Watch out for Amazon bait

Been getting a couple of emails saying my Amazon order is on hold. I do a lot of business through them, but this sounded a little suspect.

It was. A lot suspect.

Here’s the text of the email:

Your Amazon Order needs Urgent Attention Eric
Order # 687cd87779a67d9796f951915bb564f5 View order details

Amazon Email:
ORDER PLACED: June 24 2016
SHIP TO: Eric View order details

Confirm your Order

Have a wonderful Day – Amazon

with one visit, you will be removed from our list. go here Write to This Address : 6500 hickory valley way knoxville tn 37918-5157

First off, what Amazon order?

This isn’t the first phishing attempt I’ve seen that uses Amazon as a cover. Hey, the company’s so big. They ship out a lot of stuff. It’s easy to lose track of all your orders. They use ground carriers. Which is no surprise — so many online hucksters use such emails to harvest your information.

There’s a special section in Hell for folks such as these. And if there isn’t, there should be. Maybe a special section where the most up-to-date technology is tin cans and string.

If you have even a rudimentary knowledge of online life and your BS detector is semi-operational, this one isn’t difficult to sniff out. In your email reader, look around the FROM header or swing your mouse over the link. It’s sloppy, but you’ll find the actual source of the email.

In this case it’s

Like, who?

Also, swing your mouse over any hyperlinks. There’s not an Amazon to be found in any of the real addresses shown. Surprise surprise.

Oh, yes. Goes without saying. Anything that looks like a link, don’t click on it. Don’t click. Don’t … ohh crap …

I get asked this a lot, particularly on Facebook: So what’s the harm of clicking?

I haven’t checked this specific one, but all kinds of things can happen when you click unknown links. A goodie can be installed on your computer to suck up your personal information. A virus. A piece of malware. Something that may take over your email box and use your address to send out more delightful missives such as this one.

Scared yet?

I have two Amazon accounts; one for purchasing and one for publishing. This email came to the address associated with my publishing account. Another red flag.

This is kind of like my ever-popular PayPal scam. Those phishing attempts are usually in the wrong pond, like to email addresses that have nothing to do with my PayPal account. Oops, try again.

At the bottom of this “Amazon” offering there’s another link to remove my name from that list.

Said the spider to the fly.

Like these guys are invading my email box under false colors anyway. Do you think I’m gonna trust them?

Always be careful when surfing and checking your email. Remember these precautions. Bookmark them, print them, but remember them.

As I’ve written so many times here:

In the meantime, enjoy your computer. Have fun checking out Facebook, Buzzfeed and those cat videos. Feel free to read your news online (including this blog). Buy books from Amazon including mine, heh-heh. Do your shopping online. Use the Internet to make a living. Use the online tools to run several aspects of your life by remote control (like my own use of online banking). It’s safer than it once was, it’s convenient, it’s a Godsend.

But again, be careful.


Beware of those random weird email links


Why argue with a winning malware formula?
Why argue with a winning malware formula?

Haven’t seen them for a while, but it looks like those random email-hijacking links are still around. Why argue with something that works?

I just got one. It had a weird title, something like [etiohg. First clue. It was from a friend I haven’t heard from for a while. It was sent to a bunch of other people, including mutual friends. I know the sender isn’t the most computer-savvy person in the world, so there’s that.

Can’t blame her for sending it. She probably didn’t even know it went out on her email.

This one had no greeting, just a link. One of those shortened ones. Not even a link, but some other one.

Did I click on it? What, do I look like I wandered in off the shrimp boat just yesterday? I did take the domain name of the link (, a made-up name) and typed it in, and it was some shopping site in a foreign language, offering Rolexes for little bit of nothing.

The .eu part of the address is real, and that tells me something about the server. .eu is for European Union, which still exists for some reason.

A ton of red flags, and being halfway computer literate (plus hard experience) meant stay away.

To my understanding, here’s how this works. You click on the link and it somehow gives the sender access to your email account. I think it’s more or less automatic, but the sender basically controls my email. From my address he can send more of these emails, it taps my address book (now numbering in the thousands) and sends more of these emails to some or all of them.

It’s the gift that keeps giving.

So here are my red flags:

  • I haven’t heard from the person in a while. But even if the email is from somebody I regularly communicate with, it’s still suspect.

  • A weird-looking link, usually shortened. I can send anything through and you wouldn’t even know what it is until you click on it.

  • A country code (top-level domain, like .com or .eu) that you don’t recognize. Here’s a list of them through Wikipedia. Bonus points if the country code is from some nation that is not our friend.

  • No message, just the link.

I sent my friend a reply, with a Re: [etiohg in the headline. Here’s the text:

(Friend’s first name), I got a couple of these emails from you. I think someome hijacked your email account & turned it into a spam machine. Might be a good time to change your password. Don’t click the link.”


I didn’t want to scare my friend, but, well … there it is. Now if I had the presence of mind to send that reply to everyone it got sent to (reply to all) I would have done so.

Anyway, if you get one of those, don’t click the link. Then, as I mentioned, change the password of the email account. Now. It probably needed to be changed anyway.

Then maybe — if you actually catch it in time (no promises there), chase that email with another offering your apologies and a warning to not open it.

If you’re unlucky enough to have spread the plague of malware and your friends bit on it, do the obvious thing. Blame it on someone else.


Diving into the phishing hole: How to rebrand a blog

After almost a decade, 1,024 posts and several shifts in emphasis, this blog takes on a new face. A shark’s face.

Generally, a blog is a testing lab. That’s where the writer tests some ideas out, pitches them to the reader and hopes for comments that are not from some Web bot. Through the blog the writer finds out what works, what doesn’t, and maybe what people find valuable. While I’m not one to build my attack on what’s popular, I can understand value when I see it.

That’s why the shark. He’s an old buddy of mine, and it seems every time I feature him in a blog post people pay attention. It’s either his magnetic good looks or he shows up with my most useful niche stuff.

I haven’t named the shark yet. Reckon I should, huh?

Here’s the deal. The Internet is a crazy place, man. It’s the world’s biggest dispenser of junk mail, last-chance advertisements, and the occasional scam. Why? Because the crap is cheap to send and it hooks a lot of people.

Even your standard social-media meme deserves scrutiny. Like is it true that some dot-com gazillionaire wants to distribute his unspeakable fortune to the great unwashed, or is it just Internet blather? And if it’s the latter, is it the benign kind of blather that doesn’t hurt anyone, or is it bait for something else?

Here I plan to dissect the scams as they come in, research them and give you the whole lowdown of what I find out.

Qualifications? A decade and a half as a print journalist, and another decade as a journalistic blogger. This gives me the ability to sniff out rotten phish when I run across it, and a bit of a bad attitude.

Enjoy the fishing hole. Just make sure you spell it right and don’t bleed in it.

Talk to me: What should I name the shark? Please share in the comments.


Sharks in the phishing hole: Two emails, two warnings, one scam

This guy just keeps turning up.
This guy just keeps turning up.

If you’re an average joe you probably have your fill of email scams and attempts to mine your information. I mean the Nigerian princess and fake-package schticks can only go so far.

If you own a web site, you’ll get hit up with some new things. Unfortunately it’s hard to tell the fake from the real stuff, and sometimes the real stuff isn’t too well worded either.

Last week I got a pair of emails; one supposedly from Amazon and one allegedly from my web host.

Here’s the one from Amazon:



Our records show that you have not completed the declaration confirming that none of your websites are directed at children under the age of 13. This declaration is a mandatory requirement for participation in the Amazon Associates Program, and as such, your payments have been placed on hold as of August 31, 2015. On October 31, 2015, your account will be closed if your declaration has not been completed. Any final funds payable will be issued via the payment method we have on file. Once your account is closed it cannot be reopened.

What the … what? It’s a little scary, and it did require my attention. Did they have to word it like that?

Got this one from Amazon. Scary, but legit. Still, exercise caution.
Got this one from Amazon. Scary, but legit. Still, exercise caution.

Backgrounder. I have an Amazon Associates account, which nets me a commission on stuff I sell through the site. It’s tiny income, and Amazon wanted to make sure I’m not one of those cheesy sites that markets strictly to kids.

That one’s legit, so I went ahead and took care of it through the front door. I didn’t use the link provided, but instead slammed open Amazon’s swinging doors and ordered everyone to make a hole as I took care of business. Later with that provided link.


Now here’s the other one, from my Web host. Or something.

1&1 Internet AG via

7:00 PM (0 minutes ago)

to me

Dear Sir/Madam,

The following domain names have been suspended for violation of the 1&1 Internet AG Abuse Policy:

Domain Name: Registrar: 1&1 Internet AG Registrant Name: Eric Pulsifer

Multiple warnings were sent by 1&1 Internet AG Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely, 1&1 Internet AG Spam and Abuse Department Abuse Department Hotline: 480-320-3579


This one smells like scam. McAfee agrees.
This one smells like scam. McAfee agrees.

Notice the request to “click here and download a copy of complaints we have received.” Uh, yeah. I’ll get right on it.

I did check on the link, and it led to some outfit McAfee didn’t like. Here’s what I got from them:

Warning: Trouble ahead Whoa!

Are you sure you want to go there?… may try to steal your information.

Why were you redirected to this page?

When we visited this site, we found it may be designed to trick you into submitting your financial or personal information to online scammers. This is a serious security threat which could lead to identity theft, financial losses or unauthorized use of your personal information.

Accept the Risk


View Site Report

The site report gives it a high risk rating. Taking it further:

rm-webrep-highWeb Category: Malicious Sites, Marketing/Merchandising

Activation: 2011-11-21

Last Seen: 2011-09-29


A couple of dead giveaways, besides McAfee. Like there’s no Type it in and I get nowhere.

Then there’s the phone number, 480-320-3579. It’s some urgent-care outfit, and I should be happy to know my call will be recorded for quality assurance. I didn’t pursue this further.

Understand, these emails/warnings/phishing attempts are aimed at someone who’s been around the Web a time or two. Someone who has an affiliate marketing account and his own website. Not that these mean anything, but still …

Okay. You know the drill. Enjoy your computer. Use it for all the things you ordinarily would use it for — online banking, making an online living, keeping in touch with friends, making phone calls, the whole smash. But be careful out there.


Identity protection email: Scary or scammy?

keyboard locked and chained
Sometimes it’s tempting.

LifeLock is one of the bigger names in online security. A bit of a mixed reputation (which always comes with the business), but generally solid.

Of some of the reviews, the biggest rap against them seems to be how it’s allegedly impossible to cancel your service. Reviewers say they just keep charging and charging for monthly services until you guess the secret word, but a lot of online companies are like that.

Still … imagine my surprise when I got this email from them. The heading was enough to capture anyone’s attention:

Your Identity May Have Been Stolen

That’s enough to make my innards clench right there. Here’s the letter itself:

Scary email from LifeLock
So I got this email …

Now understand, online security is huge business. Even the best, most legit companies around (McAfee, Norton, Kaspersky) make big bucks from scaring the living fool out of you.

Viruses are scary. Malware is scary. Identity theft is tres scary. Think about it. If the average user’s computer bogs down or acts wonky, he’ll probably suspect it’s a virus right away. Even when it’s not.

While a savvy user can minimize these threats by employing best practices (strong passwords, being careful clicking random links, not doing banking over a public wifi system, keeping all protection systems updated), even the best can run into malware or have the identity stolen.

Okay. I did a little quick-and-dirty detective work. Did this really come from LifeLock like the heading says?

Here’s what I noticed right away:

There are several links from the email, and they all go to the same place (this is not a link, so don’t bother clicking it):

This will take you to an affiliate’s page. An affiliate is someone who gets a commission from each unit he sells, and he does not work for LifeLock.

By the way, I got that info from right-clicking the link, going to the context menu and hitting Copy Link Location.

I looked up in the “From” block in the email heading and got this:

From: LifeLock <>
To: [my email address]
Date: 08-25-2015 04:20 PM

With some email clients/systems, you have to click to get that information. But that’s easy and safe to do.

So what does the heading tell me?

It’s not from LifeLock, that’s what. But the aforementioned affiliate link kind of told me that.

This is a bulk email service. I have no problem with that; I use one (Mailchimp) myself. But you have to sign in to get on the email list unless the affiliate just randomly puts addresses in. And if he does, he’s probably not ethical enough for me to want to deal with him.

At the bottom of the email (I know Mailchimp requires this) there’s a link to unsubscribe. With this one there’s also a link to complain to Topica about unsolicited email. Which I clicked. May not help, but it sure felt good.


Anyway, if you get a scary-looking email from a legit company, check it out:

– Where did it really come from — I mean, what email address/domain?

– Where do the links go?

Hey, there’s scary stuff aplenty online and in your email box. A little checking goes a long way in separating the real from the spurious junk.

Usual warnings: Enjoy your computer. Enjoy your online experience. Enjoy those cat videos and stuff. But be careful. It’s a jungle out there.

(For further information, check out my sidebar of best practices for online protection. Though I wrote the list from the top of my head, there’s some really useful stuff. This is really a link, by the way.)


Sharks in the phishing hole: PayPal scam still making the rounds

This guy just keeps turning up.
This guy just keeps turning up.

I saw this on Online Threat Alerts. Evidently this scam still has traction, meaning it must still work.

Why screw up a winning formula?

Here’s the story. And yeah, I wrote about it a few times:

More sharks in the phishing hole: Some folks never give up
Sharks in the phishing hole: That email really isn’t from PayPal


Real quickly:

– If the email has misspellings and formatting errors, red flag. PayPal’s more professional than that.

– If the note is sent to an email account that is not associated with your PayPal account, definite red flag. Don’t laugh. It`s happened to me a few times.

– Check the sender’s email address. That’ll tell you directly whether it’s from them.

Don’t click on the link. Just. Don’t.


Text messaging changes as I get older

oldschool-textSo I was sending a text blast to a few friends the other day. Most of these people are around my age, and I did get responses back from most. I think the only non-responses were from texts I sent to … office phones.

So yes, people my age do text. Don’t look so surprised, huh?

But as I get older I discover the nomenclature has changed a lot. I’m having to relearn the whole text-abbreviation thing. A lot of those I used to use no longer apply.

I found these abbreviations online, and it looks like I’m gonna have to start using some of them. Like, real soon:

  • FWIW: Forgot Where I Was
  • BTW: Bring The Wheelchair
  • ROFL… CGU: Rolling On The Floor Laughing … And Can’t Get Up
  • DWI: Driving While Incontinent
  • LOL: Living On Lipitor
  • IMHO: Is My Hearing-Aid On?
  • IMHMO: In My HMO…
  • BYOT: Bring Your Own Teeth
  • GTG: Gotta Groan
  • FYI: For Your Indigestion…
  • JK: Just Kvetching
  • TTYL: Talk To You Louder
  • MILF: Meal I’d Like To Forget
  • LMDO: Laughing My Dentures Out
  • GOML: Get Off My Lawn

I’m sure there are more. Any others I might use, please share.



Sharks in the phishing hole: Microsoft does not cold-call

Nut graf: The caller claimed to be from Microsoft Security, but it’s a phone-phishing scam.

smile, you son of a b!!!!
This online phish is predatory, but it’s not that smart. Still …

If you get a phone call from someone claiming to be from Microsoft Security, watch it. It’s a crock.

If the person says there’s been a breach and someone’s trying to change the IP number of your computer, you can tell what’s in the crock by smell alone.

If he wants you to give him your IP address, well, the contents of said crock are slopping over.

I got this call Saturday on the house phone. It was from Windows Security in Colorado, and I spoke with some guy named Matthews. Now that’s a white-bread name, right? Except he’s not from around here. His accent sounded Middle Eastern. A minor red flag, but a red flag nonetheless.

Anyway, this Mr. Matthews or whoever he was said someone was trying to change the IP number of my computer. Now, that’s important stuff. I can tell a lot about a guy from what IP number he’s using:

Sign by Danasoft – Get Your Sign

… and …

Sign by Danasoft – Get Your Sign

I did go to that site just for journalistic purposes. Not only does it allow me to look up my IP address, but it explains what one is. Here’s the short version:

“An IP address is an exclusive number online devices use to identify and communicate with each other through computer networks. This process can best be compared to how we receive mail to our home address. An IP address would be most similar to a mailing address, while the network would be compared to the town you live in. Just like our home addresses, information cannot be sent or received by devices without a specific address.”

If you want to read the whole thing, check it here.

The IP address changes from time to time anyway. It’s not static. Another indication that there were sharks in the phishing hole again.

Here’s the deal. This IP number gives someone power. Maybe able to tap into some of my sites, including banking goodies. Certainly able to use my computer by remote control. Or install some juicy malware just for grins.

Matthews wanted to know whether I used the computer for business or personal use, and I asked if it was important. His answer didn’t matter; it was nonresponsive gobbledygook that your average computer wouldn’t really know or care about.

Then Matthews wanted me to hit up and find out. I already anticipated Matthews’ next question, which was to give him that address. The conversation didn’t go that far because, quite honestly, I turned pit bull on him. It was fun.

Matthews wanted me to go to my computer. I gave the excuse that the computer is in another room (true) and can he call my cell number? Which he did. Of course his number (951-143-5447) popped up on my cel. The area code isn’t in Colorado, in fact it’s the same as mine (Riverside, CA). A long way from Colorado, huh?

I kept the conversation going while I did a fast bit of research. Here’s what I found out:

According to the Microsoft user forum:

“BEWARE – Users have been reporting they have received phone calls, some claiming to be from “Microsoft”, telling them that that their computers are infected. The caller asks the User if they are online and if their computers are performing slowly.
If their computers are not running, they will ask the User to boot the system and report on the start up time or, if the system is running and online, they will tell the User that a tech can take over control of it and clean a “virus infection”.
This is a scam !!!
If you happen to receive one of these phone calls ask the caller for the name of the company, where they are located, and their phone number.
Then hang up and report this to:
IC3 (internet crime)
The Local FBI Office ( if you’re in the US)

Microsoft will never, repeat, NEVER, cold call people who use Windows. NEVER !!!

Do not fall for this latest scam.
NEVER allow strangers to take over your computer. NEVER !!!”

Got that part? The real Microsoft does not cold-call anyone.

There’s more, and it’s pretty grim. In a nutshell, it’s not legit. Also here’s some stuff from the Federal Trade Commission.

That’s when I went nuclear on the guy. “Who are you really with?” I asked. Of course he said Microsoft.

Then I hit him with this: I use a Linux system. And he’s full of whatever it was in that crock. I think I ticked him off because he suggested I was full of the same substance. It actually sounded melodious with his accent and all. Then he hung up.

I feel much better.

Now, I know my way around computers. The average person, not so much. You may or may not know what an IP address is or why it’s so important, and it’s a guarantee that some folks would gladly give the info up. And that’s some baaaaad stuff.

Enjoy your computer. Enjoy your online experience. Use it for work, for home banking, for online file storage. for whatever your little heart desires. The Internet is the greatest invention since the toilet seat.

But guard your information. Keep tuned to the scams, and know how to recognize one. Do some quick homework on the fly if you have to. And protect that information.

Computers are still the great unknown to a lot of people. Threats of viruses and malware will scare anyone, and there’s a pretty good cottage industry that plays off this. Even the most legit computer security companies such as the ones who maintain your virus protection programs use this fear to their benefit, which is why they can get away with asking for so much money.

There are sharks aplenty out there, they’re hungry and they smell blood. Make sure it’s not yours.


Who is this guy?


How to choose your social media site

So many choices, so little time.
So many choices, so little time.

Somebody asked me about which social media to use, and here was the answer I gave. Let’s say it depends:

Facebook: People I know.

Google+: People I know and others who share common interests with me.

Twitter: A bunch of random people I don’t know.

Linkedin: People I’d like to know.

Think that covers it.