Speaker 1: 0:00

...

Jon McCann: 0:06

Victims can be the 92-year-old woman who's just a widow and by herself and doesn't have anybody to lean on, to someone with a PhD. They come in all shapes and sizes. Victims get in a panic, they don't know what to do. They have the money, they have the ability to take care of the problem. I think they're doing the right thing. And when I say when the phone call is over or the connection is lost, then they realize the gravity of the situation catches up with them.

Intro: 0:30

Welcome to the Reformed Deacon, a casual conversation with topics specifically designed to help local Reformed Deacons. There are nearly a thousand deacons in the OPC alone. So let's take this opportunity to learn from and encourage one another. We're so glad you could join us. Let's jump into our next episode.

Tim Hopper: 0:49

Welcome to the Reformed Deacon Podcast. I'm Tim Hopper, a deacon at Shiloh Presbyterian Church in North Carolina, and a member of the OPC Committee on Diaconal Ministries. We're talking today about scams, a steadily growing problem that likely all our churches have faced in some way. Scams have been around since sin entered this world, but today scams present themselves in new and crafty ways, often as a faceless predator coming through the web and our personal devices. At our church, we've had folks face IRS scams, jury duty scams, scams about free pianos for churches, scams targeting the elderly, and even scammers sending emails posing as our pastor. I'm joined today by two brothers from my congregation to talk about what deacons and churches can do to help protect their flocks, especially the elderly, from scammers. John McCann is a seasoned police officer with a background in financial crimes where he investigated scammers. Evan Strickland is a cybersecurity professional with nearly 20 years of experience. I've asked both of these brothers to speak with me today about what deacons can do to help their congregation as they face scams. Thank you both for joining me. John, what are the most common scams that we're seeing today, particularly against seniors?

Jon McCann: 1:56

They come in all shapes. There's all different scenarios they use. Seniors are certainly a high priority target of scammers. And I think there's two prong for that. Maybe just a little bit more naive when it comes to the internet and how things could kind of work in the cybersecurity world and access to bank accounts, things like that, checking and all that kind of stuff. But I think also because they usually have funds that others don't have. So if a scammer gets a hold of a young 20-year-old kid and asks for $10,000, they're going to say, sorry, I don't have that. They're going to move on. Many LD folks have access to large amounts of funds and can empty out they would even have 401k at that. But the scams, they come in all sorts of different scenarios, like I said. Could be as simple as someone calling someone, a grandmother, and saying your grandson was arrested and needs bond money to get out. They can be there's a virus on your computer, someone's using your identity and committed a criminal act, a package was intercepted, and you need to pay for that, or there's a you know, a virus on your computer, you need to pay money, saw some software. There's just so many. I don't think there's one in particular that really catches the same person. I think they just try and try and try. It's kind of like fishing almost, and they get lucky quite a bit. That's why it's such a huge operation.

Tim Hopper: 3:09

Question for either of you would you say that modern scams are primarily emotional or technical, or is that even a helpful distinction? As you know, you talk about, you know, somebody's been arrested. That's a very emotional tactic, but then a virus maybe is a technical thing. Is that a useful distinction?

Jon McCann: 3:24

I think they're both. Certainly, the grant's unlocked up. Sometimes it'll be the person that scammed themselves will develop a rapport with the elderly person, sound like they're a nice person, tell them some sob story about their life. They'll have the person send some money, or they'll convince the elderly person or the victim that they accidentally sent money and they need them to fund the money back, or they're going to lose their job, and they'll be out of work, won't be able to feed their family. And that gets kind of emotional for the victim. They also scare the victim, obviously. That becomes emotional, right? When they're pretending to be the FBI or the Marshal Service or whatever, they'll they'll spoof a phone number and say you have to take care of this or whatever, I'll get in trouble too. They certainly prey on that vulnerability. I would say it's kind of two-pronged, if that makes sense.

Tim Hopper: 4:06

It does make sense.

Evan Strickland: 4:08

There's a lot that I think is interesting about it. I don't think it's a necessarily the most useful distinction to go between the emotional appeal versus the the technical side of it. Because there's a progress of events that happen from my perspective. Because I don't look so much at the person, I look at the technology that led you to the person. And I think that's going to be one of the things that we have to pay attention to. Because if there is an attacker who's going after this victim, they had to have some reason to say, I want to choose this person. And usually that involves getting information about them. Maybe they've got some kind of hook into some resources that they have, like their computer or something, and they're building a book of information about them to help them be more successful. So that when they get to the kind of things like what you're talking about, John, they can use what I've seen is the seven most common techniques to be effective, which is around urgency, scarcity, authority, and trust, reciprocity, social proof, fear and intimidation, hope and incitement, confusion and complexity, and personalization and emotional appeal. Like they're gonna use those type of manipulative techniques to get the smart person off their game.

Tim Hopper: 5:24

Sure. Evan, from your perspective, can you walk through from more of the cybersecurity angle what a successful scam looks like? That one that might happen to one of our church members?

Evan Strickland: 5:35

I can, but much like John said, that's a difficult one. Because I think I would define success differently than John would, because there's small tells that in the cybersecurity world we actually consider very big deals. And those small successes lead to the big successes that I think we're more here to discuss today of defrauding you of your actual money. But the predicators to that would be being exposed in data online, having a computer stolen or malware installed, or elements where they can learn things about you or defraud you in small ways. And we've all had somebody say, Hey, your credit card information was stolen, or we've had, you know, your data was stolen from XYZ company that we're all part of, but that should produce some action or awareness on our side to know that we are now more likely to be targeted for fraud.

Tim Hopper: 6:32

So what are the implications then of that for, you know, say I'm a deacon, which I am, and I'm talking to an elderly person in my church. What are some practical implications of what that might mean and how we might help?

Evan Strickland: 6:44

I think one of the first things that we can do is to pay attention to our congregants and to try to help them understand when their choices are less than ideal. And that can be very simple. It's do you have a computer that can't be patched because it's too old. Unfortunately, technology has a life cycle. So if you're using old technology, it may not be able to be patched, which makes it likely.

Tim Hopper: 7:13

Patch meaning like uh updating the operating system and those kind of things.

Evan Strickland: 7:17

Correct. That also can be on your phone, too, because uh phone will continue to operate even if it is unable to receive any security updates.

Tim Hopper: 7:25

John, first, maybe are there tells that we can see that someone might be falling for a scam or might being manipulated in something like this before it happens, something's going on. Are there things that we can be looking out for?

Jon McCann: 7:39

In my line of work, and I think because working in the local police frame, I think Emmett probably say he's looking at a more larger picture where you know might be going business or larger amounts of money. Most of our cases do involve large amounts of money. Well, they could be targeting the victim. It seems almost like it's happenstance almost a lot of times. Someone gets a text message or a phone call from these scammers that claim, like, oh, your insurance has expired, or you didn't pay a ticket at an Easy Pass station, the DMV, or you have a warrant for your arrest. These are kind of just random texts that we've all gotten, right? Unfortunately, sometimes people just fall for those, or a pop-up window on your computer shows up that you have a virus. We've seen those probably on websites before. I think we all say we've seen those. And some of them are pretty convincing. They look like they might be from Microsoft or from Apple, right? These are these built-in pop-ups that someone clicks on and they follow that lead. Or if someone orders a product off of a website and it get at home and they try to download the software and it takes it to some phony website from overseas, and the overseas person says, Oh, you need to enter this chat, you're getting this error. And then you follow those links, and then you call somebody and they ask for some money to pay you this amount to get the services rendered. A lot of it's just fishing. It's just throwing bait out there to see who's going to catch it. And surprisingly, a lot of people fall for it. Some people realize, you know, in the middle of it, that it's not legitimate. But unfortunately, a lot of people do fall for it. I do think that people that have been victim of fraud, you'd be surprised, become victim again. Whether that's because they didn't learn their lesson, I don't think. I think sometimes that name gets in a Rolodex almost. I know, for example, I've spoken with other investigators, both state and federal, who have cases that have involved people that have been targeted over and over and over again and given up to millions of dollars away, put it in envelopes and mailed it to places all over the United States. Gone to the point where, you know, maybe the FBI director will call them and they'll think it's the FBI director. Oh, we're going to handle this or we're going to give your money back, but give us $10,000 more dollars and we'll get your money back. And people will fall for it. So there are people that are more susceptible, I think, because they've already been victim of it and they some reason they could target it that way, or they just, you know, happen to keep falling for these scams. And again, I think it's a lot of it's just straight fishing. There certainly is targeted efforts on the computer side, which I have a soon you can speak to that. But as far as the day-to-day victim, most of them, I in my opinion, a lot of them are just like the rest of us that just happen to get these texts or these phone calls and fall for these things and have the resources and the money, and no one there to stop them from doing what they're doing. They'll go to a bank and they'll withdraw $10,000, $20,000, go to a Bitcoin machine at a bodega somewhere or some corner mini mart, put $10,000 into a machine and it's gone. And they'll on the phone the entire time with the scammer, thinking the scammer is, you know, an IRS agent or whoever the person is posing to be. And when it's all over, as soon as they hang up, was that right? And they'll realize it. But they've got people so convinced. I just think that, like I said, a lot of the times the victims are just a habit of stance. There could be a system, like I don't work in a warehouse somewhere in Myanmar, targeting people. Maybe there is. Maybe they have a way to do that through information sold on the dark web, through security breakdowns that Evan could speak of. I think that's probably true. There's some truth to that, sure.

Tim Hopper: 10:48

I think that'd be helpful, Evan. You've shared a little bit about that with me. But to John's point, though, one of the most eye-opening experiences for me was many years ago at our church, we had a woman who was being preyed on by one of these IRS scams saying, you know, you owe thousands of dollars to the IRS. And she was on the phone with one of our deacons telling her, do not send this money. But she was so manipulated by the scam that as he was telling her, do not send this money, she sent the money. Which just really points to the evil emotional manipulation of these kinds of things. And they truly are. It's just so, so evil and so wicked, and people are working very hard to do this. But Evan, I think it'd be helpful if you shared a little bit about kind of what's going on behind the scenes because it it seems like all these things are just sort of random, but that's not totally true.

Evan Strickland: 11:38

Yeah, absolutely. So there's an unfortunate bed of evil that exists, and it's systematized. It's not like an individual or small group of people that we might think of, like the one shady guy who sits in the corner. No, there are office buildings, and there are workers and there are managers and there are goals that these evil companies have, and they have been in existence for quite a number of years. So these are not new entities. They've been around for a very long time and been very successful because there's support for it. So the issues that we run into is there's data brokers of malicious information about you. And the reason I say malicious is because it can be used maliciously, not that the data's malicious itself. But because of that, when you build this profile of a person and then you sell it to whoever's going to perform the attack, it looks random because they're just using whatever campaign that they feel like of that day. And a lot of times it's, you know, whatever's on sale. So it looks random because they're just following the sales. But the issue is the person, just as John said. And that person who this is more of an opinion, I don't know this authoritatively. John, I'd love to know your perspective, but for me, a person who has issues in high stress environments, it trips the smart person out of wise decisions because they're in a panic mode. And I feel like that is difficult to overcome in the moment. And so, you know, for those individuals who who fall prey to these things, whether they're a money mule or they are defrauded themselves out of money. Money mule meaning somebody who is there to move money instead of the money coming directly from them. I think those are the things that I see behind the scenes. And it's different operators all over the world, mostly not from America, but there are a couple of statistics that are rounded that say about like 45% of uh North America is targeted. So we are definitely high on that list. And I think it's Visa who puts out that payment and fraud survey.

Jon McCann: 13:57

Yeah, I think you make a good point about just the panic, because I can tell you victims can be the 92-year-old woman who's just a widow and by herself and doesn't have nobody to lean on to someone with a PhD. They come in all shapes and sizes. Victims get in a panic, they don't know what to do, they have the money, they have the ability to take care of the problem, and think they're doing the right thing. And when, like I said, when the phone call's over or the connection is lost, then they realized the gravity of the situation catches up with them, and they realize that they've made a tragic mistake, unfortunately.

Tim Hopper: 14:27

Yeah, I was just talking with a friend who's a deacon at another church, and he was just telling me that they had a man in their church who was a shut-in and disabled, and he was about to send money to what he thought was a woman in Indonesia that he was going to be marrying, manipulated by the romantic angle. I think one of the things that's clear to me here that is so often part of these podcasts is just that deacons need to really know the people in their congregation and be interacting with them. And I think that it's a challenge for many of us are just doers, and we are at church on Sunday, and it's like, okay, what do I need to do? What do I need to do to make sure everything's working, everyone's comfortable? And that's my personality. And um, often that's needing to say, okay, I need to slow down and I just need to be actually talking with the people at my church and knowing them and knowing what's going on in their lives. And that applies here and in in many other places. And one of the things that we've done at our church that you know both of you have been part of in ways actively over the past five years is delegating things that are needing to be done on Sundays to folks beyond just the diaconate so that the deacons don't just have a big checklist of things that need to happen every Sunday, but we're able to share the load with others and have that time to just talk to folks because I think these things can happen fast, but maybe they, you know, something like a romance type scam, maybe that develops over uh weeks or months. And if you're talking to someone, you have the opportunity to hear about that. John, what should the action be when we think or know someone in the church has fallen for a scam? What kind of steps should we start to take? Do we always need to report that to law enforcement, or in what cases does that need to go to law enforcement?

Jon McCann: 16:08

Yeah, I think it should always be reported. There's no harm in it. It depends on what the scam can be. It could be something like somebody washing a check. Those kind of cases on a local level and a state level can be investigated. It's not uncommon for everybody to have a check stolen in the mail and washed and lost, and those things should be reported. But even as high as you know, someone wiping out their 401k should always be reported. And those cases can be looked at by the FBI or another appropriate agency, uh, depending on the loss. And a lot of times your local police department is reported to them, could field that out to a task force officer with the FBI if the loss is great enough that the federal government wants to look into that investigation. But I think always, no matter what the case, it should be encouraged to just at least report it. Obviously, a lot of these scams, especially the ones involving internet and telephone scams, they do involve overseas actors, which to a limit, your local police department gets to a wall and they just can't go any further, right? Certainly, even the federal government probably has difficulty with that, especially cooperating with overseas entities. But it should always be reported. If it's involving an internet crime, they can report the crime for the FBI's IC3 website, the internet crimes, and then the FTC, you can report your crimes there to the FTC, Federal Trade Commission. Those can always be reported. What they do with that statistical data, I'm not really sure. They keep track of the phone numbers that are called from. But again, a lot of these phone numbers are spoofed. Email addresses are created and dumped. What do they do? I don't really know what they had to do with all the information. But that's certainly a start, right? There may be some ways to recoup some loss. Depends on the state, depends on the jurisdiction, what they can do with money, let's say, put into a Bitcoin machine. Um some states have had success in seizing wallets or seizing the machine itself. Can speak for a state of North Carolina. There's been some court cases where Bitcoin went to court and police departments and the law enforcement agencies in the state have basically been blocked from seizing the money once it's in the ATM. So there's a warning, I think, on the Bitcoin machines that warrants them like, you know, if you're part of a scam, this is not a responsibility. So it's unfortunate for victims. They can get some monetary loss back as far as the fees are concerned. But it just depends on the case. I think everything needs to be looked at, and it can be looked at. How far the investigator can go depends on how it transpires, how it's carried out.

Tim Hopper: 18:23

Do you have any recommendations for the actual process of reporting and what information you need to bring? I mean, do you just pick up the phone and call the non-emergency police line, or is it better to go in and talk to someone?

Jon McCann: 18:33

Either or is fine. It depends on your local agency. Uh you can just Google your local police department, maybe call them. They might have an online reporting system, or maybe you could take the report over the phone or go to the local police station and report it that way. Obviously, what you want to have is information of did you receive a phone call? What was that phone number from? What kind of things did they say? What do they do? They have access to your computer, they provide an email address. Whatever information you gathered from that individual during the phone call. If you sent money somewhere, sometimes these folks are wiring money to bank accounts or where they took deposit the money in a Bitcoin machine. If they FedEx money to another address, that's not uncommon for people to put money into an envelope and FedEx it or UPS it or USPS it, whatever it is, overnight it to a particular location somewhere else in the US with tracking information, that can be a benefit. So any kind of information you can provide is good. Date, time, you know, all that kind of stuff. What where and when and how the basic.

Tim Hopper: 19:27

Guys, as we think about this and someone is falling or has fallen for a scam, do you have any thoughts on when the deacon might need to or it's wise to alert their family members, like children, uh, that maybe an elderly person has fallen for a scam?

Evan Strickland: 19:41

One of the first things that comes to my mind is it's very helpful to have the deacon be that proxy voice so that if there's a difficult conversation, it also doesn't have to be a relationship consideration. And I think deacons are incredibly useful. In that scenario, so that a thing that a person may be embarrassed to want to take action on or would be otherwise difficult conversation, the deacons can just help them through that difficult time.

Tim Hopper: 20:14

Yes, I absolutely agree with that. That's a good observation, Evan. Another member of the CDM and I are currently working on an article for New Horizons on deacons as peacemakers. And I think there's a lot of opportunity for deacons to be that, you know, kind of mediating person in different challenges. And I think this is a great place for that to be. Evan, obviously this is a big question and depends on a lot, but more from the technical side, you know, say an elderly person in your church comes to you and said, you know, I fell for the scam, I've reported it to the police. I know it depends on the scam, but is there a kind of basic checklist of technical things you can help someone in terms of just improving their security posture?

Evan Strickland: 20:50

When we deal with fraud of the person, the problem we've run into is the technical protection is on the person. And there's not too many of those things that exist. You can do some minor things to stop people from doing things like taking out additional credit cards, account takeovers, those kinds of things just by helping the person understand, don't do it. But in terms of like protecting them in the long term, unfortunately, a lot of the technological means are in the prevention, not the recovery. So the prevention mechanisms that we would have in these cases is some very basic, unglamorous things. Make sure that the systems that you're using are supported, protected, and patched regularly, that you have antivirus installed, that's a reputable antivirus, and that you go to websites that you know and with an appropriate level of protection on your browser. And if you can maintain those things, it's very unlikely that you're going to be at the forefront of the most critical kinds of infections. So that's the unfortunate level that we're at. There is we can shut the door after the uh cow has left the barn, but uh we cannot put the cow back in the barn.

Tim Hopper: 22:13

Yeah, I think that's the sad reality of a lot of these things. Or it's the recovery is often very limited in what's possible.

Evan Strickland: 22:21

There's one other thing that's maybe worth mentioning on John's point earlier about ISACs, uh, because the uh what the FBI does with the data is it correlates it and then distributes it where applicable. And I think that's a helpful thing there is these entities when you report it, you're helping companies and other entities to not fall victim to the same scams. So I think that's helpful. And and there's other stuff that the FBI can do too, but please do report. Yeah, for sure.

Tim Hopper: 22:53

Well, an interesting aspect of this also is that how churches can be targeted. And I don't know to what degree y'all know this, but I even removed a few years ago our officer email addresses from our church website because we were getting a lot of spoofing of particularly someone sending an email posing as our pastor and then sending it to other officers. Thankfully, our pastor's British and writes emails in a distinctive way, and it was always clear they weren't from him. But the things that like that for churches to be really aware of, like if you have a member directory, are you keeping that secure or is that getting just put on your website or whatever, or what information you're putting on the church? There's another not uncommon scam going around that someone tried to run on our church where it's like an old lady who wants to get rid of a grand piano and says, Oh, we'll give you this grand piano, and then tells you all this information about it. And then finally it's like, oh, well, I just need you to give me some money to help get it delivered or something. And, you know, those those kind of things that when you have that church contact information out there, you're just opening the door for that. And I think particularly wanting to be careful that especially that you're protecting the congregation, but even the officers of the church from those kind of things. Evan, we talked about this a little bit in preparation. Beyond what you were just describing, is there a way for churches to do any kind of training here in a more systematic way to help protect people? Or is that even realistic? And, you know, even thinking of this as a podcast to OPC Deacons, many of our churches are very small and with limited resources. Is that something that we can do well? Or are there other resources that we can point people to to help in this direction?

Evan Strickland: 24:32

Sure. So there's there's a lot of training that does exist. And one of the things that I've just found is in the corporate world, which is where I do most of my work, there's a system that's involved. There's your annual security awareness training. There's also lots of protections that exist just naturally because you're in the world of being protected by a corporation, they're compelled and required to do so. But those things when you step into the personal world are don't exist anymore. So when I think about the traditional tools that we have, even if you were to find somebody who could give you something like user awareness training once a year, I don't think it would be helpful because you'd have to have somebody who's very competent to come in and give it. I don't think it's in the realm of deacons to be able to just present that type of training. So the best preparation that I can come up with is that we need to be able to know how to deal with the after effects of it. And the best thing that I know of for us to do is to have that kind of engagement with the congregation that allows them to say embarrassing and hard things because this is like the worst days of their life when they realize what's happened. It you're talking about years worth of savings, potentially putting them into a scenario if it's an older person that's on like social security in in an area where it's uncomfortable. It's just very uncomfortable. So being able to have that level of comfort to talk about these things, to give them the small bits of advice. Hey, I came, I saw that you have a really old computer, not being patched, not being looked at. Hey, I see that you have had this issue happen to you. Now, how do we deal with it? They should be willing and ready to come and ask you things.

Tim Hopper: 26:35

I think that there's a lot of analogies here to kind of deacons and and personal finances and how we navigate that with people, and for deacons to be the kind of men that people are willing to come and talk to and not just, I think people fear they'll be laughed at or just judged, or somebody's gonna think they're stupid, and some of that maybe is inevitable. But for you to be the kind of men and to have the relationship with your congregation where they know that they can come and talk to you and you'll be received warmly and humbly to be able to share that kind of information. John, I'm sure that's a challenge for police officers when people are ashamed. Are there approaches or things you can use to draw people out and just and try to work with them on a solution when they're just embarrassed of what happened?

Jon McCann: 27:22

Yeah, certainly. I think there's probably a lot of crime that's not reported because people are embarrassed. They realize they were a scam and they don't want to report it. They're just embarrassed that they fell for it. And again, like I said, people with a PhD have fallen for these scams, and there's nothing to be embarrassed about. You know, I caught myself before, give you an example. I was trying to fix our cable and I just Googled a number for a cable company, our local cable company, and I first link popped up. I called the phone number and it personally answered through one ring. And it was a real purse. You asked for my address. And I got started thinking, I was like, they never answer the first ring, and it's always a robot, right? These larger cable companies. And so right away I realized it was just a spoof website that had been pushed up on Google somehow. This was years ago, right? But we're all susceptible to that. Maybe I'm a little more suspicious because I've been in law enforcement for two decades than the average person. There's certainly some embarrassment, and I think as deacons or or even congregants, we may have someone lean on us and confide in us, those things. And like I said, they should be reported because again, we don't know what the scheme was or how it transpired. Could be one of these overseas actors, or it could be someone local just trying to sell something on marketplace, right? Or one of these other websites, person sending down payment and that can be looked after. But sure, I think that's to be considered, yeah.

Tim Hopper: 28:25

One thing I've done with my own parents is just to really try to encourage them that it's always okay to run something by me. If you're not sure about it, I'm happy to take a look at it or hear what you know somebody's asking for. Or, you know, I think we really are just bombarded by these kinds of things now. Pop-up ads that are, you know, these kind of ads that spoof looking like Microsoft or Apple and emails and you know the the spam text messages. And just to let them know that you know, I'm not gonna be annoyed if you ask me, does this seem legit? You know, I think that's a helpful thing. And I think that same posture deacons can have towards folks, it's not gonna be an inconvenience for me if you just have that question.

Jon McCann: 29:03

I think a lot of the work, like Evan works in a proactive sense to stop the proactive efforts, right? In law enforcement investigations, we're on the defensive, but I think a lot can be done proactively to inform the public. But certainly there's been plenty of news stories about it over the years of people that have fallen victim to it. Uh for some reason it falls a lot on deaf ears, but we certainly should be doing our best to educate congregants and especially those people that are probably willing to be victims of these scams and schemes before they strike. And that's that's really, really important.

Evan Strickland: 29:31

You know, I really want to just go right off that for a second, because I think it's interesting. Why does it fall on deaf ears? I feel like in the personal realm, because so much is on the individual, you know, it's not like in a corporation where after a little bit you're compelled to report. It's falling on deaf ears because it hits differently when you're outside of a corporation versus when you're inside of a corporation. But it's it does amaze me. I don't know when this podcast is gonna release, but as of three days ago, the FBI gave a warning to all of us about holiday scammers. And so, like, who is gonna go to the FBI's website is a normal thing. Well, a guy like me in cybersecurity is gonna know immediately. But I don't think the general public is gonna be aware of how information is published and propagated to protect people.

Tim Hopper: 30:28

Yeah, I think certainly that's not their priority, and uh, as I'm sure you know in your own company, you know, all of us who work for big companies, we deal with these kind of cybersecurity tests all the time, and most people just feel like it's an annoyance that we have to fuss with it. That's not something that the average Joe in the pew is wanting to keep up with.

Jon McCann: 30:45

I think some of it too is people just think, well, I won't fall for that, right? That won't be me. They get that phone call, they get that email, they get that pop-up on their computer and hook, line, and sinker, man. That emotion takes over, people get convinced, like I said. And the actors at play, they've got a script to run and they're good at it. They're good at it. They'll have other people involved in it for plenty of times where people got called by someone and they're getting phone calls from uh while they're on the phone with the scammer, they're getting phone calls coming in saying it's the FBI or saying it's some other agency to arrest them because they'll spoof the phone numbers and it'll look legitimate. And the person will give the phone number to the law enforcement officer and say, hey, this is the number they called me from, and sure enough, that's the number to the local Marshal Service or to whoever whoever it is, right? Because they're just gonna spoof that phone number and get people really convinced. And they're just they're really good at playing the part.

Tim Hopper: 31:33

Are there any principles, John, for discernment around receiving these phone calls that are claiming to be police officers or law enforcement of of some type? What is the good practice if you're receiving a call like that?

Jon McCann: 31:47

Anytime you receive a phone call like that, uh I I would hang up and call back and verify. The police department's not gonna call you until you have a warrant for your arrest. That's not what they do, right? The IRS isn't gonna call you until you owe money. They're gonna send you a letter.

Tim Hopper: 31:59

Yeah.

Jon McCann: 31:59

A scammer could use a letter to send you, so but you know, make verification through that. But U.S. Customs and Border Patrol is not gonna call you on the phone and tell you there's a package at the border that has contraband in it and you owe $10,000 to release it so you don't get, you know, go to jail. These are schemes that you you think we wouldn't fall for, but people do. Or there's a virus on your computer, or there's something else on your computer that's something you don't want there. Let's say that. Okay. Obviously, end that call however you can and try to verify the information. They will try their best to keep you on the phone. They're almost like a used car salesman. They know as soon as you leave the store, you're not going to come back to buy that car. They have to keep you and keep you and keep you. So they'll keep someone on the phone from their house all the way to the bank to withdraw all the money, all the way to the ATM machine, the entire process, have them scared the entire time. So they know as soon as that call is over, it's done.

Tim Hopper: 32:44

Yeah, I know someone who received one of these kind of jury duty scam calls, and even the scammer has they're probably just playing a YouTube video, but it's like police department sounds playing in the background. You hear the radios buzzing and things. Um, so you can go hang up and you go to your department, local department website and call, make sure it's the official number, and then call them and say, I received this call. Is this legitimate?

Jon McCann: 33:06

A real common one is like your local sheriff's office calls you and said your warrant for your arrest, right? Or you you need to pay, you need to pay this ticket, uh, whatever it is. You had a ticket, let's say, through easy pass because you wouldn't have stopped by law enforcement officers. You would have thought, well, I didn't pay that ticket. Oh, now I have an warrant, and now I owe this money. Hang up and call the sheriff's office.

Tim Hopper: 33:22

It's awful.

Jon McCann: 33:23

Guaranteed it's a scam. They won't get you off the phone. That's a good indication. So that'd be my best advice. And his email works too. So if someone like emails you that you know, call them and find out if that's them. My own father, someone hacked someone's email in his church, emailed him asking for money and asked him to go put money on an Apple credit card, right? An iTunes card or something like that. He went all the way to the store and bought the card before he sent the information. He thought about it and then realized it was a scam. But someone had just hacked into another congregant's email and then started emailing everybody in the congregation of the church asking for money. And of course, us being giving, right? So we're susceptible to that too, because being Christians, we want to help folks, right? But we also have to be protective of that, you know.

Evan Strickland: 34:04

So there's a couple of things with that too. I th I thought were interesting. You know, John, one of the things you mentioned about hanging up and then calling back that may not be obvious to people is if they do come in, and it is the official number, it's worth understanding that when a person spoops an official number, if you hang up the phone with them, like do actually disconnect, you can call that same number back, and it will not be the same person, it will be the official number. So you don't need to be afraid of the callback and then wonder if I call this same number. Because I looked online first, I didn't just hit redial, but I looked online, I know it's the number. You don't need to be afraid of that. Yep.

Tim Hopper: 34:46

So as we come towards a conclusion here, if say a deacon has 30 minutes free this weekend, what possible preventions could they do to help someone in minimizing their vulnerability towards the types of scams we've talked about?

Evan Strickland: 35:00

I'll speak to the technology element first. I am a big fan of two-factor authentication. Even if your information is taken, just having that second factor of authentication is important because it does so much to protect you. And if you have one that has a push notification, or you know, you receive a text that has your notifications and you didn't try to log on to something, that's a proactive clue that your information's been taken. So don't just hit yes, don't just type stuff in. Those are real helps to you. The second very practical thing for me, and I think I've said it a couple of times on this podcast, I don't allow unpatched, unprotected stuff in my home environment. And I think it's worth taking away. It's not a help to anyone if you have unprotected equipment. So your old computer that works just fine, running Windows 8 or even Windows 10 is not going to be sufficient in this day and age.

Tim Hopper: 36:07

Yeah, which, you know, that can be a difficult thing to convince someone that they need to upgrade, but maybe that's a way that uh, you know, the deacons need to maybe help financially and then also help get somebody set up on that because uh that can, especially as our operating systems seem to change more and more between releases, that can be a new things for someone to learn. There's a lot to ask. John, anything you would recommend if you have 30 minutes to help someone?

Jon McCann: 36:29

Yeah, I mean, I think I we talked about it earlier. I think if you get a phone call from someone who's claiming to be, you know, uh from the federal government or local police department or sheriff's office involving one of these scams, hang up and look it up and call them back or call the number back on your cell phone when it appears. They're gonna spook those numbers, they're not gonna be legitimate. They will try to keep going the phone, but no matter what, hang up and call back. Determine that'd be a fraud real quick. Also, don't ever send any money to anyone. This seems like a no-brainer, right? But don't ever send any money to anyone, whether it be through a, especially through a Visa check card or a green dot card or through Bitcoin. Police departments and law enforcement agencies don't take payment. We don't take payment for you committing crimes. Okay? The judge orders all that from someone. So you don't send any money to anybody, even if it's someone claiming to sell some kind of computer software that's going to fix something. And don't give anyone access to your computer nor to your bank accounts. Anytime these victims will tell us that, you know, they got access to my bank account. Well, lo and behold, they got convinced you to log in while they had access to your computer, or you provide the email and password, a login password to them, and they wired money from your account. So don't give away your passwords or anything. I think two factor authentication is a great tool. That pretty much covers it. I think also, you know, other things that are helpful as far as like just keeping awareness of your own identity, some kind of a credit report software. I think trying to protect your identity and your financial records are important. I think looking out for your financial well-being and your identity are important. So you can use companies like Credit Karma is not bad. They're free. You can get updates if someone accesses or opens a credit card or a line of credit under your identity. Life Lock is a company that offers services, costs money, but can provide you information if someone accesses your information to use it in nefarious purposes. At least you have a heads up in that. They do offer some kind of protection. And those things you can do to help yourself day to day, I think.

Tim Hopper: 38:14

A lot of credit cards now also are offering credit alerting where they do the checks on your credit report and see if you're they are very helpful.

Jon McCann: 38:21

So anytime you can set up where if someone uses your credit card, you get a text or you get an email about a charge, those are always helpful. That way you know if something happens right away. Because sometimes what these guys will do, they get access to your bank account. It's kind of off offshoot, but uh they'll start with small purchases because they might not be flagged by the creditors. But once they start getting larger, they might call you, but by then it might be late. And you know, your money you usually get back, but uh just to avoid that completely, set up notifications are important, you know.

Evan Strickland: 38:50

One other thing, and it's a funny website, is Have I Been Pawned, which is something that's a little more tech related, but that's PWNED pawned. It's an interesting website because there's that breach area that we talked about where where is your information taken? You can go to that website, it's a free website, and you can type in your email address, and it'll tell you whether or not your information's being circulated. And I think that is very useful because you can see when and a lot of the companies that that get those proactive services, whether it's lifelong or another, they're going to be using information like what comes from Have I Been Pond to go and build that RU in a potential risk.

Tim Hopper: 39:37

That's helpful. Right, guys. One other thing I just wanted to get to since we haven't particularly talked about is the way that AI tools are changing some of this landscape. And, you know, one of the things that's become very possible in the last few years is creating extremely accurate voice clones. And, you know, my voice is on a bunch of podcasts and presentations and things that I've given that are on YouTube. I could go and in 10 minutes on 11. Labs create a very accurate voice clone of myself and then generate this AI talking exactly like me. And that's one thing I've warned my parents about is like, you know, someone might call you someday and sound exactly like my voice. That is not me. That's 100% possible right now. And they're now with the video and things, so many more things happening here. Do you have any thoughts or advice on those types of emerging threats?

Evan Strickland: 40:26

I've got quite a few. I think the average person, at least for a while, is gonna struggle with that. And there's been a couple of news reports where people to that effect have said, yeah, I fell for it. It was it was not so obvious to me, and I fell for it. So in preparation for this, I sent Tim and John a little clip from Elon Musk just saying that AI impersonation is not a problem. But to your point, Tim, that also works for me, it works for you, it works for anybody, and it can be done with a very small sample. You mentioned 11 Labs. There's a couple of others that are out there as well, and it's very minimal payments to go and create these things and be very successful in it. So the corrections to it are not obvious. But the first advice that John gave, if it's an audio thing and you're wondering, is it my child, just hang up the phone. If you're concerned and you just for whatever reason can't hang up the phone, in this news report that was mentioned, the lady said, I don't know why I didn't think to call the person that this was reported to be from. If you get an inkling, you feel like maybe they're saying words or phrases that you wouldn't normally expect them to say, then you can just simply call. Call them, ask them, text them, find another alternative route of communication, because you can't rely necessarily that you're gonna be able to distinguish the real person from a fake AI created person.

Jon McCann: 42:17

That's helpful. John, anything to add there? I mean, obviously I think AI is gonna be used in nefarious ways for sure. In the law enforcement world over the last decade, half the last decade especially, we've invested so much into body camera footage. People won't believe what we have to say, right, as law enforcement officers. And so I don't have a problem with it. What's gonna come is interesting, is that as time progresses, people aren't gonna believe anything they see anymore, right? It's gonna come back to the to the word to somebody's actual testimony. We could go on a tangent probably for hours talk about AI, I'm sure, the pros and cons of it. It's just kind of a scary thing. It could be some great benefit to us, I think, as a society, but certainly all of these things have been used to scam, to cheat, to grow evil, right? I mean, we think about years ago, the dating thing we talked about earlier about how someone was romancing somebody, that probably started through love letters, right? Somebody overseas is going to marry you. You send them money in the mail, they got the emails. We had the prince, right, overseas somewhere who just wanted to marry a lovely woman and had this money. If he would send you $10,000, you send him $1,000 first, right? Women would fall for that, men would fall for this beautiful woman somewhere overseas. And that kind of developed into other scams and more scams. Then we started having cell phones and internet and all of these things evil has seeped into. And it's not gonna be surprising. The AI will be used certainly to do all sorts of things. And it's gonna be an interesting ball of wax as time progresses. What it means now, what it'll mean in the future, I really don't know. But I'll be retired in a couple of years. But I tell the young guys now, I'm like, I don't know what this place is gonna be like because there's gonna be a lot of people out of work and there's gonna be a lot of cheating and scamming through through all this stuff that's gonna happen for sure.

Tim Hopper: 43:57

Yeah, I think one of the things we see as Christians in this is you know, this goes right back to Satan in the garden saying to Adam and Eve, did God really say, right? It's uh it's it's like the first scam, right? Yeah. And as both of you see in different ways in your careers, these things just evolve with the tools that are available. None of it's limited to any time or place. The people who have a financial incentive and evil hearts are going to do evil things. And so we just have to be vigilant.

Evan Strickland: 44:25

There's a little board to it, I think, too, with that. We do need to be vigilant. I also think it's worth mentioning the coordination of these things is a lot more sophisticated than might be obvious because we see it on the individual level. You know, when you get the scam, all when you get the impersonation, that's a person. So you see that as the individual. But in my world, one of the things I've found interesting about AI is it's done something we haven't seen in the industry in a long time, and that's reclassify different types of attacks. In my world, MITRE attack has been used for the longest time to try to categorize the types of attack. Well, MITRE just came out with something called Atlas, and that's because they see AI as a a distinct and new way of rationalizing these attacks. And so when we look at these, the rapidity of this and the sophistication of it is increasing at an incredibly alarming rate for us. So, John, I don't know if you're gonna be retired by the time all this stuff happens, but at least what I'm seeing is uh I look at stuff that's six months old and I go, it's almost not worth reading because it's too old compared to what we've revolutionized compared to six months ago.

Tim Hopper: 45:46

All right, guys, that just one final question. Would you summarize all of this saying that we need to be skeptical of communication we receive in ways that we're able to train people to do that as well and not to just believe everything that they're told or is asked of them? Is that a reasonable conclusion?

Evan Strickland: 46:02

I think a healthy amount of skepticism is always a necessary thing, but I think one of the great benefits that God has given us in the church is we get to meet each other face to face too. So I think that's also another reason just to have fellowship with one another and enjoy that time. John, any concluding thoughts on that?

Jon McCann: 46:21

Yeah, I think that just a healthy level of skepticism is obviously important. You know, it doesn't seem right, it's probably not right. Too good to be true, it probably is. There's those old adages we need to remember. But yeah, I think it's it's important, especially this day and age. There's so many attacks coming. Isn't just the con man selling the snake oil anymore, right? The traveling con man. It's like Evan said, we've got office buildings full of people, and this is their day-in-day-out job. Whether through monetary means they're getting paid to do it or by by slave labor, they're doing it. And with AI, again, that's a tool they're going to use in their toolbox.

Tim Hopper: 46:51

Well, thank you, John and Evan, for coming on the podcast to share your expertise on scams. We recognize this is a broad topic and that anyone could be a victim, but we hope this episode has been a helpful foundation and given Deacons a strong starting point. We look forward to the possibility of expanding on this topic in future episodes. And Deacons, we'd love to hear your thoughts on this topic or any topic we've covered or you'd like us to cover in the future. We invite you to write us at mail at thereformeddeacon.org, and we'll take a look at your feedback. Thank you.

Speaker 1: 47:22

Thanks so much for joining us. Special word of thanks to our producer, Trish Dugan, who works faithfully behind the scenes to bring this podcast to you. Be sure to visit our website, thereformdeacon.org, where you'll find all our episodes, program notes, and other helpful resources. And we hope you'll join us again soon for another episode of the Reform Deacons podcast. Free audio production.com.