Exposed: The Shocking Truth Behind LinkedIn’s “Refund Promise” Manual Testing Scam – A Cybersecurity Wake‑Up Call + Video

Listen to this Post

Featured Image

Introduction:

LinkedIn has become a hunting ground for fake “cybersecurity experts” who lure students with bold refund guarantees and massive follower counts, only to deliver substandard or incomplete training. A recent exposé by ethical hacker Rahat Khan reveals how trainer Deepak Saini allegedly deleted his own refund promise post, removed students who complained, and omitted the entire OWASP Top 10 from a paid manual testing course – a critical red flag that every IT and security learner must recognize.

Learning Objectives:

  • Identify common red flags and scam tactics used by fraudulent online IT/cybersecurity trainers.
  • Understand why OWASP Top 10 is non‑negotiable in manual/security testing courses.
  • Learn practical steps to verify course quality, including lab setup, command‑line validation, and refund recovery strategies.

You Should Know:

  1. How to Verify a Trainer’s “Refund Promise” Before Paying a Penny

The post describes a classic bait‑and‑switch: a bold refund guarantee that vanishes after payment. Scammers often delete the original post or edit it. Here’s a step‑by‑step verification guide using free OSINT tools.

Step 1 – Archive the Promise Immediately

Before enrolling, take a screenshot and use the Wayback Machine (`https://archive.org/web/`) to save the trainer’s post. This creates immutable proof.

Step 2 – Check for Deleted or Edited Content
Use LinkedIn’s own “View edit history” (if available) or tools like `changedetection.io` to monitor the post. On Linux, you can automate:

 Monitor a public LinkedIn post for changes (simplified example)
curl -s "https://www.linkedin.com/posts/..." | diff previous.html -

Step 3 – Validate Follower Authenticity

High follower counts are cheap (buy 10k for $20). Use `social‑analyzer` (GitHub) to detect bots:

git clone https://github.com/sherlock-project/sherlock.git
cd sherlock && python3 sherlock.py username_here

Step 4 – Demand a Pre‑Signed Refund Agreement

Ask the trainer to sign a simple contract stating the refund terms. Scammers will refuse or ghost you.

  1. The Non‑Negotiable OWASP Top 10 – What a Real Manual Testing Course Must Cover

The biggest shock in the post: OWASP Top 10 completely missing. Any legitimate web security course must include these. Here’s a quick tutorial to test if a course covers the basics.

OWASP Top 10 (2021) core topics for manual testers:

1. Broken Access Control

2. Cryptographic Failures

3. Injection (SQL, NoSQL, OS Command)

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable & Outdated Components

7. Identification & Authentication Failures

8. Software & Data Integrity Failures

9. Security Logging & Monitoring Failures

10. Server‑Side Request Forgery (SSRF)

Hands‑on Linux command to test for SQL injection manually (on your own lab):

 Using sqlmap on a test target (e.g., OWASP WebGoat)
sqlmap -u "http://localhost:8080/WebGoat/SqlInjection?id=1" --dbs

Windows PowerShell alternative (manual payload):

 Send a simple ' OR 1=1 -- payload using Invoke-WebRequest
$payload = "1' OR '1'='1' -- "
$uri = "http://localhost/test.php?id=$payload"
Invoke-WebRequest -Uri $uri

Real course must include live labs (e.g., OWASP Juice Shop, DVWA). If a trainer avoids practical sessions (“Do it live” excuse), run.

  1. Building a Free Security Testing Lab to Verify Course Content Yourself

Instead of trusting any paid course, set up your own lab in 20 minutes. This also lets you test the trainer’s “advanced” exercises.

Step 1 – Install VirtualBox or VMware (Windows/Linux/macOS)

Step 2 – Deploy OWASP WebGoat (intentionally vulnerable web app)

Linux:

sudo apt update && sudo apt install docker.io -y
sudo docker run -d -p 8080:8080 webgoat/webgoat
 Access http://localhost:8080/WebGoat

Windows (with Docker Desktop):

docker run -d -p 8080:8080 webgoat/goatandwolf

Step 3 – Deploy Damn Vulnerable Web Application (DVWA)

docker pull vulnerables/web-dvwa
docker run -d -p 80:80 vulnerables/web-dvwa

Step 4 – Test a real OWASP Top 10 vulnerability
– Go to DVWA → SQL Injection → Enter `1′ UNION SELECT user,password FROM users–`
– If the trainer’s course never shows this, it’s worthless.

  1. Manual Testing Techniques – What a Scam Course Won’t Teach You

Authentic manual testing involves both browser dev tools and command‑line verification. Here are commands that should appear in any legitimate course.

Burp Suite basics (free Community Edition):

  • Intercept requests, modify parameters, replay with Repeater.
  • Use `Intruder` for fuzzing: `clusterbomb` payloads with SQLi and XSS wordlists.

Linux command for header analysis:

curl -I https://example.com | grep -i "server|x-powered-by"

Windows command for same (using PowerShell):

(Invoke-WebRequest -Uri https://example.com).Headers

Missing OWASP Top 10 = missing these critical tests:
– Broken Access Control: try curl -X GET https://example.com/admin` – a real course shows privilege escalation.
- Security Misconfiguration: check for default credentials using
nmap`:

nmap -p 80,443 --script http-default-accounts target.com
  1. How to Recover Your Money After Being Scammed (Evidence Collection)

The post’s author was kicked from groups and his questions deleted. If you fall victim, follow this forensic approach.

Step 1 – Preserve All Digital Evidence

  • Screenshots (Win+Shift+S or gnome-screenshot) of the trainer’s original post, group chats, and removal notices.
  • Download course material (the post mentions a Google Drive link – use `gdown` on Linux):
    pip install gdown
    gdown https://drive.google.com/uc?id=FILE_ID
    

Step 2 – Capture Network Logs of Deletions

Use browser dev tools (Network tab) to record when the trainer deletes comments – this proves tampering.

Step 3 – File Complaints

  • LinkedIn: Report the profile for fraudulent training.
  • Consumer protection portals (e.g., FTC in US, local cybercrime units).
  • Payment chargeback (credit card / PayPal dispute – reason: “services not as described”).

Step 4 – Public Exposure (as the original post did)
Post on LinkedIn with evidence, tag relevant cybersecurity communities, and share the Google Drive link (if legal) to prove poor quality.

  1. Linux & Windows Commands to Audit a Trainer’s Technical Competence

Before joining, ask the trainer to explain these simple commands. If they hesitate, it’s a scam.

Linux (real testers use these daily):

 Test for XSS via curl
curl -X POST -d "name=<script>alert(1)</script>" http://target.com/comment

Enumerate subdomains (OSINT)
assetfinder --subs-only example.com

Check for open S3 buckets (misconfiguration)
aws s3 ls s3://bucket-name --no-sign-request

Windows (with WSL or native tools):

 Test for path traversal
Invoke-WebRequest -Uri "http://target.com/../../windows/win.ini"

Check SSL/TLS misconfig
Test-NetConnection -Port 443 example.com

A legitimate manual testing course will include step‑by‑step labs for each of these.

  1. Red Flags Summary – The “Deepak Saini” Pattern

Based on the post, here’s a checklist to avoid similar scams:

  • Deleted refund promises – Always archive before payment.
  • “Everyone else understands” gaslighting – Classic deflection.
  • No practical labs – “Do it live” is an excuse for incompetence.
  • Removing complainers – Transparency is zero.
  • Missing OWASP Top 10 – Equivalent to a math course without addition.

What to do instead:

  • Use free resources: OWASP official guides, PortSwigger Web Security Academy, YouTube (The Cyber Mentor, IppSec).
  • Verify trainer on platforms like Udemy (verified reviews) or EC‑Council.
  • Demand a short paid trial class (e.g., $10 for 1 hour) before committing.

What Undercode Say:

  • Trust is earned, not bought with follower counts. A trainer who deletes promises and silences students is running a fee‑collection scam, not an educational service.
  • OWASP Top 10 is the absolute baseline. Any paid manual testing course that omits it is either fraudulent or dangerously outdated. Learners must demand course syllabi upfront and verify lab coverage.
  • Proactive verification (archiving, OSINT, test commands) is your best defense. The Linux/Windows commands listed above take 10 minutes to learn and can save you hundreds of dollars and months of wasted time.

The cybersecurity community must normalize calling out such frauds publicly – as Rahat Khan did – because platforms like LinkedIn rarely police paid training quality. If a course avoids hands‑on, command‑line, or OWASP content, walk away.

Prediction:

LinkedIn will face increasing pressure to vet paid course promoters, potentially introducing a “verified training” badge or user‑reputation scoring for educators. Meanwhile, scammers will shift to Telegram or closed groups to avoid exposure. The rise of AI‑generated course material will make verification harder – but also easier to detect via automated plagiarism checks. In the next 12 months, expect at least three high‑profile class‑action lawsuits against fake “cybersecurity trainers,” forcing payment processors to tighten refund policies for digital education. Learners will increasingly rely on community‑driven blacklists and open‑source lab validation as the only reliable safeguards.

▶️ Related Video (76% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Rahat Khan – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky