master
PayPal Advice
June 2005Dear Ken Stuczysnki,
10 Ways to Spot Spoof Protect yourself from fraudulent emails and fake websites. This type of fraud is commonly referred to as “spoof” or “phishing.” Take a few minutes to visit PayPal, and:
• Find out 10 ways to spot spoof • See what a spoof email may look like • Learn how you can fight spoofers
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/SecuritySpoof-outside
Examples of these phishing scams can be found on these forums HERE.
Nigerian Scams Early 2005
It was a brisk year for them apparently, because I may have to end the archive because of the time to maintain it, but here are the ones JUST FROM JANUARY … the rest are in the attached ZIP file.
Nigerian 2005 02to06.zip (278.5 KB)
Internet Lotteries
Yes, they are ALL fake. Every single one. I dare anyone to find an exception.
But just for laughs, here are a few, starting with the “Mother Theresa Lottery” with the message subject …
PRIZE WINING AWARD NITIFICATION!!!
MOTHER THERESA INTERNATIONAL GAME
C Don Jaime I nº11 2º
50.003 Madrid
SPAIN.Your Ref: MTHL 322 /OCT. /04 Date: 12-10-04
Our Ref:
MOTHER THERESA RANDOM PROMOTION
Dear Sir/Madam,
We are pleased to inform you of the result of our computer random selection for the Mother Theresa International Game held in October, 2004.Your email address attached to ticket number TGD/67-BO11748322 drew the lucky star number which consequently won the draw in the second category.
You have been approved for the star prize of Seven Hundred Thousand Euros (700,000.00 Euros).
CONGRATULATIONS!!!
You are advised to keep this winning very confidential until you receive your lump prize in your account. This is a protective measure to avoid double claiming by people that you may tell.
Now convert your lottery winning notification into money here in Mother Theresa International Game: Just send your winning ticket number and your personal data to public relation officer Mr. AMANDO JULIO. this email address. [email=amandojulio@netscape.net]amandojulio@netscape.net[/email] for the processing of your claim. All prizes must be claimed within three monthsNOTE: If you are under the age of 18, you are automatically disqualified for this star prize..
Yours faithfully,
Mr. Armas Gonzalez.N.B: Any breach of confidentiality on the part of the winner will
result to disqualification. Please do not reply to this mail box.
Contact your claims agent immediately.———————————————-
This email is send by “Demo Software”
Especially Clever Phishing
The email stuck out like a sore thumb, but somehow I gravitated toward seeing if the scam site was still up.
Dear PayPal Member,
PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.
Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement and to ensure that your account has not been compromised, access to your account was flagged. Your account will remain flagged until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised.
In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason:
Our system requires further account verification.
Case ID Number: PP-056-245-481 We encourage you to log in and restore full access as soon as possible. Should your account remain flagged for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure.
————————————————————-
Please click on the link below to log in and restore full access to your account.
Click here to activate your account
————————————————————-Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
PayPal Email ID PP562
When I went to the site, I noticed the status bar showed a non-PayPal site as expected after an auto-forward, but look at the address line …
Identity Theft
This was sent to me by my primary attorney in an email, passed along through cyberspace, but helpful information regardless of source:
—————————–
ATTORNEY'S ADVICE — NO CHARGE
Read this and make a copy for your files in case you need to refer to it someday. Maybe we should all take some of his advice! A corporate attorney sent the following out to the employees in his company.
1. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.
2. Do not sign the back of your credit cards. Instead, put “PHOTO ID REQUIRED”.
3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the “For” line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.
4. Put your work phone # on your checks instead of your home phone. If you have a PO Box, use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.
5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards.
Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information online, and more. But here's some critical information to limit the damage in case this happens to you or someone you know:
1. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.
2. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).
But here's what is perhaps most important of all: (I never even thought to do this.)
3. Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.
By the time I was advised to do this, almost two weeks after the theft, all the damage had been done. There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away This weekend (someone turned it in). It seems to have stopped them dead in their tracks.
Now, here are the numbers you always need to contact about your wallet, etc., has been stolen:
1.) Equifax: 1-800-525-6285
2.) Experian (formerly TRW): 1-888-397-3742
3.) Trans Union: 1-800-680-7289
4.) Social Security Administration (fraud line): 1-800-269-0271
Abbott and Costello
Bud Abbott and Lou Costello's infamous sketch “Who's on first?” might have turned out something like this today:
COSTELLO CALLS TO BUY A COMPUTER FROM ABBOTT.
ABBOTT: Super Duper computer store. Can I help you?
COSTELLO: Thanks. I'm setting up an office in my den and I'm thinking about buying a computer.
ABBOTT: Mac?
COSTELLO: No, the name's Lou.
ABBOTT: Your computer?
COSTELLO: I don't own a computer. I want to buy one.
ABBOTT: Mac?
COSTELLO: I told you, my name's Lou.
ABBOTT: What about Windows?
COSTELLO: Why? Will it get stuffy in here?
ABBOTT: Do you want a computer with Windows?
COSTELLO: I don't know. What will I see when I look in the windows?
ABBOTT: Wallpaper.
COSTELLO: Never mind the windows. I need a computer and software.
ABBOTT: Software for Windows?
COSTELLO: No. On the computer! I need something I can use to write proposals, track expenses and run my business. What have you got?
ABBOTT: Office.
COSTELLO: Yeah, for my office. Can you recommend anything?
ABBOTT: I just did.
COSTELLO: You just did what?
ABBOTT: Recommend something.
COSTELLO: You recommended something?
ABBOTT: Yes.
COSTELLO: For my office?
ABBOTT: Yes.
COSTELLO: OK, what did you recommend for my office?
ABBOTT: Office.
COSTELLO: Yes, for my office!
ABBOTT: I recommend Office with Windows.
COSTELLO: I already have an office with windows! OK, lets just say I'm sitting at my computer and I want to type a proposal. What do I need?
ABBOTT: Word.
COSTELLO: What word?
ABBOTT: Word in Office.
COSTELLO: The only word in office is office.
ABBOTT: The Word in Office for Windows.
COSTELLO: Which word in office for windows?
ABBOTT: The Word you get when you click the blue “W”
COSTELLO: I'm going to click your blue “w” if you don't start with some straight answers. OK, forget that. Can I watch movies on the Internet?
ABBOTT: Yes, you want Real One.
COSTELLO: Maybe a real one, maybe a cartoon. What I watch is none of your business Just tell me what I need!
ABBOTT: Real One.
COSTELLO: If it's a long movie I also want to see reel 2, 3 & 4. Can I watch them?
ABBOTT: Of course.
COSTELLO: Great! With what?
ABBOTT: Real One.
COSTELLO: OK, I'm at my computer and I want to watch a movie. What do I do?
ABBOTT: You click the blue “1”.
COSTELLO: I click the blue one what?
ABBOTT: The blue “1”.
COSTELLO: Is that different from the blue w?
ABBOTT: The blue “1” is Real One and the blue “W” is Word.
COSTELLO: What word?
ABBOTT: The Word in Office for Windows.
COSTELLO: But there's three words in “office for windows”!
ABBOTT: No, just one. But it's the most popular Word in the world.
COSTELLO: It is?
ABBOTT: Yes, but to be fair, there aren't many other Words left. It pretty much wiped out all the other Words out there.
COSTELLO: And that word is real one?
ABBOTT: Real One has nothing to do with Word. Real One isn't even part of Office.
COSTELLO: STOP! Don't start that again. What about financial bookkeeping? You have anything I can track my money with?
ABBOTT: Money.
COSTELLO: That's right. What do you have?
ABBOTT: Money.
COSTELLO: I need money to track my money?
ABBOTT: It comes bundled with your computer.
COSTELLO: What's bundled with my computer?
ABBOTT: Money.
COSTELLO: Money comes with my computer?
ABBOTT: Yes. No extra charge.
COSTELLO: I get a bundle of money with my computer? How much?
ABBOTT: One copy.
COSTELLO: Isn't it illegal to copy money?
ABBOTT: Microsoft gave us a license to copy Money.
COSTELLO: They can give you a license to copy money?
ABBOTT: Why not? THEY OWN IT!
A FEW DAYS LATER . . .
ABBOTT: Super Duper computer store. Can I help you?
COSTELLO: How do I turn my computer off?
ABBOTT: Click on “START”……….
{author unknown}
Phishing, Carding, and Spoofing Scams
All about Phishing (also known as Carding and Spoofing) …
Phishing For Suckers: Don’t let your customers fall for the latest in e-mail scams
VarBusiness, January 2004
Spam News Articles Archive
Here are links previously featured on the main pages of GeeksBearingGifts.Com:
Anti-Spam Bills in the Works
eWeek, August 2002
Washington Bids to Can Spam
eWeek, May 2003
War on Spam Gains 2 Allies
eWeek, May 2003
Legislation and technology advances aim to stop the delivery of unwanted email
May 2003
Throwing the book at spam
Infoworld, July 2003
Can-Spam Act Can't Can Spam
InformationWeek, February 2004
Interview with Domain Registry of America
Email Interview with “Simon” (no last name given), minimal editing, all questions accepted with permission to post under condition of posting response in entirety, and request not to submit as part of any article for a publication.
GBG: What is your position at Domain Registry of America?
Simon: I am one of the [general] supervisors.
GBG: Your company has been accused of “slamming”, or tricking customers into switching registrars. A number of other registrars have had similar accusations made against them. What is your response to this?
Simon: The accusations are false. It is IMPOSSIBLE to switch from one registrar to another without responding to a series of transfer request emails. Nobody can be “tricked” when their verification is required 5 times in order to complete the transfer of registrars. These accusations of “slamming” only come from competing firms of ours.
GBG: How many mail pieces prompting a switch in service do you send out in a n average month, and which domain roles do you solicit mail to – all of them, just administrative, billing, technical?
Simon: We do not give out company strategies and every month is different depending on our market research. [And] we have spent a lot of money researching this and we are not in a possession to give out such info. We’re a private company so I have to keep some things that way.
GBG: From your experience, is the person managing a domain (i.e. someone who deals with their current registrar) usually well informed on domain issues, or someone who is just in charge of paying bills or other business process, such as a typical small business owner?
Simon: It varies. We deal with a wide variety of clientele from farmers in the valley with one single domain to hosting companies that register hundreds of domains with us on a monthly basis. We treat every customer with the same level of professionalism and appreciation. Our customers will confirm this fact.
GBG: In an earlier conversation, you stated “It is impossible for anyone to switch to our company by mistake,” and that “A series of electronic confirmations are required in order to transfer a domain from one company to another. This method avoids any confusion.” Please tell us a little about this process and how it may prevent unwanted switching.
Simon: Without registrant consent, the transfer of a domain CANNOT take place. The emails state very clearly who the losing and gaining registrars are. NOBODY has EVER accidentally switched to our company. It is impossible. It CANNOT happen.
As for the process, here goes: [1] We obtain authorization from the registrant who has the authority to legally bind the registered name holder. [2] The form of authorization is an email link to our website to which the individual of authority must approve or disapprove of the transfer. As the gaining registrar we are required to retain a record of the authorization and as such we maintain the time, date, decision, and IP address. [3] Once approval is provided a transfer request is issued to reflect the new registrar in the Registry database. Both the registrant and the losing registrar MUST either approve or disapprove the request. [4] Once the transfer is completed both the losing and gaining registrar are informed of this by the Registry Operator (Verisign) and in turn the gaining registrar informs the individual of authority who initiated the transfer. [5] Once approval is provided to us, we initiate a transfer request to reflect us as the new registrar in the Registry database. Our automated system approves the transfer requests. [6] Once the transfer is completed both the losing and gaining registrars are informed of this by Verisign and in turn the new registrar informs the individual of authority who initiated the transfer.
There are a total of 5 emails to be verified before the transfer of a domain to our company can complete.
GBG: How often do you receive customer service inquiries about people having switched, or making a payment to switch, by mistake?
Simon: Every so often we will get a call from a customer who has sent us payment by accident, as do other identities as well. However once they get one of our customer service representatives on the phone, they usually decide to remain with our company. You see, one thing this industry is severely missing is customer service. Until now, domain holders have been dealing with registrars that keep their clientele on a 20 minute wait before an operator even answers, only to be discouraged with the lack of assistance they are provided. It is for this very reason our company grew so fast; our customer (and technical) support is second to none. We guarantee it. Customer care is as important as your service or product. There are many registration companies that don’t even provide a phone number in which they can be reached, and these are BIG organizations.
I urge anyone to test Domain Registry of America on our customer support. As well, we are the only company I know of that will actually respond to email inquiries AND within an hour.
GBG: After the FTC statement … have there been any significant changes in the snail mail marketing materials or related processes? And if changes were made, have you received fewer complaints since that time?
Simon: If you READ the FTC statement (albeit lengthy) it states nowhere about changes having to be made to our mail outs. The only change we were required to make was that we are no longer able to charge an administration fee when processing a refund (we lose money in the process). The “Important Notice” was removed and changed to “Domain Name Renewal Notice” but we suggested that to the FTC as they felt Important notice was a bit strong
It’s funny how people see our name on the FTC website and assume the worst. People don’t take the time to READ the article. It’s these same types of people that don’t actually READ our solicitation. People don’t read.
GBG: I noticed in a recent mailing, you talk up front about “switching”, yet my client almost mailed you a check, thinking it was necessary to keep their name.
Simon: But your client DIDN’T mail the payment. Obviously they understood they are not obligated to pay us anything. In fact, it even states within our letter that no one is under any obligation to use our services.
GBG: Your mailing makes clear warnings of various potential losses by not renewing a domain name, which some critics online have called a “fear tactic” to prompt action. Considering the mailings are sometimes many months before renewal is required, what is the reason for the language in the mailing?
Simon: I don’t agree that our mailing is a “fear tactic.” However I will say that it is aggressive. In the world of business you have to be. We didn’t want to be another fly by night registrar that sits back and waits for the business to come to them. Where do you think those businesses are now? The language in the mailings is quite clear if one READS it.
Anybody can be an “online critic.” That’s the problem with the Internet – suddenly EVERYBODY has a forum to voice their opinions. There are forums online where people criticize everything from the war on terrorism to Gap commercials.
GBG: Is there any consideration when mailing as to how soon a domain name is about to expire?
Simon: It doesn’t matter. Sometimes we renew domains that still have years left in their terms. The reason for this is because we add the years on to the existing term. In other words, no one loses time on the domain they have already paid for.
GBG: There is news of your company’s recent expansion in marketing to the UK. Is there any information you’d like to share about marketing initiatives in other countries?
Simon: Like most businesses, we’re looking to expand. There are great opportunities abroad, and there are several competitors of ours doing business in places offering customer service that doesn’t compare to ours. We’re hoping to eventually tap that market also. It will take some time for new markets to warm up to us, but once they start communicating with us they will see how easy we are to deal with. As I said before, customer care goes a long way and ultimately prevails. Just like North America, other markets WILL appreciate our service and competitive pricing.
For the record, here is the letter received, and when asked what they thought it was, the response (coming from a paralegal) was
I opened the letter from that group and I thought that it was an invoice that we had to pay to keep our name registered.
Yes, if you read it through, I as someone who deals with the web find it clearly not an invoice, but the question remains: would the average person take the time to read something that might be a bill about a service they may not be clear about, or just pay it to avoid the repercussions stated in the letter?
Decide for yourself.
DROA_Mailing (PDF)
Computing Then, and Now
What computers will be like in 2004 …
And I agree with them – boy I wish it were “economically feasible” to have this in MY home!
