Archive for category Uncategorized

It’s sad that the FCC doesn’t know anything about “telephone fraud”!

I thinks it’s very sad that the Federal Communications Commission fails to return ANY search results for the term “telephone fraud”?!?

Their web site says “The Federal Communications Commission regulates interstate and international communications by radio, television, wire, satellite, and cable in all 50 states, the District of Columbia and U.S. territories. An independent U.S. government agency overseen by Congress, the Commission is the federal agency responsible for implementing and enforcing America‚Äôs communications law and regulations”. So much for “implementing and enforcing”?!?

Pet peeve: Spam filters on ‘abuse@’ mailboxes!!

Ooooohhh… I hates them rascally rascals!!! How STUPID is it for ISPs to have a spam filter on their abuse mailbox?!?!?

This is just plain STUPID!!!

How do they expect people to be able to report spam and other abuses if their spam filter is going to block the complaint emails?!?! Geez!

I wish hosting companies would take their responsibilities seriously!?!

I wish hosting companies would take their responsibilities seriously!?! Case in point: Bluehost.com

I did a WHOIS lookup for a domain and got back something like this:

[whois.verisign-grs.com]
[whois.fastdomain.com]
Domain Name: REDACTEDFORPRIVACY.COM
Registry Domain ID: 5146808
Registrar WHOIS Server: whois.bluehost.com
Registrar URL: http://www.bluehost.com/
Updated Date: 2021-10-11T23:01:28Z
Creation Date: 2021-10-11T16:18:33Z
Registrar Registration Expiration Date: 2022-10-11T16:18:33Z
Registrar: FastDomain Inc.
Registrar IANA ID: 1154
Registrar Abuse Contact Email: support@bluehost.com
Registrar Abuse Contact Phone: +1.8017659400
Reseller: BlueHost.Com
Domain Status: clientTransferProhibited https://icann.org/epp

WHOIS results of a Bluehost customer’s domain

Note the email address for the Registrar Abuse Contact is “support@bluehost.com”. Yet when I try to email the Registrar Abuse Contact, I get the following back:

(I can’t make this shit up!)

‘nuf said!

Bank of America’s “Security Center” is a JOKE!

Recently, someone I know received a voicemail claiming to be from Bank of America stating that there was some suspicious activity on their ATM card. The voicemail suggested that the recipient call back at 844-585-0486 to speak with someone about the concern.

Knowing how rampant fraud is these days, we wanted to find out if that number was a genuine Bank of America number? And what better source to confirm that than Bank of America’s own web site, right? WRONG! We searched the web site, checked any page that said anything about fraud, plus all the “Contact Us” pages, but nowhere could be found this phone number that was given in the voicemail.

We did run across this page offering tips about avoiding scams and other fraud: https://www.bankofamerica.com/security-center/avoid-bank-scams/

https://www.bankofamerica.com/security-center/avoid-bank-scams/

I draw your attention to where they suggest “Don’t trust caller ID or answer the phone calls from unknown numbers”. You’re going to laugh (it would be funny it it wasn’t true). Check this out:

It would be funny if it wasn’t true!

Yes, you read that right! Bank of America’s automated system leaves a voicemail when their called ID says “Unknown / unknown”, yet their own web site says we should never answer the phone under those conditions.

So, we get a call from an unknown number, and we’re told to call back a number that we can’t confirm is genuine. That sure seems phishy!!

Next, we call Bank of America’s main Customer Service number figuring someone there should be able to confirm the phone number for the Fraud Department callback. After waiting on hold for 15 minutes, getting hung up on, and waiting on hold for another 14 minutes, we finally reached Christian T. I asked him if he could confirm if the number we received was a valid Bank of America phone number. He put me on hold for another 5 minutes before he came back on the line and confirmed that the number 844-585-0486 is indeed a Bank of America phone number.

PHEW! What a relief!! At least we know that’s a good number.

I asked Christian if I could make a suggestion that Bank of America put that phone number onto their web site so other customers in a similar situation will be able to more readily confirm if the phone number they received is valid or not.

Well, apparently that was the wrong thing to suggest! Christian immediately went on a rant about how making that number public would make it easier for scammers and phishers to spoof that number and lull customers into a false sense of security when they receive calls that may look like they are coming from Bank of America. I told Christian that those scam calls are already happening with or without Bank of America’s publishing of this specific number. Scammers can already spoof the caller ID to say whatever they want, including “Bank of America / 800-432-1000” (a phone number a customer would more likely identify as a BoA number), so by hiding the number, they are only making it harder for customers to know if a callback number is safe or not!?!

When I tried to discuss this with him, he started a rant for like 40 continuous seconds (as if it was scripted) and refused to let me speak. I asked 5 or 6 times during this rant “Can I say something?”, but he just kept on speaking over me.

When I finally was allowed to continue the conversation, I told him I disagreed with his position, but that I had another question: “Why does your fraud department call customers with Unknown caller ID when your own security page says people should never answer the call when the caller ID is Unknown?”. He said he doesn’t know why that would happen and offered no solution or explanation.

Bank of America is just another huge corporation that is all about selling you stuff so they can make more of your money into their money, with little actual regard for taking care of customers they way they should! (I’m still waiting for a Supervisor to call me back after I asked to speak to one and Christian insisted one wasn’t available but would call me back within 24 hours!)

OVH support page as useful as can be expected

You gotta love it! I can’t make this stuff up!! OVH (a.k.a. OVHCloud) claims to be “the European leader of the cloud”, among other things. Yet when I send a complaint to the email address they provide in their WHOIS records (abuse@ovh.ca), I get a form reply stating the following:

Thank you for taking the time to contact the OVHcloud Abuse Team. This is an automatic reply from our system. The information provided does not allow us to identify the customer or service corresponding to your report. Thus, we advise you to fulfill the following abuse form to be able to take the required measures on :

www.ovh.com/abuse

OK. That’s kind of expected. Most large ISPs don’t want to deal with emails any more – They expect you to find their special form and use it to report the problem.

But let me first point out that their “automatic reply” claims “The information provided does not allow [them] to identify the customer or service corresponding to [my] report”. Really?!?!? I sent the exact email text just as it is stored natively on most mail systems, which includes the standard mail headers easily digestible by any human or automated system with half a brain, but I digress.

So I comply by using their web form to submit the SAME EXACT email header and body. I get an auto-response from the web form asking me to ” confirm your abuse using this address”, then I click on the link to do so.

In the same email, they state the following:

You will receive an answer from our customer or our abuse service as quickly as possible. If you have any questions, please contact our assistance https://www.ovh.com/support/

For the record, I have not received a proper follow-up email from their abuse service ever explaining if or how the spammer on their network was dealt with.

How ironic is it that the very link they provide to ask for support leads the user to a BLANK PAGE?!?

OVH’s “support” page (HA!)

Go ahead and try it for yourself if you don’t believe me!

Oh, and did I mention that OVH has been ignoring my complaints of spammer’s on their networks for months now?! Earlier versions of their “abuse” page didn’t work as well (i.e. would not accept perfectly valid “IP address of infringing content”), but again I digress.

Pornography does not go against any of Facebook’s “Community Standards”

I recently ran across an image in a comment on Facebook that is clearly pornographic. The image may not be that of a real person’s genitals, but it is an image of a man’s torso with a huge erect penis. (maybe it’s from an ad for a sex toy? I don’t know…)

Either way, it clearly does not belong in the public view on Facebook for just anyone to see.

I clicked on “Give feedback or report this comment” to let Facebook know that the comment contained pornography so they could take it down, and here was their response:

They claim they reviewed the comment and “found that it doesn’t go against any of [their] Community Standards”?!?! Really??? My god, how loose are their standards anyway?!?

WHOIS PRIVACY completely defeats the purpose of WHOIS!!

Do you own a domain name or two (or more)? Do you know about the WHOIS database that maintains owner and contact information for domains?? Do you know why the WHOIS database exists (at least in its original purpose)??? If so, WHY WOULD ANYONE WANT WHOIS PRIVACY!?!?!

This “service” completely defeats the purpose of WHOIS

Every time I renew my domains, my registrar tries to sell me WHOIS PRIVACY. They claim it protects me from spam – it does not. Using custom email addresses in my WHOIS records, I know if spam is being sent to the contact email address in my WHOIS record. I get so little spam at those email addresses, it completely nullifies any argument a registrar will try to give you that privacy will prevent spam!!

For years now, ICANN has allowed domain registrars to provide a service to hide WHOIS details under the guise of protecting the privacy of the domain owner. These registrars make shitloads of money selling this service which is in direct contradiction to the Domain Registrars’ agreements with ICANN, yet money talks! But no one forces you to sign up for this bogus domain privacy “service” – SO DON’T!

Think about it… if your server gets hacked, how is someone going to find your contact information to let you know about the hack? (especially when the hackers have removed all of your web site’s content!?) A proper WHOIS record with correct and up to date contact information is the only way to make sure someone can contact you swiftly and let you know if your server has been hacked or your web site altered. Maybe your server was hijacked and being use to send out spam. Your ISP may not be so understanding when you tell them “I didn’t know my server was hacked”. Give people the proper tools to contact you for any legitimate reason relating to your domain.

P.S. If you don’t want to use your regular email address in the WHOIS record, just set up an alternate email address and forward it to your regular email address. Also, I don’t recommend you use a Gmail account (or other “free” service email address) because they will filter emails that they deem something looks like spam or phishing. If someone is using your domain name in their phishing URL and it gets reported to Google before you, your “free” account will have it blocked before you ever get a chance to see it. Bad abuse contacts and abuse mailboxes with spam and other content filtering defeats the purpose of having an abuse contact.

Tags: ,