Monday, March 26, 2007
Mental illness is not statistical!
The other day the Tacoma Photo Gang, being the local clowns from Flickr and several community websites, got together on Saturday to shoot some photos on the Ruston waterfront and browse Old Town. However, Mother Nature is a bitch [that's the 10th Collerary to Murphy's Law] so it rained heavy that day. Of course, it was sunny and nice for about half of Sunday, thank you very much. The plan was to go for several miles. The result with rain was to go one block. Sure, we got some good shots, including of what appeared to be ten members of a junior high track team (proof that today's youth don't know well enough to come out of the rain), but our plans were a lot more expansive than we chose to undertake. Maybe some other time. I'd suggested doing the Ruston trip early in the year because from April through August there are going to be joggers and strollers and picnickers and other undesireable human life clogging the scenery. Weather verses Plans is one of the biggest stupidities in the world.
Today's public service message: There's a new phishing scheme which appeals to the unemployed and the greedy (heck, I found one today in the mailbox my Monster.com account directs to). You get an email, offering you a job opportunity with a foreign company that you didn't apply for. You go to the website linked (or there's an email address to send your information to) which will hire you right on the spot, just give them your name, address, and where to deposit your paycheck. The scheme is called a "money mule" and the purpose is to get cash which has been scammed off people just like you into a neutral place (in and out of your account) so that the foreign scammers can obtain it via wire transfer. It's sort of like the African '419' scam (you get an email from a foreign dignitary, asking for your bank account info so he can stash millions of bucks in it) except instead of you only getting robbed you're helping others get robbed before it's your turn to be the victim... thus not only did you get ripped off, the authorities will come after you (you're easier to find than the bad guys!) for being part of the fraud. I can name two organizations which keep creating sites for the purpose, one using the good name of an investment firm on the East Coast and one which fabricated a nonexistant shipping firm, plus there are a few scammers that don't have websites because they just ask you to email your details. (That's faith for ya.)
Another really interesting scam, which I'm sure there's an American IRS version of: there is a forgery webpage bearing the seal of the Australian Taxation Office, which asks what bank account you (an Ozzie) want your refund deposited into. Very ingenious! The longer I work in the Internet fraud biz, the more amazed I am by it.
Wednesday, March 14, 2007
Manual? This modem don't need no stinking manual!
The stupidity of the moment is one we've covered before but I thought was no longer an issue. It can be summed up with the words: geez, I could swear the price of gasoline was $2.53 when I left the house yesterday, so why was it $2.67 when I was coming home? One of the local newscasters, warning us of the spike, gave some reason for it that you could tell by his face he realized made no sense at all. I suspect a bunch of places raised their prices because they were told the prices would possibly be going up. So at right is another one of those vehicles (circa 1949 but likely not as safe as a DMZ SuperCar) which prove that we can make internal combustion engines that get high mileage but yet we don't. Hey, anyone else beside me think this new Death Race 2000-variety TV show on FOX called "Drive" is setting a bad example?
Just wanted to let you know that I have no further gripes about the DSL setup and I'm not using dialup anymore. One slight complaint though: After years of being on dialup, picking up music files and such r-e-a-l-l-y s-l-o-w-l-y, I now have a fat pipe, and those files I'm downloading off the peer-to-peers... are still coming in really freakin' slow. What?!? Either those people are on dialup or they're sharing with so many people their bandwidth is getting diluted. But it's still pretty fast on loading sites and downloading from webpages, so it's all good.
Saturday, March 10, 2007
Into each fall, a life must rain
Above is the media cabinet mentioned in the last post, which is sitting to the right of the leather chair in the right corner of my livingroom. You can see where the glue lines are. *sigh* Below is the entertainment center pictured in the last post, this time with its doors open. I'd be painting the doors right now but I have one or two houseguests coming today so don't want to fume up the guest bedroom.
Time for some stupidity! I've seen ads online for Verizon DSL, which offers a 768kbps downstream service [nontechnical: it's not full throttle 'high speed', but it's still 20 times the speed of dialup] for $10 a month for the first three months and $20 a month for the rest of the year. I had done some shopping around and found the usual price for DSL and cable is $40-$50, which is rediculous, so this was a good offer. I called their order number and the voice said there was a 53 minute hold time. Er, no, there's no way the queue to the SALES line would be that long. I called the customer service number, and three transfers later (and only two minutes of hold) I got a nice representative who informed me what none of the ads or the website said: Verizon doesn't go into Qwest's service area, not even for home phone service. Well, so goes that. Qwest, whom historically I have thought total boobs, has an offer of $31 a month for 1.5mbps downstream [nontechnical: average zippy speed for DSL if your phonelines can handle it, 40 times the speed of dialup] with a 'this price for life' promise with two year contract plus can be lower if you have other services. They're my home phone so this would knock $5 off my Internet bill, thereby my DSL would cost only five dollars more than my existing dialup. So I decided to take the plunge.
I went through Qwest's web form for ordering, and it was choking on my home address. I've had Qwest service (formerly known as US West) since 1994 and I've been at this address since 2000, and so you'd think they'd know what my address is, especially since the bills come to the right place. But if you remember my rant from when I first moved into this house, about how when I was requesting they install a couple new phone jacks (for which they wanted $135), you can tell them five times where your house is, and your service and billing will be correct, yet they'll still say they can't find your house. (I installed the jacks myself at the time they should have been here doing it but were a mile away. They got nothing but a nasty phone call from Paige.) So I manage to wend my way through the web form, usually by data entry attempts failing being followed by the site offering me the info from my account so I could tick the checkbox (gee, if you have this data already why aren't you autopopulating the fields? or asking at all?), it says the order was unsuccessful so call this number and give this case code. Fine. Called that number, gave that case code, and a human being pushed the order through after seeing there were address difficulties. Her fix, which I found out after business hours through a confirmation email, was to happy-click the first thing that was offered when she entered my correct address. I don't mean wrong house number or even wrong street number, I mean they've somehow changed "245 57th St E, Dildonica WA 98169" to "245 North 'E' St, apartment 57, Dildonica WA 98105" [fifteen miles away]. The modem order was sent right then and there, meaning I'd have to get the UPS tracking number from them later in the week then call UPS to have the box rerouted, and Jah only knows about the line itself. So the next morning I got my line address corrected with Qwest, who said the billing address was correct but the addresses for everything else had been changed by the previous person. (No surprise that billing would stay correct.) Friday 7am I call UPS to get the box rerouted, and it hasn't been checked in yet so they can't do it... box last seen 40 miles away at 2am. I keep refreshing UPS's tracking site until it shows up at 8:50am (and I leave for work at 9:00am) so call them back, and they get the info to reroute. Of course, the update on the tracking site said it was put in a truck at 5am and it was headed to a location 15 miles away on a Friday, so it won't be until it is on the right truck on Monday that I'll have it. I called Qwest to make sure they had the right line provisioned, they say they do. Friday afternoon and Saturday morning, Qwest has both emailed and called to say my line is ready... I have no way of testing this. So either I'll be cruising along on Monday evening, or I'll be bitching here, through dialup, about Qwest's inept 'spirit of service'.
Wednesday, March 07, 2007
If it smells like salmon, get to slammin' -- if it smells like trout, get the hell out!
Hello, folks. Here is a picture of the left corner of my livingroom, to show how the paint looks in real life (well, it's not quite as blue as it seems here) and to show off the new cabinet from Pier 1 ($200) which we're using as an entertainment center. Paige thinks the best thing about it is that the doors close, though this means you have to open them if you want to do anything with the DVD player or VCR. I think it's great because my new record player fits in it -- albeit not in a way that you can open the lid to put in a record without sliding the thing all the way out. The one shelf inside is held up by four screw-in knobs, not the usual holes for pegs like most similar cabinets, so there isn't a way to raise the shelf any further. We like it lots. The following stupditity story does not involve this piece of furniture, though it did have its own story of daftness when I tried to get it home -- it wouldn't fit in the back seat, it wouldn't fit in the trunk while it was in its box, it didn't come in pieces to construct like IKEA furniture, and when I did finally get it into the trunk the trunk latch scratched the front up so we had to do a little touch-up painting. (And it could use a bit more, the touched-up spots on the right door are a different gloss of black than the rest... will attend to that soon, as well as where I had to use a router on the shelf so the electronics' wiring could go out the hole in the lower section.)
The Pier 1 unit above replaces a large IKEA corner unit which had a storage cupboard on one side, and this has no storage space (due to the record player). So we were in the La-Z-Boy dealership last weekend and we found the As-Is department. We have an uncanny knack for that. There was this little two-drawer shelf with pull-out drink caddy in front and magazine rack in back, for $99 (list price $299), which matched the new TV stand closely. We got it out to the car, we came home, I'm getting it out of the car -- and the two drawers flew out simultaneously, spontaneously, inexplicably and both hit the ground, breaking the fronts of both in half. I've had furniture cheaper than IKEA gear that never shattered like that. So I wound up gluing the drawer fronts back together again, giving them four coats of paint, and it all looks okay if you don't get too close. We can't have nice things, I swear! I'll post a picture of this media storage cabinet, and what the TV stand looks like with its doors open, sometime soon.
The new job is pretty swell. Since many phish sites come about because an administrator password was easy to guess and the contents were put into an innocuous-sounding or already-existing directory which one wouldn't think to go into (like "photos"), it's usually pretty easy to get in touch with the host site's owner to say "someone hacked your site and stuck garbage in it" and they'll gladly remove the garbage (and hopefully change their login password). They aren't always as simple, but I'll learn how to take on the international only-for-phishing-purposes domains shortly. I've been there a week and already a new person has started training, and there will be another newby next week as well. My work schedule qualifies as a stupidity: I start at 9:30am weekdays this week, but it'll be 7:30am for the rest of the month (I AM NOT A MORNING PERSON!), then through April I will work 2pm-midnight on Monday through Thursdays (yaaay!) and in May it will be Friday through Mondays (booo!). The reasoning for what we called a "weekend power shift" at a previous job was because the busy days are Sunday through Tuesday, so with the week parsed like this it means everyone gets two days of heavy load and two days of lighter load. That's understandable. Not having even one weekend day free, though, that's a bother, but I'm told that swapping when there's a need (and advanced notice) shouldn't be too hard. Especially in a company of 20 employees.
Sign seen in a Puyallup antiques dealer: Untended children will be given a free espresso and a puppy.
Friday, March 02, 2007
How Mushy Got His Groove Back
While I'm not going to name the business or partners or any of the other 'special sauce' stuff, if you're reading this blog and you've known me for longer than a month you're probably interested. (And I'm sure my parents would like to know too, Alene; it's not like they read anything I scribble online. Thankfully.) My job title is Fraud Analyst. I'm working for a business which seeks out websites which attempt to fool people into giving their personal information or financial information, for the purpose of stealing identities and money. It's called "phishing". These sites are duplicates of the login and account setup screens for banks and e-commerce websites; people reach those pages through bad links on webpages or in 'urgent' emails which appear to come from legit sources, and many of them are VERY convincing. Many e-commerce, auction, online payment, and similar sites have been duplicated, and every good-sized bank and credit union has been the subject of a fraudulent duplicate site (or will be eventually). It's probably not priviledged information for me to say that there are about 20 sites created per day which pretend to be PayPal's login alone, about 10 sites a day which pretend to be eBay's login, and maybe 5 sites a day which imitate Amazon.com's login... where the money is, the crooks will go. I knew that phishing was a problem but never realized just how massive or organized it was until I joined the battle against it -- it's a big game of Whack-A-Mole, one we're getting better at as the businesses being spoofed and the Internet providers through which those bad sites are created (often without the knowledge of those who rightfully own the webspaces being used) gain more understanding of the issue, and the public becomes more wary of what's out there and how it happens so they can avoid becoming victims. My job duties include going through lists of webpages which have been reported to the business as being possibly fraudulent and ascertaining whether they really are, keeping track of who is being attacked so we can let the targetted sites know what's happening to their brand names, and taking appropriate actions to shut down those fake websites (and herein is the challenge, since one has to find the person with the power to delete an account or mysteriously implanted folder). Phishing is all my business handles; online pharmacies and 'enhancement' pill spam and junk bonds and other forms of fraud aren't in our field, which does simplify things a bit for us and I don't know where to direct you with those except to say don't open mail from strangers!
Here are a few suggestions you should keep in mind to avoid becoming a victim, and this is by no means everything. First, your bank or the well-known sales sites are not going to request you re-enter your account or financial data as though they'd lost that information. (They would have lost your email address in the process, right?) Second, always look at the address bar in your browser if you click on one of those links; most of the time it's going to tell the truth about where you really are, and you might have to look for what comes right before the first "/" to notice that "secure-login.paypal.com.badguy.hk/cgi/login.php" is coming from "badguy in Hong Kong" and not PayPal. Tangental to that, when the page says it's secure or has a lock on it or other assurances the page is safe, look at the very beginning of what's in the address bar of a page asking for your login info; if it doesn't say "https:" (for HTTP Secure) it isn't secure, and again your bank or a trusted sales site wouldn't ask for sensitive information in a plain ("http:") page -- or at all through an email. Third, if you are going to do business with a known site, make sure you're going to the site directly -- type in the site's URL instead of clicking a link. If the address in the browser when you clicked a link is misspelled, be suspicious. If there's stuff on the page itself that's misspelled or doesn't look quite like you remember it (font changes or character set changes), be suspicious. A bonus trick of the trade if you're not entirely certain you're in the right place (or, heck, if you know it's a phisher), which I've used for a couple years: enter bogus information in the login fields and then hit the Submit button, and if it acts like it logged you in you know it's not for real. And now a tip for anyone who has a website or there's a webspace associated with their Internet account: Make sure you have a secure (more than six characters, with letters and numbers) password so your webspace isn't so easy to sneak into, and keep an eye on the contents of your space to see if any new files or folders have popped up. I'm serious, I've gone to phisher sites which were being inadvertently hosted by a church, a high school choir, several colleges' unused student accounts, and a self-run blog for discussion of Asian soap operas, all due to the site owners having a guessable password.
[addendum, a day later: Damn, forgot to say that the update to Laughter is the Spackle of the Soul has been posted. I think the pictures are funnier than the captions this time, but that's what I get for being in a hurry -- was distracted by the new job process and didn't work on the site previous to 10pm Feb 28, ugh. Things will improve; I just bought a big heaping bag of 1950's-1990's photos.]