0:00

When you listen to Nobody Listens to

0:02

Paula Poundstone, the comedy podcast, you learn

0:04

stuff. I've been learning to throw

0:06

a boomerang, because this is the kind of

0:08

thing that really gets the listeners engaged, you know.

0:11

Interviews with people who will make

0:13

you smarter. Does the amount that

0:15

you learn protect you from cognitive

0:18

decline? Paula, don't touch

0:20

that! Can't people just listen to

0:22

the show? Can't they just enjoy a delightful

0:24

treehouse full of information and co- I think

0:26

I'm bleeding. Join us and be

0:29

a nobody. This

0:32

episode is brought to you by the Weather Channel

0:34

app. Did you know the app can help

0:36

you forecast more than just the weather? With allergy

0:39

tracking and flu risk mapping. So you know

0:41

when to stay inside and load up on

0:43

podcasts. As well as air quality

0:45

and UV indexing. So you know when to

0:48

get outside, load up on sunscreen and podcasts.

0:50

Forecast more of what you love with the

0:52

Weather Channel app. Alright,

0:57

we are doing some reruns for a

0:59

very good reason. Which is? It's

1:02

Adam's fault, actually. I

1:05

live with the guilt of several world wars on

1:07

my shoulders, so I can take more guilt. It's

1:09

okay. Here's the deal.

1:11

Adam had something happen to

1:13

him. And we're working on the episode, but we're

1:16

not done yet. It's really good? It's good? Yeah,

1:19

it is. Can we give a little

1:21

teaser hint? When

1:23

I called Bo to say, Bo, you're not going to

1:25

believe this, but you're going to love this one. And

1:28

you know, I'm so used to him saying that, that I was

1:30

like, uh-huh, of course I am. Tell me. And I did love

1:32

it. And you're going to love it too.

1:35

Anyway, next week we will have that episode ready

1:38

for you. It's a good one. It's new. It's

1:40

a weird one too. And with that, welcome to What

1:42

the Hack? A show about hackers, scammers, and the

1:44

people they go after. I'm Adam Levin. I'm

1:48

Bo Friedlander. And I'm Travis Taylor. What

1:52

the Hack? So

2:00

for our first story we're going to be speaking

2:02

with someone who works at an Amazon warehouse who

2:04

ran a foul scammy website online. These kind of

2:07

scams are still prevalent and they're things you should

2:09

be looking out for. I really liked Liza

2:11

and I liked what she had to say

2:13

and I also like the way that she

2:15

navigated the situation without question. Where

2:24

are you coming to us from? I'm

2:27

coming from Boonstaff in Rhode Island. What

2:30

do you do? I work for Amazon

2:33

and I do two jobs.

2:36

I toss boxes on

2:39

the belt and I also train

2:41

the delivery drivers. You're

2:43

here today because something happened, right? So what

2:47

did happen? So

2:49

I told my son,

2:51

well I didn't tell him, but I

2:53

wanted to get him a Nintendo Switch

2:55

for Christmas and

2:58

extravagant, big

3:00

pricey item, you know, but he

3:02

earned it. He's, you know, earned it. He

3:04

got his A's and good

3:06

behaviors and things like that. So I

3:09

decided back in October to beat the rush and

3:13

I find a deal. They're

3:16

all running between $299 and $350 depending

3:18

on which Switch you get with games or

3:24

no games or the new OLEDs

3:26

just came out and stuff like

3:28

that. It's basically

3:31

your Nintendo console with

3:33

a screen. It's handheld. So

3:37

this thing is like a real big deal

3:39

video game thing. Big deal. So

3:43

one on this website, it was

3:45

right around Black, they're starting

3:48

all their deals and sales

3:50

early. So I

3:52

googled Nintendo Switch and, you

3:55

know, the usual hits came up, the

3:57

big box shopper, and then the

3:59

mom and pops come. up and then I

4:01

find this one that's um

4:07

hooli game that

4:09

was direct out of china and I thought oh

4:12

that avoids the shipping crisis so I placed

4:14

my order and

4:18

uh for 197 dollars I got it 70% off with

4:20

a game through the website

4:22

I went listing

4:27

on google it was a website it wasn't

4:29

the website of the manufacturer though right no

4:32

and it was 70% off yes

4:35

so it's like a black friday like here

4:38

you go gift from

4:40

heaven early black friday deal

4:42

too good to be true too

4:44

good to be true famous

4:47

words said

4:52

to myself hmm a little early for

4:55

the black friday specials but you know

4:58

you just never know because this is a

5:00

hot commodity this is something everybody wants so

5:03

I clicked through and I made

5:07

my purchase got the confirmation

5:10

number they said they would

5:12

ship it they would send me the

5:15

tracking number in I don't know 2048 to

5:17

72 hours I said that's fine um

5:24

I had to email them I was like hey I

5:26

haven't got my tracking number yet and they said okay

5:30

here's your tracking number the next day

5:32

because I'm dealing with china now wait

5:34

wait they they you you

5:36

didn't get a tracking number immediately you

5:39

just got a confirmation which is normal yeah

5:42

so it took them a day or two it was

5:44

like a Thursday or Friday when I made the order

5:46

so I always give them the weekend so

5:49

on Monday or Tuesday I got the tracking

5:51

number and then I started tracking and I'm

5:53

like ah my package and it's

5:55

it's kind of fun in a nerdy

5:57

geeky way to track your packages on

5:59

YouTube National

8:00

Tracking website they have.

8:03

Okay. To track the package.

8:06

And by the time it got in the

8:08

USPS hands, I could track

8:10

it through that website. So

8:14

roundabout, you know, it

8:16

goes to Palatine, Forest

8:18

Park, Bedford Park,

8:21

Chicago Heights, and

8:24

I'm thinking this is bizarre.

8:26

And finally it arrives

8:29

in Chicago Heights. And

8:32

I'm like, okay, great. It's

8:34

going out for delivery. Sorting

8:37

processing complete. Arrival

8:40

unit. I'm like, wait

8:42

a minute. I don't live in Chicago. So

8:47

I call the US post office. And the only

8:49

response they have for me is

8:51

to call the post office in

8:54

Chicago Heights. The

8:57

guys are like, it's out for

8:59

delivery. The only way you

9:01

can refuse delivery is through

9:04

our website. So

9:06

I'm on the phone with the guy. I'm

9:08

refusing delivery on the website. It's

9:11

through United States Postal Service. The

9:13

guy doesn't understand why it's not

9:15

working. So I

9:17

said, okay, I'm going to track down the

9:20

person who lives there and say, Hey,

9:23

that it got misdelivered to your

9:25

address. Would you please forward it

9:28

to me? I

9:30

actually left a message on the

9:32

person's home or the phone number

9:35

attached to that address turns

9:38

out that it was a pair

9:40

of sunglasses delivered

9:43

to Chicago Heights. And not a

9:45

switch and not a Nintendo switch.

9:49

The lady on the other end of the phone

9:51

was just like, okay, do

9:53

you want your sunglasses? So,

9:57

so how did this make you feel? I

10:00

was a bit upset. I mean, you take

10:03

your risk. I took my, I took

10:05

the risk knowing, not

10:08

knowing that it was going to be a

10:11

scam or not assuming

10:14

that. I didn't want to assume the

10:16

worst. I

10:18

was too excited to get this

10:21

Nintendo Switch for some

10:23

change. You know,

10:25

$197. With a

10:27

game, came with two games. So that's

10:30

a deal. And I felt

10:34

rather deflated when it

10:36

turned out to be sunglasses. And

10:38

I had to laugh because two

10:41

summers ago I received a same

10:43

package and ironically somebody else

10:45

did that and I ended up at

10:47

their sunglasses. So I had to laugh. In

10:50

the middle of all of this, my

10:52

bank calls me and they're

10:55

like, yeah, you've

10:57

got two charges for $197. I'm like

10:59

two charges for $197. No, no, no,

11:02

no, no, no, no. It should be one charge for $197.

11:06

So they refunded me one $197

11:08

charge and I was like, we

11:11

both agreed that we would let

11:13

one of them go through because

11:15

I'm still kind of balancing whether it's

11:17

a scam or not. And

11:21

so I got the refund on one. So

11:24

in the meantime, I'm a little

11:26

frustrated, anxiety provoking. You

11:28

know, just I

11:30

deal with high anxiety to begin with and

11:34

just not a happy thing. So try

11:37

to still have a sense of humor. I get

11:39

on the horn and now Nintendo Switches are up

11:41

to $350 to $400. Is

11:47

the website that you bought it off of, what

11:49

did it look like? Was it like a convincing

11:51

e-commerce site? Yeah, it was a

11:53

mom and pop, convinced basic down and dirty

11:55

mom and pop website that you would see

11:58

for a long time. third-party

12:01

sellers, people that just

12:03

want to get their product out there and

12:05

don't really know. They say they know

12:07

the product will sell more than they don't

12:09

need the fancy website to sell the product.

12:12

And was it, do you know enough, when you're looking at

12:14

it, do you know what it looks like to see what

12:16

a secured URL looks

12:18

like? HTTPS? Yeah. And

12:21

did it have one? And the whole thing

12:23

looked absolutely secure. Ah, okay. Well,

12:26

we've seen a number of scams

12:28

where they will create websites and

12:30

they'll even get fake digital certificates.

12:33

It's a pretty common scam

12:35

actually where it's actually relatively

12:37

easy to set up an

12:39

e-commerce site. You can offer a very, very

12:41

steep discount on something that's super popular

12:44

or in demand and then run

12:47

it just for a few days until people start getting wise

12:49

to it and then shut it down and then start

12:51

that up again. Just like the

12:54

guys on the street corner selling Rolexes

12:57

during the holiday season. Oh

12:59

yeah, no. And when the cops show up, they throw a

13:02

blanket over the top of it and run. Yeah.

13:07

So, okay. So here you are.

13:09

You get scammed during the holiday season,

13:12

which I imagine not

13:14

only do you feel bad being scammed but

13:16

to be scammed during the holiday season is

13:18

even worse. It's

13:20

not like you're feeling of good cheer with all

13:22

this. True, but

13:25

I was able to recover pretty quickly. Yeah.

13:29

So, how'd you do it? I mean, obviously,

13:31

you went, you ordered another one.

13:34

Was your bank cooperative? Yes,

13:37

they are. All I had to do

13:39

was send them my postal tracking document

13:43

that proved that it wasn't what it

13:45

was. And

13:48

I got my money back. So

13:50

I didn't really lose out anything other than

13:52

the anxiety and stress

13:55

of whether I was going

13:58

to be able to sustain. fill

14:00

my son's prophecies become

14:02

less like the holy grail in

14:05

our family. It's

14:08

always good during the holiday season to have

14:10

the holy grail thing going on for sure.

14:15

But I mean, it also is a tremendous waste of

14:17

time for you. Like you definitely was a time

14:19

suck to deal with this. Oh

14:22

yeah. How about how long, how long did you

14:24

spend? I was just trying to get a feel

14:26

for the amount of time you spent. You know,

14:28

did you spend more time tracking this package and

14:30

trying to figure it out or actually just taking

14:32

the $300 or whatever the deal was later? I

14:36

think the Friday of Thanksgiving weekend, I'd already

14:39

gotten a new one. You figured

14:41

it out. And I just sucked up the 299, 300 bucks

14:43

for a new one. But

14:46

it was a month long process. Do you think

14:48

that you could have spotted

14:50

this had you Googled the, the, the

14:53

e-tailer that you were looking at? Or do you think

14:55

it wasn't possible at the time? Yes.

14:58

If I'd done better due diligence on

15:01

the, on the bells going off in my head, like

15:04

Googling the website really, you

15:06

know, looking okay. It's a

15:09

mom and pop website. That

15:11

was definitely a bell in my head. Yeah.

15:15

There were some things I kind of could have

15:17

done a little bit for due diligence

15:20

on looking back, find sites

15:22

always 2020, but I can,

15:24

you know, those things really,

15:27

I should have paid closer attention

15:29

to. So it's kind of like

15:31

the, the, the warning bells

15:33

of Christmas, right? Now

15:36

the warning bells of Christmas. Ding

15:38

dong. So

15:49

what is HelloFresh? Farm fresh, pre-portioned ingredients and

15:51

seasonal recipes that get delivered right to your

15:53

doorstep. So they send you a box of

15:55

stuff. How do you know it's the right

15:57

stuff? It comes with everything you need in

15:59

the box. It's the season for giving

16:01

and gathering, and with HelloFresh, it can also be

16:03

the season of saving with fresh recipes that are

16:05

delivered cheaper than takeout. I love to cook, but

16:07

at the same time, after a full day of

16:10

work, there's still always something else to do. With

16:12

HelloFresh, it helps turn busy weeknights

16:14

into just great, memorable mealtimes with

16:16

practical options. Whether you're the home

16:19

chef or you know a chef,

16:21

HelloFresh would make a fantastic holiday

16:23

gift. And it's America's number one

16:25

meal kit. If people want to go ahead

16:27

and get this HelloFresh, what do they do?

16:29

They go to hellofresh.com slash hack free

16:32

and use code hack free

16:34

for free breakfast for life.

16:37

One breakfast item per box while

16:39

subscription is active. That's

16:41

free breakfast for life. hellofresh.com/hack

16:45

free with code hack

16:47

free. Lauren. Mike.

16:49

So we host a podcast for Wired

16:52

called Gadget Lab. We do. We

16:54

do. Yes, that is correct. Tell

16:56

the good people more about it. Well,

16:58

I think the good people should definitely tune in every week because

17:01

they get to hear me roasting you. I

17:03

know. All right. No, really

17:05

what Gadget Lab is, is Mike and

17:07

I tackling the biggest questions in the

17:09

world of technology. I like to think

17:11

of it as the best of Wired's

17:13

journalism, but in audio form. We cover

17:15

the big news of the week in

17:17

tech land, but we also offer our

17:19

expert analyses and opinions on all things

17:22

consumer tech, whether that's mobile apps, hardware,

17:24

startups, cryptocurrency. Mike,

17:26

what's been a recent highlight episode for

17:28

you? We did a deep dive on the

17:30

group behind the massive Okta hack. We also

17:32

had a great conversation about Web3 and the

17:34

metaverse. What stands out for you? Never

17:37

met a verse you didn't like. I

17:40

really enjoyed our recent podcast about Peloton.

17:43

And recently the legendary tech journalist Kara Swisher

17:45

joined us to talk all about Elon Musk

17:47

and the future of Twitter. So

17:49

I guess we should tell people how they can listen to our pod.

17:51

We release a new episode of Gadget Lab

17:53

every week, and you can listen and follow

17:56

us on Apple Podcasts, Spotify, or wherever you

17:58

pod. What

18:05

are some of the things, Travis, you looked for on

18:07

a website that were the warning

18:09

bells? A

18:12

big one are online reviews. Hmm,

18:15

that's something where something has just really only

18:17

popped up in the last week or two.

18:20

That's usually a good indicator. Unfortunately,

18:22

it's not that hard to make

18:24

a fancy bells and whistles type

18:26

of e-commerce site relatively

18:28

quickly or just to be able to keep

18:30

on copying them. Another

18:33

big one is just how much accountability

18:35

that they have. Do they have contact

18:37

info? Do they have a

18:40

physical mailing address, especially in

18:42

the states? That's an important one.

18:44

Do they have a contact form to be able

18:46

to let them know if you're not getting something?

18:49

A phone number, all those other sorts of things. The

18:53

smaller details there, I think, end up

18:58

revealing whether or not something is a little

19:00

bit more suspicious. Yeah,

19:02

well, I got to tell you though, I've

19:06

made mistakes with legitimate companies

19:10

when I really wanted to buy something and

19:13

gotten burned just for money, basically.

19:17

Somehow I ended up spending $200 more than I needed to. A

19:20

classic example is I wanted

19:24

to go hear a band

19:28

that I really like and

19:31

I got tickets on

19:34

StubHub and it turned out

19:36

the Beacon Theater in New York City still

19:38

had tickets for sale. They

19:41

were $75. I

19:44

mean, there's that sort of thing, but when you're

19:46

super excited and you really want to get something

19:48

in and it's even more amplified when it's your

19:50

kid and you really, you're like, I

19:52

got to get this thing for my kid. You

19:55

stop thinking and that is the very, at

19:57

the core of this kind of scam is

19:59

just they you're not

20:01

thinking because it's like a kid

20:04

card. It's the kid card. If they play the

20:06

kid card and you're gonna fall for it. Christmas

20:21

trees are a big deal, right? We all

20:23

get Christmas trees, even Jews like you, Adam.

20:27

Comic-a-bushes, yes, yes, I know these

20:29

things. We call them Viking shrubs. You

20:32

call them Viking shrubs? Well, you know, you're actually

20:34

kind of a part of the story in the

20:37

next one, right? Yeah,

20:39

the next guest is actually my

20:41

cousin. Okay, let's listen. Okay, how's

20:43

everybody doing? Harold of

20:45

the Light. Tulu-chiha.

21:06

Harry, did you ever use Travis's

21:10

voice for

21:13

outgoing messages and stuff back in the day?

21:15

I think we did, right, Travis? Yeah, we did,

21:17

yeah. And a couple of times if a customer

21:20

got unruly, I'd call and just be like, you

21:22

can't do that. And they get ready in line.

21:24

Yeah. Harry,

21:26

how did you get into the Christmas

21:28

tree business? 2012, I was

21:30

sitting on my couch in a story of

21:32

Queens in a basement apartment and wanted

21:42

to think about different businesses and such. And we saw a

21:44

guy carrying a tree on the

21:47

train. And my friend and I thought to ourselves

21:50

like, hey, like that's an idea. There's no Christmas

21:53

tree delivery. There's people who don't

21:56

deliver Christmas trees. And so you

22:00

Travis was telling us that he he

22:02

worked for you which we didn't believe in i

22:04

hired him years ago so i almost called you

22:06

for a reference it's nice to see you and

22:08

nice to know that. He actually wasn't lying that

22:11

he worked for christmas tree company but he did

22:13

tell me years ago that there was some kind

22:15

of scam a foot at your

22:17

company. What

22:19

happened. Yes so we

22:22

had a delivery and at the time we didn't

22:24

know it because our drivers they get paid for

22:27

the tree every tree they deliver they get paid

22:29

and and. A

22:32

couple weeks of past and then we got

22:34

a charge back where a customer ordered i

22:36

think i got four hundred dollar tree or

22:38

five hundred dollar tree package and. They

22:42

got we got a charge back and we said hey

22:44

that she was delivered to check the driver. Then

22:47

once we gave the driver the address

22:49

they said oh yeah there was something

22:51

really shady about that place where the

22:53

person instructed them just to leave the

22:55

tree outside. And they didn't want

22:57

to get unusual very unusual yeah

23:00

because the service. Is to

23:03

deliver the tree inside and start and

23:05

you know the customer doesn't have to

23:07

install how do you install a tree

23:09

what you just put it like in

23:11

the stand that's exactly when i'm not

23:13

hiding stuff man. Yes the

23:16

standard and then the family inside so usually

23:18

you would deliver it so they basically bought

23:20

a tree and kind of put it where

23:22

you would put it if you're throwing it

23:25

out or what. Yeah they

23:27

ask them really shady like leave the tree

23:29

outside and my guys like. To

23:32

them that was like oh this is an easy delivery we don't

23:34

have to take it in without taking up the flights of stairs.

23:37

And mess with the trimming inside the house and

23:39

they just left it and went on to their

23:41

next delivery little did

23:43

they know that that person

23:45

bought that tree with the stolen credit

23:47

card. And

23:50

it wasn't just a stolen credit card right. Yeah

23:52

it was a marine that was deceased

23:55

that actually has like a really

23:57

nice record of life and. volunteerism

24:00

and things that he did and that's

24:04

the one way that they honored him to steal his

24:07

information by a Christmas tree under

24:10

his name and then obviously when that charge

24:12

back occurred, we still had to incur the

24:14

charges for it because it

24:16

was a stolen man's credit card. So

24:19

do you think they were doing this to get the

24:21

tree for themselves or to get the tree that they

24:23

could turn around and resell it to someone else? Oh,

24:26

for themselves. Yeah, for sure. Which

24:28

is a, that's a really weird mental image.

24:31

I think that's one of the things that

24:33

stuck with me about that because stealing someone's

24:35

credit card number is one thing. Stealing someone

24:37

who has recently died their credit

24:39

card number, that's even worse. Doing that from

24:42

a serviceman who died overseas, that's really bad.

24:44

Oh, wait. But I'm just kind of

24:46

trying to... He was a serviceman who died like in

24:48

an act of service? Yeah. Man.

24:52

And do it during Christmas, like that's

24:54

weird. Right. The world can

24:56

be so crap all year round. But then

24:58

Christmas, we're all kind of actually jolly. Everybody's

25:00

nice and cordial and you help that

25:03

person cross the street and you let that person, that

25:05

other car go. And yeah, this

25:07

guy was taking advantage of

25:09

a family and a man who lost his

25:11

life in this country. And

25:15

just to get a Christmas tree, just to get a

25:17

very expensive tree, like one of our bigger ones, or

25:19

I can't remember exact size, but... Well,

25:21

he's a candidate for like, we send

25:24

him to the home alone house and

25:26

see if he can survive that little

25:28

kid. Sounds

25:30

like someone who needs to get the beat. Be

25:33

clearly this is not a Jimmy Stewart movie. That's

25:35

for sure. Definitely

25:38

not. So how did you find out it was stolen? Because

25:42

of the charge back. The charge back.

25:44

And then once we were, I

25:46

believe, and Travis can elaborate on this, once

25:49

that Shopify gave us charge back

25:51

saying that this person didn't

25:54

authorize this charge. I'm guessing that was

25:56

his family. We

25:58

said, no, no, we did deliver. But the addresses

26:00

didn't match up and stuff

26:03

like that. And then I believe we did some

26:05

investigating, Travis, right? Yeah, we looked up his name

26:07

and then just saw that, yeah, he had died

26:09

fairly recently. Yeah. And

26:12

so the family most likely did get

26:14

this charge and they had Christmas without

26:16

their loved one who had died overseas

26:18

and then this crap to deal with.

26:21

Wow, merry Christmas.

26:27

This harkens back to a situation many

26:30

years ago and there was some press

26:32

coverage of it, but then it disappeared,

26:34

is that a number of people who

26:36

had been dishonorably discharged

26:38

from military bases around the

26:40

country, paid off

26:43

people who were still working on

26:45

those military bases, got access to

26:47

thousands upon thousands of files of

26:50

people who were attached

26:52

to that base. And when those people

26:54

were deployed overseas and only when they

26:56

were deployed overseas did

26:58

they then take that information and

27:01

do identity theft against all of these

27:04

people. And it

27:06

was outrageous. And it came at a

27:08

time where they really didn't want

27:10

to do an enormous amount of press because there

27:12

was an issue about how

27:14

good the armor was for the

27:17

vehicles that were being used overseas

27:20

in the war, in the Gulf. And

27:24

there was already complaints about the fact that

27:26

we weren't sufficiently protecting our troops and

27:29

that was over there. And the

27:31

last thing they needed to have was information

27:33

coming out that we were also

27:35

not protecting our troops in terms of what

27:37

was going on over here. Curious.

27:42

Harry, how common

27:44

is it to have these scams around Christmas

27:46

time? I mean, do you run into them

27:48

a lot? Yeah, I think over

27:50

the years we ran into a few of them. But

27:54

now any charge that we

27:56

get that has

27:58

even a moderate level. Um,

28:01

they have different levels like low level,

28:03

moderate level. A what? Level

28:05

of what? Broad, I believe Shopify labels

28:07

it because maybe there's address didn't match up

28:09

or they had to put the card in

28:11

multiple times. That might be a low level.

28:14

Um, if they had to match. They

28:17

use like a green, yellow and red system.

28:19

So if I am just an idiot and I

28:21

put in my three number code, whatever that

28:23

code is called, the CCV wrong a few times,

28:25

it'll show up as low level. And

28:27

that's only out of the thousands of orders. You're only going

28:30

to get a handful that might be low level. So

28:32

that's maybe the address doesn't match up

28:34

with the credit card that's normally on

28:37

file or whatnot. Most of

28:39

the time, um, but most of

28:41

the time it may be somebody from the

28:43

UK ordering a tree for someone here and

28:46

it's just a low level because it's flagged that here.

28:49

So you let it go through then or you don't.

28:51

Well, we they all go through, but

28:53

when there's high level, uh, we call

28:56

and we communicate with them. Like

28:58

just want to make sure that you made this purchase

29:00

because now we have, we've improved our best practices. I

29:02

don't get hit with a couple charges at the end

29:04

of the year that people are, you know, having

29:07

charge backs and then I'm coming out of my

29:09

own code affected. You changed your

29:11

game to make sure it doesn't happen. Absolutely.

29:13

And our whole system has changed now where

29:16

the, the, each, each tree has to be

29:18

taken a picture of for

29:20

confirmation, a picture where it's installed, the

29:22

customer has to sign. So

29:24

we kind of like, you know, dot our eyes, cross

29:26

our keys completely now. Well,

29:29

those weren't the tricky things before, um, because

29:32

the, you do next day delivery. So someone orders

29:34

something one day, they get it, they get it

29:36

the next, if the tree is up or in

29:38

the case with these drivers, if they

29:41

leave it outside someplace, um, the

29:43

tree is gone. I mean, even by the time you

29:45

find out about the charge back. Yeah.

29:54

Based on what you went through with this

29:56

particular tree, and this was obviously a teachable

29:58

moment. What

30:00

are things that business owners should be looking

30:02

out for in order to avoid this kind

30:04

of scam? Definitely the the

30:07

fraudulent checks in the back end, you

30:09

know, even if it's low moderate or

30:11

high Have one

30:13

of your customer service or administrators check

30:15

that out and give them a call

30:17

and confirm With the owner

30:19

of the card or what the person whose name is

30:21

on the order if the charges

30:24

is accurate If they

30:26

authorize the charge Well, that's

30:28

you know, again, that's what we always tell people

30:30

is that you know go to the

30:32

source And

30:35

that's very important to do because if you don't go

30:37

to the source you could be Sorly

30:40

surprised by by the results. So

30:42

you're right. You're on the hook for the loss, you

30:44

know No one's gonna cover that but you so if

30:46

you don't do you do diligence and

30:49

you don't do that You know the best steps

30:51

to not allow that to happen You

30:54

you may pay the Consequences as

30:56

I have had to so I have a

30:58

question. So with the credit card chargeback There's

31:01

there's no insurance that you can have

31:03

that protects the business against let's say

31:05

a a wave of

31:07

these chargebacks Or it's all on

31:10

the business owner in order to make Absolutely

31:12

sure to confirm all the details and make sure

31:14

you're dealing with the right people Well

31:17

from the past they've asked us information like

31:19

proof of the tree delivery and then we

31:21

could show them like look This is the

31:23

confirmation of the tree the purchase order. This

31:26

is the confirmation from the driver But

31:29

without actual evidence like a picture like what

31:31

we have now right now you go into

31:33

the house Our drivers cannot on their app

31:35

They cannot go to their next delivery and

31:38

tree order without finalizing the one that they're

31:40

currently on So it needs a picture it

31:42

needs to be a picture of the tree

31:44

standing inside the house and then it needs

31:47

Signature authorization from the person who ordered it

31:49

or a family member that's in the house

31:51

at the time So those

31:53

steps in place protect us from

31:55

this really happening it ever again.

31:57

Hopefully one of the other things,

31:59

too is I know you can adjust

32:01

the settings in Shopify, other e-commerce platforms like

32:03

that, just to say that you won't even

32:05

accept something if it has a certain

32:08

level of risk, but also the payment processor.

32:11

That can be configured too, that you can say, if

32:14

the address or zip code doesn't

32:16

match, you can say that that you just be

32:18

like, that's a deal breaker and you can have

32:20

it be blocked off immediately at the checkout. So

32:23

have you found that it's better just to do that, just

32:25

to err on the side of caution more? Do you think that

32:27

would cut into your business too much? Yeah,

32:30

out of the couple thousand trees online

32:33

that we do, I only

32:35

see maybe a couple of ones

32:37

that have risk of fraud

32:39

on them, and they're low

32:42

typically, but that's a great

32:44

point. And I don't think we've ever

32:46

explored that. And maybe I'll bring that

32:48

up because that would

32:50

eliminate. Would

32:53

it cancel an order or two? Would it prevent

32:55

somebody from purchasing? Possibly, but then they can reach

32:57

out to us and say, hey,

32:59

I'm trying to order a tree, it's not going

33:01

through, and then we can capture their

33:03

order that way. But yeah, so. I'm

33:05

wondering like also just on your website,

33:08

there are ways in which website

33:10

itself can be affected by hackers

33:12

who are trying to capture information,

33:15

trying to capture money. And

33:18

I don't know like what, I mean,

33:20

the thing that comes to mind is

33:22

the MagiCart. So a

33:24

MagiCart, yep. MagiCart, what

33:26

is MagiCart? MagiCart's

33:28

a type of hack on e-commerce sites where

33:31

they, for the most part, they put something

33:33

called a listener in the code. So

33:35

when a customer is entering in their credit

33:37

card number, this will actually intercept that. So

33:40

how do you protect against that? One

33:43

of the big ones is that you

33:45

need to vet the types of plugins or extensions

33:47

you're using on a site. So for instance, Shopify,

33:51

but same as any major e-commerce

33:53

site, it's going to have little add-ons that you

33:55

can do. So if you're going to be doing

33:57

say, local delivery, that's an extra little application that

33:59

you're putting. putting on there. And it's

34:02

unlikely that Shopify itself will get hacked, but all you

34:05

need to do is hack one of those plugins. And

34:07

once you hack one of those plugins, you can install

34:09

that. And is that open source, Travis?

34:11

Can anyone get into those plugins? Shopify

34:14

is not. Shopify is closed source. It's a little bit closer to

34:16

the Apple app store. But

34:19

WooCommerce, which is most widely

34:21

used, and Magento, which is what Magecart is named

34:23

after, those use a

34:26

lot of those. That's how both Macy's and

34:28

Ticketmaster got hacked a couple of years ago.

34:30

No one actually hacked Macy's.com or ticketmaster.com, but

34:32

they took over an open source plugin that hadn't been updated

34:35

in a while, and then they just added a little bit

34:37

of code saying, you know,

34:39

every time a credit card is entered, just steal that

34:41

info. And for a

34:43

very small amount of money, Harry, we will

34:45

let you talk to Travis

34:47

about what to do to protect your site from

34:49

Magecart. Okay,

34:56

so now it's time for our tinfoil swan.

34:58

Our paranoid takeaway to help keep you safe

35:01

on and offline. What is it this week,

35:03

Travis? So it's the 10 year

35:05

anniversary of Have I Been Pwned, which is a great

35:07

resource for being able to look up to see whether

35:09

or not your data has been in any recent data

35:11

leaks or breaches. That's amazing. So

35:13

10 years since Have I Been Pwned, and if

35:15

you haven't ever heard about Have I Been Pwned,

35:17

clearly, I've been listening to this show very much.

35:20

Yeah, this is something we talked about on the show a lot.

35:23

We use it. We recommend it. It's something

35:25

you should really consider. That's www.haveibenpwned,

35:29

P-W-N-E-D, and

35:33

pwned in

35:36

cyber vernacular is what, Travis?

35:39

It means you got hacked. Yeah, and

35:41

we know you have a lot to do. So that's

35:43

it this week. Short tinfoil swan, long

35:46

shopping list. Go to it. Have a great week.

35:56

What the Hack with Adam Levin is a production of

35:58

LoudTree Media. You can find us online adamlevin.com

36:00

and on Instagram, Twitter, and Facebook

36:02

at Adam K. Levin.