Tony Roth, Chief Investment Officer
Eric O'Neill, Cybersecurity Expert, Former FBI Counterintelligence Operative
Tony Roth: Welcome back to Wilmington Trust Capital Consideration. I'm your host, Tony Roth. I'm honored to be joined today by Eric O'Neill, a former FBI Counterintelligence operative who played a pivotal role in capturing one of America's most notorious spies, Robert Hansen. Thanks for joining.
I want to remind everyone, that any reference to specific securities or company names are merely for explaining the market view, and should not be construed as investment advice or investment recommendations.
Eric O'Neill: It's great to be here and talk about spies, lies in cyber crime and, and all those things that we need to protect ourselves about.
Tony Roth: That's right. So let me give a, let me give you a proper introduction Eric. Uh, you're a leading cybersecurity expert, attorney and founder of the Georgetown Group, which is the firm dedicated to protecting clients from cyber threats and beyond your operational expertise, you're also a seasoned media commentator.
I know you're going to be on CNN in a few minutes after we have our conversation today. You know your expertise, Eric, is so important and it's especially relevant because we're in a rapidly evolving technology landscape. We have not only AI, which for some of us is new, for others, it's been around for a while, but we also have other types of technology that are adjacent, like quantum computing, all kinds of deep fake tools, and these things are advancing rapidly and transforming the landscape that we contend with every day to protect ourselves and protect our privacy, protect our information, protect our assets, financial assets.
So digital security is, is just vital. And you have a unique perspective that I think is formed by a number of things that come together, not just your experience in cybersecurity, but also that counterintelligence background I think is fascinating. We're really excited to have you here today to offer a lot of valuable insights, and ultimately we can then take those insights and figure out, you know, whether we're managing portfolios in a way that's sensitive to these kinds of issues, um, whatever that may mean, and we'll talk a bit about that as well.
Eric O'Neill: Definitely. It, it's you, you hit the nail on the head. I always say that what I bring to cybersecurity is counterintelligence, and that cybersecurity really is counterintelligence against cyber crime and spies.
Tony Roth: Well, it's funny, I was driving outta my driveway this morning and I looked up and I saw these big, huge trees and it made me think of the similarity.
And there's a, there's one important dissimilarity, but the similarity between being a homeowner and having tree work done and cybersecurity. And the similarity is that you could spend thousands of dollars taking down a single tree. And if you have a lot of trees around your house, there could be a lot of trees that need to come down and it cost a lot of money.
And what does it do for the value of your home? It does absolutely zero. There's nobody that ever increased the value of their home by taking down a bunch of trees. It's just something out there that you don't think about too much, and you just have to invest in in order to protect yourself so the tree doesn't fall down and hit the house.
And cybersecurity is the same way. You have to invest in it. It costs money. It doesn't really get you anything, but it prevents bad things from happening, like the tree falling on your house. The dissimilarity though, is that whereas you can see the trees, they’re pretty obvious that they need to come down at some point, you can't see those cyber threats. So I don't know if that resonates that, that metaphor, but, um, I thought about it this morning.
Eric O'Neill: It does, you know, it is. And I start the book with a story about being a freshman in high school, right. Maybe 15 years old. And house burning down. I get pulled out of school.
I get driven home by a parent of my best friend. And my house is a smoking wreck. Well, it's an old Victorian home and once upon a time they used to build one big fire in the basement and then it would go up these ducts into each of the bedrooms and just heat this iron plate in the back of the fireplace.
That's how you heat the house. And then as technology advanced, they put radiators in, didn't need those. So they got rid of all the fireplaces in the rooms and the thing in the basement, put in closets 'cause you have to have a closet in every room to sell a house today. And forgot to remove that one duct that just went from the basement to my room. The fire started in the basement.
And, uh, according to the fireman, the fireball shot up so fast and in moments incinerated everything I own. So I don't own anything since before I was 15 years old in this fire. That's what it feels like to be in the center of a cyber attack. And you do all the things, the same thing, like you don't see the fire coming, you don't see the value from taking down the trees.
You know, you, but you don't see the fire coming. But you still have to put the smoke detectors up and you still have to have, you know, early alert and you have to have the fire insurance, um, and all those things.
Tony Roth: Let's talk about, we've got privacy, we've got confidential information. We've got ownership of assets like, like assets, which are basically all digitized today are stocks and bonds and accounts, et cetera.
Eric O'Neill: Right.
Tony Roth: Where do you see the biggest risks today? Give us the state of play, if you will. The baseline of the landscape, and then we'll go from there.
Eric O'Neill: Certainly if you're a financial institution, one of your biggest risks is a ransomware attack. Financial institutions are at the top tier for cyber criminals who are trying to lock them with ransomware, and for anyone who's heard of ransomware but doesn't know exactly what it is, that means that they get into your computer environment, into your network, and they're able to use malicious code, otherwise known as malware, to encrypt all of your data or as much of it as they possibly can. They'll even try to get your backups, encrypt that, so that without the key to that encryption, you can't see your data.
They will also steal your data. So they will take customer information, client information, your information, whatever they can find the email box for the CEO, and we'll ransom that back to you. So if you say, oh, we've got a great backup. We don't care that you locked us with ransomware. We're going to go through the pain to restore from backup, which you have to do anyway, they will say, that's fine. This is called a double extortion attack, but we've also stolen all your data, and if you don't pay us, we're going to publish it all over for the world to see.
All of your customer data is going to be out there, we're going to use it against you. We're going to start launching identity fraud attacks against the people that trusted you with their information. So that's a critical, um, problem that every financial institution is, is looking to solve right now.
Tony Roth: When we say they're looking to solve it, are they looking to solve it or they're looking to stay ahead of it or contain it? Because I don't sense that there's a possibility at all that we'll ever wake up and say, well, we've solved the cybersecurity problem. It seems to me that it's a constant burn. It's a constant battle. You can only be ahead of it for a period of time. Hopefully it's a long period of time, but you can't actually solve it because the threats are always evolving and changing and getting more sophisticated, and you just have to keep up with it.
Eric O'Neill: It's a, it's a good nuance. What you're trying to do is put yourself in the best situation to succeed if you are attacked. That's really what you can do. The fact of the matter is that at some point, every organization will be attacked. There is, there are $14 trillion worth of cyber crime flowing through the dark web right now.
That is a lot of people out there that are launching attacks and they don't really care who you are or what you do. Only if you're vulnerable.If they see you're vulnerable, they will launch the attack. So what you can do is plan ahead of the attack so that you're resilient. When the attack lands, you're resilient.
You have the technology to see the attacker fast enough to limit the damage, kick the attacker out, know exactly when they got in, so you have that point to restore from and come out without the entire house burning down around you.
Tony Roth: When I listened to the news every day, there were times in the last x number of years where I recall in the news cycle, a repetition of different cyber attacks that might have occurred, whether I remember Microsoft was a big victim at one point. I remember the government, I remember, um, some other institutions. When I think about the new cycle this year, have I just been jaded or are these attacks less successful in this country or are companies publicizing them less?
Or am I obtuse to it again? Why am I not sensing quite as many big stories around this in the last three to six months?
Eric O'Neill: The news cycle tends to hijack the very important cybersecurity attack. So when an airline goes down, when for example, uh, you know, people might have missed that Jaguar Land Rover was down for weeks.
To the tunes of millions and millions of dollars where they couldn't use any of their assembly lines. They put, they build what, like a thousand cars a day and they were building zero for somewhere around three weeks before they were able to restart manufacturing. And that was because of the cyber crime group who launched a ransomware attack against them.
Tony Roth: And did they pay the ransomware or did they figure out how
Eric O'Neill: At the, they didn't pay the ransom and the, you know. So information is, is coming out is very sketchy. They haven't put out a full exactly what happened and why, but it looks like a cyber crime attack or ransomware attack. It looks like they didn't pay the ransom and they did the work to restore themselves because if you pay a ransom you might get your data back quickly. You might get to restart quickly, but you still have to put in all the work and pain to ensure that the attacker isn't still in your computer systems, in your environment, because you'll just be a repeat customer until you, not only kick them out, but build the cybersecurity that prevents them from launching that scale of an attack in the future.
Tony Roth: Is the goal to minimize exposure and downtime and, and cost, et cetera. Is there also a goal from the perspective of government to actually catch people and put 'em in jail, or does that never happen? All these things are emanating from far corners of the world. The bad guys, you know, Russia, China, Iran, North Korea, wherever. You don't ever catch these people. You just hold them off as long as you can.
Eric O'Neill: Occasionally the government gets a win, the cyber attackers identified, and they're in a country where there's extradition. There is a group called Scattered Spider who helps cyber crime groups. And the reason they do is 'cause they're brilliant at what's called social engineering. If you get on a phone call with one of them, they can talk you into anything.
They'll talk companies into giving them access, you know, resetting, username, passcode, and two factor authentication for a systems administrator. That's what happened to MGM, if you remember, they were attacked in Vegas, they shut down half of Vegas for uh, a number of weeks.
Some of them were in the UK and the U.S. you know, bad news for them because if you identify them, they get arrested and turned out they were like 17-year-old kids. But most of these cyber criminals are working with intelligence agencies and they're sitting in countries that have no extradition. And when we go to a China or Russia and say, these bad guys did this, they look at us and say, no, you know, don't be hysterical. You know, you're making this kind of stuff up and they don't help.
Tony Roth: And it's not really the point of this conversation, but I'm going to ask a question to call this a bit of a digression. Are we in any way as a country or the Western space, are we offensive at all? Is that important to keep defensive in some regard? Or, you know, do we try
Eric O'Neill: I hear you.
Tony Roth: Create cyber problems for China, Russia and Iran. Iranian companies or, or they don’t, they can live scot free. They don't have any cyber criminals. All the bad actors are over there.
Eric O'Neill: Yeah. I've been doing a lot of thinking about this. It's a really great question. You know, we don't do the same things that other countries do in, like, for example, China and Russia will allow their cyber criminals to attack the West, as long as they just attack the west, you can't attack at home.
In fact, when you look at a lot, a lot of the code that comes from Russian cyber attackers, you know, at the very beginning it'll say, look for a Cyrillic keyboard and if you see one, don't attack. Right? 'cause they know that if they attack close to home, then they'll be, could get in trouble.
We don't attack, we don't have our criminals attacking their people. You know, our spies attack them and their spies attacked us. That's the great game. We expect that to happen. At the end of the day, I think if we wanna make ourselves safe from critical infrastructure cyber attacks, which is another category of what keeps me up at night in the world of cyber crime and espionage, then we have to have the ability to strike back just as hard as they strike us.
In other words, our cyber command, our NSA, our different espionage agencies have to be able to hit a foreign country who hits us in our critical infrastructure lights, power, water.
Tony Roth: Are our spies today trying to do that. Don't we have spies. I mean, I would think with current administration, they're very aggressive.
They don't really care about international norms as much as some of the past folks and in many cases, to the advantage of the country. I mean, I would think that we, we, you know, we're well positioned to be smart about this today.
Eric O'Neill: I'd like to see a demonstration. Now, the last time you, we really saw this happen was, uh, an attack that was years ago called Stuxnet. Look, no one will admit it, but it was a joint effort between the US and Israel. At least that's what most experts believe, to spin the centrifuges in Iran just a little bit faster than they're supposed to, a tiny, tiny fraction of a degree so much that the sensors didn't even see it. And that caused these very meticulous machines to all break and it put that nuclear program back like a decade. I would've loved to see us do it again and instead, you know, we bombed the heck out of 'em. That was a great chance to show how, how strong we are with a, with an offensive cyber attack.
Tony Roth: With the advent of AI and quantum computing, is there any difference in the balance of risk in your mind?
Do you think that the ultimate balance is going to tip more towards your clients? Private companies in the west, et cetera, or or western governments, or is it going to tip more towards the bad guys?
Eric O'Neill: Depends on who reaches quantum supremacy first. So quantum creates a severe problem for cybersecurity.
First of all, a quantum computer is going to be able to break our current levels of encryption. The current encryption we rely on to protect everything. So if we don't have a new quantum encryption online, as soon as a quantum computer is reduced to scale, and so they can move at a speed that can break encryption, you know, right now you're not going to be able to protect your systems with our typical like RSA type encryption.
The other problem, of course, is there have been for years harvest now decrypt later attacks. And what that is, is espionage groups will steal information from companies that they're able to burrow into. Uh, the cyber criminals are able to steal data and then encrypt with ransomware. They keep that data and they'll, they'll put it on the dark web, they'll hand it to their friends at the intelligence agencies, they can't see it 'cause it's encrypted.
They don't know what's in the data. But when a quantum computer comes online at scale, it will be able to just crush that encryption. All that data that they've grabbed from all these companies and people for all these years will then be open and into the clear, and that could be very dangerous.
Tony Roth: Is it a binary, is quantum computing either you reach the level or you don’t? Or is it a gradual ramp up, and what's your assessment of how, how far away from a time standpoint are we, are they, et cetera?
Eric O'Neill: Experts all disagree on how fast it's going to take to reach that quantum supremacy or people like say, I don't like supremacy. I don't like that word. But basically that's what it is because you will be able to be the top dog in all espionage if you can reach this thing faster.
Right now, Russia and China are working together and basically the whole west is working together, uh, with IBM, Google and some other companies leading the charge to see who gets there first. I think it's going to take another few years. But AI and the incredible speed that AI is progressing has certainly helped with this because it can do a lot of the math very quickly. And just wait until we have quantum computers that now run AI that's going real interesting as well.
Tony Roth: And once the quantum computing is available, is there a distribution hub so that quantum computing is now available, let's just say, and all of the various, you know, hundreds and thousands of American companies and western companies, they, they all plug into that hub and they get it. Or is it going to be a slow dissemination of technology that each company has to have their own quantum computer?
Eric O’Neill: It's going to be absolute chaos until encryption standards wholesale are changed. Now, just because China has a quantum computer, Russia has a quantum computer, doesn’t mean like there's, they're going to be quantum computers all over the place. These are expensive to build. They're, uh, they require a lot of science. But once they're reduced to scale, we're going to have to worry about espionage first.
And I think, I hope that by the time the cyber criminals get their hands on one, we can get ahead of the encryption because that will be the stage. And right now companies are working hard on building a new encryption scheme that will defy the ability of quantum computers to break our current encryption.
Tony Roth: But don't they need quantum computing in order to build that new
Eric O'Neill: Yeah. Well, everything is in theory right now, the, the computers and the, and the encryption, but they're, they're working both problems.
Tony Roth: And who are the leaders? I mean, is it Microsoft and you know Stanford University, or is it, is it some obscure name? I mean, where is the leadership coming from?
Eric O'Neill: Right, so it's, so there, the European Union is working on it with the United States. The UK is involved as well. Google and IBM have invested tons of money. Here in the west, there were challenges where the top minds were asked. Actually all over the world were asked to start solving problems in, in quantum encryption and developing quantum computer technologies.
I think the three winners were immediately hired by IBM, so that's good. In my book, I do note that Russia and China have created a, the ability to encrypt with quantum encryption communications between a point in Russia and a point in China that we can't crack, we can't touch. So, you know, they're moving the needle too.
It's certainly a problem and you know, it has a problem for how we protect everything that's digital, which includes all our money. I do know people who are worried enough about this, that they just have a bunch of gold in their basement and, and went back to cash. Just thinking that, you know, they want something that they can rely on when, you know, currency could be meaningless until we get around around this problem, if it's all digital,
Tony Roth: What are the practical implications for the folks listening to this podcast who are well-heeled for the most part, you know, families in the United States that are well-educated and consider themselves informed or they wouldn’t be listening to us and that are proactive and are willing to, to follow your advice, Eric. Is there a way to protect themselves right now against the current set of threats and what should they be doing?
Eric O’Neill: Right. So I would worry more about the current set of threats than this future of quantum problems that, you know, may or may not come to pass in the next few years because there isn't much you can do and it's not worth worrying over something that right now is in theory.
But there is plenty to worry about that people can take concrete steps to protect themselves. And for your listeners, that's financial and investment fraud. There is a great deal of that. For organizations. We talked about the threat of ransomware or data theft and extortion, but for individuals, those same problems exist and there are social engineering, impersonation and confidence scheme attacks that are targeting high net worth individuals in particular in order to, to steal their money, to get them to invest in fraudulent scams and and to completely fool them. And sometimes it uses AI in order to get you to do something you know you shouldn't.
Tony Roth: In our pre-conversation, you and I talked about the idea of dual authentication.
Eric O'Neill: Yes.
Tony Roth: Right.
Eric O'Neill: Oh, certainly.
Tony Roth: Explain what that is so we all know exactly what it's doing for us.
Eric O'Neill: I'll give you like a quick five things that everyone that can do to help protect yourself from like 90% of the cyber attacks.
The first thing is use multifactor authentication everywhere. You know, I say this all the time and it's one of the primary concepts in cybersecurity, but the fact of the matter is most people don't use it. This is at a, the most basic level, something more than a password. If we just rely on a password, we're dead in the water, it's over.
Passwords are an Achilles heel for cybersecurity. AI is getting good enough that it's starting to crunch passwords. You, you can guess passwords if you know enough about the person through their social media. Don't ever rely on a password. Always rely on something in addition to that password.
Tony Roth: Let's say that the companies that are trying to protect their clients and, and therefore their businesses simply, and I'm obviously an extreme lay person here, but we all know we've all been locked out if we try to log in too many times and we can't get in, so, and we have to call someone up and reset our password, if the concern is that there's going to be a computer that is going to learn enough about me to go on and try all the passwords that I might guess, but they're going to be locked out after five failed attempts and they're not going to get it in the first five. They're not going to get mine in the first five. I can guarantee you that. So,
Eric O'Neill: Right.
Tony Roth: Why isn't that sufficient in and of itself to protect myself?
Eric O'Neill: Beause you might, you might lose your password. Someone might get your email account and it's in there because you emailed it.
Or most people actually use the same password everywhere. They come up with this great password and they use it everywhere. You used it, the ice cream shop for your rewards program or your coffee place.
Tony Roth: Right.
Eric O'Neill: And they got breached and now your password's out there and someone sees your, your I email address and just tries it in your bank account, right? So the best thing is don't rely on just the password. Have two-factor authentication. Every single organization should turn this on. If you’re a financial organization not using it, then, uh, legal jeopardy.
Tony Roth: We have, but we have it here at Wilmington Trust. Now let me ask you this, I’ll get to two factor authentication in, in a moment, but when I go on and I create an account any place, including at any financial institution, my computer says, do you want me to recommend a password. And if I say yes, it gives me some long chain of random characters. And I've taken to always saying yes now for anything. And certainly all of my financial institutions, the reason I say you can't get it in the first five is because I don't even know what it is. Some password, that Apple suggested. Right. Is there any A, is there any reason for folks not to do that? And B, if you do that, does it give me a first order protection because I'm not using that password anywhere else, like for my ice cream.
Eric O'Neill: It certainly does and that, and that sits encrypted and the only way to decrypt that password each time it wants to add the password is using what's called a passkey. And so, uh, if you're, for example, on your Mac, it'll say it has to enter the password and you use your one master password for your computer.
Tony Roth: Right.
Eric O'Neill: And then it accesses that password. So to get that, they would have to have access to your computer and your passkey, and the ability to have that influence. So that's very strong. That's a passkey system, and that is very much like two factor authentication. Use an authenticator app. A great way to do multifactor is to have an extra app on your phone.
It's, once again, it's encrypted. It cycles a number every 20 seconds, you type that number in and you're good to go. I don't see why we still use passwords. Why not just use that? Our phones are always on us, so you know, you can always look in and that's far more secure than just typing in this password you memorized alone.
Tony Roth: Okay, so let's, so let's go to multi-factor authentication now. Let’s assume that we haven't done an Apple suggested password, which is a great start, or maybe we've done that, but we still want another layer of protection. I do multi-factor authentication in most places. Although, I’m going to tell you a story about that in a moment. But for me, what that means is that I go on and it says, okay, you've put in the right password.
That's not good enough. I'm going to send a text to your phone, and either you're going to copy that code into the site you're trying to get into, or you're going to use an authenticator app, or whatever it may be. Let's assume I never lose my phone and or I don't have a criminal with a gun to my head. That gives me a pretty good level of protection right there as well, right?
Eric O'Neill: Absolutely. And that's what I'm talking about is that's, that's something other than your password, that extra step, because if someone is able to steal or guess your password, they can't get in if they don't have that extra access to that code that comes to your phone unless they’ve cloned your phone. Right? But then that's someone who's really dedicated to getting you. An Authenticator app is even better because they would have to have access to the phone and the Authenticator app and be able to get into it. Usually now you get into the Authenticator app with biometrics, the phone looks at you and it unlocks.
Tony Roth: Sure.
Eric O'Neill: So those are great ways protect yourself.
Tony Roth: After we had our pre-call, I said, oh my God, I'm going to be smart. I'm going to protect myself even better than I am already. I called up the person who is my relationship manager and I said, hey, can you help me figure out how to turn on multi-factor authentication?
So he said, no, but I'll find out. And they got back to me and they told me, well, if you want multi-factor, you use to download an app called Authenticator. I said, terrific. So now I got the app and I went to log in. And it said, well, we're going to charge you, you know, monthly $6 to use this app. Or you can sign up for the year for $50 or for life for a hundred. So it's not a big expense.
Eric O'Neill: Well, I know, but that's ridiculous because most authenticators are free. Yeah. That's just, that's just a bad implementation of multi-factor authentication. You wanna encourage it, not charge someone for it.
Tony Roth: Right. So I was shocked that this huge, huge company
Eric O'Neill: Right, they, they don't have a investment in cybersecurity that you would wanna see.
Tony Roth: Right. Okay. Well, I'm going to call them back and I'm going to make them listen to this conversation.
Eric O'Neill: Yeah. When we do advisory for companies in cyber, we start by looking at, do you have this turned on everywhere? Because the number one way to get into a company is to steal an account for someone who has access to the things that you wanna steal.
That's why systems administrators, the people in it who can create accounts and elevate privileges and give people access to different servers, those are the ones that are the number one point of attack. I mean, if you don't have two factor authentication turned on, you're dead in the water there.
Tony Roth: Is there anything that we haven't talked about that you think is particularly interesting and when you think about answering that question, one of the things that I promised that we would touch on if you felt that cybersecurity is going to be even a bigger deal going forward, how does somebody take advantage of the growth?
Of the importance of cybersecurity, of the ecosystem, where should we invest in order to advantage of, you know, the, the growth of this need?
Eric O'Neill: There are plenty of companies that are, are looking to be incredibly innovative.
Uh, right now getting ahead of a quantum threat is somewhere you might look. Companies that are working on AI deepfake detector technology. I think with the rise in deep fakes, with with the ease and accessibility at building a video that is hyper realistic and fools people into thinking it's true. I believe that within a year we are going to all be running some apps, some layer of technology on our computers, on our phones, every way that we communicate that will say 60% deepfake, 90% possible deepfake, right? Because, when someone is trying to fool us, we can see whether it's true or not.
What if your face, what if you're the CFO for a company and you reach out to, uh, someone in finance and say, you know, we immediately need to start funding this partner that we're working with
Tony Roth: Right.
Eric O'Neill: And you're doing it on a Zoom call.
Tony Roth: Right.
Eric O'Neill: And, uh, and that, what's that financial, that low level finance person who has access to bank accounts and wires is, is looking at you directly and you're on the call and say, okay, send the wire. I'll wait. There goes a million dollars from your company. Because he just wired it to a cyber criminal who deepfaked you and logged into a Zoom call.
And this happened. Um, I tell the story in a book too. Uh, one of the largest architecture firms in the world. There was this scam by the cyber crime group who deep faked five different people just to fool This one guy in a Zoom call and got him to wire, um, 15 separate wires to fire different bank accounts.
Tony Roth: The moral of the story is, and it's interesting, but I'm an organization and I wanna make sure that my clients are protected. If somebody wants to have a wire done, and I'm going to do a verbal confirm, I should only do a verbal confirm when I hit, when I make an outgoing call to a known number.
Eric O'Neill: Exactly.
Tony Roth: Right. Okay. Those kinds of protections that we need to look for as consumers to ensure that, that the financial service providers are taking our interest seriously and investing in our protection.
Eric O'Neill: Yeah. With my, uh, with my financial service provider, he and I have a code word, a phrase that I use, and I say, if you don't hear me, say this phrase, don’t do it.
He's read my book and now he said he's going to do it with his other clients. Tony, you gotta do this now with your family. I have one with my family because there, there's a cyber crime attack right now that is spreading like wildfire across the country where you get a call from your daughter and it goes like this.
Tony Roth: She's kidnapped
Eric O'Neill: Or, or this is the new one they're using. I got in, Dad, I got in a car wreck. I think I hit a pregnant woman. It's really bad. The police showed up. I'm in jail or something. I don't know what to do. Can you talk to this guy? They, they, they gave me him and, and I think he's my public defender.
Then the next voice comes on. It's this gruff voice. I'm the public defender. Your daughter was in a serious accident. Um, she's of fault. I'm going to defend her. I need money, uh, to pay bail. Or she's going to be in here for the next week and you have to send it now. This is the only phone call she gets.
Tony Roth: Well, I like to see them do that with regard to me.
My wife would say, you can have them. Take him, you know, hey, can you make it a, a month instead of a week? Right, right. That would be really a nice vacation. Well, we, we'd love to have you back because this is obviously a, a, an evolving area.
I asked you if there's anything else you wanted to mention and I didn't let you answer the question.
Eric O'Neill: Oh, no, that's certainly fine. I think the number one thing, the number one bit of advice, I, you know, after the technology get two factor authentication, the number one bit of advice I can give anyone is to take a breath. Cybercriminals are attacking you and me. They're not attacking your computer through a computer.
The mo, most of these attacks are directly, person to person. And what they're doing is trying to de fool, fool and deceive you into doing something you shouldn't do. So when you're placed in that pressure situation, when it's the call from your daughter saying, I've been in a wreck, or this brilliant investment scheme that you're going to lose out on if you don't take advantage of it, or this thing that you can buy as you're scrolling through, uh, social media, that if you, if you click off of this, it's going to be gone.
Right? Take a moment and take a breath and look for the scam. Assume it's there, and see if you can find a way to trust rather than believing in trusting by default. Because if you can do that, if you can train yourself to not give in right away to the pressure. Sometimes even hanging up the phone right and calling back, then, uh, then you can save yourself from some of these, um, very damaging and personally disruptive attacks.
Tony Roth: The way that I would say that for our clients, in my own terminology, and I say this to my wife all the time, because if my phone rings, and unless it's a known person, I don't ever pick up a phone call and I say to them, if it's something real, they'll figure out how to get to me. They'll find another way.
Eric O'Neill: That's a good piece of advice and hey, end up with this. There's weird little texts we get that just say, Hey, or how are you? Or how are you doing? Or, I missed you at the barbecue
Tony Roth: Of course.
Eric O'Neill: Those are, you know, those are cyber criminals who are trying to find a person that they can spend a lot of time talking to until they become your new best friend or your, your new romance partner, uh, just so they can steal from you.
Tony Roth: I've had a number of situations where my wife said to me, oh, can you pick this up on the way home? And I forgot. And I got home and she said to me, well, you know, where's the milk? And I said, honey. I didn't think that was you. I assumed that I was being, you know, so it could be, you have to be creative with this Eric, but you can use this to your advantage in a lot of personal situations.
Eric O'Neill: That's a good one. Yeah. My rule with my wife is if, if it's more than two things, we need to write it down.
Tony Roth: Right. Okay.
Eric O'Neill: I forget one of the three.
Tony Roth: Right. All right. Well, listen, this has been
a really fun conversation. Thank you for joining us and for our audience, please go to Wilmingtontrust.com for a full roundup of our past episodes and all of our thought leadership in the investment and planning arena.
Thank you so much for listening.
DISCLAIMER
This podcast is for educational purposes only and is not intended as an offer or solicitation for the sale of any financial product. Or service or recommendation or determination that any investment strategy is suitable for a specific investor. Investors should seek financial advice regarding the suitability of any investment strategy based on the investor's objectives, financial situation, and particular needs.
The information on Wilmington Trust's capital considerations with Tony Roth has been obtained from sources believed to be reliable, but its accuracy and completeness are not guaranteed. The opinions, estimates, and projections constitute the judgment of Wilmington Trust as of the date of this podcast and are subject to change without notice. The opinions of any guests on the Capital Considerations podcast who are not employed by Wilmington Trust or M& T Bank are their own and do not necessarily represent those of M& T Bank Corporate or any of its affiliates. Wilmington Trust is not authorized to and does not provide legal or tax advice.
Our advice and recommendations provided to you is illustrative only and subject to the opinions and advice of your own attorney, tax advisor, or other professional advisor.
Diversification does not ensure a profit or guarantee against a loss. There is no assurance that any investment strategy will be successful.
Past performance cannot guarantee future results. Investing involves a risk, and you may incur a profit or a loss. Any reference to company names mentioned in the podcast should not be constructed as investment advice or investment recommendations of those companies. Third party trademarks and brands are the property of their respective owners.
Third parties referenced herein are independent companies and are not affiliated with M& T Bank or Wilmington Trust. Listing them does not suggest a recommendation or endorsement by Wilmington Trust. Private market investments are only available to investors that meet the U. S. Securities and Exchange Commission's definition of qualified purchaser and accredited investor.
Facts and views presented in this report have not been reviewed by and may not reflect information known to professionals in other business areas of Wilmington Trust or M& T Bank and may provide or seek to provide financial services to entities referred to in this report. M& T Bank and Wilmington Trust have established information barriers between their various business groups.
As a result, M& T Bank and Wilmington Trust do not disclose certain client relationships or compensation received from such entities in their reports. Investment products are not insured by the FDIC or any other governmental agency, are not deposits of or other obligations of or guaranteed by Wilmington Trust, M& T Bank, or any other bank or entity, and are subject to risks including a possible loss of the principal amount invested.
Wilmington Trust is a registered service mark used in connection with various fiduciary and non fiduciary services offered by certain subsidiaries of M& T Bank Corporation, including, but not limited to, Manufacturers and Traders Trust Company, M& T Bank, Wilmington Trust Company, WTC, operating in Delaware only, Wilmington Trust N.A., WTNA, Wilmington Trust Investment Advisors, Inc., WTIA. Wilmington Funds Management Corporation, WFMC, Wilmington Trust Asset Management LLC, WTAM, and Wilmington Trust Investment Management LLC, WTIM. Such services include trustee, custodial, agency, investment management, and other services. International corporate and institutional services are offered through M& T Bank Corporation's international subsidiaries.
Loans, credit cards, retail and business deposits, and other business and personal banking services and products are offered by M& T Bank, member FDIC.
Copyright 2025 M& T Bank and its affiliates and subsidiaries. All rights reserved.
Equal Housing Lender. Bank NMLS #381076. Member FDIC.
