Apple Makes a Smart Move

Posted by on September 9th, 2010

This morning Apple announced that they’re lifting some of the restrictions that they had placed earlier this year on developers and the tools they use to create applications.

They also announced that they’re going to publish official app review guidelines so that developers will have a much better idea of whether they’re app will pass the review process or not.

Both are smart moves.  They’ll benefit the development community and, by extension, the platform in general.  I’d like to think that they listened to their developers and that the FTC investigation had nothing to do with it, but the announcement is mum on that particular subject.

Apple relaxes restrictions on iOS app code, iAd analytics.

Anatomy of an Identify Theft Email Scam

Posted by on September 3rd, 2010

Got this email in my inbox this morning, and at first blush it looks pretty convincing.

So the important question is, how do you know if it’s real or not?  There’s no single point of failure here, an element that says it’s a scam for sure, but let’s look at a non-exhaustive list of what’s wrong with this email.

Which Inbox

First look at your own inbox.  Is this the email address that your bank has on file?  Is this where they usually send their email?

In this case, the answer is no.  I don’t use my hotmail account for any mail that I actually want to receive, so this email is showing up in the wrong place.

Why did they use my hotmail account this time?

Who Is It?

Do you even have an account with this company?  If so, check who the email is actually from.  Not the friendly name, but the actual email address.  Is this the address that your bank sends email from?

I do have a Chase account, and the email address even looks good, but email addresses can easily be spoofed when sending so it looks like it’s coming from a different place than it actually is.

The Language of Fear

If you read through the email, your first reaction is probably one of fear.  Oh No!  Somebody has been trying to hack my account.  Communications from your own bank will never have this underlying tone of fear.

And if they’re that worried about it, they’ll send you mail, even if you’re on paperless statements.  They might even call you, that’s what my credit card company does.

Why is the bank trying to scare me like this?

Second Language

If this was really your bank, they’ve got templatized email to send to someone when something goes wrong, and you can bet that it’s been scrubbed over by linguists to make sure that every word is in place and used properly.

If the sentences sound like they were written by someone who doesn’t speak English very well, it was probably written by someone who doesn’t speak English very well.  Your bank speaks English.  I promise.

Something is definitely fishy here.

Logical Flaws

My account as Chase has apparently been disabled, so what am I supposed to do to unlock it?  Go to www.chase.com and log in immediately.  Wait a minute, if my account has been disabled, how am I supposed to access it?

Links

Most browsers have a feature, that when you hover over a link, it will show you the destination in the lower right corner of your browser.  The kicker for this particular scam is revealed.  I’m supposed to go to www.chase.com, but that link actually takes me to rotarylamarsa.org.  Huh?

Secure Communication

Now let’s say that I actually click on that link.  It takes me to rotarylamarsa.org where they have essentially ripped off Chase’s website and it’s a pretty good ripoff.  The form on the link asks me to enter some personal information.  Before you ever, ever do this, look at the URL.  The very front part says http:// or it says https://.  The ‘s’ means it’s secure.  Encrypted from your browser all the way to the server.

There are methods to beat the encryption, but it’s difficult and most scammers don’t have the resources to do something like that.  If the ‘s’ is not there, never put in any personal information and never ever put in a credit card number.

What Do They Want?

Now here on the rotarylamarsa.org site that looks a lot like www.chase.com there’s a form to fill out.  What does it want?  Well it wants my username, password, name, address, city, state, zip, email address, email password, account number, credit card number, CVV2 number (the credit card security number), ATM pin, social security number, mother’s maiden name, and date of birth.

Wait, what?!

Some of these things you could make a case for.  Likely your financial agency already knows most of these things about you, but they’re not going to ask you for them on a non-secure site and all in one place.  And why do they want your email password?  Don’t they already know your account number and your credit card number?  What does my home address have to so with this?

What Should You Do?

So what should you do about this?  Use common sense.  And if you don’t want to, then the other answer is don’t click on links in your email, even if it looks like it’s coming from someone you know.

Even if I had been fooled by this email, if I had gone to chase.com instead of clicking the link in the email, I would have been just fine.  I would have logged into my account just fine.  I’d have been completely fooled by the scam, but my identity would still be mine.

The Case Against Net Neutrality

Posted by on August 11th, 2010

The Lesson Applied » The Case Against Net Neutrality.

I’m going to go ahead and say it.  I’m against Net Neutrality.

I love the concept.  I’d love all content to have equal access to internet pipes, but I don’t want that to be enforced by laws and a governmental morass of regulation and legislation.

If you can achieve the same thing through a gentlemen’s agreement, then it’ll be a thing of beauty, but I think this is one thing the government shouldn’t have their hands in (there are others, but let’s stay on topic).

Just because I don’t like something doesn’t mean I should go crying to the government in to solve the problem.  When I was a kid we had a word for people that always appealed to a higher authority when facing a problem.  We called them tattle-tales.

Caution: Plants vs. Zombies = Jailbreak

Posted by on August 11th, 2010

Story Here.

So apparently a bunch of people escaped from prison while the guard was busy playing Plants Vs. Zombies on his iPhone.

I’m looking at you, Alison!

The Not So Quiet Sun

Posted by on August 7th, 2010

APOD: 2010 August 6 – The Not So Quiet Sun.

Well, now I know what was causing all those crazy lightening storms.  The sun is done being at solar minimum.