Caught in the Web: Tales of Cyber Scams & Close Calls

[Music] [Music] hello everyone I'm Jason Bitner from triple helix Corporation and welcome back to our Helix and cider podcast I'm really excited today because in Studio we have almost the entire Dev team on the podcast today uh we've got a special topic lined up and we wanted to talk to you about cyber scams and the impact on both you guys as an individual and your organizations I'm sure we've all had our share of cyber scams and things that we've encountered and the team here wanted to share some of the more interesting stories of some of the scams they've run into uh because of the work we do we're basically very much inside of cyers space we see a lot and and we've actually seen a lot of interesting scams so I'd love for our team to share with you and uh let's get started uh Andy let's start with you and uh what kind of a scam you've ran into well I mean um I've had some pretty interesting ones in uh in my life here um most recently I guess um and I guess this was kind of um on your

side actually Jason is um there was somebody somehow got my email and sent a message to your inbox saying hello this is this is Andy and I'd like to uh update my uh my direct deposit my direct deposit information um email me back with you know login credentials and stuff like that and or or um anyway it it's just kind of funny because it's like and then and then immediately you send me a message like hey Andy I'm pretty sure this is not you but the financial ones are interesting too uh I one of one of my uh my stories um is also kind of like Finance related um I actually recently one of my neighbors called me and she was just uh unfortunately disabled after working for the for the postal service for many many years um was disabled and and has been looking for work from homework um and she's very new to kind of like finding remote jobs so she didn't really know what to look for she knows I've worked remotely for a while so she was kind of asking me she found this listing on indeed sent

it an application I guess it was posted on indeed like it was a just a regular job um but she came over to ask me because I guess there were a few red flags about what I thought if it was legitimate and so I'm looking over this um I guess they had mailed her a a formal offer letter and I'm looking it over and there's a lot of discrepancies it's just kind of like worded very odd um things are misspelled the company I couldn't find on LinkedIn or or any history of this company really at all and um she she was going on to tell me I mean I guess they asked to interview her over WhatsApp they did this interview over text message with her um they had told her the interesting thing is I guess they said they would send her a check so she could go and get um like a laptop and material she would need to do the job and she was going to do it I mean she's she's older she didn't really understand I guess a lot of scams that go on so they sent her this big check she was going to go cash it she was supposed

to get this laptop with the money and then take the laptop and send it to a location that they sent to her um that they would put all the application she needed to do this job onto the computer and um assumingly you know I I was reading through this and I fortunately like I couldn't find any history of the company I reached out to the company was actually real but the company like the representative in the letter was not so I found the company that this this letter was trying to mimic or who they were trying to represent and I reached out to them for her and I was like look this job is posted on indeed for this company and you know they're they're using your name and they sure enough they wrote back and said no there's no position with our company we don't know what this is um but my guess and like from the research I did is they would have you know Not only would she have had to send the computer back but she they probably would have also tried to cancel the check and then because they

she's already spent that money on the computer it would have taken it from her checking account so they would have been you know they would have made double the money off of her and that's the first time I've ever heard of like people scamming through remote job opportunities but I mean Financial scams are all over the place now and I think stuff like that is becoming more prevalent that's really true in fact I I know that particular scam and the derivative of that scam is um so-called scammer sends you a check for a certain amount of money and um this happens with like paying for services and things like that too so what they do is they send you more money uh than you asked for and so you know let's say it was $3,000 but the whatever you were providing as a service was $500 so then they say okay well send us that money back that's in excess so you go to your bank cash the check money's in your account you take the 500 that is extra and you wire that to them and then all of a sudden the

bank in a day or two later finds out oh all of this was fraudulent so they take all the money back but you've already sent $500 to the scammer so it's a very common scam so with me um you know coming from Brazil we come across a lot of the Nigerian scams and uh one of the most common ones is you get an email saying that there's a prince or business person who needs to uh transfer a large sum of money and you know it's outside of the country promising you like a substantial cut of the money and a lot of people fall for it so it's a real doozy I had somebody I think it was a couple of weeks ago um and I had mentioned to my husband this I used to do like dog sitting for family and and people in our community and I had had somebody on venmo send me like $300 randomly out of the blue a couple months back and it had like a dog Emoji in it so I'm like maybe this was like an old pet sitting gig that like I forgot about but I pet sitted years ago so I'm like this is kind of odd like I don't know

why somebody would just send me $300 out of the blue like that and I'm like looking I can't find any of like her friends or anybody on venmo that this person has done business with and I guess it's it's a similar principle to to kind of what I talked about before is you know they'll send you this money and then they hope that you move it into your bank account and they can open up a claim against it so you end up sending them back that money plus in excess you know another $300 because it's essentially being taken out of your checking account once they claim that you know they they want the money back and and and you claim it was a scam and so yeah I feel like this kind of stuff is it's all over the place it does happen a lot um both for people per personally and professionally I I always I always go straight to the source if I get a weird check out of the blue like just today I got a check saying like you overpaid for such and such and such so we're sending you a refund so I'm like H

I'm going to call um you know whatever the business was and i' call them directly to figure out is this really you guys that's sending me you know $50 and usually if it's something like small like that you wouldn't you would just think oh I'll just cash it and see what happens but you know like you're saying they could just take it back the scary thing is no matter how legitimate it looks it can still be a scam because the problem is like you can if one person in your Professional Network or one business in your Professional Network gets compromised and say their email is compromised they can send you what looks like really legitimate business transactions of you know paying an invoice or what have you and then when they get your you know payment information they can use that fraudulently against you and and you might not even think to check because it's like okay I do business with you know this contractor or this other company and this looks legitimate it matches their you know email

format it matches their invoice format whatever it is or like they're requesting payment for something that you actually spoke about but it turns out that their email network was compromised I know that that happened to a fairly prominent I think it was a fairly prominent YouTube channel actually where they got scammed out of like I think it was five figures the more information they have about you the more they can tailor the scam to you like uh you know to and make it more convincing and so you you really just always have to be on on guard I I had um I had a really interesting one happened one time not that long ago where I was expecting a package from Amazon like at that day at about that time like on my Amazon app I looked and it says you know we're going to deliver this at 2:00 and then at like 1:45 I get this this text message that says there was a problem delivering your Amazon package click here to uh you know to to resolve the issue and uh or go pick it up at the post office or

they they gave me a link basically and um you know don't ever don't ever click that link you never know nowadays in in Brazil here in us too but if what they try to compromise is your phone number and typically they do it just by you know calling the phone company and like if they have your date of birth and stuff like that they you know take over the the phone number once they have that they have everything because you know most most stuff nowadays has the two Factor authentication with the cell phone and so if they're able to like either clone or you know take over your cell phone you're done like they can do a huge amount of damage to you so yeah like we've seen that here like at triple helix as well because we regularly I think all of us regularly get emails from usually it's random Gmail accounts claiming to be Jason saying that he has you know a special project that he needs us to work on and he just needs our cell number so that he can call us they're never very good at it it's

always very obvious but that not always GNA be the case well thankfully thankfully they're they are poor spellers you know they they can spell so uh that that's a big red FL yeah and it's it's usually obvious when it's you know coming from you know XX supernaturalfan XX gmail.com or something else like that it's obviously not Jason's email address but if they were just a little bit smarter that would be very dangerous and you kind of can't assume that they're all going to be dumb and even just you know not even just them being a little bit smarter like I remember like my grandmother she she's passed away now but she is not somebody that was computer savvy and like people you know in in that older demographic too may not understand that like those kind of emails coming in are scammy or you know the address is fake and I remember there was one time like she had something happen like that where you know she got a suspicious link it was something I believe with USPS couldn't deliver similar

to what Andy was saying you know please confirm your address and your phone number and it came from you know an an address that was obviously very much a scam but she didn't know any better I mean she didn't you know have all of that stuff growing up and she was very new to it and she put her information in and she ended up having nib on the phone with her bank and get money back I mean they they ended up getting her banking information it was a really big scary thing so I mean it is it's it's definitely you know us as a company I feel like um you know us educating the public on it is so important because these things are so prevalent and some people really honestly aren't even aware of them I um a little while ago I was researching it for just you know I I forget why I was doing research on different employment scams actually but there are people and groups who will hire people to impersonate in this case it was a web developer like us but I assume that this happens in other places too

now that remote work is more prevalent but they would hire somebody to basically be the frontman for a group of foreign developers and they would impersonate a completely different person who had a good resume and you know was visible on LinkedIn and everything and they would just hire these people to interview for the position as if they were whoever they were reporting to be and then that work would actually go to this group or company or what have you to do as if they were just that one single you know developer and it's and that was not something I had ever heard of before I had no idea that was a thing but given the prevalence of Zoom interviews and frankly I know in our line of work a lot of us don't usually conduct business calls with cameras on because that's not usually how we do things but like if if you don't do the interview with a camera on you could you could fall into that trap yeah this is all good feedback I'm I'm actually thinking of some things that Sam you said earlier

about how um the organizations send emails and they they spoof uh legitimate organizations and you know I saw this incredibly detailed Bank of America website Recreation and you I fool foolish on me for actually even clicking on the link but I mean it looked very legitimate and so when you go to the website it's it's Bank of America and but you look at the URL it's not Bank of America and the scam is one where they get people to log in and then oops you your credentials don't work they have to be reset but at the second that you've logged in you've actually provided the scammers your credentials and then they're Off to the Races with your account information I was going to say the worst part of that is sometimes you don't even have to be the one compromised this is why it's useful to have complex unique passwords because you know imagine that you've got you know passwords get leaked in hashed form all the time you can go on have iben pwned.com and see all of these you know leaks of all

these different passwords from all these different companies but if someone with the same common password as you Falls for that scam they can search those hashed passwords to look for other people with the same one so if they're compromis if someone else with the same password is compromised your password is compromised too which is also scary yeah we've gotten a lot of emails at triple helix for uh P email resets so like the typical one we use Rackspace for our email and the typical one is we get an email that says your mailbox has been frozen and all your email will be deleted if you don't you know unfreeze yourself within 24 hours and obviously a complete and total scam and we get a lot of our clients who send us the email say hey is this is this real and we're like of course it's not and the real takeaway from this to tell is that when you get that email and you look at wherever they want you to click it usually has a URL that looks like a Rackspace or a legitimate company but you

put your mouse over it don't click it you just put your mouse over hover over it and the tool tip will come up and it will be a completely different uh place and that's like the dead giveaway it's not real and honestly like email organizations like Rackspace or us or anyone for that matter would never send an email to you saying hey your email's been frozen click here to unfreeze it that's just a dead giveaway that it's a scam yeah and if you can't see the tool tip you can usually rightclick or command click on it and hit copy link location rather than just copy and you can paste That Into You know a text editor or whatever other convenient like Word document you might have and then you can actually see what it is from there and and also if you have any kind of an email that is trying that just seems like it's trying to invoke a fear response right away that that's that should be a red flag right off the bat like if they say all your email is going to be deleted in 20 minutes if you don't

you know like they're trying to get you they're trying to get you to have an automatic response is what they're trying to do and just click the link and be like oh my gosh I don't want to do that but um so whenever you're on the internet always have that check in your mind just like if I if this makes me really afraid then maybe it's a scam then you know check it out carefully okay well I think we're getting close to the end of our time here so before we sign off I just wanted to go one more round through the team here and uh ask for any final thoughts um Lauren let's start with you final thoughts yeah I think the final thoughts here really are you know scams especially with some of the new and emerging Technologies we have ai now that can almost you know shockingly mimic some speech um and natural tones of of people and just make cop more conversational you really just have to have a heightened sense of awareness for scams and as a technology you know being in the technology space ourselves

we really have an obligation to our clients and to the community to just continue to educate about things like this and to put this information out there so that you know people can understand that these scams are increasing in popularity and they're also increasing in just how how crazy it is to identify them I mean people and and scammers are getting very intuitive in their processes so just be hyped be hyper aware um don't be you know paranoid but be hyper Vigilant when it comes to this kind of stuff and just really you know if you're unsure about something take the extra minute to research it and really look at it from all angles before you you do anything that really could compromise your security and your personal information great great thoughts Lauren Pedro final thoughts uh I guess my the one thing I would say is buy a paper shredder and then you know all the sensitive information that you possibly have in your house just shred that because people nowadays will go to extraordinary

lengths to uh get the most basic information like dates of birth and you know all these other stuff that they can really use to cause some harm so I had a little debate with my wife the other day about that and thankfully I won that one so great great feedback Pedro Sam final thoughts I would say my final thoughts are that number one NE never use real real answers to security questions you've posted the name of your dog you've posted your birthday you've posted the town you grew up in that's on social media you know it is don't don't use those for the security questions um and yeah and nothing substitutes for reaching out to another actual human being if you're really concerned about a scam excellent excellent and Andy final thoughts I would say just be really cautious about giving out information any where so you don't give them ammo to use against you so like somebody calls you up and says hey this is so and so with uh you know or better yet they don't even identify themselves and they

just say hey you drive a blank blank blank blank and they name some fake car and then you'll your first response might be oh I driver don't give them don't give them that information instead be be suspicious and be like who's this or if you get a number from a call that you don't recognize a thing that I do sometimes is I just pick up the phone I don't say anything and then if it's a robot they'll hang up if it's a scammer they'll start asking hello and I'll say hello and ask who it is and you know just if you don't know who you're talking to don't tell them anything not even your name you know just don't give away information that you don't have to okay well I think that's all the time we have today I just want to thank all of my guests in studio today well the entire Dev team which was wonderful to have you here um this has been uh the Helix Insider podcast if you like this content please uh share like And subscribe on the channel below and uh till next time thanks everybody bye [Music]

bye