 The Clarinet BBoard
|
Author: DavidBlumberg
Date: 2007-08-13 23:51
This has been mentioned before, but since there are new viewers all the time, worth a mention again:
There are a ton of teaching scammers out there. If you get an e-mail from someone looking for lessons, always look in that e-mail for a local phone # to start with.
Here's text that a typical scammer will send in their phishing e-mail:
They ask upfront:
-----------------------------------
*Your studio policy with regard to fees, cancellations, and make-up lessons
*Do you provide performance opportunities for students?
*Total fees for three month lessons(two one-hour lessons in a week)
*Your teaching location and phone number.
My best regards,
----------------------------------
Those questions are reasonable questions for a student to ask (well, not the total fees part), but the way that they are asked is something that really should be talked with personally. Not that a scammer is above making a long distance call to firm up the scam, but the verbage all in a row is a red flag.
When someone is asking about costs for more than one lesson a week is a certain red flag. That they don't refer to anything locally (name of a local school that the student attends, a band directors name, etc) is also a red flag.
http://www.SkypeClarinetLessons.com
|
|
Reply To Message
|
|
Author: Chalumeau Joe
Date: 2007-08-14 00:12
Perhaps I'm a bit dim, but I don't get this. I don't see how it's a scam -- perhaps the caller is wasting your time and has no intention of taking lessons from you, but if there's no real "fraud" involved, then it's not a "scam". (I also don't see what the caller would get from you that would be of any value, other than knowing how much you charge.)
Lastly, what's wrong with asking about total fees? I'd certainly want to know that if I was going to take lessons.
|
|
Reply To Message
|
|
Author: Mark Charette
Date: 2007-08-14 00:20
Chalumeau Joe wrote:
> Perhaps I'm a bit dim, but I don't get this. I don't see how
> it's a scam
When you get one you'll know ... "My (son/daughter) will be visiting your area and I want them to continue their music lessons. Please advise me of ..." "My friend will be escorting them and will pay you ..."
They will pay in advance with a cashier's check that is for an amount greater than the lessons "so my son/daughter can have some spending money".
The cashier's check will be bogus.
Notice that they hardly ever mention any specific instrument - the same bogus mail is sent to _any_ music teacher. I had fun one time and told them I charged $400/hr. That was just fine with them and they continued with the messages.
|
|
Reply To Message
|
|
Author: DavidBlumberg
Date: 2007-08-14 00:25
These aren't phone calls, they are e-mails. And that bogus cashiers check that you cash will end up costing you big bucks when it costs you $$ from it being returned.
The real ones are "my son attends central high and you were recommended to us by his band director Mr. Little Stick. Are you accepting students, and what do you charge?"
that's legit.
http://www.SkypeClarinetLessons.com
|
|
Reply To Message
|
|
Author: DavidBlumberg
Date: 2007-08-14 00:29
Here's the whole text from one I just got:
Hi,
How are you doing today?I need a private instructor for my son (Paul)
with regard to your Clarinet lessons.Paul is 14 year old,a beginner and
doesn't have any previous experience in the lessons .He'll be coming to your
location for the lessons starting from August 27th.I'm currently out of the
country for a new job appointment in London.He will be staying with my
cousin living there for the period i'll be out the country.Get back to me
with the following details:
*Your studio policy with regard to fees, cancellations, and make-up lessons
*Do you provide performance opportunities for students?
*Total fees for three month lessons(two one-hour lessons in a week)
*Your teaching location and phone number.
My best regards,
John.
http://www.SkypeClarinetLessons.com
|
|
Reply To Message
|
|
Author: Tobin
Date: 2007-08-14 00:31
Right at the beginning of summer my wife received this exact kind of scam...exactly as David describes it.
My wife, wonderful and very smart, without realizing it took this all the way to receiving the check from the scammer.
Confused about the check which arrived, so grossly over the amount required she asked me about it. I subsequently was floored (I'm putting that politely) at how close we were to being ripped off only because my wife had no experience with this scam.
The check was from the "Colgate-Palmolive company" and featured the correct address for the company stated.
There was a separate banking address.
I called the Colgate-Palmolive company and spoke with there finance department which confirmed that the check was fake and that the person who claimed to be arranging lessons never worked for their company.
Just be careful!
James
Gnothi Seauton
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-14 01:56
I'm curious... what's "the punch line" here... when you get this check, were you to deposit it, it would bounce and cost you money. At what point in this scheme does the scammer benefit?
Sorry if I'm being a bit dim, but I don't get it...
|
|
Reply To Message
|
|
Author: Mrs_gekko
Date: 2007-08-14 01:58
I had someone try this scam on me but with furniture. He said his daughter was going to school in my area and needed a dining room table, he was going to send a cashiers check the next day for the full amount along with a truck to pick it up.
I questioned why a college kid would need a $4500 danish modern table so I stayed in contact with him.
He then emailed me a few days later and said his "secretary" got my payment confused with someone elses's and was sending a check for $9000., I was to cash the check, keep an additional $250 out "for my troubles" and get another check issued to some other guy and mail it.
The check was from an account that had been closed many years ago. ARGH...
Why do people feel the need to try to scam?
***getting off my soapbox now***
Donna
|
|
Reply To Message
|
|
Author: Tobin
Date: 2007-08-14 02:05
You receive the check and it gets deposited. I believe most banks take several days to process checks (even with current technology and federal standards) and while the check is processing the rube mails the difference to the scammer.
A couple days later the check bounces, and you are out the difference.
James
Gnothi Seauton
|
|
Reply To Message
|
|
Author: grifffinity
Date: 2007-08-14 02:11
Quote:
I'm curious... what's "the punch line" here... when you get this check, were you to deposit it, it would bounce and cost you money. At what point in this scheme does the scammer benefit?
The scammer ends up stealing your money by first, paying you with a check that is over the amount you need. A $2000 check for $500 in service. They ask that you give them the $1500 they overpaid you in cash or check. Obviously, when the bogus check bounces, you are out th $1500 plus any fees charged by your bank for depositing a bad check.
|
|
Reply To Message
|
|
Author: cigleris
Date: 2007-08-14 13:04
This happened to me, someone sent me an email regarding lessons out of the blue. I emailed back asking where they got my email address and low and behold there was no reply.
Peter Cigleris
|
|
Reply To Message
|
|
Author: JJAlbrecht
Date: 2007-08-15 15:10
Someone tried to do the same deal on me with Ham Radio gear I was selling. I told him I would meet him on a weekday, at my bank, which is right next door to the town police station. I never heard back from the joker.
I have also seen the same scam played on photographers to shoot a graduation party or a wedding, or other such deals.
Jeff
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-15 15:32
I think the rules to follow here are simple enough. If you get a solicitation via email, after (possibly) reading it, delete it. End of story.
Note that there are no intermediate steps between "delete it" and "end of story". That means that answering a scam/phish email should not be an option, and for good reason: many phishing scams merely seek to confirm your email address, and once confirmed, be ready for more junk solicitations!
Here's the deal: just because you receive email from a scammer/phisher means nothing in and of itself. Chances are that your email address was gleaned from the web by a bot and put on a mailing list. Now, there are plenty of inactive/expired email addresses posted on the 'net, so how does a scammer know which ones are active? Which are the ones to pursue? Here's how they know: BY YOU WHEN YOU ANSWER THOSE EMAILS!
That's right, YOU help them to send YOU more email by answering their original phishing email.
There are no free vacations, inheritances from a distant, deceased relative living in obscure parts of the world, no premiums paid for music lessons, no lottery winnings, no old high school friends looking to reacquaint themselves with you... And long-winded stories like "my son's friend the elephant trainer's second cousin's aunt's hairdresser wants to take clarinet lessons from you"... should be another tip-off.
So sure, you can read those emails, but don't for a second be tempted to keep them or reply to them.
There's no free lunch.
Post Edited (2007-08-15 15:40)
|
|
Reply To Message
|
|
Author: C2thew
Date: 2007-08-15 16:14
this is basically an advance in technology exploitation. If you look at your spam box, you'll find hundreds of emails regarding things that you would normally search to buy. for my case, i like electronics and use buy.com occassionally and receive emails from computer "bots" that have fisched your information through cookies and create spam emails to try and get more of your personal information.
i get hundreds of spam emails regarding hard drives now on sale or discounts that aren't verified through a major website.
learn from the news and from everyone else. NEVER GIVE PERSONAL INFORMATION TO THE INTERNET! (unless it's a trusted site)
Our inventions are wont to be pretty toys, which distract our attention from serious things. they are but improved means to an unimproved end, an end which was already but too easy to arrive as railroads lead to Boston to New York
-Walden; Henry Thoreau
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-15 16:51
C2thew,
Just to reinforce what you wrote about, when window shopping online, merely browsing a website for a specific item will often result in your receiving unsolicited email from other companies (supposedly) selling similar wares, even if you didn't enter any personal information on the website(s) you originally visited.
|
|
Reply To Message
|
|
Author: Mark Charette
Date: 2007-08-15 17:40
Ski wrote:
> Just to reinforce what you wrote about, when window shopping
> online, merely browsing a website for a specific item will
> often result in your receiving unsolicited email from other
> companies (supposedly) selling similar wares, even if you
> didn't enter any personal information on the website(s) you
> originally visited.
That's actually not possible; you entered your email on some site or you allowed some sort of bot/virus/trojan on your computer that fed your email to a site. The sites allow a data aggregator to code you with the sites you visit, and there's the possibility that it all gets put together for targeted emails.
The problem with spam is that it works ... if it didn't we wouldn't have any.
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-15 19:33
Mark,
I realize that it shouldn't be possible, but there have been countless incidents... once I went website shopping for an antique lamp. Without ever entering any personal information whatsoever (trust me, I know better), I suddenly start getting unsolicited emails from companies hawking antique lighting, torchieres, candelabras, you name it.
Same has happened in the past while shopping for cameras, mortgages (now a common thing), cars, even printing firms; at one time I wanted to have postcards made up. Checked out one website for pricing and later that day I got solications from a variety of other printing firms.
Coincidence?
|
|
Reply To Message
|
|
Author: EEBaum
Date: 2007-08-15 21:29
Ski:
Mark was careful to emphasize that you entered your email on **SOME** site. It doesn't have to be the site you're browsing on. Piece by piece, your personal information can be reconstructed. Sometimes it happens because a site leaked your info. Other times, pieces of your information can be put together by seemingly independent entities. One entity knows there's a link between you and your email address, the other knows there's a link between you and visiting a camera shop. If those entities get together, bam, your address is out.
The tricky part is identifying the "you" part. The less reputable of sites you visit and software you install, the more likely that something is aggregating your visit data or peeking at someone else's cookies.
There are lots of ways to mitigate the risk. I use Firefox with the NoScript extension, and get no spam of the personally-coincidental sort you suggest. I also avoid helper applications... no google toolbars, no password managers, no pretty web cursor apps, no cute little animated character that talks to me. I'm also careful about what I download (if something looks fishy, I google the name of the product along with the word "virus" or "trojan" or "spyware" and see what comes up) and download only from reputable sources... no free screensavers from sites with every spare pixel of screen space plastered with google ads and the like. Those are the sorts of things that track your whereabouts.
I also go to the extreme about my spam mitigation. I own my own domain, and so can have unlimited email addresses and forwarders. I have a personal email address I only give to individuals. Beyond that, for every single service I sign up for online (woodwind.org included), I create a new email forwarder. The ONLY place I ever use that forwarder is to sign up for that particular site. That way, any email I get, anywhere, has, right there in the "To" field, an indication of where they got my address. If I start getting a lot of spam to a particular address, I know where it's been leaked/sold/gleaned from, modify/remove my account with that service, and delete that email address.
It's a bit of a hassle, and I have 140 such forwarders at the moment, but compared to an older email address I still maintain (with which I signed up for lots of services and posted, unobfuscated, on USENET) that gets about 200 pieces of spam a day, it's worth the $8/month for my domain hosting.
As an aside, I have gotten spam from the address I use on this site. Probably about 10 pieces over the course of a few years. Quite acceptably low.
-Alex
www.mostlydifferent.com
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-15 23:07
Alex, I appreciate you taking so much time to reply to me, but I'm not a novice when it comes to this stuff. (I guess there was no way for you to have known that though).
However, there were a few things you mentioned that I am unfamiliar with. I take it that an extension (as in "noscript extension") and the animated characters you're talking about are some kind of PC nonsense?
|
|
Reply To Message
|
|
Author: Mark Charette
Date: 2007-08-15 23:31
Ski wrote:
> Alex, I appreciate you taking so much time to reply to me, but
> I'm not a novice when it comes to this stuff. (I guess there
> was no way for you to have known that though).
Being "not a novice" then you know that there's no way to get your email address from your browser without either a virus (or something like it) or your having entered the email on some site that allows it to be used. Even broken/buggy browsers don't give it up without encountering an exploit. It's never part of the headers.
Your email is NEVER sent automatically to any site - someone has to be malicious to get it or you have to supply it. If you can, have multiple email addresses - then you can track how it was grabbed.
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-16 03:58
Mark, yes, I know there's no way to explicitly obtain an email address merely by browsing a website. But, for example, it's a well-known fact that merely visiting (not subscribing) various "lurid" websites will often result in a stream of "similarly-themed" spam emails that will continue for months! This is similar behavior to what I mentioned my visits to antique lighting sites.
And running on Mac, as I have been for well over a dozen years, leaves me less vulnerable to viruses/trojans/security issues. In fact, AFAIA, one of the biggest internet-related scams was Norton Anti-Virus for Mac itself.
I'm not an IT professional and my web designing days are long behind me; but I am quick to recognize patterns, and the coincidental receipt of unsolicited emails on the heels of having visited websites related to specific products is hard to ignore.
|
|
Reply To Message
|
|
Author: EEBaum
Date: 2007-08-16 04:40
Extensions are not some kind of PC nonsense, but rather some kind of browser nonsense. They work on Mac just as well as on a PC. On Firefox you have to explicitly tell it to install; on IE (especially IE6) you can accidentally set them up. There are beneficial ones that provide services of security or convenience, and there are lousy ones that watch what you do. NoScript is nice because it allows you to selectively permit javascript and other scripts from individual websites.
The cute little downloads are things like BonziBuddy and CometCursor that integrate themselves into your browsing under the guise of making something cool or cute happen. Others come in the form of screensavers, games, or handy system tools. Some of them (especially the less reputable ones) have spyware attached... some grab your address (and your friends') from your email program and send "targeted advertisements," others flat-out log your keystrokes.
It's quite possible you've downloaded some sort of spyware at some time. They're fairly rare for Mac, but they are out there.
Assuming your browser and computer are not compromised, there are other possibilities:
There could be some packet sniffing going on. That is, something between you and another server may be reading traffic (especially if it's unencrypted) and checking for email addresses and key words. If they read a packet with your email address and another packet with the word "chocolate", and both came from the same IP address, they could make a connection and send you Helen Grace ads. Spam is free to send, so there's no loss for them to take shots in the dark like that.
Such a machine may very well be a computer in your area that is infected with a virus and scans network traffic. Computers are *supposed* to just look at traffic intended for them, but a LOT more traffic goes over the lines, especially if the network uses hubs (which send to everyone) rather than switches (which send to single machines). So, your mac traffic may be intercepted by your PC-using roommate. Or it could be some computer halfway between you and your destination.
It could also be that, at one time, you used your email address on some site that has (or has "partners" who have) less than honorable intentions. They can link your email address to your IP address or other identifying information. Then, if you visit another site they're associated with, they can look you up in their database, find the same identifying information, see your email address their friend stored at another time, and BAM, 500 pieces of spam for Greek pottery. That's probably the most likely, given the history of companies such as DoubleClick
Or it could be a coincidence... but since it's happened to you multiple times, I doubt that.
In other news, I agree with you on antivirus software. The one thing I've found it's good for is letting someone know they've been infected... because that's when the antivirus software crashes and/or is disabled.
-Alex
www.mostlydifferent.com
|
|
Reply To Message
|
|
Author: Ski
Date: 2007-08-16 05:04
Alex,
Thank you kindly for the detailed explanation (and carefully embedded links) re packet sniffing, et al. What you described might well explain my having received the 'coincidental' emails I described.
I wasn't aware of how DoubleClick worked. Thanks for that link as well.
Regards,
Ski
|
|
Reply To Message
|
|
Author: joeyscl
Date: 2007-08-16 09:44
"I had fun one time and told them I charged $400/hr."
Lmao.... can't stop laughing hahaha
|
|
Reply To Message
|
|
The Clarinet Pages
|
 |
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
