A

Not sure how to tackle your taxes? Are you sweating the small print? You may be experiencing FOMO, the fear of messing up the answer using TurboTax on Intuit credit Karma. They help you get your biggest refund and then we help you do more with it with a personalized plan designed to help you hit your money goals. It's time to take your taxes to the max. Start filing today in the Credit Karma app. Spring Fest is happening now at Lowe's. Keep the spotlight on your yard with stay green premium 2 cubic foot mulch. 5 bags for $10. Plus when you want more help indoors, get up to 40% off. Select major appliances that help you supercharge your chores. Our best lineup is here at Lowe's. Valid to 422 well supplies. Last selection varies by location. See lowe's.com for details. Mulch offer excludes Alaska and Hawai.

B

Welcome to the watch floor. I'm Sarah Adams. Lately, Americans overseas are feeling uneasy. We have rising tensions, of course, to do with this early onset of a war in Iran. We have stories about Iranian proxies targeting individuals. We have fears going on that apps and location services can be compromised. And it's leading to a lot of questions about, well, how do I protect myself abroad, abroad or others that I'm getting floods of from parents, you know, how do I tell my loved one overseas how to better protect themselves? So that's actually what we're going to cover today. While it's going to be based on concepts that keep you safer overseas, anyone can, you know, get value out of today's episode. What we're going to cover today are real examples I've seen and then practical steps and lessons learned. Because at the end of the day, we all love our phones and our apps, but they make for a massive vulnerability in these high risk environments. And because there are a lot of unknown, especially in the coming weeks, it is better to fix any vulnerabilities now instead of realizing after the fact and been like, oops, I could have made the slightest change to the way I do things. And now I put myself in a precarious situation that I never should have been in. I've seen firsthand that these small mistakes can lead to devastating consequences. You know, apps and devices expose so much more about you than you actually can really comprehend or realize. Data is its own universe, and a lot of people make a lot of money off of selling your data. But as you can imagine, you don't know where it goes to as it gets pilfered through these different data Exchanges. And it's just something we need to be honest about and keep in mind. So today, let's just walk through what some of this exposure looks like and how to protect yourself. I want to just explain why this is serious. When we have apps like Uber, Snapchat, Instagram, the different fitness apps that we like to use, they don't just track your location. You can see potentially who someone met with when and for how long. When you have those pieces of the puzzle that that becomes pattern recognition. Every GPS ping, every geotag, every check in leaves then a digital footprint that you can, of course, roll in to this master pattern analysis. Over time, these footprints can create a pretty solid picture that an adversary can work off to target you. I know this very well. It literally was my job to do this, and I did it back in the day when smartphones were really just coming out and we weren't even exploiting apps then. It's an entirely different world now, and there's so much more data people can use to find you and target you. I think one of the most famous cases we all know is just simply usually done by stalkers. And of course, it is the use of the air tag. Now, when you understand seeing at least how that kind of stalking and tracking works, it makes it easier then to think through some of these other things. So, of course, when you use the airtag, you have locational data and it could be sensitive, right? If you aren't allowed to be within a certain distance of this person and they are trying to stay away from you. Now that locational information is sensitive because you were never supposed to have it. Another thing is now the routines of this person being watched or targeted or stopped becomes incredibly vulnerable. If there's anything they do repeatedly, like maybe they go to the gym at the same time every day, well, now, knowing that, it puts them under another level of risk. Lastly, all of these small digital breadcrumbs add up, and it gives a clearer picture of how someone can get to you. And it can be a very scary thing, especially in the case of a stalker, when you're really trying to keep yourself safe. Now, when I was working on kind of volunteer efforts in Ukraine, we were evacuating people out of the country to safety. I noticed something that was very interesting that was occurring. So a lot of foreign individuals were coming into the country. Many were trying to join the legion. Others were just doing volunteer efforts, but they started using dating apps to meet people in countries. Some had never been to Ukraine. Well, when they started doing this, the adversary Russia was literally making fake profiles on the site. They were collecting information, and then in some cases, they set these individuals up. They thought they might be going and meeting individuals, but they then unfortunately got targeted by Russia. It's a very scary use case, but I saw it happen plenty of times. And I do think we need to be honest that governments are using these platforms in that way. So don't just think, oh, a platform is perfectly safe because it has some sort of authentication on it, or because these companies are promising you in some way. You don't know how someone is going on and misusing it. I think the most famous example was in 2018 with Strava, kind of the fitness running Apple. They did something and it was very benign. They aggregated a bunch of user data and then just put out a heat map, right? Hey, here's where all of our customers are running all around the world. I mean, it sounded smart. The problem is when you looked and zoomed in on the map, it literally showed US Military personnel and intelligence officers running around their bases. Now, it's fine if they're running around Bagram. Everybody knows the US Military was based at Bagram at the time, for example, but a lot of people got very surprised at certain locations in Syria. So undercover bases and facilities unfortunately got compromised by this. So it's an insane thing. So in the heat map, some of the most famous things were base perimeters. Right? You could determine, oh, there's actually a building there, and clearly there's these Americans running around it, patrol routes. You could see where elements move from, the ways they go, what they avoid. You could then see frequently used pathways. Then again, so many previously undisclosed facilities ended up being compromised. And not just facilities, but covert operations that really shouldn't have been in the public space because of the sensitivity at the time. Remember, usually there's still sensitive at the time because we want to keep people safe and not get them killed. So this is a very scary thing. And when it happened, it caused a lot of concern in the community. And in these cases, like, you create open source intelligence, but unintentionally think about how often this occurs, especially when you start aggregating data. That's when things become dangerous. And that's just if you take one database of information, you put another database of information on it, and you keep doing it, and it pulls together a clearer picture that you never would have gotten from just the one data source. Lastly, it's a little dated, but I do think it's important because also people have misused these systems Internally within some of these organizations, the most famous case was in the mid 2010s and it was uber and Uber employees, they were using this tool that they nicknamed godview, I kid you not. And what they could do is use rider location data and misuse it in a number of ways. For example, they were literally tracking known journalists doing this. We had issues where some of the employees were monitoring their ex partners and then they were looking at a lot of individuals and data that they really didn't have a need to know. So this was a massive misuse of their legitimate access. Remember, convenience comes at a cost. Yes, these apps make our lives so much easier, but the data in it in the wrong hands can really be used to harm us. Now onto the actionable part. We talked about all these dangers, but you know, what do I do to protect myself overseas? Or you know, what does a loved one do to protect themselves? And we're just going to walk through step by step. Some of the most important things you need to do, obviously you keep hearing it and it is the most important. You need to pay attention to location services. It's not like you just turn them off. And you need to make sure you turn them off on each device, but you also need to go into like each app and program and check that it's off in each of them because defaults a lot of time on most of these apps. Keep them on because the app might make you think you're there for social media and to share your day activities, but they make money off of the data they collect from you being on the app. I mean, it's just an honest thing and we have to keep that in mind. Another thing is you should avoid sharing your location, be it on social media, social media, messaging apps and even within private groups because things are not as secure as you believe them to be. I mean, look at Signalgate. Last year we had senior government officials believe they were in a pretty safe chat group until an outsider got brought into it and compromised it. And remember, these group chats can leak patterns. We saw this when the chats in Minnesota started leaking about all the individuals planning these different protests encounter ICE operations. And we learned really quick not just the movements, but even the people who were in it in true name because of the activities they were claiming they were doing in the app, the locations they were saying they were in, people can literally correlate them to their correct identity. It's really amazing to watch this occur in real time. Another thing is some of these apps request this background locational Access. In those cases, you also need to disable this. The best example is your navigation apps. So click them to only be active when in use. We've all seen that option, so only when using the app. The other thing you need to check for is like device level geotagging. A really great example of this is if you take pictures or video, especially if you're using it in different apps and each app you're doing it with, you need to make sure it's not applying that into the metadata. Now let's just talk about the apps themselves. In general, when you're overseas, the best thing is to delete the apps off your phone and use as little of them as possible. It's the smartest and simplest way to stay safe. But if you are going to use them, we're going to now go into a few steps to help. So again, only mission critical apps you have to use in your daily life should be on your phone overseas. The other thing is you need to review the permissions closely in that app. Most important is microphone, camera and access to not just your location, but to your contacts. We've had a lot of cases when people don't realize if they don't put their Venmo private, everybody can see the contacts in there, even if you never paid that contact. Something super simple and super important. But if you don't lock that down, I can go look right now and understand a lot of the contacts that you call every single day. You know, avoid any apps that publicly broadcast your location. Very common ones that do this are fitness apps and dating apps. Because any of that aggregated data can leave patterns. And right now our goal is to leave no patterns. We need to keep apps current, right? Keep everything updated. Now let's talk specifically about the device and the connectivity. My opinion is if you're overseas, doesn't matter if you change your SIM card. I know plenty about phones. It can be determined that phone was used in America. It's an American phone. People can determine the prior sims you had in it, etc. If you go overseas, the safest thing to do is get a local device on the economy and a local SIM on the economy. Smartest move. And that is what I recommend 100% of the time. Another thing that's really smart is if you have like a job and then you have your personal life. So let's say you're working overseas, you're an expat, your work should be on one device and anything personal should be on another and you should not cross them because sometimes the target is just your company. So it insulates you in some way because they're more likely maybe targeting the devices that fall under the batch, like a phones that company bought for example. So it's something to keep in mind and it's very smart to do. Yes, you might look like a drug dealer with two phones, but I highly recommend it. I know we hear this all the time, but always enable multi factor identification on every account, right? Especially your email, any sort of banking, and of course your cloud storage. I mean that's one of the most important pieces because so much is there that you don't even realize that you send up into there. This offers another critical layer of defense if your credentials get stolen in some way. And unfortunately it's does happen. You've heard this before but I'm going to say it again. Avoid connecting to public WI fi or anything that says free. Public WI fi or free. And whatever location you're in WI fi, you know, if you have to use a VPN. But even VPNs can leak data, so don't think that's like 100% protection. It's not. Another thing that's really important is to turn off your Bluetooth because these Bluetooth signals can be used to detect and track your device from devices nearby. I think it's something people forget about because you're using it for benign things like oh, you're hooking your headphones up to it. But again turn that off. Now let's take a minute and talk about data management. So back up your critical files and any important documentation offline as well. If everything is only in the cloud and that gets compromised, you're in a tough spot, especially if you're overseas and you have maybe lost your passport or other items. So think through the best way that you're going to do this and keep the backups of everything important safe. Another thing is especially now because a lot of us do not even memorize most phone numbers we use. Like I know, maybe my grandparents. You need to have a hard copy of important contacts, you know, in case there is a problem. Like contacts to do with your bank, your medical, anything that you're going to need to reach out to when you're overseas and a crisis could be occurring. A lot of people don't take this the next level. It needs to be so you need to avoid posting routines, check ins, location data. A lot of people market to friends only and they think well I have that covered. But no, like if their accounts get compromised in some way Your data is also available. So just turn all that off completely, not just allowing it for friends or family, just go completely dark in that case, especially if you're overseas, yes, we're being extra cautious, but again, we're in a heightened security level. We need to be extra cautious. We have watched Iran target civilians and target civilians in areas that aren't that common, especially in places like Dubai. So this is very important right now to be extra cautious. Another thing is, you know, consider encrypted messaging apps for communications. Now, I'm not telling you these are perfectly safe safe, but they protect your content and your metadata better than others. So just keep that in mind and use them to the best of your ability. But don't overuse any device or any app when you're overseas. Right. You should be spending the littlest time on it imaginable. Like, I maybe called my family every six to eight weeks for just a couple of minutes when I was overseas. Right. So I practice like a digital hygiene now. I would maybe send emails out more regularly. But you have to come up with some sort of cadence that works for you. And relying heavily on your device and using it all day to communicate with people back in the United States when you're overseas isn't the smartest move right now. We're not saying forever, but just, you know, let's lock things down right now, especially if you're serving or working or traveling in the Middle East. Now, let's talk a little bit about behavioral discipline. So we say it all the time, but it matters. Don't click on links from sources you don't know. Even if it's something juicy that came in, don't click it. Another thing is, we have to pay attention to the fact that you can be an access point to something else. So phishing spikes during these crises because everybody wants to steal data. As I told you previously, if you work for your company and you have your work device, this bad actor might be targeting you to then get access to the system of your work. Let's say you're working for IBM overseas. So they're targeting Sarah, the data analyst, the IBM, they're going to target my emails to try to get into the master system. Don't ever let yourself be an access point to the adversaries to cause harm to your company, to your family, to your government, et cetera. Monitor apps for unusual behavior. Luckily, a lot of them will send the email. Did you sign in from this location? You got to pay extra attention to it. Another thing is, if your app Is using like an incentive. Insane amount of your battery, that's very strange. If it's happening and it's an app you rarely use or you don't even actually remember putting on your phone, you need to delete it immediately. If it's a normal app you use, but it's like using 80% of your battery, I would at least uninstall it and reinstall it. So you need to take extra focus there into your battery usage. It'll tell you a lot of what's happening behind the scenes on your device, things we don't always pay attention to. Another thing you need to watch for is kind of like repeated requests to access one of your accounts when you haven't lost your password or the app repeatedly crashing. In those cases, delete the app and I would likely also go in and change my password. Any piece like this that comes into play, it's a warning sign. Don't be panicked. You're not hacking, most likely. But now you know, oh, I should take an extra step to protect myself. You know, a few extra tips I like to give to Americans overseas is first off, if you're wanting to kind of distance your phone even more when you're overseas, but you don't have it completely off, you know, put it in airplane mode. It does help. I did notice though when I downloaded and I don't know if a lot of people have done this, but you should because you can learn a lot from it. So I downloaded my Google data in takeout and so when I downloaded it, I had gone to Iceland and I put my phone the entire time on airplane mode when I was in Iceland and there was locational data of places I went to, you could actually track pretty decently my time in Iceland. So don't think just having it in airplane mode is taking off some of the tracking behind some of those apps. You gotta be smart. And again, that's on Google takeout and it is smart to download it and kind of see what patterns you're putting out there. Maybe where you're making mistakes you didn't even realize. Hard thing overseas is ride sharing apps. I know we all want to use them for convenience. It's so easy. You walk off the plane, you hit it, and then they're outside by the time you get your luggage. The negative is your payment information is being stored, your starting and endpoints being stored, obviously your photos usually in there. It's incredibly risky. What I like to do when I'm overseas, I just like to give my best practices is pay in cash to a driver. I do think it is at least another step that protects you, especially if you could be a target to someone and you don't want to give them extra data they can use to find you. And then just something you should simply do no matter where you are, is like regularly audit your phone. If there's apps on it you don't use, delete them, because they are kind of a risk vector. Another thing is, you know, any contacts in there that you don't use or that they were temporary, like, delete them, right? If it was a contact phone number, maybe for a driver, at some point, it doesn't need to be in there anymore. Maybe it was a moving company. It doesn't need to be in there because obviously compromises other people can get involved in, you know, can bring your name and your phone number to the forefront, and you don't want that to occur. Another thing about auditing your device is when you turn off things right now, like your location history, it does not mean the history of it's not in your device and not accessible. Again, a really good reason to be deleting those old apps because some of them are storing that data and you no longer want that data to be available. So when we talk about something like digital hotspot hygiene, it's not really just about privacy. It's about personal safety. And again, I know everything today was kind of like the strongest thing you should do to protect yourself, because again, we're focused on people overseas. So I just wanted to make that clear. Sometimes I get comments. This is paranoia. Well, if I'm in Dubai working for my company, I do want to keep safe. I don't think it's paranoia to make sure the enemy can't figure out that, oh, every day at noon, 20American devices go to this cafe and eat together, right? Because I'm not just protecting myself in that case, I'm protecting those around me. And that's what we should all want to do in these type of situations. So every app, every permission you allow, every post can really become something an intelligence organization can take from and create patterns from. You know, it's very simple. It's something I still do every single day. All we're focused on is, of course, when this data falls into the wrong hands, discipline, awareness and the proper management of your devices is just another tool that protects you. Once you do all this, then you just feel one more layer safer. And that's all we're trying to do. You just have to make it one step harder and then another step harder and then another step harder for the adversary. And guess what? When it gets too hard, they're just going to move on to someone else because they want what's easy. So when we talk about devices, discipline is our first line of defense, awareness is our second. And digital hygiene isn't optional. It has been known to save lives. Thanks for being here today on the watch floor.