This is a story that will hopefully inspire you to persevere in life and in your business when unexpected trouble arises. Remain true to core business principles of honesty, integrity, and ignoring negativity. The story is from a few years ago, but the lessons learned have helped me every day since then.
This story came at a time when I was working hard to push my WP-Members membership plugin for WordPress forward and there was plenty of new development that needed to be completed; but other daily tasks like customer support always seemed to take up most of my time. Customer service is a priority and I always look for a way to say “yes” to things when helping my subscribers which can take a lot of time.
This stagnation had me in a bit of a funk; but I had a bright light on the horizon. I had finally bought my “dream farm” – a little 20 acre piece of heaven where I hoped to homestead and be a little more self sufficient. I would have an office with a window instead of the basement — and NO traffic.
After we closed on the property, instead of our usual summer beach vacation, our family vacation that year was to spend some time at the farm. We needed to build a list of what needed to be done as we transitioned our move. Normally, if we drive to Florida, that means a couple of days of long driving followed by a long night of catching up on all of my customer support tickets. This year, it would be that same issue coupled with a few days of zero Internet at that farm. We would arrive on Saturday and the Internet wouldn’t be hooked up until Tuesday. The farm is remote and our cell phones don’t work out there. That would make working on vacation a little more stressful than usual.
What does this have to do with phishing scams and mean people?
It started the night before we left on the road trip. I started getting a few emails asking to be unsubscribed or to tell me they did not purchase anything from me. Oddly, none of these email addresses were in my email list or my customer database. At the time, I didn’t think much of it.
The morning of any road trip I make sure the support queue is clear so I can concentrate on driving for a few hours. But this time, my inbox was jammed full of hate. I still could not figure out what was happening. I sent a reply to one of them asking if they would give me some detail as I had no idea who they were or what they were talking about.
She forwarded me an email she received. It looked just like a PayPal automatic renewal email indicating her RocketGeek.com subscription was pending and would be automatically renewed. It gave a link to cancel and provided the RocketGeek.com support email address.
It looked very real and official.
It was a scam!
I was stunned. This was not good. I was about to be doing 9 hours of driving that day. I would certainly have normal support requests during the day that would need to be responded to. And already my inbox was getting full of “other” email that was from non-customers demanding that I take them off my list and/or stop scamming them. Most of the emails were threatening and many were laced with some colorful words.
What could I do about it? I was about to leave on a road trip, and I had actual customers to support as well. Was this really affecting me at all other than the barrage of hate mail I was getting?
I notified PayPal about the spoof email, loaded the family in the car, and hit the road.
By noon, it hadn’t let up. By evening when we stopped at a hotel and I planned to get caught up on support tickets, I had formulated a semi-gameplan for dealing with the spoof email.
By now, I understood exactly what this was. You’ve seen them in your inbox before – usually masked as a bank or other large company. They are phishing emails – scams cleverly disguised to look like legitimate messages from legitimate companies.
In some respects, this one was no different. It had all the usual markings of a phishing scam. It didn’t come from the email address given for support in the message, there were slight grammatical errors and the company name wasn’t capitalized the way that I have branded it (Rocketgeek.com instead of RocketGeek.com).
The worst was that it linked to a very well designed scam of PayPal’s login and website. If you didn’t look at the address bar in your browser, you probably would think you were logging into PayPal – something the email instructed you to do in order to cancel the order – something that anyone who believed this was a real message would do.
Having been a web professional for over 2 decades, I knew the drill, so I logged into the scam site not using my PayPal credentials at all. Putting a real login into this form would give the hacker your PayPal username and password.
Then it asked for credit card data to confirm that the transaction would be cancelled. Full credit card info, billing address, confirmation code – it asked for it all. If people clicked through this thinking it was legit, they would be handing over their PayPal login as well as their credit card information to scammers.
Since I had already notified PayPal, and also notified the companies I could connect to the web of domains used – hosting and domain registrars, I decided to put together an email to the people who had been sending me email all day long.
My message was not long. It indicated that this was not from me and had nothing to do with my business. It indicated that this was a phishing scam and that they should not click the link in the message. It also told them that if they had “logged in” to the scam site, they should immediately contact PayPal and their credit card company to report the incident.
Most of those messages were never responded to. That’s OK, I wasn’t looking for accolades. But a simple, “OH, I’m sorry; I didn’t mean to insult you or threaten you” might have been nice. And I did get a few “thanks for the info” messages – a very small few. What surprised me was that I got an equally small number of other responses threatening me with legal action.
That’s a little bit like being mugged in a dark alley, and the victim threatens me with legal action because the mugger, who was not me and had nothing to do with me, happened to have a sticky note with my phone number on it.
It takes a special kind of jerk to craft that kind of a message.
I blew those off.
It was a frustrating experience. Eventually, the messages subsided. But it was a couple of weeks before it went back to zero.
There were a couple of lessons in all of this.
Develop a Thick Skin
First, as a business owner – any business owner whether that’s freelance, self employed, small business, or even large – develop a thick skin. As I’ve written in the past, you have to let the negativity go and focus on what is positive. The same applies here. It’s not your fault some scam artists decided to use your business name in this way. And there’s nothing you can personally do to prevent it from happening. A thick skin and proper focus helps keep that negativity from seeping into your soul and causing you stress over something out of your control.
Putting yourself if the shoes of the scammed is helpful. Understanding that someone could just be having a bad day. Or perhaps they’ve been scammed before. Possibly they just don’t have the skillset or knowledge to recognize a phishing scam. In the case of this scam, it was pretty well crafted and since it wasn’t coming from something obvious, like JPMorgan, Citi, or a well known entity, it may not trigger the same thoughts.
Most of the people in my case probably thought the scam was actually me trying to scam them – not some phishing scam made only to look like me. Putting myself in those shoes helped me to understand that was probably the case in most of these messages. That’s why I tried to answer as many of the complaints as I could with information that I felt was helpful in pointing out what was obvious to me but not so clear to them.
Respond As a Professional
No matter how much of a jerk someone is, always be professional in your response. Remember, this is your public face. If you want to be treated as a professional then behave like one.
Also remember that what you put out there on the Internet is forever. Much like talking to someone in person, once you’ve said it, you can’t take it back. Except this is like putting it up on a billboard for everyone to see.
Always be kind and professional no matter how much you’d like to throat punch some jerk who shouty-caps obscenities at you. Even if they don’t respond to that, it puts you on the high ground. It’s ultimately for your brand image, not for their feelings.
Ultimately, I hope this never happens again. It was a horrible experience and it took my focus off of a lot of work that needed to be done. It also stressed me out unnecessarily while on a working vacation. Hopefully, some of the lessons I’ve learned through this will also help you in this or similar type of situations. I’m hoping it never happens to you.