We *ALMOST* Got Scammed! Here's the story..

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
well as much as i hate to admit it this week crosstalk solutions came this close to getting scammed out of multiple thousands of dollars and this is the type of thing that can happen to anyone i mean we are well versed in phishing scams and network security and yet it still almost happened to us so grab some popcorn and sit back and relax as we go through the story of how crosstalk almost got scammed welcome to crosstalk solutions my name's chris and if this is your first time here welcome and make sure you hit like and subscribe for more videos just like this we try to put out two to three tech videos per week also follow at crosstalk sol on twitter for the latest updates including any updates to this scam saga that we're about to talk about alright so the reason i'm doing this video is is because it's interesting content we did almost get scammed but i really want to point out that this can happen to anyone i mean case in point just last month jim browning a guy who has a youtube channel with over 3 million subscribers that focuses on calling out scammers had someone scam him into deleting his youtube channel right so that's a really interesting video i certainly suggest that you give it a watch but literally this type of thing can happen to anyone now i've been listening to this podcast lately i highly recommend it it's called the world's greatest con and it is hosted by brian brushwood of modern rogue fame and he says in that podcast cons don't fool us because we're stupid they fool us because we're human and he is absolutely right if you almost get scammed you're a victim right you're a victim of the scammer you're a victim of a con artist and it's not that you're unintelligent it just can happen to absolutely anyone so how did it happen to us let's take a look 23 days ago so this was a long con if you will 23 days ago we received this email entitled enquiry from mike n and i've redacted as much information as i possibly can here because i don't want to bring people into this i just want to show you guys what happened so we got this email from mike n and he came from clemsonedu.school and if we scroll down we can see that mike's signature says director of procurement at clemson university clemson south carolina clemson of course is a big major university here in the united states and right now is the time that schools are buying equipment especially voice over ip phone equipment because they like to transition their pbx over the summer time we have i think like three or four school phone system installs going right now so it's not odd that a university would be contacting us to purchase some voice over ip equipment uh what they're purchasing from us though or what they asked about was a whole bunch of seemingly random items that we don't provide as crosstalk solutions so that should be clue number one is that the people contacting us really don't know what we do here at crosstalk and the interesting thing about these cons or this scam is that it's a whole bunch of little things that you need to look for and all of the little things added up and when looked back on in hindsight are totally obvious that this is a scam but in the middle of it we're not looking for this type of stuff so what are these things the first thing that we see here is a domain of clemsonedu.school and that's a weird domain but again we didn't think much of it right off the bat the actual clemson domain is clemson.edu this one is clemsonedu.school so that should have immediately triggered some red flags but not specifically looking at the email domain of every email that comes in we get literally dozens of emails every day of people asking questions and sending us stuff like this there's also a south carolina phone number attached to the inquiry now as i said we get a whole bunch of emails like this that are asking us hey can you provide these you know this list of things and i've never really thought of these as scams right off the bat it doesn't strike me as a type of thing that's a scam it more or less strikes me as someone who's seeing if we can supply them with equipment that maybe they don't really understand exactly what we do so by and large what we do here is exactly what our guy andy did and he said hey thanks for reaching out we don't resell ubiquity equipment we also don't sell anything else on your list goodbye see you later another red flag too before we move on is that immediately this guy wants to set up net 30 terms which again for a school or any sort of government entity that's not odd right every school that we've done this summer has paid with net 30 terms meaning that we send them all the equipment and then we send them an invoice and within 30 days they pay us the invoice but we're going out of pocket on the equipment that we're sending out to these customers so by itself so far this is nothing too odd we've got a school that's contacting us that wants to get some equipment this is the time of year that they would be doing that and we have a school that is wanting to set up net 30 terms so not a big deal so far so we told him no we don't sell any of that equipment we're sorry and the guy writes back and he says hey can you check on this then the yaylink cam 50. now one thing that we should talk about is one of the red flags here is some broken english so we would like to set up a net 30 account with your company kindly enclose back with your net 30 term credit application right so it's not exactly perfect english i don't normally hold broken english against anyone and here's why if someone has broken english it usually means that english is their second language right now me i only speak one language right so someone who's trying to learn english as their second language already has one up on me so who am i to you know make fun of their broken english when they're doing something that i'm not doing right they're learning a second language so i never hold broken english against anyone but in this case one of the red flags is the fact that this is a mic and then the last name is like eastern european maybe polish last name from south carolina so mike polish last name from south carolina that has broken english well that's maybe when you start putting two and two together there it might seem odd but again we did not catch this right off the bat in hindsight it certainly seems odd so mike comes back to us and he says hey can you check on this item and it's a cam50 it's the little camera in fact there's one right here it's the little camera that goes on top of a yaylink t58 series phone and so we said yes absolutely here's the price and send us this information we'll get you a quote this is all totally standard so far now that was 23 days ago now of course andy being a good sales guy you know reaches back out after we haven't heard from them for a while and he says hey eight days ago now i wanted to reach out and see if you're still interested in getting a quote so the guy writes back and he says how is your day going and family yes please right so when he said this and we i saw it i had not been involved up to this point but i saw this response and i was kind of like that's a odd response but you know okay again i don't hold broken english against people maybe it's just the way that this guy speaks so he says yes he wants a quote so then andy writes back and he says hey i still need that billing information in order to get you a quote and then the guy sends us this billing address is clemson university and i'm sure i mean i haven't looked this up but i'm sure this is probably clemson's actual physical address and then the shipping address is on a po which he actually did not send us a purchase order so andy says hey uh what are you looking for exactly just one of these cam 50s and also we didn't get a purchase order from you so i can't reference the shipping so then he comes back and he says thanks for a reply can you send the quote and an image of the item so andy without getting the billing information just said all right well i've got your email address i'm going to send you an estimate to that email address he did that he also gave this guy a link to a picture of the cam 50. the guy then comes back and he says thanks for your reply please add these extra items to the quote and again he's not giving us quantities he's just saying here add these items to the quote we're guessing that he just wants to see pricing so andy diligently updates that invoice re-sends it to the guy and now this guy comes back and he says hello andy this is now two days ago so this is monday we really appreciate the time and effort made on this and here is the above new purchase order form number blah blah blah with the pdf attached and we'll be glad if you can get back to us with the final invoice as well as the shipping and handling charges via email for file records as well with the order confirmation and the eta shipping schedule details from the warehouse as soon as possible again kind of broken english but we get what he's trying to say so not a big deal and he sends us this purchase order as part of this email though we get this disclaimer down at the bottom and honestly again this is one of those things that looking back in hindsight this is weird but how many of you guys when you get an email actually read the disclaimer that people put at the bottom of the email i know i very rarely read that because it's usually something like you know this email is intended for such and such person and any other use of it is unauthorized blah blah blah legal legal legal whatever talk right so we usually don't read disclaimers and this disclaimer is kind of odd though it says please be advised that all invoices and pro forma and original invoices should be sent via email to the office of the purchasing administrator for a file record purposes also shipping these products to the same sayerville new jersey warehouses warehouse facilities management so what that's kind of a weird disclaimer let's take a look at this purchase order so here's the purchase order now this is not going to come across on video very well but the logo on the purchase order is very low quality right so that's sort of one of the first clues that this was weird now the second weird thing is that the bill two is clemson university at such and such calhoun drive clemson south carolina but the shipping address is an address in sayerville new jersey attention to roy white and what he's asking for you know we had sent him the quote with the per unit pricing on these uh phones and devices he wants 104 phones and 18 of those cameras for a total of almost ten thousand dollars worth of equipment now we love selling equipment right i will take ten thousand dollars uh ten thousand dollar equipment orders all day long right that's what we do here at crosstalk solutions it's it's one of the things that we do you know someone submits an order for hardware we fulfill that order get it sent out to them that's basically like one of the best ways to make money because it's very low effort and we make decent income on this resale of the uh of this type of hardware so when we see a 10 000 purchase order come through from clemson university we're like heck yeah we'll take that all day long now the other weird thing on this purchase order is there's another weird disclaimer it says note all invoice should be sent via email for record purpose okay so again broken english and also making sure that we're driving everything through to this guy's email address now we don't just blindly send out equipment when someone sends us a purchase order there's a process to it right we send them a net 30 application they fill out the application which has you know their information banking information trade references etc they fill that out and send it back to us and then we go over that information and approve or deny that net 30 application so of course that's what andy did next we very much appreciate the opportunity to work with you below i have attached our net 30 terms if you could please fill these out i will get you the invoice and we can get this order so we sent them the net 30 application that was monday at 12 46 p.m and now less than two hours later he sent us back the net 30 application filled out and a whole bunch of other supporting documentation so look at all this stuff he sent us so here's our net 30 application we'll take a look at that in just one second then he sent us a w-9 for clemson university he sent us their tax exemption certificate since they're a school they would be tax exempt and he sent them a whole sheet of various credit references all of these looked completely legitimate okay the only thing that's a little bit weird is on the net 30 app there's a couple of contacts here so we have accounts payable at clemsonedu.school and then we have purchasing at clemsonedu.school now look at the phone number which is a south carolina did but we have extension 12 and extension 14. so again these are the things that when you look back in hindsight you're like man i should have spotted that that was super fishy but we're not staring and scrutinizing staring at and scrutinizing their phone numbers on the net 30 credit app but looking back it's like why would a school the size of clemson university have two-digit phone extensions that makes zero sense they would have you know four maybe five-digit extensions because they probably have multi-hundreds of phones spread out throughout the campus and then we've got all of their other information but again you know the ein for a business the duns number that's all public information that you can look up all right that's nothing that's uh you know that's sort of confidential or private information and all of the other supporting documentation that they sent us and they sent it to us very quickly like i said less than two hours after we asked for the net 30 app they have the net 30 app filled out and by the way here's all of this other information that i believe is actually all legitimate information but something like the tax exempt certificate the w-9 that's probably stuff that you can find online or at some point maybe clemson university was compromised in a security breach or something and that information leaked online where you know hackers or scammers have access to their w9 their trade references and their tax exempt certificate i don't know the answer to that but it all looked legitimate to me so having missed all of the other clues that have happened so far and i know you guys are saying chris you dummy how could you have missed all of these obvious clues well again easy to say in hindsight but keep in mind this is over the period of multiple weeks now that we've been you know going back and forth with this guy along with all of the other stuff that we're doing here at crosstalk so yeah and looking back it's like how could i have missed that but it's also pretty easy to miss so he sends back those forms and everything looks good on our side so we approve the net 30 application and we place the order for you know almost ten thousand dollars worth of equipment to be sent out to this shipping address in new jersey so obviously we don't want to lose that kind of money and this is where i say we came this close we actually placed the order for this guy based on all of the information that he had sent us to head out to that random warehouse in new jersey the next morning however it was too late for the order to go out the day that we purchased it the next morning 6 37 in the morning we get an email from the guy hey how was your night and day going thanks for the update so again the broken english how was your night and day going in this time this time andy smartly thought to himself you know what let me just do a little bit of digging right so he started doing a little bit of investigative work and what he found was he searched for the name of this contact at clemson university and found this page right here so here is our guy procurement director mike n right works for clemson university and right on their web page clemson has see fraud alert above before calling this phone number and the fraud alert says procurement services has been notified of fraudulent emails being sent to suppliers replying to a price request please be aware that legitimate requests for quotes would be sent directly from our online bidding system or from one of our contract officers you can confirm our email address below as many scams use an address similar but not our actual email so at this moment andy was like oh crap right we placed this order he immediately got on the phone with our distributor and luckily the distributor caught the shipment before it left their warehouse so no harm no foul we did not actually get scammed but man were we close we were so close to losing almost ten thousand dollars worth of equipment so after we saw this online he also called up clemson's unit clemson university's procurement department and was like hey we got this random po was this you guys and they confirmed that in fact that was not them this is a known thing from clemson university that people are using their information to try to purchase equipment on net 30 terms to be shipped to new jersey and so now we need to figure out who the heck is doing this right it's very very odd what information do we have to go on for trying to figure out who this is we have the phone number that they gave us we have their email domain and we have the shipping address right so those are sort of the three bits of information that we know for sure is going to be somehow related to this scammer let's start with the email domain because that's the easiest one if you do a who is look up on clemsonedu.school we can see that the creation date of this domain was may 14 2021 okay so that is basically about three months ago is when this domain was first registered now it's registered with namecheap and namecheap has private registration where if you have private registration with namecheap your city and state and country is i believe is iceland uh and they are in reyovic rejevic rajabek however you say that the private domains with who with namecheap are all going to look like this it really is a dead end it doesn't give us any information about the scammer whatsoever but it does have a registrar abuse contact email and of course i took all of the information that we learned and i did send it over to abuse at namecheap.com they acknowledge receipt but of course they just say hey you know we'll do what we can but you may never hear an update on this ever again so that's just a black hole probably never going to go anywhere so then we have the shipping address they gave us which was in new jersey which of course is really weird why are they giving us a shipping address in new jersey for phones that are you know meant for clemson university again stuff that in hindsight you look back and you're like of course that was silly if you do a google search on the shipping address it comes to this webpage there's a company out there that this address actually belongs to and the company is a freight forwarding company or i should say a nigerian freight forwarding company meaning a company that you can sign up with them i'll show you it actually says how it works you sign up and you get a usa based address that people can ship stuff to when stuff is received at that us-based address which is in new jersey they then package everything up and reship it to nigeria you know whatever address you've given them for nigeria now this company's website you know it looks pretty normal uh they also have a yelp page and on their yelp page uh there's a couple of weird things we have this review from east brunswick new jersey which has very specific information about the company and of course with yelp usually the first review is whoever you know owns that company or has something to do with that company they're going to give that company a great review on yelp like you look up any restaurant the first review is always the restaurant owner giving himself a five star review for his own restaurant right so this person had very specific information so i completely discount that this is a real yelp review but we scroll down here and we see two other yelp reviews one says scammer location guy tried to buy goods for me online and wanted me to send it to this address it was a huge scam be aware of this place they will just take your goods without paying you they have a scam email set up with venmo and paypal now i didn't get any venmo addresses or paypal addresses so there must be multiple scams happening through this you know freight forwarding company another one down here same sort of stuff just really bad review they tried to i guess ship something through them and it just you know fell flat didn't work so on google they also have reviews but they're pretty mixed they've got like 3.7 stars out of 5 on google with again very mixed reviews now if we look at the actual building if we look at the actual address on a google street view this is it right so it's just a completely like non-descriptive building in the middle of new jersey somewhere so really not much to go on here and you know i would you know maybe give out the address or the name of this business except that probably one of three things is going on with this business either a they're completely innocent and they're just an actual freight forwarding company maybe they don't have great customer service but they're innocent in this and you know a scammer is using them to do freight forwarding to nigeria b this might actually be the scammer right there might be the scammer the owners of this company might actually be the scammers i don't know i don't know if that at all or c probably the most likely thing is that these people run this business they're aware that there's probably some fishy stuff going on but they're looking the other way because they're making money being a freight forwarder right they're like hey we have nothing to do with the boxes and packages that come through our office all we do is receive them and then ship them and that's it so probably that's what's going on here so we don't want to dox this company unnecessarily and then of course the last bit of information that we have from this guy is a phone number right so i decided to go ahead and call the phone number and see what we see your call has been forwarded to voicemail please leave a message after the town hi this call is for mike this is chris sherwood calling from crosstalk solutions i had a quick question about this order that we're trying to process okay so basically it was a dead end you know the phone number just went directly into a voicemail box that had the default greeting it's an asterisk-based voicemail because i know that was allison smith's voice that picked up the voicemail and i just left him a voicemail and i you know under kind of false pretenses i said hey this is chris from crosstalk we want to get this order shipped out to you but we need to know who we're sending it to like attention to whom and he did say earlier in the email where the attention is going but i was you know ignoring that and i also offered to upgrade him to you know two day or overnight shipping if he wanted and the guy wrote back a little bit later and he said attention to this guy i think was roy white and then also yes we want to upgrade to two-day shipping right so he did write back to tell me that information now once he wrote back and i knew that he was still in this and he knows that i am imminently going to be sending these packages i wrote him back again and i said okay we're going to get this shipped out today i'll send you the tracking information as soon as i have it and oh by the way funny story i was just at clemson university a couple years ago check out this awesome picture that i took from clemson and of course the picture is just a picture i found online of you know clemson university campus but it was a grabify link okay so it's a link that basically if he clicks on that picture it's going to send me his you know type of computer or phone that he's on his ip address his location you know geo locate the ip address and basically a whole bunch of information about this person so i'm trying to bait him into clicking on a link which as of the recording of this video he has not clicked on it yet in fact let me just double check again so now as of the recording of this video he has not clicked on the link yet but of course i will put an update out on twitter uh at crosstalk sol if i do get any further updates to this scam saga so what do we do next now obviously i'm still going to try to identify the guy but i've got sort of two sides of my conscience one side is saying you know what just you you walked out of this one barely you didn't lose any money no harm no foul just leave it alone the other side of me is like send him a glitter bomb or send him a poop bomb if you guys have seen this poop senders always fresh always anonymous you can actually send someone cow dung elephant crap gorilla poop or a combo pack of all three so you know we could send this through the funny thing about this too is they put a business card in there in the poop that you now have to open it up if you want to find out who sent it but of course you flip the card over and it just says we'll never tell you who sent it right so pretty funny but again they'll probably know it was a crosstalk that sent them this and we don't want to i don't want to have someone who's already doing something that's very illegal have now animosity towards me right so i'll probably just leave him alone but you guys let me know what you think down below i am open to suggestion so now here's the part of the video where we can all learn from our mistake right what are the red flags that we should have noticed throughout this entire thing again all combined and added up it's very obvious that this is a scam but if you take any one of these things individually they're either very easy to miss or they're just not that suspicious right so number one we had a guy contact us out of the blue looking to place a large order again on its own not that suspicious because we get those all the time right people watch me on youtube and they're like hey let's buy some stuff from this guy right it happens on a very regular basis now granted most of those aren't you know 10 000 plus dollar orders but it does happen pretty regularly so in and of itself not too suspicious number two broken english now the broken english itself is not that suspicious because we do have folks that are english as a second language and it's not that big a deal but you also have to put two and two together it's a guy from clemson university in south carolina he's got a sort of like polish or eastern european last name and he's got very broken english so those together don't really add up it's not entirely unlikely but it just kind of doesn't add up it should have set off some warnings and red flags all right a non-official email domain this should have been the biggest clue and we just straight up missed it stuff coming from a college is going to be.edu this was clemson edu dot school so again just a very odd domain that anyone can go out there and purchase also not able to get them on the phone as well as the strange phone numbers now the phone number the d id itself was not strange it was a south carolina d id i looked it up the extension numbers were odd because a school the size of clemson would not have two digit extension numbers also i was unable to get them on the phone and when i called the number it just went straight to a generic voicemail box with no greeting no ivr no nothing right so that is fishy but we didn't actually call that phone number until after we knew that it was already a scam right so just something to if you're curious if it's a scam or not call the phone number just see what happens right now there were other oddities such as the email disclaimers they had some very odd email disclaimers urging us to make sure everything goes through email kind of forcing us away from the phone right they didn't want us to be calling them they wanted us to go through email and that's just kind of a weird thing to put in an email disclaimer an email disclaimer by the way that's very easy to miss because again you don't typically just read every email disclaimer for everyone that sends you an email and then of course probably the most obvious thing which again it's not entirely outside the realm of possibility we have customers order stuff from us where their billing address and shipping address are in totally different states that happens all the time in this case though clemson university why would we be sending stuff to new jersey right that's one of the things that should have you know triggered something and i remember uh when because we kind of felt that it might be a scam and then they sent us all of the supporting documentation with the net 30 application that all looked completely legitimate so we were kind of like let's not send this guy anything until we know that he's returned that net 30 app and we can look over it and approve it all of the stuff they sent us was so good that we kind of were like joking about wow if it is a scam the most that we're going to be out is you know this amount of thousands of dollars right i made that joke to andy i said well i guess this is how much we'd be out if it turns out this is a scam and again luckily we caught it so there you have it the saga of crosstalk solutions almost getting scammed this week it can happen to anyone especially folks that maybe aren't well versed in email phishing scams you know something like 70 plus percent or more of all system compromises and successful scams happen through email okay so especially for people in your purchasing department your accounting department make sure that they are well versed on this type of stuff have a meeting with them and say hey these are the things that you need to look out for so that you don't get scammed all right tell me your scam stories i'd love to hear them put them down in the comments below i'm gonna read absolutely every single comment on this video if you guys like this video make sure you give me a thumbs up and if you'd like to see more videos like this please click subscribe my name is chris with crosstalk solutions and thank you so much for watching you
Info
Channel: Crosstalk Solutions
Views: 55,204
Rating: 4.9332275 out of 5
Keywords: Scammed, crosstalk, crosstalk solutions, phishing scam, clemson scam, email scam, email scammer, nigerian scammer
Id: W4gxBiO0duw
Channel Id: undefined
Length: 31min 36sec (1896 seconds)
Published: Thu Aug 12 2021
Related Videos
You Should Be Using Yubikeys!
Crosstalk Solutions
376K
Protect G4 Doorbell Pro - Reaction to This Awesome New (maybe) Product!
Crosstalk Solutions
32K
My channel was deleted... HOW?
Jim Browning
2.4M
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
973K
Let's Talk UniFi w/Reilly from HostiFi
Crosstalk Solutions
17K
How to Terminate Ethernet Cables
Crosstalk Solutions
98K
you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!)
NetworkChuck
389K
UniFi U6-Lite WiFi 6 Access Point - Review and Benchmarks!
Crosstalk Solutions
186K
Hidden Radios in Home Devices (IOT)! The next Cyberthreat
Rob Braxman Tech
873K
SpaceX's Starlink Reviewed: How is it after 4 months?
Jeff Geerling
394K
Why was Facebook down for five hours?
Ben Eater
218K
Windows 11 is bigger than we thought
Linus Tech Tips
3.6M
U6-LR Review and Benchmarks
Crosstalk Solutions
108K
You need a NAS RIGHT NOW!! (How I run my Hybrid-Cloud YouTube business)
NetworkChuck
342K
tp-link Omada - Complete Overview
Crosstalk Solutions
70K
UniFi Access Complete Review
Crosstalk Solutions
79K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.