go out and do it for yourself.
Or if you want to keep your voicemail, that's totally fine.
Is it likely that, like, a hacker is really going to use your name?
I don't know.
But I'm just trying to tell you.
what it is and tell you how you can protect yourself. I hear a lot about voice cloning scams.
And as a family, we have a password, which I am not going to say what it is, for the inevitable
moment when there is a voice cloning scam that happens so that you can say, what's the password?
Yeah. If you feel like something's weird and we have this weird random word, that's how you know.
if it's family member who's talking about. Right. So we call it a safe word because you can call a
password too. A safe word. I like a safe word better. So we call it a safe word. So what happens is
these scammers are getting so elaborate and they're literally using our voice from public
podcast episodes, TV shows, whatever. Or your social media account. Yeah, social media. It's not that
hard to stitch together a few words and try to scam your loved ones and they pretend to be you and say,
oh my gosh, I'm stranded on the side of a road. Can you please Venmo me a certain amount of money?
I just need it to like, I left my wallet.
Can you just send it to me?
And the only way they can tell, like your family member can tell it's you is if you use that
safe word, right?
So let's just say your safe word is green bananas.
If my mom gets on a phone with someone that says that they're me, she's going to be like,
okay, if this is really Caitlin, can you please tell me your family safe word?
And if I say green banana, she knows it's like this is a big threat.
Yes.
And so I would rather, it's, again, two seconds.
The only way you can really tell with these is to have a family safe word.
or you doesn't have to just be family,
but like a loved one safe word.
Wow.
Yeah.
I know so many people are following for Venmo scams.
Yes.
And can you explain what they are,
why these are so dangerous
and how you can protect yourself?
Yes.
So what happens is that scammers
literally send you money.
Send you money?
Yeah, send you money on Venmo,
but they're from stolen cards.
So they send you money and they say,
oh my gosh, I'm so sorry.
I send it to the wrong person. Can you please send the money back? And you're like, okay, well, I mean, that sounds reasonable. Right. Exactly. So all of a sudden you get a Venmo transfer from somebody. Yeah, $200. Oh, wow. Okay. And they're like, whoa, who's this? I don't know this person. Then all of a sudden you get a message like, oh, my God. I send it to the wrong person. Can you please, please, please send it back? Oh, my God. Yeah. This is a scam. This is a scam. This is a scam. And it's working. And so what happens. So then people send it back because they feel bad. And then what happens is because it's a stolen card, those charges get reversed.
But you don't get reversed because you willingly sent them the money.
So you're stuck paying these scammers, the $200 because the stolen credit card gets reversed.
So you actually didn't get the money.
Wow.
Yeah.
So they're advancing you money from a card that's about to get declined.
Yeah.
And now you're out the $200.
That's incredible.
Yeah.
Wow.
I'm sorry.
I'm just sitting here like, holy cow.
Is Zell more secure than Venmo since it's embedded in a lot of banks?
I try to avoid Venmo and Zell at all costs unless I have to.
And then I always try to use a credit card wherever possible.
Credit card over debit card.
Because debit card's hard, it's the same as like Venmo, right?
It's like money and money out.
Credit card, they can actually, they're better about reversing charges.
Okay.
Now I have a question.
Yeah.
So you know how you hear on the news all the time?
Oh, there was a huge cyber breach at this start.
store, that store, the other store, this one, and all this customer data.
I hear that, I think, oh, I shopped there, and then I do nothing.
Yeah.
What should I do if I hear that there's been a big data breach, credit card information at a massive retailer?
It seems to be happening every other day now.
Yeah.
What do you do as a customer?
The first thing I would do is update your password immediately.
And if it's a really key account, I would turn on multi-factor authentication, which means that you are signing in not just with a password, but like a code that's sent to your phone.
or your email or your authenticator app.
I'd prefer authenticator app, but we'll get back to that.
Okay.
Then if it's like an experience or type of like, you know, any type of financial bank situation,
they're going to be sending you something in the mail to teach you what to do.
And they also offer free credit monitoring for you.
Sign up for that.
It's free.
Why not?
The main thing I tell people frees your credit because the issue with those like breaches is identity theft.
That's what most people are concerned about is, oh my gosh,
I'm going to have identity theft if my social security number and my name and all my
information's out there.
But they can't commit identity theft if they can't open any accounts in your name.
And they won't be able to open accounts in your name if you freeze your credit.
So hold on a second.
Yeah.
So if you don't need to take out a loan and if you don't need to open a new credit card,
then you don't need open credit.
You can freeze it?
Yeah.
And it's very easy.
It takes like there's three credit card companies don't ding you if you do that?
No, no.
Really?
No.
Oh, I didn't know that was a thing.
There's three credit bureaus.
It takes maybe five to ten minutes for each bureau.
Call them or email them.
You can freeze your credit, and then you just open it when you need it.
And I tell people to do that with their grandparents or parents all the time.
That's a great idea.
Because you'll never know if someone is, you know, using your parents' information to create accounts until it's too late.
Let's talk about seniors because there's so many listeners that have elderly parents or concerned about their grandparents.
and we recently had a very scary issue with scamming related to my mother-in-law,
and they almost got in.
Almost.
Yeah.
And she would have been, all of it gone, all of her savings gone, all of her retirement gone, everything.
How can the person listening help protect their parents from online scams?
Yeah.
So I would first start with freezing their credit.
And I would also start, again, a similar communicating, right?
Like, there are these scams out there.
Like, I go to my grandma and I say, grandma, these are the most recent scams, right?
Like, someone's calling and pretending they're the police.
They're going to try to call you.
Someone's calling and pretending to be X, Y, Z.
If they ever ask you to send money, immediately hang up.
And even if you think, oh, this could be true, I want you to hang up and call this fraud
helpline number.
So there's actually a fraud helpline number that can walk you through.
You could technically have two phones if you want to.
And you can be on the phone with the fraud helpline number.
it can walk you through what you need to do.
But I think we should go to their house and sit on their laptop and their computer and do the
settings that you've talked about.
Yeah, multi-factor authentication.
Make sure their passwords are updated, like specifically banks, you know, 401K, all their like
retirement savings, all that.
Like, make sure that is a very strong and unique password.
And then turn on multi-factor authentication.
And if you're a caretaker for maybe have it go to your phone.
Don't have it go to her phone.
because if you're getting a authentication code,
you can call your mom and say,
why are you trying to get into your bank?
Uh-huh.
Great.
I know that there's a person listening or watching right now
who is thinking, I got to protect my kids.
So what are the non-negotiable settings?
Every single parent, every grandparent,
everyone who, if you're listening right now
and you have friends who have kids,
send this episode to them,
what are the non-negotiables that every parent needs to check on their phone and their child's phone tonight?
Yes. So for your child's phone, I would make sure that you're on a child account. Like, Instagram, YouTube, they all have children's accounts, right? So if you're under a certain... I don't know. They do? Yeah. Okay. Okay. You're under a certain age, you can turn on that child's account. You can also block messages. I would immediately block messages. Okay. So block messages. Yeah. If you're on a child's account, it doesn't, I don't think you can get messages from most of the accounts. Okay. But to me, the thing is open communication and it sounds really, really lame. But if your child knows, like, hey, there are a lot of scammers out there. And
And like, don't worry, but if something feels off, just come to me and talk to me because this happens to so many people.
Like, they're not going to come to you if you make this seem dark and scary and that they think they did something bad.
But they will come to you if you have an open line of communication saying, I want to protect you.
I want you to have fun online, but I also want you to know that these things are happening.
So when you are the parent and you're checking the phone and you're looking at the apps, what are we turning off on the apps?
Yeah.
Make sure their apps are locked down on private mode.
Like, no kid should have an open Instagram account.
You should only be adding your friends and friends that you have actually physically met in person
that you go to school with or you met at a party or whatever it is.
Then I would make sure that you can't message.
There's a lot of issues with like Roblox and like kids gaming too that like people are messaging
that are like adults that are like grooming children.
And so I would just make sure that you can't message.
You turn on private mode and you turn on kids settings.
I personally wouldn't allow kids to have like Snapchat because they think that message just
appears. Nothing disappears on the internet. Nothing goes away. Even if it disappears, it doesn't go away.
And people can screenshot it. Don't ever send anything that you wouldn't want like me as your
parent to see or your grandparents or whoever else. I had a friend who is really into cyber,
obviously, and her nephew was like going to the Olympics, like world class athlete in high school,
like went to the Junior Olympics, met someone online that, you know, a cute girl that added him on social media.
She said that she went to a town across. She like had mutual friends because she had added his other friends.
So she thought it was mutual. And they just started talking. They never had a call with each other, but they were talking for like three or four months.
And she sent him a photo of herself. And he then shared a photo because they thought she, he really thought he was with her.
and its extortion scams are on the rise. And it's really, really rampant and teenage boys or younger.
And they specifically target boys because they know that they're a little bit more willy-nilly when it comes to private photos.
But there's two reasons why they do that, right? The first is they want money. So they were basically extorting him for money saying,
I'm going to leak all these photos of you and you're never going to have a career or be an Olympian because I have all these private photos.
you and I want money. Or they say, continue to give me more photos because those photos will then
be used for another scam. After a little bit of time, he shared it with his aunt who is in
cyber and was able to fix it. But there is a really good resource out there. What does she do?
Call the police? She knew a lot of people in FBI. But there is an FBI research that is free
for everyone. So it's called the internet crimes complaint center. So Ic3.gov. I see3, the number
3.gov. And it is help, like, it can help anyone for any internet crime. I just love how clear and
practical you are, Caitlin. And I'm willing to admit publicly that I'm making a lot of mistakes here,
but I'm also starting to feel very empowered that I can fix this. And I have so many more questions
about how you can protect yourself online. But let's take a short break so we can hear a word
from our amazing sponsors. And I also want to give you a chance to share this extraordinary information
from Caitlin with the people that you care about. We haven't even covered the five things that she
wants you to do as soon as you're done listening or watching this episode. That's coming up a little bit
later. We have so many more things to learn from her and to dig into. So don't go anywhere.
We'll be right back. Welcome back at your buddy Mel Robbins. First of all, thank you for being
here and listening to this and sharing this with the people that you care about. I hope that you're
feeling what I'm feeling, which is a little bit like, oh my gosh, I got work to do. I'm taking
notes. There's things I'm going to do as soon as we're done with this conversation to protect
myself. I hope you're going to do it too. Thank you for sharing this information with the people
that you care about. And let's jump right back in because I've got so many more questions,
Caitlin, what is the first thing you should do the moment your phone is lost or stolen?
So I would actually preface that you should do this before you lose your phone.
Okay, what am I doing?
So I would turn off the ability to turn on airplane mode when you swipe down.
Wait, what?
So you know how you can turn on airplane mode and there's like an, you can easily do it if you like
swipe down.
Oh yeah, you swipe down and you hit the airplane?
Okay.
Because the first thing that, like, robbers do is they immediately put on airplane mode so you can't track the phone.
But if they can't do that because your phone's locked,
then the only way they can do anything is to just turn it off.
And they're going to have to eventually turn it back on.
So I don't have the airplane mode so easily available on my phone.
Where do you go to do that?
You can, if you, like, scroll down to the control center,
you hold it down and it, like, starts moving,
similar to, like, when you move apps.
Oh, yeah.
You can do the same thing on your control center.
You can?
Yeah.
And then you just delete it?
Yeah.
And that way you have to go and manually do it.
Then you just go to settings.
Like, next time you're on a plane,
and you just go to settings,
Airplane mode and turn it on.
I can do this.
Yeah.
And I'm going to do this.
I personally feel that this is an issue
whether somebody has lost their phone,
whether somebody has had their phone stolen,
whether like they left it somewhere,
and just feeling like you've got all of this information on your phone.
Yeah.
You probably have 1, 2, 3, 4, 5 as your unlock screen.
I hope they don't, but most likely.
You know, that's still like one of the most popular passwords outside of password
is 1, 2, 3, 4.5.
Password?
Password is the number one most popular password. That is still used to this day.
Password? Yeah. Yeah. Password. I wish I was joking, but I'm not.
Wow. So it makes you feel a little better, right? Slightly. What do you, as a cybersecurity expert,
what do you think about wearable technology? So this is definitely like, everything is a risk, right, online. Everything that you do is a risk. And you have to choose whether you want that risk
or not. And I'm going to give you a little bit of an example of how AI is working out right now
with all the data. So we have a ton of data on everyone, right? And by we, I mean like the government,
any of the apps that you use, like I used to use a wearable ring that was tracking, you know,
my fertility, my sleep patterns, my stress levels. But can you imagine plugging all that into an
AI and how much that would actually know about me? I personally don't feel comfortable
giving that information to other people.
However, my boyfriend swears by his ring and he doesn't care.
So again, this is a risk-based approach.
Every company has a privacy policy legally.
And that privacy policy states what data they're collecting from you,
who they're sharing it with,
what they're using it for and why they're collecting it.
So what I usually do is I take that privacy policy.
I actually throw it into chat GBT or Gemini or perplexity or whatever,
and I say, hey,
can you please tell me like the high level issues that might come about?
Like, what are they collecting?
Because it's a very legal policy.
So it's hard to read.
It's like made by lawyers.
And it's meant, honestly, to confuse you.
It is meant to confuse you.
They don't want you to know all the stuff that they're doing with your data.
So I just throw it in.
And then I'm like, okay, they're only collecting this, this and this.
I feel more comfortable.
But with wearables, they're really collecting a lot about you as a human being.
And sometimes I just don't want that.
So if I take a privacy statement,
which I think I'm probably like 99.9% of people. It's like, except all, okay, move on. I didn't
do the thing I was here for. Right. And I were to throw it into Microsoft co-pilot. And that's the
platform I trust. And it gives me a summary of what this is, what I'm giving permission for this
company to do. What are the things I'm looking for? Because I would imagine there's, there's language as a
former lawyer. I know. There's language that's like, blah, blah, blah, blah, third party.
blah, blah, blah. And then it's just sort of buried in there. What are you looking for that is a red flag as a cybersecurity expert?
Yeah. So I'm looking at the types of data that they're collecting. So if they're taking like biometric data or they're taking like really specific, if it's just like a name and an email, go for it. You know? But if they're taking.
Because it's fake, the one that you gave them because you're no dummy like I am. Okay. You're like, you're like, you know, my alien. Just go for it.
Exactly. But if they're taking like, you know, my like menstruation data.
and my sleep data, like for biometrics or anything like that, I'm like, okay, why are you taking it?
And so I ask, what data are you collecting? Why are you taking it and who are you sharing it with?
That is a big thing. So I'm very concerned with who they're sharing it with. Why do they need to share it with these people? I don't know.
Maybe it's for, like, you know, metrics, statistics. I have no idea. But some of the, like, recent, like, wearables have been sharing with companies that I don't want to be shared with.
So if it's really sensitive data, like your health history, nationalities, I would just prefer not to have it.
And then if they're sharing it with interesting companies, like, why are they sharing it with XYZ?
Well, I'm sitting here thinking about the fact that just about everything that I use is now somehow connected to the internet.
Yeah.
whether it is the pad that I'm sleeping on and cooling me down at night, whether it's the alarm clock sunrise
that I'm waking up to.
I do love that, though.
But what I'm wondering is for some of these things, is there an option you can look for
that allows you to enjoy the benefit of some of this wearable stuff, but that limits
what you're sharing back to their general data?
pool. Do you see what I'm saying? Yes. Yeah. So a lot of times there are options to, like, look and see,
like, I'm turning this on or this on. Like, there are options of saying, hey, don't share my sleep
data. Usually those options come at the very beginning. And so a lot of people just blindly accept and
say yes, because like, we're, we're excited. We want to use a product. We want to use the platform,
whatever it is. We want to use the app. And we're like, yes, yes, yes. But I would go back,
usually they have privacy settings or settings in general, like data privacy settings. And I would
start seeing what they do. And there's some toggles. Like on LinkedIn,
they're starting to use everything that you've posted for their generative AI.
So, like, they're training their AI platform based off the stuff that you post.
Well, that's sort of like what happened with Instagram.
Yeah.
Instagram did that update where all of a sudden everybody's locations were live.
And there was a flurry of texting all day long.
If you don't know about this, please check your Instagram right now,
where it just suddenly opted us all in.
And it was crazy because it was every time you opened up Instagram,
it was resharing exactly where you.
you were to the precise location if you had precise location turned on on Instagram,
which I would say probably 90% of the people do.
90% of people have precise location turned on?
Well, it's automatic.
When you download Instagram, it's automatically on.
Wow.
Unless you go into the settings, which I made a few videos, like to say like, hey, only like limit
access or don't allow at all.
So is one of the things that we should do is to take a day and go through every app that
we've downloaded and all the settings and look at the privacy and the data settings on those things?
Yes. There's three things that you want to look at. Does it have access to your camera?
Does it have access to your microphone? And does it have access to your location? All three of those
things, if it doesn't need it, turn it off. And I again, why would it need it? Well, you'd be surprised.
If you're using it, yes. But if not, no, so what should the setting be? Only while using the app?
Never once? It just depends on what your preference is, right? So, for example,
I ordered Uber Eats last night, and they delivered the wrong thing. And my manager got my phone,
was like, don't worry, I'm going to return it for you. And she went and you have to take a picture
of the wrong thing, right? And she's like, oh, you don't have, you didn't give it access.
Because I don't need Uber Eats to have access to my camera roll or my pictures or my camera, right,
or my microphone. So she allowed, she limited access to the one photo that she took and she put
that photo on and she took a picture and we went off. But for me, I'm like, I don't think
Uber Eats needs to have access to anything ever. And if I need to add a picture,
randomly, you can allow access to one photo. Wait, so are you saying that if you have an app on your
phone? Yeah. And like I have where I've given Instagram or whatever access to like my photo
library, that it can be in the background scanning my photos? Oh, it's not can be it is.
Instagram, Facebook, and TikTok have new features in the last like two months where they are
scanning the camera roll that you have not posted to give you ideas on how to generate fun
reel or post ideas because they're trying to get you on the platform to post more, right?
So they're literally, if you gave them access to your whole camera rule, they're scanning it
and they're putting together their own version of a potential reel that you might want to post
after your trip to Boston.
Whoa.
Yeah.
So we prevent that by saying limit access?
Limit access.
Yeah.
So like for social media, I,
limit access, I don't say never, because obviously I have to post and I have to put photos on
and I have to go through the app. But I limit access to the photo that I'm actually uploading onto
the app. What about facial recognition software? Is a cybersecurity expert, what do we need to know
about facial recognition software? Yes. So unfortunately, a lot of facial recognition software
is unavoidable nowadays. Like you're walking through the airport and they're scanning your face. I mean,
they are. They are? They are. Okay, you're right.
And even in the- Like, where are they? Well, actually, I wonder because like, you know, I'm looking up. I don't have them in here. But I'm looking up. And there's security cameras everywhere. Yeah. You go. So there's biometric tracking and facial scanning pretty much everywhere. And I have a concern, one, because biometric is like very unique to you, right? Like your eyes are, it's like a fingerprint. Your eyes and fingerprint, your face shape is very, very unique to you. And you can't fix it, right? I mean, you might be able to fix face shape with,
certain things, but you can't change your eyes that much. Definitely can't change your fingerprint.
And so my concern is TSA has our biometric ID, right? Global entry has our biometric ID.
Right. Anything is hackable. In my head, anything is hackable. So what happens when people start
getting that information? And then the other thing is, our phones from a marketing perspective
are going to start tracking our eye placements. So my concern is, you know how smart AI is, right?
Like if you've been using AI, if anyone here has used AI, if you type in like, hey, what
What do you know about me? It gives a whole summary of exactly who you are to a T.
Now, I want you to imagine, like, someone on the other side of the screen when you're, like,
doom scrolling and late at night and you're watching what you preferably like to watch,
it's analyzing every single thing about you. It's analyzing where you're looking, who you're
looking at, how long you're staying on this video. It's analyzing the psychology behind what you're
watching and understanding who you are as an individual. Hopefully,
it's going to start doing better ads.
That's what they're saying, right?
But who knows what that information can be used for?
And so I recently, you know, it sounds a little scary.
I recently partnered with a company that has, it kind of shields you from biometric and
surveillance.
And it's UVA and UVB and blue light blocking.
But it really-
Okay, so wait, these are blue blocker red, like, well, these kind of have like a pink thing.
Yeah, they're like all.
Also, like, it's an infrared screen.
So the way that surveillance works is usually through infrared technology.
So because there's like an infrared kind of shielding.
You even had these made for my prescription.
Yes.
It's pretty cool.
Yeah.
Because there's like a kind of shielding on it.
Yeah.
When you walk through, like the airport or sometimes like when I wear mine, my phone doesn't
even register that.
It's me.
Like it can't even see because it can't really tell where my eyes are.
So it's not like, you know, the end all be all.
does make me feel a little bit better when I'm, like, walking through security, you're going to have
to take that off through airport security, but when you're walking just in general. Because it
wouldn't be able to scan my eyeballs? Yeah. Wow. It prevents it a little bit from skinny your eyeballs.
Wow. Yeah. That's really cool. Yeah. So the question that I have about biometric scanning,
though, is that if we're using it for global entry, or you're using it for clear, or you're using
it for one purchase with, do you want to purchase with your fingerprint? Do you want to log,
into your Gmail with your finger? Is that a good thing to use or would you not recommend we use that?
So again, risk-based approach, right? For me, I have TSA pre-check because I travel every week.
And if I only traveled twice a year, I would opt out of my biometric tracking because it's not that
hard for me to wait an extra five minutes for them to like check who I am, right? But unfortunately,
I travel four or five times a week. And that is just not likely. So my risk, yeah, I do not want it,
but is it worth me to spend all that extra time to try to fight it?
I don't think so.
But some people don't, like my sister, my manager, they opt out every time.
Everything is a risk-based approach on surveillance, and I just, again, I do my best,
wherever I think I can help.
I try to fix things, and then if not, I've let it go.
Amazing.
You have some shocking news about cameras, cameras on your laptop, doorbell cameras, baby cameras.
Yeah.
Uh-oh.
So this is not to scare you.
It's to empower you.
So there are two ways that people get into these cameras, right?
One is, again, if you're reusing passwords, which everyone does.
So don't be a bit embarrassed by it, but take this as their sign to be like, okay,
maybe I shouldn't have the same password for my baby monitor as my Facebook account.
Because if you're reusing passwords, they just have to get in and they just mess with you
and they can like talk through the camera.
They can watch your camera.
Oh, my God.
Yeah, they can watch.
There's also a site, there's multiple sites actually, that show every single camera that's on an open network.
Wait, what does that mean?
They can literally log into cameras that are like on open, unsecure Wi-Fi's.
So if you have a camera and you're on an open Wi-Fi and they like somehow decide to connect to the one, like the IP address that you're sitting on, they will be able to turn on your camera.
Whoa.
Yeah.
Just trying to like process.
Processes.
because you're saying that somebody can hack into my laptop if I'm on an open network and they can
turn on my camera on my laptop and be watching me.
I had an old boss that literally had he didn't have a camera cover on his camera.
This was like five years ago.
And someone had taken pictures, like he'd changed in front of his computer and someone had taken
pictures of him and like sent him an email being like we know, like we have some really,
vulgar pictures of you that were going to release. And he was like pretty high up in the company
that I was working for. And he didn't care. He was like, whatever, release them. But like people can turn
it on and off your camera if they want to. I just would be, I just put on a camera cover.
What is a camera cover? There's like little covers that you can buy literally $3 on Amazon.
And you just like cover it when you're not using it. That prevents it. Obviously, they won't be
able to see anything. And also just be mindful of where you're connecting. He traveled a lot for work too.
And so this can happen to your doorbell.
It can happen to your baby monitor.
It can happen to any camera you have.
Yeah, there was someone that follows me that someone hacked into their baby monitor,
but it was because they reused an old password that was leaked.
They heard voices in the baby monitor of some random guy talking to the baby.
That's terrifying.
Yeah, it was awful.
But again, passwords.
Passwords.
Okay, passwords so hard.
Everybody.
I have a stack of emails right here from listeners of the Mel Robbins podcast.
These emails have come in from around the world, and they cover all kinds of scams that people have fallen for.
One scam is that people buy a copy of the Let Them Theory that is counterfeit.
It looks nothing like the cover, or it's being sold on Etsy, or even Shen, the fast,
fashion site, or it's spiral-bound, or it's paperback, and there's not a paperback version
available in the United States. Like, it's just not written by me misspelled, but they're falling for
it. Lots of emails from people who, sadly, are getting emails from scammers posing as employees
of my company, and basically they're getting more and more sophisticated. The old scam used to be
hey, if you pay $10,000, we can, you know, we'd love to book you.
We never pay anybody.
We also don't require somebody to pay to be on this show.
And now they've updated the scam to say, hey, we never ask anybody to pay so they're
knowing that we're, they know that we put language up on our website about scams.
And they're posing as employees.
Can you talk to me about the rise of these kinds of things that are happening?
Yeah. So funny story, when we first got a hold of your Booker, your Booker found us.
Yep. My manager called me and I was like, this is probably a scam. I would love it if it's not a scam, but like you need to get on the phone with this person and see their face and make sure this is like legitimate because I don't trust an email. So the first thing is if it's not from a verified source, like your Instagram, right? Like if you are not messaging them directly from your verified Instagram, it's not you.
Well, one of the things that I've also noticed in a lot of scam emails that I get is that people will ask me to click through to schedule a conversation with somebody.
And I never, ever, ever do that.
Right.
And a lot of these, in terms of the scams that people are receiving as, you know, because they're very convincing.
I'm like, wait a minute, that's the name of a person who actually worked here.
Yeah.
Wait a minute.
They're saying that we don't pay people to come on this show and you don't have, there's never a fee for you to be on this show.
Like, what?
How are they've changed it?
They're saying everything right.
But now they're saying, and they're linking to all the prior experts.
So it looks like really legit.
And then they're like, but Mel will give you a private strategy session.
We'll build you custom stuff.
Like we don't do any of this stuff.
Click here to schedule a call.
Right.
Yeah.
So you're basically saying, no, no, no, no.
Pick up the phone and call.
Yes.
Got it.
I don't click.
My manager knows.
Do not click on any links.
Okay.
That is like a blank.
statement rule I have. If I need to get a hold of anything, like again, if I need to click on a link
for a bank, I call them. And I only am clicking on it when I'm on the phone with the bank.
If you have to click on something, call the person and just say, hey, like, what is this about?
Or hover over the link and see where it's going, because it will show you the URL.
Oh. Yeah. So unless it's coming like Melrobbins.com slash, you know, in-person interview,
I'm not going to trust wherever it's sending me.
You mentioned that there are five things that you want us to really focus on.
Five things that if we just focus on these five things,
even though you may feel overwhelmed right now,
these are the five things that really will protect you online.
What are those five things?
Passwords.
You've talked about that a lot.
Tonight, go and write down,
these are accounts that I don't want anyone getting access to.
These are my key account.
And you'll start thinking about more and more as you move on throughout your day,
what apps do not want people to have access to, what banks, social media, all of that.
So identify your key accounts and make sure that you have strong and unique passwords for all of them.
No reusing of the same passwords, no reusing of the same base password, have strong passwords.
Okay.
So for those of you guys that aren't like myself or Mel, because you're traveling all the time probably too,
I would, if you're at home using a desktop for like my parents, right? I'm like, please, mom,
I'm going to get you a book. We'll put it in the log cabinet right next to your computer. You just
pull it out when you're on a computer and you can use it. That way you can actually remember and
write down your strong passwords. For the people that are always on the go, yeah, like have a unique
passphrase or whatever you think you need to remember that like longer password. When it says,
oh, remember this, usually it's on a phone. And that's just remember it's a password manager on the iPhone.
Okay. So you can do that. That's still a
password manager. I use a password manager myself. I love it. I swear by it. Or on your notes and just lock it.
So that's number one. So once we got the password set, what's the second thing we're doing?
Software updates automatically. Right when you download the app, just turn it on.
Okay, because software updates as a cybersecurity expert, you're saying when it says,
ooh, fix bugs, make more optimized, they're actually solving and fixing where the hackers broke in.
Yes.
So automatic software updates on all apps. I got that.
that what's the third thing I'm doing? The third thing you are going to do is freeze your credit.
Freeze your credit. Super simple. That's like a one and done thing. You can do that tonight.
Okay. Because then if you've frozen your credit because you're not taking out any loans, you're not opening up new credits. That means nobody else can either.
Right. Oh, I love that. Okay. Can have identity theft unless you give them like extra passwords and stuff. But this is the other thing.
Okay. So fourth thing I'm doing. The fourth thing you are doing is taking nine seconds before you click on any link.
Oh, nine seconds.
Yeah.
There's psychology about the nine seconds.
It's just enough time for you to like take a deep breath, think, and realize like where you are.
Got it.
I didn't do the psychology aspect of it, but that's the nonprofit did.
So take nine seconds.
And I always just say just don't click on links.
I know that that is not like as easy for most people.
But take nine seconds before you click on any link.
And if there's an option for you to just call, I would call.
Well, and also in those nine seconds.
seconds, you can look at the email address. Exactly. You can look at a lot of things.
What's the final thing that we're going to do to protect ourselves?
Limit the amount of data online. There's multiple ways to do this, right?
How? There's deletion services out there that like every month go through and manually delete
all the information that keeps popping up. Are you kidding me? No. This was what I was going to ask you.
Yeah. There's a there's multiple services, but I use this one and I'm obsessed with it. It's called
incogny. It's like the best thing ever. What's it called? It's called incogny. It's supposed to be
like incognito, but incogni?
Incogni, yeah.
As I was sitting here listening, I was thinking, like, how am I getting my old addresses
and my mother's made name and my dogs that have died and everything else?
And how am I going?
You can actually scrub your stuff?
Yeah.
You're kidding me.
No.
I thought once it was out there, you can't get you, like, it's out there.
I'm very excited for you to try it.
It even tells you, like, within 10 seconds, it'll say, you'll start scanning and saying,
hey, we found all this information.
We're automatically sending out opt-out requests on your behalf for you.
it's yeah and it's international too so the software is certainly something that if it's within your
reach to look at to potentially you know think a subscription to but if you want to try to do this
manually what are the big websites you go to and how do you do this yeah there's like white pages
true people search people finder i have an entire series on how to delete it so usually you have
to go and you have to search your own name then you have to like scroll all the way down and
they make it hard to opt out but there's like an obvious
opt-out page. Usually you can find it on their privacy policy. And then you have to have a separate
request on that opt-out page saying, this is me, please remove my data. I want you to remove it.
And then this is bonus points, which we talked about. The sixth one is probably going through
your apps and your app settings and seeing what they have access to. Again, it seems like it's a
lot. But again, the apps, once you set it, it's one and done. Once you have the auto-updates,
one and done. Set your password, you don't have to change it for like at least another year
unless there was a breach for that account. So all these things, it's just you're building routines.
It's like brushing your teeth, washing your face. Did you like doing it? It took extra time
when you were a little kid. You just wanted to sleep, but you learned that that was what's best.
It's like any wellness routine to you. Like, do I want to spend an hour at the gym? No, it's annoying.
But it's going to be better for me in the long run. This is exactly that.
What's the one thing out of everything you've taught us today that you think is the most important thing
for the person who is listening to do as soon as they are done listening,
other than send this to everybody in your family
because we all need this information
and we all need to be smarter about protecting ourselves.
And so what's though the one thing to do tonight?
Yeah, I would do passwords for sure.
Get your key accounts, turn on multi-factor authentication,
and make sure you have an updated strong, like long password.
Okay.
Yeah.
I can do that.
You can do that.
Caitlin, what are?
Are your parting words?
Cybersecurity is not for experts.
It's literally for everyone.
We use it every day, and it's not supposed to be a scary word.
That's why I don't even like saying cybersecurity,
because people get so detached from it.
I can't do this.
It's way too out of my comfort zone.
I have no idea what you're even talking about.
Cybersecurity is very simple things that you can do
to empower yourself and your family and your loved ones
to be safe because we are all online now.
Don't be afraid.
It's very simple things that you can do,
and it's not supposed to be scary.
It's supposed to be something that you can feel empowered to
and then share this with other people.
I really appreciate everything that you taught me
and the person that's here with us today.
I have to admit, as we were starting the conversation,
I had this really, like, heavy feeling.
I have completely screwed this up.
The cat is already out of the bag.
There's no way that I'm getting it in charge
in control of this.
everything's out there. There's no way to get it deleted. There's no way to protect myself. I've
already screwed up. So why even bother on the advice? I feel completely different. I feel the opposite now.
I feel very hopeful around both the deletion service and the fact that you can go to the websites
and manually get yourself removed. So that does something. And I think all five of these things
that you talked about, the password, the software updates, freezing your credit, nine seconds.
and really limiting the amount of information that you are giving online, because why do they need
your phone number? Why do they need all that information you're just pouring out online?
And so I feel very empowered and excited to do everything that you just explained, and I feel a little bit
smarter. Thank you, thank you, thank you for hopping on a plane and being here.
Yeah, thanks so much for having you. I appreciate it.
Oh, of course. And I also want to thank you.
Thank you. Thank you for spending time listening to this and getting smarter and empowering yourself.
And didn't you just love the very specific things that you can do? I have a feeling this is one of
those resource pages that everybody's going to like, link, link, tell me what to do.
Also, thank you for sharing this with people that you care about because we all need the facts and we need
to know specifically how to solve these issues and protect ourselves. And one more thing, in case no one
else tells you, I wanted to be sure to tell you, as your friend, that I love you and I believe
in you. And I believe in your ability to create a better life. And there's no doubt in my mind
after listening to everything that Caitlin taught us today about protecting yourself online,
that feeling safe as you're online, protecting yourself and your family by doing these simple
things that she taught us today will help you create and live a better life. All righty,
I'll see you in the next episode. I'll be there waiting to welcome you in the moment you hit play.
I would like to do it. We're doing it all.
Do it all.
Enjoy.
Hold on a second.
Here comes sooner.
Not good on the repeat, everybody.
Oh, my God.
Okay.
There's probably the mashed potatoes bringing up the fish.
Hoo!
Okay.
I'm so excited for this.
I'm so glad you're here.
I'm excited.
I'm here, so I'm honored.
Awesome.
Screwed up.
I screwed up.
I told him that on the first.
I was like, this is a red flag.
You are from Ohio.
But I've learned that there are a lot of really cool people from Ohio.
There's a lot of really cool.
Yep.
You're all set.
Okay, great.
Fantastic job. Thanks. Thanks for having me. This is amazing. Really, really fantastic job.
And one more thing. And no, this is not a blooper. This is the legal language. You know what the lawyers write and what I need to read to you. This podcast is presented solely for educational and entertainment purposes. I'm just your friend. I am not a licensed therapist. And this podcast is not.
intended as a substitute for the advice of a physician, professional coach, psychotherapist,
or other qualified professional. Got it? Good. I'll see you in the next episode.