[Transcript, uncorrected]

Beau: Welcome back to What The Hack. I’m Beau Friedlander. Now we’re gonna do something a little different this week. If you’ve been listening for a while, the concept of a single host might feel…a little stripped down–maybe even a little sad. I have to admit I totally feel lonely sometimes. Back when the podcast was called, “What the Hack with Adam Levin,” there was King of all Things Dad Jokes, Adam Levin, and then there was me. I was cyber quarterback. And then there was Travis who Adam called the “Voice of God. Travis Taylor, our resident owl, agreeably churlish uncle, and more generally the exposition guy. That trio–call us the three musty steers–dissected together a parade of scams, hacks, and cyber things. They’re not here every week anymore, but it being that time of year again, yield season of giving till it hurts gifting, AKA, the season of digital carnage…or something like that, we needed to get the band back together again. 

Clip: We’re putting the band back together. 

Beau: Adam, Travis and I have been covering holiday hooliganism together for so many years. It isn’t really a choice so much as a shared marital obligation, like Thanksgiving dinner with jokes. So with that big news, Adam and Travis are back for a special Cyber Monday episode. From fake deals to bogus gift cards, it’s time for your annual de-Grinch-afication. It’s time to have them back. But let’s be clear, the threatscape this holiday season is darker than ever. So settle back, we’re gonna give you the gift of awareness.

(musical beat, cash register sound)

Beau: Adam Levin. Serial entrepreneur, former business partner, former co-host of this podcast. Welcome to “What the Hack?” formerly with you.

Adam: It’s nice to be back though. 

Beau: It’s nice to have you back. I reached out to you because you are the former Director of Consumer Affairs for the State of New Jersey, where I assume there’s lots of fraud and scams.

Adam: Well, come on. We’re not alone. There are lots of states. 

Beau: No, and that is a horrible cliché to say that. Anything about the Sopranos, New Jersey, Newark, whatever… 

Adam: Respect, respect.

Beau: I think I’ve done this maybe 14 times with you in the, over the, at something like that. 15 times we’ve, we’ve gone 15 Cyber Mondays together. 

Adam: And soon to be 16.

Beau: Yeah. So I have, you are my Cyber Monday mope. What, what, what, what, what? Iterates with Monday. Uh, maestro main man. There you go Cyber Monday, main man. 15, maybe 16. We’ve done together….

Adam: You were a child when we started. A mere babe. 

Beau: I was a mere child. Swaddled in 

Adam: A mere babe. 

Beau: All right. And Yes. And you two, you had just barely started shaving. Um, uh, so, so there’s some true and tried things people need to bear in mind. Uh, what’s your top one? 

Adam: Top one is if you don’t want remorse, go to the source. Mm-hmm. Which means don’t click on a link. Don’t open an attachment. Don’t fall for that banner ad that seems too good to be true. If you’re interested in products and services, yeah, you can look around, but go to the actual retailer and do not go to the place that offers you the very best deal that you’ve never, ever heard of. 

Beau: But here’s the thing about going to the source these days: The source–the trustable surface of the internet–is fraying. A simple search can send you into a labyrinth built by AI assisted threat actors, conjuring websites that look like where you’re going, but they’re a dead end with crooks hiding in the woods.

The threat looks correct, and then maybe immediately, maybe months later, your credit card is drained. There’s a decent chance you won’t make the connection because the info that got stolen from that fake site, it’s gonna have to get sold on the dark web before someone uses it. By the time that happens, maybe it’s March.

This year marks “What the Hack’s official transition from simple, “Don’t click the link” and “Watch out for sponsored links” advice to existentialist, fear, uncertainty and doubt. Fud. Uh, it’s true because the only thing that innovates faster than crime is, I have to be careful here, but stuff that used to be illegal and maybe still should be.

All right, I’m gonna leave it there. So anyway, keeping up with all of this stuff is exhausting, frankly. And and that’s why we need people like Travis. Travis, it’s so nice to have you back on “What the Hack” your show that you used to be a part of that you’re no longer a part of. 

Travis: That is a very long introduction, but yes, indeed.

Beau: Welcome back to What the Hack. 

Travis: Thanks. Good to be here. 

Beau: It’s great to have you back. I’ve missed you so much. 

Travis: Yeah, I am rather missable. 

Beau: Aw, you’re actually not, it would be very hard to miss you, but…

Travis: (laughs) like missing Shrek. Yeah, 

Beau: So, so I am just, I talked to Adam. I couldn’t get you guys both on at the same time, but it’s holiday season.

This is a special episode to talk about Cyber Monday, and we’re just gonna kind of go through and think about everything we know that can go wrong. You start. 

Travis: One thing I usually say is that if something sounds too good to be true, it is. Black Friday and Cyber Monday provide a major exception to that there are some deals out there that are completely legitimate, give you really deep discounts and that makes it harder to, uh, distinguish between that and a scam. 

Beau: Well, that’s the thing is like some of these deals, like I, I have some things that I use over and over again. Um. Uh, I will say what they are since that sounds weird. Uh, I, I subscribe to, um, a mushroom coffee brand and if you want me to say which one it is, you better call me up Mushroom Coffee Brands and tell me that you want me to talk about on the podcast. ’cause I will accept free coffee. Um, and it’s usually like 40 bucks. A bag, like a month. It’s no joke. 

Travis: Sure, yeah. It’s the lion’s man and the like. Yeah. 

Beau: It’s, yeah. But this one is kind of souped up, but yeah, it’s Lion’s mane and a bunch of others, and so I love it. It’s part of my morning ritual and it’s 20 bucks right now. 25 bucks. Yeah. And that’s crazy to me. And that would look like a scam if I, if, if it happened any other time of year, I’d be, that’s a scam.

Travis: Yeah. Uh, a hundred percent. But one of the main things is if you are buying the mushroom coffee from the same company and they contact you and say, we’re having a sale that’s more trustworthy than if you just happen to look up mushroom coffee and see an ad on Facebook saying that their mushroom coffee is half off.

And that’s really one of the main, um, lessons here, is that there are tons and tons of scams online for places saying, “Our store is closing, everything’s 80% off,” or “Here’s our crazy Black Friday deal”, and they’ll be advertising something, pretending to be one brand, and then you end up either getting nothing at all or something that is significantly, uh, lower quality.

Beau: Travis hits on something critical here. Advertising used to be part of a trust signal. At the most basic level, it said, “This company has money to advertise, therefore it’s real.” But today, this or that platform, they take money from anyone and it can be tiny little amounts, which has–it’s turned advertising into a cyber stickup.

How do you buy stuff online when you can’t be sure you’re where you think you are? And what about guaranteeing authenticity, but even more basic, like what about gift cards? AKA, the anonymous blank check? Time for a break from the scam riddled world of goods to the scam riddled world of currency substitutes.

Do you ever give gift cards to anyone yourself? 

Travis: Um, yeah. We usually give them to our, uh, kids’ teachers. 

Beau: Okay, now what’s the deal there? 

Travis: Well, with gift cards, um, there are safeguards in place, but they, I would recommend against ordering them online, it’s a bit easier to just buy them at the grocery store, make sure the, um, little, uh, protection thing of the UPC code is not scratched off and keep the receipt. And that is the, uh, built-in buyer protection. 

Beau: Is that really all there? So if it hasn’t been scratched off, you’re good. That’s it. 

Travis: Yeah. 

Beau: Online protection. Those are two words that ring pretty hollow these days. The fact that the most secure way to buy a gift card is to physically inspect it at a brick-and-mortar store, like the paradigmatic ritual of consumer distrust means: Time for Adam again. 

Adam: Well, gift cards, don’t go to someplace that offers you a discount gift card. Think of that as the, think of that as the equivalent of somebody offering to sell you a lottery ticket for a lottery they didn’t win. Okay, now they say, Hey listen, it’s, it’s only 50% of what you would’ve paid, but at least you have no stress. ’cause you already know the outcome and you’ve lost less money. 

Beau: It’s like a betting app, a sport betting app that’s not connected to any sporting events. 

Adam: Correct. It makes you feel good, but it yields no results. And the problem with a lot of these gift cards that are not real or fake or stolen, and you may never get them anyway, or by the time you get them, they’re drained dry is that you feel real good when you buy it and you feel real bad when you actually open it. So you need to be really careful on gift cards and also, you know, read what the rules are. Although under federal law, gift cards are now active a lot longer and safer. But again, they’re like cash. 

Beau: And the other thing about that also to be worth adding is there are some companies, Costco’s one of them, uh, and you know, we’re not getting any advertising dollars for this, it’s just true, um, that do offer discounts on gift cards, but they are, um, it’s a strategic thing. So here’s the thing. If you, if you see a discount on a gift card, again, if you don’t want remorse, go to the source. Look it up. Make sure that it’s legit. Make sure that it is kosher. Kosher for Christmas. 

Adam: Christmas. There you go. That’s our slogan. Kosher for Christmas. ’cause a lot of things are gonna sound great. But in addition to gift cards, the other thing that you really need to do is do your research and be very, very careful if you go on any social media site and buy anything through a social media site, because the odds are it may not be what you expect it to be.

Beau: So we’ve covered the fake deals, the clickbait, and the utterly depressing. Emphasis on duh depressing nature of the discounted fraudulent gift card. The biggest lesson of the holidays and Cyber Monday in particular isn’t just about avoiding the individual scam. It’s about understanding the environment you’re shopping in.

It’s the digital equivalent of a massive crowded market where the signs are all flashing. Everyone’s shouting, “Buy this!” and half the stalls are. Peopled manned peopled by people anyway. Ugh. Language. Who want to sell you real glass diamonds–real glass–diamond. The entire digital landscape, the search engine, the social feed, the marketplace.

It’s optimized for speed and revenue, and that’s great, but it creates gaps for threat actors. And because you listen to this podcast, you see those gap dwellers from a mile away. Is there anything else that comes to mind right now for Cyber Monday? 

Travis: Um, I’d say one of the biggest, uh, things to keep in mind is that, um, on a lot of social media platforms, um, and a lot of e-commerce sites, I’m not gonna mention the specific brands, but easier imagination.

They’re well known, very large part of their income. Comes from scam ads and uh, scam sellers. So don’t trust what you see on these sites if it’s from an independent seller, and unfortunately, don’t believe the reviews that you’re reading. 

Beau: That is probably the best tip that I have for anyone this holiday season, is if you’re looking for a product and you can’t find it, and now you’re on the hunt, right? Here’s what’s gonna happen is you’re gonna Google it and you’re gonna find that product immediately. And you’re gonna click on that link and you’re gonna get that product in front of you on a screen. That’s the closest you’re ever gonna get to it. And the reason is that those ads are sponsored and to this day…. Did I say Google? I meant search. But you, you’re here where I’m going here. Search sites do allow, uh, people to pay to get their link up top. And if their link says, you can buy a, your plush Travis doll at this site, and there’s no more plus Travis dolls available because it’s Travis style. Mm-hmm. Uh, you know. You might click on that link, and if you do, you’re almost certainly gonna get scammed. 

Travis: Yeah, a hundred percent. It’s, it goes into what, uh, Cory Doctorow referred to as, uh, if I can use this term, the enshitification of online platforms. They’ve gotten less trustworthy, they’re more overrun with threat actors and uh, just outright scams.

Beau: Yeah. I don’t know if you can use that or not, but it is, Cory Doctorow is a genius. The enshitiification, uh, I can’t bleep it ’cause it’s like a Doctorow term and it’s, it’s the only, it’s a de it’s, well, it’s a very decent term for the way platforms stay in maximization mode no matter the chaos it unleashes on users. 

The mode has a measurable, painful, real-world impact. It results in people being ripped off their holidays ruined, and the transmogrification of high-level corporate policy into the cheap, worthless pile of no one’s gonna jump up and scream. “You’re the best mom, dad, sister, brother, husband, wife, Grammy gramps. Uncle, whatever….” 

Travis, you don’t just read about this stuff, right? You’ve experienced it firsthand. And that’s brutal honesty. The brutal honesty this show requires. And by the way, if you’re listening and you’re like, oh, I have a brutal, honest story, brutally honest story, please get in touch. Love it. I want to hear them.

Travis: There was one way I got that really kind of, uh, piqued my interest in this topic. I had, I had a friend coming out to, uh, visit, uh, just on his birthday and I saw something on, um, uh, social media site. He likes Lego, he likes Star Wars. And this thing said, uh, you know. Discounts on all, uh, Lego Star Wars stuff. And so I clicked on the site. It was a Shopify website and sort of figured, okay, they had built in buyer protections. 

Beau: Wait, was it a, was it a sponsored link or was it a normal site? 

Travis: It was a sponsored link, so I saw it and thought this might be a scam, but I went to the website and they had pictures of the Millennium Falcon from Star Wars, the Lego set, and it was not cheap, but reasonably priced.

Beau: What is that, like $300?

Travis: Uh, no, a lot less like a hundred. Okay. And so it had all the pictures there and they had a Shopify guarantee and all that. Um, and so I ordered it and then a week later I got something called Lela Star Wart, 

(both laugh)

Travis: it is, uh, just, just imagine, uh, the, the. The cheapest, tiniest looking like it. It was sort of like a dinner plate made out of second rate Legos with a bunch of random, uh, characters who had nothing to do with the franchise in it. So I reported it and the thing had shipped from California. But to return it, you needed to ship it back personally to China. And so I reported this to the, um, to the online sales, uh, platform, and I reported it to the social media network.

Again, just struggling not to name names here. And in both cases it was something that, uh, they kind of said, let the buyer beware. This isn’t really our problem. And, uh, the e-commerce thing said, we looked into it. This is a legitimate service. Um, and so now to this day as a, uh. Ru full reminder of not falling for online ads, I have the Lela Star Wart Meridium Fallkohnay up on a shelf, so don’t do what I did.

Beau: Thank you, Travis. You know, the only way people learn things is by hearing stories with, from people who are willing to be honest and say what really happened. Thanks, Travis. 

Travis: Thanks. Take care and happy starter Monday. 

Beau: The holiday season, a perfect storm of distraction, consumer impulse, and hacker opportunity. Every day is Cyber Monday, though. Cyber Monday, uh, you know, has been marketed since at least Halloween.

Adam: Easter. 

Beau: It started, it started on Labor Day. Yeah. And, um, uh, why, why do we even. Observe Cyber Monday and, and Black Friday anymore. Are they, are they just, they, are they actually just fraud and scam events or are they real like they are though They’re still real, correct? 

Adam: No, they’re, they’re real. This is where a lot of retailers would figure, you know, they would make a bunch of their money during the holiday season, so that’s why it was called Black Friday because instead of having, uh, a red account, which meant you were losing money, this is where you would make money.

Oftentimes at least 25% of their annual income would come, uh, black Friday to Christmas. Yeah. And Cyber Monday is when people said, well, I don’t want to go to the stores and basically wait in lines and see my life pass in front of me, so I’ll just sit at my computer and do it. But frankly, every day has become Black Friday and Cyber Monday because the internet, every minute there’s some kind of sale or deal going on.

But no question. Crime rises significantly during any holiday season. And if you look at some of the most iconic breaches, like the Target breach, the Home Depot breach, I believe was also during a holiday season when the uh, Sony was attacked. It was during the holidays. And that’s because hackers and scammers are convinced, and rightly so that people are so otherwise engaged during the holidays, thinking about everything you could possibly think of, including vacations, deals, Christmas and the like, that they’re not paying attention. And this is when they get you., 

Beau: Well they’re not, and that, and, and we have a lot of CISOs and other security people listening to this show. And so remember, uh, the holiday season is here and for you, that just means high alert. High alert. 

Adam: There are other interesting scams that would, that would be involved with like Cyber Monday, like package delivery scams. Account issue scams. 

Beau: What’s an account issue scam? 

Adam: Account issue is we get a notification saying the transaction that you just conducted with either Amazon or or Shopify or one of the other.

Online, uh, shopping destinations. Uh, there was an issue with your credit card. Please log in, click this link. Log in to Amazon. Log into Shopify. Except it wasn’t Amazon. It wasn’t Shopify. Oh, there, yeah. It was a scammer. Mm-hmm. You also have, um, skimming, uh, not only card skimming, but. E skimming. Mm-hmm. Which is where malicious code will be placed on a legitimate website.

Adam: And when you put in your information for your credit card or your debit card, that information is also being transmitted to the scammers. And that’s one where the, the actual website would not be that aware that the problem was going on. They would end up being notified. By consumers that, Hey, I bought something at your site and all of a sudden I didn’t.

Adam: So what happened? Um, so these are some of the things, especially you figure that more and more people are online during the holiday season. They’re going to more and more our websites and scammers absolutely know that. So they try to get to the website before you do. And they know you’re waiting for packages.

Adam: They know that you are. 

Beau: They try to, they go to go to the website before you. Do they try to make the website before you go there? 

Adam: That’s correct. You click on a link, you go to the website. It looks now based on ai, incredibly realistic. You put in your login information, except it’s not the website and you have just given someone else a Merry Christmas and you become the guest.

Adam: And 

Beau: I don’t think those are the AI millionaires that Jeff Bezos is talking about, but alas, alas, there will be those kind of, there will be those kind of millionaires too. One other, do you have another, do anything else that we’ve left out, Adam? 

Adam: Well, obviously you need to make sure, especially ’cause you’re going in and out of accounts.

Adam: That, uh, that you have two factor authentication involved with your accounts, that it’s enabled, that you have long and strong passwords, 

Beau: and then you have a, a credit and you have transaction alerts for sure. 

Adam: Very important transaction alerts. And also you’re gonna be traveling during the holiday season, and it’s important to remember that when you tell everybody where you are.

Adam: You’re also telling everybody where you’re not 

Beau: and, and your information probably is, you know, uh, unless you’re really, really, uh, diligent, you’re, it’s not that hard to figure out where you live based, like, oh, correct. There’s, you know, here’s your home address. Cool. We’ll, everyone loves to show 

Adam: off. Look at the Christmas gift I got standing in front of their house with the 

Beau: house number.

Beau: Exactly. So. All right, we have one other thing we need to do here. Adam, you ready? 

Adam: I’m ready. 

Beau: Okay. It goes something like.

(They sing a very bad, out-of-sync rendition of the Carol of the Bells)

Marker

Clip: Merry Christmas, your filthy animal, and a happy new year.

Beau: And now it’s time for the Tinfoil Swan, our paranoid takeaway to keep you safe on and offline. My best tip for the holidays is to treat the entire digital world from your phone’s notifications to your home’s front door. Like it’s a giant elaborate scam. You are the target of a psychological operation designed to induce panic and impulse buying.

It’s called Christmas, Hanukkah, the holidays. Some of it is legit. A lot isn’t, but nothing is real. Not even that sense of panic. You’re feeling that you haven’t done a good job shopping for your loved ones. It’s not a job. Loving them. Is the job okay? Not a job. And here’s the real deal. A lot of the so-called deals you’re gonna see next week, they’re fake or they’re not such good deals.

If you read the small print and do a little math and your packages, they’re totally being watched. I don’t even, why are they being watched? They’re totally being watched by, you know, and I’m not just talking about porch pirates either. And there’s no time to watch football and you just gained 10 pounds and there’s peanut brittle everywhere.

Seriously, your goal is not to get the best price, but to survive the season with your data. Dignity. Dignity, yeah. And bank accounts intact. Assume compromise until proven otherwise. That’s my best advice and stay safe out there. Good luck. See you next week.

What the Hack is produced by Beau Friedlander? That’s me and Andrew Steven, who also edits the show. What the Hack is brought to you by DeleteMe. DeleteMe makes it quick and easy and safe to remove your personal data online, and was recently named the number one pick by New York Times Wirecutter for personal information removal.

You can learn more. About DeleteMe if you go to join delete me.com/wth, that’s join delete me.com/wth and if you sign up there on that landing page, you will get a 20% discount. I kid you not a 20% discount. So yes, color me phishing, but it’s worth it.