Breaching the Boardroom

Breaching the Boardroom is a high-level podcast designed to explore the intersection of leadership, growth, and technology. Each episode brings industry leaders, experts, and innovators together for candid conversations on how to navigate the evolving tech landscape while driving business success. We’re on a mission to simplify complex topics like AI, cyber threats, and IT strategy, making them accessible and actionable for executives in mid-market businesses.

All Episodes

Breaching the Boardroom

Romance Scams

February 13, 2025

💔 Romance Scams: The Cyber Threat You Didn’t See Coming

In this episode of Breaching the Boardroom, host Ashley Sebastian sits down with cybersecurity experts David Mauro and retired FBI special agent Darren Mott—also known as The Cyber Guy—to uncover the shocking reality of romance scams.

These scams go far beyond online dating, impacting individuals and businesses alike. From emotional manipulation to financial fraud and insider threats, cybercriminals are leveraging AI, deepfake technology, and social engineering tactics to deceive their victims.

💡 What You’ll Learn:

✅ How romance scams work and why they’re on the rise
✅ The link between romance scams, cryptocurrency fraud, and business email compromise
✅ How scammers exploit social media, dating apps, and AI-generated personas
✅ The real risks for businesses when employees become victims
✅ How to protect yourself and your organization from these evolving cyber threats

🔐 Protect Your Business from Social Engineering Attacks

Learn how NetGain Technologies helps businesses combat cybersecurity risks with expert strategies and proactive security awareness training.

👋 Connect with Us:

Ashley Sebastian – Host of Breaching the Boardroom

David Mauro – VP of Business Development, NetGain Technologies

Darren Mott – Retired FBI Special Agent & The CyBUr Guy

📖 Resources Mentioned:

Get Cyber Smart: A User-Friendly Guide to Protecting Your Family, Your Business, and Yourself Online - Darren Mott
The Cyber Guy Podcast & Cyber Smart Morning News Update - Darren Mott

🎧 Listen now and subscribe to Breaching the Boardroom

🌟 Who Are We?

NetGain Technologies is a leading managed IT and security service provider with over 40 years of experience helping small to mid-sized businesses succeed. 💻✨ Specializing in IT management, cybersecurity, and strategic consulting, we empower businesses in healthcare, finance, manufacturing, and beyond to turn technology into a competitive advantage. 🚀

🌐 Website: www.netgainit.com
💼 LinkedIn: NetGain Technologies
📅 Meet with Us: Schedule a Meeting

Meet Your Hosts

Ashley Sebastian (00:09)
Hey everyone, welcome to Breaching the Boardroom. Today we're diving into a topic that's as heartbreaking as it is dangerous, romance scams. To help us break it all down, we've got our very own David Morrow here and a special guest, Darren Mott, also known as The Cyber Guy.

Darren is a retired FBI special agent with over 20 years of experience investigating cybercrime and counterintelligence threats. He now hosts the Cyber Guy podcast where he shares insights on cybersecurity and how people and businesses can protect themselves from cyber threats. Darren, welcome to the show.

Darren Mott (00:51)
Ashley, thank you. I should also mention I also do a daily podcast, well, three times a week called the cyber smart morning news update if you want your cyber news real quick in the morning. So there's that too.

Ashley Sebastian (00:59)
Okay,

cool. I'll be sure to link those down in the description here for this podcast too. Awesome. Well, let's hop into it. I'm going to kick things off by asking you all, what are romance scams?

Darren Mott (01:02)
sure.

Ashley Sebastian (01:11)
They're becoming more prevalent today. don't know, David, do you wanna outline what a romance scam is and why we should care? Okay.

Darren Mott (01:11)
Which one do you want us go first? Who's going first?

Thank

David Mauro-NetGain (01:17)
Well, yeah, because this one's kind of easier. So I'll take this one and then we'll get into

Darren Mott (01:19)
Mm-hmm.

David Mauro-NetGain (01:21)
the details. I'll pass it over

to the FBI guy. Yes, a romance scams. The scammers use websites, social media platforms, online forums, dating apps, a whole bunch of different mediums. And they engage in, you know, profiles with attractive photos creating charming

personas, right? And they gain the trust and affection of the victims, which are the targets. They operate as individual scammers, individual criminals, as well as organized crime call centers. And sometimes the employees working at those call centers don't even know that they're working for a crime organization. Darren, anything to add to that?

Darren Mott (02:04)
No, that's right. mean, they utilize psychological means to get people to believe what it is that they're saying online because this largely targets the elderly. It's not only the elderly, but largely targets those that are in the later stages of life, maybe widows, widowers, divorced folks that everybody has that human connection and you're looking for that. the online...

David Mauro-NetGain (02:09)
Mm-hmm.

Darren Mott (02:29)
universe makes it easier to find people all over the place. And the scammers recognize that. with every technology, the bad guys figure out how to utilize that for bad things. And exactly like Dave said, they use that to find the most vulnerable in our society and prey on their fears and their desires.

David Mauro-NetGain (02:46)
I will say that it is much more prevalent than most people think because oftentimes the victims don't even tell their families about it because they're so embarrassed.

Darren Mott (02:56)
Right. it actually that's great point, David. And so in the 2023, 2022, 2021, 2020, IC3 Internet Crime Complaint Center cybercrime report, scams against the elderly, which is primarily romance scams is the big part of that, or at least a big part of it is number three from a loss perspective, cryptocurrency scams is number one, business email compromise, number two, crimes against the elderly, number three. And I would argue that probably within that cryptocurrency piece, there's a large piece

that also targets seniors, but they don't double count that. But we're here for romance scams specifically. But some of these romance scams can lead to the cryptocurrency scams because, hey, if you love me, you'll invest in my new app that will make us all a bunch of money. So we can talk about that when we get to the details on that going forward.

David Mauro-NetGain (03:31)
I

Right. yeah.

Ashley Sebastian (03:43)
So they are becoming more prevalent these days, I guess, in the elderly community. What are the most common tactics that they use to deliver these victims?

David Mauro-NetGain (03:52)
Well, the one thing I do want to point out, it's not just the elderly. Like in general, I think that that demographic is targeted more often with these types of scams. But in terms of the amount of scams, there's a lot of younger generations that use a lot of dating apps and they are absolutely targeted.

Ashley Sebastian (03:56)
Mm-hmm.

David Mauro-NetGain (04:13)
So with that, let's bounce back to your question. Sorry. Yeah, it's exactly right. Yeah, and it's actually quite effective because they're actually leveraging that not just to deplete the financial reserves of the victim, but to gain access to the victim's employer. So especially among younger targets.

Ashley Sebastian (04:13)
Okay. Is that like catfishing on MTV?

Darren Mott (04:19)
Mm-hmm.

Ashley Sebastian (04:20)
What's the show called, Catfish?

Mm-hmm. Okay.

Darren Mott (04:39)
And

it's really as simple as just going to those main areas where people who are looking for relationships congregate, right? Your dating apps, your social media platforms, all those things. And I would even add that with the addition of how much information is being lost through data breaches all over the place, that the ability to randomly find people just through email, it can be very effective as well because there's so much information we have lost on our own personal

privacy data that you can create dossiers of people say, we know that this person, you know, he lost his wife a year ago. Here's his Facebook account. Here's his email account. We can reach out to him and create that conversation. LinkedIn is a huge, a huge one. get these all the time from people like, hey, really like your profile. Can we talk more about whatever? It's exactly, I know what it's leading to. But the same thing, because if...

You're going to have all that social media presence now well known to the bad guys and they're easy to find victims because it's just shooting, spray and pray. He sent out 10,000 emails, 10,000 messages. Someone's going to respond to you because they don't know, they don't understand the threats targeting them.

Ashley Sebastian (05:35)
Mm-hmm, yeah.

David Mauro-NetGain (05:42)
Absolutely.

Ashley Sebastian (05:44)
So in addition to, I guess, feeling silly when you've discovered that you're in a romance scam, what kind of other effects do they have on you? Like financial stream quite large.

David Mauro-NetGain (05:58)
yeah. mean, what they've been doing is, mean, I mean, it's a con game. It's confidence, right? They will build up the confidence. They will love bomb people. And the old adage of if it's too good, if it sounds too good to be true, it probably is. Well, the same thing goes for romance. And if when somebody is saying every single thing you've always wanted them to say,

And how in the world did they ever, how did you not find this person before? You know, people are craving that and they're in there. It appeals on a very deep personal level. The damage that's done is psychological and financial. There's a lot of fallout from it. So there's a lot of internal beating up of somebody.

that, know, like, just like I'm so human, I can't believe I fell for that. How dumb am I, etc. And they're not right. They genuinely were socially engineered, right? They tapped into the part of the mind that drives behavior, right? It's the limbic part of the mind, the part that makes us buy things, it's the part that makes us do things. And it has no capacity for language, they tap into that, because that's where all of our feelings are in our emotions.

And they satisfy everything. then typically, Darren, like offer some color commentary, please. But like generally, there's an incident that happens, you know, I can't I can't come visit or I was planning on coming visit, but something happened. You know, I my card got canceled or I wasn't able to make the plane. Could you, you know, could you wire transfer me the funds and I'll be there? Right. It happens. It happens quite often.

and

Darren Mott (07:42)
I'll give

you the perfect example. I got perfect story for this, wrote about it in my book. My wife has a friend whose mother is a widow, and she met a guy on Facebook. And within three to five days, he was telling her he loved her. He was a little younger than she was, had a couple pictures on his Facebook profile, would communicate through text. And maybe they spoke on the phone that I can't guarantee they did, but I think they did. But he said all the right things. it hits that, like David said, hits that limbic system in our brain. This is great.

David Mauro-NetGain (07:53)
Mm-hmm.

Darren Mott (08:08)
hit and it's fantastic. But the daughter said, Mom, does this not sound weird to you? And she goes, No, he hasn't asked me for anything. He's just, you know, he's he's lonely like I am. And so fortunately, she told my wife and we invited her, the mother over to talk about this. And we spent an hour saying, Look, here's the red flags I'm seeing, right? He had 160. It looked like he had 160 friends on Facebook, but it was 160 people he was following. So they were all women. weren't connected.

directly connected friends, like you would get a friend request, he would just follow them and it shows up on LinkedIn as these are the people you're following. And they're all women. And ironically, my wife, I said, just send one of them a message and say, hey, do you know this guy? So we picked a person out of random and my wife sent her a message on Facebook. said, hey, I see that you're connected to this person. What do you know about him? And the response back was mind your own business, something like that. We didn't follow up on that, but that's just kind of a funny side note.

Ashley Sebastian (08:42)
Mm-hmm.

Darren Mott (08:59)
He only had like four pictures of him and maybe something with his kids. He claimed to be some kind of engineer working out West. And she said, well, he's never asked me for any money. So I don't know what you're talking about. He's, you legit. I go, he's going to ask you for money. She goes, well, if he does, I don't have any to give him. I go, that's fine. But he's going to ask you three days later. He's like, I really want to come visit you. But

David Mauro-NetGain (09:16)
and

Darren Mott (09:19)
we're over budget on this project, I need $60,000 to finish it. If you can send me that I can finish the project and I'll come out and see you immediately. Fortunately, we had had the conversation. She stopped communicating with him and that was the end of it. So again, that's a good news story. But that's one of how many thousands that there is no good story ending.

David Mauro-NetGain (09:39)
Well, and sometimes the grooming won't even happen quickly, right? It'll it'll go over time and over time and they will have a lot of video calls. They will get to know the person. They will spend a lot of time and really, really earn that trust. And, you know, now with me, it used to one of the red flags is, well, they'll never get on a video call with you. Right. And now with the.

Darren Mott (09:43)
Mm-hmm.

Ashley Sebastian (10:05)
Now

they can.

David Mauro-NetGain (10:06)
Yeah, now with the development in the last six to six months to a year, there's always been AI deep fake capability, but it's been subpar at best in the past. It's more for parlor games and, you know, memes, right. But now it's gotten very, very good. Like we have the ability to look and sound like other people, which is really cool and exciting, but also very, very scary.

And scammers like this or cyber criminals like this, they leverage that to have those live conversations with them and they will, you know, get to know them. And they're like, I see them every day. I know exactly what they look like. They look just like the picture, except that's not them. Right. They're actually over in another country or they're somewhere else. And and they're just deep faking the the picture and possibly the voice at the same time.

Darren Mott (11:02)
And some of them aren't even deep faking, right? There's organized groups in Malaysia and Thailand or East Asia that they have one of their divisions are the women sitting around waiting to be the video calls.

David Mauro-NetGain (11:07)
Correct.

Mm hmm. Yeah, they yeah, absolutely. They actually there's a there's a several there's tons of organized call centers over there. And one of them will pay per text, like pay one to two euros per text. And they believe they are trying to drum up customer satisfaction, improve like the workers there.

Ashley Sebastian (11:15)
Wow.

David Mauro-NetGain (11:36)
just feel they're getting paid to flirt because it's part of a mobile app company that they're working for when in reality it's to gain the money that they're going to steal from the victim. But they do all this lead up time and build all this trust.

Darren Mott (11:50)
And in it.

And the other side part of that is a lot of those individuals are human trafficked. They're brought into these locations like, hey, here's a job opportunity. They get there, they take their passport, they take everything else, and then basically they're forced labor to do all this stuff. So a lot of the people that are reaching out and committing the romance scams are victims themselves. But that's perhaps a podcast for a different day.

David Mauro-NetGain (11:58)
Yes.

Ashley Sebastian (12:15)
Yeah, that's an interesting topic too, perhaps for another time. Can you tell us why do business owners need to be aware of romance scams and how could an employee at a company affect their business with a romance scam?

David Mauro-NetGain (12:32)
Yeah, I

mean, while romance scams might be viewed as a personal matter, an employee falling for a romance scam, it can have direct impact on an organization. So there's performance suffers right when they're involved in it. They essentially become an insider risk without even intending to. And the goal of the cyber criminal is to gain access to the employees, their targets, company credentials.

there was an organization in Minnesota that lost $4 million due to a romance scam. They had, yeah, well, what had happened is they had convinced the person to make certain wire transfers and given their role, they found out that they worked in the department where they can be involved in the wire transfers. And because of the trust that the person had and the need

and the love that they had between them, right? Love is a very powerful mechanism to make you do things. People do crazy things for it, right? They move across the country. you know, right? And this person had wire transferred several different wire transfers to organizations that they thought were good, but actually it was all, all of the funds were traced to the cyber criminal.

Darren Mott (13:52)
I would say beyond the funds even, there's a national security risk too here. If you're someone with a clearance and you're working for a cleared entity or someone within the government, they may not even want money per se. There may be a, I'm interested in this particular thing you might be working on. you answer this question for me? I've been thinking about this for a long time and it doesn't make sense. Can you answer what this means? And then maybe accidentally you're giving up some kind of national

David Mauro-NetGain (13:55)
Absolutely.

Mm-hmm.

Darren Mott (14:17)
protected secret that's valuable to national security. A lot of companies that work in the defense industrial based stuff, they all have unclassified material, but you take all that material and you combine it together at the end for whatever it is that's being built. It's a top secret project, right? So the folks doing that are smart enough to know that, you know, if I find the right person and they have the right amount of...

access, I can get information I want. There's a story from years ago where there was a particular weapon system that had a particular coating on the inside of the barrel that made it very difficult for the barrel to have any problems when the stuff was flying through it, right? But if you didn't have that inside of that barrel coated, it would blow up, the barrel would break apart. And so they knew that the Chinese government had stolen a lot of that particular weapon system, but didn't have it all.

And their barrels kept having that problem. Well, one of the ships that had that weapon system to land a port overseas, and one of the sailors that worked on that weapon system was sitting in a bar and someone walked up to him and started having a conversation with them and, you know, talked about what he worked on because again, social engineering, right? You gain your trust and just having a conversation. said, well, how do you, you know, how do you, how does that barrel not explode with all that stuff going through there? And goes, well, it's coated with this.

So gave up that information. Again, that's not necessarily romance scam, but the same kind of idea, right? As far as information.

Ashley Sebastian (15:31)
Mmm. Mm-hmm.

David Mauro-NetGain (15:37)
Absolutely. And once you gain that trust, a cyber criminal has that trust, then they can joke with the victim. They can be, know, hey, come up with a scenario where they need to log in to some inoculus site, know, Instagram or something, you know, and the victim oftentimes might give just those credentials to that, right?

But then by talking so often, they'll be like, well, you use your same password for everything, right? And they do because we still do that a lot, right? And now the perpetrator knows the key system that they're trying to log in. They now have the password for that.

And then there's also sex distortion, which is really a whole podcast on itself because the, the, you know, once they build that, uh, that, you know, trust in that relationship over time, it becomes intimate. share intimate photos or they just share any photos and then they superimpose it with AI, but they say, we're going to like the extort them. They say, we're going to release this to your family.

Darren Mott (16:22)
Mm-hmm.

Mm-hmm.

David Mauro-NetGain (16:47)
to your friends and they're vicious about it. Like don't think for a second that they're kind or they have empathy here. Like they will destroy somebody's life and they will reach out to family members, to other people. If they're at a job, they'll reach out to their managers. They will go very vicious and send them all of these embarrassing photos.

Meanwhile, the person has to be like, that's not me. They doctored my face on that body or whatever. And they're like, OK, well, it looks exactly like you. Right. And plus, employers and managers and other family members, you know, now that person is battling that. they especially when it happens in the younger generations, there have been tons of reports in the news about.

suicides that happen all the time from people not wanting to face that kind of disgrace.

Ashley Sebastian (17:47)
What do you do if that happens to you? Like say your face is put on some not super great photos to be having on the internet. What do you do at that point?

Darren Mott (17:59)
So I have two stories for that. So one happened to a 20-year-old and one happened to a 50-plus-year-old. So this is not an issue that is strictly for teenagers. But certainly, that one gets a lot of the news because a lot of teenagers are committing suicide because of it, right? So let me use the older guy first. So the older guy reached out to a friend of mine who's a PI. He's a retired agent and had this issue. my friend said, call Darren. He's a cyber person. He can help you through this. So the guy walked me through it. exactly what you said. He was in a chat room or somewhere, and he met someone.

David Mauro-NetGain (18:01)
Mm-hmm.

Ashley Sebastian (18:06)
Mm-hmm.

Darren Mott (18:30)
and they started exchanging pictures and then they said, okay, now I want a thousand dollars. I'm gonna send this to your wife. Cause they then, you know, connected with him on Facebook. So then they knew what his wife's Facebook was. Cause obviously on his Facebook and find his wife's Facebook and his in-laws Facebook and everybody else's Facebook. And they started that, the extorter started connecting with those people and saying, hey,

David Mauro-NetGain (18:41)
Mm-hmm.

Darren Mott (18:51)
you I'm gonna, I'm not gonna send them anything now, but if you don't send me a thousand dollars, I'm send you all your pictures. You're like, what do I do? And I go, well, keep this in mind. They're not going, worst case scenario, they will send the pictures to your relatives. All right? The best thing you can do is just come out and admit you did something stupid. I can't help you with what the fallout is with your wife. That's something between you and her. But I said, is your face in any of the pictures? He said, no. I said, well, just say that aren't you.

Same thing with the 20 year old. 20 year old parents called me and said, hey, this is what happened. $500, they're going to send it to all his friends. I said, well, chances are pretty good that's a bluff. They probably don't have all of his friends information. This was not a face. This was a texting thing, right? A random text or something like that. So I said, and even if they do, if his face is not shown, you can say it's not me. Like Dave said, you could actually add a face to that. But you gotta say, hey, it looks like AI. And that's the excuse you can use. It's just AI. They used AI to make it look like me. It's not me.

Ashley Sebastian (19:43)
Mm-hmm.

Darren Mott (19:45)
They ignored the posting for the 20 year old ignored the posting. Nothing ever happened. Never, never sent the videos out, never followed back up. So a lot of times those threats are, are not going to be followed through on. So.

But again, that's a risk you take, right? They may do it. If they have enough information to send out, they may do it. But chances are they'll just move on to the next person who might actually give them the money. Because it really, it's more of an expense to them to spend the time to send it to the people on the contact list when they could be making money somewhere else. again, it's a personal risk assessment you've got to think about from that perspective. But in most cases, what I've seen, ignore them, say it's not you.

and move on. And that's the end of it. And then for those two cases, that was the end of it, right? That sure, some embarrassment, right? And from a parental standpoint, and this is very important. And I write, I actually gave the example of the kid in my book. But the important thing for parents is to have the conversations with your kids to say, look, if you do anything stupid online, don't be afraid to come and tell me this is happening. And fortunately, for them, they had had that conversation, he went to them, hey, this is happening to me. They said, okay, let's call Darren, we'll go from there. So have

David Mauro-NetGain (20:41)
Hmm.

Right.

Darren Mott (20:52)
Because again, shame is the big thing. And there's also a self-fulfilling prophecy here in the sense that, like with romance scams, you've already sent $2,000 over, there's a good chance you're going to send more because you want to prove to yourself that you have not been stupid and fallen for a scam. You want to prove that you think this is real. And that's kind of the part of the psychology that the bad guys realize. Once I get them to pay once, they'll keep paying because they just believe it's real. They have to believe in their head it's real because if they don't, then they're going to look stupid.

That's their concern because they don't want to tell their family member, I sent this money and I shouldn't have.

Ashley Sebastian (21:20)
Hmm.

David Mauro-NetGain (21:25)
Exactly.

Ashley Sebastian (21:28)
That makes sense. What can you do to prevent this from happening? Like if my grandmother had a smartphone, like what should I tell her to be on the lookout for?

David Mauro-NetGain (21:38)
there's a whole bunch of things. But the first thing I would say is, you know, anybody that you want to meet or have a relationship with, get the family involved and get other other opinions. And I know sometimes that's that's a hard ask. But but I would say have that conversation and say, look,

be prepared for a request for money. And as soon as that happens, please contact us. The other thing, you know, a lot of elderly will be scrolling through because they grew up in a generation that didn't have technology. They grew up in a generation where advertisers or people wouldn't lie blatantly. Like there's it's part of the issue that we have with misinformation out there because somebody creates a meme on Kenva.

right? And post it and everybody's like, can you believe that happened? I'm like, before you forward anything you see on social media, please verify it. Google it. Like look it up, see if it actually happened because you'd be surprised at how many things are trending. Right. That never happened. Right. And very similar to products that seem like they're on a great, an outstanding price. And it's the same thing for people.

pretending to be something that they're not.

Darren Mott (22:57)
I'm going to jump on a soapbox here, Dave, following up on exactly what you just said. If you go on Facebook and you post that if you didn't hear the news, effective January 1st, I don't give meta permission to use my pictures, it is not real. Stop posting that. It is so irritating. That's not real. Stop posting. But chapter three of my book is called The Art of Skepticism. So in answer to your question, Ashley, what do you tell your grandmother?

David Mauro-NetGain (23:12)
Right.

Darren Mott (23:22)
Be skeptical of everything that you are not expecting. Someone reaches out to you on Facebook that is not someone you know from high school or whatever. Be skeptical of that connection. You get a random email, be skeptical of that email. Do not click links. Do not go to websites that are listed in any of those things. And the reason bad guys win, I've said this for 15 years, is because someone always clicks a link. And that's why they win. It's not anything really more beyond that. Someone clicks a link, bad things happen.

Ashley Sebastian (23:24)
Yeah, okay.

David Mauro-NetGain (23:43)
Mm-hmm.

Darren Mott (23:48)
Skepticism is your friend in this case.

David Mauro-NetGain (23:51)
Yep. If you've been looking for a new camera and they're always $500 and all of a sudden you see that camera advertised for $89, it's not real. But what is real is the malware that's on the back of that ad because it's just an image with a link on the back and they're going to pay Metta to advertise for it. No one's going to check it and it's going to go out to thousands of different people.

Darren Mott (24:06)
Mm-hmm.

And I'll this, don't go to the first link when you search for something. Scroll down, pick like the seventh or eighth link and go from there. you like, and this is not at this, know, romance scams kind of run congruent with tech support scams. So when you have a tech support issue, go to the site of the thing you're trying to fix. Don't go to Google and say Apple support, because the first Apple support button is a bogus scam button. So, so keep it.

David Mauro-NetGain (24:41)
Right.

Ashley Sebastian (24:41)
Mm-hmm.

David Mauro-NetGain (24:42)
Absolutely.

Ashley Sebastian (24:45)
It's been in the news and I want to ask you all about it. I've heard of people falling in love with AI chatbots. Can you talk about that a little bit?

David Mauro-NetGain (24:56)
Yeah, I don't know what to say. Darren, what's your s- what? He's skeptical.

Darren Mott (24:59)
Be skeptical, be skeptical. Yeah,

Ashley Sebastian (25:00)
Just be skeptical.

Darren Mott (25:02)
because I mean, it's so easy now to create basically a script to say, all right, I'm going to you know, I want to communicate with them. And now, not only that, like chat, chat GPT, and some of those will kind of see that scam and stop it to a little bit, you can always jailbreak it. But now deep seek exists, those particular protections aren't going to exist. So if you're a bad guy, and you want to create a big long script that continues to communicate with the person

David Mauro-NetGain (25:06)
Yeah.

Darren Mott (25:28)
through AI, they will do it. mean, you can almost see it now because it's designed, it doesn't read your response very well. And actually any response will get the chat bot to just send the next thing in line. So, but again, if you don't have that skeptical approach to everything, you're eventually going to buy it because AI is good enough to confuse or convince the...

I don't say weak minded, but the people that want to believe, right? That want to believe that this is love here and it's telling me everything I want to hear. So I'm good to go. But how do you, how do you root it out? I don't, that's a good question. And that's not, I'll be honest, not something I've really delved that deeply into. I probably should just for exactly that question.

David Mauro-NetGain (26:09)
Well, it's

a big challenge. mean, when you think about it, there are legitimate companies that are out there that are marketing AI avatars, right, to companies because it's almost like a pre it's better than a pre-recorded, you know, let's say you work at a larger company and you have, know, you have to repeat this process or handle this ticket or this issue, you know, hundreds and hundreds of times. And you wind up saying the same thing. You could try and

Darren Mott (26:18)
Mm-hmm.

David Mauro-NetGain (26:38)
pre-record some of this stuff, or you could just train an AI avatar to live, think like you, speak like you, look like you, and address those things, right? And then you get the summary of the meeting notes and you can correct in anything later. So while it may have its place in the future of organizations, it is definitely something that is being exploited more. It's definitely being exploited more often.

that we're seeing than it is in mainstream use right now.

Darren Mott (27:12)
It's just going to get better.

David Mauro-NetGain (27:13)
Yeah, it's gonna get better. I mean, in the last six months, it's gotten so good. It is virtually undetectable by the human eye. We could be deepfakes right now. I'm not really here. I'm over at a beach. So.

Darren Mott (27:20)
Mm-hmm.

Ashley Sebastian (27:23)
Maybe.

Darren Mott (27:24)
Hmm. Actually, my

LinkedIn, my LinkedIn picture is a deep fake. Yeah, headshot, headshots, headshot pro AI, I sent them 13 pictures, they made much better pictures than I could do. But yeah, face is still real. But the rest is not.

David Mauro-NetGain (27:28)
Yes, the, the, yeah, the.

Ashley Sebastian (27:29)
Is it really?

Okay.

David Mauro-NetGain (27:35)
Yep. Yep. Yeah, the the the

picture that I have for cybercrime junkies, the the guy there who's my assistant, right? It's all AI. And he looks very, very human. People will people will message him and talk to him. It's it's he's not real, but.

Ashley Sebastian (27:50)
Yeah.

Darren Mott (27:53)
Nice.

Ashley Sebastian (27:54)
It's funny. Yeah, I

was thinking about that yesterday and I was like, you know, having a conversation with Chad GVT about something like, that sounds bad. Can you make that tone a little different? And it's kind of like you can talk to it like a friend. So I feel like people might fall prey to... There are...

David Mauro-NetGain (28:09)
Yeah. yeah.

Absolutely. You

can ask it to humanize it more, have more compassion, have it have a more personal tone or a more romantic tone, and it'll rewrite it that way.

Ashley Sebastian (28:18)
Yeah?

I had to send an email this morning that I didn't want to send and so I had to write in something. Can you make this have a friendlier tone?

David Mauro-NetGain (28:35)
Yeah, I got that email I wanted to talk to you about that. No, I'm just kidding.

Ashley Sebastian (28:39)
Do you know about AI companions?

It's a thing. It's like a paid service. No matter what you're looking for, this company's human-like memory and creativity fosters a deep, consistent, and evolving relationship. So it's actually like a chatbot that people are paying. I guess so.

Darren Mott (28:47)
Well, that makes sense.

David Mauro-NetGain (28:56)
so you essentially train your own chatbot, right?

Yeah.

Darren Mott (29:01)
So

it's romance on demand.

David Mauro-NetGain (29:04)
Yes.

Ashley Sebastian (29:04)
romance on demand.

David Mauro-NetGain (29:05)
Wow. Well, it's going to get worse.

Ashley Sebastian (29:06)
Lots of new things.

Darren Mott (29:06)
Makes sense. mean,

why wouldn't you profit off it? Again, in this case though, in this case, I'm sure the use agreement, I'm sure the privacy agreement has all sorts of caveats about this is not a real person and we can't get, know, nobody reads that, right? I will say I read all of DeepSeek's, all of DeepSeek's privacy stuff, I read them all. And so I'm pretty sure what they did is say, take ChatGPT's privacy thing and kind of make it different so we can put it in. anyway, that's a different podcast, right? Yeah.

David Mauro-NetGain (29:18)
Right. But nobody reads those agreements. That's why Tic Tac was so popular.

Yes.

Right. Yeah.

Ashley Sebastian (29:33)
Make it different, but the

Interesting. Well, this has been a really insightful discussion on romance scams. It's a super interesting topic. I know it's so common and although I don't know anybody that's experienced it, maybe they might just not be saying anything because it can be kind of embarrassing. But it affects people of all ages and...

Darren Mott (29:56)
Mm.

Ashley Sebastian (30:02)
could be anybody.

David Mauro-NetGain (30:03)
And it affects businesses too, because there is a very real risk there because people will do crazy things. And it becomes that person, that employee becomes an insider risk. And so it's part of a insider risk program. It's part of an organization addressing security awareness. Even smaller organizations are coming up with

Ashley Sebastian (30:05)
Yeah.

Yeah.

David Mauro-NetGain (30:26)
policies or part of their ERP plan where they can, you know, if you have issues, you can go talk to somebody and we'll help you report it, things like that. But it's like anything else. If it's not reported, there's no help that can be provided.

Ashley Sebastian (30:42)
Mm-hmm. that's, you touch on this in your cybersecurity awareness training that you do. Deva does a public service initiative. do this here at NetGain to, it's a no-cost training for teams on cybersecurity awareness. And I know I've compiled some resources for you. I know that you've talked about romance scams and sextortion in there.

David Mauro-NetGain (31:09)
Yeah, it's because it's really devastating and and it bleeds into people's jobs. It's just it's just like anything else. I mean, when you look at some of the people that you like, you watch the news and you'll see I don't know if anybody watches the news anymore, but if they watch it some people get their news from social media. but if you're watching the news, you'll you'll hear like this.

Ashley Sebastian (31:09)
in there too.

Mm-hmm.

David Mauro-NetGain (31:32)
This sweet little lady who is the comptroller for this organization embezzled all this money and you're like, what happened? Right. But you find a trigger usually that that occur. Right. They were involved in a romance scam. They had this this event happened and and they had to like they had to get money for it. And when they set their priorities, right, the big bad company loses compared to the love of their life.

Ashley Sebastian (31:48)
Ugh.

David Mauro-NetGain (32:01)
And so it's something that just education and having a culture that rewards people coming forward and doesn't penalize them in any way, right? They should be able to come to somebody if they see something, they need to be able to say something. Same thing for like phishing emails, right? If you see something and it looks weird, like you should be able to alert, right? So that somebody that knows.

Ashley Sebastian (32:01)
Makes sense.

David Mauro-NetGain (32:27)
how to determine whether it actually is fishing can let you know.

Ashley Sebastian (32:31)
Yeah, I always get excited when I see like a fishing, well, normally I don't know that they're fishing tests, but when I pass one, I get very excited that I've shared it with the company. I did fail one on Friday. I'm very, very disappointed. I'm humiliated.

David Mauro-NetGain (32:40)
Yes.

Yeah, yeah, it's always humiliating when I fail them. Yes,

Darren Mott (32:46)
Mmm. Well.

David Mauro-NetGain (32:48)
it's

always humiliating when I fail them too, because I'm like...

Darren Mott (32:50)
If this makes you feel

any better, was talking to a company, do red team, they do red penetration testing. And so they had to get into this facility, 400 people, and they had to do both physically and cyber wise. And so you've probably heard, I think you've heard this story, David, if not, you'll laugh anyway. So they figured out and they put together an email with an Excel spreadsheet that had a vulnerability that if it was run, they knew it would work on any system within this particular organization. So they sent it to 26 people and said out of 400 and said, if your name is on the attached spreadsheet, you have not taken info

training for the year and your access will be cut off on Friday. Okay. So how many of those 26 people do you think opened up that Excel spreadsheet?

Ashley Sebastian (33:28)
22.

Darren Mott (33:28)
Take a guess.

22, Dave.

David Mauro-NetGain (33:31)
15.

Darren Mott (33:33)
31, they passed it to other people who also opened it.

David Mauro-NetGain (33:36)
my god.

Ashley Sebastian (33:38)
my god.

David Mauro-NetGain (33:40)
Unbelievable. But I mean, it's, yeah, well, and there's a way of training and security. there's some security awareness approaches have come under fire because like a law firm that was at the quarter end and talking about bonuses, they literally test-fished their partners.

Darren Mott (33:41)
Remember, someone always clicks a link.

yeah.

David Mauro-NetGain (34:03)
by sending out like, here's your quarterly bonus. Like, it's the only thing they cared about at that moment. They're like, here's your quarterly bonus. you clicked on it. That's terrible. But it was exactly what a legitimate one would have been. And so people were, they were furious over it because they're like, look, you want to teach us about security, that's one thing, but don't play with our emotions like that.

Ashley Sebastian (34:07)
Okay.

Darren Mott (34:16)
Right. Yeah.

Ashley Sebastian (34:18)
That's ruthless.

Darren Mott (34:26)
Well, is, but I mean, I guess it depends on how the email was crafted, but I kind of see their side of it,

David Mauro-NetGain (34:30)
Right. There were probably some, I mean,

I think it's a good actual test because when, somebody is doing OSINT, open source intelligent, right? Like actually, you know, looking at the target, there's a lot to find. You can, create dossiers on everybody. You know what to say, who to say it to and the timing of it. That's what a good phishing email is going to say. It's good spear phishing email. And so it would come across like, you know,

Darren Mott (34:35)
Sure.

Mm-hmm.

Right.

David Mauro-NetGain (34:57)
quarterly bonus coming, right?

Darren Mott (34:59)
Right. And

if I was if I was one of the victimized lawyers, from a vindictive standpoint, every email I got from anybody in the company, I would immediately contact them back and said, Did this come from you? come from you? come from you? Yeah, right.

David Mauro-NetGain (35:07)
Yeah, did this come from me? Just the flurry of emails.

Ashley Sebastian (35:11)
Speaking of

phishing emails, I know we're doing this episode, it's Valentine's Day here pretty soon. I wonder, are we going to be getting a lot of phishing emails and texts and things that have to do with Valentine's Day coming up? I know the holidays just killed my phone. mean, so many of them.

David Mauro-NetGain (35:30)
Absolutely.

Darren Mott (35:34)
Yeah.

David Mauro-NetGain (35:35)
Never

never let a good event or catastrophe go unexploited is the phrase, right? Like if right Super Bowl plane crash, you know, Valentine's Day wildfires like there's a lot of donations you can make to my cause, right? And it's called the whatever wildfire organization dot org. It looks legit, right? Just just just look at

Darren Mott (35:41)
Super Bowl II.

Ashley Sebastian (35:43)
Okay.

Wildfires!

Darren Mott (35:49)
Mm-hmm.

Ashley Sebastian (35:52)
Mm-hmm.

Darren Mott (35:58)
Hmm

David Mauro-NetGain (36:02)
Just verify before you pay, right? Verify before you give up sensitive information.

Darren Mott (36:05)
Be skeptical.

Be skeptical. Trust no one. Yes, there you go. Be vigilant.

David Mauro-NetGain (36:10)
Yes, he's skeptical. call it vigilant. Be vigilant. Right.

Ashley Sebastian (36:10)
Yeah.

David Mauro-NetGain (36:15)
Which is means which means don't like don't trust verify first.

Ashley Sebastian (36:15)
Okay.

So yeah, whether you're navigating online relationships or running a business, guess the biggest takeaway is stay vigilant. This has been an awesome conversation. Darren, David, thank you so much for being here. Can you tell us, Darren, just real quick, can you tell us about your book and the title of your book if our listeners want to?

check that out. I'll also link your podcasts.

David Mauro-NetGain (36:42)
Have a copy. Yeah.

Darren Mott (36:44)
Sure, thanks. Yeah,

it's called Gold. It's called get cyber smart, a user friendly guide to protecting your family, your business and yourself online. I also just started a new business called Gold Shield Cyber Security, which caters largely to law firms to protect to protect them. But just got that one off the ground. So still trying to figure out how that works.

Ashley Sebastian (36:55)
Okay.

Well, good luck with it.

David Mauro-NetGain (37:03)
And the book's very good. He was kind enough to send me a signed copy and I've got it here. So I need to have it displayed. Yeah. Yeah. Excellent. Thank you for your time, everybody. Excellent. See ya.

Darren Mott (37:03)
Thanks.

Yep, send me your address Ashley and I'll send you a copy as well.

Ashley Sebastian (37:08)
Fancy. Well, I will. It's fancy.

Fancy. Okay. Thank you all so much. Thank you. Okay. Bye.

Darren Mott (37:18)
Thank you.