Easy Prey Podcast By Chris Parker cover art

Easy Prey

Easy Prey

By: Chris Parker
Listen for free

Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim. Biographies & Memoirs Politics & Government True Crime
Episodes
  • Intimate Partner Fraud

    Intimate Partner Fraud
    Apr 1 2026
    Most scams leave a digital trail. A fake email, a spoofed number, a fraudulent website. You can trace them, report them, sometimes even reverse them. But what happens when the scam has no digital trail at all, because it isn't happening on a screen? What happens when the con is standing right in front of you, making you laugh, meeting your friends, and planning a future with you? My guest today is Tracy Hall. She's an author, keynote speaker, and senior marketing executive with over 25 years at some of the world's most recognizable tech companies including eBay, Virgin, GoDaddy, and Afterpay. She is sharp, successful, and by every measure, exactly the kind of person you'd assume would see it coming. She didn't. And neither would you. In 2017, Tracy woke up to a Crime Stoppers video of an unidentified man being arrested outside a Sydney apartment. That man was her boyfriend of 18 months. Except he wasn't who she thought he was. The man she knew as Max Tevita a Bondi surfer, a finance executive, the person she was building a life with was actually Hamish McLaren, Australia's most infamous conman, a man who had been running long game cons for thirty years across multiple countries, stealing somewhere between eighty and a hundred million dollars from victims around the world. Tracy was his last victim before his arrest. He had stolen her entire life savings of $317,000 and far more than that. This is a story about what happens when the scam isn't a phishing email. It's a relationship. And it will change the way you think about trust, manipulation, and what any of us are actually capable of missing. Show Notes: [1:03] With 25 years as a senior marketing executive behind her, Tracy shares how a year after separating from her husband she began online dating, where she met a man calling himself Max Tevita.[3:25] Presenting himself as a Bondi surfer and chief investment officer, Max spent 18 months slowly and methodically guiding Tracy to invest her entire life savings with him.[5:55] A crime stoppers video changed everything. The man Tracy knew as her boyfriend was actually Hamish McLaren, a professional conman who had been defrauding victims globally for 30 years and stealing an estimated $80 to $100 million.[7:36] A masterful shapeshifter, McLaren adjusted his persona in real time based on Tracy's reactions, including quietly getting rid of his five cars after she called him out on it.[9:54] Tracy breaks down the psychological mechanics of the con, including similarity bias, mirroring, and how McLaren constructed a character she was essentially telling him she wanted.[11:05] Through elaborate "movie sets and scenes," McLaren built layers of authority and confirmation bias over 18 months, making investing her life savings with him feel completely logical.[14:21] Some moments only made sense in hindsight, including a childhood friend accidentally calling McLaren by his nickname "Ham Bone" and his instant, convincing cover story on the spot.[18:22] Humans default to truth, and Tracy explains how that biological wiring makes us uniquely vulnerable to manipulation, especially around emotionally charged stories.[19:29] Every victim got their own version of McLaren barrister, triathlete, business strategist as Tracy describes meeting others who had each been conned by an entirely different character.[22:53] Learning to trust other people wasn't the hard part. Tracy reflects on why rebuilding faith in her own judgment was far more difficult, and how shame dominated the aftermath.[25:21] Through professional help and a conscious daily decision not to let McLaren turn her into a cynical person, Tracy describes how she slowly rebuilt both her finances and her sense of self.[27:05] Understanding the psychology behind scams, cognitive biases, invisible contracts of trust, emotional exploitation is the best defense we have, and Tracy breaks down exactly how it works.[31:33] The medium may be different, but the tactics aren't — Tracy draws striking parallels between her in-person experience and digital romance baiting scams, showing how the emotional manipulation is nearly identical.[34:00] There is no demographic, age group, or intelligence level that is immune. Tracy makes the case that scammers hunt for vulnerability, and at the right moment, we are all soft targets.[36:12] By subtly discouraging Tracy from socializing with friends, McLaren was limiting outside scrutiny and Tracy explains why getting a new partner in front of your personal network as quickly as possible is one of the most important protective steps you can take.[40:24] No digital footprint is a major red flag. Tracy outlines key warning signs to watch for and recommends reverse image searches as a basic but powerful verification step when meeting someone new.[42:08] Every single time Tracy speaks publicly, someone approaches her afterwards with a story they have never told anyone a reminder that silence is exactly what these criminals depend on ...
    Show more Show less
    46 mins
  • Identity without Passwords

    Identity without Passwords
    Mar 25 2026
    Every day, employees at hotels, restaurants, and resorts across the country are doing exactly what they were hired to do: being warm, responsive, and eager to help. It's what makes hospitality work. It's also what makes hospitality one of the most targeted industries in cybersecurity. When your entire workforce is trained to say yes, teaching them to be suspicious is an uphill battle. The smarter solution might be to take the target off their backs entirely. Jasson Casey is the co-founder and CEO of Beyond Identity, a company built around one idea: making identity-based attacks impossible. With over 20 years of experience designing large-scale security infrastructure for global enterprises and carriers, Jasson has spent his career thinking about what happens when stolen credentials open doors they never should have. Beyond Identity's answer isn't better passwords or more authentication hoops, it's eliminating the credential that can be stolen in the first place. Josh Johansen is the Director of IT Systems and Technology at Brandt Hospitality Group, an owner, operator, and developer of hotels under brands including Marriott, Hilton, Hyatt, and IHG. Josh came up through hotel operations, not a computer science program, and that background shapes how he thinks about security practically, from the floor up. He knows his workforce isn't looking to become cybersecurity experts. His job is to build systems that protect them anyway. We talk about why the hospitality industry is such a rich target for phishing attacks, and what happened when one of Josh's general managers nearly paid a fraudulent invoice because she couldn't log in without a password she no longer had. Jasson breaks down how device-bound passkeys work, why most consumer passkeys aren't nearly as secure as people think, and what separates a real security system from one that just looks like one. Josh shares the lessons learned from rolling out this technology across a multi-brand hotel portfolio including what he'd do differently and what it means for an industry still wrestling with shared logins, high turnover, and workers using four different brand systems before lunch. Show Notes: [3:05] A cyber insurance mandate pushes Brandt Hospitality Group to find an MFA solution, and complaints about authentication fatigue make the obvious options the Brandt partners are already using feel like the wrong fit.[4:03] After months of evaluating vendors and completing a full proof of concept, the leading candidate drops smaller accounts without warning, sending Josh back to square one and into a same-day demo with Beyond Identity.[5:09] Beyond Identity moves fast, puts together a rapid proof of concept, and earns the business. Josh describes meeting Jasson in person for the first time at BeyondCon shortly after signing on.[5:45] Hospitality is uniquely vulnerable to phishing attacks, and the industry's culture of helpfulness connects directly to the behaviors bad actors are counting on.[6:49] A general manager calls convinced she needs her password to pay an overdue vendor invoice. When she can't get a login prompt, the situation is recognized immediately as a phishing attempt she nearly fell for.[7:33] Reflecting on that moment, someone sharp and experienced nearly became a victim, and removing the password from the equation entirely turns out to be the real breakthrough.[9:05] The conversation turns to the limitations of cyber awareness training, and why even well-intentioned employees with heavy workloads cannot be expected to function as a reliable last line of defense.[11:13] Jasson describes how Beyond Identity works, using the analogy of a monkey in a jail cell to explain how a signing key stored in a secure hardware enclave can authenticate a user without ever leaving the device.[12:06] The concept of stealable credentials expands beyond passwords to include API tokens, session cookies, SSH keys, and anything else that can be copied and lifted from a system.[17:33] The discussion shifts to agentic identity and AI-driven workflows, with customers on opposite ends of the spectrum — some where agents make up the majority of their workforce, others who paused rollouts after discovering how easily prompt injections could expose sensitive data.[19:17] The biggest mistake organizations make going into a passkey rollout is diving in without a clear understanding of how their identity environment is actually configured and what that means when things don't behave as expected.[20:35] A lesson from their own deployment — initially limiting passkeys to senior staff and leaving line-level employees on passwords — makes clear that partial coverage leaves meaningful gaps.[22:58] Most organizations under active phishing load will experience an incident during a mid-deployment window, and that moment often becomes the event that accelerates full adoption.[24:33] The shared workstation challenge in hospitality comes into focus, along with how the device-bound ...
    Show more Show less
    39 mins
  • When Cybercrime Gets Personal

    When Cybercrime Gets Personal
    Mar 18 2026
    Most security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage. My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and eBay, and she brings a distinctly mission-driven lens to the work, shaped equally by a career in business and a background as a Krav Maga instructor. Unit 221B operates less like a typical security vendor and more like a specialized investigative unit, with a team that includes tenured ransomware experts, incident responders, and former law enforcement, all focused on one outcome: criminal arrest. May has seen firsthand how ransomware gangs operate with their own codes of conduct, how a younger generation of cybercriminals is throwing those rules out entirely, and why paying a ransom is increasingly a bet that doesn't pay off. We talk about why social engineering has overtaken technical hacking as the dominant attack vector, what organizations and individuals should never do in the aftermath of a breach, and how crimes against children online often go unreported for the worst possible reasons. May also shares a story from her own experience being scammed on eBay, and what she did about it, which tells you everything you need to know about how she approaches this work. Show Notes: [1:28] May shares her background and how she came to lead Unit 221B, a threat disruption company serving enterprises, law enforcement, and government.[1:41] May traces her path into cybersecurity, explaining how a lifelong sense of justice and a friendship built through Krav Maga training led her to a team of investigators doing real criminal work.[5:55] May recounts being scammed while selling luxury shoes on eBay, describing how a fraudulent PayPal email convinced her the sale had failed after she had already shipped the item.[8:22] Rather than accepting the loss, May engaged the scammer directly, intercepted her own shipment through FedEx, and used a photoshopped payment screenshot to flip the situation on him.[11:36] The story ends with May recovering her shoes, followed by a candid note that this approach carries real risk and is not something she would recommend to others.[12:57] May outlines Unit 221B's core work, including criminal investigations, threat intelligence, pen testing, and incident response, all oriented toward federal prosecution and criminal arrest.[16:52] The evolving threat landscape, contrasting professional ransomware organizations that tend to honor agreements with a younger generation of cybercriminals who operate without limits.[18:44] May describes this younger criminal group in detail, noting members are predominantly 14 to 26 years old, English-speaking, and motivated as much by social status as financial gain.[21:49] May explains why wiping systems and restoring backups after a breach is one of the most damaging mistakes an organization can make, eliminating evidence and removing any path to prosecution.[23:04] She walks through Unit 221B's incident response process, covering digital forensics, insider threat identification, and determining who is behind an attack before advising on next steps.[26:32] May addresses the ransom payment question directly, recommending against paying as a default while acknowledging that knowing your adversary is essential to making the right call.[28:04] The discussion covers the legal and PR dimensions of a breach, including notification obligations and why some organizations choose to go public about what happened.[31:08] May pushes back on the perception that law enforcement doesn't help, explaining that federal agencies are understaffed and must prioritize cases, but are genuinely committed to the work.[34:08] The issue of victims deleting evidence before reporting, and how frequently this forecloses any possibility of investigation or prosecution.[34:55] The conversation turns to crimes targeting children, including sextortion, and why open dialogue between parents and kids is critical to getting victims to come forward before lasting harm is done.[37:18] May reflects on a keynote she gave at Harvard's Bold Conference for young women, describing the tension between advice to build an online presence and the real safety risks that come with it.[38:51] May shares practical security guidance for young people online, including being mindful of what appears in video backgrounds, using strong passwords, and enabling two-factor authentication.[40:35] May identifies AI-assisted attacks and social engineering as the two most significant forces reshaping the threat landscape, with...
    Show more Show less
    46 mins
No reviews yet