I get a ton of emails saying I've won stuff or "welcome to "

The odd thing is they're all from "star [something] @ [gibberish] .com" and address me as Star. That's my daughter's name. Someone's spam database got us mixed up.

By John M. Williams (Jay) on Thursday, December 08, 2022 - 09:47 am: Edit

When I was in college, we had a bank's database get messed up even worse. Back then, banks would send out pre-approved credit cards. We received a card with a $500 limit in the name of my roommate's cat. We were really temped to max out the card and let them to try to collect against the cat but decided that we would probably end up on the hook anyway so didn't.

By Ginger McMurray (Gingermcmurray) on Thursday, December 08, 2022 - 09:53 am: Edit

Holy crap! What sort of meth-induced SQL statement did someone have to write to make that happen?

More likely it was the backend inserting answers to security questions into the wrong field, but still. some QA team should have been fired over that one.

By Mike Erickson (Mike_Erickson) on Thursday, December 08, 2022 - 10:50 am: Edit

There was a magazine columnist years ago who would sign up for and fill out various things using the names of superheroes living at his home address. He'd check the various boxes for "do not share my address" and so forth. Soon thereafter, there would be all sorts of offers coming in the mail (including credit cards) addressed those superheroes.

Hypothetically, if a credit card offer did come in the mail addressed to a house pet, if a human took the action of responding to the offer and using that card, then that human is the one responsible. A cat can't accept a credit card offer or purchase merchandise.

I'd also imagine that any offer send to the cat would most likely be associated with the SSN of the owner somewhere in the computer records at the bank.

Disclaimer: One of our cats can turn on/off light switches, open cabinets, and open amazon packages. It's only a matter of time before he gets his own credit card and starts driving.

--Mike

By Richard Eitzen (Rbeitzen) on Thursday, December 08, 2022 - 11:54 am: Edit

A friend of mine had a cat they could take to the pet store. They'd make a sort of nest with a towel in a shopping cart and the cat would sit there as they went through the store *WITH* the cat. The cat seemed to like going to the store, one time when they went to the aisle with cat toys, the cat got quite interested in the display.

I wonder what was going through his mind. He is a smart cat; would open cabinets, doors, meow for us to open windows for him to sit in. One single time, I saw him take his paws and try to open a box of cat treats in a similar way to how a human would. He was unsuccessful, lacking real hands, but ••••, I felt for him when he tried it.

By Mike Erickson (Mike_Erickson) on Thursday, December 08, 2022 - 01:43 pm: Edit

>> lacking real hands

It's so hard not having opposable thumbs.

--Mike

By John M. Williams (Jay) on Thursday, December 08, 2022 - 02:25 pm: Edit

This wasn't a credit card offer. This was an actual, ready to go card with a $500 limit. My roommate could have signed the back and used it that day.

This would have been in about 1992 so I'm not sure to what degree SQL statements would have had anything to do with it. My roommate used to use different forms of his own name (including his cat's name) to informally keep an eye on who was selling his name to whom. We suspected that the bank got the name from a financial magazine subscription in the name of his cat.

By Ginger McMurray (Gingermcmurray) on Thursday, December 08, 2022 - 03:07 pm: Edit

SQL was around long before the 90s but if he was actually using his cat's name then that's gotta be it.

By Steve Cole (Stevecole) on Thursday, December 08, 2022 - 03:30 pm: Edit

The cascade of internet content providers having to backtrack their sponsor links continues. In all cases, this is just the story I heard and pass along as one point of information; you should check things out for yourself before making any yes/no decision.

Kamikoto Knives is owned by the same lady from Hong Kong who owns Established Titles. They claim to be the finest steel but are in fact made from the worst possible steel (at least, the lowest grade anyone ever used for knives). They say they are "ancient Japanese tradition" but they are made in a factory in China by minimum (Chinese) wage workers. They only have one Japanese-made knife on their website and it is out of stock permanently; they never sold any of them. Ask yourself if a company selling premium $300 kitchen knives really sells at 70% off for black Friday. These knives dull easily and require constant sharpening. They are NOT premium grade ancient Japanese magical knives.

Some of the financial advice channels I watch had ads for SBF/FTX and are now backtracking very hard. I confess I never got into crypto but I learned 50 years ago to never, ever, give an exchange/broker the right to trade your account for you without asking. That should have been a red flag to start with.

By Daniel Eastland (Democratus) on Friday, December 09, 2022 - 08:55 am: Edit

The default username and password for the Oracle database software, for many years, was "scott" and "tiger" - being the name of the developer and his cat.

The number of public facing databases I was able to hack into just using scott/tiger is frightening.

By Alan Trevor (Thyrm) on Friday, December 09, 2022 - 09:16 am: Edit

I heard a slightly different version of the Kamikoto Knives story. According to the version I heard, the steel wasn't "the worst possible" but wasn't "the finest steel" either. It was rather ordinary budget-priced steel, adequate for some tasks that didn't demand particularly high quality steel. As I heard it, the Kamikoto knives were pretty ordinary budget-grade kitchen knives; not terrible in and of themselves but certainly not in the same class as genuine high-grade kitchen knives.

The version I heard does agree with the version SVC heard, that they were something of a scam.

By Mike Erickson (Mike_Erickson) on Friday, December 09, 2022 - 09:49 am: Edit

Caveat emptor

By Steve Cole (Stevecole) on Friday, December 09, 2022 - 11:30 am: Edit

The steel is 420J2 which is about the lowest grade of steel used for cheap knives. It is not super-high-grade premium steel. It holds no edge, requires continual sharpening, and isn't very hard. It is apparently not sourced from ancient Japanese mines and I doubt it's produced in a process taking years or supervised by master Japanese knife gurus.

By Douglas Lampert (Dlampert) on Friday, December 09, 2022 - 11:59 am: Edit

Well, I've been told that a big part of the reason that Japanese blades were made with so many careful folds, is that their steel basically sucked, and they had almost no native ores, and the swordsmiths were desperately trying to make something usable that would hold an edge out of it.

European sword smiths were familiar with folded steel techniques (see Damascus steel) and generally considered it not worth the bother due to the higher grade steels available in Europe.

So pretty bad steel may well be closer to traditional Japanese methods than something better.

By Jeff Anderson (Jga) on Tuesday, January 03, 2023 - 01:52 pm: Edit

I used to get called four to five times a day, robocalls, with questions about a major order I allegedly placed with Amazon.

"Used to." Those calls have completely disappeared.

Thinking back, I think they disappeared not too long after Russia attacked Ukraine.

Could the scammers be Russian or Ukrainean, and are now employed by their homeland in the cyberwar battlefield between them?

(If that IS the case, could these scammers/bad players have ALWAYS been State actors, and would that mean their scams/attacks on U.S. citizens be State sanctioned... )

By Jeff Guthridge (Jeff_Guthridge) on Tuesday, January 03, 2023 - 02:22 pm: Edit

Jeff, there have been a number of under-the-radar changes to policy the FCC has been instituting int he last year or so. STIR/SHAKEN is one, but another more effective one was to permit the big Telcos to start blocking inbound calls from known spammers. Its helping, but until the cost to make sales calls increases, this won't change.

Frankly, if I were the prince of the planet, I'd setup a star code that end users could use to report a spam call. Get a spam call, hang up, dial the star code, and forget about it. I'd further incentivize this, by requiring the telco to instantly and without review issue a $1 credit to the subscriber. To keep the telco happy, they could then issue a $2 charge to the upstream source of the call, that upstream could pass on a $3 charge to their upstream and so for until the spammers get located and fined into oblivion. And if a telco's couldn't trace it, they would be left holding the bag and have to eat the cost. Either way, its a win for the end user.

Ever since I worked with a telemarketing company in the 90's (I worked in the IT department), I have wondered just how easy it would be to crash the civilian telecomm net by a dedicated bad actor. When I get a dead-air call, I think back to these things and wonder if its just testing the machinery that would be used to jam the lines and prevent civilian communication before someone did something really nasty.

By Mike Grafton (Mike_Grafton) on Wednesday, January 04, 2023 - 07:43 am: Edit

" And if a telco's couldn't trace it, they would be left holding the bag and have to eat the cost."

THAT wouldn't last.

The telecoms would SCREAM and lobby to get out of it. Then they'd figure it out and make out like bandits for a while. Then spam calls would go extinct.

The problem is suppose I have a cell phone from cricket, who is using a sprint tower near me, which relays through an AT&T center, which goes to a Google data center, which has a VOIP connection to a Spectrum server, which has been spoofed so no one is sure who the bad guys are.

Does everyone still get a dollar (except Spectrum which has to pay $4 or more out of pocket)?

This reminds me a bit of how early Phone Phreakers used to work...

By Jeff Guthridge (Jeff_Guthridge) on Wednesday, January 04, 2023 - 10:01 am: Edit

Mike, your on target. The idea being to punish the enablers of the calls with such massive fines that it becomes financially ruinous to let the call centers to operate on your network, unless the call center pays up for bothering people. And we know how much that sort of scum loves charity...

Yes, every party gets a dollar, until the last party who can't pass the buck. And, yes, the scheme depends on every telco -- in between the subscriber who reported it and the scum who bothered them -- "simply acting as the billing agent" like their goto excuse for many years over those foreign 900# call scams from the 90's and 00's.

To put it in different perspective, since its a top-loaded scheme (I.e. if the upstream party doesn't pay, the downstream has a real loss to manage), how much credit do you think AT&T would let Google have? How much would Google let Spectrum have? Once the big players have real losses as data points, the bad actors will run their enablers out of business. In the mean time it puts the onus on deep pockets that can more readily absorb the hit to pay the poor soul on some hot list the odd dollar or two.

Mind you, its a idea that would need a fair be of refinement before being put into practice. It would probably get lobbied into nothingness (like NY's new right-to-repair law), hence why its one of my "When I'm prince of the planet" ideas.

By Randy Green (Hollywood750) on Wednesday, January 04, 2023 - 02:55 pm: Edit

Any idea how phone numbers get spoofed? How does that play into the conversation above? I'd hate for my spoofed phone number to get listed as a scam number.

By Jeff Guthridge (Jeff_Guthridge) on Wednesday, January 04, 2023 - 03:22 pm: Edit

Randy, the short version is this. The outgoing call center is supposed to add that information. Years ago, part of the setup process of a FAX machine was to enter your dedicated FAX line number. Its basically that simple. For regular subscribers like your home/mobile service, this is done at the telco level as a 'convenience' to you. For larger scale companies, their PBX is suppose to do it. Just like larger mailings from anyone are supposed to be sorted by zip code before handing off to the post office.

As for how the scammers choose what number to spoof? Usually they select a "known active" number in your area code and prefix from their list and use that as the callerid number supplied to the their upstream.

A scheme such as mine doesn't depend on CallerID in the least, mostly because its been proven to be absolutely pointless.

By Randy Green (Hollywood750) on Wednesday, January 04, 2023 - 07:31 pm: Edit

Thanks Jeff! Nice explanation.

By John M. Williams (Jay) on Monday, January 16, 2023 - 10:58 pm: Edit

My first scam via Facebook direct message:

Hello everyone sorry for the inconvenience, I'm here to explain my situation maybe you would be available, interested and able to help me in my project Try to read me to the end God bless you.
My name is FRANCINEAU CLAUDIE of French origin, I am an IT Analyst and Consultant whose experience I have had for 11 years, I have no children, my husband left me for almost 7 years, we too we don't have the idea of adopting at least one child.
When I was working, I opened an account specifically to save a total of $358,000 to be able to open a private company that will be used to care for orphans, destitute and homeless children.
Unfortunately the disease took me for almost 2 years, I no longer have the strength to be able to get up to achieve my dreams I have a brain tumor, and lung cancer The results of some of my tests doctors have proven that my days on earth are numbered despite my financial situation
The priest and the spiritual leader of my church advised me to make a private donation by finding a person who could take the responsibility to be able to carry out this project in my name with the money so that the Lord forgives me my sins.
I only ask for your prayers that my operation will go very well.
Thank you, God bless you abundantly.

By Mike Erickson (Mike_Erickson) on Tuesday, January 17, 2023 - 12:48 am: Edit

Wow, that sounds like a really great deal. Almost too good to be true! Why don't you give her your bank account number so she can send you the money?

--Mike

By Joseph Jackson (Bonneville) on Tuesday, January 17, 2023 - 04:13 pm: Edit

Yes, think of the children! At least think of that oddly specific 358 G's. Oh those poor, disease ridden, wealthy, and abandoned French IT analysts. They have so much heart.

By Mike Dowd (Mike_Dowd) on Wednesday, January 18, 2023 - 08:42 am: Edit

"Sorry sister, but you're going to H.E.L.L, since I won't accept any money from you. Have fun down there!"