Why I love reddit

Yes, it can be a tar pit of trolls and Not Safe For Work posts, but if you arrange your settings to filter out the garbage, it’s also an amazing community.

Example 1:

  1. User /u/thespite posts a clever way to send a holiday greeting using Google Maps. You can try the Holiday Message yourself.
  2. User /u/benlaor tries it, and discovers a picture of his beloved dog of blessed memory. He wrote: “Thank you, thank you, thank you for this. You don’t understand what happened because of this video.I have never looked at my house on street view before (strange, huh?). This was the first time. The images for Israel are a few years old, probably around 5 years in most cases.

    At the end of the video it lets you just look around freely. I look around my house, look over at my parking stop, and there he was. Lazying about in the sun was my plump little fatass of a dog, who was my favorite thing in the world until he died a few years ago. I have almost no pictures of him due to my not backing anything up and my HDD being destroyed in a power surge.”

  3. User /u/jangoo identifies the location.
  4. User /u/thespite extracts a high-res image
  5. User /u/fatty_tines creates a lovely color drawing of the dog.
    tS2shSI
  6. Tears all around.

Example 2:

  1. User /u/LE_POOR_MERIT has a teenaged son who does an awesome drawing entitled “Who Dares Summon Chrismotron?”
    egQ6lO5
    ©2014 “Unknown ben LE_POOR_MERIT”
  2. User /u/pohjankonna, a freelance artist from Finland, does an amazing digital rendering of the drawing
    Chrismotron
    ©2014 Pekka Veikkolainen
    and makes this offer: “You have of course the permission to print & frame it, after all I took the original without asking first! I do have a slightly larger version that I can send you. Better yet, I could also send you the original Photoshop file with all the different layers on it, if your son would be interested in deconstructing the painting to see what it’s actually made of (kind of a step-by-step view to creating a digital painting).”
  3. Tears all around.
  4. For those interested, a wallpaper version.

Keep in mind these people don’t know each other from Adam’s off ox. They’re just regular people being awesome to one another for no good reason, which is what the best of humanity is all about. Also, these are only two recent examples; similar things happen all the time on reddit. It always lifts my spirits to read about one.

The Old Wolf has spoken.

How to get your senators’ and representatives’ attention on any issue without being a wealthy donor

Seen at reddit: Protip from a former Senate intern, with thanks to /u/SomeKindOfMutant.

This is worth sharing, since most of us are not among the 1% who have access to government:

An email to your senator or representative may result in a form letter response and a phone call to the office may amount to a tally mark on an administrative assistant’s notepad. But, for any given policy concern, if you want to get their attention a letter to the editor in one of your state’s 5-10 biggest newspapers that mentions them specifically BY NAME is the way to go. If your message is directed to your representative, pick a newspaper that is popular in your district.

That is the crucial thing to know–the rest of this post is an explanation of why I know this is true.

I know this because, when I interned in the D.C. office of a senator one summer, one of the duties I shared was preparing a document that was distributed internally both online and in paper format. This document was made every day and comprised world news articles, national news, state news, and any letters to the editor in the 5-10 largest newspapers within the state that mentioned the senator by name. I was often the person who put that document on his desk, and it was the first thing he read every morning after arriving to the office.

I began to suspect that this was standard operating procedure because several other senators’ offices share the same printer in the basement of the Russell Senate Office building, and I saw other interns doing the exact same procedures that I was involved in.

Since the internship, I’ve conferred with other Senate and House employees past and present and determined that most–if not all–offices use essentially the same procedure.

Usually when I write or call or email a senator or representative, I get the expected form letter in return. Recently I was actually contacted by a staffer at Orrin Hatch’s office who had some more questions about a letter I wrote regarding the regulation of money-transfer services like Western Union who are participating in so many Nigerian scams. It was gratifying.

That said, this is an excellent tip.

The Old Wolf has spoken.

Don’t Help the Scammers

There’s an old joke circulating out there that occasionally crops up in people’s inboxes:

You have just received the [Amish/Polish/Aggie, etc.] Virus! Because we don't know
how to program computers, this virus works on the honor system.
Please delete all the files from your hard drive and manually
forward this virus to everyone on your mailing list.
Thanks for your cooperation.

It goes without saying that this would be a Bad Idea. That said, there is a very current scam going on which I ran across yesterday, in which the victim is carefully walked step-by-step through the operations necessary to allow Bad Guys to take control of their computer. I referred to it in a previous post, but here’s the complete run-down.

While researching spoofed and phishing URLs, I decided to use a misspelling of a popular website as an example. I typed in http://www.micorsoft.com (DO NOT DO THIS!) and discovered a rat’s nest of scam operations embedded in this one redirect.

According to WHOIS, the domain is registered thusly:

Domain Name: MICORSOFT.COM
Registrar: EPIK, INC.
Whois Server: whois.epik.com
Referral URL: http://epik.com
Name Server: NS1.DNSLINK.COM
Name Server: NS2.DNSLINK.COM
Status: ok
Updated Date: 19-oct-2014
Creation Date: 13-oct-2001
Expiration Date: 13-oct-2015

Epik is a domain-name registry service, so beyond that I don’t have the chops to dig deeper and see who is really running this operation, but this much I know – they’re wastes of human cytoplasm.

This domain redirects to a number of different scams.

1) You’ve won a prize!

Prize1

Here’s the first popup. The URL is your typical scam alphabet soup address.

Prize2

After answering four inane questions about age, whether you shop on line, gender, etc. you’re presented with this:

Prize3

Well, of course I qualify. You think the scammers would turn down a sucker? No, I didn’t win a prize, I won a “chance” for a grocery gift card. Call the number, and what you hear is “Congratulations! Won a chance to win a gift card!. Stay on the line to complete your entry! Dingdingding your initial entry has been registered, but stay on the line for other additional offers!” You then are bombarded with advertising. Since I used Google Voice to call, there’s no way they could possibly know who is calling or how to contact you if you were really a winner – this is just spamvertising, pure and simple.

2) The Random Cybersquatting Page

Next, i was redirected to this horrific URL:

http://www.searchnet.com/Search/Index?
utm_source=8&utm_campaign=AuctionErrorWithInfo&utm_term=XP%20Home%20Premium;
Microsoft;microsoft;download%20internet%20explorer%2010;microsoft.com;www.microsoft.com;
microsoft%20windows;window%20live%20messenger;servers%20xp;microsoft%20help%20support;
microsoft;microsoft%20help%20center;online%20ms%20training;
microsoft%20programs;xp%20small%20business%20edition%20;downloads;
microsoft.com;windows%20updates&utm_medium=Ciclostare32

User Nokkenbuer at WOT (Web of Trust) posted on 09/21/2014:

  • I don’t trust
  • Malware or viruses
  • Poor customer experience
  • Scam
  • Misleading claims or unethical
  • Privacy risks
  • Suspicious
  • Spam
  • Potentially unwanted programs

This website was involved in redirecting me to a malicious site after accessing a typosquatter website (http://www.micorsoft.com/). I do not trust it and may aid in infecting your computer with unwanted malware, spyware, or grayware.”

By the way, if you don’t have the WOT extension on your computer, I’d recommend it. It gives you advance warning of sites that have been flagged as malicious, like this:

Wot1

For any site, you can always “read more” to see what users have said. It’s wise to do, because on occasion a website was flagged early for suspicious behavior, but domains change hands and it could be a legitimate site at the present time. User comments will usually reflect this. At all events, you have the option of leaving before you actually visit a potentially dangerous website. Sign up, and you can leave your own feedback for websites as well.

3) Is Your Computer Running Slowly?

slow1

If you click OK, you’re directed to this page:

 Slow2

This one looks slick and official, but it’s a solid guarantee that if you call that toll-free number, you’re at risk for being scammed or having your computer infected or both.

4) The Scare Tactic

This is the one I referred to in my earlier post, and today I followed up on the game to see how it plays out.

Viruse2

This page is a little different than the first one I encountered; it doesn’t mention specific viruses, but includes an annoying, repeating, and loud chirp to add urgency to the scam. If you try to navigate away from the page, you get this:

virus1

If you bite and call the number (855- 979-7382) you will be connected to a polite-sounding Indian or Pakistani boiler-room worker who will engage you as follows:

  1. I was asked kind of problems you are experiencing, what kind of computer I am running, and what my operating system is.
  2. On a Win7 box (your mileage may vary for other operating systems) I was asked to hit “Windows-R” to open the Run dialog, and then type in “MSConfig” and hit enter. This is harmless, but displays running services on your computer.
  3. I was asked if more than 15 services were stopped?
  4. I responded that yes, more than 15 services were stopped.
  5. The agent informed me that since more than 20% of my services were stopped, my system was vulnerable to application errors. Once Windows 7 has services stopped, that is the main problem. This, of course, is utter bulldust, but is technobabble enough to flummox most callers who get this far.
  6. I was told that we need to check why these services are stopped. Again directed to the “Run” dialog, I was instructed to type in “hh h” and hit “Enter”. This brings up the HTML Help Window, which “Cannot be Displayed.”
    Help1
  7. I was instructed to hover my mouse over the little question-mark icon in the window, and select the “Jump to URL” option.
    Help2
  8. I am presented with a dialog box, and asked to enter the specified URL:
    Scam3
    N
    ote: This is a sneaky way to get you to visit a website, instead of typing it directly in the URL bar.
  9. Once this is done, I am directed to this website: https://secure.logmeinrescue.com/customer/code.aspx
    Login
    This is a website which allows outside users to take control of your computer, usually for tech support reasons. If you trust the party on the other end it can be useful, although I prefer to use TeamViewer.
  10. Before proceeding, the agent had me run inetcpl.cpl, click on the connections tab, and ensure that no proxy was being used.
  11. Having done this, the agent instructed me to enter the code 941073, and hit “Enter.” He asked me what I saw on my screen.
  12. At this point, I told him the only thing I saw was myself closing Chrome, because I had no intention to give control of my machine to a bunch of scammers, and hung up.

There are enough methods out there that the Bad Guys can infect your computer if you’re not careful, but helping them with the process is generally a Lousy Idea.

Be careful out there.

The Old Wolf has spoken.

Taking the High Road with a Scammer

Man-shouting-into-a-phone-012

Photo: Alamy

If you follow my blog, you’ll know it has become somewhat of a warning beacon against scams and frauds, which little crusade began after my own mother was scammed by cross-border fraudsters out of a large chunk of her savings.

Here, however, is an interesting article from The Guardian entitled “How I Talked a Scammer Into a Better Life Choice.”

Written by Amanda Willis, it describes her conversation with a Pakistan-based boiler-room worker who was trying to get her to download malware. The results were encouraging, and worthy of being shared. Her entire essay is definitely worth a read.

The tagline of the article is “Getting angry with fraudsters dehumanises them, but if we engage them in conversation we might be surprised by the results.”

Unfortunately, many scammers who are directly involved in criminal enterprises become frighteningly abusive when confronted with their scam, and I’m not sure I want to get involved with inviting that sort of negative energy into my life. But the principle at work here is the one found in Proverbs 25:21-22:

If thine enemy be hungry, give him bread to eat; and if he be thirsty, give him water to drink:For thou shalt heap coals of fire upon his head, and the Lord shall reward thee.

The Old Wolf has spoken

Phishing: Watch the URL’s

Had this in my email this morning:

Bank of Ireland
Well, it looks official enough, and I don’t even see any major grammatical errors or the kind of Nigerian English that usually function as a dead giveaway for a scam.

So, if you click the embedded “Click here” link (SOMETHING YOU SHOULD NEVER DO), where does it take you?

To http://365.bankofireland.com-zeyqfqjj.taole.com.br/boi-ireland/index.php,

a phishing website that has already been deleted.

Anyone can create a domain name and have it registered. I could register this name right now:

microsoft-walmart-bankofamerica-ramalamadingdong-whackamole-boom.com

The fact that a corporate name appears in an URL is no guarantee whatsoever that you’re on that company’s website. Have a look at the real Bank of Ireland 365 URL:

https://www.365online.com/online365/spring/authentication?execution=e1s1

That “https” in red up there indicates that you are on a secure site, meaning that communication between the website and you is encrypted and can’t be intercepted/read by bad guys. You should always look for that “https” on any website where you will be entering sensitive information: banking, internet shopping, login pages, etc.

Have a look at some different URLs, some real and some fake:

paypal.com: Real
paypalsecure.com: Fake (The name contains PayPal, but is not valid)
paypal@accounts.com: Fake (Watch out for @-signs and dashes in a name)
paypal@150.44.134.189: Fake (The root domain is an unknown IP address)
http://www.paypal.com/signin/: Real (Even though the address is longer, “paypal.com” is the last thing before the first “/” in the address.

microsoft.com: Real
microsoft.verification.com: Fake (The root domain is “verification,” not Microsoft.)
purchase-microsoft.com: Fake (The hyphen instead of a period)
signin.microsoft.com@10.19.32.4/: Fake (The root domain is an unknown IP address)
micorsoft.com: Fake and dangerous (The name of the company is misspelled)¹
microsoft.com/en-us/default.aspx: Real (Even though the address is longer, “microsoft.com” is the last thing before the first “/” in the address.)

  • The company name (i.e. paypayl, microsoft, etc.) should be the last thing, or the last thing before the first “/” in the address.
  • Beware of hyphens or other symbols in names, or 4-part numbers like “192.168.0.0” which are IP addresses.
  • Be wary of country suffixes like “br,” “za,” “cr,” etc.
  • An address does not have to contain “www.” to be valid.

For those wondering, what’s an “URL” anyway?  It stands for “Uniform Resource Locator“, a pointer to a specific internet address.

12812.strip
Dilbert

Here’s a typical clueless manager trying to “add value” in an area he knows nothing about, and giving his savvy tech worker a month’s vacation at the same time.

Be careful out there.

The Old Wolf has spoken.


¹This particular misspelling is especially malicious. It redirects to a number of bogus or dangerous websites, ,including this one: http://104.143.5.145/perror2.php:

scam

If you land here, your computer issues a frightening-sounding beep and presents you with the above screen. You will be unable to dismiss the tab or even close your browser until you have clicked a hidden box that says “Prevent this page from creating additional dialogs.”

If you call the number, a female-sounding computer-generated voice informs you that if you are experiencing problems with viruses or a slow PC, to  please press “1”. I did so, and got no answer. The assumption is that if anyone answered, they would walk you through steps necessary to download malware to your own machine, or ask for credit card details for some bogus cleaning software.

Edit: Just as I thought. This morning I called the number and got a very polite foreign gentleman who walked me through the steps needed for him to control my computer and download Mogg knows what. A full post on the encounter will follow.