Category Archives: SCAMS!

Beware! Origin Energy email scam

I just received a warning from the government website – Stay Smart Online:

https://www.staysmartonline.gov.au/alert-service/malicious-emails-impersonate-origin-energy

It’s free to register and the warnings can save you from malicious attack. Anyway, this particular warning referred to a new email scam that was reported by the Herald Sun newspaper on the 19th of July, 2017. You can read it here:

http://www.heraldsun.com.au/technology/origin-energy-scam-emails-new-malware-attack-hits-australians/news-story/9d5bd312efa909a548fb9e9e3ac00e23

Basically, the scammers have copied the Origin Energy bill payment email format to trick customers into clicking on fake links that will expose them to malware or worse. Sadly, this is an eventuality I predicted over a year ago when I wrote a post about this very issue:

‘What’s wrong [with email bills] is that each link is a potential opening for scammers to steal your information, especially that big, orange ‘Pay now’ button. You see, these days, the really good scammers can reproduce the Origin Energy logo, its fonts, the colours, even the text…PERFECTLY. If you were to receive one of these reproductions, you would need to look very, very carefully to pick the fake from the original. And let’s face it, how many of us scrutinise each email we receive, especially when we are expecting to receive it?’

You can read the full post here:

http://wp.me/p25AFu-2mi

The Origin Energy response has been to ‘teach’ customers how to spot a fake email. Not good enough. Here’s what I wrote in that same post from June last year:

‘And what do you think the big corporations are going to do about the theft of all my money? Will they pull their hair out by the roots and cry ‘mea culpa, mea culpa’? Not on your life. They’ll say that the fault was all mine. They’ll say that they warn customers about ‘scammers’ so it’s a case of ‘buyer beware’.

Having our accounts hacked is too high a price to pay for the convenience on offer. NEVER pay your Origin Energy bills via their emails. Pretend they’re just paper bills and go into your internet banking to pay them safely. Origin Energy created an opening for scammers and you didn’t have to be a psychic to know this would be the result. 😦

Meeks

 


Possible new #email #scam ?

I’m not a programmer so I’m just guessing that the two emails below are scams, but whatever they are, any change of pattern deserves caution.

So what are these changes of pattern?

I’ve noticed two, and they both involve the email address of the sender. Before I show you what I mean, it’s worth having a quick look at the standard parts or components of an email address. I’ll use my gmail address [this is my public email only] to illustrate:

meekasmind@gmail.com

The components are as follows:

  1. the username – i.e. meekasmind
  2. the @ symbol
  3. the mail server – i.e. gmail
  4. the top level doman or extension – i.e.  .com

The @ symbol never varies but the username could be just about anything, same with the mail server, however the top level doman is usually restricted to a few familiar extensions. These include:

  • .com
  • .org
  • .net
  • .info

I’m sure there are more, but those are the main ones, off the top of my head. Outside of the US, these extensions often include the country code – e.g. .com.au for Australia.

Now have a look at the screenshots of emails I received just this week:

security scam concert-tickets

This is the first one I received. Note the .stream extension. Now it is possible that new extensions were approved while I wasn’t looking, but when I searched for the ‘concert-tickets‘ mail server from which the email supposedly came, I found nothing. Zip, zero, nada.

The next day I received three more emails with the hypenated mail server name and the .stream extension. Hmm..a pattern emerging here.

Then today a variation on the theme:

security scam or hack 2

Instead of a .stream extension on the email address, we now have a .download. Assuming the .download and .stream extensions are legitimate, just exactly how many of these extensions are there?

Note something else as well. Under ‘Improve Your Vision’ [which is a link to another web location] there is vertical line. That line is not a truncated picture holder [given that Firefox blocked the images embedded in the body of the email*]. Nor is it an error. That line is another link.

Why is that line potentially significant?

Because even people who know to be wary of links in emails might click it just to find out what it is.

For me, another suspicious thing is the lack of ‘other’ information in any of these emails. Now it’s possible that the blocked images contain more information – i.e. text – but as a form of marketing, this doesn’t seem to be very smart. Which leads me to suspect that it’s not really marketing at all.

If anyone knows anything about these ‘new’ extensions – i.e. whether they are legitimate or not – please reply in comments. Until we know for sure, however, please treat these kinds of emails as potentially dangerous.

cheers

Meeks

*The reason Firefox blocks at least some images in emails is that certain images ‘can’ contain malicious code. I’m not sure how that works, and I’m not sure how often it happens, but I know it’s a possibility.


#Email bills – Christmas for #scammers?

Here in Australia, Origin Energy [one of the big utilities companies] recently introduced gas and electricity accounts sent via email. Good idea? Not so, and here’s a picture of why:

email bills

The screenshot above is a picture of my new, email electricity bill. Notice all the red? Each one of those circles denotes a link to some address on the internet. Click on that link and you are automatically taken to that address.

So what’s wrong with that, you ask? We all use the internet a million times a day.

What’s wrong is that each link is a potential opening for scammers to steal your information, especially that big, orange ‘Pay now’ button. You see, these days, the really good scammers can reproduce the Origin Energy logo, its fonts, the colours, even the text…PERFECTLY. If you were to receive one of these reproductions, you would need to look very, very carefully to pick the fake from the original. And let’s face it, how many of us scrutinise each email we receive, especially when we are expecting to receive it?

Expectation lowers our defences.

I already expect to receive a mobile phone account [via email], and now I will also expect to receive gas and electricity bills, via email. I may scrutinise the first five, ten, 25 emails but after that? I’ll get complacent.

One day, I’ll be in a hurry and I’ll forget to check all the tell tale signs of a forgery. I’ll click on that big orange ‘Pay now‘ button in the email, and it’ll take me…somewhere. That somewhere will look like the  real deal as well so, still in a hurry, I’ll enter my banking details, pay the ‘bill’ and get on with my life. But one day in the not too distant future I’ll realise my bank account has been hacked. And in that moment of disbelief and horror, I’ll remember the day convenience, and a busy life style, made me follow a link in an email.

And what do you think the big corporations are going to do about the theft of all my money? Will they pull their hair out by the roots and cry ‘mea culpa, mea culpa’? Not on your life. They’ll say that the fault was all mine. They’ll say that they warn customers about ‘scammers’ so it’s a case of ‘buyer beware’.

But the truth is that the big corporations will NOT warn you about this particular type of scam because they do not want to put you off their new, much-cheaper-to-run email billing service. Origin intends to charge $2 for each paper bill from now on. I’m pretty sure the real cost of sending out a paper bill is nowhere near that much, so they won’t be saving $2 for every bill to every customer, but they will be saving something. Multiply ‘something’ by hundreds of thousands of customers and the bottom line starts to look a whole lot better.

So what’s the solution?

The solution is to print the bills off and pay them as you would a paper bill – by going directly to your internet banking and using BPay to pay the bills from there.

As a caveat, I have to say that I can’t guarantee that internet banking is 100% safe. I believe it is, but I can’t guarantee it. However…if the banks mess up with your money, they have to pay you back. If you mess up with your money, that’s it, it’s gone. You might try a class action suit against the corporation in question, perhaps citing negligence, but going through the courts could take years and may still not succeed.

Why not? Because no one held a gun to your head and made you click that ‘Pay now’ button.

This is the reason I keep bleating on about not clicking on links in emails. That little bit of extra convenience is just not worth it. And yes, it could happen to you.

Take care and stay safe,

Meeks

 

 

 


Australia Post #scam email

This one really had me going for a sec. Have a look:

Australia Post scam

We’ve been getting a lot of parcels lately, the Offspring and I, so when I saw this email, my first thought was that it was genuine. Luckily the weight shown below the bogus tracking number – 1.67 kg – made me suspicious as nothing we’ve bought has been heavy.

The very next thing I looked at was the ‘From’ line which reads:

Australia Post <clientes@gourmetconcept.es>

Quite apart from the weird email address for a supposed national postal service, the country code is ‘.es’ and that stands for Spain, not Australia. So I think I can safely say this was not from my friendly post office.

I can also say that as a scam, this looks bloody good. The graphics are all correct. I couldn’t see an obvious typo or poor grammar. No attachment to be wary of, and no obvious links taking you god knows where… BUT…have a look at that big red ‘Print out package info’ button. It doesn’t look like a link, but I’ll bet that it takes you somewhere that requires some kind of ID to be entered [I didn’t click so I don’t know for sure but I’m pretty confident].

So…a very clever scam email. If any of my aussie friends get one – delete, delete, delete!

cheers

Meeks

 


How to fix the scamming of #Kindle Unlimited

Since I first read about the scammers undermining the Amazon Kindle Unlimited subscription service, [here] I’ve read a lot of comments about what’s wrong with the system and how it should be fixed.

Some people think Kindle Unlimited was broken from the start and should be killed off entirely. Others believe Amazon will make incremental changes to the system until it finally gets things right.

I believe the ‘system’ cannot be fixed until the Kindle itself is changed. So yes, I see this as mostly a hardware problem. At the moment, Amazon cannot gauge page reads by page ‘turns’ – i.e. that moment when a real reader flips the page over. Because of that hardware limitation, Amazon has to fudge page reads and that allows scammers to game the system as well.

Imagine, however, if Amazon could detect actual page turns, and only counted them when it came to payments…

-imagines a scammer sitting there, manually turning page after page after page after page after page after page after page after page….-

cat eye spinning kindle

cross-eyed cat courtesy of http://www.leelofland.com

My Kinde Fire sometimes ‘loses’ my place in a novel, forcing me to manually page through until I find my spot again. It’s cruel and unusual punishment, so anyone desperate enough to do that for a living deserves every cent they get.

So my solution? Innovate the hardware. Make it possible for Amazon’s gremlins to count actual page turns, and pay on the basis of those ‘pages read’.

No system is perfect, and there will always be what we gamers call gold farmers – players paid to farm terribly boring things over and over again so their employers can sell said things to real players too lazy to farm for themselves. But in the case of the Kindle Unlimited subscription service, scammers want to make big money in the fastest, easiest way possible. They don’t want to become readers, they just want to simulate reading, so let’s not make things too easy for them.

Unfortunately, the rankings scam cannot be fixed by hardware. You can read about how the Amazon rankings and bestseller lists have been scammed here. Even if Amazon managed to create a software algorithm that scanned each and every sentence of a book for grammatical errors, for example, I doubt that any algorithm could scan for ‘sense’ so the scammers could still fill these books with perfectly grammatical nonsense.

The problem with Amazon rankings is that they are determined by software, and anything one software program can do, another software program, or a clever human, can scam. It’s as simple as that.

But if you take away the automation you’re left with just humans, and how would that work?

Amazon’s review system is already notorious for being gamed by account holders with an axe to grin, or who just enjoy being trolls. They may not be gaming the system for profit, but they are ruining it for normal customers, so basing rankings, bestseller lists, and most importantly recommendations on reviews won’t work, unless…those reviewers are vetted somehow.

Unfortunately, if you vet reviewers then you are simply returning to the old system of so-called professionals gatekeeping the system.

The worst consequence of having professional reviewers, however, would be in the backlash from normal customers. I enjoy having my say when a book or some other product is either very good or very bad, and I’m pretty sure I’m not alone in that. I would not be happy if I could not read genuine reviews of the books I want to read.

-throws hands up in the air-

So…I haven’t got a clue how to fix the bigger problem of rankings, but I do believe the page turn idea will happen, one day. Until then, we’ll just have to sit back and watch this grand experiment in democracy unfold.

cheers

Meeks


#Kindle #Scammers by David Gaughran & Phoenix Sullivan

angry meekaThis is a must read article for both Indie authors and readers alike.

Why? Because these scammers are gaming the Amazon ranking system, which hurts authors. But by clogging up the Top 100 lists with bullshit books, they’re also:

a) tricking readers into wasting their money or

b) making it even harder for readers to find good books to read.

If you have not been a victim of one of these scammers, you’re lucky. I bought what I thought was a classic Alfred Bester sci-fi novel only to discover it was a ‘study guide’ masquerading as the actual book. I was…not pleased. Believe me when I say these bastards are getting away with small scale fraud a million times a day!

Please read the article, and if you’re convinced this is a bad thing, make a noise because it’s time the silent majority sent a message to Amazon that this is not good enough!

https://davidgaughran.wordpress.com/2016/04/15/ku-scammers-attack-amazons-free-ebook-charts/

This was brought to you as a community service announcement by Meeka’s Mind, where all things are sporadic.


Outrageous scam! Don’t be fooled.

I received this ‘subpoena’ from the AFP [Australian Federal Police] in my inbox this evening.

outrageous

Can’t believe the blatant hutzpah of this person, or the bad English, OR THEIR EMAIL ADDRESS!

outrageous from

Since when did the AFP get so broke they had to outsource their emails to a private address…in Turkey?

Well, atleast Satinalma from Turkey gave me a good giggle for the evening.

Night, night all!

Meeks


Atmotube tells you if the air you’re breathing is toxic

I believe the attitudes of society change one individual at a time. That is why we should ALL buy one of these. We need to see – in real time – what we’re doing to the world…and ourselves. Read on:

Like you, I assume that the environment I am sitting in right now is pretty safe. I mean, I don’t see anything dangerous, feel uncomfortable, or smell anything that I should be worried about. Yet I may be filling my lungs with harmful elements that my cognitive sensory abilities are incapable of noticing.

Source: Atmotube tells you if the air you’re breathing is toxic


%d bloggers like this: