Tag Archives: Kaspersky

Autorenewal : Kaspersky and BitDefender Update

Yesterday, I received an email from BitDefender telling me that my ‘autorenewal’ would be refunded. Today, I received an email from Kaspersky saying that my ‘autorenewal’ was cancelled, and that I could renew manually when my anti virus expired in November 2022. Yay.

Kaspersky also provided information about how to change the account settings relating to renewals:

The Nexway customer account is not created automatically, instead, the Order Confirmation email contains a link to the account creation page. This link has a unique SSID built into it which links the order automatically.

Please ensure that you have clicked on the “access your customer area” in the Order Confirmation email. Once the “access your customer area” link is clicked, the homepage appears where both login and password are created. Then, you can configure your subscription’s settings.

Going back to the order confirmation email, I found this:

Clicking on the ‘access your customer account’ link took me to this page:

Two important things to note:

  1. the URL is for ‘shop.kaspersky.com.au’. There is NO mention of Nexway.
  2. the only instructions are to ‘Please sign in to access the features below’.

To me, those two things imply that the login is to an existing account, not that I should create a new account.

Nit picking?

No. Just another indication that the consumer is not meant to stop autorenewals easily. Remember how easy it was to stop the autorenewal of my Elder Scrolls Online subscription?

Moving on. Knowing that I had to create a new account, I clicked in the login box and tried to enter my email address. As you can see. It wasn’t accepted. Given that my email address is used to verify that I am who I say I am, this seems a little…odd.

Moving on. So then I typed in a new password, twice, and clicked ‘Initialize your credentials’. This is what happened next:

What in blue blazes is an ‘invalid token’?

And that was the point at which I could go no further. Without any instructions or explanations, the ONLY way to get into this separate account is blocked. There is no way for me to get in and opt out of this bogus autorenewal.

Now I ask you, is all this simply a case of terrible interface design? Or is it all part of a kind of passive resistance set up to make opting out as hard as possible while still being technically legal?

Points in favour of this hypothesis:

  • information about the subscription and autorenewal is covered in the confirmation email, almost as an after thought, but no mention is made of it on the website where you actually buy the product.
  • more importantly, this is the first time the word ‘autorenewal’ is used.
  • this is also the first time that the name of a third party is mentioned.
  • the link to ‘access your customer account’ comes after the link for ‘hassle free cancellation’.
  • there is no mention of the fact that you have to create a customer account before you can use it for ‘hassle free cancellation’.
  • assuming you work out what to do next, there is still no clear instruction that you have to create a new account with a company other than Kaspersky.
  • when you do try to create said new account…the process fails.

Quite frankly, if I were not as bloody-minded and stubborn as I am, I would have given up long ago, consoling myself with the thought that ‘ah well, I’ll just cancel when the licence expires’.

There are two problems with that expectation. The first is that my/your credit card details will remain with a third party – in this case Nexway – for the whole year. That leaves your bank account open to the potential of abuse.

The second problem is one that I experienced with BitDefender, or should I say, 2Checkout, the company outsourced to handle renewals. Without boring you to tears, I received two emails telling me that my BitDefender anti virus was about to expire. The first was on December 14, the second on December 29. Neither mentioned that my account was set for autorenewals.

This is a screenshot of the email from December 29 from Bitdefender 2checkout:

Now let’s zoom in to the bottom half:

At this point, I’m being urged to renew AND it’s suggested that I ‘consider enabling the automatic renewal option’. Clearly that means the automatic renewal option is NOT enabled.

Having decided not to use BitDefender over a month before, I ignored both emails. Then, on the one day of the year that I didn’t check my emails, I received this:

The email is dated January 1, 2022 but the first I knew about it was on January 2, 2022, when I discovered that my account had been debited $69.99 AUD. I can assure you that I did not ‘renew’ BitDefender! Why would I when I’d already bought and installed Kaspersky Anti Virus back in November, 2021?

I immediately asked for a refund, but the person who responded to my email only offered sweeteners to keep me from ‘leaving’. I said I wanted a full refund. I was told that refunds could only be approved by BitDefender.

Call me stupid, but this was the first time that it actually registered with me that I was not talking to a BitDefender representative.

When someone from BitDefender finally did contact me, he began by saying that I had received a notification on the 24th of December and should have cancelled then instead of waiting until the 2nd of January. I checked my inbox and my spam folder but there was no such email. As you have seen, the closest date was the email of the 29th which did NOT say anything about an autorenewal.

I do not know whether 2checkout stuffed up big time or whether this was always going to happen. All I know is that I’ve wasted a lot of my precious time trying to claw back $69 I could not afford to lose.

I’ll be getting a refund from BitDefender sometime in the next week, but it should not have been necessary in the first place.

I should not have had to fight so hard to extricate myself from a system that seems to be designed to fleece consumers of their money.

ANY autorenewal should be on an opt-in basis. Just because you call something a ‘subscription’ does not mean that the consumer has agreed to a direct debit of their account!

I hesitate to say that opt-out autorenewals are illegal because I don’t have the necessary knowledge or qualifications, but I’d love to hear from anyone who does.

Is it illegal?

And if it is, how do you go about prosecuting an international company?

cheers,
Meeks


How to download… SAFELY

We’re all aware of the need to be careful when we download something from the internet, but how does ‘being careful’ actually work?

In this short post, I’ll show you how to enjoy the benefits of the internet as safely as possible. The screenshots in this how-to are all taken from Windows 7, so if you’re not running Windows 7 the details may be different, but the core principles will be the same. Onwards!

Step 1

Do not rely on your Windows firewall etc to keep your computer safe. Buy a good, reputable antivirus software and install it. I alternate between Kaspersky antivirus and BitDefender antivirus, which are both reputed to be the ‘best’ at the moment. From memory, both cost under $50 US for 12 months protection. That price includes both the software itself and the updates that keep it current with information about all the latest viruses. Antivirus without updates is like a car with all four tyres deflated.

Step 2

Install your antivirus and make sure it can access updates automatically. You may think you’ll do it every day, but the road to hell is paved with good intentions…right?

Step 3

Once your antivirus software is installed and updated, it will work quietly in the background, keeping your pc safe. BUT! You can also use it to ‘manually’ check every app you download from the internet.

This check should be carried out before you actually ‘run’ the app or install it. How? So glad you asked. 😀

Step 3a

Download the app and save it to a location on your computer. It should look something like this:

Step 3b

Once you download and save the app., use Windows Explorer to find it. My location will look different to yours. Don’t worry, just keep looking until you find the app on your computer.

Step 3c

Once you’ve found the app, right click on the thumbnail [picture] of it. This will open the right click menu as shown below:

Again, my computer will look different to yours, but every version of Windows I have ever used has a right click menu, and on it you will find the name of your antivirus software.

Step 3d

Click the name of your antivirus software and you should see a little sub-menu. On that little sub-menu you will find an option that allows you to scan the app. Click the scan option.

Most reputable apps will only take a short time to scan and the scan will come up as ‘clean’. When it does, you’re ready to use the app. If, however, the scan comes up with an error of some sort – DO NOT USE THE APP!!!! Delete it immediately because you’re better safe than sorry.

If the app is one you’ve paid good money for, contact the publisher and explain that your antivirus has found an error. A good publisher will thank you and send you a ‘clean’ version.

Okay, that’s it. Learn to love your right click menu. It really can save your bacon. 😉

cheers
Meeks


Spear Phishing – a nasty variation of the email scam

I came across an article this evening that talked about a hack attack against Kaspersky Labs, one of the best anti-virus companies around. Coincidentally, I happen use Kaspersky anti-virus software so I had a vested interest in finding out more.

I won’t bore you with the full story but apparently the hackers gained access to the Kaspersky networks via what’s called ‘spear phishing’. Excuse me?

This is an excerpt from the best explanation I found online:

Introduction

The latest twist on phishing is spear phishing. No, it’s not a sport, it’s a scam and you’re the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Learn how to protect yourself.

Email from a “Friend”

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: “Hi Bob” instead of “Dear Sir.” The email may make reference to a “mutual friend.” Or to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.

Using Your Web Presence Against You

How do you become a target of a spear phisher? From the information you put on the Internet from your PC or smartphone. For example, they might scan social networking sites, find your page, your email address, your friends list, and a recent post by you telling friends about the cool new camera you bought at an online retail site. Using that information, a spear phisher could pose as a friend, send you an email, and ask you for a password to your photo page. If you respond with the password, they’ll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right one, they’ll use it to run up a nice tab for you. Or the spear phisher might use the same information to pose as somebody from the online retailer and ask you to reset your password, or re-verify your credit card number. If you do, he’ll do you financial harm.’

You can read the complete article here:

http://au.norton.com/spear-phishing-scam-not-sport/article

What I find particularly unpleasant about spear phishing is that it uses personalised attacks to take you off guard. We all know not to bite when we get an email address to Dear Customer or some such generic salutation, but when we get something specifically addressed to us? Perhaps from a company that we actually do have contact with? How many of us would think to question that nice, convenient link?

Luckily most of us aren’t important enough to justify such an attack, but that does not mean we are safe. As a matter of principle [and habit!] we should make it a rule to NEVER use links in emails, no matter how convenient they are. It’s just not worth it.

Night, night

Meeks


%d bloggers like this: