Want to hear the full conversation? Listen to the Journey To Legacy podcast Episode 153 with Robert Siciliano for even more insights and stories from his remarkable entrepreneurial journey.

The AAA Protocol: How to Spot an AI Voice Cloning Scam Before You Send a Cent

AI voice cloning has made phone scams nearly impossible to detect by ear alone. A scammer needs only a few seconds of audio, pulled from a voicemail, a social video, or a podcast clip, to recreate someone's voice convincingly enough to fool a parent, a spouse, or a colleague. The FTC has issued repeated consumer warnings about this exact tactic, and the FBI's Internet Crime Complaint Center now tracks AI-enabled voice fraud as a distinct, fast-growing category of reported crime.

Cybersecurity expert Robert Siciliano, CEO of Protect Now LLC, has spent over 30 years studying why people fall for scams, and what separates someone who avoids one from someone who doesn't. On a recent episode of the Journey to Legacy podcast, he broke down a simple three-step method anyone can use to verify a suspicious call, text, or email before reacting: the AAA Protocol.

What Is the AAA Protocol?

The AAA Protocol is a verification framework for spotting fraud in real time. It stands for Analyse, Authenticate, and Act.

The method exists because most scams succeed for the same reason: they trigger an emotional reaction before the brain has a chance to think it through. The AAA Protocol slows that reaction down long enough to check whether the threat is real.

1. Analyse: Look for Manufactured Urgency

The first step is recognising the pressure tactic itself. Siciliano notes that roughly 95 percent of fraud involves what he calls manufactured urgency, a deliberate push to make the target act immediately, before they've had time to verify anything.

This shows up as:

• A threat that something bad happens if you don't respond right now

• Pressure not to hang up, verify, or tell anyone else

• A request involving money, gift cards, wire transfers, or cryptocurrency

• Emotional language designed to bypass logical thinking, like a child or relative in danger

If a message or call is pushing you to skip your normal verification process, that pressure is the warning sign, not a reason to comply faster.

2. Authenticate: Recognise the Digital Mask

The second step is identifying what's actually generating the message. Siciliano describes how AI has replaced what he calls blunder force phishing, the old mass-blasted emails full of spelling errors, with high precision impersonation at scale. Criminals now use AI to clone a specific person's voice, writing style, or appearance, a technique Siciliano refers to as neural puppetry. The FTC has confirmed that a voice can be cloned from just a few seconds of audio, often pulled straight from content already posted online.

This means the caller ID, the voice, and even the email signature can all look correct while the communication itself is fabricated. Authentication means treating the medium as untrustworthy by default, regardless of how convincing it sounds or looks.

3. Act: Use Out-of-Band Verification

The final step is the one that actually stops the scam: out-of-band verification. This means contacting the person or organisation through a channel you already know is legitimate, never through the contact details provided in the suspicious message itself.

In practice, this looks like:

• Hanging up and calling the person back on a number already saved in your phone

• Navigating directly to a company's website rather than clicking a link in an email

• Verifying a request through a separate communication channel altogether, such as switching from a phone call to a text or email

Siciliano illustrated why this single step matters with a case involving a mother who received a call from what appeared to be her daughter's phone number, with her daughter's voice in the background pleading for help. Believing her daughter had been kidnapped, the mother spent five hours moving money through Western Union, MoneyGram, her bank, and a Bitcoin machine. Her daughter was at work the entire time. A single call to her daughter's number, outside the scammer's call, would have ended the scam in seconds.

Why This Works When Instinct Doesn't

Siciliano's broader point is that trust is the default human setting, not a flaw to be corrected. Humans are, in his words, an interdependent species that relies on trusting one another to function. Scammers don't fight that instinct, they exploit it, using familiarity, urgency, and emotional weight to keep a target from pausing.

The AAA Protocol doesn't ask anyone to become suspicious of everyone. It asks for one pause and one verification step before acting on a request involving money, personal information, or a loved one's safety.

Practical Takeaway

The next time a call, text, or email creates pressure to act immediately, particularly one involving money or a family member in distress, run it through the three steps:

1. Analyse the request for manufactured urgency

2. Authenticate by assuming the voice, number, or email could be faked

3. Act by verifying through a channel the scammer doesn't control

This single habit, more than any piece of security software, is what separates a near-miss from a five-hour ordeal at a Bitcoin machine.

The technology behind these scams will keep improving, and the voices, numbers, and stories will keep getting harder to question on instinct alone. What won't change is the fact that a few seconds of pause and one independent phone call is usually enough to tell a real emergency from a manufactured one. Trust isn't the problem here, it's simply the thing scammers have learned to exploit. Building a habit of verifying before reacting costs almost nothing and closes the door on the tactic entirely.

Transcript

WAYNE: What if the person calling you claiming to be your daughter, your spouse, your boss actually isn't? What if it's a scammer using AI voice cloning so convincing, so perfect that you can't tell the difference? This is not science fiction. This is happening right now today. And if you're a parent, an entrepreneur, someone managing wealth or assets, or anyone who thinks they're too smart to fall for a scam, this episode is for you. Because here's the hard truth: your brain is their target, and your instinct to trust is the vulnerability they exploit. My guest today is none other than Robert Siciliano, CEO of Protect Now LLC, a cybersecurity expert and private investigator who spent thirty years teaching people how to think differently so they actually do things differently. In today's conversation, we're breaking down the human blind spot that makes you vulnerable, the specific tactics criminals use to manipulate you, and the simple frameworks that you can use to protect your family and your legacy from becoming their next victim. This is absolutely one of the most impactful conversations that I've had in twenty twenty-six, so it's my pleasure to introduce to you Mr. Robert Siciliano. Well, again, thank you so much for your time. I'm super excited to learn. But why don't you kick us off, tell everybody a little bit about yourself, and maybe why should they be listening to you today?

ROBERT SICILIANO: Sure, I am based in Boston, Massachusetts. I am a father of two late teenager girls, I'm a girl dad, married twenty five years, I'm a dad to Minx the Belgian Malinois, which they call a dog but it's really like a hyena. And I've been presenting and providing security awareness training for thirty plus years, which today I call security appreciation training, due to the fact that most people don't have a high degree of appreciation for the security in their life. They just don't. They take it for granted. And I wake up every day making sure that I am engaged in the process of being the messenger for the message, due to the fact that I truly believe in security appreciation.

WAYNE: The messenger for the message for security appreciation. Give us the distinction there, right? You said you've been, you know, thirty years around security awareness, but now you're calling it security appreciation training.

ROBERT SICILIANO: We live in a culture where most security awareness is regulatory based, you know, compliance training. Watch a video, go through an LMS, a learning management system, recognize the risks of the URL, don't click this, don't do that, or else. And that doesn't necessarily translate into the learner wanting to engage in the process of making sure that they are effectively managing risk in the workplace, because it doesn't necessarily affect the learner. We are a selfish, or self interested, creature, humans, and we primarily want to know what's in it for us first, and phishing simulation isn't in it for us, it's for the corporation. And so security appreciation is, okay, this is how you protect your own identity, this is how you manage your own passcodes, this is how you essentially protect your own bank account, this is how you protect your child's digital footprint. This is about you and how security affects you and how you navigate the world, because there are predators and thieves out there that mean to do you harm. Here's who they are, here's how they operate, these are what their targets look like, and here's how you manage that risk. And once you kind of flip it on its head and present it in such a way that all security is personal to the learner, they're like, whoa, I didn't know that this training was gonna be like that. This is good, I want this, I want more of that, I have questions. That's what I do.

WAYNE: Nice. So sort of flipping it so that it is much more about the individual and what they can be doing actively for themselves, their families, their kids, versus just the security awareness of like protect your company, protect your business assets.

ROBERT SICILIANO: Yeah, what I've been seeing for quite some time now is security fatigue caused by the compliance trap. You know, entrepreneurs, CISOs, whatever, they all engage in security to a degree, right. But in the end we don't necessarily drink the Kool Aid of security because of complex, impersonal rules that trigger security aversion. Security is not normal, it's not natural. Trust, and trusting others, is what's normal and natural. And so ultimately this false sense of security is felt by meeting these regulatory requirements, ultimately meaning that human behavior remains unchanged and vulnerable.

WAYNE: Interesting. Yeah, so trust, right? I know I've heard you actually talk about this, or I saw it online. Trust as like the human operating system, right? I mean, trust is how we build relationships in our day to day, especially when you're talking about, let's just throw business in there, with new clients, partners, prospects. And so where is trust, I don't know, is it leading us wrong when it comes to cybersecurity?

ROBERT SICILIANO: Good observation. So trust is our foundation. Trust is fundamental, right. Trust is our default, okay. And after thirty years of presenting security awareness I have come to the conclusion that we all have what I call the human blind spot. And the human blind spot is the psychological and biological instinct to trust the familiar, to trust each other, right. It is that cognitive gap where biological trust overrides suspicion, leaving the door wide open to all kinds of fraud and deception. We are, as humans, considered an interdependent species, which means as an interdependent species we are dependent upon each other for our survival. Essentially I need you, you need me, man needs woman, woman needs man, to procreate, right, to further the species. And we need to trust each other in order for that interaction to occur. And so all day, every day, the people that you come in contact with, the phone calls you receive, the emails you get, the text messages, you essentially biologically, psychologically want to trust that the person on the other end, the person standing in front of you, the person driving in the car kind of heading towards you as you go north and they go south, you want to believe and trust that they have your best interest in mind. You don't wanna think that they mean to hurt or harm you, ever. We don't wanna think like that. And so we want to trust, we give the benefit of the doubt all day, every day. And as a result of that, predators, essentially the sociopaths and the psychopaths that live amongst us, the hardcore narcissists, and do your own research, you'll find that as much as three percent of women and six percent of men essentially diagnosed as antisocial personality disorders, sociopaths and psychopaths, don't experience empathy, sympathy, guilt or remorse, and many of them do harm intentionally and on purpose.

WAYNE: It's super tough to believe, right? Because like you said, we all have this, well, it's definitely not all of us, the way you just stated, but the majority of us have this trust bias, right? The, on the highway is a great analogy. You're headed north, they're headed towards you south. You have this trust that they're gonna stay in their lane and you're gonna remain safe, right? When you're doing business with somebody, right, the majority of us skew towards trust that I have their best interests at heart, why would they not have mine at heart? So now when it comes to cybersecurity, people that are phishing, I mean, I'm curious, it's like tactical things maybe for us to look out for, because I'm the biggest one that's, I'm skewing towards trust. I've been called a delusional optimist when I go into proceedings, whatever it might be. And so do we know when we can be trusting people versus we can't? What do we look out for?

ROBERT SICILIANO: So I would say in ninety five percent of all fraud that we see today, all of that inbound communication, phone calls, emails, text messages, even a Zoom call for that matter, there is a degree of what we call manufactured urgency in the actual fraud itself. And the manufactured urgency is, hey, if you don't click this link, if you don't download this file, if you don't react and respond to this password request, if you don't do this now, if you don't pay this bill, and so on, you're going to lose out. Your account's gonna be closed. Your daughter is going to be kidnapped, die, whatever. Like literally manufactured urgency, right? That affects us psychologically, ultimately emotionally, that it's designed to make us engage in ways in which we might not normally do intellectually, if we actually understood what was happening to us, what, how we are being manipulated. That manufactured urgency is a form of manipulation that's designed to prey upon our fears and our worries and our emotions, okay, and our instincts in many cases. Once we are essentially affected, then we often engage where we normally wouldn't, if we actually understood what was happening to us, what was being done to us. When a human doesn't understand that they are being manipulated in that way, through manufactured urgency, they're just going to react and respond the way that you would. I work with victims all the time, and one hundred percent of the time they always say to me, I kinda knew something was happening to me, I knew something was wrong. And then as a result they say, I can't believe I was so stupid. One hundred percent of the time they say those exact same things, I can't believe I was so stupid. And here's the deal, I don't think that a single person who was manipulated in that way is stupid. I think they're just human, and they just fell for it because it was designed to make them do that, and they just weren't essentially trained properly on how to recognize and manage risk. They didn't understand what was happening to them, because no one actually had that conversation with them. And that's how most fraud happens today, and most security awareness training doesn't explain that ever, and most people don't understand this, because they've never had this type of a conversation that you and I are having right now.

WAYNE: You know, and in today's day and age, twenty twenty six, and tech and now AI, right, it's wild to think that people still aren't having this conversation, that we're still not aware of how big of an issue and a risk it is. It really interesting that you're saying, you know, you speak with a lot of, I'm not sure if you used the word victims per se, right, but a lot of individuals that have gone through security issues, cybersecurity attacks, and they say that they had kind of felt it, that they sort of knew. They're like, how could I be so stupid. Like if you were to dissect all of the different cybersecurity attacks that you've seen, right, what are some recurring themes that have happened that maybe people can be on the lookout for? One of them being this manufactured urgency that you mentioned.

ROBERT SICILIANO: Yeah, you know, if you've ever taken a sales course, negotiation, right, anything like that, you know that the basis of, when people, you know, buy is that they buy from people who, we do business with those who we know, who we like, and who we trust, right. And we develop these relationships sometimes relatively quickly, based on past experiences. Like, you know, you meet a salesperson who's selling you a car, you might spend an hour with them, and over the course of that hour you get to know them, because they talk about how they're a dad and they have a couple of kids and they're married for twenty five years and that they live locally, and you begin to determine that, oh, their kids play soccer, your kids play soccer, oh, so I'm getting to know him, I kinda like his way, and you begin to trust him. That's how we are, right, and we've been doing that all of our lives. Criminals will engage us, like, in an email that looks like it's coming from a colleague, a coworker, right. And so I know my coworker, I generally like my coworker, I have no reason not to trust my coworker, and so as a result the coworker makes a request of you, I need you to wire this amount of money to this particular bank account, cause if this bill doesn't get paid, you know, we're gonna get in trouble. And so what do you do, you wire the money. Well, why wouldn't you wire the money, I mean, you would just wire the money because your coworker said that you need to do this. You've corresponded with your coworker dozens, if not hundreds of times, and so as a result you're just gonna do what's requested of you, because it's part of your job description, for that matter. And the bad actors, they understand that, they understand that we just kinda like do what we're told. We as humans prefer to be led, to a certain degree. We don't like to upset the apple cart. We don't necessarily question authority, in many cases. We do business with those who we know, like, and trust. And many of the communications that we see, you know, that are meant to engage in fraudulent actions, are in fact from coworkers, fellow employees, banks that we do business with, large corporations like, you know, retailers that we do business with all the time, like eBay and Amazon and Best Buy and such. And so we have no reason not to trust Amazon, or Best Buy, or the chief information security officer of our corporation. And so we just react and respond, because it's normal and natural to trust that person.

WAYNE: So that's pretty interesting, right? So number one thing that I now have picked up to look out for, right, you mentioned manufactured urgency. That's something we can immediately grasp at to be like, okay, why is this matter so pressing, why are they expressing it this way. The number two thing that you just went into here that we can be on the lookout for is, I wrote it, it seems strangely familiar, right? They're appearing like a colleague, they're appearing like another company, organization, a business that we're always doing business with, which is now this like assumed, manufactured know, like, and trust.

ROBERT SICILIANO: Yeah, it's pretty simple, actually. Look, snake oil salesmen have been around for hundreds of years. We've been trusting somebody who essentially has their own best interest in mind, and not us, forever. All of us, to some degree, have been deceived at one given point in time. All of us have been hurt, or in some cases harmed, as a result of somebody else's actions. And so those lessons that we essentially did not learn from those hurts and harms, from those traumas, also affects us, and we don't necessarily wanna think that those bad things will, or can, or will ever happen to us again. So we kinda operate in such a way where that hurt, that harm, affects us psychologically and emotionally, and we prefer to not think that these things will ever happen to us again, and we actually kinda go into a form of denial. It can't or won't happen to me. And as a result, when it comes to security issues, which essentially are perpetrated by sociopaths and psychopaths, people that mean to do us harm, we often function in denial, say, it can't happen to me, and as a result we do nothing. We do nothing to protect ourselves. We lead with giving the benefit of the doubt. And if the ruse, if the lie, if the story that's being told makes enough sense to us, and essentially it has us emotionally charged, biologically, you know, we want to solve this problem, then we are going to engage with that criminal. And it doesn't take that much energy or effort for them to do it, because now with AI and deepfakes and voice cloning, they're sending out millions and millions of emails daily, for that matter, and AI has stripped away the clumsy red flags of traditional fraud. In the past criminals relied on what we would call blunder force phishing, which is mass blasting emails riddled with scammer grammar. Today AI allows for high precision impersonation at scale. Criminals use now what we call neural puppetry, to create the perfect lie, like, you know, impersonating a trusted source, like a CEO, a spouse, an attorney, a child, making that fraud feel one hundred percent human, because it's weaponizing our human blind spot, our default to trust, making the deception feel one hundred percent human. And as a result, AI automates this grooming process, utilizing what we call normalizing dialogue, to build rapport with that human. I would say ninety eight percent of the general public has no idea that any of this is happening, and they don't know it's happening to them. And essentially security awareness training does nothing to explain that, and we just kind of fall into it, because again, no one's had this conversation with anyone.

WAYNE: We're becoming more and more aware now, right, because of individuals like yourself having this conversation, right? We're moving away from just awareness to now more appreciation training, okay. I'm gonna keep sticking on this piece for a moment around, how do we know, right? You just mentioned ChatGPT, AI, deepfakes, right. AI voice that sounds like me, you. Robert, the amount of interviews that you have done, in the thousands, am I correct, radio spots, Fox News, CNN, the list goes on for forever, right? Your voice is out there thousands of times. So sounds like all I have to do, download it. This is, of course, extremely simple. Download it, upload it into an AI, and I clone your voice instantaneously. Now all of a sudden I have my fake AI Robert calling people and saying, hey, it's me, my voice sounds exactly the same, right? I'm in this urgent situation, right? You already know, like, and trust me, send me money. How do we have any chance of knowing this is fake? What can we do to protect ourselves from this new generation of smart cybersecurity?

ROBERT SICILIANO: Yeah, so we don't have a chance at all, unless we begin to recognize risk effectively, and that means essentially going forward, every single time the phone rings, every single time you get an email or a text message, every Zoom call you're on, every popup you get, we need to be looking for and recognizing where is the risk. And that is not necessarily worrying, living in fear, being paranoid. Paranoia is essentially a mental health issue. I'm talking about becoming essentially what I've developed, a methodology called becoming a strategic human firewall. This is not difficult at all. This is actually pretty easy, and I would imagine that, like, everybody on this podcast today, to a degree, they recognize risk. I mean, look, you're walking down the street, or you're walking down the sidewalk, and you happen to notice that the tree that's kind of built into the sidewalk has pushed up the concrete in such a way where the roots have unevened, you know, the concrete, and if you just keep going as you were, you might trip on that concrete. Well, you're recognizing risk. When you're driving, and somebody kind of swerves and gets a little too close to you, you're like, whoa, and you kind of put your feet on the brake a little bit, you kind of grab the steering wheel a little tighter. You're recognizing risk. We need to be doing that all the time with phone calls, emails and text messages, but many of us don't, we just trust by default. And so a traditional firewall filters internet traffic on your computer. A human firewall filters intent. What is the intention of this inbound communication. And so the strategic human firewall essentially blocks deception. It's a proactive governance, it's a mindset that turns us, employees, entrepreneurs, and so forth, from essentially passive targets, which many of us are, into active detection layers. I'm looking for it. In the physical world we call this situational awareness. As you're walking down the street you're looking to the right, looking to the left, knowing what's going on behind me, looking in front of you. The situation that I'm in, I'm paying attention. Is that car a little too close to me, is that concrete a little uneven that I could trip on it, did somebody not pick up after their dog, and so forth, right, as odd as that is. Situational awareness, is somebody paying unwanted attention to me, does somebody mean to do me harm. And basically this is an act, you're becoming an active detector seeking out, in this case, deception. It's the shift from, I trust what I see by default, to I verify everything. And this is what brings us to security appreciation. It's the shift from basic awareness, which basically is knowing in your head, to appreciation, which really is in your heart, and it's caring. So what does that mean? So when employees, or when we, appreciate how security protects our lives, our own lives first, that's when behavior changes permanently. That's when our outlook changes permanently. I call it the security appreciation gap. It's that chasm where an employee's intellectual understanding of risk awareness shifts to the emotional commitment to act on that awareness, which essentially is knowledge, ultimately becoming appreciation of the value security has in their life, right. And this results in what I call the kitchen table effect, which is a multiplier effect, where the employee, the entrepreneur, goes home and talks about this to their family, cementing those lessons for life. You don't get that from phishing simulation training. And there's actually a technique that follows becoming a strategic human firewall, and it's called the AAA protocol. Now there's all types of AAA protocols out there, right. And so the AAA protocol essentially is your break the fake playbook. AAA is analyze, which means recognize the manufactured urgency, authenticate, which means recognize the digital mask, and then act. So analyze, authenticate and act. And act means execute what we call out of band verification, which means never using the contact information in the phone call, the caller ID, the email, the email address, right. Always use an out of band verification, which is, you know, hang up, or go to Google, or go to your contact manager, and reach out to them on a number that you know is legit, before you just react and respond emotionally.

WAYNE: That was great, Robert. Thank you. Everybody, rewind a couple minutes here and listen to this again, right. Everything from the strategic human firewall, getting down to this triple A protocol and the break the fake playbook. This last, go back and listen to it, I'm not gonna recap the entire thing cause I actually want people to go back and listen here. But this last piece here of the act, right, out of, what did you say, out of the band.

ROBERT SICILIANO: Yeah.

WAYNE: Like outofband verification is verification, yeah.

ROBERT SICILIANO: So the caller ID comes in, it's a phone number that you recognize, right, but bad actors can easily spoof caller ID. So before you just trust it automatically, like, literally say, all right, let me call you right back, I'm sorry, just let me call you right back. No, you can't call me right back, it has to happen now. Manufactured urgency. Let me call you right back, hang up and call them back. Listen, let me give you a quick example, really quick, right. Very, very recently, a mom gets a phone call from a guy from her daughter's phone number. I have your daughter, she's been kidnapped. And the mom hears the daughter in the background screaming, mom, mom, please help me, I'm so sorry, I'm so sorry I didn't want this to happen, please help me. And it is her daughter's voice, it is her daughter in the background, because of AI voice cloning that's possible today. Mom, I'm sorry I didn't mean this to happen. And the guy's like, listen ma'am, you know, if you don't pay this money I'm gonna kill your daughter, here's what you need to do, and don't tell anybody. And the mom's freaking out. And over five hours the mom went to Western Union, she went to MoneyGram, she went to her bank, she went to a Bitcoin machine, she went, she just got money from everybody and everything, and began to funnel money via wire and Bitcoin to a scammer. At the end of the five hours the deal was that the mom would meet the kidnapper at a grocery store in her neighborhood, and the daughter would be fine, they'd hand over the daughter. Five hours goes by, thousands and thousands of dollars has been wired and sent via Bitcoin. The mother gets to the grocery store and there's no daughter. She's like, where, where, where is she. And she's trying to call the scammer, and the scammer's not responding. She calls her daughter. Where are you, where are you. And the daughter picks up the phone, I'm at work, what's going on mom, are you okay. The daughter was at work the entire time. The mother, all she had to do, from the very beginning, was call the daughter at her phone number, and she just didn't, because she got emotionally and psychologically involved in a trap. All she had to do was pick up the phone and call her daughter. She did it five hours later, after wiring thousands of dollars. But that's how we are. That's what we will do. Mama bear kicked in, protect my daughter, do what's necessary to get her safe. She didn't think for one second to call her daughter back, because why would you, caller ID said it was her daughter's phone. That's the world that we live in today. It's different.

WAYNE: It's a crazy world. Out of band verification, hang up, call back. If they emailed you, right, go search the company, call from there. Or if they called you, hang up, email the company, a different route for verification than what you were through.

ROBERT SICILIANO: Yeah.

WAYNE: Always have to be literally appreciative of finding security for ourselves, right? For our families, our loved ones. Robert, you're such a passionate individual, right? As, I mean, we're already starting to wrap up, unfortunately. But like, where does this come from? Give me just a little bit of like your background and what brought you to where you are today, and so passionate about helping everybody become more secure.

ROBERT SICILIANO: One hundred percent of the time, you know, I speak for a living, I'm considered what is an orator, I speak professionally, which means I get in front of live audiences, either in person or on a stage, you know, dozens and dozens of times every single year, and I've been doing this for thirty plus years. And every time I get off the platform, people always come up to me at the end, and you know, they want to talk to me. So where did you learn this, how do you know what you know, what are you, former FBI, CIA, Secret Service, law enforcement, how do you get into this. And I tell them one hundred percent of the time, like, I get into this because of what I learned from the streets of Boston. I've been doing what I do ever since I was a young teen. From my very first multiple attack situation, where I was mugged by five kids in downtown Boston at twelve, to meeting my first victim of sexual assault at thirteen. I didn't know what sex was, never mind rape, at thirteen years old, and my dad explained to me the birds and the bees, and sexual assault, at thirteen years old. And so between those two situations I became very interested in self preservation, and making sure that everybody around me understood, you know, how to protect themselves, especially young women, from, you know, sexual predators. And so I have been doing this ever since I was a teen, and then in the mid nineties I had my first computer to manage my small business, which was teaching real estate agents personal security, because real estate agents are murdered. And when I had my first computer, it was an IBM PS1 Consultant, which was the make and the model of a computer that had Windows three point oh, we're at eleven now. And it had a one hundred and fifty megabyte hard drive, and I had to buy a separate card to install so I could connect to AOL dialup. And I had the ability to accept credit cards on my computer, and I got hacked within a month of connecting to AOL. And I was already teaching personal security as it relates to violence and theft prevention in the physical world, and now I just got stolen from online, virtually, via dialup AOL. I did not know that that was a thing. And so when I talked to the bank and the credit card company, they're like, yeah, this is becoming a problem for us too, you're still responsible for the money, so sorry. And so as upset as I was losing thousands of dollars, I was intrigued, because my process has always been reverse engineering the bad actor's process. You know, back in the day, predators, as it relates to rapists and thieves, as it relates to burglars and home invaders. But to be stolen from via dialup, when I began to understand what was happening, I said, I recognize this is gonna be huge, and it is. I mean, look at it today, right, it's going to be about a one hundred and twenty one trillion dollar issue by twenty thirty one, and I've been talking about this since the mid nineties, and the only thing that has changed since then is that cybercrime is a for profit business today, versus back then it was some hacker in his mom's basement. Today it's a for profit business, and now organized crime has taken full advantage of that. Cybercrime is already eclipsing the illicit drug trade. That's where we're at now, okay. What hasn't changed are consumers, the entrepreneurs, the employees, meaning, like, everybody listening to this call today, watching this video, we really haven't changed much at all. We're still doing the same thing that we did thirty years ago. We're still using the same passcode across multiple accounts. We're still not using two factor authentication for all our critical accounts. I know this because I get in front of live audiences and I ask them the question, and the answers are always the same thing. Ninety percent of the general public does nothing. That hasn't changed from thirty years ago. So I got into this because I saw it playing out in my own life, and you know, I'm continually frustrated by corporations and government agencies. They're not doing enough to protect us, or educating or informing us. So now security appreciation is the only way that I see a way out. Become a strategic human firewall.

WAYNE: A strategic human firewall. Wow, Robert, from the streets in Boston, right, to nineteen ninety five cyber attack on yourself, to now, here we are, twenty twenty six, and it's more important than ever, right, this cybersecurity, right? Online crime, it's a business, you better believe they are gonna do everything in their power to make as much money as possible. So let's make sure it doesn't come out of our pockets. Robert, it's really an amazing thing that you're working on here, and it feels to me like it's making a huge, huge difference in the world. And so with the show, I'm always curious to talk about, like, legacy. In your eyes, like what, what even is legacy? Like what is the legacy that you're hoping to leave on this world?

ROBERT SICILIANO: So my whole thing, well, security awareness, to begin with, is about changing people's behavior. It's about getting them to think differently, so ultimately they do things differently. And so the methodology, you know, becoming a strategic human firewall and recognizing our own human blind spot, my hopes are that anyone who's listening to this podcast today takes even just a little bit of that, and they begin to look at the world around them just even just a little bit differently. And as a result they begin to do things even just a little bit differently, so that when they get that phone call, that email, that text message, they ultimately stop what they're doing. They go from being emotionally engaged to intellectually recognizing, okay, what's actually happening to me right now. And they take that and they express that to their friends and their family and their colleagues, and they begin to do things differently. And as a result, you know, that might actually prevent someone's daughter from being sexually assaulted at a college party, it might prevent your mom from, you know, liquidating her assets, because she got, you know, a popup that resulted in her thinking that she's in this new relationship with this guy, because your dad died ten years ago, and because she's been lonely, she's susceptible. My goal is to make people more secure as a result of my experiences.

WAYNE: And so, such an amazing thing that you mentioned here, of like, by sharing with others, then they have the power to pass it on also, and then to act differently. I wrote down this sentence that you said, you said, to think differently, to ultimately do things differently, right?

ROBERT SICILIANO: Yeah.

WAYNE: We teach each other, we ourselves can think differently first, then we can ultimately do things differently. Robert, I appreciate you so much for sharing, right? Tell us a little bit about, if people wanna learn more from you, your company, what you're up to today, please let everybody know.

ROBERT SICILIANO: So I give this stuff away for free on my LinkedIn. You know, like, so if you follow me on LinkedIn, I've got tens of thousands of subscribers that read my newsletter every couple of weeks. Just, you know, Robert Siciliano, S I C I L I A N O, on LinkedIn. Otherwise, my website is protectnowllc.com, protectnowllc.com.

WAYNE: I'll put everything down below. Robert, thank you again, my friend, I greatly appreciate it.

ROBERT SICILIANO: I appreciate you, thank you so much.

WAYNE: And that's a wrap. Thanks for tuning in today, everybody. Robert said it clearly, we're all hardwired to trust, and criminals know that. He told a story of how one mother got a call from her daughter's phone number, heard her daughter's voice that was actually AI voice cloning, and proceeded to wire thousands of dollars to scammers, while little did she know the daughter was safely at work the entire time. That's how powerful and sophisticated scammers are these days. But as we heard, there's ways we can defend ourselves. Security appreciation, as Robert said, is not about living in fear. It's simply about shifting from being emotionally hijacked to being aware. He said, think differently, so ultimately you do things differently. The triple A protocol he outlined to us is your framework. First, analyze, and look for manufactured urgency. Then authenticate, by verifying what's going on with a source that you know is real. And finally, act, through using out of band verification, switch your channel through which you're communicating and verify who you're actually talking to. It's a crazy world we live in, and we can simply take a moment to breathe and shift how we react and think. We can all protect our legacy and your family's future. You can learn more about Robert and his company at protectnowllc.com. And if today's conversation opened your mind and got you thinking, please leave us a review. It helps get this message in front of people who really need it. Thanks again for tuning in, and we will see you next week on Journey to Legacy.