Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
When you listen to Nobody Listens to
0:02
Paula Poundstone, the comedy podcast, you learn
0:04
stuff. I've been learning to throw
0:06
a boomerang, because this is the kind of
0:08
thing that really gets the listeners engaged, you know.
0:11
Interviews with people who will make
0:13
you smarter. Does the amount that
0:15
you learn protect you from cognitive
0:18
decline? Paula, don't touch
0:20
that! Can't people just listen to
0:22
the show? Can't they just enjoy a delightful
0:24
treehouse full of information and co- I think
0:26
I'm bleeding. Join us and be
0:29
a nobody. This
0:32
episode is brought to you by the Weather Channel
0:34
app. Did you know the app can help
0:36
you forecast more than just the weather? With allergy
0:39
tracking and flu risk mapping. So you know
0:41
when to stay inside and load up on
0:43
podcasts. As well as air quality
0:45
and UV indexing. So you know when to
0:48
get outside, load up on sunscreen and podcasts.
0:50
Forecast more of what you love with the
0:52
Weather Channel app. Alright,
0:57
we are doing some reruns for a
0:59
very good reason. Which is? It's
1:02
Adam's fault, actually. I
1:05
live with the guilt of several world wars on
1:07
my shoulders, so I can take more guilt. It's
1:09
okay. Here's the deal.
1:11
Adam had something happen to
1:13
him. And we're working on the episode, but we're
1:16
not done yet. It's really good? It's good? Yeah,
1:19
it is. Can we give a little
1:21
teaser hint? When
1:23
I called Bo to say, Bo, you're not going to
1:25
believe this, but you're going to love this one. And
1:28
you know, I'm so used to him saying that, that I was
1:30
like, uh-huh, of course I am. Tell me. And I did love
1:32
it. And you're going to love it too.
1:35
Anyway, next week we will have that episode ready
1:38
for you. It's a good one. It's new. It's
1:40
a weird one too. And with that, welcome to What
1:42
the Hack? A show about hackers, scammers, and the
1:44
people they go after. I'm Adam Levin. I'm
1:48
Bo Friedlander. And I'm Travis Taylor. What
1:52
the Hack? So
2:00
for our first story we're going to be speaking
2:02
with someone who works at an Amazon warehouse who
2:04
ran a foul scammy website online. These kind of
2:07
scams are still prevalent and they're things you should
2:09
be looking out for. I really liked Liza
2:11
and I liked what she had to say
2:13
and I also like the way that she
2:15
navigated the situation without question. Where
2:24
are you coming to us from? I'm
2:27
coming from Boonstaff in Rhode Island. What
2:30
do you do? I work for Amazon
2:33
and I do two jobs.
2:36
I toss boxes on
2:39
the belt and I also train
2:41
the delivery drivers. You're
2:43
here today because something happened, right? So what
2:47
did happen? So
2:49
I told my son,
2:51
well I didn't tell him, but I
2:53
wanted to get him a Nintendo Switch
2:55
for Christmas and
2:58
extravagant, big
3:00
pricey item, you know, but he
3:02
earned it. He's, you know, earned it. He
3:04
got his A's and good
3:06
behaviors and things like that. So I
3:09
decided back in October to beat the rush and
3:13
I find a deal. They're
3:16
all running between $299 and $350 depending
3:18
on which Switch you get with games or
3:24
no games or the new OLEDs
3:26
just came out and stuff like
3:28
that. It's basically
3:31
your Nintendo console with
3:33
a screen. It's handheld. So
3:37
this thing is like a real big deal
3:39
video game thing. Big deal. So
3:43
one on this website, it was
3:45
right around Black, they're starting
3:48
all their deals and sales
3:50
early. So I
3:52
googled Nintendo Switch and, you
3:55
know, the usual hits came up, the
3:57
big box shopper, and then the
3:59
mom and pops come. up and then I
4:01
find this one that's um
4:07
hooli game that
4:09
was direct out of china and I thought oh
4:12
that avoids the shipping crisis so I placed
4:14
my order and
4:18
uh for 197 dollars I got it 70% off with
4:20
a game through the website
4:22
I went listing
4:27
on google it was a website it wasn't
4:29
the website of the manufacturer though right no
4:32
and it was 70% off yes
4:35
so it's like a black friday like here
4:38
you go gift from
4:40
heaven early black friday deal
4:42
too good to be true too
4:44
good to be true famous
4:47
words said
4:52
to myself hmm a little early for
4:55
the black friday specials but you know
4:58
you just never know because this is a
5:00
hot commodity this is something everybody wants so
5:03
I clicked through and I made
5:07
my purchase got the confirmation
5:10
number they said they would
5:12
ship it they would send me the
5:15
tracking number in I don't know 2048 to
5:17
72 hours I said that's fine um
5:24
I had to email them I was like hey I
5:26
haven't got my tracking number yet and they said okay
5:30
here's your tracking number the next day
5:32
because I'm dealing with china now wait
5:34
wait they they you you
5:36
didn't get a tracking number immediately you
5:39
just got a confirmation which is normal yeah
5:42
so it took them a day or two it was
5:44
like a Thursday or Friday when I made the order
5:46
so I always give them the weekend so
5:49
on Monday or Tuesday I got the tracking
5:51
number and then I started tracking and I'm
5:53
like ah my package and it's
5:55
it's kind of fun in a nerdy
5:57
geeky way to track your packages on
5:59
YouTube National
8:00
Tracking website they have.
8:03
Okay. To track the package.
8:06
And by the time it got in the
8:08
USPS hands, I could track
8:10
it through that website. So
8:14
roundabout, you know, it
8:16
goes to Palatine, Forest
8:18
Park, Bedford Park,
8:21
Chicago Heights, and
8:24
I'm thinking this is bizarre.
8:26
And finally it arrives
8:29
in Chicago Heights. And
8:32
I'm like, okay, great. It's
8:34
going out for delivery. Sorting
8:37
processing complete. Arrival
8:40
unit. I'm like, wait
8:42
a minute. I don't live in Chicago. So
8:47
I call the US post office. And the only
8:49
response they have for me is
8:51
to call the post office in
8:54
Chicago Heights. The
8:57
guys are like, it's out for
8:59
delivery. The only way you
9:01
can refuse delivery is through
9:04
our website. So
9:06
I'm on the phone with the guy. I'm
9:08
refusing delivery on the website. It's
9:11
through United States Postal Service. The
9:13
guy doesn't understand why it's not
9:15
working. So I
9:17
said, okay, I'm going to track down the
9:20
person who lives there and say, Hey,
9:23
that it got misdelivered to your
9:25
address. Would you please forward it
9:28
to me? I
9:30
actually left a message on the
9:32
person's home or the phone number
9:35
attached to that address turns
9:38
out that it was a pair
9:40
of sunglasses delivered
9:43
to Chicago Heights. And not a
9:45
switch and not a Nintendo switch.
9:49
The lady on the other end of the phone
9:51
was just like, okay, do
9:53
you want your sunglasses? So,
9:57
so how did this make you feel? I
10:00
was a bit upset. I mean, you take
10:03
your risk. I took my, I took
10:05
the risk knowing, not
10:08
knowing that it was going to be a
10:11
scam or not assuming
10:14
that. I didn't want to assume the
10:16
worst. I
10:18
was too excited to get this
10:21
Nintendo Switch for some
10:23
change. You know,
10:25
$197. With a
10:27
game, came with two games. So that's
10:30
a deal. And I felt
10:34
rather deflated when it
10:36
turned out to be sunglasses. And
10:38
I had to laugh because two
10:41
summers ago I received a same
10:43
package and ironically somebody else
10:45
did that and I ended up at
10:47
their sunglasses. So I had to laugh. In
10:50
the middle of all of this, my
10:52
bank calls me and they're
10:55
like, yeah, you've
10:57
got two charges for $197. I'm like
10:59
two charges for $197. No, no, no,
11:02
no, no, no, no. It should be one charge for $197.
11:06
So they refunded me one $197
11:08
charge and I was like, we
11:11
both agreed that we would let
11:13
one of them go through because
11:15
I'm still kind of balancing whether it's
11:17
a scam or not. And
11:21
so I got the refund on one. So
11:24
in the meantime, I'm a little
11:26
frustrated, anxiety provoking. You
11:28
know, just I
11:30
deal with high anxiety to begin with and
11:34
just not a happy thing. So try
11:37
to still have a sense of humor. I get
11:39
on the horn and now Nintendo Switches are up
11:41
to $350 to $400. Is
11:47
the website that you bought it off of, what
11:49
did it look like? Was it like a convincing
11:51
e-commerce site? Yeah, it was a
11:53
mom and pop, convinced basic down and dirty
11:55
mom and pop website that you would see
11:58
for a long time. third-party
12:01
sellers, people that just
12:03
want to get their product out there and
12:05
don't really know. They say they know
12:07
the product will sell more than they don't
12:09
need the fancy website to sell the product.
12:12
And was it, do you know enough, when you're looking at
12:14
it, do you know what it looks like to see what
12:16
a secured URL looks
12:18
like? HTTPS? Yeah. And
12:21
did it have one? And the whole thing
12:23
looked absolutely secure. Ah, okay. Well,
12:26
we've seen a number of scams
12:28
where they will create websites and
12:30
they'll even get fake digital certificates.
12:33
It's a pretty common scam
12:35
actually where it's actually relatively
12:37
easy to set up an
12:39
e-commerce site. You can offer a very, very
12:41
steep discount on something that's super popular
12:44
or in demand and then run
12:47
it just for a few days until people start getting wise
12:49
to it and then shut it down and then start
12:51
that up again. Just like the
12:54
guys on the street corner selling Rolexes
12:57
during the holiday season. Oh
12:59
yeah, no. And when the cops show up, they throw a
13:02
blanket over the top of it and run. Yeah.
13:07
So, okay. So here you are.
13:09
You get scammed during the holiday season,
13:12
which I imagine not
13:14
only do you feel bad being scammed but
13:16
to be scammed during the holiday season is
13:18
even worse. It's
13:20
not like you're feeling of good cheer with all
13:22
this. True, but
13:25
I was able to recover pretty quickly. Yeah.
13:29
So, how'd you do it? I mean, obviously,
13:31
you went, you ordered another one.
13:34
Was your bank cooperative? Yes,
13:37
they are. All I had to do
13:39
was send them my postal tracking document
13:43
that proved that it wasn't what it
13:45
was. And
13:48
I got my money back. So
13:50
I didn't really lose out anything other than
13:52
the anxiety and stress
13:55
of whether I was going
13:58
to be able to sustain. fill
14:00
my son's prophecies become
14:02
less like the holy grail in
14:05
our family. It's
14:08
always good during the holiday season to have
14:10
the holy grail thing going on for sure.
14:15
But I mean, it also is a tremendous waste of
14:17
time for you. Like you definitely was a time
14:19
suck to deal with this. Oh
14:22
yeah. How about how long, how long did you
14:24
spend? I was just trying to get a feel
14:26
for the amount of time you spent. You know,
14:28
did you spend more time tracking this package and
14:30
trying to figure it out or actually just taking
14:32
the $300 or whatever the deal was later? I
14:36
think the Friday of Thanksgiving weekend, I'd already
14:39
gotten a new one. You figured
14:41
it out. And I just sucked up the 299, 300 bucks
14:43
for a new one. But
14:46
it was a month long process. Do you think
14:48
that you could have spotted
14:50
this had you Googled the, the, the
14:53
e-tailer that you were looking at? Or do you think
14:55
it wasn't possible at the time? Yes.
14:58
If I'd done better due diligence on
15:01
the, on the bells going off in my head, like
15:04
Googling the website really, you
15:06
know, looking okay. It's a
15:09
mom and pop website. That
15:11
was definitely a bell in my head. Yeah.
15:15
There were some things I kind of could have
15:17
done a little bit for due diligence
15:20
on looking back, find sites
15:22
always 2020, but I can,
15:24
you know, those things really,
15:27
I should have paid closer attention
15:29
to. So it's kind of like
15:31
the, the, the warning bells
15:33
of Christmas, right? Now
15:36
the warning bells of Christmas. Ding
15:38
dong. So
15:49
what is HelloFresh? Farm fresh, pre-portioned ingredients and
15:51
seasonal recipes that get delivered right to your
15:53
doorstep. So they send you a box of
15:55
stuff. How do you know it's the right
15:57
stuff? It comes with everything you need in
15:59
the box. It's the season for giving
16:01
and gathering, and with HelloFresh, it can also be
16:03
the season of saving with fresh recipes that are
16:05
delivered cheaper than takeout. I love to cook, but
16:07
at the same time, after a full day of
16:10
work, there's still always something else to do. With
16:12
HelloFresh, it helps turn busy weeknights
16:14
into just great, memorable mealtimes with
16:16
practical options. Whether you're the home
16:19
chef or you know a chef,
16:21
HelloFresh would make a fantastic holiday
16:23
gift. And it's America's number one
16:25
meal kit. If people want to go ahead
16:27
and get this HelloFresh, what do they do?
16:29
They go to hellofresh.com slash hack free
16:32
and use code hack free
16:34
for free breakfast for life.
16:37
One breakfast item per box while
16:39
subscription is active. That's
16:41
free breakfast for life. hellofresh.com/hack
16:45
free with code hack
16:47
free. Lauren. Mike.
16:49
So we host a podcast for Wired
16:52
called Gadget Lab. We do. We
16:54
do. Yes, that is correct. Tell
16:56
the good people more about it. Well,
16:58
I think the good people should definitely tune in every week because
17:01
they get to hear me roasting you. I
17:03
know. All right. No, really
17:05
what Gadget Lab is, is Mike and
17:07
I tackling the biggest questions in the
17:09
world of technology. I like to think
17:11
of it as the best of Wired's
17:13
journalism, but in audio form. We cover
17:15
the big news of the week in
17:17
tech land, but we also offer our
17:19
expert analyses and opinions on all things
17:22
consumer tech, whether that's mobile apps, hardware,
17:24
startups, cryptocurrency. Mike,
17:26
what's been a recent highlight episode for
17:28
you? We did a deep dive on the
17:30
group behind the massive Okta hack. We also
17:32
had a great conversation about Web3 and the
17:34
metaverse. What stands out for you? Never
17:37
met a verse you didn't like. I
17:40
really enjoyed our recent podcast about Peloton.
17:43
And recently the legendary tech journalist Kara Swisher
17:45
joined us to talk all about Elon Musk
17:47
and the future of Twitter. So
17:49
I guess we should tell people how they can listen to our pod.
17:51
We release a new episode of Gadget Lab
17:53
every week, and you can listen and follow
17:56
us on Apple Podcasts, Spotify, or wherever you
17:58
pod. What
18:05
are some of the things, Travis, you looked for on
18:07
a website that were the warning
18:09
bells? A
18:12
big one are online reviews. Hmm,
18:15
that's something where something has just really only
18:17
popped up in the last week or two.
18:20
That's usually a good indicator. Unfortunately,
18:22
it's not that hard to make
18:24
a fancy bells and whistles type
18:26
of e-commerce site relatively
18:28
quickly or just to be able to keep
18:30
on copying them. Another
18:33
big one is just how much accountability
18:35
that they have. Do they have contact
18:37
info? Do they have a
18:40
physical mailing address, especially in
18:42
the states? That's an important one.
18:44
Do they have a contact form to be able
18:46
to let them know if you're not getting something?
18:49
A phone number, all those other sorts of things. The
18:53
smaller details there, I think, end up
18:58
revealing whether or not something is a little
19:00
bit more suspicious. Yeah,
19:02
well, I got to tell you though, I've
19:06
made mistakes with legitimate companies
19:10
when I really wanted to buy something and
19:13
gotten burned just for money, basically.
19:17
Somehow I ended up spending $200 more than I needed to. A
19:20
classic example is I wanted
19:24
to go hear a band
19:28
that I really like and
19:31
I got tickets on
19:34
StubHub and it turned out
19:36
the Beacon Theater in New York City still
19:38
had tickets for sale. They
19:41
were $75. I
19:44
mean, there's that sort of thing, but when you're
19:46
super excited and you really want to get something
19:48
in and it's even more amplified when it's your
19:50
kid and you really, you're like, I
19:52
got to get this thing for my kid. You
19:55
stop thinking and that is the very, at
19:57
the core of this kind of scam is
19:59
just they you're not
20:01
thinking because it's like a kid
20:04
card. It's the kid card. If they play the
20:06
kid card and you're gonna fall for it. Christmas
20:21
trees are a big deal, right? We all
20:23
get Christmas trees, even Jews like you, Adam.
20:27
Comic-a-bushes, yes, yes, I know these
20:29
things. We call them Viking shrubs. You
20:32
call them Viking shrubs? Well, you know, you're actually
20:34
kind of a part of the story in the
20:37
next one, right? Yeah,
20:39
the next guest is actually my
20:41
cousin. Okay, let's listen. Okay, how's
20:43
everybody doing? Harold of
20:45
the Light. Tulu-chiha.
21:06
Harry, did you ever use Travis's
21:10
voice for
21:13
outgoing messages and stuff back in the day?
21:15
I think we did, right, Travis? Yeah, we did,
21:17
yeah. And a couple of times if a customer
21:20
got unruly, I'd call and just be like, you
21:22
can't do that. And they get ready in line.
21:24
Yeah. Harry,
21:26
how did you get into the Christmas
21:28
tree business? 2012, I was
21:30
sitting on my couch in a story of
21:32
Queens in a basement apartment and wanted
21:42
to think about different businesses and such. And we saw a
21:44
guy carrying a tree on the
21:47
train. And my friend and I thought to ourselves
21:50
like, hey, like that's an idea. There's no Christmas
21:53
tree delivery. There's people who don't
21:56
deliver Christmas trees. And so you
22:00
Travis was telling us that he he
22:02
worked for you which we didn't believe in i
22:04
hired him years ago so i almost called you
22:06
for a reference it's nice to see you and
22:08
nice to know that. He actually wasn't lying that
22:11
he worked for christmas tree company but he did
22:13
tell me years ago that there was some kind
22:15
of scam a foot at your
22:17
company. What
22:19
happened. Yes so we
22:22
had a delivery and at the time we didn't
22:24
know it because our drivers they get paid for
22:27
the tree every tree they deliver they get paid
22:29
and and. A
22:32
couple weeks of past and then we got
22:34
a charge back where a customer ordered i
22:36
think i got four hundred dollar tree or
22:38
five hundred dollar tree package and. They
22:42
got we got a charge back and we said hey
22:44
that she was delivered to check the driver. Then
22:47
once we gave the driver the address
22:49
they said oh yeah there was something
22:51
really shady about that place where the
22:53
person instructed them just to leave the
22:55
tree outside. And they didn't want
22:57
to get unusual very unusual yeah
23:00
because the service. Is to
23:03
deliver the tree inside and start and
23:05
you know the customer doesn't have to
23:07
install how do you install a tree
23:09
what you just put it like in
23:11
the stand that's exactly when i'm not
23:13
hiding stuff man. Yes the
23:16
standard and then the family inside so usually
23:18
you would deliver it so they basically bought
23:20
a tree and kind of put it where
23:22
you would put it if you're throwing it
23:25
out or what. Yeah they
23:27
ask them really shady like leave the tree
23:29
outside and my guys like. To
23:32
them that was like oh this is an easy delivery we don't
23:34
have to take it in without taking up the flights of stairs.
23:37
And mess with the trimming inside the house and
23:39
they just left it and went on to their
23:41
next delivery little did
23:43
they know that that person
23:45
bought that tree with the stolen credit
23:47
card. And
23:50
it wasn't just a stolen credit card right. Yeah
23:52
it was a marine that was deceased
23:55
that actually has like a really
23:57
nice record of life and. volunteerism
24:00
and things that he did and that's
24:04
the one way that they honored him to steal his
24:07
information by a Christmas tree under
24:10
his name and then obviously when that charge
24:12
back occurred, we still had to incur the
24:14
charges for it because it
24:16
was a stolen man's credit card. So
24:19
do you think they were doing this to get the
24:21
tree for themselves or to get the tree that they
24:23
could turn around and resell it to someone else? Oh,
24:26
for themselves. Yeah, for sure. Which
24:28
is a, that's a really weird mental image.
24:31
I think that's one of the things that
24:33
stuck with me about that because stealing someone's
24:35
credit card number is one thing. Stealing someone
24:37
who has recently died their credit
24:39
card number, that's even worse. Doing that from
24:42
a serviceman who died overseas, that's really bad.
24:44
Oh, wait. But I'm just kind of
24:46
trying to... He was a serviceman who died like in
24:48
an act of service? Yeah. Man.
24:52
And do it during Christmas, like that's
24:54
weird. Right. The world can
24:56
be so crap all year round. But then
24:58
Christmas, we're all kind of actually jolly. Everybody's
25:00
nice and cordial and you help that
25:03
person cross the street and you let that person, that
25:05
other car go. And yeah, this
25:07
guy was taking advantage of
25:09
a family and a man who lost his
25:11
life in this country. And
25:15
just to get a Christmas tree, just to get a
25:17
very expensive tree, like one of our bigger ones, or
25:19
I can't remember exact size, but... Well,
25:21
he's a candidate for like, we send
25:24
him to the home alone house and
25:26
see if he can survive that little
25:28
kid. Sounds
25:30
like someone who needs to get the beat. Be
25:33
clearly this is not a Jimmy Stewart movie. That's
25:35
for sure. Definitely
25:38
not. So how did you find out it was stolen? Because
25:42
of the charge back. The charge back.
25:44
And then once we were, I
25:46
believe, and Travis can elaborate on this, once
25:49
that Shopify gave us charge back
25:51
saying that this person didn't
25:54
authorize this charge. I'm guessing that was
25:56
his family. We
25:58
said, no, no, we did deliver. But the addresses
26:00
didn't match up and stuff
26:03
like that. And then I believe we did some
26:05
investigating, Travis, right? Yeah, we looked up his name
26:07
and then just saw that, yeah, he had died
26:09
fairly recently. Yeah. And
26:12
so the family most likely did get
26:14
this charge and they had Christmas without
26:16
their loved one who had died overseas
26:18
and then this crap to deal with.
26:21
Wow, merry Christmas.
26:27
This harkens back to a situation many
26:30
years ago and there was some press
26:32
coverage of it, but then it disappeared,
26:34
is that a number of people who
26:36
had been dishonorably discharged
26:38
from military bases around the
26:40
country, paid off
26:43
people who were still working on
26:45
those military bases, got access to
26:47
thousands upon thousands of files of
26:50
people who were attached
26:52
to that base. And when those people
26:54
were deployed overseas and only when they
26:56
were deployed overseas did
26:58
they then take that information and
27:01
do identity theft against all of these
27:04
people. And it
27:06
was outrageous. And it came at a
27:08
time where they really didn't want
27:10
to do an enormous amount of press because there
27:12
was an issue about how
27:14
good the armor was for the
27:17
vehicles that were being used overseas
27:20
in the war, in the Gulf. And
27:24
there was already complaints about the fact that
27:26
we weren't sufficiently protecting our troops and
27:29
that was over there. And the
27:31
last thing they needed to have was information
27:33
coming out that we were also
27:35
not protecting our troops in terms of what
27:37
was going on over here. Curious.
27:42
Harry, how common
27:44
is it to have these scams around Christmas
27:46
time? I mean, do you run into them
27:48
a lot? Yeah, I think over
27:50
the years we ran into a few of them. But
27:54
now any charge that we
27:56
get that has
27:58
even a moderate level. Um,
28:01
they have different levels like low level,
28:03
moderate level. A what? Level
28:05
of what? Broad, I believe Shopify labels
28:07
it because maybe there's address didn't match up
28:09
or they had to put the card in
28:11
multiple times. That might be a low level.
28:14
Um, if they had to match. They
28:17
use like a green, yellow and red system.
28:19
So if I am just an idiot and I
28:21
put in my three number code, whatever that
28:23
code is called, the CCV wrong a few times,
28:25
it'll show up as low level. And
28:27
that's only out of the thousands of orders. You're only going
28:30
to get a handful that might be low level. So
28:32
that's maybe the address doesn't match up
28:34
with the credit card that's normally on
28:37
file or whatnot. Most of
28:39
the time, um, but most of
28:41
the time it may be somebody from the
28:43
UK ordering a tree for someone here and
28:46
it's just a low level because it's flagged that here.
28:49
So you let it go through then or you don't.
28:51
Well, we they all go through, but
28:53
when there's high level, uh, we call
28:56
and we communicate with them. Like
28:58
just want to make sure that you made this purchase
29:00
because now we have, we've improved our best practices. I
29:02
don't get hit with a couple charges at the end
29:04
of the year that people are, you know, having
29:07
charge backs and then I'm coming out of my
29:09
own code affected. You changed your
29:11
game to make sure it doesn't happen. Absolutely.
29:13
And our whole system has changed now where
29:16
the, the, each, each tree has to be
29:18
taken a picture of for
29:20
confirmation, a picture where it's installed, the
29:22
customer has to sign. So
29:24
we kind of like, you know, dot our eyes, cross
29:26
our keys completely now. Well,
29:29
those weren't the tricky things before, um, because
29:32
the, you do next day delivery. So someone orders
29:34
something one day, they get it, they get it
29:36
the next, if the tree is up or in
29:38
the case with these drivers, if they
29:41
leave it outside someplace, um, the
29:43
tree is gone. I mean, even by the time you
29:45
find out about the charge back. Yeah.
29:54
Based on what you went through with this
29:56
particular tree, and this was obviously a teachable
29:58
moment. What
30:00
are things that business owners should be looking
30:02
out for in order to avoid this kind
30:04
of scam? Definitely the the
30:07
fraudulent checks in the back end, you
30:09
know, even if it's low moderate or
30:11
high Have one
30:13
of your customer service or administrators check
30:15
that out and give them a call
30:17
and confirm With the owner
30:19
of the card or what the person whose name is
30:21
on the order if the charges
30:24
is accurate If they
30:26
authorize the charge Well, that's
30:28
you know, again, that's what we always tell people
30:30
is that you know go to the
30:32
source And
30:35
that's very important to do because if you don't go
30:37
to the source you could be Sorly
30:40
surprised by by the results. So
30:42
you're right. You're on the hook for the loss, you
30:44
know No one's gonna cover that but you so if
30:46
you don't do you do diligence and
30:49
you don't do that You know the best steps
30:51
to not allow that to happen You
30:54
you may pay the Consequences as
30:56
I have had to so I have a
30:58
question. So with the credit card chargeback There's
31:01
there's no insurance that you can have
31:03
that protects the business against let's say
31:05
a a wave of
31:07
these chargebacks Or it's all on
31:10
the business owner in order to make Absolutely
31:12
sure to confirm all the details and make sure
31:14
you're dealing with the right people Well
31:17
from the past they've asked us information like
31:19
proof of the tree delivery and then we
31:21
could show them like look This is the
31:23
confirmation of the tree the purchase order. This
31:26
is the confirmation from the driver But
31:29
without actual evidence like a picture like what
31:31
we have now right now you go into
31:33
the house Our drivers cannot on their app
31:35
They cannot go to their next delivery and
31:38
tree order without finalizing the one that they're
31:40
currently on So it needs a picture it
31:42
needs to be a picture of the tree
31:44
standing inside the house and then it needs
31:47
Signature authorization from the person who ordered it
31:49
or a family member that's in the house
31:51
at the time So those
31:53
steps in place protect us from
31:55
this really happening it ever again.
31:57
Hopefully one of the other things,
31:59
too is I know you can adjust
32:01
the settings in Shopify, other e-commerce platforms like
32:03
that, just to say that you won't even
32:05
accept something if it has a certain
32:08
level of risk, but also the payment processor.
32:11
That can be configured too, that you can say, if
32:14
the address or zip code doesn't
32:16
match, you can say that that you just be
32:18
like, that's a deal breaker and you can have
32:20
it be blocked off immediately at the checkout. So
32:23
have you found that it's better just to do that, just
32:25
to err on the side of caution more? Do you think that
32:27
would cut into your business too much? Yeah,
32:30
out of the couple thousand trees online
32:33
that we do, I only
32:35
see maybe a couple of ones
32:37
that have risk of fraud
32:39
on them, and they're low
32:42
typically, but that's a great
32:44
point. And I don't think we've ever
32:46
explored that. And maybe I'll bring that
32:48
up because that would
32:50
eliminate. Would
32:53
it cancel an order or two? Would it prevent
32:55
somebody from purchasing? Possibly, but then they can reach
32:57
out to us and say, hey,
32:59
I'm trying to order a tree, it's not going
33:01
through, and then we can capture their
33:03
order that way. But yeah, so. I'm
33:05
wondering like also just on your website,
33:08
there are ways in which website
33:10
itself can be affected by hackers
33:12
who are trying to capture information,
33:15
trying to capture money. And
33:18
I don't know like what, I mean,
33:20
the thing that comes to mind is
33:22
the MagiCart. So a
33:24
MagiCart, yep. MagiCart, what
33:26
is MagiCart? MagiCart's
33:28
a type of hack on e-commerce sites where
33:31
they, for the most part, they put something
33:33
called a listener in the code. So
33:35
when a customer is entering in their credit
33:37
card number, this will actually intercept that. So
33:40
how do you protect against that? One
33:43
of the big ones is that you
33:45
need to vet the types of plugins or extensions
33:47
you're using on a site. So for instance, Shopify,
33:51
but same as any major e-commerce
33:53
site, it's going to have little add-ons that you
33:55
can do. So if you're going to be doing
33:57
say, local delivery, that's an extra little application that
33:59
you're putting. putting on there. And it's
34:02
unlikely that Shopify itself will get hacked, but all you
34:05
need to do is hack one of those plugins. And
34:07
once you hack one of those plugins, you can install
34:09
that. And is that open source, Travis?
34:11
Can anyone get into those plugins? Shopify
34:14
is not. Shopify is closed source. It's a little bit closer to
34:16
the Apple app store. But
34:19
WooCommerce, which is most widely
34:21
used, and Magento, which is what Magecart is named
34:23
after, those use a
34:26
lot of those. That's how both Macy's and
34:28
Ticketmaster got hacked a couple of years ago.
34:30
No one actually hacked Macy's.com or ticketmaster.com, but
34:32
they took over an open source plugin that hadn't been updated
34:35
in a while, and then they just added a little bit
34:37
of code saying, you know,
34:39
every time a credit card is entered, just steal that
34:41
info. And for a
34:43
very small amount of money, Harry, we will
34:45
let you talk to Travis
34:47
about what to do to protect your site from
34:49
Magecart. Okay,
34:56
so now it's time for our tinfoil swan.
34:58
Our paranoid takeaway to help keep you safe
35:01
on and offline. What is it this week,
35:03
Travis? So it's the 10 year
35:05
anniversary of Have I Been Pwned, which is a great
35:07
resource for being able to look up to see whether
35:09
or not your data has been in any recent data
35:11
leaks or breaches. That's amazing. So
35:13
10 years since Have I Been Pwned, and if
35:15
you haven't ever heard about Have I Been Pwned,
35:17
clearly, I've been listening to this show very much.
35:20
Yeah, this is something we talked about on the show a lot.
35:23
We use it. We recommend it. It's something
35:25
you should really consider. That's www.haveibenpwned,
35:29
P-W-N-E-D, and
35:33
pwned in
35:36
cyber vernacular is what, Travis?
35:39
It means you got hacked. Yeah, and
35:41
we know you have a lot to do. So that's
35:43
it this week. Short tinfoil swan, long
35:46
shopping list. Go to it. Have a great week.
35:56
What the Hack with Adam Levin is a production of
35:58
LoudTree Media. You can find us online adamlevin.com
36:00
and on Instagram, Twitter, and Facebook
36:02
at Adam K. Levin.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More