Bank of America’s “Security Center” is a JOKE!

Recently, someone I know received a voicemail claiming to be from Bank of America stating that there was some suspicious activity on their ATM card. The voicemail suggested that the recipient call back at 844-585-0486 to speak with someone about the concern.

Knowing how rampant fraud is these days, we wanted to find out if that number was a genuine Bank of America number? And what better source to confirm that than Bank of America’s own web site, right? WRONG! We searched the web site, checked any page that said anything about fraud, plus all the “Contact Us” pages, but nowhere could be found this phone number that was given in the voicemail.

We did run across this page offering tips about avoiding scams and other fraud: https://www.bankofamerica.com/security-center/avoid-bank-scams/

https://www.bankofamerica.com/security-center/avoid-bank-scams/

I draw your attention to where they suggest “Don’t trust caller ID or answer the phone calls from unknown numbers”. You’re going to laugh (it would be funny it it wasn’t true). Check this out:

It would be funny if it wasn’t true!

Yes, you read that right! Bank of America’s automated system leaves a voicemail when their called ID says “Unknown / unknown”, yet their own web site says we should never answer the phone under those conditions.

So, we get a call from an unknown number, and we’re told to call back a number that we can’t confirm is genuine. That sure seems phishy!!

Next, we call Bank of America’s main Customer Service number figuring someone there should be able to confirm the phone number for the Fraud Department callback. After waiting on hold for 15 minutes, getting hung up on, and waiting on hold for another 14 minutes, we finally reached Christian T. I asked him if he could confirm if the number we received was a valid Bank of America phone number. He put me on hold for another 5 minutes before he came back on the line and confirmed that the number 844-585-0486 is indeed a Bank of America phone number.

PHEW! What a relief!! At least we know that’s a good number.

I asked Christian if I could make a suggestion that Bank of America put that phone number onto their web site so other customers in a similar situation will be able to more readily confirm if the phone number they received is valid or not.

Well, apparently that was the wrong thing to suggest! Christian immediately went on a rant about how making that number public would make it easier for scammers and phishers to spoof that number and lull customers into a false sense of security when they receive calls that may look like they are coming from Bank of America. I told Christian that those scam calls are already happening with or without Bank of America’s publishing of this specific number. Scammers can already spoof the caller ID to say whatever they want, including “Bank of America / 800-432-1000” (a phone number a customer would more likely identify as a BoA number), so by hiding the number, they are only making it harder for customers to know if a callback number is safe or not!?!

When I tried to discuss this with him, he started a rant for like 40 continuous seconds (as if it was scripted) and refused to let me speak. I asked 5 or 6 times during this rant “Can I say something?”, but he just kept on speaking over me.

When I finally was allowed to continue the conversation, I told him I disagreed with his position, but that I had another question: “Why does your fraud department call customers with Unknown caller ID when your own security page says people should never answer the call when the caller ID is Unknown?”. He said he doesn’t know why that would happen and offered no solution or explanation.

Bank of America is just another huge corporation that is all about selling you stuff so they can make more of your money into their money, with little actual regard for taking care of customers they way they should! (I’m still waiting for a Supervisor to call me back after I asked to speak to one and Christian insisted one wasn’t available but would call me back within 24 hours!)

OVH support page as useful as can be expected

You gotta love it! I can’t make this stuff up!! OVH (a.k.a. OVHCloud) claims to be “the European leader of the cloud”, among other things. Yet when I send a complaint to the email address they provide in their WHOIS records (abuse@ovh.ca), I get a form reply stating the following:

Thank you for taking the time to contact the OVHcloud Abuse Team. This is an automatic reply from our system. The information provided does not allow us to identify the customer or service corresponding to your report. Thus, we advise you to fulfill the following abuse form to be able to take the required measures on :

www.ovh.com/abuse

OK. That’s kind of expected. Most large ISPs don’t want to deal with emails any more – They expect you to find their special form and use it to report the problem.

But let me first point out that their “automatic reply” claims “The information provided does not allow [them] to identify the customer or service corresponding to [my] report”. Really?!?!? I sent the exact email text just as it is stored natively on most mail systems, which includes the standard mail headers easily digestible by any human or automated system with half a brain, but I digress.

So I comply by using their web form to submit the SAME EXACT email header and body. I get an auto-response from the web form asking me to ” confirm your abuse using this address”, then I click on the link to do so.

In the same email, they state the following:

You will receive an answer from our customer or our abuse service as quickly as possible. If you have any questions, please contact our assistance https://www.ovh.com/support/

For the record, I have not received a proper follow-up email from their abuse service ever explaining if or how the spammer on their network was dealt with.

How ironic is it that the very link they provide to ask for support leads the user to a BLANK PAGE?!?

OVH’s “support” page (HA!)

Go ahead and try it for yourself if you don’t believe me!

Oh, and did I mention that OVH has been ignoring my complaints of spammer’s on their networks for months now?! Earlier versions of their “abuse” page didn’t work as well (i.e. would not accept perfectly valid “IP address of infringing content”), but again I digress.

Pornography does not go against any of Facebook’s “Community Standards”

I recently ran across an image in a comment on Facebook that is clearly pornographic. The image may not be that of a real person’s genitals, but it is an image of a man’s torso with a huge erect penis. (maybe it’s from an ad for a sex toy? I don’t know…)

Either way, it clearly does not belong in the public view on Facebook for just anyone to see.

I clicked on “Give feedback or report this comment” to let Facebook know that the comment contained pornography so they could take it down, and here was their response:

They claim they reviewed the comment and “found that it doesn’t go against any of [their] Community Standards”?!?! Really??? My god, how loose are their standards anyway?!?

WHOIS PRIVACY completely defeats the purpose of WHOIS!!

Do you own a domain name or two (or more)? Do you know about the WHOIS database that maintains owner and contact information for domains?? Do you know why the WHOIS database exists (at least in its original purpose)??? If so, WHY WOULD ANYONE WANT WHOIS PRIVACY!?!?!

This “service” completely defeats the purpose of WHOIS

Every time I renew my domains, my registrar tries to sell me WHOIS PRIVACY. They claim it protects me from spam – it does not. Using custom email addresses in my WHOIS records, I know if spam is being sent to the contact email address in my WHOIS record. I get so little spam at those email addresses, it completely nullifies any argument a registrar will try to give you that privacy will prevent spam!!

For years now, ICANN has allowed domain registrars to provide a service to hide WHOIS details under the guise of protecting the privacy of the domain owner. These registrars make shitloads of money selling this service which is in direct contradiction to the Domain Registrars’ agreements with ICANN, yet money talks! But no one forces you to sign up for this bogus domain privacy “service” – SO DON’T!

Think about it… if your server gets hacked, how is someone going to find your contact information to let you know about the hack? (especially when the hackers have removed all of your web site’s content!?) A proper WHOIS record with correct and up to date contact information is the only way to make sure someone can contact you swiftly and let you know if your server has been hacked or your web site altered. Maybe your server was hijacked and being use to send out spam. Your ISP may not be so understanding when you tell them “I didn’t know my server was hacked”. Give people the proper tools to contact you for any legitimate reason relating to your domain.

P.S. If you don’t want to use your regular email address in the WHOIS record, just set up an alternate email address and forward it to your regular email address. Also, I don’t recommend you use a Gmail account (or other “free” service email address) because they will filter emails that they deem something looks like spam or phishing. If someone is using your domain name in their phishing URL and it gets reported to Google before you, your “free” account will have it blocked before you ever get a chance to see it. Bad abuse contacts and abuse mailboxes with spam and other content filtering defeats the purpose of having an abuse contact.

Tags: ,

Does this make any sense Amazon?!?

I tried to buy some winter wiper blades on Amazon.com this morning, but they wouldn’t let me.  No, really, I tried and I tried, but they just won’t sell me the second wiper blade!!

I guess there are some products that are classified as “Add-on items”?  Apparently, even though one wiper blade from the product page can be bought as usual with Amazon Prime, etc., another wiper blade on the same product page is classified as an “Add-on item” and can only be purchased once I spend $25 or more on an order.

 

They don’t even give me the opportunity to simply pay the shipping costs and bypass this stupid “Add-on item” policy.  Not very helpful Amazon!!

WEB.COM deletes incoming emails without reading them

We already know that Domains@WEB.COM has a spam filter on a mailbox that is intended to be used to report spam, phishing, malware, and other abuses that may be occurring on their networks and servers.  Kind of makes the Domains@WEB.COM email address worthless!?

It turns out that even when we think the mail just might get through, it doesn’t.  I just received this bounce message indicating “Your message … was deleted without being read.”:

Nice job WEB.COM!!!

Why are many (not all) Human Resources departments so RUDE?!?!?

What is up with Human Resources departments in companies these days?!?!?  Why do they feel they have no obligation to respond to job applicants (let alone even acknowledge them)???

I must have applied for at least 2 dozen positions over the last several months.  If I received acknowledgements / responses from 5 of them, that would be a lot!  Big companies… little companies… all companies…  Don’t they realize people are waiting on them??  Don’t they realize how RUDE they are by not interacting with their applicants and just leaving us hanging??

Furthermore, they refuse to make their contact information available – not on their web site – not in their “auto-acknowledge” (the few that had them) – NOWHERE!

Even ADP – a HUGE accounting company with recruiting as part of their web site – won’t offer up a phone number, even though their web page footer indicates a number should be present:

The footer says “If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.”, BUT THERE IS NO NUMBER BELOW!!!!

I don’t get it!?!  How is this game supposed to work???

Anonymous quotes should be taken at face value.

A recent New York Times Op-Ed article critical of President Trump and his policies was published without the name of the author, allegedly someone who claimed to be an inside senior administrative official.  Here’s what I have to say about “anonymous” sources:

If you don’t have the balls to put your name on your statements, there is no reason anyone should take your statements seriously!!

For the record, my name is Patrick Klos.

WEB.COM has a spam filter on their abuse mailbox?!?!

If there is one thing I CAN’T STAND, it’s an Internet Service Provider that puts a spam filter on their “abuse@…” mailbox!

Chicken shit WEB.COM hides their abuse department behind a spam filter

And here is WEB.COM (a.k.a. Network Solutions, Register.com, Name Secure, Snap Names, etc) – one of the world’s largest domain registrars and Internet Service Providers – blocking emails to their ‘abuse@web.com’ mailbox because a report of a phishing site or domain “matches a profile the Internet community may consider spam”?!?!?

How is someone supposed to report a problem to the Internet Service Provider of a phishing site if the simple mention of the phishing site scares the shit out of the abuse department?!?!

Shame on you WEB.COM!! (and all other tech companies that are afraid of their own shadows to run a PROFESSIONAL abuse department)

Hey McDonald’s – you call that bacon?!?

$1.69 worth of bacon at McDonald’s:

BaconAtMcDonaldsMcDonaldsBaconReceipt

$1.52 worth of bacon at Whole Foods:

BaconAtWholeFoodsWholeFoodsBaconReceipt

You get about 8 fairly thick slices from Whole Foods for the same price as 2 anemically thin slices from McDonald’s.

McDonald’s used to charge $.69 for their “side of bacon”.  Then it went up to $.99.  Then it went up to $1.29.  Then it went up to $1.69!! McDonald’s: What are you thinking?!?

Need I say more?!?