July 4, 2025 • 27 mins
Helpful episodes to listen to firstQuestions we answer in this episode
What's the first skill we need to stay safe shopping online?
What are the two buckets of bad shopping websites?
What are the two buckets of phishing websites?
What is the first item on our "safe website" checklist?
Episode summaryA vital skill in staying safe while shopping online is knowing how to tell if a website is safe. You need to be on the watch for not only phishing sites, but scam websites too.
We usually think of phishing websites as clones of specific websites, like gmail, where the objective is to steal your password. But with shopping, the objective of a phishing website is to gather as much personal information about you as they can, including your credit card.
The first question on our safe website checklist is this: is the website less than a year old? If the answer to that question is yes, my advice is: run away, do not shop there, do not even browse there.
Call to actionVisit linklantern.com, put in any website, then look for the answer to the first item on our checklist:
is the website less than a year old?
LinksLink Lantern: shine a light on an unfamiliar website
Find out when a website was registered
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome back to Super Simple Security Principles.
I'm Nick Jackson, and trust me, I want to love computers, but they don't love me back.
I'm learning how to stay safe from my good buddy and master guardian, Makani.
Woo!
Let's go.
Look, dude, this kid started geeking out at six years old, writing his first computer
(00:20):
programs when he was six.
Are you kidding me?
Like, let's go.
He knows his security.
He knows his stuff.
He spends his time now teaching people like me and you how to stay ahead of the digital
threats and those nasty bad guys.
Hallelujah!
He keeps it simple, and we love it.
(00:42):
Learn along with me each week.
I'll ask the questions.
Make sure he keeps it relevant and simple for us.
If I can do it, you can do it.
So let's go.
This is episode 70, Shopping Security Stacks, phishing specifically.
Okay, look.
My thoughts before we delve too far into this about today's questions.
(01:06):
Look, we're going to give you a very, very, very first step to stay safe shopping online.
Look, if you pull the plastic out of your wallet to purchase anything online, listen up.
Look, the start of this episode is going to be important, so pay attention.
We're going to simplify and group bad shopping websites and phishing websites.
(01:31):
Let's go.
Let's have some structure.
I love structure.
You betcha.
It even gets better.
We're going to wrap this up with a safety, I'm using your quotation marks, a safe website checklist.
Let's go.
(01:51):
It's about time.
Thank you.
So with no further ado, here's our questions.
What's the first skill we need to stay safe shopping online?
What are the two buckets of bad shopping websites?
(02:13):
What are the two buckets of phishing websites?
What is the first item on our safety website checklist?
Dude, this is going to be an episode.
Yeah.
Well, in a series, right?
Like, so this is our first, you know, we were kind of dealing in the abstract, given the system for building a security stack.
(02:40):
So now we're starting building our first one and, you know, doing online shopping.
And so I agree.
I'm, it's going to be really cool.
And just like one of the most universally applicable set of episodes that we're doing.
Right.
Can I, can I tell our listeners a little something?
(03:02):
Sure.
Look, your master guardian likes to pick on me a little.
Keeps me in the dark about something.
True.
I do.
I do.
Right.
Right.
So this is going to be my first opportunity to learn how to actually build a security deck.
And so, or security stack, excuse me.
(03:23):
And, and so I'm excited for this, especially the fact that, because this is the one area I do really, truly appreciate that online convenience and that online opportunity.
And that's, that's, that's within, you know, shopping security stacks and phishing is what concerns me, you know?
And so, yeah, so for me, this is awesome.
(03:45):
So I really appreciate it.
Again, I don't feel like this is a daunting task because I'm about to do it for the first time myself.
That's all I wanted to say, go for it.
Well, no, it's fine.
Well, it just made me think like when you're talking, I was like, what's exactly, I was just processing what you're saying.
And, you know, right, here's how I'd restate what you just said, because I thought it was very interesting was, you know, you hate computers, right?
(04:12):
I mean, you don't really want to use your stuff any more than you absolutely have to.
But one thing that you are grateful for, you know, and you do willingly is shopping, right?
Because there's a trade-off online versus physical, right?
There are a lot of trade-offs.
And so that's when you appreciate it.
And I think there are a lot of people in that boat.
(04:32):
And so, anyway, that's, yeah, I appreciate that.
Yeah.
So for this series, one thing we're going to talk about, of course, is a bunch of different threats.
You know, today we're going to start off with phishing, but we will talk about scamming and straight out stealing of credit cards, you know, for example, among other things.
(04:57):
But, and, of course, we want to explore all the layers of protection, you know, against these threats as well, right?
Yeah.
Yeah.
And so the, kind of one of our first focuses we're going to be kicking off with is a skill that everyone needs.
But one that, honestly, I haven't, it may be out there, but I haven't seen anyone be talking about this specific skill.
(05:24):
Even though it's really super simple in concept, but there's a lot of depth to it.
And that is this, how to tell if a shopping website is safe.
Yeah.
Right?
Like, that just, you know, there's different, little different techniques, different questions you can ask, different things you look for.
(05:46):
Like, how do I tell if it's safe?
Right?
Agreed.
Like, this is, this is a big concern of mine.
Like, anybody that has teenage kids, you ask them, like, what do you want for your birthday?
Or what do you want for this, that, or the other?
And they just send you links anymore.
That's all they do is they send you a link to what they want, or they send you the webpage, and they've got everything they want in the basket already, which is awesome.
(06:13):
I love it.
But then I'm left wondering, like, dude, I haven't even visited this website.
Like, sometimes these are new, new stores, too, you know?
So, like, so, again, this is so relevant, so relevant that I just hope people really tune in for this one.
(06:38):
Yeah, well, and that's exactly the case we're talking about, right?
We will be talking also about, for example, Facebook Marketplace, where, you know, Facebook itself is a known thing, but there's some risks in Marketplace.
Amazon even, you know, there's some things we'll talk about with the sellers and things there.
But obviously, Amazon itself is one known, safe, clearly not a phishing website or anything like that.
(07:00):
But our first kind of focus is this skill of we want to evaluate a new shopping website, one we haven't shopped about, one that's not well-known, one that we don't already trust.
And so, and that's going to take more than today's episode, but that's what we're going to start diving into.
Excellent. Love it.
So, in the questions I talked about, that safe website checklist, right?
(07:25):
And so, I kind of, if you wanted to boil it down, our approach for, you know, answering that question, the skill to tell if a shopping website is safe is basically going through a, you know, a checklist of things to look for.
Yeah.
Okay. And, you know, as we look at each item on the list, we'll get a better and better idea if the website is safe or not.
(07:48):
Excellent.
And, you know, there will be some checks, especially when we want to put these up early on for efficiency.
But, you know, if, like, they fail this one, we don't need to check the rest of the list because we know it's bad, right?
If we only keep progressing, if it's, you know, passing everything and then, you know, we get to the end and we say, okay, we're confident enough we're going to, you know, place an order here.
(08:12):
Yeah.
Right?
That's the idea.
Yeah, absolutely.
That makes perfect sense.
So, you get a red check mark and ditch it.
Time to move on.
Yep, exactly.
Yep.
So, before we actually get to the first item on our checklist, we're only going to get to one item today, but there's a few kind of background concepts.
(08:34):
And, again, these go to our opening questions.
So, there's two kinds of buckets, and there are some, you know, lots of little combinations and variations, but of bad shopping websites.
Bucket one is phishing.
Okay.
And that's, we're going to focus on today, and bucket two is scamming, which we'll come back to in future episodes.
(08:56):
Okay.
Does that make sense?
That makes total sense.
So, today we're going to address specifically the bucket.
It's the phishing threat.
They're looking for information, looking to clean.
Okay.
Yeah, and we'll go into what that means a little bit more in a minute, but the point is that the phishing website, they have a little bit different approach.
(09:20):
Like, when we think of our questions, we were looking at, you know, in the five questions in the bulletproof stack formula, right?
Like, we want to be looking at the nature of the threat.
And so, we've got to dive into it.
So, it's not just a shopping website, but we can break that down further.
Is it a phishing shopping website?
Is it a scamming shopping website?
And, obviously, at the get-go, we don't know what that is, but just knowing that those two types of things exist help us.
(09:48):
And there's a lot blurrier line between, like, scamming and legitimate, whereas phishing, it's typically a much more distinct difference and, you know, much worse even than scamming.
So, we want to, or I wouldn't say worse, but different anyway.
So, we want to start there.
They're the easiest ones to at least do some checks on, and they just have different strategies to some degree.
(10:14):
So, yeah.
Okay.
So, that's the two buckets of bad shopping websites that we talked about, phishing and scamming.
Now, there's also two buckets of phishing websites.
Okay.
Okay.
And the reason I want to make this distinction is so there's not confusion because we've talked about phishing a lot before, or at least some, and not specifically in the context of online shopping.
(10:42):
Right?
Right.
So, just more general purpose phishing, right?
Exactly.
Right.
And the one that we've talked about, and, like, is if you go look up phishing things, this is where they're mostly talking about, is they're impersonating, like, we have a clone of a very specific website, like, Gmail.
It's going to be the big ones, Gmail, Facebook, PayPal, PayPal, Amazon.
(11:04):
Right?
Right.
And the purpose of those is to just steal your, you know, your username and password so they can log into your Gmail account or whatever.
Right?
Mm-hmm.
Yeah.
But what we're talking about today, we already established before, is to a new store that you haven't shopped at before.
Right.
(11:24):
Right?
So, obviously, this second bucket, like, there's no username and password for them to steal from you because you've never shopped at before.
You've never been there.
Yeah.
Right.
So, the objective here is different.
They're still kind of doing the same thing.
They're, you know, cloning, they're impersonating a website, but not a specific one.
It's just they're pretending to look like a normal online store.
(11:48):
That's what they're impersonating or cloning is just the idea of a normal online store rather than a specific one that you know and trust.
They're not trying to trick you into thinking that they're a specific online store that you've worked with before.
Does that make sense?
Yeah.
It makes total sense.
Makes total sense.
I mean, obviously, there could be a clone of Amazon as well.
(12:09):
So, there's that still in the online shopping.
But this new category that we're looking at that's a little bit different is this.
Yes.
Got it.
Yeah.
Okay.
So, the goal with this one, since it's not to steal your username and password, is to still get your information.
It's just, you know, get your name, your phone, email, address, you know, for shipping, of course, and especially, most of all, your credit card, right?
(12:34):
Yeah.
Yep.
Okay.
Yep.
So, the next thing to know is phishing websites are very short-lived.
They do not stick around for very long.
Okay.
Many are for less than a day.
(12:55):
From what I researched on, yeah.
Because, well, the reason is because there's a lot of people trying to detect them and get them shut down.
Gotcha.
Right.
So, and thankfully, we've made a lot of progress on doing that.
Okay.
And so, from what I can tell, the current stats are, like, it looks like it's extremely rare for one to last longer than a month.
(13:17):
Like, that's way at the outside.
Okay.
Right?
Right.
So, this is super helpful, right?
Because, if we can determine how new a website is, right, then we can say, oh, maybe that's probably not safe to visit.
(13:38):
Right?
Right.
Right.
Yeah.
Yeah.
So, that brings us to the first item on our checklist.
And that is, to answer the question, is the website less than a year old?
Okay.
Okay.
So, because for me, personally, now, I just mentioned that phishing was, like, less than a month.
So, why am I saying a year now, right?
(13:59):
Right.
That was my question, obviously.
Well, not obviously, but it was a question that I had.
Yeah.
So, you know, it depends on your risk tolerance.
But it's because this checklist is not going to be just for phishing, even though that's what we're talking about today.
But it's applying to anything.
Okay.
So, scam websites are going to stick around longer.
(14:22):
Right?
They're going to, as you well know, because we've taught some stories you've shared with me about scam websites you've been at.
And I've researched, they stick around much longer.
Yeah.
You know?
And I mean, even one year, I mean, even, I mean, one year is my absolute minimum.
Okay.
Like, for me personally, right?
(14:44):
You can send it wherever you want.
I think you're absolutely crazy if you do anything less than a month, right?
But my personal recommendation is less than a year is an absolute red flag, anything less than, you know, two or three, unless they're clearly advertising and saying, okay, we're new.
And, like, you have, you know, I mean, there can be information you can find out about that will say, okay, it's new.
(15:06):
That's fine.
You know the person or you know somebody who knows it or whatever, right?
Right.
But without strong evidence that it's safe, year is where I do the hard line.
And then, you know, I'd like to see at least two, three, four, you know, basically the older, the better, really.
(15:27):
Okay.
Yeah.
Right?
Yeah.
Does that make sense?
Yep.
Total.
So that's, yeah, so that's our checklist.
So that leads us to the next natural thing is how can you tell what a website's age is?
Yeah.
Oh, I have no clue.
(15:47):
Yeah.
And, well, and so we, so we want to make this really easy.
Um, and there's actually a kind of a few different ways you can measure this that we'll explore in future episodes.
Okay.
But today we're going to start with the simplest and easiest.
Um, and actually we, we talked about this in episode 64.
(16:07):
This was my story has to do with domain name registration.
So I'm going to put the links in for that.
Right.
But the simplest is to look at when the website name was registered, how long it's been registered for.
Okay.
Okay.
Now that doesn't necessarily tell you how long it's been active for because they could just park it and then use it later.
(16:32):
But that's, yeah.
So it's not the whole story, but if it is new, again, if it's, if it's less than a year, if it is new, then you know it's bad.
If it's not, then you got to keep going down the checklist, right?
Right.
Old doesn't necessarily mean safe, I guess is the other way to say that.
Does that make sense?
Okay.
Yeah, that makes sense.
(16:54):
So the tool though is one that we built link lantern.
Yeah.
Yeah.
Super, super happy with it.
It's still in beta.
Um, it's linklantern.com.
So pretty, pretty, hopefully pretty easy to understand the spell.
Um, but there'll be a link in the show notes.
Yep.
And it not only tells you the website age, but it will give you some additional links in there to click on and, um, go to see if there are, uh, if it's been known, if it's a known bad website, because there are a number of services, um, that are trying to track this, detect this and let people look, look it up.
(17:36):
Right.
Does that make sense?
Mm-hmm.
Yeah.
That makes total sense.
And then, uh, yeah, ultimately we want to, anyway, there's a lot we want to do with link lantern, but it's there right now.
It works.
Uh, it does the basics.
You can absolutely put in a website and it will tell you the domain age.
(17:56):
So you've got that.
Anybody has a simple way.
There's actually, I will also include a link in case anybody for whatever reason doesn't want to use our tool.
There is kind of an official website, um, that maintains the, the website registration records that you can look up at it and it has a little bit more geeky stuff.
(18:17):
It's not designed to be quite as simple, which is why we built ours.
We also want to put in the other information, but whatever, if you want to look anyway, I'll put that link in there as well.
So, excellent, excellent.
Okay.
So, um, I think that's pretty much it.
I think maybe we don't, we all, sometimes we do this, sometimes we don't, but I was thinking a quick recap of this one with you.
(18:44):
Let's do it.
You want to do it.
Yeah.
Roll me under the bus, man.
You asked the questions.
Let's, let's see, see how well I do.
Yeah, well, I, I was just thinking, run through, if you can think of the main points and see, and I'll fill in.
Okay.
You ready?
So there are two types or two buckets, if you will say, of bad shopping websites.
(19:07):
Your first bucket is what they're specifically looking for is to phish.
Take that information, specifically looking for credit card.
These are new websites.
We're talking about new, new websites, new, new websites that you're going to for the first time, first time users.
I probably should have let off with that, but then there's that.
(19:31):
And then there's the one to where, oh gosh, what was the second bucket?
Don't tell me.
Don't tell me.
Don't tell me.
It was this scam website.
So, and then from there, we've got the two type, the two buckets of phishing websites.
(19:54):
And there you have what I call the copycatters, the ones that try to look exactly like Amazon.
Is that right?
Yep.
Okay.
And then you've got the other ones that we're focusing in on that are like, hey, look, we're, we're brand new.
We're trying literally to steal your information, like your credit card specifically.
(20:16):
So, um, we have a website checklist and that is, is according to our master guardian.
And this is my rule of take as well, because I just follow his advice to keep me safe.
If it's under a year, okay, look, next, you know, and, and so, and then again, just because we, we do worry about you, you know, and this is, I take some credit for Link Lantern because I was like, I don't know how to tell if a website's new or old or whether it's legit or not.
(21:03):
Yeah.
And, you know, it's designed to be very easy.
I literally will take and copy links that are sent to me in an email, even if I know who they're coming from, even if I'm prepared with them and I'll put it in Link Lantern and see, you know?
(21:26):
So again, here's a place for you to go check real quick.
How long has this website been in here?
Like how long has it been there?
You know, year or less?
Okay.
Um, and that's the first step to our checklist.
And did I miss anything?
No, no, I think that's a good recap.
(21:47):
And I'll, yeah, I'll say I'll just add this, not because you missed anything, but just, I'm just excited.
So like, as we build through this, by the end, we'll actually have, you know, a PDF or something you can download somewhere.
You could see it online, both.
I don't know.
It'll have all the items on the checklist, right?
Okay.
We just got one today, right?
(22:08):
But, well, we're going to have a number of other ones.
And by the end, I'm, I'm confident that, you know, you and our listeners will be able to go, you know, through for themselves and, you know, check if a website's safe.
And I just, I can't even tell you how excited I am about that, because this is one of the ones that I've had so many requests over the years.
(22:30):
Hey, you know, hey, Makani, is this safe?
You know, this crazy Sandy checked me.
And, you know, sometimes I, you know, teach them a few things, some whatever, but, you know, it's like, you know, they're just, they want a quick answer or whatever, you know?
So it's not like I'm going to spend the next three hours teaching them.
Right.
Right.
Right.
You know, so, but if I have a resource that if they want to learn, I can say, absolutely, you know, I'll look at it with you.
(22:57):
But, hey, if you want to be able to do this for yourself in the future, here's, you know, here's my guide.
Yeah, exactly.
Here's my checklist.
Here's how to do the things.
And so I'm just, I'm really excited about putting that in the hands of people, too, because it's not, it's not like super rocket science, but they're, it's definitely not things that people are just, you know, naturally figure out on their end.
(23:18):
And domain name age and, you know, how do you, how do you look that up?
And anyway, right.
There's just a lot of things like that that, anyway, really excited.
So I'm pumped.
I'm pumped.
You know, hopefully our listeners are too.
Like, you know, there should be like, there should be something that gets you excited.
(23:40):
Yeah.
Right.
Yeah.
Do we, do we, do we have a call to action today?
Should we?
Yeah.
We're back to normal.
We're back to normal.
Calls for the help for now during this series.
So.
Hey.
Yeah.
And so I just want you to, you know, you may not have a new shopping website that you're evaluating right now, of course.
Right.
But that's okay.
(24:01):
Let's practice.
Just so it's in your brain.
So you've used it.
Answer that first item on the checklist as though you did.
You know, just whatever website, even if it's one, you know, is already trustworthy.
Maybe you're interested in seeing how long has Amazon been around?
Whatever.
Yeah.
Throw in, throw in any website.
Go to linklantern.com.
Put in that website and see what shows up.
(24:21):
Awesome.
Awesome.
I can do that.
You ready?
Yeah.
Well, and obviously you've done it a whole bunch.
I know.
So.
Yep.
But.
Yeah.
Hey, it's super easy from a, from a person that's non-techie to be perfectly frank.
Like, like, I'll be honest.
My first experimentation was, is I would send myself YouTube links and throw them in and
(24:46):
then use the tool to take me directly to that YouTube, you know, and anyways, so this
is something super easy that said, we're going to digress a little bit.
First, we're going to talk about next week's episode and I don't want to say digress, but
we finally get our opportunity to meet with Kem.
(25:09):
Like that should be enough said right there.
Like I shouldn't have to say, tune in to next episode.
You want to meet Kem?
Tune in next week.
That's simple.
Yeah.
Well, you know, I mean, I referenced him, but I don't know how much we talked about him,
you know, cause he's my brother.
Right.
Anybody who's listening doesn't know he's, and he's on our, you know, he's one of the,
it's me.
I mean, me, Nick and Kem are the team here, the team bulletproof as I call it.
(25:34):
And, you know, he's mostly behind the scenes, but he's been a software developer in
Kirk as long as I have been longer because he's older as he'll point out, I think.
But, um, and so, you know, he's, he's, he's the one who builds our website and does, you
know, he's the one who built Link Lantern, for example, you know, you and I contributed
(25:54):
ideas and, and concepts of course, but he, he's the one who actually built it for us.
Yeah.
And so, um, yeah, I mean, I agree with you.
It's, uh, you know, we've had him on once before, I think maybe a couple of times.
So, but anyway, yeah, he's, he's going to come on and share his story.
Of failing.
(26:17):
So, yeah.
And tune in to see, so who's the better looking brother?
That's right.
Yeah.
You know, it's funny you say that too, because over the years, like when we lived together,
we don't now haven't for many years, but there was a time anyway, when we had a house phone.
Okay.
This was years ago, people would call and, uh, anyway, it's pretty hard to tell our voices
(26:43):
apart for, for a lot of people who don't know us, know us well, you know?
So that's been fun.
And same with actually, I have another brother and like all three of us have been able to
mess with people a little bit, uh, in terms of our voices.
So, yeah, that's awesome.
(27:03):
Anyway, it'd be good times to have him on.
Yeah.
So, okay.
I'm ready.
I'm ready.
Great episode.
Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
(27:26):
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first step.
Again, that's bulletproofmyid.com.
Welcome back to Super Simple Security Principles.
I'm Nick Jackson, and trust me, I want to love computers, but they don't love me back.
I'm learning how to stay safe from my good buddy and master guardian, Makani.
Woo!
Let's go.
Look, dude, this kid started geeking out at six years old, writing his first computer
(00:20):
programs when he was six.
Are you kidding me?
Like, let's go.
He knows his security.
He knows his stuff.
He spends his time now teaching people like me and you how to stay ahead of the digital
threats and those nasty bad guys.
Hallelujah!
He keeps it simple, and we love it.
(00:42):
Learn along with me each week.
I'll ask the questions.
Make sure he keeps it relevant and simple for us.
If I can do it, you can do it.
So let's go.
This is episode 70, Shopping Security Stacks, phishing specifically.
Okay, look.
My thoughts before we delve too far into this about today's questions.
(01:06):
Look, we're going to give you a very, very, very first step to stay safe shopping online.
Look, if you pull the plastic out of your wallet to purchase anything online, listen up.
Look, the start of this episode is going to be important, so pay attention.
We're going to simplify and group bad shopping websites and phishing websites.
(01:31):
Let's go.
Let's have some structure.
I love structure.
You betcha.
It even gets better.
We're going to wrap this up with a safety, I'm using your quotation marks, a safe website checklist.
Let's go.
(01:51):
It's about time.
Thank you.
So with no further ado, here's our questions.
What's the first skill we need to stay safe shopping online?
What are the two buckets of bad shopping websites?
(02:13):
What are the two buckets of phishing websites?
What is the first item on our safety website checklist?
Dude, this is going to be an episode.
Yeah.
Well, in a series, right?
Like, so this is our first, you know, we were kind of dealing in the abstract, given the system for building a security stack.
(02:40):
So now we're starting building our first one and, you know, doing online shopping.
And so I agree.
I'm, it's going to be really cool.
And just like one of the most universally applicable set of episodes that we're doing.
Right.
Can I, can I tell our listeners a little something?
(03:02):
Sure.
Look, your master guardian likes to pick on me a little.
Keeps me in the dark about something.
True.
I do.
I do.
Right.
Right.
So this is going to be my first opportunity to learn how to actually build a security deck.
And so, or security stack, excuse me.
(03:23):
And, and so I'm excited for this, especially the fact that, because this is the one area I do really, truly appreciate that online convenience and that online opportunity.
And that's, that's, that's within, you know, shopping security stacks and phishing is what concerns me, you know?
And so, yeah, so for me, this is awesome.
(03:45):
So I really appreciate it.
Again, I don't feel like this is a daunting task because I'm about to do it for the first time myself.
That's all I wanted to say, go for it.
Well, no, it's fine.
Well, it just made me think like when you're talking, I was like, what's exactly, I was just processing what you're saying.
And, you know, right, here's how I'd restate what you just said, because I thought it was very interesting was, you know, you hate computers, right?
(04:12):
I mean, you don't really want to use your stuff any more than you absolutely have to.
But one thing that you are grateful for, you know, and you do willingly is shopping, right?
Because there's a trade-off online versus physical, right?
There are a lot of trade-offs.
And so that's when you appreciate it.
And I think there are a lot of people in that boat.
(04:32):
And so, anyway, that's, yeah, I appreciate that.
Yeah.
So for this series, one thing we're going to talk about, of course, is a bunch of different threats.
You know, today we're going to start off with phishing, but we will talk about scamming and straight out stealing of credit cards, you know, for example, among other things.
(04:57):
But, and, of course, we want to explore all the layers of protection, you know, against these threats as well, right?
Yeah.
Yeah.
And so the, kind of one of our first focuses we're going to be kicking off with is a skill that everyone needs.
But one that, honestly, I haven't, it may be out there, but I haven't seen anyone be talking about this specific skill.
(05:24):
Even though it's really super simple in concept, but there's a lot of depth to it.
And that is this, how to tell if a shopping website is safe.
Yeah.
Right?
Like, that just, you know, there's different, little different techniques, different questions you can ask, different things you look for.
(05:46):
Like, how do I tell if it's safe?
Right?
Agreed.
Like, this is, this is a big concern of mine.
Like, anybody that has teenage kids, you ask them, like, what do you want for your birthday?
Or what do you want for this, that, or the other?
And they just send you links anymore.
That's all they do is they send you a link to what they want, or they send you the webpage, and they've got everything they want in the basket already, which is awesome.
(06:13):
I love it.
But then I'm left wondering, like, dude, I haven't even visited this website.
Like, sometimes these are new, new stores, too, you know?
So, like, so, again, this is so relevant, so relevant that I just hope people really tune in for this one.
(06:38):
Yeah, well, and that's exactly the case we're talking about, right?
We will be talking also about, for example, Facebook Marketplace, where, you know, Facebook itself is a known thing, but there's some risks in Marketplace.
Amazon even, you know, there's some things we'll talk about with the sellers and things there.
But obviously, Amazon itself is one known, safe, clearly not a phishing website or anything like that.
(07:00):
But our first kind of focus is this skill of we want to evaluate a new shopping website, one we haven't shopped about, one that's not well-known, one that we don't already trust.
And so, and that's going to take more than today's episode, but that's what we're going to start diving into.
Excellent. Love it.
So, in the questions I talked about, that safe website checklist, right?
(07:25):
And so, I kind of, if you wanted to boil it down, our approach for, you know, answering that question, the skill to tell if a shopping website is safe is basically going through a, you know, a checklist of things to look for.
Yeah.
Okay. And, you know, as we look at each item on the list, we'll get a better and better idea if the website is safe or not.
(07:48):
Excellent.
And, you know, there will be some checks, especially when we want to put these up early on for efficiency.
But, you know, if, like, they fail this one, we don't need to check the rest of the list because we know it's bad, right?
If we only keep progressing, if it's, you know, passing everything and then, you know, we get to the end and we say, okay, we're confident enough we're going to, you know, place an order here.
(08:12):
Yeah.
Right?
That's the idea.
Yeah, absolutely.
That makes perfect sense.
So, you get a red check mark and ditch it.
Time to move on.
Yep, exactly.
Yep.
So, before we actually get to the first item on our checklist, we're only going to get to one item today, but there's a few kind of background concepts.
(08:34):
And, again, these go to our opening questions.
So, there's two kinds of buckets, and there are some, you know, lots of little combinations and variations, but of bad shopping websites.
Bucket one is phishing.
Okay.
And that's, we're going to focus on today, and bucket two is scamming, which we'll come back to in future episodes.
(08:56):
Okay.
Does that make sense?
That makes total sense.
So, today we're going to address specifically the bucket.
It's the phishing threat.
They're looking for information, looking to clean.
Okay.
Yeah, and we'll go into what that means a little bit more in a minute, but the point is that the phishing website, they have a little bit different approach.
(09:20):
Like, when we think of our questions, we were looking at, you know, in the five questions in the bulletproof stack formula, right?
Like, we want to be looking at the nature of the threat.
And so, we've got to dive into it.
So, it's not just a shopping website, but we can break that down further.
Is it a phishing shopping website?
Is it a scamming shopping website?
And, obviously, at the get-go, we don't know what that is, but just knowing that those two types of things exist help us.
(09:48):
And there's a lot blurrier line between, like, scamming and legitimate, whereas phishing, it's typically a much more distinct difference and, you know, much worse even than scamming.
So, we want to, or I wouldn't say worse, but different anyway.
So, we want to start there.
They're the easiest ones to at least do some checks on, and they just have different strategies to some degree.
(10:14):
So, yeah.
Okay.
So, that's the two buckets of bad shopping websites that we talked about, phishing and scamming.
Now, there's also two buckets of phishing websites.
Okay.
Okay.
And the reason I want to make this distinction is so there's not confusion because we've talked about phishing a lot before, or at least some, and not specifically in the context of online shopping.
(10:42):
Right?
Right.
So, just more general purpose phishing, right?
Exactly.
Right.
And the one that we've talked about, and, like, is if you go look up phishing things, this is where they're mostly talking about, is they're impersonating, like, we have a clone of a very specific website, like, Gmail.
It's going to be the big ones, Gmail, Facebook, PayPal, PayPal, Amazon.
(11:04):
Right?
Right.
And the purpose of those is to just steal your, you know, your username and password so they can log into your Gmail account or whatever.
Right?
Mm-hmm.
Yeah.
But what we're talking about today, we already established before, is to a new store that you haven't shopped at before.
Right.
(11:24):
Right?
So, obviously, this second bucket, like, there's no username and password for them to steal from you because you've never shopped at before.
You've never been there.
Yeah.
Right.
So, the objective here is different.
They're still kind of doing the same thing.
They're, you know, cloning, they're impersonating a website, but not a specific one.
It's just they're pretending to look like a normal online store.
(11:48):
That's what they're impersonating or cloning is just the idea of a normal online store rather than a specific one that you know and trust.
They're not trying to trick you into thinking that they're a specific online store that you've worked with before.
Does that make sense?
Yeah.
It makes total sense.
Makes total sense.
I mean, obviously, there could be a clone of Amazon as well.
(12:09):
So, there's that still in the online shopping.
But this new category that we're looking at that's a little bit different is this.
Yes.
Got it.
Yeah.
Okay.
So, the goal with this one, since it's not to steal your username and password, is to still get your information.
It's just, you know, get your name, your phone, email, address, you know, for shipping, of course, and especially, most of all, your credit card, right?
(12:34):
Yeah.
Yep.
Okay.
Yep.
So, the next thing to know is phishing websites are very short-lived.
They do not stick around for very long.
Okay.
Many are for less than a day.
(12:55):
From what I researched on, yeah.
Because, well, the reason is because there's a lot of people trying to detect them and get them shut down.
Gotcha.
Right.
So, and thankfully, we've made a lot of progress on doing that.
Okay.
And so, from what I can tell, the current stats are, like, it looks like it's extremely rare for one to last longer than a month.
(13:17):
Like, that's way at the outside.
Okay.
Right?
Right.
So, this is super helpful, right?
Because, if we can determine how new a website is, right, then we can say, oh, maybe that's probably not safe to visit.
(13:38):
Right?
Right.
Right.
Yeah.
Yeah.
So, that brings us to the first item on our checklist.
And that is, to answer the question, is the website less than a year old?
Okay.
Okay.
So, because for me, personally, now, I just mentioned that phishing was, like, less than a month.
So, why am I saying a year now, right?
(13:59):
Right.
That was my question, obviously.
Well, not obviously, but it was a question that I had.
Yeah.
So, you know, it depends on your risk tolerance.
But it's because this checklist is not going to be just for phishing, even though that's what we're talking about today.
But it's applying to anything.
Okay.
So, scam websites are going to stick around longer.
(14:22):
Right?
They're going to, as you well know, because we've taught some stories you've shared with me about scam websites you've been at.
And I've researched, they stick around much longer.
Yeah.
You know?
And I mean, even one year, I mean, even, I mean, one year is my absolute minimum.
Okay.
Like, for me personally, right?
(14:44):
You can send it wherever you want.
I think you're absolutely crazy if you do anything less than a month, right?
But my personal recommendation is less than a year is an absolute red flag, anything less than, you know, two or three, unless they're clearly advertising and saying, okay, we're new.
And, like, you have, you know, I mean, there can be information you can find out about that will say, okay, it's new.
(15:06):
That's fine.
You know the person or you know somebody who knows it or whatever, right?
Right.
But without strong evidence that it's safe, year is where I do the hard line.
And then, you know, I'd like to see at least two, three, four, you know, basically the older, the better, really.
(15:27):
Okay.
Yeah.
Right?
Yeah.
Does that make sense?
Yep.
Total.
So that's, yeah, so that's our checklist.
So that leads us to the next natural thing is how can you tell what a website's age is?
Yeah.
Oh, I have no clue.
(15:47):
Yeah.
And, well, and so we, so we want to make this really easy.
Um, and there's actually a kind of a few different ways you can measure this that we'll explore in future episodes.
Okay.
But today we're going to start with the simplest and easiest.
Um, and actually we, we talked about this in episode 64.
(16:07):
This was my story has to do with domain name registration.
So I'm going to put the links in for that.
Right.
But the simplest is to look at when the website name was registered, how long it's been registered for.
Okay.
Okay.
Now that doesn't necessarily tell you how long it's been active for because they could just park it and then use it later.
(16:32):
But that's, yeah.
So it's not the whole story, but if it is new, again, if it's, if it's less than a year, if it is new, then you know it's bad.
If it's not, then you got to keep going down the checklist, right?
Right.
Old doesn't necessarily mean safe, I guess is the other way to say that.
Does that make sense?
Okay.
Yeah, that makes sense.
(16:54):
So the tool though is one that we built link lantern.
Yeah.
Yeah.
Super, super happy with it.
It's still in beta.
Um, it's linklantern.com.
So pretty, pretty, hopefully pretty easy to understand the spell.
Um, but there'll be a link in the show notes.
Yep.
And it not only tells you the website age, but it will give you some additional links in there to click on and, um, go to see if there are, uh, if it's been known, if it's a known bad website, because there are a number of services, um, that are trying to track this, detect this and let people look, look it up.
(17:36):
Right.
Does that make sense?
Mm-hmm.
Yeah.
That makes total sense.
And then, uh, yeah, ultimately we want to, anyway, there's a lot we want to do with link lantern, but it's there right now.
It works.
Uh, it does the basics.
You can absolutely put in a website and it will tell you the domain age.
(17:56):
So you've got that.
Anybody has a simple way.
There's actually, I will also include a link in case anybody for whatever reason doesn't want to use our tool.
There is kind of an official website, um, that maintains the, the website registration records that you can look up at it and it has a little bit more geeky stuff.
(18:17):
It's not designed to be quite as simple, which is why we built ours.
We also want to put in the other information, but whatever, if you want to look anyway, I'll put that link in there as well.
So, excellent, excellent.
Okay.
So, um, I think that's pretty much it.
I think maybe we don't, we all, sometimes we do this, sometimes we don't, but I was thinking a quick recap of this one with you.
(18:44):
Let's do it.
You want to do it.
Yeah.
Roll me under the bus, man.
You asked the questions.
Let's, let's see, see how well I do.
Yeah, well, I, I was just thinking, run through, if you can think of the main points and see, and I'll fill in.
Okay.
You ready?
So there are two types or two buckets, if you will say, of bad shopping websites.
(19:07):
Your first bucket is what they're specifically looking for is to phish.
Take that information, specifically looking for credit card.
These are new websites.
We're talking about new, new websites, new, new websites that you're going to for the first time, first time users.
I probably should have let off with that, but then there's that.
(19:31):
And then there's the one to where, oh gosh, what was the second bucket?
Don't tell me.
Don't tell me.
Don't tell me.
It was this scam website.
So, and then from there, we've got the two type, the two buckets of phishing websites.
(19:54):
And there you have what I call the copycatters, the ones that try to look exactly like Amazon.
Is that right?
Yep.
Okay.
And then you've got the other ones that we're focusing in on that are like, hey, look, we're, we're brand new.
We're trying literally to steal your information, like your credit card specifically.
(20:16):
So, um, we have a website checklist and that is, is according to our master guardian.
And this is my rule of take as well, because I just follow his advice to keep me safe.
If it's under a year, okay, look, next, you know, and, and so, and then again, just because we, we do worry about you, you know, and this is, I take some credit for Link Lantern because I was like, I don't know how to tell if a website's new or old or whether it's legit or not.
(21:03):
Yeah.
And, you know, it's designed to be very easy.
I literally will take and copy links that are sent to me in an email, even if I know who they're coming from, even if I'm prepared with them and I'll put it in Link Lantern and see, you know?
(21:26):
So again, here's a place for you to go check real quick.
How long has this website been in here?
Like how long has it been there?
You know, year or less?
Okay.
Um, and that's the first step to our checklist.
And did I miss anything?
No, no, I think that's a good recap.
(21:47):
And I'll, yeah, I'll say I'll just add this, not because you missed anything, but just, I'm just excited.
So like, as we build through this, by the end, we'll actually have, you know, a PDF or something you can download somewhere.
You could see it online, both.
I don't know.
It'll have all the items on the checklist, right?
Okay.
We just got one today, right?
(22:08):
But, well, we're going to have a number of other ones.
And by the end, I'm, I'm confident that, you know, you and our listeners will be able to go, you know, through for themselves and, you know, check if a website's safe.
And I just, I can't even tell you how excited I am about that, because this is one of the ones that I've had so many requests over the years.
(22:30):
Hey, you know, hey, Makani, is this safe?
You know, this crazy Sandy checked me.
And, you know, sometimes I, you know, teach them a few things, some whatever, but, you know, it's like, you know, they're just, they want a quick answer or whatever, you know?
So it's not like I'm going to spend the next three hours teaching them.
Right.
Right.
Right.
You know, so, but if I have a resource that if they want to learn, I can say, absolutely, you know, I'll look at it with you.
(22:57):
But, hey, if you want to be able to do this for yourself in the future, here's, you know, here's my guide.
Yeah, exactly.
Here's my checklist.
Here's how to do the things.
And so I'm just, I'm really excited about putting that in the hands of people, too, because it's not, it's not like super rocket science, but they're, it's definitely not things that people are just, you know, naturally figure out on their end.
(23:18):
And domain name age and, you know, how do you, how do you look that up?
And anyway, right.
There's just a lot of things like that that, anyway, really excited.
So I'm pumped.
I'm pumped.
You know, hopefully our listeners are too.
Like, you know, there should be like, there should be something that gets you excited.
(23:40):
Yeah.
Right.
Yeah.
Do we, do we, do we have a call to action today?
Should we?
Yeah.
We're back to normal.
We're back to normal.
Calls for the help for now during this series.
So.
Hey.
Yeah.
And so I just want you to, you know, you may not have a new shopping website that you're evaluating right now, of course.
Right.
But that's okay.
(24:01):
Let's practice.
Just so it's in your brain.
So you've used it.
Answer that first item on the checklist as though you did.
You know, just whatever website, even if it's one, you know, is already trustworthy.
Maybe you're interested in seeing how long has Amazon been around?
Whatever.
Yeah.
Throw in, throw in any website.
Go to linklantern.com.
Put in that website and see what shows up.
(24:21):
Awesome.
Awesome.
I can do that.
You ready?
Yeah.
Well, and obviously you've done it a whole bunch.
I know.
So.
Yep.
But.
Yeah.
Hey, it's super easy from a, from a person that's non-techie to be perfectly frank.
Like, like, I'll be honest.
My first experimentation was, is I would send myself YouTube links and throw them in and
(24:46):
then use the tool to take me directly to that YouTube, you know, and anyways, so this
is something super easy that said, we're going to digress a little bit.
First, we're going to talk about next week's episode and I don't want to say digress, but
we finally get our opportunity to meet with Kem.
(25:09):
Like that should be enough said right there.
Like I shouldn't have to say, tune in to next episode.
You want to meet Kem?
Tune in next week.
That's simple.
Yeah.
Well, you know, I mean, I referenced him, but I don't know how much we talked about him,
you know, cause he's my brother.
Right.
Anybody who's listening doesn't know he's, and he's on our, you know, he's one of the,
it's me.
I mean, me, Nick and Kem are the team here, the team bulletproof as I call it.
(25:34):
And, you know, he's mostly behind the scenes, but he's been a software developer in
Kirk as long as I have been longer because he's older as he'll point out, I think.
But, um, and so, you know, he's, he's, he's the one who builds our website and does, you
know, he's the one who built Link Lantern, for example, you know, you and I contributed
(25:54):
ideas and, and concepts of course, but he, he's the one who actually built it for us.
Yeah.
And so, um, yeah, I mean, I agree with you.
It's, uh, you know, we've had him on once before, I think maybe a couple of times.
So, but anyway, yeah, he's, he's going to come on and share his story.
Of failing.
(26:17):
So, yeah.
And tune in to see, so who's the better looking brother?
That's right.
Yeah.
You know, it's funny you say that too, because over the years, like when we lived together,
we don't now haven't for many years, but there was a time anyway, when we had a house phone.
Okay.
This was years ago, people would call and, uh, anyway, it's pretty hard to tell our voices
(26:43):
apart for, for a lot of people who don't know us, know us well, you know?
So that's been fun.
And same with actually, I have another brother and like all three of us have been able to
mess with people a little bit, uh, in terms of our voices.
So, yeah, that's awesome.
(27:03):
Anyway, it'd be good times to have him on.
Yeah.
So, okay.
I'm ready.
I'm ready.
Great episode.
Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free.
The seven most vital layers of protection everyone needs.
(27:26):
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first step.
Again, that's bulletproofmyid.com.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.