How Not to Gain Trust: Obviously Fake Camaraderie

Mar. 4th, 2025 12:49 pm
canyonwalker: wiseguy (Default)
I got a cold-call email at work today from a person who tried to make herself seem like a friend or contact so that I'd be more likely to respond. If you work in a corporate job you probably know the kind of thing. There's the classic fake "Following up on our last conversation" intro (there was no previous convo) or "More info you asked for about XYZ" (never heard of XYZ). This one tried to play to the college listed in my LinkedIn profile to come across as having something in common. It was like, "Oh, wow, you went to Cornell, too, I bet you're really looking forward to the Cherry Blossom Festival!"

This bombed as a gambit to establish rapport because I'd never heard of a cherry blossom festival at Cornell. It certainly wasn't a thing during the 4 years I was a student there, and I'm virtually certain it wasn't a thing for at least 10 years prior (it still would've been talked about as campus folklore) or 10 years since (I would've read about it in alumni newsletters they were regularly sending me). It's a fail of an attempt to seem familiar.

Now, if the same person had reached out with, "Cornell! Wow, it's almost time for Dragon Day, and I'll bet you have memories!" I might actually have responded. Even to a complete stranger I might have replied with something like, "I sure do!" and mentioned the time I participated in a Dragon Day parade as an act of civil disobedience after craven university administrators tried to declare it illegal. Or the time my friends stole a dragon— a baby dragon—and drunk, angry dragon-parents swarmed the house I was living in, demanding it back. Good times! But alas, no, this stranger's attempt at camaraderie was to cite a nonexistent cherry blossom festival.


Tags:
  • Add Memory
  • Share This Entry

My Alter-Ego, Hugh Jass

Jul. 12th, 2024 12:17 pm
canyonwalker: wiseguy (Default)
So many places on the web want you to sign up with a name and email address in exchange for access to content or services. As an end user I'm like, "I just want this one free thing you're offering, I don't want you to spam me with daily advertisements for the next umpteen years!" So I have an alter ego identity I use.

Here's how I signed in for free wifi at the airport recently:

I feel sorry for all the spam the real Hugh.Jass@gmail.com is getting 🤣

Yup, Hugh Jass is my alter ego. I've been joining webinars, downloading free pdfs, and connecting to airport wifi as Hugh for years.

"Wait, why's this tagged as humor?" you may ask.

Read the name. Say the name. Hugh Jass. It sure sounds like "Huge Ass", doesn't it?

I'm hardly the first person to make this joke, of course. It's one the names Bart Simpson uses to prank bar owner Moe in The Simpsons, as far back as at least the early 1990s. There was even a 1991 episode in which a guy named Hugh Jass actually answered the phone at Moe's Tavern, foiling Bart's prank.

What about a real-life Hugh Jass? A quick web search finds a number of hits, though many of them are pages discussing pranks. LinkedIn claims there are 240 contacts matching "Hugh Jass"... though there, too, the top hit looked like it was an account created as a joke. But at least a few others at cursory glance seemed like they could be legit.

As far as hugh.jass@gmail.com... whoever owns that I'm address, I'm sorry for the extra spam I create for you. 🤣
Tags:
  • Add Memory
  • Share This Entry

That's Your Payroll, Dumbass.

Nov. 3rd, 2023 01:41 pm
canyonwalker: wiseguy (Default)
My company has a number of internal Slack channels dedicated to security issues, including one where alerts about security threats are shared. Today two of these channels had messages from different staff members who were concerned about a text message apparently all of us in the US received from a hither-to unknown number.

I saw this message, too. It included a link it asked us to click through to manage information about our payroll. Such messages reasonable raise a bit of skepticism as asking people to confirm financial information is a common scam nowadays. Scammers pretend to be a company the victim does business with, whether that be a bank, PayPal, eBay, etc.

The key word is pretend. Not all email/text/etc. coming from your bank, PayPal, eBay, etc. is fake. Some of it is legit. How can you tell? Well, shit, it's actually not hard! For starters, look at the actual URL of the link. Does it go to the website of a company you do business with? If so, it's legit. (Be sure you see the actual link target as opposed to what the link displays as, if the medium allows those two to be different.)  If it goes anywhere else, it's not.

Today's momentarily suspicious text message was from the company that does our payroll. I recognized their name because, well, they've been delivering my paychecks for 10 months. I regularly log on to their web portal to check my paystub details, too. And the link actually went to their domain, as opposed to unheardofsite.foreigncountry/link. But that didn't stop some of my colleagues from working themselves into a lather online.

"I guess this is spacm as I did not sign up for that," wrote one.
"I believe this is a fraud attempt to hack into our personal information," another responded.
"I don't recognize this company name at all," added the first.

That's your payroll, dumbass, I wanted to respond.

Look, I get it: in 2023 there's plenty of reason to be suspicious of links in text and email. There are plenty of fraudsters out there. But you can't dismiss every link as fake and an attempt at theft— especially when it's so trivial to vet legit links from fake ones.

Oh, and maybe pay attention to who's giving you thousands of dollars every two weeks. What are you, a crooked politician?

Tags:
  • Add Memory
  • Share This Entry

Work Spam is Timed

Jun. 13th, 2023 09:03 am
canyonwalker: Uh-oh, physics (Wile E. Coyote)
It struck me a week ago: the spam I get on my work email account— all the ticklers from all the companies I've had to give my email address to to sign up for a webinar, and all the companies that have scanned my badge at trade shows— is timed.

Last Tuesday I checked my work email early in the morning (6:30 ~ 7am) then was OOO for a few hours and didn't check email again until noon. At 7am I had maybe 3 ads in my mail queue, lighter than normal for my first-of-the-morning check. By noon another 20 ads waiting for me. Eyeballing them all together, I noticed they were pretty much all timestamped between 7:50-8:50am. That's when it struck me: junk mail is timed. It's timed to maximize the chance a person reads it. Thus it's clustered in the 8-9am hour in your local timezone, ostensibly so that it's at the top of your backlog when you're logging in for the first time, or arrives after you've cleared your backlog.

BTW it's not at all surprising that junk mail is timed. Corporate social media systems are timed to maximize engagement. Dropping a tweet, say, at 11pm in a target market isn't effective. Most people are offline for the night, and by the time they check their feeds in the morning over breakfast that 11pm tweet will be so far down few people will see it. Time that tweet to drop at 7am or 8am, and a lot more people will see it.

Once I spotted this pattern last Tuesday I made a point of looking for it again— to test how much of a pattern it is. Oddly I didn't get much spam Wednesday through Friday. Yesterday (Monday) morning I had some, but not quite as much as last Tuesday. Then I logged in this morning— and BOOM! Huge load of spam. So these common marketing tools are not just timing it to the 7-8am hour but also picking Tuesday as the day likely to get the most attention.

Tags:
  • Add Memory
  • Share This Entry

New Anti-Spam Technique: Answer the Call!

Sep. 19th, 2022 08:34 pm
canyonwalker: wiseguy (Default)
I've been getting more spam calls lately. Well, potential spam. It's easier than ever to avoid it because the phone companies have added spam detection to their smartphone software. Now I see stuff like this when a potential spammer calls:

'POTENTIAL SPAM' warning on Verizon

The thing is, while it's easier than ever to avoid spam, it's also easier than ever for spammers to... well, spam. Auto-dialer software is really cheap now, phone lists are cheap, bandwidth is cheap... basically a few scammers in a garage can stage a nationwide spam operation placing a billion calls. That's what's behind the notorious extended-car-warranty spam, authorities believe.

I get 2-3 spam calls every weekday now. The government seems powerless to stop them. What to do?

The old conventional wisdom is "Just ignore them, maybe they'll go away." Also, "Don't answer! That just proves your number is real and they'll call you more!"

The thing is, spammers are not going to just go away. It's too cheap for them to keep trying. And they're not dialing random strings of 10 digits; they're buying lists of phone numbers. "Proving" your number is real is not really a thing. (OTOH, actually falling for a scam supposedly does get you onto a hot list of known suckers the scammers sell to each other.)

So I came up with a new conventional wisdom: Answer the call. Answer it, let them start the pitch, then hang up. Maybe then their system will mark your number as already contacted and stop trying.

I did that today with two spam calls. Both were actually a live person trying to sell me something! Well, one was a charity asking for money; the other was trying to pitch me business software. I know they've been trying repeatedly because I recognize their location. I told both of them politely I would not donate/buy and asked them not to call again. Maybe now I'll get fewer spam calls per week, at least for a little while.

Update: It worked! Once I finally answered these organizations' calls they stopped trying. I went from several spam calls a week to one or none.



Tags:
  • Add Memory
  • Share This Entry

I Know It's a Spam Call When...

Dec. 10th, 2020 08:50 pm
canyonwalker: wiseguy (Default)
This week I read an amusing thread elsenet. The prompt was, "I know it's a spam call when...." My favorite entry was:

I know it's a spam call when...

My phone rings

That got me thinking, yeah, almost every single call I get anymore is a spam call!

Of course, it's not quite as simple as all phone calls = spam. Not for me, anyway. I still get a few calls from actual people I want to talk to.
  • My mother calls a few times a year. I don't think she will ever send a text or email. She's barely learned to use an ATM, and I proclaimed ATMs dead several years ago.
  • Hawk and I phone each other while we're at work a handful of times a week. Most of the time we text; we call when we need to discuss something that's not efficiently done in text and can't wait until we're home together.
  • A handful of times a year my oldest sister calls, or I call her. Again, usually we text. We talk on the phone about once a month to catch up more fully.
...And that's about it!

Note what's not on this list. Work-related calls. That's a little surprising because my cell phone is my work phone. It's the only phone number on my business card (not that I've handed out one of those in nearly a year now!) and the only number in my email signature. But that said, I haven't had a customer call me in... gosh, at least 5 years. Colleagues only call my phone when I ask them to, in lieu of calling me via Slack or using Google Meet or Zoom.

So, because I do receive occasional real calls I do what I think most of us do: I look at the Caller ID. If it's a number my phone recognizes as belonging to someone in my contacts list, I see their name and I answer. Anything else, I silence it and go back to whatever I was doing before.

How do you know when a call is spam?

Tags:
  • Add Memory
  • Share This Entry

Profile

canyonwalker: wiseguy (Default)
canyonwalker

May 2025

S M T W T F S
     1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25262728293031

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated May. 25th, 2025 11:44 pm
Powered by Dreamwidth Studios