The Melanie Avalon Biohacking Podcast Episode #258 - Chris Hadnagy
Chris Hadnagy is the Founder and CEO of Social-Engineer, LLC. During Chris’ 19 years in information security, he created the world’s first social engineering framework and newsletter. He has also hosted the first social engineering-based podcast. Chris is the Founder, Executive Director, and Board Member, for the Innocent Lives Foundation, a nonprofit organization that identifies anonymous child predators and helps bring them to justice.
Having written five books on social engineering, Chris is also a well-known author. His most recent book, “Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You,” was released January 5, 2021.
Chris leads the way in educating people about social engineering. He created the world’s first Social Engineering Capture the Flag (SECTF) to raise awareness of this serious threat. Chris is also an Adjunct Professor of Social Engineering for the University of Arizona’s NSA designated Center of Academic Excellence in Cyber Operations (CAE-CO). And he also lectures and teaches about social engineering around the globe. Moreover, he was invited to speak at the Pentagon and other high-security facilities.
Chris works with some of the world’s leaders in scientific research for the purpose of acquiring a deeper understanding of social engineering. Notably, Chris authored a book with Dr. Paul Ekman regarding the use of nonverbal communication by social engineers.
Chris is certified as an Offensive Security Certified Professional (OSCP), as well as an Offensive Security Wireless Professional (OSWP). He is also the creator of the Social Engineering Pentest Professional (SEPP), Certified Ethical Social Engineer (CESE), and Master’s Level Social Engineering (MLSE) certifications.
LEARN MORE AT:
www.social-engineer.com
Innocent Lives Foundation
Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You
SHOWNOTES
IF Biohackers: Intermittent Fasting + Real Foods + Life: Join Melanie's Facebook group for a weekly episode giveaway, and to discuss and learn about all things biohacking! All conversations welcome!
Follow Melanie on Instagram to see the latest moments, products, and #allthethings! @melanieavalon
AVALONX SPIRULINA: Spirulina is being formulated now! AvalonX supplements are free of toxic fillers and common allergens (including wheat, rice, gluten, dairy, shellfish, nuts, soy, eggs, and yeast), tested to be free of heavy metals and mold, and triple-tested for purity and potency. Get on the email list to stay up to date with all the special offers and news about Melanie's new supplements at avalonx.us/emaillist! Get 10% off avalonx.us and mdlogichealth.com with the code MELANIEAVALON!
Text AVALONX to 877-861-8318 for a one-time 20% off code for avalonx.us
FOOD SENSE GUIDE: Get Melanie's app to tackle your food sensitivities! Food Sense includes a searchable catalog of 300+ foods, revealing their gluten, fodmap, lectin, histamine, amine, glutamate, oxalate, salicylate, sulfite, and thiol status. Food Sense also includes compound overviews, reactions to look for, lists of foods high and low in them, the ability to create your own personal lists, and more!
Stay up to date with all the news on the new EMF collaboration with R Blank and get the launch specials exclusively at melanieavalon.com/emfemaillist!
LMNT: For fasting or low-carb diets electrolytes are key for relieving hunger, cramps, headaches, tiredness, and dizziness. With no sugar, artificial ingredients, coloring, and only 2 grams of carbs per packet, try LMNT for complete and total hydration. For a limited time go to drinklmnt.com/melanieavalon to get a free sample pack with any purchase!
Chris' background
Getting scammed by phishers
What's the difference between influence and manipulation?
Are certain people are more hackable?
The role of first impressions
Geolocating child predators
Using dishonesty
Understanding others communication style (DISC types)
Using the techniques on a consistent basis
Being naturally trusting
Can AI analyze people like Chris can?
The problems with AI and deep fakes
In person scammers
Facebook profile hacks
The challenge of security vs convenience
Using a password manager
Notifications about the dark web
Being empathetic and leaving people better off
TRANSCRIPT
(Note: This is generated by AI with 98% accuracy. However, any errors may cause unintended changes in meaning.)
Melanie Avalon:
Welcome back to the show. I am so incredibly excited about the conversation that I am about to have. I've really, really, really been looking forward to this. So reading the book that I read to prep for this show was such an experience. As you guys know, I read a lot of books for the show. And every now and then you have one where you feel like you're not just reading a book and taking information. You're actually like, like I said, it felt very visceral and experience driven. Like when the book starts, for example, it actually has you read and do a pledge about how you will use the information or not use the information in the book. And then it proceeds to open. It's written by the incredible Chris Headnagge. And he tells his stories of what he does, which is just mind blowing and so entertaining. And you learn so much from it. So Chris is an actual hacker. And when people hear hacking, I think they think more like mostly online security type hacking. But he is well, he does some he does that. But in addition to that, it's in real life hacking. So this man has stories of literally dressing up like different types of people and jobs and getting information from people. And I'm sure we will hear some of the stories on the show, as he talks about in the book, he does it often to test the security features of companies and such. So it's, it's well, illegal legal hacking. But it's just absolutely fascinating beyond belief. And so then Chris goes into all of the psychology and how we as non hackers, hackers can actually not hack people, but get things that we want from people while allowing other people to also get what they want. And as he often says, leave them better off for having met us. So the tactics in this book are beyond fascinating. I have so many questions. So many. Chris, thank you so much for being here.
Chris Hadnagy:
Thank you. Wow. That was a very flattering introduction. I should just record that, have that as like the, if anyone wants to know what my book is about, just listen to Melanie. You just categorized it perfectly.
Melanie Avalon:
Well, thank you. I love it. And what's interesting is, so I think it was your, I don't remember who exactly reached out to me. It might've been your publisher, but it was a situation where I really just like read the title, read the synopsis and cause I'm very intuitive with who I have on the show. And I was like, Oh yes, this looks fascinating. But then I didn't really dive into it beyond that. I just basically started reading it when it came time to read it. So I went in very blind. Like I didn't really know what it was going to be about exactly. So when you open the book by telling stories of like, you open the book with a story of you hacking something and I was like, what is happening? I was like, I was like, what is this book? Like who is this man? What am I reading?
Chris Hadnagy:
It feels like a movie, right? The opening of the book, people often go, is that a real story? Like, that is a real story.
Melanie Avalon:
Well, I mean, that's a good place to start your personal story, which you do talk about in the book. Oh, and by the way, let me tell a little bit about you for listeners who are not familiar. So the book at hand that we're talking about is called Human Hacking, When Friends Influence People and Leave Them Better Off for Having Met You. By the way, just really quick baby question about that title or a moment about that title. When I read the title, I was like, I wonder if the publishers made him put in that last part about leave them better off for having met you. But then reading your book, you're very, very firm on that principle. So I'm sure we can circle back to that. But in any case, you are the founder and CEO of Social Engineer LLC. You created the world's first social engineering framework and newsletter. You're an adjunct professor of social engineering for the University of Arizona's NSA designated Center of Academic Excellence and Cyber Operations. You've been invited to speak at so many incredible places, including the Pentagon. You have a lot of security certifications that I don't actually know what they mean, but put them in your bio in the show notes. And you also have a lot of other books as well, like Social Engineering, Unmasking the Social Engineer, Fishing, Dark Waters, that's a nice pun. So today's show, going back to that first question, your personal story, which you do talk about in the book, when did you realize that you wanted to do this career that you've found yourself in with human hacking? Did you have an epiphany one day or what happened?
Chris Hadnagy:
I did. So I was something called an exploit writer and a network pen tester. So that, that is like, we would find flaws in software and then write malware or viruses for it. And all this was for the good guys. I was never a bad guy. So you would do that. So that way you can fix the flaws that were there and we would use it during security audits. But I stink at coding. Like I would forget the simplest things in Python or something like that and always having to look it up. So we would get the company I worked for at the time, we would get these audits and I would say, Hey, can I just call them and ask for a password? And they'd be like, why would that work? And I was reading these books from this very, very famous hacker named Kevin Mitnick. Sadly, he, he passed away recently, but he, he went to prison for social engineering and hacking the FBI and all tell. He was very good at it. And he would tell his stories. And I was reading that and saying, well, you know, I was reading this book from this guy and I just want to try this stuff he did, but do it legally. So like, okay, try. And I would call and say something like, Hey, this is Paul from it. We had a database drop last night and your name was flagged as having an issue. I have your, your password in here as, you know, fluffy one, two, three. Is that, is that correct? Like, no, it's not correct. Okay. I'm so glad I called you. We're about to get locked out of payroll. So let me change it. You know, what password do you presently use so I can put it in the system and people would give it to me, right? They would just, bam, here it is. Here's my password. So I'd come back to the team and go, Hey guys, here's, here's the corporate password for the, for the network admin type. What? You got it. That was like five minutes. I'm like, yeah, we can stop finding software flaws and just use this. I did this at a break in once. Like I had a job where I was supposed to go break into the company during broad daylight and I had used Google maps and went through around the outside and I saw the dumpster they had and it was, you know, waste management. So I went and went to a shirt store and I had a waste management shirt made and a hat. And I just drove up and said, Oh, I'm here to check the dumpsters. I got a complaint that one of the wheels is broken. I'm led onto the facility. Then I changed my shirt once I get in there to a business shirt and I would just walk in the back door, like I own the place. And I walk around, you know, stealing stuff from the, from the, from the, from the location. I walked back out, put the waste management shirt back on, drive out, wait to the guy. He's like, everything fixed. Yep. Everything's good. I was like, that's crazy. Like no one stopped me. So this is where the epiphany happens, right? I'm, I'm realizing that this is something that can actually be a job. Like people need it. Like we were, we were finding flaws in human decision making and I started writing a framework because I had one client who came to me and said, okay, Chris, you did this thing. How do I fix it? And I went through, I don't know. And he said, you know, if I went to my auto mechanic and I said, Hey, what's this noise? And the auto mechanic said, that's my breaks. That's your breaks. And I said to him, fix it. And he goes, I don't know how I never go to the auto mechanic again. And I'm like, dang, that was a good analogy. And I'm like, that actually kind of taught me a lesson. I'm like, he's right. I can't just be breaking in places for the sake of breaking things. I feel like it's cool. I got to tell them how to fix it. And if I, if I'm trying to solve problems, I have to know how to do it. And I said, I don't know how to fix it cause I didn't understand human decision making. So I started reading every book I could on psychology, influence, persuasion, non -verbals, everything about decision making, amygdala, brain, neuroscience. And I started to write a framework that of things I wanted to try on my jobs. And then when I tried them, if they work or didn't, I would come back and catalog it. It took me about 10 or 11 months. And after that I had this wonderful framework and I thought, ah, I'll put it online and maybe some people will find it useful. So I bought a domain social dash engineer .org. I put it online. And two months later, Kevin Mitnick's publisher called me and asked me to write a book on the framework. And I said, nah, I'm not an author. I don't, you know, I don't really know how to write anything. And she's like, no, really, you got her. This is the first time anyone's done this about this topic. So I did. I wrote a, I wrote a book. That was, that was it. You know, that started this whole career that started this whole company. I mean, there wasn't even an industry around it at that time. So that was 2010 the book came out and that's when this really became a thing.
Melanie Avalon:
It's interesting because you mentioned the story about how you could just get passwords from people by asking them and people you told them you said it probably seem shocking. And I think people listening now probably are thinking I wouldn't get my password to somebody like that. I know we were talking on email before this, but I watched one of your old TED talks where you you were talking about how how like 75% of the time you could, you know, get passwords from people kind of in situations like that, I could tell the audience there. And again, even with me, it's like, Oh, no, I, I wouldn't fall for that. But I realized in my own life, I have had multiple times I was trying to give you like teasers on email about what they involve. One of them is actually very similar to that story that you just told. And I am like, I personally am so embarrassed that these different quote hacking or some of them were manipulations things happened to me because it just seems so I must not be very smart if I fell for these things. And so maybe we can talk a little bit about why that may or may not be the case. I can even give you some examples as well. I'm so embarrassed. Some of these things I haven't even talked about, I don't think I've ever told anybody. And I'll probably talk about them now because I've gone this far. But I'm just so embarrassed, like for falling for it.
Chris Hadnagy:
So let's do this. We're gonna have a little therapy session, you and me together, okay? So I wrote and sent 19 million fishing emails in my career so far, right? And my second book was all about the psychology of fishing, like fishing dark waters. And I fell for a real fish. I fell for a real one, right? I mean, I'm an Amazon junkie. I'm one of those guys that like, I buy everything on Amazon. I mean, I'd buy a car on Amazon if they would sell them, right? And I got an email. I was heading to a conference and I had ordered all this stuff from Amazon that was supposed to go straight to the hotel. I'm packing up my office. I'm running late for the airport. I'm rushed. And I get an email that says your recent Amazon order will not be shipped due to a decline credit card. Now, what I have told every client, every time I send a fish is that when you get an email that even seems a little bit legit, you don't click links. What I would have told anyone else to do in that situation is you open your browser, you go to smile .amazon .com, you'll log in and you check. And if there's a wrong error, it will be there. But I didn't do that because I was rushed. I didn't, I clicked the link. Now I use a password manager and my password manager puts my username there, but I have to click to get my password to go in, right? So I put my cursor in the password box and I don't see my username. And that's the only thing that saved me is that made me pause for one second. And I looked up at the URL bar and I didn't see amazon .com. I saw something, something .ru. And I'm like, the Russians got me. And I felt like you, I was embarrassed. I was humiliated. And I went to my COO and I'm like, Ryan, I did this terrible thing. We got to fix this. I got to make sure there's no viruses. And then we can't tell anyone. And he's like, no, you got to tell everybody. And here's why. And this is the therapy session. My honest belief is that it's not, you're not a stupid human because you felt that you're human. And when the right pretext at the right time in the emotional, the right emotional triggers, anybody is vulnerable to a social engineering attack or a scam, anybody. So it is not about being stupid. For me, I'm an Amazon junkie. I had ordered things on Amazon and I was late for the airport. Those three things combined made a guy who sent 19 million fish and wrote a book on fishing, click on a fishing email. So I don't think I'm the smartest guy in the room, but I don't think I'm stupid when it comes to this either. So you are not a dumb human, you're human.
Melanie Avalon:
use that word pretext. It's making me realize how much that comes into play. So two of my examples, so one is really similar to that one. As like a biohacking podcaster, influencer person, people are sending me products like left and right. So I'm often getting shipping emails about different, you know, stuff. And so I got an email saying I had a DHL, which DHL is always not good with shipping. So they're like, you know, we have a delivery, there's an import fee that you have to pay. And so I clicked on it and I knew I had some stuff coming from DHL from Europe. So I thought it was that it looked just like the DHL website. It needed my credit card to pay like this $2 fee. I put it in. I'm trying to remember how I realized. I don't know, but I did realize very soon after I was like, oh, that was not. So I had to like change my credit cards and everything. But the other one, which was really interesting, was similar to the password situation. And it was that my somebody called and they acted like they were my internet service provider. And it sounded like somebody in India and which is often going back to that pretext. I mean, it's often customer service people, you know, are often based in India. And they talked about how they needed to do something to fix my internet. And I think it actually had happened. You know what I think it was? I think they I actually had called tried to call XFINITY to fix it. And I think they had a number that was similar to the XFINITY number because people would so people would miss call it. So I literally thought I was talking to XFINITY like I really did. And I was talking to this guy and he was talking just like you said, like going through the whole process. Like he seemed really legit. And then he even had me like do something on my computer. And it got to the point I the point I realized I was me. I see I'm so embarrassed. It literally got to the point where he was screen sharing my computer. And he said he was running software to fix my internet. And I saw it was like the matrix like this thing popped up on my internet on my computer screen. It was like text happening and like symbols. And I was like, I don't think this is XFINITY. It's like once you get in that moment where you've like accepted that they are what they say they are, I just I feel like it's just like full speed ahead. And then what I found for me personally is that even if you like once you're suspicious, it's like if you've gone this far, it's embarrassing to admit that you've been scammed. So maybe you stay in it. So I don't know. It's made me really aware about like human dynamics and everything.
Chris Hadnagy:
Let's analyze a couple of those, right? Because I think you're still saying you're embarrassed, but let's think about it. You already said you're an influencer who gets stuff sent to you all the time. So getting an email from DHS saying that there's a problem with shipping and there's an import fee makes sense, right? It's not like you've never get anything. So that makes sense, that's an email that you would expect to get. You were having internet problems, the number looked familiar, and you're right, customer support tends to be from India or the Philippines. So all of those things fit that makes sense. So, and they're here to help. So it's not like you fell for something that was so obviously fake, right? And even when people do, I still don't like to say that it's a stupid human problem because I look at things today, like one of the biggest scams that we're seeing against older folks is a romance scam. So it starts off with, let's say husband dies, wife goes on Facebook and puts pictures of their 40 years of marriage. People are sitting there condolences, some guy reaches out and says, hey, I want you to know my wife died of cancer seven years ago, it gets easier, you know, God bless you. And it just starts off with something really pleasant. She's like, oh, thank you so much, I don't know you. And she's like, oh, I don't know you either. They were just scrolling and I saw your post and I wanted to reach out. So they start a conversation where maybe they're talking once every couple of days. Then it turns into they're talking every day. Now they're talking multiple times a day. And within a matter of weeks, it turns into where I want to visit you, I want to come visit, but I can't because I live in Poland and it's very expensive. I'll pay for your ticket, she says. No, no, no, it's like $5 ,000. No, no, you can't. And she wants to pay for the ticket. So she sends him $5 ,000. Well, of course, now there's gonna be a visa issue at the border and it's gonna be another $5 ,000 to fix the visa issue. And it just goes like this. And I've met people who have lost $100 ,000 plus to these kinds of scams. Now, think about that. You could say, look, you obviously were getting scammed. I mean, how do you not see that? Here's a woman who just lost her husband. She's dealing with grief, she's dealing with sadness. They do their background research so they know that this person had some money and was well off. They were posting pictures. She was posting pictures of them in their boat, their Mercedes, all that stuff. So they know they're dealing with someone with money. And they had someone treat them kindly. And when we treat people kindly, it releases chemicals in our brain like oxytocin, dopamine. We start to have all of those different things that make us feel close to someone and build rapport.
Melanie Avalon:
My grandfather fell for one of the similar ones to that, but it's one of the ones you talk about in the book, which is the ransom money one, where they say they have like your loved one. Yeah, they got, they got my grandfather with that one. There's a fine line, okay, because we're talking about all these different, you know, ways of convincing people of a certain reality and then getting something from them. And I do want to circle back to one in real life hacking thing that happened to me, by the way, like in the Whole Foods parking lot, but the characteristics that go into this. So what is the line, because we're talking, we're talking about hacking, but you also talk in the book about manipulation and these situations we're giving right now are, you know, scams. So, so what's the line and how do you distinguish between hacking people and influencing them for things for you for the better for everybody versus manipulation?
Chris Hadnagy:
That's that's a great that's a great question actually so both influence and manipulation could be used for good or for bad Right. They both could be used for good. But so here's the the big difference. It is. What is your motive? And if it's only good for me and it's bad for you Then that's that's that's that's a poor use of those skills. That's when you're hacking someone not properly But when there's a win -win, right when there's even in the situations of what I do for a living Like where I'm getting someone to do something they shouldn't then the end of it is education We're trying to educate them to make them stronger All right, so it's like you go to a doctor and they do all this test on you They find something they're gonna cut you open take it out But they're not doing it because they just want to cut you open they're doing it because they're trying to save you help you so The motive behind it is really what makes it good or bad now a good example of that is an industry that I really Don't like so I'm sorry If anyone listening is into this but pick up artistry right pick up artists I don't like it because I find it to be very predatory, right? So they're using all these same skills They add things like nagging in and their only purpose is basically to get a woman in bed. That's it like can you imagine having a long -term relationship with someone and You found out that the way that they got you interested was through nagging Like you would feel used you would feel violated. It'd be terrible So those aren't made for long -term relationships Those are made for those are made for very short -term things with a single purpose and it's to fill their purpose their need, right? so it's not thinking about the other person and that to me is a Example of the poor use of influence and manipulation skills to hack somebody in an improper way
Melanie Avalon:
You're talking about how super attractive people are harder to, well, not to make complete assumption or blanket statements, but are often harder to quote hack because they're so used to, especially with men, they're so used to men, like trying to pick them up, that they're like, you know, aware, did I say that correctly? And are certain people more hackable than other people? Like when you get an assignment in a project, are you able to tell if you think it's going to be a harder job or not, or is it complete a surprise?
Chris Hadnagy:
That's a great question, but the answer, sadly, is yes and no to all of that. So the pretext approach, right? If I'm approaching in a building and let's say the front desk woman that's sitting there is very attractive, then I need to change my approach to make sure she is clear that I am not hitting on her, right? So I wouldn't make a comment about, oh, you look really pretty today, or you look good, or wow, nice hair or something like that. If I wanted to build a friendship, I might say something, I've actually used this before, let this woman had a really nice, colorful scarf. And I said, hey, you know, I'm only in town for this interview, but I'm going back afterwards and it's my anniversary coming up and my wife loves that kind of culture. You buy that locally? Like, where'd you get that scarf? I think that she would really enjoy that as one of her presents. Complimenting her, I'm building rapport with her, but I'm making it clear that I'm interested in something for my wife and she just happened to have the very same tastes. So I'm opening that without now she can relax, right? I'm not here to hit on you. I try to use those. It doesn't make it that it's harder. It really depends on how you approach the situation. And I think what becomes harder is if you if you're like a one trick pony, like if you only have a certain type of pretext that you use, it's only going to work against certain type of people. You have to be very flexible. And even if you're not talking about hacking, if you're just talking about building a conversation, I had this happen to me once and I was teaching a class and the students kind of challenged me and I let my ego get the best of me. And they said, you know, we want we want to we want to pick a target for you. Right. We're going to we were going to the mall for lunch or sitting in the food court. We want to pick a target. So they picked this. She must have been, I don't know, twenty two, twenty four, really young, attractive female. And I was much older. So it's already awkward. She's wearing shorts and cowboy boots. And I'm like, I don't even know how I'm going to approach this. And I'm like, but I already said you guys can pick any target. So, you know, now the gauntlet has been thrown. So I have to do it. And I'm like, she's going to think I'm hitting on her right away. Right. I mean, older guy, she's just attractive. She's, you know, wearing shorts and cowboy boots. I'm like, I got to figure out what the heck I'm going to do here. So she was standing in the like solid line and I come up behind her, grab a tray and I'm like, hey, this is going to seem really awkward. And she turns around, rolls her eyes like like, yep, I knew it was going to happen. Right. And I said, my wife loves cowboy boots, but I don't know anything about them. I've never worn them a day in my life. So I've never seen red ones. And I think that that's one of her favorite colors. Did you buy those in this mall and she, her whole demeanor changed. She's like, yes, I did. She goes, I actually work at the store that sells these. And I'm like, really? I said, so there's a cowboy boot store here in this mall. And she's like, yeah, there is. She goes, come here, I'll show you. And she puts her tray down and she grabs my hand. She brings me out of the food court and she, she points down there. She goes down here on the left and she tells me the name. And I'm like, wow, that is so helpful. I get, you know what? After I'm done with lunch, I'm going to go down there. I'm going to pick up those boots for my wife because I think she's going to be blown away. And she, and she says, well, now, how do you know she's going to like them? And I said, well, I don't know. I'm just taking a guess. She goes, well, why don't you take a picture of mine and send it to her? So now I'm staying in the mall. I'm taking a picture of this girl's legs. She's modeling these boots for me. The guys all at the table are like, what the heck? You know, and I'm like, I'm like trying to now think like, I'm not going to actually go buy boots. My wife doesn't like cowboy boots. She doesn't wear them. But I'm like, I got to get out of this. Right. So I thank her. I tell her, you know, like I said, what, you know, with our work, we have to get names and stuff. So I'm like, what was your name? She said, oh, my name's Beth. And I'm a great. I'm going to tell my wife that Beth is the one who helped me pick these out. You know, it's just going to be super awesome. She's like, well, take my phone number and you can text me and tell me how she liked them. So here I got, I get home and my daughter's looking through my phone and she's like, dad, why do you have this girl's phone number and all these pictures of her modeling her legs in the mall? And I'm like, I got to explain this one right to the family. But it's it's the approach, how you approach a situation when you know in your head, hey, this person is probably going to assume one thing could change the whole conversation and the demeanor of that conversation. Because like you said, if that girl is probably used to getting hit on all the time. So if I had come up and tried anything else, I think, you know, any kind of plea for help or, you know, something, just she's going to see through that, like, yeah, come on, I get this all the time kind of thing.
Melanie Avalon:
So how do you combat because I've and I don't know how accurate of a statement this is, but I've heard that people form first impressions really quickly and it's rare that we actually change them. So what is the role of those first few seconds when you meet somebody and you have this whole goal in mind? What all do you have to really quickly accomplish right at the beginning?
Chris Hadnagy:
Yeah, and you're 100% right, so we actually formulate our opinions of someone based solely before even words come out, solely on their appearance, and we make a judgment. Science has proven that when someone is considered scientifically attractive, now what does that mean? That can mean something different for you than it could for me, right? But scientifically attractive is symmetry. So our brain's like symmetry. So if someone has maybe some asymmetry in their bodies or their face, we go, oh, I'm not sure about that person, but when they're attractive, our brains go, hey, that person's trustworthy. Why? Because they look good. Now, it's completely false, right? But that's what we do. We tend to say, okay, we trust you now because you're good looking. So now what happens is our brain stems make this process where we go, okay, I now trust this person. And here's the crazy part, is now we only start looking for proof that we're right. So, we hate being wrong, our brains hate being wrong. So if I look at you and say, oh, she's trustworthy, I'm not going to look for things. I'm going to look for things that say, yeah, I knew she was trustworthy. You see, Chris, you're a good judge of character. And we don't. Now, here's what I always tell people. Well, actually, I was going to go off on a tangent, so I'm not going to do that. I'm going to answer your question first because I could talk about that all day long. But the first couple seconds, I have to make sure that whatever my pretext is that what they see matches that. So if I'm an elevated repairman, I better have the right tools. I better look like an elevated repairman. If I'm a pest control guy, I better have a sprayer. I better look like a pest control guy. Because if the words coming out of my mouth don't match what they have already judged for me, I'm done. They're going to start thinking. And critical thinking for a social engineer is the worst because if they start into beta mode and start going, oh, this doesn't make sense, then I'm already up the creek, right? And that sometimes means, and this is really a hard topic, sometimes that means we have to play into biases even when it's not politically correct. We have to play into those biases because that's a job. Now from a communication standpoint, the same applies. In that story I told you with that young girl in the mall, I wanted to make sure, approaching her, I said, she probably gets hit all the time. I wanted to make sure 100% that there was no thought in her mind that I was even going to turn around and come and hit on her at all. So I wanted to quickly bring up my wife, quickly bring up something that wasn't about her body or anything and something that I could get her opinion on, putting her basically above me. So she's going to be higher than me on the status of this interaction because you know more about this topic. You're helping me out with something from my wife, so it's nothing about you and I didn't even bring up your appearance. It was something about boots, right? So if I can keep all of that in my pretext, then I got to get that out within the first couple of seconds because she turned around, like I said, and she rolled her eyes because she, here's an older guy, I got to hit on me, I knew it, right? And I had to make sure that I got that out right away so that way I can change that quick opinion of her.
Melanie Avalon:
Say you don't establish whatever you need to establish in that initial first impression, can you always like change the game and come back? Or is it like if they've formed an impression, there's really no going back? That's not the impression that you want them to form.
Chris Hadnagy:
So it depends. Okay, I'm gonna tell you a fail story, right? And then here's a story I failed so miserably at. I walk into this building, I was supposed to gain access to it. I had a great pretext. I was there. They had to put a job up on the internet. So I was going to come in for an interview. And I was going to tell the woman that I had an interview and it was last minute. So I'm not even sure what's in the books. And I just was going to head back to HR with my resume. And hopefully she would let me in, right? And it fit because they had this job up on the on the website. But I wanted to establish rapport with the with the with the front desk woman at first, because she had to press a button to unlock the door to let me into the main building. So I walk up and she has all these pictures of her of her and her kids at the beach. So she has two daughters, they look maybe like, I don't know, 12 and 14 or something like that. And they're all at the beach. And I don't see a husband in the picture. So I'm like, Okay, Chris, make sure you don't like, you know, come off like weird or anything. And, and they were all facing out the pictures were facing out. So they're thinking about this from like a psychology perspective, that means that they're not private to her. These pictures aren't private. She's proud of her family. She's okay, if people look at them. So I'm not being creepy if I look at them, because they're facing outward for people to see. But I grabbed the only picture of her two daughters in bikinis. And I say, Wow, they're pretty. That was my opening line. What a dumbhead. I'm like, that's, he wants to embarrassing. That's embarrassing. She stands up, she grabs the picture out of my hand. She sits back down and leans away and goes, How can I help you? Now, there is no way to come back from that. I just creeped on her kids. Right. And I don't know what to this day, what possessed me to grab that picture, even use that line, like I was trying to build before I messed up. Right. So that, from that, I just said, Oh, I forgot something in the car, I'm gonna go get it. And you know, I'll come back for the interview. And I just left. I never came back. I just walked out. We sent someone else the next day. So when you go that far, and ruining rapport, there may not be a way back. Right. But there are ways back, if you haven't taken it to that fail level, you know, the Chris epic fail level, then there are ways that you can bring it back. Because I've had this happen before. And even in that story, I told you about the young girl, her first impression was this guy's gonna hit on me. And I was able to quickly change that. So you can change people's opinions, as long as your behavior doesn't match the judgment that they put on you. Right. So if some somebody sees me, and they're like, man, this guy looks like a jerk. If I act like a jerk, their brain goes, Yeah, I was right. I knew it. But if I don't, now, their brains have to be forced to go, Okay, I had I had a bad impression. I'm not sure. Like, I need to maybe reevaluate this. And you can win someone over. The best way to do that is by asking lots of questions about them, that aren't too invasive, and making sure that they're the expert in the conversation, that you're not explaining things to them, that you're actually asking them to explain things to you. People love talking about themselves. And they love being able to educate other people. Thank you very much. Thank you.
Melanie Avalon:
something I forgot to mention from your bio. It's ironic that that situation happened because you literally have a foundation called the Innocent Lives Foundation, which is about identifying anonymous child predators, which is amazing. That's so incredible to use. They are using all of these skills for such an incredible cause, so thank you.
Chris Hadnagy:
No problem. Thank you for mentioning that.
Melanie Avalon:
Did you have that foundation at the time that story happened?
Chris Hadnagy:
No, I didn't. I didn't. I probably have to report myself if I did. But no, I came about because doing this work, one day we uncovered a man in an organization that was filming himself, hurting kids. I won't get too graphic. And he was trading those films with other like -minded people on the dark web. I set up an operation. I called the FBI. We set up an operation. That guy got arrested. He'll be in prison for 150 years. And I felt like a superhero for the first time in my life, right? First, I was very naive. I didn't know this was a problem that was happening in this country that was so prevalent. I thought it was a third world problem. Second, I never thought about even my skills can do anything to stop somebody from committing a terrible crime like that. And it just built a passion. I wanted to do more of it. So it took me a couple years to figure out how to do that because a lot of people that do this do it in a way that's very vigilantism. And one of my core principles were I did not want to be a vigilante. So the vigilantism is where you see these guys and gals on the internet where they make believe they're a 13 -year -old girl. They get a guy chatting. They get them to agree to meet at a McDonald's. And they show up at a McDonald's. And they film that person. And they humiliate them. And sometimes that causes the person to commit suicide or other people have been shot. Or if they do get arrested, they don't get prosecuted because those guys usually did something wrong in the case. And now you educated this guy and now he's free. So I said, we're never going to do that. We're going to use these skills to geolocate people to find out who they are in the real world because they're hiding through monikers and stuff on the dark web. And then we're going to hand that identity over to law enforcement so they can go do that job and arrest the person. So we've done 520 cases so far.
Melanie Avalon:
Wow, that's incredible. That's so amazing. Thank you. Thank you for doing that. Going back to the questions thing, you're talking about the asking questions about the other person and everything. I actually, okay, so I've only read your book once. I do have all my notes. I literally want to read it again. And I want to really learn. So for listeners, if you get the book, each section and each technique and tactic that Chris talks about, I mean, he has like lists of examples. And he has acronyms to remember how to actually implement the different things. It's just so cool. And it's so helpful. And basically, my point is I want to like learn a lot of this more. But I did find myself the other day using one of the techniques, which was, I think you talked about in the beginning of the book, but it was about starting with like warmup questions, basically, that they can use like two warmup questions before you ask your real question and make it something really easy that they can answer. And so I found myself using that in a email exchange where I needed some information, not nefarious information.
Chris Hadnagy:
Yeah, yeah, these skills can make you a master communicator. That's why I think a lot of times when people hear that you're using these skills, they automatically feel like they have to apologize, or you're doing something wrong, you're manipulating people. But think about any good interaction you had with someone. You meet someone new and you have an amazing conversation and then you walk away from that, you're like, wow, that was awesome. You probably can sit back and think about all the principles in the book that that person used. And it wasn't because they were trying to get anything from you at the end. You didn't give over money, passwords, anything like that. You just, you had a great conversation. And you walked away and that was it.
Melanie Avalon:
I guess, okay, the one I'm on the fence about while we're talking about the morality situation about it, because some things, like that example I just gave, while actually doing it, I didn't feel at all like I was... It was completely fine. I was just using the technique of using the questions to get some information from this company. I have done something that you talk about in the book, which is where you take on a pretext that is true, but it's not actually the whole story, but you are getting... You are seeking valid information, so it's all on the up and up, it's just not completely true. So the example... But it is true. The example I'm using that I've done, because I am a supplement creator, and there have been times where I want to know information about other supplement companies, how they're formulating their products in order to make mine. So it's not illegal or anything like that. I'm just gathering information. I have posed as a customer, which I am, and I will ask questions of the company as a customer that's not me, per se. When I do that, I feel like, well, I'm not giving them the whole story, I'm not telling them I'm like, I'm Melanie Avalon developing a supplement, this is why I want to know if this ingredient is in your product. But I am a customer, I have bought the products before from that company, I'm just asking a question. So how do you feel about that, where you're taking on a pretext that is true, but it's not like the whole story?
Chris Hadnagy:
Yeah, so think about this. We all have different versions of ourself. I'm sure the version of Melanie on the podcast here is not the same that maybe when you're talking about your beauty products or your supplements, right? Or when you're enjoying that awesome glass of wine that you love, right? There's different versions of like there is for me, right? I'm not the same person when I'm breaking into a building that I am when I'm sitting with my daughter, right? There's two different there's two different Chris's. Now we have elements of the same person, and it's not that I'm being fake on one and real on the other. It's we all have a communication style that we use for different things, right? So the way I'm when I'm at work and I'm the CEO of this company and I have all my employees. That's a different communication style than when I'm with my my kids and I want them to listen to me about something there. I don't treat them the same way as I treat my employees. And it doesn't mean that I'm being fake in one of those scenarios. It just means that I'm I'm choosing the pretext in the book. I give an example of one time my daughter broke the house rules and I had to I had to chat with her. Now I had two pretext choices. I could be angry dad or I can be empathetic dad and I had to figure out which goal which which pretext is going to help me achieve my goal. And what I wanted was information. I wanted to know why she did what she did and what she safe while she was doing it. And if I was angry dad, she's going to clam up. So I had to choose the pretext that was going to get the job done, right? So you're getting competitive intelligence and you're and you are a customer. You're just not saying what your name is. So you're not being dishonest about it. You're just like saying that I'm going to I need some information from you. And I do buy this product and I want to know more about it. So to me, it doesn't know where I would feel where we would cross the line from competitive intelligence. Like let's say I was a supplement company and I wanted to get your your your recipes for some of your supplements. So I do some research on you and I find out that you really like wine and I find out you go to this restaurant and you know, maybe you work at work out of this gym. So I go to the gym and you know, maybe working out. I find out what day you're there. I'm working out next year and I just say, you know, something like, hey, I'm about to catch dinner with my family after this. I'm new to the area. I'm really into like red wine. I can't find any good wine bars around here. Can you suggest any? Now, knowing that you're a wine fanatic, that would be a great question that would make you an expert. And I'm not going to say I know that about you. I'm just going to ask you for advice, right? So now, of course, oh, this guy asked the right person. Like I know everything about wine. I love it. You know, this you're thinking about that. You're not saying it. You give me all these suggestions. Like, oh, that's amazing. So you lived here long and you're like, oh, yeah, I live here for 14 years. That's unbelievable. Like, so tell me more about the areas. I'm just new. And, you know, I'm not from the area. Like, what things should I be looking for? Like, is this a good gym? I'd like to go to gyms where there's people who know a lot about things like the workout routine supplements, you know, what kind of things like that. Oh, I brought up supplements. Now you're going to start talking about, Oh, what are you interested in? You know, I don't know. I'm kind of new to this thing, too. Like, maybe you can help me out. Give me some advice. How this conversation is developing. I'm getting into topics that you know about, but I'm not telling you I know that you know about them. I'm acting like a complete novice that knows nothing. So your job is to educate me. And if I can keep building that rapport, you know, and I would say something completely stupid, like, yeah, but I heard that most supplements are just filled with like powder. They're not even like real. Like, how do you know if a supplement is actually worth something? You know, it's actually going to do something. And it's not just powder that I'm paying for. And now you're going to start educating me on that. And be like, so you're something, you make something what? I didn't even, wow, man, I did get the right person. You love wine and supplements. This is amazing. I would throw things in there about my family and my wife. So you didn't get any hint that I was like hitting on you or anything like that. And eventually we can have a conversation where now I'm talking about your supplement makeup and my concerns about it. And you might, you might then at that point, give me some information about your recipes. If I were to use that information now to get something that could hurt you. I've stepped over the line from, you know, from competitive intelligence. Thank you very much. Thank you.
Melanie Avalon:
Two things from that. I loved reading this in your book, because you're just talking about how we are like different people in different situations. And you know, this concept of is it just our inherent personality or is it the circumstances that we're in? And you pointed out, it's just it was a little throwaway piece, but you pointed out how people will often do things, and I'm paraphrasing, but basically do things that may be rude or that we don't like, and they'll say, Oh, it's just my personality. And you're like, that's not accurate. So I love that I've become now I've become like super aware if people say that.
Chris Hadnagy:
And it's a terrible way to explain things away, right? Cause it's also, it's also like, think about if you and I were hanging out and we're friends and I kept doing something that irritated you. And you're like, you know, Chris, every time you say this, it kind of makes me feel bad. And I'm like, well, that's just who I am. And this is what I'm saying, you got to deal with it. You got to deal with my personality flaws. Wow, how terribly arrogant that is, right? For me to, you're coming to me and you're saying, hey, this bothers me. If I consider you were friends and I care for you at all, shouldn't my response be more like, oh my gosh, I didn't know I was upsetting you that much. Hey, can we do something? If I do it again, can you just remind me and I'm going to work on this, right? So I'm not promising you I'm going to change because I might not be able to, but I'm telling you that I hear you, I validate your feelings. And now I'm asking you for your help. So that way, if I do it around you, you can feel more comfortable to say, hey, remember that thing we talked about? Like, ah, crap, sorry. Yeah, I'll try to work on that.
Melanie Avalon:
Or even like in a business situation, I can think of two specific times where I was working with somebody and they they told me they either had they just quote had an abrasive personality or quote a blunt personality and it's basically like they're just using that as a free card to then say to just be rude is my takeaway.
Chris Hadnagy:
It's not a great use of it, I'm telling you. To me, when someone does that, you can respond with, oh, well, I have a very unforgiving personality for people who are like that. You know, just throw something back at them, like, you know, well.
Melanie Avalon:
I have a very intolerant personality. Yeah, yeah.
Chris Hadnagy:
a very intolerant person out of people who act like that, you know?
Melanie Avalon:
Oh my goodness, that's so funny. Speaking of personalities, so what is the role of the disc, the disc personality styles?
Chris Hadnagy:
Yeah, so DISC is a communication profiling tool that was developed by a guy named William Marston, who back in the 30s, he developed this process, but it's of course got more advanced over the years. It's a communication profiling tool, and I really wanna stress that, that it's not a psychological profiling tool, because a lot of times people get those two things confused. D -I -S -C are the different categories, D being direct, I being an influencer, S being steady, and C being conscientious. And each of them fall into different categories of being very direct and task -focused, or direct and people -focused, or indirect and task -focused, and indirect and people -focused. What this profiling tool does, and you can use it very quickly, like very quickly from even with a picture of somebody online, like on a social media, you can use that and try to figure out from 140 characters what kind of communicator they are. And once you know how someone likes to be communicated with, if you can alter your style, now you can build rapport with that person faster. And don't think of this as a negative manipulation tool. I use this every day with employees, right? If I know one of my employees is super detail -oriented, and I'm not, I'm more of a direct, fast communicator, and she's very detail -oriented. So if I go to her and I need her to do something and change and I say, hey, I didn't need you to go do this, and I don't give her detail, she's gonna be frustrated, I'm not gonna get quality work out of her, and it may not even get done at the time I need because she's gonna spend too much time thinking about all the details I didn't give her. But if I say, hey, I need you to do this, and I need this, and this XYZ, and I need it by this date, and if you can organize it like this and then answer these four questions, I'm gonna get everything I want out of that person. Now, with another person who communicates more like me, if I do that with all that detail, he's gonna get frustrated. He's like, of course I knew that. What are you doing? Like mansplaining everything to me? I'm like, no, sorry. So if understanding someone's communication profile allows me to communicate with them in the way they want, and it makes it a more effective communication time that we can do that together.
Melanie Avalon:
pretty quickly, like when you meet people, tell what their communication style is.
Chris Hadnagy:
Well, a lot of times I can, like, so let me ask you, like, I'm going to take a guess. I so are you would you consider yourself more direct or indirect?
Melanie Avalon:
I've been going through the different ones and I'm so torn between everything. So direct and indirect. I feel like I'm like halfway in between.
Chris Hadnagy:
Okay, so think about this, let me solidify it, at work. Forget about everything else in your life, just at work. When you're at work, are you more direct or indirect? Okay, and at work, are you more of a task or people person? And then let me explain what that means. So in a stressful circumstance, you're thinking about either one of two things. You're thinking, I gotta get this job done, it's gotta get done, or I gotta make sure everyone on my team is safe and good and everything's great with them.
Melanie Avalon:
Again, it's like it literally feels 50 -50. I was taking an online quiz for this last night and every single one I was just like in the middle, but probably if I had to air on one side. Thank you.
Chris Hadnagy:
the task at hand. Task at hand, okay, so you're a D. So you're like me. So when we first met, I guess I, which is on the same level as D, but more of a people person just because of our email communications.
Melanie Avalon:
That's why I'm torn. I'm like very people, peopley too.
Chris Hadnagy:
Yeah, and that comes across that comes across in your emails like your email back and forth to me, you were so excited and you use a lot of exclamation marks. And, you know, you have, like, it's almost like very exciting speaking, you know, you're very excitable. So that is someone who usually is more on the I side, that doesn't mean you can't have elements of the others, right? That's, that's the great thing about communication profiling, we all of us usually have a little bit of every one of them in there. But we're talking about what's dominant, right? So now that I know that at least you're on the direct side, if I were to try to communicate with you and not influence you in a bad way, but let's say I had to get a task done with you or something, I know that I could be direct. That doesn't mean rude. And it doesn't mean blunt, right? That was those things are not synonymous, right? So just being direct means that it'd be okay, if you and I were working on a task. And, and let's say something wasn't done, right? I can say to you, I don't think this is the best work you've done. And you probably not going to be offended, right? No, I
Melanie Avalon:
I mean, I would really want feedback like that, for sure.
Chris Hadnagy:
Right. You want more. You'd want more about why like why so why isn't this good? And i'm like that, right? So if somebody comes to me and they say I really don't like this section of your book. Tell me why Right. I'm not i'm not going to punch you because you said tell me tell me what what didn't you like about it? Okay Now they sit back and they explain to me what what it is that they didn't like and i'm like, okay great Thank you. I I can try to improve that next time I write I like that kind of feedback now if someone comes up and says boy, you're an idiot. This book sucks That's not feedback. I want that's that's blunt. That's rude That's not direct, right? So Being now, you know someone's direct. It doesn't give me the permission To to be mean to them or to be you know blunt with them It gives me permission to to be direct with them and there's a difference between assertive and aggressive communication
Melanie Avalon:
So with direct negative feedback, my response would probably be, it's like a two -step process because my initial response, I mean, if I felt offended or something, I might feel, you know, offended or defensive, but then I would realize that that's like my own issue and I would be, I want to know what's wrong. Like I basically, I want that information. I guess I'm just clarifying that I don't think it would just like bounce off me without like an emotional reaction first, but I would be hopefully in theory aware of it and want more information.
Chris Hadnagy:
I mean, because you're also passionate about your work, right? And this also makes me think this is why I think you're more of an eye, right? Because eyes, although can be direct, they need to be a little more people -y, to use your word, when you communicate with them, right? So when you communicate with an eye, there needs to be a little more about the, like, and this is not about self -aggrandizement or anything negative, but eyes like the spotlight a little bit more. They don't mind it, right? They don't mind it. So when you give an eye some criticism, you kind of have to tell them, first, some of the good things they did, and then some of the things that maybe they can work on, and then kind of sandwich it with some other good things, because that will get across better to them than just saying, hey, this was not great.
Melanie Avalon:
Okay, yes, that makes sense. This is so cool. I want to I want to start using this more in daily life I'm I'm super curious. So when you when you interact with people every day a how much of this? conscious or subconscious Characterizations are you doing in your head of like everybody that you just meet, you know, not in a work situation Also, how suspicious are you of people and how suspicious are you of like pest control and like delivery men? And you were telling all these stories. I was like, I would never trust it People ever again
Chris Hadnagy:
So the first part of your question is, it's interesting, once you make this part of your arsenal or your repertoire or your personality, I can't shut it off. So I'm doing it all the time, right? I'm constantly assessing people, places, things, constantly assessing for any kind of like danger or threat or what I think about a person, it just never shuts off, it's all the time. And I don't mind it. I'll tell you from the nonverbal perspective, one of my mentors was Dr. Paul Ekman. I asked him once because I became, I hate to use the word expert, but I had a pretty high level of reading body language and facial expressions. And at one point I was working on a court case. This guy had raped and strangled a seven year old girl and he lied about it and he decided for some unknown reason to throw a press conference to claim his innocence. There's no nonverbals that indicate deception, right? So there's no, you do deception detection through verbals, not through nonverbals, but what you can see is incongruency. So with nonverbals, you can see someone who's saying one thing, but their body is showing another. And that doesn't mean automatically it's a lie, but high levels of discomfort give the interviewer a reason to start questioning in that, right? So we train these kinds of things. You know, I had just had this feeling watching this interview that this guy was definitely holding something back, that there was some questions they should be asking and I was giving information to the courts on this. The video that I got when the parents came into the courtroom and they had to hear the testimony of what happened to their daughter, their faces had a level of pain on it that I'm saying this now and if we were on camera, you would say, I have goosebumps. It was something I'll never unsee. And it affected me really heavily. And I remember calling Dr. Ekman and I said, I need help, I've got to get this image out of my head. And I'm like, how do you shut this off? And he's like, you don't. Like, you don't, he's like, it doesn't. He's like, once you learn it, it's just there. He goes, just don't look at things if you don't want to analyze them. You know, if you don't want to see something in your head again, then don't do it. And I'm like, geez. So I had to learn to live with that understanding that, you know, for me, that it's not gonna be shut off. And I actually now love that it's not because I feel that it gives me a safety net. You know, and I'm not, and the thing I have to be cautious of is I'm not always right. You know, I'm not always right. Because to answer the second part of your question, I'm sometimes too dang trusting of people. That's the crazy part for what I do for a living. I'm too trusting. I trust people with a lot of information really fast. And people will tell me all the time, why are you so trusting all the time? And I'm like, because I really like humans. I like people. I like talking with people, like having conversation, I like learning. So I tend to open up and trust people with things about my life, my emotions, my feelings, my job, whatever, you know, I mentor a lot of people and I share a lot of things with them. So at the same time, I'm not paranoid, but I definitely don't just trust anyone coming into my home. I need to definitely have proof that you belong here and I know who you are before you come to my house.
Melanie Avalon:
to that trust piece. Was it a Gladwell theory about how we tend to trust most people?
Chris Hadnagy:
when we can we do i can think about how the species you know human race how we're gonna keep going if we walked around everytime we met somebody we had to prove that you were trusting in a good person. We would not be having kids in the human race would die out because it be too hard to do that right so natural inclination. Is to trust other people and to think that other people are as good as I am right when I meet you I don't assume you're probably stomping on puppies in your basement every night right I assume you're a great person. You know you're doing good things for the world, you have a couple great companies you like some of the things I like so we you must be a good person because we have a lot of similarities. So I assume that and I don't assume the other thing because to do that would be very harmful for I mean if I did assume that you were hurting animals at night. I wouldn't want to talk to you I like no i'm not going on your show no i'm not going to interview no I don't even know who you are you're a terrible person that would be awful wouldn't it so we have to go through life trusting people automatically.
Melanie Avalon:
Gladwell, it was the truth default that we're assuming people are honest, but I guess that's sort of the same thing. What's interesting about it is because, you know, you said it even now that sometimes you're more trusting than maybe you should be. I've thought about this as well. If we look at all of the interactions that we have daily and like if it was just a number and all of the micro trust moments that we have, I guess I don't know that it's necessarily being overly trusting because I feel like most of the time that does pan out to be, you know, it seems like it's, well, maybe I'm wrong, but it seems like it's a more rare case when you trust somebody and it's like a stranger and it goes bad. What's interesting though, because you talk a lot about the role of communities and how that builds oxytocin and, you know, instant bonding, I've also, I've often thought about how I find it really interesting that if you're just like outside with your bag and your stuff like out in the world, you might be suspicious that a random person will steal your stuff. I mean, if you just like pass somebody, you might be suspicious of them. But if you're in a situation where you don't, you still don't know them, but you're doing something with them. So like going to a concert or something like that, like I'll like ask somebody that I've never met to like watch my stuff. It's just because we're both going to the same concert. Now I automatically trust this stranger to like, you know.
Chris Hadnagy:
You're in the same tribe.
Melanie Avalon:
Yeah, yeah, it's so, so interesting to me.
Chris Hadnagy:
But there is something that has to kind of be like, even though it's not the easiest topic, there is a difference between you and me. I'm a very tall, large, white man. You know, you are a very small, attractive woman. So there's a difference in the trust factor in walking around in the world. I don't worry about someone coming up to steal my bag or my backpack when I'm walking around on the streets. I don't ever worry. I don't worry about that. And maybe that's stupid of me, but I don't. I don't walk around thinking someone's gonna mug me. You're gonna have to have a weapon or be pretty bold because I'm not a small man anymore, right? So that's different for you. That's different for my wife. My wife is five foot two, right? Tiny little Asian woman. She's not, I worry about her being out, right? So it's not, there is a difference in that trust factor. So everything I say, I say it coming, and I like to tell people this, I'm coming at my angles and my, the things that I do approach from who I am also. My job is very different if you're a black man. Very different, right? Because if somebody catches me picking a lock in the middle of the night, there's very little likelihood I'm getting shot. They're gonna be like, hey, what are you doing? But if I got a black guy on my team and he's picking a lock, there's a greater risk that something's gonna happen to him because of the world we live in, right? In this country. And maybe not if I'm, you know, I broke into some banks in Jamaica and that would be different there, but in this country. So there is, you know, to, it doesn't change the thing that Malcolm Gladwell said about we go to the, we default to trust, we do, but in situations we do have to also consider who do we look like? What do we look like? Who are we and where are we in the world? And that will change the trust factor. I am much more on guard when I'm walking around the city and my daughter's with me, because now I have something much, much bigger and more important to protect, right? But when I'm alone, I'm less likely to be worried.
Melanie Avalon:
Talking about analyzing all these people and these interactions, is there a role for AI in all of this? Is it able to analyze people?
Chris Hadnagy:
Yeah, this is going to be the next biggest thing, right? And you think about every two weeks, what's happening with AI is like years of growth. It's unbelievable to me, like how much AI has grown just in the last year or so. If you are familiar with chat GPT,
Melanie Avalon:
Yes, am I? I get in arguments with it like every night.
Chris Hadnagy:
It's crazy. And do you do the actual voice talking to it? Do you actually talk to it?
Melanie Avalon:
Oh, you can do that? I didn't do that.
Chris Hadnagy:
Yeah, so if you're on chat GPT for and you're on the app on your phone on the bottom where you type, there's a there's a headphones button. And when you when you press that you have a vote vulnerable conversation. So I was bored. It talks back
Melanie Avalon:
He talks back. Oh, is it a man or woman?
Chris Hadnagy:
I made mine a British woman. Oh, you can pick? Okay. You can pick, right? So here's the crazy part. I'm driving back from Tampa one day. It's an hour and 45 minutes. I'm bored. And I'm like, I want to know my family was asleep. Nobody wants to talk to me. I had a conversation with chat GPT about psychology. And it was a real dang converse. I mean, it was a conversation. And that's scary to me. Like I said things and it would sometime correct me or I would ask it questions and it would educate me. I moved on to music and I was like, tell me about what the meaning of this song is from this band. And it would go and get the song and then tell me what the song meaning is. I was like, this is crazy. I'm having a conversation with a bot in my car.
Melanie Avalon:
while I'm driving. The scariest thing about it to me, I just can't, I can't get over how it hallucinates. If it doesn't know the answer to something, it can't not know the answer, so it'll just make up an answer, and it's called hallucinations, and I find that very problematic. And then what I find further problematic, because I had a conversation with it sort of recently, and I was like, is it true that you hallucinate and make up the answer if you don't know it? And it was like, I try to find the answer, but if not, yes, sometimes I, you know, it said basically that it does. And I was like, okay, well, can you just let me know when you're doing that? It was like, it was like, I'll try to, but I don't always know when I'm doing it. I was like, okay, we're doomed. We are doomed. It literally just makes up stuff and doesn't know it's making it up.
Chris Hadnagy:
If you want two stories that are even scarier than that, so chat GP4 came out and the creators had given it a task. They said, we want you to get into this website, but the website had a CAPTCHA, and bots can't solve CAPTCHIS, even advanced. Really? Yeah, they can't solve CAPTCHIS because the CAPTCHA is made to prove you're a human. So there's parts of it that can't be. So the chat bot decides to go to TaskRabbit, and it hires a human, and it says, I need you to do this CAPTCHA for me. And the human says, well, why can't you do it? And the bot realizes if it says I'm a bot, he's not gonna get the help. So it tells him I'm visually impaired. It tells the TaskRabbit he's visually impaired. And then the TaskRabbit guy goes and does it, and he's like, I won.
Melanie Avalon:
Oh my goodness, that's really scary.
Chris Hadnagy:
That's scary. He's even a worse one. Operation Pegasus was an air force operation where they took five drones that were run by AI, and they attached it to a fighter pilot's jet. And the purpose was that in an actual wartime that the drones would be able to take out ground and air fighters that were trying to shoot at the pilot. Right? And they're dispenseful. Basically, you've got like five of your team up there, and they're all dispenseable because they're non -humans. And they took this whole project, they put it in a simulation because they wanted to show it off, and they told the bots, you know, to win, you have to get X amount of points, right? So in points where you're going to bomb these things on the ground, you're going to shoot this stuff down, and you're going to get points. The bots disagreed with the human pilot's assessment of how to run the engagement. So they killed him. They shot the, this is all simulation, but they shot the pilot down, took over the operation, got the points, and then came back like we won.
Melanie Avalon:
Oh, no.
Chris Hadnagy:
Yeah, so we're talking Skynet, right? I mean, I'm with you in the problematic part of this, because here's where we're seeing this from my world. Right now, there's an AI tool that can take away someone's accent. So they're using it while the Indian call centers and things like that to remove accents, because like you said in the beginning, we all kind of expect customer service to be foreign. But now if we're hearing an American voice, we're going to trust it more. We trust it more, yeah. If you haven't heard about this story completely crazy, these guys made a deep fake video called a digital skin of a CFO from a massive company in Hong Kong. And they got on a video call with one of the accountants and had the CFO in this deep fake order a $25 million wire transfer. And they did it because of a deep fake. AI is now being used in crimes, the kidnapping scam, they're using AI for that. This one's really horrible. But right now, we're seeing a massive increase in sextortion against teenagers. And what it is, they'll use AI to put the teenager's face on a nude body. And then they'll threaten them. We're going to send this all over the internet and embarrass you in front of your friends unless you steal money from your parents or unless you do something else that they ask them to do. It's led to over 20 suicides, sadly, in this country, because of this. So it's a dark topic, I know. Sorry to kind of do that. But I think it's important to realize that AI has a lot of great potential for us. It can make a lot of things easier. But with the lack of regulation in it, I'm a little scared of how quickly it's advancing.
Melanie Avalon:
Do you use any AI in your work, like are you developing programs or anything?
Chris Hadnagy:
I do. Yeah, as a matter of fact, I've used AI to help me write programs. I have a couple projects out there. We're looking for grant money because we have a couple AI based projects that we think can really help fight negative social engineering. Right. We have a lot of data at our hands that could be analyzed. And if a bot can be taught to be able to detect deception, then we feel that we can use that and helping people stay safe against some of these phone attacks and email attacks and things like that. So we're we're we are working on things to try to use AI to for the betterment of mankind. But, you know, it's sadly the bad guys. They have it seems like they have endless streams of money. Right. They have like they did there. I think I read a report that one of the biggest ransomware groups last year made 100 million dollars so they can buy anything they want. They can fund anything they want. But for me to go out and try to get, you know, two or three million investments so I can make this project not easy. Right. So so the bad guys always have a leg up because they seem to have endless resources. They don't care about hurting other people and they'll do anything to get the job done.
Melanie Avalon:
Is it sort of like on a superficial, not AI level, but like spam filters on your email that are having the intention of trying to protect you from fake emails or not?
Chris Hadnagy:
Yeah, so that's a simplified explanation of it, but that's okay.
Melanie Avalon:
a very simple version.
Chris Hadnagy:
Yes, like that. Think of this. If you can have a bot that could be listening to your phone call and give you a warning that something being said indicates a lack of truth. Something being said indicates maybe a deceptive practice. Just a warning. Think about any of the scams that you fell for. If someone was just in the background going, hey, maybe that guy doesn't work for spectrum or whatever it was. It doesn't work for the internet company. If that was the case, you might have went like, duh, I wonder if he does. It would have stopped you for even enough seconds to just go critically think and go, I don't know. I need you to prove to me that you work for the company before I give you access to my computer. Just having that warning could be enough to get someone to stop and go, okay, yeah, I understand now. I get it.
Melanie Avalon:
That would be so helpful. Okay, that actually bring me back to my in real life hacking moment where somebody in real life hacked me, I think. This has haunted me, so maybe you can answer this question for me because I want to know, something happened in this interaction and I want to know, was that part of the scam and the human hacking moment? So I was in, I can't believe I fell for this. I was in the Whole Foods parking lot and you know those people, because they come up to me a lot before, especially in LA a lot more, but they come up to in a car and they say they can fix the dent in your car for cheap and they do fix the dent. So it's not like I didn't get it fixed, but it was a horrible, it was not a good job is the point. So this man came up to me in the Whole Foods parking lot and he said that he could fix, it wasn't, I don't know if it was dent, it was scratches I had on the car. He said he could fix them. He said that he had, or he looks at the tag number of the car and gets the exact paint color and like it'll look just like the shop and it only costs this much money and blah, blah, blah. But the thing he did, point being is I fell for it, I gave him a lot of money, he fixed it, it looked awful, I had to go take it to the dealership and get it redone is the point, is the ending of the story. But the thing that happened was he had his, well, he said his wife and his daughter in the car and there was a woman and a young girl in the car. And so early in the conversation, he asked me what my name was and I said, Melanie. And he was like, oh, Melanie, that's my daughter's name. And in my head, I was like, hey, that's not your daughter's name. And then later on, like halfway through the interaction, his wife was like, Melanie to the little girl. And I was like, wait. So I was like, is his daughter's name actually Melanie? Or is it all part of the setup? To this day, I don't know. I mean, I feel like that was all part of the setup, which seemed so elaborate.
Chris Hadnagy:
It probably was because I tell you we do this on the phone all the time like when we're some of our calls that we have to do, we have to get people's social security numbers. So I usually won't use daughter, but what I'll say, like, if I get on the phone with someone and like, Oh, hey, this is a Paul from tech support. Um, is, you know, what's your name? And they're like, Oh, Melanie, oh, man, one of my best friends named Melanie, you know, something like that. And just kind of throw something interesting out there. I have an aunt named Melanie, you know, or if someone I met a woman in one call, her name was Sophie. It's a very old name, right? I said, Oh, I had, I had a great aunt named Sophie. You don't hear that name too much anymore. She's like, yeah, yeah, yeah, me either kind of thing. And now you just built a little report because you're, you're what I'm trying to do is what you said before is like you go to a concert and you're a tribe. You feel comfortable with these people because you're all there for a similar purpose. Well, if I can make this person on the phone part of my tribe, we have something in common. She's more likely to now give me information.
Melanie Avalon:
I couldn't believe it would go so far as to bring young children into this scheme because it was like a young kid, which is like very sad to me.
Chris Hadnagy:
Yeah, but I mean think about it. I don't I don't know, you know where you live now, but it's like where I live here in Orlando We'll have these people sitting on the side of the road with their family saying, you know homeless You know hungry, you know, and they'll have their kids. I mean In orlando like right now it could be like 97 degrees out. It's it's terribly hot You got some kids sitting out in the middle of the of a highway and that that's like to me That's like a form of child abuse, you know And you got your kid in the coloring book out there just so maybe you can get a couple bucks Like it's they don't when when you're running scams like that and you are a malicious hacker human hacker You're a malicious scammer then you how people feel doesn't matter Even the people you're utilizing right because that that's the that's why I put the ending of the book and leave them feeling better because and that's why there's that contract which I can't enforce in the beginning because I know that all of these skills you can Take them and you can become a horrible human being using these a very selfish horrible human being Because it's the same skills that i'm using every day in communications that some of these scammers are using But that you know, they when people do that, they just don't care. They don't care about those kids Maybe that was his kid and his wife, but you know, she's part of the scam So, you know, he probably told her name's melanie and now mom's going to use it That's part of the whole that's part of the whole thing
Melanie Avalon:
I totally forgot how it ended. Now I remember how it ended. I got so, because I realized I do not like injustice happening, you know, when I realized that it wasn't the same color. He used, it wasn't the same color on the car and everything. So I, I called him back because he gave me his number and he did answer, which was shocking. So I tried to tell him that it wasn't the right color and, you know, he, I needed a refund and blah, blah, blah. And he literally said like, it was so interesting. And this was a moment where I was like, like, really? Yeah, I can't believe I fell for that. Because he was so like a different person in the parking lot. And then when I was talking about the phone, he said something to the fact, the fact of like, did you really think you were going to get a, you know, a car quality, car shop quality thing in the Whole Foods parking lot, basically saying, tell me I was an idiot for falling for falling for it. And I was like, okay, I'm exiting this now. Lesson learned, lesson learned, but he called me out on my on falling for it.
Chris Hadnagy:
Yeah, yeah, they don't care, right? I mean, they don't once once they get what they want. A lot of times with these scams and every every case once they get what they want, they're very open about telling you that you've been duped because they want you to feel stupid because if you feel stupid, you won't report it.
Melanie Avalon:
Oh, that makes sense. Yeah.
Chris Hadnagy:
Right? So and like in the really dark stuff I was talking about for this extortion right now what they're doing They're you're focusing on young boys because as young men 13 14 15, they're less likely to go for help So what they do is when they think the kid is getting close to going for help They can encourage suicide because if there's no victim then they can't get caught Right. So it's it's they a malicious scammer like that. They don't care about they don't care about you your needs your family They don't care if that was your last Thousand bucks that you spend if that if that you needed that money to feed your they don't care. It doesn't matter They'll take it because their needs outweigh anything that yet in your life that completely lack empathy
Melanie Avalon:
That's horrible. I'm so glad there's people like you that are doing things like this. Like, how often do you come across scams just happening?
Chris Hadnagy:
Yeah, well, because I'm in the field, we see it probably a lot more than other people because our clients are calling us and telling us we're involved in trying to fight ransomware groups. Plus, when I give speeches or do anything, I get people who come out and tell me, oh, my grandma fell for the jail scam, my mom fell for the romance scam kind of thing. I'll get people tell me those stories all the time. And we're also my company. We try to be like a source of updated news for folks about these attacks. So my team and I are always doing research into what's happening globally. And then we put things out there in our LinkedIn or Twitter or Facebook or Instagram or something to keep people informed about what's happening in the scam world. So for me, I see it often, but then also I'll sometimes see it just like driving to the grocery store. Like I said, I see these families sitting on the side of the road and I'm like, yeah, that's a scam. Look at their shoes. That guy's got better sneakers than I do. He might've put some dirty clothes on, but he's got some great shoes. I mean, you're not affording those Nikes if you're living in a box. Come on.
Melanie Avalon:
One of the scams I fell for is not resolved for me. It's still open -ended, which is maddening, but it's that I got my official Facebook profile got hacked, and it's not me running it, and I cannot get it back, even though I've talked to Facebook. So it's horrible to have your identity stolen and nothing you can do about it. And it's just, how do I hack myself back into my own account?
Chris Hadnagy:
It's terrible. I'm working on a couple cases now about this, and I got to say, Meta is really bad about this. They're horrible. I mean, if anyone from Meta is listening, you should listen up because there are so many people who've had their... I'm working with this one poor older woman. She got her account hacked, and now this guy's going to all of her friends and her friend thing and doing a crypto scam, right? Because, I mean, think about it. If you and I are connected on LinkedIn, and then you ping me on LinkedIn, I'm just going to assume it's you because we talked. I'm not going to be thinking, oh, this is a hacker. If you're like, hey, Chris, I got this really amazing investment opportunity, I thought about you after our conversation. I may go, oh, wow, I can't believe you thought of me. Thanks so much. It's terrible. Meta, there's no solution because they're like, well, go in and have us email your password. The first thing they do is not to you. So it's like, Meta, how are people supposed to fix this? And we are talking about tens of thousands of accounts are getting hacked every month.
Melanie Avalon:
So I know how they did it, and they did the whole pre -text thing, and it's another one where I'm super embarrassed because I fell for it, but I get emails all the time about going on different podcasts and different shows and everything. And so I got an email about going on this show that was like a legit show. And since then, I've gotten probably three more times now. I've seen the same scheme come in, so I'm like, oh, I see what's happening. So I'm never going to fall for it again. It was an invitation to go on a big show, and they said it was going to be through the Facebook platform. And I had to set up the setting in Facebook to attend, and somehow they got in through me doing that. And then I could see them in my account. I could literally see these users in my account, and I couldn't remove them. I would try to remove them. It's like, you don't have permission to do that. I was like, well, what do we do here? They're running for my Facebook page. They just run ads for stuff that I don't endorse, and it's really, it's really upsetting.
Chris Hadnagy:
And especially as an influencer, this is terrible because if people start falling for things, it can, and this can, well, let's talk offline. I'll see if there's something we can do to help, because I don't wanna, but it really irritates me because Meta, Meta could, they could be better about this, you know, and they're just not. And then it's because they choose to not be. I mean, it's like, you can go and you're sitting here saying, look, here's my face. See the, do I see the face on the webpage? This is my, you can get on a video call. You can look at me. You can see it's my face and it's the same face on this page. Here's my ID. I'm telling you who I am.
Melanie Avalon:
Somebody told me, so two things, I've heard that you should create a German profile and reach out to German meta, because the Germans are more intense, and that they're better with responding and helping. So one of my friends got it back by, he was going to go as far as legally changing his name to get his profile back, and instead he got a German account and got it back that way. It's like, okay, to -do list.
Chris Hadnagy:
I have not heard about that, but that's an interesting thing.
Melanie Avalon:
Yeah, so might be something to look into. I won't make it all about this, but it's really having your identity stolen is a really horrible feeling, especially when there's like nothing you can do about it.
Chris Hadnagy:
And, but again, don't, don't beat your, your, you keep beating yourself up over this. I mean, think about it. That pretext made a lot of sense. So I've done a few podcasts where I'm on LinkedIn live. Now, you know, they didn't ask for any special permissions, but they did say, Oh, I have to, you know, to, to promote it, I'm going to have to do this and that. And I can then promote it on my account and stuff like that. I'm like, okay, you know, I'll go do that. But it makes, it makes sense. You know, they're telling you, you just have to change the setting. And I know exactly the setting. You made someone like a, um, a manager of your page.
Melanie Avalon:
Is that what I did?
Chris Hadnagy:
I'm almost sure that's probably what they're asking for because that way they get in, you can see them, but then what they have the ability and permissions to do is to now take away your permissions.
Melanie Avalon:
Oh, I think I attached, they had me make this like Facebook, maybe it was like a sub page or a room. It was like a thing where we were going to record basically, right? Because I called it like Facebook events or something. I like made that. And then I attached them to that because I thought that's how we were recording. And so then I guess that's how they got in. I guess the embarrassing part about it is I just feel like looking back, you know, hindsight, 2020, I'm like, there's so many red flags, like they had been doing so many, you know, specific things, but I just thought it was protocol, like, so yeah, yes, yes, yes.
Chris Hadnagy:
I mean, that to me is, again, not something to beat yourself up over because it's always easier to look back and say, oh, man, now I see where that was goofy. But like you said, hindsight is 20 -20 because once you know it's fake, it's easy to see the signs that it's fake. It's hard to see it in the real time.
Melanie Avalon:
Yeah, it's so true. And like I said, I find it really interesting. I, at least three times now, since then, I've gotten almost the exact same initial pitch email. I'm like, this is, I know what this is. So the good thing is once you see these things, I think it really helps for going forward, you know, for not falling for it again. But I feel like there's still, it's like, how are they going to get me next time?
Chris Hadnagy:
And they're going to keep trying, especially as an influencer. If you have a name out there at all, you're it's a it's like having a target. Right. So your people because because people know how to get ahold of you, you're you're you have to be easier to get ahold of because you're out there. Right. And I know this because I want to do interviews about my books or my things. I got to make sure that people know how to get ahold of me, which means that I'm putting myself out there and there's a risk. And I talk a lot about my family and my kids. And I talk a lot about the places I go and talk a lot about being Italian. So, you know, it's like I have a lot of information out there. And what I always tell people is that when you put something out there, the best way to think about it is now it's not private knowledge. I've my daughter is an expert at facial expression. So I use her in the books and a lot of my books are pictures in there. So I say, OK, now everyone knows my daughter's name is Amaya. And they know what she looks like. That is not private information anymore. So just because you know, that does not mean you and I are best friends because almost everyone can know that.
Melanie Avalon:
I was reading an interesting stat recently about apparently a high percentage of people feel like we don't have privacy with all of our, like our phones and our emails and everything, but people prefer the convenience of everything.
Chris Hadnagy:
No, that's true. This is part of the things I always have to say to people when I'm giving speeches to, let's say, the end -users. Security makes things inconvenient. It does. Telling you to have a password manager so that way you can store the thousands of passwords you need and they can be different. And also having MFA or multifractic authentication turned on everything is going to slow down your life. It is. But it's also going to make you not the low -hanging fruit. So I say, yeah, security is not developed to be quick and easy. It's going to make your life more difficult, but that's, I think, almost anything. You want to get healthy, you've got to go to the gym, you've got to work out, you've got to eat right, and those things take time. Everyone wants the pill that we can eat and that will make us skinny tomorrow. But I found out through my life that pill doesn't exist. You've got to work your butt off.
Melanie Avalon:
I'm glad you mentioned the password manager because I do use one of those and I actually find it way easier having one. The reason I was on the fence about getting one is I was like, well, if that, if that gets hacked.
Chris Hadnagy:
Yes, so so and and and you know, we can be open about this last pass if you're on that one I would definitely get off that one that one did that that one did get hacked It did right it got hacked and and it was and it was a big big deal because they kind of lied about it And then they were very sketchy about how they handled it So what they said is some of the vaults that were from an older version Got breached but they didn't tell any user if their vault was part of the breach or not So, you know, so when you're looking at it, but now people go well that doesn't that mean now that you know password managers are Like no, no It's like you can't just say because that one got hacked like, you know Hey 18 t got hacked. Does that mean you say I don't want a cell phone anymore? That's not the way it works. You have to have a password manager But you know, you just got to be aware that if something happens, you got to move quick right because password managers I use mine to generate the passwords right and and that that way I don't have to remember it
Melanie Avalon:
Like those really long, complicated passwords. Yeah.
Chris Hadnagy:
If i go to a website that says you can have a password of up to twenty four characters i slide that thing to twenty four characters i let it develop it and i save it i have to remember one thing and that is my password to get into the manager that's it. I don't remember anything else and then i tell people make it a sentence with with spaces with grammar with with with punctuation. Right so that way you remember something maybe a lyric to your favorite song and now you have a giant password for your password manager that you're never gonna forget because it's something really important to you but no one's gonna ever guess it.
Melanie Avalon:
Yeah. Yeah, nobody would ever, nobody would ever guess mine. Knock on wood. Okay. So I feel good about my password manager. Okay. That's good. Because I remember when I was like thinking about it, I was really on the fence. I wonder if that was before or after. When did the last past thing happen?
Chris Hadnagy:
I want to say it was, was it 2023?
Melanie Avalon:
Okay, so probably before that happened then okay, I think it was 2022. Okay. Yeah, I think I have Dashlane I think I've had it for longer than that
Chris Hadnagy:
Yeah, that's the one I use.
Melanie Avalon:
Okay, oh yay! Okay, good.
Chris Hadnagy:
Yeah, I really love it. And you know, we do it as a as a corporate account. So that way, like my my sys admins could, you know, help someone if they forget their password and things like that. But I found that one to be very, we did a lot of analysis, we were on last pass. So we did a lot of analysis of it and a lot of discussions with them. And one of the things that I thought was a genius move by Dashlane, when last pass got hacked, they Dashlane put a whole white paper out about their security and how they secure their their vault. And it has basically like a big screw you to last pass because they were showing everyone how they were 1000 times more secure. And we switched over because of that. We're like, Yeah, we'll go there.
Melanie Avalon:
It's also interesting how it has the thing where it shows if your if your stuff is found on the dark web Although I don't really know what to do about that
Chris Hadnagy:
So all you can do about this, and this is interesting, is that if you get a notice about that, whatever that account is, make sure you go and you change that password right away. So if it's like, hey, Melanie, your Gmail is on the dark web, go change that password right away. There's nothing you can do if you can't get it off the dark web, but that notice is telling you that if your stuff's out there, I tell this especially, hopefully this is appropriate for your show, but if any young women are listening there, iCloud accounts and Gmail accounts that are tied to photos, there's a lot of attacks going out there where they're trying to get those passwords because a lot of young women, not even just young women, store nude photos on the iCloud accounts or on their Google Photos accounts. If they gain access to them, they use them to exploit. And then those pictures end up, I worked a case for ILF, this poor young girl lost her iCloud account and they are selling her photos on websites. They are selling her photos. They're not even asking for anything from her. They were just basically contacted her and then they did something even worse is they put her contact details in the packs of her photos and videos. So now she has random creeps texting her, calling her. All right, so I tell people all the time, like if, and I'm not making any judgments, right? So I'm really not judging. If you are a person who takes naked pictures and you put them on your phone, make sure they're either in the, for your eyes only, Google has something, it's a locked folder. iCloud has a locked folder. Don't upload them and delete them. I'm just like, it makes me so nervous. It makes me so nervous because once they're out there on the dark, you can't get rid of them. I was able to help her get rid of most of the photos on the open web, but there's no, I can't remove them from the dark web. They're just impossible. So once they get sold, however many people bought those photos, they're in possessions of thousands of people. They're gonna be there forever. So I always tell people like it's, for me, that's a great motivator to never have those kind of pictures, but if you do have to have them or you feel a need to have them, lock them down and do not reuse that password in iCloud or your Google passwords for anything else. Because if those things get hacked, that's the first thing a lot of these guys go for. They look through your sent messages, your sent mail and your photos and if they find anything that's near a naked photo, they then use it to exploit you.
Melanie Avalon:
I am so naive when I hear this. So the dark web, like, can anybody go there? I don't even know where, like, where is it?
Chris Hadnagy:
It was started actually by the U .S. Navy, and it was started to share scientific data amongst scientists all over the globe and to out -whistle, to help whistleblowers, right? So whistleblowers can go and anonymously whistle blow, and scientists can share data. Quickly, people realized, I can share anything on this. And of course, man, every time, became a hub for pornography. Then once people realized you can transport pornography on here, then it became drugs, weapons, things like that. So all you need is a specific browser to get to the dark web, and anybody can go. Now, the difference is the dark web is not like the open web and where you can Google things. So there's no search engine. You can't just go there and say, I want drugs, and then it takes you to the drug pages. You have to know the pages. So they use the open web to advertise things, or you have to be told on Telegram or other places, like, here's the website for child porn or something like that, and then you go to it. But there's not a search engine for these things. But yes, you don't have to pay for it. Anyone can get to it. It takes a very little bit of knowledge, but I would say probably 90 percent of what's on the dark web is garbage. And there's not a lot of reason for a normal, law -abiding person who doesn't want to commit crimes to be on there.
Melanie Avalon:
I always hear, you know, this concept. I'm like, I don't even know what this is. Like, am I going to just like end up there by accident someday?
Chris Hadnagy:
No, no, you won't end up by accident. So you need to have something called Tor, which is the onion router. And Tor is the connector that allows you on the dark web. So there's no way you're ever gonna just mistakenly click a link and you're gonna be there. You have to purposely install this and go to it.
Melanie Avalon:
Alice in Wonderland.
Chris Hadnagy:
Yeah, yeah. So it's not going to happen. No, but that's that's a legitimate question because people ask that and go like what happens if I end up on a bad site and then I and then I get arrested of the cops come out. There's there's no way with the dark web because you can't if it looks like you're on the open web every link for the dark web ends with dot onion right with the word onion if you were to click that and you weren't on tour. It would it would you would go nowhere the website would go can open it with four or four would ever out so you would get to nothing you have to be on an onion router in order to even open up an onion page.
Melanie Avalon:
That is fascinating. Okay, I'm getting flashbacks. I feel like some of my like high school, the word tour is having a flashback for me from, from high school. I feel like I might've had some kids or not had kids. I feel like I might've known some friends that were doing something with that.
Chris Hadnagy:
Yeah, I mean, it's been around for a little bit, you know, and in the beginning it was, you know, there was some interesting things on there and interesting sites, but now it's just, there's just so much garbage that it's like, I tell people there's really nothing you need on there. Even out of curiosity, just, I wouldn't do it.
Melanie Avalon:
This blends together everything like the morality issues and the, you know, the pretexting and the having a goal in mind. But I actually have a court case coming up because I had a it's completely fine for me to talk about it. I don't have residual trauma or anything and I'm happy to spread awareness about it. So it's all it's all good things have all come from it is the point. But I had a sexual assault thing happen with a massage therapist and this happened a long time ago during covid. So like three, three years ago, maybe now, four years ago. And the court case is just now coming up because they were so behind actually went to court a few months ago. But he he didn't he wasn't there. He was I don't know if he wasn't there. So I have to go back again. But I've been thinking a lot about it because so like I have my truth and I have my what I want to share and what I want to say when I go. But I've been looking into how important it is to present yourself a certain way to the court. And I've been thinking a lot about it because I'm like, this is so interesting because literally I have everything I want to say is the truth of what happened. I still, though, have to take into account the perception of everything and like how I present myself. And it's I find it really interesting that, you know, if I were to come in one way, looking a certain way, it could probably go a very different way, which I don't I don't think it should be like that, but it is. And it's interesting because there's like videos online you can watch where it's like how to it's funny because I was watching the videos after like while reading your book. And I was like, this is like all pretexting because it was like how to how to go to court, what to wear, how to stand, how to body language. So I know I know I'm being like very uplifting about this, but it's it's mostly because while it was horrible, I like I said, I've learned so much and I'm happy to like spread awareness about it. So it's all good things coming from it. But pretexting has been on my mind in the court case situation. So it's been interesting.
Chris Hadnagy:
So, first of all, let me say I'm very sorry. That is horrific, but you were amazingly brave to be able to openly talk about it. And I'm sure this will probably help a lot of women who are experiencing this and not knowing they can have a place to fight back, right? And actually get justice for that. Off, I think offline too, we'll talk, I think I can help you with some of this, but there is a lot and it's not, it's hard to have to admit it, but let me give you an example. One of my employees, she's five foot two, tiny little attractive woman. If we're breaking into a building together and we're gonna be pest control, who needs to be the boss in our pretext? Yeah, you. Me, right, and why?
Melanie Avalon:
because that's exactly what society would, I guess, expect.
Chris Hadnagy:
Exactly. And it sucks. And it's not politically right. And it's not even reality. But because society has that bias, if I say, Shelby, you know what, you be the boss this pretext, the security guard is going to start thinking, wait, wait, this, she's like, what, 20 something? And she's the boss of this, like, what, older guy? That doesn't make sense. And they're going to start, as soon as they start thinking, we lost. So we have to play into the bias in order to do that right now, knowing this, applying it to your situation. So you're a young, attractive woman, you're going to court, you're going to already have some sympathy, but also you're going to have people that want to judge you. So yes, everything about that first appearance, the way you look, the way you tell the story, the way that you communicate what happened to you and how it happened and how it made you feel, those things are going to be very important for those who might not have that sympathy for you, but want to judge you for who you are, your success, you know, that they're going to be able to look you up by your, you're not a, you're, you're, you have fame. So they're going to be able to type your name in. And, and while they're picking the jury, you know, everyone's told you're not supposed to go look up things, but someone's going to go look you up. They're going to see some of the things you did on movies or some of the podcasts, and they're going to look at your Facebook groups or other things you are. And you might have some people that are judgmental about that. So how you present yourself is going to be very important.
Melanie Avalon:
I'm wondering, because it'll be under my legal name, so I don't know if people will put two and two together, so that adds a nice layer there. But the thing that I find most interesting that you touched on it now, and I've just been reflecting on it, it's like, because when I normally go out in a social situation, I would dress up and I like to look nice, and I like to do my hair and makeup and all of that. And it's like, I really can't look like that.
Chris Hadnagy:
So and this and this is really a difficult conversation, right? But but let's say in 2024, I have still heard parents come to me when they report a crime from one of their children to the police and a police officer will say Well, what was she wearing? What does it matter what she was wearing because there is no outfit that says it's okay to rape me, right? So there is nothing that says that so it doesn't it shouldn't matter what she was wearing But we know that society we know that if you come in and your skirt is too short Or your shirt is too low or your clothes are too tight They're gonna be like well, is that the way she was presenting herself when this guy, you know Was she coming on to this guy and he thought it was okay, you know, she there they're they're gonna have a judgment of you So yes, sadly, you should be able to go to court. However you want. That's not the case You're gonna have to and I've done this before myself different different kind of case But I go to court I have to make sure I look the part of what I'm trying to say if I come in with like A three -piece suit. I look like some, you know rich dirtbag people are gonna judge me right away If I'm trying to get empathy from from them. I have to come in With the look they can get empathy from them and it's not manipulative. You're playing into the bias because you have to You have to do it
Melanie Avalon:
Yeah. No, this is so, so helpful. And I will say for listeners, the reason I really feel like all good things have come from it is because I had no idea about the stats on things like that happening. And ever since I started talking about it publicly, so many, probably all women have reached out to me saying that they had similar things happen, but they never told anybody. And a few people even told me they went back now in retrospect years later and reported it, which was amazing. And I was so grateful that the police station I went to and everything, they were very... They didn't judge me and they were... Of course, they have to judge to make the decisions about what to do, but sure.
Chris Hadnagy:
but let me judge you harshly.
Melanie Avalon:
Yeah, exactly. And they actually arrested him that night. So it was a good experience for me, but I know it doesn't always go that way for people.
Chris Hadnagy:
I would imagine this would be a very difficult circumstance because most massages, you're not clothed, so you're in a very vulnerable position. It makes sense, not good sense, but it makes sense that there's higher stats on women being abused in this by people. I'm glad that you're able to talk about it openly because, like I said, I'm sure there are people out there that have had this experience and now they're going to hear this and they're going to be like, oh, I can actually do something. I can fight back. I didn't deserve that.
Melanie Avalon:
I hope so. So yes, we shall see how it goes with the court stuff and the pretexting and all of that. But bringing it back, bringing it back, this has been, like, I was looking forward to this conversation literally from like the first page of your book. And then I just got more and more excited. And friends, you've got to get the book because there's so much information in there that we didn't even remotely touch on and just so many fascinating things that you can integrate into your life to, like you said, what is your subtitle?
Chris Hadnagy:
leave them feeling better.
Melanie Avalon:
Influence people and leave them better off for having met you and I love how you keep going back to this idea of really have empathy and how this is really about you know being a human and how we relate to others and really understanding. At the end of the day that's sort of what it's about was there anything you want to touch on else.
Chris Hadnagy:
Well, just the title, so it's an ode to Dale Carnegie, right? So that book, which if this blows my mind every time I say this, that book was written in the 1930s and it's still something that everybody knows. Like if you say the name, Win Friends and Influence People, like everyone knows that, that book. We've all read it. But I started thinking when I was writing this book that those principles were timeless. And I wanted to kind of give a shout out and ode to that and say that these principles are timeless, but there's one that I felt that was needed to be added and it was that empathy because during the pandemic, and I know it wasn't this way before, but during the pandemic I saw just such a high level of animosity and hatred to people online. The way people would talk to other humans, it was disgusting. The things that they would say, the attacks that are happening to people on video games and chat networks, it was, it was astonishing to me. Like we've lost a very central core of being a human and just learning to communicate with other people in an empathetic and friendly way. And I thought that this, this if we can use these skills to actually get us back to some core values of communicating like people used to, you know, just being a little kind to each other, then, then, you know, maybe that's why we put that in there. And also for me in my work, I found it very important that they'll leave them feeling better was, was central for every one of my employees because we are, we are attacking people, right? And we don't want them to go home and feel bad. We don't want them to feel dirty. We don't want them to feel used. We want them to feel good about getting educated. So it's an integral part of our business.
Melanie Avalon:
I love it so much. And that really, really came across to me. And it's funny, we were talking earlier about receiving feedback on our work. Do you read the reviews of your book? you
Chris Hadnagy:
My first book, I read every review. I was on Amazon reading everything, right? And it was like, it was crazy. I would do that. And then what would happen is I would get some one -star reviews, and sometimes it wasn't even about the book. It's like my book came wet and damaged one star. And I'm like, what? Why am I getting one star? I don't understand. So it was a little bit nuts for me with that. My second book, I said, okay, I'm going to be selective about it. And I don't but maybe not the one -stars. Maybe I'll read, I'll limit it and read like two stars and up. So that way, if someone's got some constructive criticism, I'll take it. So I don't read every review, but every now and then I'll go to the page and I'll see like, oh, look, I got some current reviews and I'll read some of them. But I ask people that I know to give me feedback because it's like mentors and friends and people. I know that if you like me, you're going to honestly tell me something I could have done better, but you're doing it also because you like me, right? And not because you just want to see me cry in the corner.
Melanie Avalon:
Yeah, no, it's so true. And the reason I was wondering, because so the reviews for the book are, the majority of them are overwhelmingly positive. And, you know, everything I've been saying about how much of the book that's, that's the majority of the reviews, it seems like the ones that are negative are people that are questioning if what you're doing is manipulation. And I just want to speak back to them. I want to be like, did you read the book like he, he's so, you're so overwhelmingly clear about, you know, the lines and the boundaries and the difference between manipulation versus, you know, these other other things. And yeah, so I really, I really, really appreciate that. I think it's really important.
Chris Hadnagy:
No, it's funny as I get some of my employees. I shall many of my employees are not from this industry. So like Shelby, I was telling you about her. She was a sign language interpreter before she worked for me. Rosa was a hotel accountant clerk, right? So they come on and now they start doing this work. They're amazing at the job, but they have these intense feelings of guilt, right? They come to me and they say, I'm just lying to people every day and I feel so guilty. And I try to give them this analogy. I say, think about it this way. You know, you go to your doctor and you say, hey, I got some pain and the docs going to do some give you a physical. They're going to poke you with things, stick you with things. X -ray, you take all sorts of images. And some of it may be really uncomfortable and you may not like it. And it may not even make you feel good. But at the end, the job of that doctor is to find any problems so they can be fixed before they turn into a death dealing problem. So I said, think of our job that way. We're doing the physical for these folks. We're trying to find the problem so they can be fixed before a real attacker comes in. So if you reframe the usage of these skills to what you're doing and you make sure that you're always doing it for the betterment of people, then you can honestly look at these skills as something as good and beneficial and not something that's negative.
Melanie Avalon:
I love that so much. Also, I love that you narrated the audio book.
Chris Hadnagy:
You know, my very first book, the Audible came out and they said they want to do it and I didn't even think it was an option and they had somebody read it and I'm listening to the reader and I'm like, this guy has no clue what he's saying and I'm telling this one part about a grandma scam and he sounds like he's smiling and I'm like, what? And then one of the reviews I got from a blind guy that listened to the book, listened to the audiobook said that I sound so self -aggrandizing and I'm like, no, that wasn't me. I didn't read it. So I said, now, know what, I'm reading it because I know what inflection, I know exactly the tone I want in this story, I know how I want the voice to sound. So I'm like, I'm reading all my books after that. That's all there is to it.
Melanie Avalon:
That's amazing. Well, I'm glad they let you. For my book, they made me audition and then they only let me and then they only let me narrate like the first and like the introduction. I was like, what? But it was exciting because I got to pick the narrator. And there was somebody I really wanted and I didn't have to record for hours and hours.
Chris Hadnagy:
I know that is the hard part. Oh, man I and I made so many mistakes and I was with Harper Collins and they had a guy a producer sitting on the call every day I recorded and He would listen to everything and he would be like nope read that sentence again. You messed up I was I was like so hard. So I was like my gosh like this guy and he was a profound. I love him He's perfectionist. That's why the book came out good, but he'd be like, nope. Nope. You said that word wrong. I'm like I did He's like, yeah, should I say it again? And unless we had to go back and record things so many times. It was unbelievable
Melanie Avalon:
I do get really excited when authors read their own books because I just feel like you really get the information and the way they want to present it to you and really the truth of it and the personality of it. So yeah, I loved that. Loved that so much. Well, so the last question that I ask every single guest on this show, and it's just because I do realize more and more each day how important mindset is surrounding everything. So what is something that you're grateful for?
Chris Hadnagy:
When you ask that question, the very first thing that came to my mind is my family. Believe it or not, I mean, we got really personal on this podcast already. So just recently, a couple of months ago, my wife was diagnosed with breast cancer and she kicked its butt. She kicked its butt, right? I mean, we had the best surgical team on the planet. She did not need to go get a mastectomy. She had a lumpectomy. She just finished her radiation. Monday was her last radiation, and she is cancer free. I am really, really grateful for that because it's been a really rough few months and we were really worried the whole time. And this July, we'll be married 30 years. So I'm like, I definitely don't see a life without her. And she was worried and we were all worried, but she kicked cancer's butt.
Melanie Avalon:
That's an incredible story. Two days ago, she had her last.
Chris Hadnagy:
The last radiation was Monday.
Melanie Avalon:
Wow. Oh my goodness. I am so happy for you.
Chris Hadnagy:
So when you ask that question, I'm like, that's what I'm grateful for right now.
Melanie Avalon:
I know. That's amazing. I'm so happy for you. That's amazing.
Chris Hadnagy:
Yeah, it is. It really is amazing. I get goosebumps talking about it because it's like, you know, when you're sitting there at the doctor's, like one of the things that I promised her is I would go to every doctor's appointment. I'd be at every appointment. So we're sitting there at the initial thing and the doctor says the C word. And I'm like, wait, wait, you just said cancer? Like I thought we were just coming in for a consultation. And then the doc says, look, we have a scale and this is not about the stages of cancer. She goes, we have a scale that is one to six on our certainty that it is cancer. She goes, you're a five. And I was like, oh, right. And then they have to go through all the options and they're talking about double mastectomy. And, you know, I'm not being a woman. I can't imagine what it would be like to lose those body parts, but I think any body part, I would hate to lose it. And it's just, you know, you're sitting there hearing all these things and it's like a wave hit you, you know, and you're just like, okay, we gotta, and then you're like, for me, I gotta be strong. I gotta do this. I gotta be here for her. And, you know, you're just trying to make sure you can manage it all. So we did, you know, we went through it. We had an amazing team. My kids kind of all came around us and we have a great friend group here that really rallied around us. And she did it and she kicked its butt. So here we are.
Melanie Avalon:
That is amazing. Wow. Okay. Well, that is a, that's a really wonderful note to end on. Well, thank you so much, Chris. Thank you for all that you're doing. Not only are you, you know, creating all this content and information and helping people on their daily lives, you're, you know, also doing all of this really, all this work in the world to protect people, help people, your foundation. It's just, it's truly incredible. I'm quite in awe. I can't wait. Are you going to write another book?
Chris Hadnagy:
I hope so. Yeah. This is an interesting thing to bring up and we can talk about this another time but I've been a victim of an unfair cancel culture over the last few years and I've been writing a book about it. It's going to be fascinating once we get done with all this but it's a really, really interesting story and it's a really interesting look at how society is with cancel culture nowadays. So I'm working on that. I'm not sure if I'll write another hacking book or not unless I come up with something new. So I guess we'll see but I'm always looking to write something. I actually enjoy it more than I thought I would when I got the offer to write that first book. I never thought I would enjoy writing but I actually really do enjoy it.
Melanie Avalon:
I would love to read that book and have you back on for that in the future. If you release that, that sounds rough, that journey. And then the irony of going on, you know, podcasts and stuff to talk about cancel culture has a nice vibe to it.
Chris Hadnagy:
It does. It actually does have an i5 to it.
Melanie Avalon:
Yeah. So awesome. Well, thank you so much. How can people best follow your work now?
Chris Hadnagy:
So a website is social -engineer .com and then the nonprofit is innocent lives foundation .org. I'm on LinkedIn. It's probably my most active social media. I'm really active on that. So I do a lot of writing on there. And when people ping me, I answer them and then they're always like, is this really you or is this like a bot or an assistant? I'm like, no, it's really me. I'd like to answer people like unless you're trying to sell me something right away. I like to answer people. So I'm pretty active on that. But those are the ways usually get a hold of me.
Melanie Avalon:
I love that. That was actually just one little throwaway thing, not throwaway, but one of the things from the book you mentioned was how people, I think you said like people are way more often open to answering questions than we realize. I love that.
Chris Hadnagy:
Just reach out and ask. That's what I tell people, right? You're not going to know unless you try.
Melanie Avalon:
Yeah, that's awesome. That's how when I started the show in the beginning and I didn't have a resume for it, so I didn't have guests, I just reached out to people. And I was shocked by people that would answer. And I'm like, Come on the show. I was like, Oh, okay.
Chris Hadnagy:
Yeah, I understand that. It's always shy. I have a podcast I've been running since 2009. Wow, long time. Yeah, it's a long time. I mean, when I think about that, I'm like, wow, I've been podcasting forever. And sometimes I'll reach out to just like crazy people like this. This morning I interviewed the guitarist from the band Lorna Shore. And like, why is he answering me? Like, and he even said, I was thinking, like, why am I coming on a show that's from a hacker? I didn't even know. And I said, well, we talk about psychology and we talk about the human element on the show. I'm like, we don't talk about hacking. I said, I want to learn from other people who don't do what I do. So that's why I have people on that. I've had psychologists, researchers, doctors, lawyers, musicians, comedians, you know, all sorts of people on the show. And I said, I invite people I want to learn from. So it's like, you know, I think that's fascinating. So he came on. So I'm with you. When people say yes, I'm always like, really? I always feel like saying really? Are you sure?
Melanie Avalon:
It's amazing to release every week, that show.
Chris Hadnagy:
Yeah we do one every week so i have the human element series which is that's the one i started in two thousand and nine and that's the one where i get interesting people on i was gonna actually bug you after the shoulder you to come on mine.
Melanie Avalon:
Oh, I'd be honored. I'd be honored too.
Chris Hadnagy:
We do the Doctors In series. I have this wonderful woman who works for me. Her name is Abby Morono. She got her PhD when she was 23. She is a fascinating human being. And she is an expert, her degrees in psychology and non -verbals. And she's helping me bring science into my field. So her and I do a podcast and it's usually about something on psychology. Then I do one that's just for security awareness. So I have a CISO on and we talk about that. And then my fourth one a month is Essie, et cetera, which is just basically anything else that we didn't get to talk about during the month and the world of social engineering.
Melanie Avalon:
Whoa, four? So these are four different shows?
Chris Hadnagy:
shows. I mean, they're all the same. It's the Social Engineer podcast, but they're four different series.
Melanie Avalon:
Okay, okay, gotcha. Well, I mean, essentially, because you said it's wait, wait, wait for a week.
Chris Hadnagy:
No, no, I do one every week. Every Monday we release, yeah, we release one of those. So one of those a month. Dear God, no, I would have to, I'd have to be making some money off my podcast for me to do that, you know.
Melanie Avalon:
Oh my goodness. Okay. That's incredible. You're an OG podcaster. 2009.
Chris Hadnagy:
I know, really weird, I'm old, right?
Melanie Avalon:
That's incredible. I love it. Wow. Well, thank you again, Chris. This has been literally one of the most fun Fascinating exciting enlightening shows I've had ever on this show
Chris Hadnagy:
And I think I could have talked to you for like hours and hours and we did, but I think I've got to just keep talking to you. So thank you for making it so easy.
Melanie Avalon:
Likewise, I will talk to you in the future and I can't wait to have you back in the future as well. Yes, I can't wait. Thanks, Chris. Bye. Bye.