How I fell for a Phishing Scam!

Venks: Hey guys, welcome to episode number three of digital insights by BroadWeb digital. So the first thing right off the bat, we are no longer what’s happening in digital. We are called digital insights. Harshad and I have been speaking a lot about, what should be the focus of this series that we are doing. And initially we were thinking more about talking about what’s happening in digital. So more about the news that are relevant to the market, so to speak, but. A lot of it is also going to be about education as well. So they are not really what’s happening in digital as of now, but just your basic concepts that businesses need to be aware of.

So we thought long and hard about what should we call this show? And we just really, zeroed in on digital insight. so let us know what you think about the new name. I think it reflects more about the direction we want to take with the show. it’s not like we won’t talk about what’s happening in digital.

In fact, we have a couple of things, lined up to speak about at the end of this, but just wanted it to be a bit more broader. so yeah, with that out of the way, let’s get into it. Harshad did you wanna. Talk about anything in particular.

yeah,there have been a lot of,things happening, in fact, yesterday you shared, one interesting story with me.

I thought, let’s talk about it. Let’s make people aware and, save them from the scams that are happening nowadays. Right now, these scams can be offline or online scams. And you can start with something that, happened to you just before you were going to Bali

Venks: yeah, I think that’s quite an interesting one.

And. Honestly a bit embarrassed to experience it. given my 20 years of experience in technology and digital, I just thought I’m never gonna fall for any phishing scam. Right.But that’s what happened to me. the story goes, it was the day we recorded the last episode. I think it was a Friday.

I was meant to fly out on Saturday. And while we were recording, I received an SMS saying, you got an unpaid toll. your roads toll amount. And it claimed to be from Linkt which is a Melbourne toll provider. And I just glanced at it and I was in the call. So I thought I’d look at it after the call, after the call, I was in a bit of a rush.

So I just thought, you know what? I actually did take, a trip. And there’s an issue with my car in that, the tag doesn’t beep. So it sends me a notification anyway, that, because I have an account with Linkt it tells me the tag didn’t beep here’s the amount you need to pay. And then I just go and pay, I rarely use tools anyway.

but I did know that I have, I thought I would have a tool amount to pay. yeah, I just clicked on the link. looked like a very. Genuine Linkt page with, an amount due $5, 83 to be precise. So that 83 kind of also made me feel like, that sounds like a toll amount. It’s not like a $10 round figure.

Venks: And I put my credit card details in, and then it said, you will receive a message asking you to verify the credit card details. And then suddenly the alarm bell went off. I went back and looked at the link and it was a totally different domain altogether, but then I also expect these links to be a URL shortener.

Right?Yeah. So a lot of people use links like bit, and I normally I’m very cautious, but I, like I said, I was in a bit of a rush,I didn’t bother too much. And then I went to the root of that short link, and it took me back to that page with that same amount. So what these guys are doing is they’re sending everyone an amount of $5, 83 to pay.

And obviously that’s not the amount they’re gonna charge. They’re just gonna get your credit card details and then they’re going to have an unauthorized expenditure on your card. Imagine what I did. Yeah. I just kinda, yeah. Sorry to interrupt you,

but, Venks imagine that root URL, uh, being redirected to Linktthat would have been, that would’ve tricked you, maybe

that would’ve been another layer of, deception, so yeah.

You can never be sure a long story short, I canceled my card and we spoke about it and I felt if I can fall for it, Anyone can fall for it, not to say like I’m the savviest but I know the basic things to keep in mind. So yeah, that, that’s one thing I think we definitely need to be careful of. and actually I was wondering what this thing is called.

Cause you know, people tend to call it phishing but actually it’s called smishing cause it’s phishing by SMS. So that’s another terminology that people might want to be aware of. And, just what are the general things you need to look out for. Right. And this is not necessarily related to businesses, even on a personal level, you might get it, but as a business owner also, you might fall for some scams.

So, you know, we just thought, we’ll talk a bit about that as well. And the biggest lesson in this is go straight to the service provider and see if you have an unpaid toll or whatever , unpaid amount that you need to pay. something I didn’t do because I was in a rush, but lesson learned.

and there, once you log into the service provider, you will know whether that is true or not. And generally you will. if it sounds fishy, then it’s probably best to ignore it as well. Cause if you owe anyone any amount, they will ask you in different ways anyway. If you’re not sure, just pick up the phone and call in and ask them.

Venks: So yeah, that, that’s my interesting lesson learned. mm-hmm well,what other similar scams have you heard of Harshad

one scam that I, there are many scams, we are gonna talk about a few, in this episode. but the one scam that, I thought was pretty smart and I almost fell for it was the Facebook one.

Harshad: So what happened was, I got an email, which said that you had posted something on Facebook and it is questionable, or it, might be remove. just, click on this link to, see what’s happening. I don’t remember exactly what it said, but maybe to review it or something like that and that link.

So usually the first thing that we see is what’s the link. Okay. And what I do is I move my mouse over the link, and then I look at the bar at the bottom. Right.And I see what that link says. And it said, facebook.com. So I thought, oh, okay. So this is genuine and I clicked on it. It took me to a Facebook page.

Okay. Now,because I am a social media freak and I am into digital marketing, I saw it and it was a Facebook post. Okay. Now, a person who’s not, who doesn’t know much is gonna fall for it straight away, because that person thinks this is on Facebook. Yes, it is on Facebook, but it’s created by someone.

So someone created a Facebook page, which anyone can do. Right.And then they created a post on that page. so when you click on that link, all you see is that post. That says the same thing, which is that on your email. Okay. And then they have a link over there in that post . So the link on your email is I can say it’s a genuine Facebook link, but the link on the post is the phishing link.

Okay. So once you click from Facebook yes. So once you click that link, it’ll ask you to log into Facebook and that’s when the password goes to the hacker. So the important lesson to learn here is, no matter what link you click, it all depends on where you put in the important details. like your credit card details or your password, that URL you need to check, right?

So it has to be facebook.com or, paypal.com or whatever service you are using. Okay. It’s not the first link that you click because these guys are getting smarter. And, Obviously, if you are smart enough, you can avoid this by, just looking at the URL and just ensuring that it’s the same URL for the service that

you’re using.

Venks: I think you also need to look at the URL properly as well, because. The scam is sometimes by similar domains. So PayPal six.com or PayPal payment.com, which might not be owned by PayPal as well. So it literally has to be paypal.com.

For example, yeah, something before the.com something immediately before the.com or .co.uk

Venks: yeah. Yeah. I’ve seen, some links that are actually on a different domain slash paypal.com. So that paypal.com is actually the name of a directory after the URL as well. So you just glance at it and you say, yep. It’s paypal.com but it’s not definitely, yeah. Something to be,aware of. There’s also the ATO calls that a lot people.

get Yep. Um, yeah, that you have an unpaid tax debt, and then they’ll ask you to settle it right then and there on the phone asking you for your credit card details. One thing is ATO never calls. they always send a letter. So definitely don’t fall for that. if in doubt again, and go to the ATO website, get the number and call them, don’t call them back on the number they give you.

Cause that might not be the ATO number as well. so yeah, just something to be aware of. I

Harshad: like it when, these ATO calls I receive is, around the post lunch mark immediately after lunch, because that is when I am a bit,tired or feeling, sleepy and susceptible call and you.

Yeah. And then you are, no then I got, because I like these calls because I make fun of them. Okay. I actually talk to them. I have a conversation. I feel, I show that, I am actually falling for it. it Uh, because then, it gets my energy level back, before I end the call.

And when I feel okay,

Venks: it’s, that’s not bad because you kinda know what, what’s their way of operating as well. So it’s more like educating yourself by talking to them. What are the kind of questions they can ask as well? Correct.

Harshad: And that happened. I started talking to this guy and he thought I am falling for it.

And then. I had a meeting coming up and I said, Hey, look, I was just having fun with you. I know this is a scam call and blah, blah, blah. And this guy then told me that he is calling from Pakistan. Not that these calls are only from Pakistan. They can be from any other country as well. and, And I asked him, like, why are you doing this?

And he said that, okay, we make good money. Our target is $500 a day. They make a lot more than, you know, so he actually

Venks: he agreed to being a scammer. Yeah. yeah. And.

Harshad: And he asked me, what do you do, et cetera, etcetera. And,then I said, oh, look, , I have a meeting. and then, he said, okay, I’ll call you back.

And he did call me back. He called me in the evening. And he said, can you just, give me 50 bucks? Because today we did not make any money. We are four people, our target is $500 a day. if we reach that target, I said, what about the cops, etcetera? I said, no one knows we have hired a small room.

And we have all the software in place through which we route the calls and that’s how we work. And,they don’t feel bad about anything. They don’t care. That’s amazing. Yep.

Venks: Yep. Pretty but it shows you that. People are desperate and they’re doing out of desperation and they don’t have any other choice.

Yeah. To make easy money obviously is the wrong part. But. Yeah. And if he’s talking to you, it sounds like he’s trying to maybe see if there’s another thing he can do, to get money, like maybe not this but something else. So sadly enough, a lot of these calls originate from south Asia.

So Pakistan, India, and really tarnishes the image of the country as well, which is not good for people like you and me, who are originally from there, but. It is what it is, I guess.I think that goes from Nigeria as well. there are a lot of valid businesses in Nigeria that I really feel sorry for.

Like they can’t actually, they can’t work outside the country. Cause if they try to deal with another business outside Nigeria, it’s very hard to be trusted. Yeah. Amazing.

so

Harshad: what do you do when you get such calls? number one thing is that ATO never calls you, number two, they will ask you to pay via, gift cards or iTunes cards or something. the good thing is that nowadays, when you go to Woolworths Coles or any such stores, they do warn you about buying multiple cards and, giving it to them.

Now, these cameras, they will warn you. They will tell you do not. Not tell anyone, do not share this with anyone. Otherwise you’ll be going to jail. it’s all, crap don’t fall for that. Don’t buy any gift cards, nothing. I think, with my knowledge, the only way ATO com communicates with you is via letters.

If I might be wrong, but I think till date I’ve only got letters. I’ve got no phone calls from, ATO not even emails.

Venks: And even if that changes, even if they start calling, you can always be cautious and say, I’ll call you back and then call on their official number. And they can’t deny that. Yeah. yeah.

Harshad: And get that number from their official website, not the number they give again.

You already mentioned that, but yeah.

Venks: Yeah. The good thing is with gift cards, actually, I experienced it myself, not the scam, but I was generally buying a gift card. Yeah. And my bank actually declined that request or actually they approved it, but they called me right away. Yep. Saying, was it you? And I said, yeah, it was me.

so banks are doing the right thing as well, trying to put an end to people getting ripped off basically. Yeah. And talking

Harshad: about gift cards, there’s one, where you get an email from,your boss, because what they do is they look at your LinkedIn profile and then they see who are you reporting to, and then they will create a fake email.

So let’s say, I am,reporting to Venkatesh or Venks right now, they create. Fake email address, maybe [email protected]. If that’s available or something like that. They’ll send me an email saying that, Hey, Harshad I am busy with a client in a meeting and I need to really send a gift or something. So can you just buy $500 worth of gift cards, scratch,the main part at the back, where all the numbers are and take a picture of that and send it to me.

Now a lot of people feel, oh, it’s the boss sending, the email and he is already in a meeting. And it actually happened like where I was working. it, the email was sent to a girl and that girl went to the bosses, cabin and, he was on a call and she waved. and he also waved back and she thought, yes, it was a genuine email, but it was just a wave someone waves at you, you wave back and she thought, oh yes, he did say yes to the email.

She thought that way. And she bought those gift cards, but then, somewhere, someone, told her , it was stopped. But, yes, that is also another scam that happens a lot.

Venks: That’s amazing. That’s amazing it doesn’t have to be gift cards because it’s gift cards, sound dodgy in a corporate environment.

So it might just be, Hey, I need to make a payment to this supplier. Here are the bank details. Can you quickly make it right? Yeah. So look, the accounts team and the accounts team will make that transfer and money’s gone, it’s not gonna come back as well. Cool. I think we’ve just scratched the surface and this kind of really came out of.

An experience. So we haven’t planned for this, but I’m glad we covered this because it is related to online and the kind of things that can go on online as well for individuals and businesses. Yep. Yeah. So I guess to summarize, what are the things to look for, look for the domain name, make sure it is the same domain.

even if it’s a valid business, but it’s not on SSL, don’t put your credit card details in, cause it could lead to man in the middle attacks and your credit cards details could get stolen as well. ignore calls that are actually asking for payment or any kind of information out of you. I also heard there are times where all they want you to do is say the word YES.

Venks: Right.So you might say, Hey, they might know your name and is it this one speaking? And if you’re not sure about who’s calling, don’t say yes, because that yes can be recorded as a consent to a service, which you can be signed up for without your consent. And. That would be used as, oh, you did say yes, you called up, you signed up for the service.

So that’s really hard to avoid as well. And I’ve told my wife as well, anytime she gets a call and she remembers it more than I do to not say that, but probably just say mm-hmm or it’s hard. What do you say if someone says, is this one speaking? Yeah. Yeah. Or you can just say, who’s calling and try to get more, ask a common question.

yeah. Yeah. How can I help or something like that anyway. So I think we wanted to cover a couple of things, but I think we are running out of time as well. Or do you think we should just quickly touch upon

Harshad: that? Yeah. Another one, the most important one I wanted to, share is the, Telstra one, if, yeah, you’ll get this call from ISP and they’ll say, is your internet working slow?

Blah, blah, blah. so they’ll ask you to, install a software on your computer. And using that software, what they basically do is they get access to your computer and then they’ll steal all the credentials, your bank accounts or whatever that you have saved on the computer. So never install any software.

and don’t talk to these guys, because these are scams and,they’ll ruin your life. So steal away from these ISP calls, internet service provider

Venks: as well I got a. Last week, Someone because they say Telstra because it’s the largest ISP in Australia. So four or five out of 10 times they will be right.

And people tend to have issues with their internet. So they be like, oh, you can fix my internet. Yes. I’ll install whatever you want me to install. But yeah. It’s not gonna fix anything for you. It’ll probably only break your bank. Right.right. So something to be aware of, That actually reminds me of another similar, not similar, but another scam that happens online is this overpayment scam right?

Yeah. And this is more applicable for agencies where you’ll have. Client who will come and say, Hey, I want you to design a website for me. how much is it? whatever you claim to say 3000, they’ll say, that’s fine. I can pay for that. No problem. They’ll ask you for your bank details or actually ask to pay by credit card and then they’ll pay with the credit card.

A bigger amount, right? So you say $3,500 and they’ll say I accidentally paid a bigger amount. Can you refund the balance back to this bank account? And you do that, right? You’ve been paid. You’re happy you transfer the balance back to their account. And before, you know,it, that amount that was paid. Using credit card is going to be is gonna be taken back because it was paid using a stolen credit card.

So in the process, the scammer has actually got $500 net out of you. Very easy to fall for, because everything seems right. They’re paying you more. They’re paying promptly. They’ll try to avoid getting on a phone with you. They’ll say I’m busy or I don’t have good connection. just send me a message by email.

So these are all alarm bells you need to look out for. So we’ve covered quite a few there they’re always getting more and more smarter. So I’m sure like a year later there’ll be other similar scams that have not been uncovered yet, but yeah, something to be always be careful of cool. So if there’s nothing else, we wanted to touch upon a couple of other news articles, but I think we’re running out of time.

So let’s probably do them separately. What do you think? yeah,

Harshad: yeah. We can do that. but quickly we can just touch upon, a lot of the AI stuff that is happening nowadays. people ask me quite often, because there’s so much, AI content written and that’s ranking as well.

So we might, talk about that in the next episode. should you use these AI content writers and, if yes, how, or… there is no, yes or no answer to this, but we’ll discuss that in the next episode maybe.

Venks: Yeah. and I think that’ll be a good topic for discussion because, I have seen the output of some of this as well, and I feel sometimes they are better than.

Actual humans as well, humans, right? Yeah. Yeah. So I feel two ways about it, So Leah definitely let’s cover that in our next call. Sounds good. So if there’s nothing else, let’s wrap it up here and yeah, I think it was a good few points we covered. So we’ll see the next episode.

Harshad: Yeah, thanks guys.

Everyone listening or watching us on YouTube, do let us know how you feel and and subscribe to our channel. Thanks a lot. Yeah.

Venks: Cool. Thank you. Bye