Watch out for Amazon bait

Been getting a couple of emails saying my Amazon order is on hold. I do a lot of business through them, but this sounded a little suspect.

It was. A lot suspect.

Here’s the text of the email:

Your Amazon Order needs Urgent Attention Eric
Order # 687cd87779a67d9796f951915bb564f5 View order details

Amazon Email:
ORDER PLACED: June 24 2016
SHIP TO: Eric View order details

Confirm your Order

Have a wonderful Day – Amazon

with one visit, you will be removed from our list. go here Write to This Address : 6500 hickory valley way knoxville tn 37918-5157

First off, what Amazon order?

This isn’t the first phishing attempt I’ve seen that uses Amazon as a cover. Hey, the company’s so big. They ship out a lot of stuff. It’s easy to lose track of all your orders. They use ground carriers. Which is no surprise — so many online hucksters use such emails to harvest your information.

There’s a special section in Hell for folks such as these. And if there isn’t, there should be. Maybe a special section where the most up-to-date technology is tin cans and string.

If you have even a rudimentary knowledge of online life and your BS detector is semi-operational, this one isn’t difficult to sniff out. In your email reader, look around the FROM header or swing your mouse over the link. It’s sloppy, but you’ll find the actual source of the email.

In this case it’s

Like, who?

Also, swing your mouse over any hyperlinks. There’s not an Amazon to be found in any of the real addresses shown. Surprise surprise.

Oh, yes. Goes without saying. Anything that looks like a link, don’t click on it. Don’t click. Don’t … ohh crap …

I get asked this a lot, particularly on Facebook: So what’s the harm of clicking?

I haven’t checked this specific one, but all kinds of things can happen when you click unknown links. A goodie can be installed on your computer to suck up your personal information. A virus. A piece of malware. Something that may take over your email box and use your address to send out more delightful missives such as this one.

Scared yet?

I have two Amazon accounts; one for purchasing and one for publishing. This email came to the address associated with my publishing account. Another red flag.

This is kind of like my ever-popular PayPal scam. Those phishing attempts are usually in the wrong pond, like to email addresses that have nothing to do with my PayPal account. Oops, try again.

At the bottom of this “Amazon” offering there’s another link to remove my name from that list.

Said the spider to the fly.

Like these guys are invading my email box under false colors anyway. Do you think I’m gonna trust them?

Always be careful when surfing and checking your email. Remember these precautions. Bookmark them, print them, but remember them.

As I’ve written so many times here:

In the meantime, enjoy your computer. Have fun checking out Facebook, Buzzfeed and those cat videos. Feel free to read your news online (including this blog). Buy books from Amazon including mine, heh-heh. Do your shopping online. Use the Internet to make a living. Use the online tools to run several aspects of your life by remote control (like my own use of online banking). It’s safer than it once was, it’s convenient, it’s a Godsend.

But again, be careful.

Beware of those random weird email links


Why argue with a winning malware formula?
Why argue with a winning malware formula?

Haven’t seen them for a while, but it looks like those random email-hijacking links are still around. Why argue with something that works?

I just got one. It had a weird title, something like [etiohg. First clue. It was from a friend I haven’t heard from for a while. It was sent to a bunch of other people, including mutual friends. I know the sender isn’t the most computer-savvy person in the world, so there’s that.

Can’t blame her for sending it. She probably didn’t even know it went out on her email.

This one had no greeting, just a link. One of those shortened ones. Not even a link, but some other one.

Did I click on it? What, do I look like I wandered in off the shrimp boat just yesterday? I did take the domain name of the link (, a made-up name) and typed it in, and it was some shopping site in a foreign language, offering Rolexes for little bit of nothing.

The .eu part of the address is real, and that tells me something about the server. .eu is for European Union, which still exists for some reason.

A ton of red flags, and being halfway computer literate (plus hard experience) meant stay away.

To my understanding, here’s how this works. You click on the link and it somehow gives the sender access to your email account. I think it’s more or less automatic, but the sender basically controls my email. From my address he can send more of these emails, it taps my address book (now numbering in the thousands) and sends more of these emails to some or all of them.

It’s the gift that keeps giving.

So here are my red flags:

  • I haven’t heard from the person in a while. But even if the email is from somebody I regularly communicate with, it’s still suspect.

  • A weird-looking link, usually shortened. I can send anything through and you wouldn’t even know what it is until you click on it.

  • A country code (top-level domain, like .com or .eu) that you don’t recognize. Here’s a list of them through Wikipedia. Bonus points if the country code is from some nation that is not our friend.

  • No message, just the link.

I sent my friend a reply, with a Re: [etiohg in the headline. Here’s the text:

(Friend’s first name), I got a couple of these emails from you. I think someome hijacked your email account & turned it into a spam machine. Might be a good time to change your password. Don’t click the link.”


I didn’t want to scare my friend, but, well … there it is. Now if I had the presence of mind to send that reply to everyone it got sent to (reply to all) I would have done so.

Anyway, if you get one of those, don’t click the link. Then, as I mentioned, change the password of the email account. Now. It probably needed to be changed anyway.

Then maybe — if you actually catch it in time (no promises there), chase that email with another offering your apologies and a warning to not open it.

If you’re unlucky enough to have spread the plague of malware and your friends bit on it, do the obvious thing. Blame it on someone else.

Diving into the phishing hole: How to rebrand a blog

After almost a decade, 1,024 posts and several shifts in emphasis, this blog takes on a new face. A shark’s face.

Generally, a blog is a testing lab. That’s where the writer tests some ideas out, pitches them to the reader and hopes for comments that are not from some Web bot. Through the blog the writer finds out what works, what doesn’t, and maybe what people find valuable. While I’m not one to build my attack on what’s popular, I can understand value when I see it.

That’s why the shark. He’s an old buddy of mine, and it seems every time I feature him in a blog post people pay attention. It’s either his magnetic good looks or he shows up with my most useful niche stuff.

I haven’t named the shark yet. Reckon I should, huh?

Here’s the deal. The Internet is a crazy place, man. It’s the world’s biggest dispenser of junk mail, last-chance advertisements, and the occasional scam. Why? Because the crap is cheap to send and it hooks a lot of people.

Even your standard social-media meme deserves scrutiny. Like is it true that some dot-com gazillionaire wants to distribute his unspeakable fortune to the great unwashed, or is it just Internet blather? And if it’s the latter, is it the benign kind of blather that doesn’t hurt anyone, or is it bait for something else?

Here I plan to dissect the scams as they come in, research them and give you the whole lowdown of what I find out.

Qualifications? A decade and a half as a print journalist, and another decade as a journalistic blogger. This gives me the ability to sniff out rotten phish when I run across it, and a bit of a bad attitude.

Enjoy the fishing hole. Just make sure you spell it right and don’t bleed in it.

Talk to me: What should I name the shark? Please share in the comments.

Sharks in the phishing hole: Two emails, two warnings, one scam

This guy just keeps turning up.
This guy just keeps turning up.

If you’re an average joe you probably have your fill of email scams and attempts to mine your information. I mean the Nigerian princess and fake-package schticks can only go so far.

If you own a web site, you’ll get hit up with some new things. Unfortunately it’s hard to tell the fake from the real stuff, and sometimes the real stuff isn’t too well worded either.

Last week I got a pair of emails; one supposedly from Amazon and one allegedly from my web host.

Here’s the one from Amazon:



Our records show that you have not completed the declaration confirming that none of your websites are directed at children under the age of 13. This declaration is a mandatory requirement for participation in the Amazon Associates Program, and as such, your payments have been placed on hold as of August 31, 2015. On October 31, 2015, your account will be closed if your declaration has not been completed. Any final funds payable will be issued via the payment method we have on file. Once your account is closed it cannot be reopened.

What the … what? It’s a little scary, and it did require my attention. Did they have to word it like that?

Got this one from Amazon. Scary, but legit. Still, exercise caution.
Got this one from Amazon. Scary, but legit. Still, exercise caution.

Backgrounder. I have an Amazon Associates account, which nets me a commission on stuff I sell through the site. It’s tiny income, and Amazon wanted to make sure I’m not one of those cheesy sites that markets strictly to kids.

That one’s legit, so I went ahead and took care of it through the front door. I didn’t use the link provided, but instead slammed open Amazon’s swinging doors and ordered everyone to make a hole as I took care of business. Later with that provided link.


Now here’s the other one, from my Web host. Or something.

1&1 Internet AG via

7:00 PM (0 minutes ago)

to me

Dear Sir/Madam,

The following domain names have been suspended for violation of the 1&1 Internet AG Abuse Policy:

Domain Name: Registrar: 1&1 Internet AG Registrant Name: Eric Pulsifer

Multiple warnings were sent by 1&1 Internet AG Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely, 1&1 Internet AG Spam and Abuse Department Abuse Department Hotline: 480-320-3579


This one smells like scam. McAfee agrees.
This one smells like scam. McAfee agrees.

Notice the request to “click here and download a copy of complaints we have received.” Uh, yeah. I’ll get right on it.

I did check on the link, and it led to some outfit McAfee didn’t like. Here’s what I got from them:

Warning: Trouble ahead Whoa!

Are you sure you want to go there?… may try to steal your information.

Why were you redirected to this page?

When we visited this site, we found it may be designed to trick you into submitting your financial or personal information to online scammers. This is a serious security threat which could lead to identity theft, financial losses or unauthorized use of your personal information.

Accept the Risk


View Site Report

The site report gives it a high risk rating. Taking it further:

rm-webrep-highWeb Category: Malicious Sites, Marketing/Merchandising

Activation: 2011-11-21

Last Seen: 2011-09-29


A couple of dead giveaways, besides McAfee. Like there’s no Type it in and I get nowhere.

Then there’s the phone number, 480-320-3579. It’s some urgent-care outfit, and I should be happy to know my call will be recorded for quality assurance. I didn’t pursue this further.

Understand, these emails/warnings/phishing attempts are aimed at someone who’s been around the Web a time or two. Someone who has an affiliate marketing account and his own website. Not that these mean anything, but still …

Okay. You know the drill. Enjoy your computer. Use it for all the things you ordinarily would use it for — online banking, making an online living, keeping in touch with friends, making phone calls, the whole smash. But be careful out there.

Sharks in the phishing hole: PayPal scam still making the rounds

This guy just keeps turning up.
This guy just keeps turning up.

I saw this on Online Threat Alerts. Evidently this scam still has traction, meaning it must still work.

Why screw up a winning formula?

Here’s the story. And yeah, I wrote about it a few times:

More sharks in the phishing hole: Some folks never give up
Sharks in the phishing hole: That email really isn’t from PayPal


Real quickly:

– If the email has misspellings and formatting errors, red flag. PayPal’s more professional than that.

– If the note is sent to an email account that is not associated with your PayPal account, definite red flag. Don’t laugh. It`s happened to me a few times.

– Check the sender’s email address. That’ll tell you directly whether it’s from them.

Don’t click on the link. Just. Don’t.

Sharks in the phishing hole: Microsoft does not cold-call

Nut graf: The caller claimed to be from Microsoft Security, but it’s a phone-phishing scam.

smile, you son of a b!!!!
This online phish is predatory, but it’s not that smart. Still …

If you get a phone call from someone claiming to be from Microsoft Security, watch it. It’s a crock.

If the person says there’s been a breach and someone’s trying to change the IP number of your computer, you can tell what’s in the crock by smell alone.

If he wants you to give him your IP address, well, the contents of said crock are slopping over.

I got this call Saturday on the house phone. It was from Windows Security in Colorado, and I spoke with some guy named Matthews. Now that’s a white-bread name, right? Except he’s not from around here. His accent sounded Middle Eastern. A minor red flag, but a red flag nonetheless.

Anyway, this Mr. Matthews or whoever he was said someone was trying to change the IP number of my computer. Now, that’s important stuff. I can tell a lot about a guy from what IP number he’s using.

Here’s your sign:

Sign by Danasoft – Get Your Sign

… and …

Sign by Danasoft – Get Your Sign

If you’re one of those geeks who reads tech manuals in the head, check out Not only does it allow me to look up my IP address, but it explains what one is.

For the less technically inclined, here’s the short version:

“An IP address is an exclusive number online devices use to identify and communicate with each other through computer networks. This process can best be compared to how we receive mail to our home address. An IP address would be most similar to a mailing address, while the network would be compared to the town you live in. Just like our home addresses, information cannot be sent or received by devices without a specific address.”

If you want to read the whole thing, check it here.

The IP address changes from time to time anyway. It’s not static. Another indication that there were sharks in the phishing hole again.

Here’s the deal. This IP number gives someone power. Maybe able to tap into some of my sites, including banking goodies. Certainly able to take over my computer by remote control and use it to bombard the Pentagon. Or install some juicy malware just for grins.

Here’s the synopsis of the call:

Matthews wanted to know whether I used the computer for business or personal use, and I asked if it was important. His answer didn’t matter; it was nonresponsive gobbledygook that your average computer wouldn’t really know or care about.

Then Matthews wanted me to hit up that what’s-my-IP site and find out. I already anticipated Matthews’ next question, which was to give him that address. The conversation didn’t go that far because, quite honestly, I turned pit bull on him. It was fun.

Matthews wanted me to go to my computer. I gave the excuse that the computer is in another room (true) and can he call my cell number? Which he did. Of course his number (951-143-5447) popped up on my cel. The area code isn’t in Colorado, in fact it’s the same as mine (Riverside, CA). A long way from Colorado, huh?

I kept the conversation going while I did a fast bit of research. Here’s what I found out:

According to the Microsoft user forum:

“BEWARE – Users have been reporting they have received phone calls, some claiming to be from “Microsoft”, telling them that that their computers are infected. The caller asks the User if they are online and if their computers are performing slowly.
If their computers are not running, they will ask the User to boot the system and report on the start up time or, if the system is running and online, they will tell the User that a tech can take over control of it and clean a “virus infection”.
This is a scam !!!
If you happen to receive one of these phone calls ask the caller for the name of the company, where they are located, and their phone number.
Then hang up and report this to:
IC3 (internet crime)
The Local FBI Office ( if you’re in the US)

Microsoft will never, repeat, NEVER, cold call people who use Windows. NEVER !!!

Do not fall for this latest scam.
NEVER allow strangers to take over your computer. NEVER !!!”

Got that part? The real Microsoft does not cold-call anyone.

There’s more, and it’s pretty grim. In a nutshell, it’s not legit. Also here’s some stuff from the Federal Trade Commission.

That’s when I went nuclear on the guy. “Who are you really with?” I asked. Of course he said Microsoft.

Then I hit him with this:

  • I use a Linux system.
  • And he’s full of whatever it was in that crock.

I think I ticked him off because he suggested I was full of the same substance. It actually sounded melodious with his accent and all. Then he hung up.

I feel much better.

Now, I know my way around computers. The average person, not so much. You may or may not know what an IP address is or why it’s so important, and it’s a guarantee that some folks would think it’s all very harmless and gladly give the info up. And that’s some baaaaad stuff.

Enjoy your computer. Enjoy your online experience. Use it for work, for home banking, for online file storage. for whatever your little heart desires. The Internet is the greatest invention since the toilet seat.

But guard your information. Keep tuned to the scams, and know how to recognize one. Do some quick homework on the fly if you have to. And protect that information.

Computers are still the great unknown to a lot of people. Threats of viruses and malware will scare anyone, and there’s a pretty good cottage industry that plays off this. Even the most legit computer security companies such as the ones who maintain your virus protection programs use this fear to their benefit, which is why they can get away with asking for so much money.

There are sharks aplenty out there, they’re hungry and they smell blood. Make sure it’s not yours.


Who is this guy?

Shark watch: How safe are your online passwords?

Nut graf: Some passwords are just about useless, and they’re the most common ones online.

If your bank website password is something like 123456, you might as well hide your money under your mouse. It’s every bit as safe.


Still using that old password?

You’re probably giving someone an engraved invitation to access your website, read your information, make unilateral withdrawals from your bank account or create all sorts of havoc.

Splashdata puts together an annual list of the most common passwords, and the top three in the 2014 version are (drum roll): 123456, password, 12345.

Understand the methodology here. Splashdata equates the most common passwords with the worst, and it truly makes sense. Someone trying to break into your system is probably going to start with those.

Also you might want to consider something else. These passwords were leaked in various website attacks. Y’all, if it was leaked I already don’t want it.

Here’s Splashdata’s list of most common passwords in 2014:

Rank     Password              Change from 2013
1             123456                   … and still champion!
2              password              No Change. Better luck next time.
3              12345                     Up 17
4              12345678            Down 1
5              qwerty                    Down 1
6             123456789          No Change
7             1234                         Up 9
8              baseball                 New
9              dragon                    New
10           football                  New
11           1234567               Down 4
12            monkey                 Up 5
13            letmein                   Up 1 (You’re kidding, right?)
14            abc123                    Down 9
15           111111                    Down 8
16           mustang                  New
17           access                       New
18           shadow                   Unchanged
19           master                     New
20           michael                   New
21           superman             New (Batman’s cooler.)
22           696969                  New
23           123123                  Down 12
24            batman                 New
25           trustno1                Down 1

Yeah, the usual suspects.

Random first names show up in the top 100 or so, along with many of your favorite sports teams and cuss words.

I might mention Splashdata has a pony in this race. That company developed SplashID, a password management application.

Some gains, though. Mark Burnett, who knows enough about online security to write the book Perfect Passwords, says fewer are using those commonly weak or weakly common codes:

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years. The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

Maybe people are catching on. I guess having your information harvested or your identity stolen is a clue that something’s wrong.

My passwords tend to in the strong range. But I’m not perfect. In the do-as-I-say-not-as-I-do department, I’m guilty of some password offenses:

I’ll recycle mine, use one password for several sites. They’re strong passwords, but I really need to change some around. Fortunately, most of these recycled passwords are in low-impact sites where it’s not a killer if you get in. More important sites, such as my blogs or banking info, don’t get the recycled stuff. But still …

One of my weakest passwords is the one that gives me root access to my computer. I’m not gonna tell you what it is, but I’m really not all that worried. A guy has to a) have my physical computer, b) know what a root password is, and c) know Linux to make any use of it.

So recycling passwords is not among your best practices. See, I’m already making this difficult.

So where do I keep passwords? There are several options:

My editorial comment here is cast in stone.
My editorial comment here is cast in stone.

– In my head. Good luck with that.
– In an Evernote file. Not real secure. Not with Evernote’s search functions anyway. Some one could type “password” or “pass” into the search bar and strike gold.
– In a file on your computer. Also not real secure.
– In a notebook near the computer. Puh-leze!
– On a sticky note next to the computer. Really. I’ve seen this done an awful lot.
– In an online password keeper such as LastPass. It’s reasonably secure, creates random passwords and all that, but the data is kept online. You use a master password to get in, and I sure hope it’s not 123456. Lastpass has been attacked a few times, and it usually lets its users know it.
– An offline password keeper like KeePass. None of the stuff is kept online. Hey, it’s a whole lot harder to crack when it doesn’t exist in the cloud, right? The only real drawback I see is that KeePass won’t work with some of the niche browsers such as Seamonkey. So there’s that, but a few of the really security-conscious recommend KeePass.

Okay. How do you know if your password is strong enough?

Many websites have a little meter that will let you know if it’s a weak or strong password. Here’s the catch, though. Not all these meters are created equal. It varies by a lot.

This is how LastPass rates passwords. If this was a high-priority site I’d change it immediately.


This is according to the tech site ReadWrite, which cites a study by Concordia University:

“Confusingly enough, nearly identical passwords provided very different outcomes. For example, Paypal01 was considered poor by Skype’s standards, but strong by PayPal’s. Password1 was considered very weak by Dropbox but very strong by Yahoo!, and received three different scores by three Microsoft checkers (strong, weak, and medium). The password #football1 was also considered to be very weak by Dropbox, but Twitter rated it perfect.”

I’ve noticed that. Many of these password-strength meters use the standard indicators: Length of the password. Presence or absence of uppercase, numerals and the good ol’ @$*%^. I reckon some password meters consider whether your password shows up in a dictionary somewhere, but that’s just a guess.

In the interest of stronger passwords, some sites have their own rules. My bank requires at least one upper case letter, one numeral and one symbol. Another bank won’t let you use three of anything in a row, so “anYthing111” is out.

# # #

Personal news: I published my latest fiction work, Desert Vendetta the other day. It’s a mystery involving reporters, corrupt cops, feuding families, casinos, the Nevada and Arizona desert, casinos and the occasional dead body. It’s available on Amazon.


How do I detect an email shipping scam?

Just when you think you’ve seen it all, another emailed scam arrives to remind me that it’s nearly impossible to stay ahead of the curve.

Most recently I’ve been picking up emails claiming to be from Amazon, providing me with information on my order. Like, on my order I never made.

Understand, I do a lot of business with Amazon. I get most of my books through there, plus many office supplies. Anything I can’t get locally I’ll get through Amazon.

Shoot, I can order food items from there too. For those who follow this space y’all might have heard I recently moved to CA from South Carolina, and Southern delicacies are now considered foreign food. I’ll probably end up getting my yellow mustard-based barbecue sauce and Luzinanne sweet tea through them before too long.

So I know a little something about Amazon’s shipping process. This knowledge helps me to sniff out the frequent BS that filters into my inbox.

Here’s the email, as seen by my Thunderbird email reader:

Receive any email like this lately?
Receive any email like this lately?


Keep in mind, I didn’t order anything.

And they’re not Amazon. Check it; I have the sender’s email address circled.

So who’s

According to my web search, nobody. A couple of sites indicate the domain name is up for sale. So forget uexclusive for a moment; they’re not important.

But they’re not Amazon. Or any other big shipper. That’s important.

Oh, yeah. There’s an attachment to this email, and I’m supposed to click it and download it. Yeah, right. If you get this email, don’t do it.

* * *

Here’s some info I got from Scam Detectors:

Fake Amazon/DHL Shipment

amazon shipping scam

How the scam works:

Amazon is one of the most widely used online retailers, with close to 300 million visitors each month. The main reason for Amazon’s overwhelming popularity is its ease of use for consumers. However, with this popularity comes a down side; scams aimed at bilking customers of the online retail giant.

The latest in phishing scams is centered on Amazon shipping notifications, involving scammers sending you an email verification of your processed Amazon order but the email contains an incorrect shipping address.

The victim is then required to click a link in the email to correct the information; when the link is clicked malware is released onto the computer or device that captures passwords or private information.

In a different variation of the scam, criminals claim to be from well-known shipment services such as DHL, UPS, or FedEx, in which they include terms such as ‘tracking notification’, tracking number’, ‘pickup date’ or ‘Processing completed successfully’. Just as in the above Amazon example, the zip file attached to the message contains malware.

DHL scam


Check the email domain name that came with your email. If it’s (or whoever the legit shipper is), that’s one thing. But if it’s something else, it’s probably a scam or an effort to harvest your information or identity.

Which email address did it go to? Another dead giveaway. Email addresses are cheap; everyone’s got a bunch of ’em. I have close to a dozen myself. But only two of these addresses are associated with an Amazon account. Surprise — it’s not one of them.

For the gazillionth time, enjoy your computer. Have fun online. But watch out for those sharks in the phishing hole. Again.


Still more sharks in the phishing hole: That PayPal email scam sure gets around

smile, you son of a b!!!!
This online phish is predatory, but it’s not that smart. Still …

I know. I’ve written about it before, but it just won’t go away.

In a blog called Miraculous Ladies I saw another account of the infamous PayPal email scam that just keeps bugging me. Here’s the gist of it:

I received an email from PayPal yesterday afternoon. It was about a restriction on my account. While reading the email and noticed two things. First, their email address was Secondly, I spotted grammar mistakes. Alarm bells rang!

I logged into my PayPal account. There were no messages about my account being restricted.

– See more at:

That’s the main stuff here. She outlines things to watch out for, which is really useful stuff.

I’ve written extensively about this myself, as I’m sure you know:

Sharks in the phishing hole: That email isn’t really from PayPal

and …

More sharks in the phishing hole: Some folks never give up

This begs the question. Just what is this card-carrying member of the Testosterone-Toting club doing on the Miraculous Ladies site?

Linkedin, of course. Got the link from there. So if you’re on LinkedIn you’ll see the discussion.

Anyway, you know the deal. Watch out when you surf. You could be sharing waves with something predatory.


Talk to me: Have you run across this email yet? Have you clicked on that link yet? What were you thinking?








More sharks in the phishing hole: Some folks never give up


Got me another one, Ethel. Another of those notes from PayPal saying my account has been temporarily blocked.


Just for grins, let’s take a look at the email to find the obvious BS. because this stuff is getting old.


   Unfortunately , Your account is temporarily blocked   please follow the instructions below 

    Dear ΡayΡal Customer,

    ΡayΡal is constantly working to ensure security by regularly screening the accounts in our system.
We recently reνiewed your account, and we need more information to prove your ownership .
to help us to provide you with a secure serνice.
Until we can collect this information, your access to sensitiνe account features will be limited.
We would like to restore your access as soon as possible, and we apologize for the inconνenience.

    Why is my account access limited?

    we haνe reason to belieνe that your account was accessed by a third party.
Βecause protecting the security of your account is our primary concern, we haνe limited access
to sensitiνe ΡayΡal account features.
We understand that this may be an inconνenience but please understand that this temporary
limitation is for your protection.

    How can i get my account fully restored ?

     Please follow the link below and login to your account then reνiew your account information

     Confirm now

     Sincerlye ,ΡayΡal customer department!



Yeah, yeah, yeah.

A couple of things come to my attention:

Here’s the horse it rode in on email address it came from:

Got that so far? Doesn’t look like a PayPal to me.

A couple of other things that in of themselves are not deal breakers, but they’re sure red flags:

Unfortunately , Your account is temporarily blocked

   please follow the instructions below

Notice the space between Unfortunately and the comma. Again, no biggie by itself, but it’s far from what a professional operation like PayPal would produce.

There are other grammatical errors, mostly in capitalization. And it’s not “sincerlye.”

This tells me this note was written by someone who does not speak English as a first language. Russian perhaps? North Korean? One of those nations that specializes in malware and computer hijacking?

After checking my firewalls, bumping up my security and all that good junk I clicked on the link. Here’s what I got:


Reported Phishing Website Ahead!
Chromium has blocked access to This website has been reported as a phishing website.
Phishing websites are designed to trick you into disclosing your login, password or other sensitive information by disguising themselves as other websites you may trust. Learn more

* * *

In case anyone misses it, it’s on a red background.

Now, I don’t ever advocate clicking on links like that. In fact, if you click on “confirm now” in the text of the letter, you probably need to snip your Internet connection, turn in your computer and stick with something safe. Like skydiving or something. I figured I can get away with it because a) I know what I’m doing, b) my security is extremely tight and c) I’m using Linux anyway.

Oh, yeah. I forgot to mention. This email came in two of my accounts (I have several). My PayPal account is only attached to one domain name. These two email accounts are under another domain name. So as far as these senders are concerned I really don’t have a PayPal account.

Hey, y’all. Watch the sharks.

# # #

First add: I covered this issue before, and it keeps coming back. You’ll find my story here.

# # #

Second add: I also ran some precautions when I wrote that. They were pretty much off the top of my head, but the original story is here. I pasted in the list below just ’cause I like you:

  • Choose your tools carefully. If you use Internet Explorer, take that icon off your desktop right now and surf with a different browser. Chromium (an open-source version of Google Chrome) is good, as are Firefox and Opera.
  • Keep that browser updated.
  • Be careful about passwords; PayPal_Andy’s advice of having a designated password for each site is highly recommended, even though I’m guilty of using the same passwords for more than one site.
  • Don’t open any attachments if you don’t know the sender.
  • Be wary of attachments from someone you know; zap it with your virus and malware protection tools before you open it.
  • I’d also be wary of links sent by email, especially when they’re shortened through or some other service. Also be careful of links posted on your favorite social media sites; you can click on some malware real easily that way. I’ve seen malware propagate among everyone on your friends/followers lists, making them the gift that keeps on giving.
  • You do have virus protection, don’t you? You do keep it updated, don’t you? Virus protection that’s not kept up to speed is totally worthless.
  • Grab some spyware protection, too. For that I recommend Spybot Search And Destroy.
  • Be careful about using public wireless for any business involving money; it’s too easy to tap into your information that way.
  • If surfing in a public place, watch for anyone behind you or sit with your back against a wall. I know this sounds goofy, but when some lowlife is trying to grab your information the low-tech ways are often the most effective.
  • Don’t let me scare you or anything.

If you use a smartphone:

  • Guard it with your life. Even if you want to be a good neighbor and help someone in a pinch, don’t let that person “hold” your phone. It’s too easy for him to snatch it and run. Most smartphones carry way more information than you’d think, and most of it can be found in seconds.
  • Be careful about dropping or leaving your phone somewhere. Same reason.
  • I use a lanyard from an old mp3 player and attach it to my phone holster. The other end is attached to a small carabiner, which I clip onto a belt loop. The holster’s flap is closed when I’m not using the phone. That way, if the holster falls off (happens more often than I’d like to think) or someone tries to snatch it off your belt, you’d know immediately.
  • Stay aware of what’s around you, even if you’re texting or playing Angry Birds. I’ve heard of folks stealing someone’s phone while the person is using it.
  • Two words: Password protection.

# # #

Final add: For your edification and amusement, I added this video at the last minute. It seemed to fit the theme somehow. I wonder if anyone told the diver that one side of his cage is missing?

# # #