Welcome to WebmasterWorld Guest from 188.8.131.52
Under pressure at work, I saw this email apparently from Amazon.com - questioning my account with them. For some reason I wasn't thinking. In my head was the possibility that they were checking accounts that had never been used and had no credit card details. Obviously I didn't enter my Credit Card details as asked and immediately sent a email off to the Associates support mail to say "so you need a Credit Card to be an associate now do you". I had this whole elaborate scheme in my head about what Amazon were doing - such as had forgotten about people with accounts who never bought anything because they were associates from another country.
I was called "lower than a country bumkin" on the Amazon discussion board - someone defended me by saying remember what it was like when you were first online. But I was programming computers before the IBM PC was invented! My first program was for a computer that had 4K of RAM and that was a mainframe! I just wasn't thinking clearly.
The rather well-done pages were on a legit US site selling stuff. I contacted the host company who immediately removed them. They identified the rogue IP and I geolocated that to Romania.
No harm was done, I didn't enter a Credit Card number, my Amazon password was changed but there's no credit card associated with that and I got it reset through the Associates support pretty quickly.
The thing is, I really believed I would never get caught by such a scam - I've been online for too long. Maybe I've become lazy because I've become used to clicking on embedded links in MySpace emails to see any messages. Maybe I'm just an idiot looking for a village.
You know it can catch anybody if the circumstances are right and the phisher is good enough. I have a friend who's head of security for a very big software company (who I won't name ;)) and he fell for an eBay phishing email a few weeks ago.
If you gets you in the wrong frame of mind, too tired, not enough coffee etc....
Thanks for posting about it - it's a reminder that we all need to ensure we don't click on email links in the above state!
Thanks trillianjedi - I kind of blame it on my male inability to multitask. Had to get a system modification out by lunchtime and persuade the Test team to accept it while the customer was on the phone to my boss asking for more changes.
I think the key is the "internal story" - the only other time I clicked on such a link was when it was appently from Paypal and I have a Paypal account of a few years standing but have never ever bought anything. That time I stopped myself.
was the lifeguard not looking when you got out of the gene pool
Don't feel too bad. I keep getting a very short, abrupt message on my answering machine telling me to call an 800 number. No company identification or anything. I finally decide to call and tell them to stop leaving me recorded messages. So I call the number and the recorded voice (a different one) answers with "[major credit card company] customer service. Please enter your credit card number to continue." So I figure there must be some issue since I still haven't gotten the new card they were supposed to send. I start entering the number before sanity kicks back in and I ask myself why I'm so willing to give my credit card information to a recording that called me! So I hung up before giving any additional information.
That reminds me that I still need to call the credit card company and find out about the card. And if it's actually them sending the recorded message. If so, they're going to get an earful about poor customer service!
This is where I expect some sympathy and, at the very least, better quality insults!
This is where I expect some sympathy and, at the very least, better quality insults!
You mean better than "lol" and "learn2play n00b" and "omg ur so dum?"
Not if it's the Associates board that I know and love.
Err ... "know and tolerate."
Amazon associates board has some awesome flamewars from time to time, though.
My main problem is that the first thing I do when I wake up is sit down at the computer with my first cup o', and start going through e-mails on one monitor and scanning the BBSes and news on another. Flipping my attention back and forth between the two monitors, before I've even finished my first cup of coffee... I get a wee bit distracted sometimes.
I'm not going to call you names. That would just be inviting karmic payback.
Then there was the time my wife came into the room as I was watching television. She said something that I didn't hear and I absent mindedly pointed the remote at her and tried to turn her up!
The worst part of this was that she saw me and told everyone I knew about it. (I tried turning her down but that didn't work either),
When I was 14, (a very long time ago) I answered the phone just after I had gotten home from school. The man asked for my father using his first name. I explained he wasn't home, but that I would take a message. He then said, is your mom home then? I said no, she was out.
He asked if perhaps I could help him? He then said he was from the alarm company and my father had asked him for a quote to have an alarm installed in the house. He was in the neighbourhood and wanted to stop in to see how many windows and doors there were in the house which he would have to wire. Otherwise, he could come back in a about three weeks when he would be in the neighbourhood again.
I hadn't been aware that my Dad was planning to install an alarm, but I didn't want to be the one to tell him he was going to have to wait another three weeks to get the quote. You guessed it, I let him in! I stayed with him while he measured the windows and doors and made note of the measurements on his clipboard pad. Then he left.
Being an air-headed teen ager who couldn't retain information for any length of time, I completely forgot to tell my father until almost a week later. His jaw just about hit the floor! I don't recall ever seeing him so angry or upset. My parents went through the house with a fine toothed comb, but nothing was missing. My parents called the police, but as there was nothing missing and I hadn't been hurt, they said there wasn't much we could do ... but suggested my parents have an alarm installed.
A week had gone by and nothing had happened so my mother figured the man was probably legit and simply had the wrong house. But I reminded her that he had asked for my dad using his first name which was why I had trusted him in the first place. As my Dad pointed out, I hadn't thought about the fact that my Dad's first name was listed in the phone book!
My father (an ex Major in the Canadian army) called both of my brothers (big lads) who were both married and asked them to help him with a plan to catch the robber(s). Each night, one or the other of my brothers or my dad would sit up all night (with my dad's shotgun) and wait. This went on for a full two weeks. My mother thought my father was crazy and begged him to stop!
Finally, three weeks to the day after I got the call, a man dressed all in black with a ski mask over his face, jimmied the basement door open in the middle of the night, only to be met by my oldest brother holding a shotgun in his face and my other brother's doberman pincer waiting to rip the guy apart.
My Dad tied him up in his Lazy Boy chair and called the police while my brother (an ex-policeman) held the gun on him. When the police arrived, my father woke me up from a sound sleep and the police asked me to identify the man. Sure enough, it was the same fellow I had let into our house three weeks earlier.
He went to jail and I learned a very valuable lesson. I won't tell anyone anything over the phone or in an e:mail. I want a written letter from any company I deal with. I want to see their letterhead and be able to match the address and phone number to that listed in the phone book before I will do business of any kind. I want references from people who I can also match to a name, phone number and address in the phone book before I will even deal with any tradesmen or allow them to enter my home.
I also have a dog who doesn't particularly like men he doesn't know ... and I keep a very sharp machete in my bedroom closet!
When I had grown up, had my own place and my Dad had passed away, I listed my phone number using my Dad's first name. I was amazed by the number of calls I would get asking for "Fred". I always asked, may I tell him who's calling? ... then I'd leave the phone on the desk and walk away, leaving the caller to twist in the wind for as long as they cared to wait on the line for "Fred". Served them right for trying to be familiar ... whatever their reason for calling! ;)
Any one of us can be taken in if the story is good enough. My Dad was an army man (a trained sniper) and the CEO of a large insurance company. He taught us to be very cautious ... yet I was taken in anyway! Never again though.
If you're after insults, I know some jim-dandies. (Have you ever been called a duckaloof before? wink )
Oh my lord. "Duckaloof" is my new, all-purpose insult. I don't know what it means, but who cares?
As a side note on creative insults, an acquaintance used to use things like "Ya Big Girl's Blouse!" and "Ya Pancake!"
I'm about as clueless on those as I am on "Duckaloof," but they sure sounded pejorative when uttered by a 6-foot-four, 250-pound dude from Scotland.
Oh, and Liane: great story. Talk about lesson learned! My parents drummed it into my head that I was NEVER to say that mom and dad weren't home. It was always, "He/She's busy/in the shower right now, can I take a message?"
I got a phone call about a credit card a year ago. It referenced a credit card offer for business that came in the mail from that company. The offer was quite good and tempting.
After talking on the phone about the offer for quite some time, I went ahead and was going to sign up for the upgraded credit card for business. They could take care of it right there on the phone - no problem. I thought that was pretty cool.
As one of the last things they had to get for info was my ss number. I opened my mouth to give it to them, and it hit me - they Called ME and there is no way I was going to give out my ss number to someone who called me. I said thanks and that I would not give out my ss number over the phone to someone who called me and hung up. I never heard about that offer ever again...
The other popular scam running is the "copier toner" scam.
Scammer: "Hello, this is bob with acme copy supplies. WE didn't have the right number for the copier order, what is the correct model number of your copier?"
Office person: "Oh, it is a HP 41229".
A week later, you get an invoice sent for the "Hp 41229" toner you ordered. You do remember ordering it right?
Some times they will even send you the toner at a very high price...
with passwords online i actually have an internal block, which kicks in quite hard, when someone asks me to click in an email :-)
One of my jobs involves a lot of high profile financial organizations.
Phishing e-mails come to these organizations by reviewing job offers and HR pages to see what special benefits they offer - for example one big bank posted their medical insurance carrier name in an online job offer.
Within a week or so employees of big bank started to receive e-mails at work from Rumania purporting to be the "medical insurnace" <sic> company - beautiful HTML forms with images from the insurance web site asking for very detailed information. Major headache both at the insurance and at the big bank.
It seems that spear phishing works even better then the vanilla phishing.
Too easily done. Paypal later told me they always email using my name. I didn't even notice the fake email didn't.
[edited by: lawman at 8:31 pm (utc) on April 30, 2006]
[edit reason] No Links - Espicially To Illegitimate Sites [/edit]
I am cautious. I hold my mouse over links in emails to check where it is really going. Anything remotely financial based I wouldn't click on - hey, I'm not stupid! My Amazon.co.uk account or my bank or Adsense, I know enough to always go there under my own steam.
The problem comes down to this: In my head I must have been half-expecting an email from Amazon.com about my account. I looked at the PR of personal profile pages in Amazon recently in terms of how I could use them to get a link to my sites and noted that reviews etc only appeared if you had actually bought something (that is, had used your account).
So, if I had just gone over my overdraft limit with my bank and I got an email from them then I think I would be in danger of clicking on a link - because my mind would be on my worries about the unauthorised spending rather than the fact that I never trust the source of emails. Just like the Paypal confirmation I nearly filled in - I set up a Paypal account two years ago, confirmed the trial transaction, but have never used it. If ebay emailed me about my account, then I would liable to first think about the fact that I haven't ever bought or sold anything over ebay so perhaps it was legitimate that they were questioning my account.
What really worries me is that I was at least awake enough to spot the problem and do something about it and so the only inconvenience was to think of a new password. There must be so many people who are not as 'net-savvy' as I thought I was. I now think that all email systems should not allow embedded links - they should be converted to text and the instructions for copy and paste into the address bar should be included.
...and yet I got an Event Invitation from MySpace today and I clicked on the link in the email to look at it.
I then tried to sign into Yahoo and they had already changed my password. I called Yahoo and finally proved to them I was me by my alternate email on the account and got it changed back over before the spammer had fully damaged my email account. I felt so dumb to have fallen for that scam but itís when you are half way paying attention that you get caught off guard. I guess that is why they send 50 or so Paypal looking emails a day to hope they catch us when we are not paying attention. I am more careful now but it just makes me sick that these people get away with these phising emails from Paypal, Ebay, and Amazon. It amazes me they are not caught more often because I get hundreds in my email box every week without even going to my spam mail.
About six months or so a go, a large telecoms company (UK) started phoning customers to remind them if a bill was outstanding and asking the bill to paid by credit card. Being paranoid, I declined when I was called (but it was legit - I checked) but I'm sure many people happily obliged, and would do so again.
I called the dept of revenue (using phone number from book) and was shocked learn it wasn't a scam!
In fact the revenuers said I was almost the only one who had EVER questioned their veracity.