Unmute Presents Staying Safe During the Holidays

# Join Michael and Damashe on this episode of Unmute Presents as they delve into essential safety tips for the holiday shopping season. Featuring real-life stories and practical advice, this episode is a must-listen for anyone looking to stay secure while navigating the bustling world of online shopping.

Read transcript


00:04.810 –> 00:20.240
It is another fourth Thursday of the month and here on mute, I come on a regular basis with friend of the show and colleague Damasi. And Damasi. You’re joining us?

00:20.850 –> 00:46.522
I am joining you, yeah. Just want to share some tips with people. So I want to give a scenario for everybody, right? So we’re going to lead into this whole scenario because this is real life just happened to Tia, my partner. So we’re going to lead into this. So she gets a phone call. We’re going to start this off with a phone call. So the phone rings, she answers the phone.

00:46.656 –> 00:56.250
Hi, we’re calling from your credit card company. We need to verify a purchase on your account. Did you recently just buy two plane tickets to Puerto Rico?

00:56.410 –> 00:58.160
No, I did not.

00:59.090 –> 00:59.982
Well, okay.

01:00.036 –> 01:01.038
So it looks like there may be.

01:01.044 –> 01:01.966
Some fraud going on here.

01:01.988 –> 01:03.246
So what we’re going to need to.

01:03.268 –> 01:09.106
Do is get your card information to verify that you are in fact the correct person to own this account so.

01:09.128 –> 01:10.098
That we can get this taken care.

01:10.104 –> 01:11.906
Of and get this charge off your card.

01:12.088 –> 01:15.060
But didn’t you call from the card company?

01:16.310 –> 01:28.114
Yes, but in order for us to verify that you are in fact the person we should be talking to, we need for you to give us the card information so that we can verify you as the account holder.

01:28.242 –> 01:33.526
This doesn’t sound right to me. I’m going to hang up and call my card company directly.

01:33.638 –> 04:59.210
There you go. That is the correct answer there. Also acceptable in this case would be, so couldn’t I be the person who stole my card and still give me valid card information? So what we’re really here to talk about and this really did happen to Tia and also happened to her mother in a slightly different scenario with similar type of deal with a bank account that supposedly was hacked into. So they needed her information, is to just warn everybody we’re in the holiday shopping season. We’re kind of, I’m going to say sort of in the middle of it because I started getting sale emails like the end of October. So as we come up on the end of November here, we’re definitely right in the middle of the holiday shopping season. And there are a lot of scams out here. They’re always out here. You should always be aware but be particularly mindful during this time of year because people will take advantage of the fact that this is a hectic time of year for you. We all have probably purchased something at some point during this month on Amazon. That is not a normal purchase. I would say not a routine toilet paper, dog food, whatever type of purchase. And with the franticness of trying to make sure this gift arrives for this person at this time, you can be tricked. And it’s just simple social engineering is what’s happening. It is not going to say impossible, but less likely. People are going to obtain your information by hacking into an account. They’re going to try to socially engineer you, which is what that phone call was all about, basically trying to social engineer you into giving them the information they don’t have so they can buy the plane tickets to Puerto Rico. So just be mindful. I had a call actually today as we sit here and record this on the what is this? The 22 November I had a call from someone purporting to be from Amazon Business to encourage me to sign up for an Amazon business account. I have no idea where this actually was going to go. Maybe they were going to ask for my account information or send me to a page to log in to get the special free account, deal with some credit or something, I don’t know because I really didn’t pursue it because I was kind of in the middle of a workday. But here’s the thing. I have an Amazon business account, right? Amazon Business has never reached out directly to me for a business account or even about my business account. I call them up to ask information about the business account and that, I say, would be probably the number one thing to consider. Your bank is not going to they may call you. It’s not completely out of the realm of possibility that your bank would call you, but it should be a normal transaction. Your bank is never going to call and ask you for your card number. If they’re going to ask you for any information, it may be to verify the last four of a card number or the last four of an account number or something. And again, as Michael demonstrated, what you really want to do, even if you strongly believe that it’s probably your actual bank, maybe even the phone number matches up, hang up, call your bank back directly or call your card company back directly because if there’s a problem with your account, they can look up. Your account doesn’t have to be the same representative. You don’t have to call back. And you know, Joe can help you just as much as Mary can because they’re all going to be looking at your same account information if it is in fact your bank.

05:01.310 –> 05:13.440
So calling your bank and calling the companies directly is a good safety tip. What’s something else you can recommend to people who might be shopping on websites, for example, for the first time ever.

05:13.970 –> 07:06.740
So if you are shopping online at a website you’re not familiar with or somebody sent you a link to, and this happens. Mike sent me a link to a product a couple of years ago and I end up doing quite a bit of business. I bought a few watch bands from these people. It was all fine, like no big deal. But again, be mindful of the sites that you’re on. If it’s something you’ve not heard of. One, it takes no time to Google search or to web search the company to make sure that they’re actually a legitimate company or to make sure that there’s not. Maybe the top response or the top result in your search may be to that company’s website, but maybe the third or fourth result now may be somebody saying, hey, it’s a scam. Don’t believe everything that you see. Also some ways that you can also keep yourself a little bit safer. For example, my card company, my credit card company offers me the ability to use virtual credit card numbers. I will often the first time I’m shopping on a site that I’m not familiar with is give them a virtual card number. It does two things. Number one, if it turns out I made a mistake and put my card information onto the wrong website, well, I can turn that card off a whole lot easier than replacing my entire credit card. And the second thing that you may also want to consider is using Apple Pay or Google Pay, that does protect your card number or PayPal. PayPal is a I still have a PayPal account. I don’t run my business through PayPal, but I do purchase things using PayPal. Again, because I’m not familiar with your site. I don’t know how good your security may be for this form that’s embedded on your site for me to type in my card information. But PayPal, well, see, I got to go out and log in and come back. So that does offer a little bit more protection there as well.

07:07.270 –> 07:13.126
Not only that, but you can now use Apple Pay with PayPal, which is pretty cool. I really like that.

07:13.228 –> 08:50.166
That is super cool. I love that because then I only have to sign into PayPal. I just go to PayPal to complete the transaction and then come back. It does give me just another layer because you can’t route me to PayPal and legitimately well, you probably could, but it’s a little bit harder to legitimately try to spoof me on PayPal. This is another situation where password managers, whether it’s the one built into your operating system or a third party solution such as Onepassword or Bitwarden, comes in very handy when you’re logging into a site because if the domains don’t match, it’s not going to offer you to log in. So you could be@amazon.com with an in instead of an on the end of that. And your password manager is not going to offer to fill in your Amazon.com password because the domains don’t match. That’s another protection. Also, be wary of emails, especially if they look too good to be true or if they’re suspicious. Again, look at the company name. Even if it looks like it’s coming from all, most of us at least probably shop on Amazon. So you’re kind of familiar with the types of emails that Amazon sends you. It’s order updates it’s order confirmations. It’s your product has shipped emails. We have a problem with your payment method. Amazon and I’ve noticed this in a couple of instances. I can’t verify it happens every single time because I literally kind of look at the subject, and if I need to go do something about a thing, I go directly to Amazon and log in and then find the alert in my account, which is what you should be doing. But I believe in a lot of instances, they don’t say, click this link to go to your account. They say, Go log into your Amazon account.

08:50.268 –> 09:05.580
Yeah, I’ve seen that more often than not with Amazon, for sure. And a lot of times it can just be you being a little bit more wary of what’s going on around you to make a big difference.

09:05.950 –> 09:43.382
Yeah. And the other thing is people are going to pressure. There’s going to be pressure. There’s going to be pressure from legitimate companies, and there’s going to be pressure from illegitimate companies because, oh, this is a time sensitive sale. You can only get this 50% off for the next 30 minutes. Again, if you missed a 50% sale, that’s much better, missing a 50% off sale or a spectacular deal because you were being careful as opposed to being rushed and jumping into a situation and you don’t get the product that you bought, first of all. And second of all, did you basically drain your account so that 50% sale you thought you were getting turns into, how do I pay my bill next month?

09:43.436 –> 09:46.280
Yes, my light bill can’t get paid. They got all my money.

09:48.830 –> 11:07.700
So we just wanted to show up this time to say, just be mindful. Always be mindful. I’ll try to reiterate this as much as possible. Unfortunately, you have to. We as consumers and computer users and smartphone users have to take some responsibility for what we do because a malicious actor can only entice you to make a move. That’s the social engineering part of it. You have to actually make that move. And listen, we all make mistakes. I have made them. Other people with much more knowledge in the security space and making six figures a year as security researchers or whatever have made mistakes. It’s not to beat yourself up because you made a mistake or you didn’t think. It’s just to remind you that you really should take your time and do your due diligence, and especially during this time of year. I mean, listen, I’ve never got a call from Amazon business about anything. This is funny. It was kind of funny to me because I’m like, I don’t even know where you could go with this. But it was very strange. But I didn’t know until about 30 minutes ago that Tia got this call about the two plane tickets to Puerto Rico, which my response was, you was actually able to get two plane tickets to Puerto Rico on that particular credit card. Like, you have pulled an amazing feat of blowing past the.

11:10.070 –> 11:20.566
Oh, definitely, yeah. I was hearing half of the conversation when you got that conversation today, that call today, and you were trying to teach him how to do his job. Like, listen to me.

11:20.588 –> 12:03.234
Listen to what I’m saying, all right? Because, listen, I have a personal account. I have a business account. I don’t need to turn my personal thing. But here’s the thing. He’s not listening. He’s just trying to sell me something. Right? Again, I have no idea where the end of that could have wound up at. And for me and for Michael, sometimes I’ve heard his side of similar types of conversations. They are a little fun to kind of have fun with the people that are trying to trick you into doing something. I’ve already spotted you as a fake from the beginning of the conversation, and sometimes you’re in the mood to just, hey, we’ll string them, play with them for a little while, right? It’s not costing me anything.

12:03.432 –> 12:17.366
They want to play with me, I can play back, too. But be safe when you are involved in any communications, whether that be text messages, text message spam is coming back pretty bad.

12:17.468 –> 14:13.680
I’m glad you said something, because that’s one thing I really did mean to mention to people. There has been a rash here lately to the point that they’re putting up notices on the USPS website. And I think I’ve seen something related to Ups here in the United States as well. But the postal service for sure. I haven’t gotten any of these. But again, Tia has gotten a ton of these messages telling her that her package needs to be picked up, and she needs to click this link to verify the address of the package. Now, here’s the thing. I spend quite a bit of time on the USPS website. Unfortunately, that site that I went to looked very much like the USPS website. I believe, probably visually, to people, it looks exactly like the site. There are a few things that were missing that kind of jumped out to me, that elements that were not there that I’m used to seeing. But I spent unnecessarily amount of time on the USPS website, so there were a couple of things that I’m used to seeing that were not there. But generally speaking, it could have fooled a person that doesn’t like, I do this as a part of work, so I’m there because I’m tracking down packages. Most people probably rarely go to the website, so it definitely could have passed just inspection of browsing the site if you’re not as familiar with it as I am. But the one thing that did break up, the whole thing, and it’s one thing that I’ve always counseled people to do, and I will continue to counsel you to do. Look at the URL. The URL did not start with usps.com. Wherever I am, it was a bunch of gibberish USPS some other site. So, again, be careful of text messages too, because your phone number can leak in several different ways. It doesn’t matter who you think you gave it to, it’s about knowing who you gave it to. And none of us have control of what happens with your phone number once it’s in the possession of someone else.

14:14.930 –> 14:27.940
Yeah, that’s pretty clear there. I’ve starting to get imessage. Your package needs confirmation for pickup. And they’re not coming from a phone number, they’re coming from an email address. So that’s kind of interesting.

14:28.470 –> 14:29.220

14:29.750 –> 14:30.978
Three of those now.

14:31.144 –> 15:21.186
Yes. What are you people doing, man? I don’t see any of these. Listen, I don’t block, I’m not blocking any messages or anything. I don’t see any of this, but I’m also grouchy and curmudgeonly and I don’t give people anything. But yes, please be careful. Email is a vector. Text messages are a vector. Phone calls are a vector. Trick websites are a vector. Again, always start with the information. You know, somebody’s calling up or texting or emailing about a problem with your bank account or your credit card account or your Amazon or your PayPal or any of that. Give them a call and have a conversation with them. I’m trying to think, I believe it was Amazon that sent out an email here recently. You’ll see these from Amazon from time to time in, I think, because I.

15:21.208 –> 15:22.674
Got the email today too.

15:22.792 –> 16:02.080
Yeah. Telling you that there’s been a rise in email scam and they’re telling you, oh, your account is going to be closed or suspended if you don’t fix this payment problem. Yeah, those sorts of things. And the thing is, they’re trying to drive panic, right. This is a very bad time of year to have your Amazon account suspended. So your natural inclination will be, oh, I better click this link and go figure out what the problem is because I got stuff to order or I got things coming and all of this. Right? Again, slow down, take a deep breath, go directly to the source with the information that you know or that you can certainly verify before you start handing over any information or trying to type in a password or giving up any financial information.

16:03.910 –> 16:13.410
And with that, we want to wish everyone a happy and safe holiday season here at Unmute. Damasi, how can people get in contact.

16:13.480 –> 16:34.986
With you if you’re on that place called Macedon? You can find me at Damasi damashe at Unmute community. And you can always reach out to me on a business level if you’re looking for it, or technology consultant for your small business at Support@bedrockinnovations.com.

16:35.168 –> 16:39.078
Appreciate you for joining us, Damasi, everyone stay safe.

16:39.174 –> 16:50.590
No problem. Glad to join and always glad to share my experiences as well as advice. Thanks everyone for tuning in to Unmute. Have a safe and happy holiday season.

16:51.330 –> 16:54.970
And if you have any feedback, feel free to send it along. The feedback at unmute.