PCLinuxOS Magazine

PCLinuxOS

Mind Your Step, Part 3

by phorneker

Another holiday season is right around the corner. We all know what that means ... another season of shopping for holiday gifts ... and another season for cybercriminals to cash in due to the number of brick and mortar retailers disappearing this year.

On September 30th, Forever 21 filed bankruptcy and subsequently, all of its stores closed down. GameStop is predicted to be the next retailer to go.

GameStop started out as Electronics Boutique back in the 1990s, which was itself spun off from Waldenbooks, of which it, competitor Borders and Builder's Square were purchased by K-Mart Corporation (pre-Sears)...and we all know what happened there. GameStop was spared its demise since it was spun off from Waldenbooks.

I remember Electronics Boutique well, because not only did it sell video games and gaming consoles, but it also sold PC software. It is there where I purchased copies of Lotus Improv, Turbo Pascal for Windows and Turbo C++ for Windows. (I was running OS/2 at that time.)

GameStop is still a functioning retailer, but for how long? Last time I was in a GameStop, they sold the major consoles and all the popular games. For a while, they were selling second hand iPhones and Android powered smartphones. Other than that, there is a 50/50 mix of new and used gaming hardware and software, including some PC-based titles that could run on Wine.

At times, I would find a MS-DOS based title now and then, but even that is becoming a rarity. (A better source for MS-DOS titles would be a thrift store such as Goodwill.)

What could ultimately kill GameStop would be the next generation of gaming consoles, which would require a high speed internet connection to function as all games would be online games (i.e. no CD/DVD/Blu-Ray discs needed). The currently available Sony PlayStation 4 largely depends on the Internet to function.

HTML trick that phishes for Stripe users

Bleeping Computer reported on a phishing e-mail containing a link to lure Stripe users to a fake website.

Source: https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/

The way this link works is in how the HTML tag was written.

<a class="mcnButton"
title="Review your details"
href="http://example.com/phishing page">Review your details

I split this HTML tag to show you what is happening here. The title parameter tells the browser to display this text instead of the URL indicated in href.

In this example, the URL is a sample created by the staff at Bleeping Computer.

To find out the exact URL within the link, right click on the link and select "Copy Link Address", then open a text editor (anything will do here), and paste (usually with Control-V) the URL into the editor.

(You could paste the link to the address bar in the browser, but using a text editor is much safer.)

Where it all started for me 26 years ago!

This is a top view of the building where my information technology career began. This building and the one just to the north were constructed in 1975 at the southwest corner of Vale Park Road and Valley Drive in Valparaiso, Indiana. This building is called 600 Vale Park Plaza South and was used as a place for credit reporting and for debt collections until December 1998. (I started work here in 1993.) In 1998, Equifax made a decision to allow consumers to obtain credit reports online rather than obtain reports through the local credit bureaus. This would prove to be a big mistake as we have seen in the infamous 2017 data breach.

As a result, the building became vacant until 2001, when the building was renovated after being sold to Purdue North Central for its Porter County campus. The building was then used as an educational facility until the merger of Purdue North Central and Purdue Calumet campuses to form what is now Purdue Northwest (https://www.pnw.edu), hence eliminating the need for the building.

This past October, Bradley Company of Merrillville, Indiana purchased the two buildings to be renovated (again) for use as a medical facility (reported to be the future Valparaiso office of Michiana Hematology).

Source: https://ci.valparaiso.in.us/AgendaCenter/ViewFile/Agenda/_01292019-291

The other building, 600 Vale Park Road North was home to a mental health outpatient clinic in the 1980s, and more recently, an office for General Insurance Services (agent of Traveler's Insurance which has since moved to a downtown location), and a truck driving school for C R England (https://www.crengland.com).

To this day, SuperPages.com still has Credit Bureau Services, Inc. listed at 600 Vale Park Road, twenty years after the business closed down!

Source:
https://www.superpages.com/bp/valparaiso-in/credit-bureau-services-inc-L2709777483.htm

Search Engines do not always get it right.

These days, I use DuckDuckGo as my go-to site for web searching.

When searching for phone numbers this way, the results you get are quite unpredictable. Even with Google, if a phone number is known to be legitimate, the results will show you who that number belongs to if that number is a published number and easily available.

The website 800notes.com is the first website to track unsolicited phone numbers. Typically, the results would include websites such as okcaller.com, callername.com, and mylife.com, the latter of which is a repository that reports reputation scores ranging from 0.0 to 5.0 with anything above 4.0 being a good score.

The paid version of MyLife allows you to control what others see on your reputation report, which actually matters more than the contents of your credit report. Reputation scores lower if you have public records on file regarding legal issues such as bankruptcies, lawsuits, judgments, and the like normally housed in county, state and federal facilities.

MyLife also allows you to have sensitive information removed from websites that have that information for sale. (I have successfully had such information removed from 16 repositories this way!)

Websites such as ZoomInfo get their information primarily from LinkedIn. Unfortunately, the website more often than not gets it wrong when it comes to the resulting profiles.

And then, there are fake databases such as Hodges Directory and USPhoneBook whose sole purpose is to mislead skip tracers by providing bogus information in the search results.

For those of you who do not know, skip tracing is a technique used by private investigators, debt collectors, or anyone looking for the whereabouts of missing people to gather as much information on the subject as possible.

This includes subscribing to paid services such as BeenVerified, Intelius, MyLife, and searching social media outlets such as Facebook and Twitter (whenever the Donald is not using it), as well as the standard DuckDuckGo, Google, and Bing searches.

The term skip here is derived from "skipping town", or someone who disappears and needs to be found, especially when collecting debts owed to creditors.

Skip tracing is used by collection agencies whenever a debtor has given misleading, omitted, or false information to the creditor or the collection agency. Successful collections depend upon accurate information contained in files within the agency's database(s).

Usually this process is done during the initial period and according to procedures allowed by the Fair Debt Collection Practices Act.

You will be surprised....

...at what you will find when you search for yourself online. There are reasons why you would want to do this.

Employers do this to get information on potential hires.

Searching for yourself gives you an idea of what your reputation is online.

The results could reveal things you may have forgotten about.

The results could reveal inaccuracies, which unfortunately are not easy to correct, unlike a credit report.

When searching for yourself, here are some tips I have used:

If your last name is uncommon, you could simply use your last name as the sole keyword.

Try variations on spelling your name.

Enclose your name in quotes so the search engine will look only for matches that contain the exact spelling and wording of the inquiry.

Within the search pages, click on Images to view what photographs the search engine found. The results will surprise you.

On the subject of uncommon last names, the "c" in "hornecker" was dropped in the early 1900s by one branch of that family at the time of immigration to the US. As a result, there are only 78 people (including myself) with that last name (spelled without the "c") in the world the last time I performed that search.

When an image search was performed on my last name, there is a world of difference between DuckDuckGo and Google when it comes to the images revealed in the search.

Usually only the first three pages of the results matter when it comes to the search results. Why?

Because most people who perform these searches do not have the time or patience to wade through hundreds of irrelevant results just to get the results that matter.

Another reason I use DuckDuckGo is that there are no ads contained in the first page of the search results. Advertisers pay Google to include their websites at the top of the list. Thankfully, these results are marked as advertisements, but you have to scroll down the page to get to the first actual result.

Before you shop online...

It is a good idea to change the passwords on all your accounts where you shop online before you do any online shopping this season. (Especially if you have an Amazon or a Wal-Mart.com account). This past month yielded a massive data breach that compromised more than 1000 online retailers in one fell swoop.

Also, keep track of where you shop online so you know what packages you expect to receive and from whom.

Last year, the USPS left a notice of an undeliverable package with a tracking number, but no return address. This was a package I did not expect to receive, and was sent directly from the Valparaiso, IN post office.

I simply ignored the notice and allowed the package to be sent back, and that was probably a good thing.

Mail without a return address is handled as a "dead letter". The USPS attempts to find the sender of the "dead letter" (or package), which means that a postal inspector can legally open the package or letter to find out who the sender was and what was intended to be sent.

Also, if there is no return address, this alone should be a red flag and the package should be handled as a suspicious package, which should be refused. This also means that your mailing address has been compromised in some way. Thankfully, the fact that this package got returned means the mailing address could not be verified (and that is a good thing).

The bottom line here is this:

Keep track of everything you purchase online and make sure that you receive the expected package(s) and only the expected package(s).

Reputable vendors will have a method of checking on your purchases, either through legitimate tracking numbers, or through a customer service number to call or website to visit.

Remember, though you are purchasing through secure websites, do not assume that you are not being tracked by someone else. Evidence of this will appear in phishing e-mails. Be sure that when you visit the retailer, manually type in the URL of the retailer and do not rely on (or even trust) links in messages received.

Of course, if you have Amazon or other retailers bookmarked in your web browser, you can use those as well, as they have the correct URL spelling.

It is also a good idea to shop through a configured VPN as well.

Previous Page Top Next Page