SCAM! SCAM! SCAM!

[spacesailor]

Mens ' jewelry '.  LoL

spacesailor

[old man emu]

7 hours ago, Old Koreelah said:

That's coincidental. I've just spent a good part of the afternoon polishing some chrome parts on my bike that I bought after pleading with the Minister for Finance. 

[red750]

Don't know if I'm overcautious or paranoid. My mobile phone is on the Vodaphone network, and I received a call today from a guy who said he was from Vodaphone and wanted to discuss what discounts I was entitled to. I said I usually receive such information by email, so I can be sure it's not a scam. He said he couldn't send am email. I said "Why not? You send the bill by email." He said he couldn't send manual emails, but would send a confirming text. If he had my number to call as a scammer, he had my number to text. What really made me suspicious was that he had an Indian accent. I hung up. 

[Jerry_Atrick]

You did the right thing, Red... They may well use an Indian call centre for these things as they are cheaper (my mobile operator, Three, does), but if they can't manually send an email themselves, they sure can asks their CRM system do send offers.

 

It may have been legitimate, but forgoing a discount is a small insurance premium to pay for avoiding being scammed.

 

The only way I take advantage of offers these days is to call back the company on their phone number I get from their website...  If someone has called my land line, I hang up, and make sure I can hear the dial tone before I start dialling.

 

[Jerry_Atrick]

 

[onetrack]

I don't accept any calls from numbers I don't know. No-one in any big company or organisation calls you anyway, they put every stumbling block and restriction they can find into stopping you from contacting them, so I'm happy to return the favour! If someone really wants to contact me, they'll leave a message.

 

Facebook/Meta and LinkedIn are two of the biggest scammers around. They're both chock-a-block full of false profiles and scammy stunts. I looked at a Facebook page yesterday, but I was told I had to log in to see it properly.

When I tried to log out, it took me 10 mins to find a "log out" button!! It was way down on the bottom left of an obscure page!! Friggin' scammers they are!! They want to track you constantly, and it's reported that they still try to track you, even when you've logged out! So I delete my internet temporary files daily, now.

Of course, I have a fake Facebook profile, I wouldn't have it any other way!! LOL

 

Edited November 11, 2022 by onetrack

[Old Koreelah]

2 hours ago, onetrack said:

I don't accept any calls from numbers I don't know. No-one in any big company or organisation calls you anyway, they put every stumbling block and restriction they can find into stopping you from contacting them, so I'm happy to return the favour!

Gold!

[onetrack]

Well, it looks like the Medibank and Medicare scam emails have started. Despite never using Medibank (or Medicare either - I have full medical cover from DVA as a War Veteran), I got a scam email this morning saying I had a Medicare refund problem. I've never even applied for a Medicare refund in my life.

Whether this is just an African scammer who has found my email address or whether it's a direct spin-off from the Medibank hack, I guess I'll never really know. 

 

I didn't download the scam email, because I have Mailwasher intercepting my incoming mail, and I can examine the email content and headers without downloading them, and risking a virus or trojan.

 

Interestingly, below is the basic typed content and the email header. The rest of the email appeared to be a full copy of an ATO website, complete with a host of images, which show up as random text.

The "form" was obviously a hyperlink to a scam website, set up to harvest any personal information anyone might be silly enough to type into it. I wonder how many they caught today?

Note that the email comes from "alainmacron.org", which is a fictitious site or address. The "CET" timestamp is Central European Time, and shows the email originated from either Western Europe, Morocco, Tunisia or Algeria, who all use CET.

 

 

Problem of payments by electronic funds transfer (HW029)

WHAT YOU NEED TO DO

You have two pending payments, Please update your Electronic Funds Transfer (EFT) payment with Medicare to receive 196.76 AUD.

Please complete the following form.

mygov.au/lodgeandpay [1]

Received: from mail.s064168.furanet.com ([93.93.64.168])
 
by rpi-cro-asav5.external.iinet.net.au with ESMTP; 13 Nov 2022 05:20:47 +0800

Received: from alainmacron.org (localhost [IPv6:::1])
    
by mail.s064168.furanet.com (Postfix) with ESMTPA id 4N8pPl1qT9z6vT8;
    
Sat, 12 Nov 2022 22:20:11 +0100 (CET)

MIME-Version: 1.0
Date: Sat, 12 Nov 2022 22:20:11 +0100

From: "refund@my.gov.au" <refund-notifications@furanet.com>

To: undisclosed-recipients:;

Subject: Problem of payments by electronic funds transfer (HW029)

User-Agent: Roundcube Webmail/1.4.9

Message-ID: <cba45f15f2450600cc88a9d614c8646c@furanet.com>

X-Sender: refund-notifications@furanet.com

 

Edited November 13, 2022 by onetrack

[Jerry_Atrick]

The emails will roll in. They may be just hoping you have a medibank policy because Medibank is a large health insurer in Australia. It doesn't cost them anymore to send 1m emails v. 1 email, so they will effectivley go phishing.

 

 

 

[Yenn]

I heard on the news that someone was advised his by Optus that his details had been made public. He said he hadn't used Optus in twenty years.

I can't really see what Optus are needing to keep anyones details for. I bought an Optus Sim card nearly two years ago and had to show them my drivers licence tp prove my identity. Having done that I see no reason for them to store my details apart from name and address.

[onetrack]

I was an Optus customer back in 2016, but I went over to Telstra that year. Optus have not contacted me, nor can I find out anywhere if my personal details have been kept by Optus, or if they've been acquired by hackers. The management of these companies and organisations is starting to look like utter incompetence at its best.

[Yenn]

Not incompetence, but a lack of care about anyone else. Just boost the profits and reduce outgoings and all will be well. They get vast payouts for their lazy ways and shareholders do nothing about it

[old man emu]

36 minutes ago, Yenn said:

shareholders do nothing about it

Because the major shareholders are institutions whose managers are playing the same game in theirs.

[red750]

Another eight nuisance calls today. Just let them ring. Heard the voicemail "Leave a message" message, straight to beeeps Hopefully they'll get the message and give up.

[old man emu]

I think I just avoided another online one.

 

I was logging into my business email address and there appeared one of those boxes where you have to copy in some squiggly letters and numbers shown in a dialogue box. I wasn't game to follow on so I logged out and tried another access route. That time the dialogue box did not appear.

 

I guess good practice now is that if you weren't told about it in an authentic email from Google etc, don't do what it asks.

 

I wonder what these hackers do with the crap they would get if they got into my emails. Even if they hacked my bank account they would only get pennies.

[Old Koreelah]

3 hours ago, old man emu said:

I wonder what these hackers do with the crap they would get if they got into my emails. Even if they hacked my bank account they would only get pennies.

About time someone set up bait accounts to entrap the scammers, in the spirit of the Paul Newman/Robert Redfor movie The Sting. 

I hope that our Signals Directorate are about to hammer the bastards.

[Bruce Tuncks]

Good onyer old K. I just love the idea of stinging the scammers. As for the big companies keeping info they don't need, it has to be made the law of the land that this is illegal.

Yet another example of corruption?

[Jerry_Atrick]

I don't know if it's corruption or justy lazinesss. After a few high profile data breaches a few years ago, Europe (when the uK was still int he EU) issued GDPR - Genera Data Protection Regulation. It is quite strict about the data protection required - even small companies have to provide a proprtionate level of protection - and only keep data that is needed - consent has to be provided, not implied, and if a someone asks for their data to be removed from their systems, unless there is a legal reason to keep it (e.g. to support warranties), it has to be removed. Also, the company has to supply you all the data it has on you on request. Even my one-man contracting limited (equivalent to pty. ltd. in Aus) has to have a data protection officer appointed and we have to prove the the information commissioner we have in place the necessary controls to comply with the GDPR. If you have offices overseas, you cannot export the data to your overseas office to get around GDPR without the constent of the people's info you are sending, and there has to be a justifiable reason. Of course, if customers sign up directly to a non-EU company (say, Ebay in the US), then that is different.

 

However, the GDPR has provisions to ensure the large third country tech companies (mainly US) do not auto-direct EU customers to their thrid party servers.

 

Also, GDPR protections are not just about customer data - it includes all personal data of all people the business deals with, customers, employees, contractors, etc.

 

Wen it was introduced, the Conservative derided it as an unnecesary expense to business that would cost jobs, blah blah blah. but they shut up when businesses saw the benefits to them, the conservatives became silent - not endorsing it, but not deriding it, either. Ity has generally been viewed as a positive step and one of the few things that the Brexiteers didn't take aim at. It has been adopted in full in UK law, and not one of the areas considered for red tape reduction.

 

I am not sure it is corruption per se that stops strengthened laws, it is just inertia... Will be interesting to see what happens in the wake of the Medibank and Optus datya breaches. Let's see how the AG goes on it.

Edited November 18, 2022 by Jerry_Atrick

[Marty_d]

The thing is, I can't understand why these companies need to keep proof of identity details like driver's licences etc.  

Yes, initially they need people to prove their identity.  But once that identity is proven then surely they just need a big green "YES" instead of retaining details.

Plus it's cheaper!  (Although with Data Lakes now, volume kind of doesn't matter).

[octave]

42 minutes ago, Marty_d said:

The thing is, I can't understand why these companies need to keep proof of identity details like driver's licences etc.  

 

Just after the Optus hack I heard an interview with a cyber security expert and she whilst not exonerating the company totally,  pointed out that the government imposes data retention on businesses.  I am guessing this might be to do with terrorism or organized crime or something.  Many companies find the retention of unnecessary data onerous from a storage and security point of view and have in fact lobbied the government to reduce the requirements.

[onetrack]

Well, I've just endured nearly a week of circus-clown company management, and credit card unauthorised payments to boot. I cannot believe how some of these companys (or organisations) stay in business.

It started when I was bidding on some auction items on Pickles Auctions website. All their auctions are on-line now, they no longer hold any on-site auctions. In many cases, you can't even go and check out the item, you're totally reliant on some useless company employee putting up crappy photos and an even worse description of the item.

 

You need to have a credit card on file with auction houses to verify your identity, and to enable them to grab your money as quick as they can.

 

I bid on about 15 items on Sunday, the auction ended at 6:00PM local time, and I promptly got notice that I'd won only one item, a set of crane tyres on rims. Everything else was "referred to seller" - i.e., passed in.

Pickles usually send out an invoice, and then take the amount owing from your credit card - usually within a couple of hours. There's an initial invoice showing the total amount owing, and as soon as the payment goes through the card, they send out a "zero balance" (i.e., paid) invoice, which you use to show authority to pick up or freight the item.

 

So ... an hour after the auction ends, I get an invoice for the crane tyres. The total was $193.39. Another hour later, I check my credit card, and there's a payment to Pickles of a neat $100. WTF?

This isn't right, so I intend to call them Monday morning. I look at my CC on Monday morning, now there's another $1000 taken out of my CC, credited to Pickles.

 

I try to contact Pickles, and the end result is hanging off a phone waiting for 20-30 mins each time, with no-one answering my call. I go looking for a company contact email on their website, there is none!

I finally find, hidden under "technical support", a contact email that is servicedesk@pickles.com.au. I send them an email, asking what is going on, why the fraudulent payments, and why no zero balance invoice for the tyres, and no payment made for the tyres. No reply to that email.

 

I get a call from a middle level employee, regarding a rotary hoe I bid on. He wants to know if I want to up my bid on the hoe, as it didn't meet the (outrageous) reserve price the seller wants. I told him, No.

Then I said to him, "I have fraudulent payments on my CC and I have not received a zero balance invoice for the crane tyres? What's going on?"

 

He replies "Good grief!! I'll contact my manager about this!". So Monday ends, nothing happens, no contact from anyone in Pickles. Tuesday arrives, the fraudulent payments are still there, and still no zero balance invoice - and still dead silence from Pickles. Another middle level employee calls, he's calling about some truck rims I bid on.

He says the seller has considered my bid, and agreed to sell the rims to me at the bid price. They appear on my "Won" items on my Pickles account. 

 

I ask him the same questions as the previous Pickles caller, about the fraudulent payments, no invoices, no contact, etc. He says, "Oh, email Pickles accounts, they'll sort it out". I said, "I did, and nothing has happened!". He tells me to email them again, and concludes the conversation. Obviously he has no interest in a company area that is not his responsibility.

 

Wednesday comes and goes. Nothing has changed. No invoices, fraudulent payments still there, no contact from anyone in Pickles. I go to my local ANZ branch, the holder of my CC and say I want to lodge a dispute as regards the fraudulent payments. The ANZ bloke is cautious and goes to see his boss. He comes back and says, "Ahh, because these payments are still listed as 'outstanding', they have not actually been paid, and because you deal with Pickles regularly, you may find they pick up their error and delete the charge tomorrow. If the payment actually goes through, then you can dispute the charge or charges!" 

 

Great - so they will do nothing until the payment actually processed. Come Thursday morning, I look at my CC, the fraudulent charges have been processed and paid. I go back to the bank and lodge a disputed payment claim - and get told, "It should be resolved with about 4 weeks" !!

Thursday night, I have a brainwave - I'll lodge a bad review on Product Review. Every company watches Product Review like a hawk, they hate bad reviews, and they will often respond within hours to a bad review.

 

I post up a scathing review, ripping them a new one - and lo and behold, Friday morning, I get an urgent message from a Pickles representative via Product Review messages - "Please contact me with all the details and I'll sort this out".

 

So - I send him all the details - and just a little while ago, about 6 hrs after I sent him the information, he comes back with a feeble apology, no explanation for the massive level of stuff-ups and fraud, and a full credit for everything I purchased on Monday - just over $250 worth. I'm just waiting for the request to remove the adverse feedback, now.

 

 

Edited November 18, 2022 by onetrack

[Bruce Tuncks]

Many years ago, I used to buy cars at auctions. Nowadays, Pickles has a very high reserve price and they usually don't sell the car at any auction I have been at. Winning bidders are invited to "negotiate" ie pay a lot more. The cars, generally unsold, are loaded up and driven interstate for the next auction.

For myself, I stopped going to sham auctions.

[Bruce Tuncks]

They also had lots of damaged current-model cars going for far more than you would think. Apparently they are in demand from thieves who just want the identity and will steal a similar car. Corruption?   Yet another example.

 

[onetrack]

The police did use to watch auctions carefully, and look for individual repeat buyers of wrecked cars, so they could ID gangs indulging in re-birthing.

But with the advent of purely online buying, it probably gives a big advantage to the scammers.

 

I would not be in the least bit surprised to find Pickles accounting system is being run from India. The regular excuse I got when I was trying to pin down the problem, was, "Oh, we've got a new computer system, and everything is centralised on the East Coast, so that makes it harder". I call BS on that, it's simply that Pickles management is outright incompetent.

 

Edited November 18, 2022 by onetrack

[Jerry_Atrick]

1 hour ago, octave said:

I am guessing this might be to do with terrorism or organized crime or something. 

Not far off.. It is a requirement under know-your-client (KYC) under anti-money laundering (AML) regulations. If you remember when the 100 points system was intorduced for opening bank accounts - AML only really applied to banks. But now, AML is a requirement for many types of organisation that hold money on account or could facilitate the payment of money. Ity is a legal required to use certain documentation to verify the identity of clients and hold an audit trail of the documentation used to verify clients.

 

Of course, there is no need to hold the information in discrete databases; in the past we have implementned checks stored in the DB, and noted a physical filing location where physical paper copies were stored. Later, we introduced a digital document store, but it wasn't even connected to the intranet - it was a stand alone computer with a separate physical network to a backup server.