Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Draco18s]

It still bugs me that you have to jump through hoops to report a phishing site to Steam.  The "contact support" link is buried and hidden and none of the categories include "report phishing."

[Virtz]

All I ever get is Blizzard requests to login and reset my password. Buggers even fake the apparent sender e-mail address to a legitimate Blizzard one (there's some inanity in the mailing protocol that allows this). Though at least they can't fake the URL they ask you to open.

They can't get it signed by Blizzard's mailservers, though.
Gmail is nice enough to show that it's signed by "yahoo.com" or "hotmail.com" (obvious indicators of forgery).
When you get an email, make sure you check the full information on the sender.

Well, yeah, you can check it if you know what you're looking for. Most users don't really look out for these things, though. That is, if people are capable of falling for something despite the bad grammar, then more so when the message looks legit beyond the real URL destinations and the source signing. Although I haven't heard of mass WoW account hijackings, so maybe not.

[Lethal Dosage]

Or you can, like me, totally ignore your E-mail.

What's the point of having an email account then?

[Orb]

Or you can, like me, totally ignore your E-mail.

What's the point of having an email account then?

To sign up for, well just about anything on the internet. Including this forum. I honestly use my e-mail in the same way, mostly use facebook or telephone if I want to chat with someone. Sometimes use my e-mail to transfer files between computers, but thats about it.

[Starver]

For quite a long time I've tried to exclusively use services (either provided free by ISP, or sought out by myself) whereby I have a whole domain of email addresses I can use, no restrictions.  (No silly "up to five email addresses for you and your family!" stuff.)

Then I can sign up to various things with unique email addresses.  If I end up getting spam from the address (Armok forbid) I signed up to the Bay12 Forums with, there's an option to blacklist that address and look darkly upon the persons who released (or allowed to be released) that particular set of personal details.  (With Bay12, I'd probably make a change-of-email request first, alert somebody of a possible problem/my displeasure (*delete whichever is inapplicable) and given them another chance.  But if that one went I'd still have to think seriously about certain things.)

The email address I used frequently for usenet (not at the moment, I changed ISPs a few years back and essentially cut myself back to lurker status) was frequently spammed.  I'm talking back a decade or so, and expect that it was such ever since that Eternal September started, if not to some degree before.  I was still using OE at the time, and got into the habit of not having a preview pane (even before Melissa-style stuff that would exploit the as-yet-unfixed Preview Pane running code issues) and reading all emails by View Source.  Mostly that was to avoid web-bugs, and to get a good hard look at all the email headers.  This was a while before it became common for "We have blocked the images in this email for your security" banners, usually with "If you can't read this email properly[1]" embedded HTML link to a dotmailer.co.uk address that's equally capable of providing web-bug-like information, but with good personal sight-reading of non-obfuscated HTML, this approach still works quite well (and usually clues me in the details even of the stuff that I'd be forced to open to properly read, before getting anywhere near that stage).

Of course, I also became subject to another form of spamming.  "Let's see if <randomstring>@thisdomain works!"  Also mixed in with "Let's pretend to be sending this from <randomstring>@hisdomain!" when sending spam elsewhere.  To which I would invariably receive a whole host of (in and of themselves) legitimate emails saying something like "Thank you for emailing me from XYZ123@yourdomain, but before I can read this message you need to prove you're a human so I can whitelist this address".  Common courtesy would will me to send a mail of my own to the recipient, go through the rigmarole of whitelisting whatever regular address I was using at that time, just to apologise for my own domain being subject to a fake-hijacking of which the intended recipient had been hitherto unaware anyway.  But of course I would refrain, as it would be silly.  (Also, should the spammer ever alight upon this whitelisted address, I'd be subjecting my correspondent to false-negatives that he would never have received otherwise.)


Still, the above paragraph aside, my system still works quite nicely.  Only the other day I received a set of spams sent to one of my "I'm looking for a job" addresses along the lines of "Would you like to advertise your business?".  Which gave me quite a chuckle and brightened up my day.  I have already taken measures.


[1] Oi!  Email is a 7-bit text-only service!  I'd rather not have embedded HTML background images and sounds in "multipart/alternative" segments, etc.  Attachments, Ok.  UUencoded or MIMEd, I don't care, but corporate imaging seems to take precedence over my preference to receive nice orderly plain-text messages not compiled by robots who wouldn't even know efficient markup if it came up and bit it on its virtual backside.  I can't really complain (as much) about personal users embedding smileys in their signatures, nor receiving such things through personal contacts forwarding you the "FREE CATEYE LOOP LIGHTS WORTH £20 When you become a member of British Cycling from just £24 a year" (inclusive of the A-circumflex, bad character encoding, and I know that the GBP symbol wouldn't work under my ideal world) that they'd themselves received, but it makes me feel like a strangely mixed-up technophilic luddite when one wishes that signing up for certain information (deliberately... don't get me started on the alternative) doesn't give the "You can send me your information in plain text...  go on, you can do just that...  I'm not impressed by flashy pictures that REALLY JUST CONTAIN TEXT ANYWAY!".  Or so goes the voice in my head.  One of the voices.  Not the one that tells me not to kill people, certainly.

Rant over.[/1]

[Draco18s]

That's why there's a whole host of free anonymous email address services you can use.
My friend likes mailinator, essentially you can register at some site with [anything]@mailinator.com and then go to mailinator.com, enter the email address you used, and check the inbox.
No log in required.

[Starver]

Should be ok, so long as you're not expecting to actually use the email address like you would one of your own.  (e.g. getting notified of things like new messages on forum, jobs that fit your specification, forgotten password links, etc.)  Not that some of these couldn't be used and checked regularly and (probably) deleted to prevent someone else finding things that they shouldn't, but you haven't got the same sort of peace of mind.

Depends on how they're configured.

Talking of anonymous email services, I'm sure others here remember anon.penet.fi.

[Draco18s]

Depends on how they're configured.

Anyone can log into any email address.  It's not meant for anything that would have private information in it.  It's supposed to be a "use once and throw away" type services.

[Empty]

Hey guys I'll give you free games!

All you have to do is send me your pin-card with your pin-number!

Works 100%.

Trust me!

[Polykatana]

Just registered to this board when I saw this post. I just woke up this morning and realized that at some point during the night, I heard a steam message notification sound. Then I saw a message from someone I hadn't talked to since I don't know when. The first thing that popped into my mind was, "Amway? Zamzuu?" But then I saw that Intel was celebrating 43 years and wanted to give me a free game!

Now, I'm a logical, rational skeptic. I was born a skeptic. I have my beliefs, I go to church, but I don't subscribe to other people's interpretations so easily or hold so closely to my own beliefs that I would dismiss anyone else's beliefs, ideals, or claims as something of a lesser value or validity. I can't prove what I believe, and I can't claim that I know it's accurate or real. That's the whole idea behind it, recognizing that your own ideas should be subject to the same scrutiny as anything else in the world. In the same sense, I'm a skeptic about everything else in life, from the anti-vaxxx campaigns to claims of alien life found on a recently acquired chunk of meteorite. This has saved me in a lot of respects. If I hadn't been a skeptic when I was a teen, my parents might have actually tricked me into thinking I liked Maxwell House coffee. Mind you, I didn't. They thought I didn't know what I was talking about, and one Christmas up north, they made a pot of maxwell house at my uncle's house. They bought it at some Giant foodstore and told me it was folgers. Alarms went off in my head when I noticed my mom getting annoyed after my refusing coffee for the third day in a row. I just didn't want coffee. Had my own stash of Monster Russian. Then, the following day, I went out to the car to get something and found a receipt for Maxwell House. Long story short, I had my fun with that knowledge afterwards. I still love them, even if they did try to shake my allegiance to Folgers.

Oh, but of course, my skepticism has saved me from much worse stuff than that. Zicam comes to mind. But today, it almost didn't. As I said before, I just woke up, I still had one foot stuck in the door of unconsciousness, and I knew Steam was notorious for is mind-blowing sales. I should know. I once made off with 25 - 30 IGN-Score>8/10 games for under 100 bucks during one of their Christmas sales. But, a free game? Intel? Gifting? Golly. I clicked the link, saw a muted video, and realized that it was on the steam website... or was it? I noticed things here and there that didn't add up: a scrolling title bar, the lack of the "steampowered" suffix in the address, and the fact that the price for the DLC was listed in pounds (£). Still, that's not what stopped me from logging in. It was the fact that Intel was celebrating 43 years. Aside from the fact that Intel was founded on July 18, 1968, and not in March, there was also the absurdity that comes with the idea that any corporation would pull a stunt like buying games for every steam user on such an odd-numbered anniversary. If it was 50 years, I might have let down my guard... a little, anyway. But, this nagging conclusion prompted me to search the web to find out just what the heck is going on, and that's how I ended up here.

I am happy to say that scams have yet to work on me, and thanks to you and the wonderful power of skepticism, they missed another chance today. On that note, I would also suggest that some of you go out to the bookstore and pick up "The Art of Deception" by Steven Mitnick. He's a former criminal black-hat who turned his life around and now has his own network security business. The idea is that the biggest exploit in networks, computers, accounts, and just all-around security isn't some program function or unlocked gate, it's people, the human mind and the strength of emotions. It's very intelligent and covers Nigerian scams, Paypal scams (or is it Paypol? PaypaI?), Stock Market chatroom scams, and even scams that reach you through something other than the internet. With all the misinformation in this world today, and it's ability to dilute truth and reality to 30c with just a few clicks of the mouse button, we have a responsibility to inform others who are at risk of getting sucked into it.

I gotta go to work. Thanks again. Remain skeptical. Test all things. And, if something is too good to be true, Google it.

[Draco18s]

I am happy to say that scams have yet to work on me, and thanks to you and the wonderful power of skepticism, they missed another chance today.

Only one scam has ever worked on me, but I chalk it up to having been rudely awakened by my telephone at 10:30 in the morning (I didn't normally get up until noon).  Omnipresent wanted to see me magazines for "only $3" with a "free gold watch" bonus prize all I had to do was "verify my credit card number."

I caught on quick, but not quick enough to have not-given them my card number.  I called an hour later to cancel ("I'm sorry sir, due to the deal we have with the publisher, that's impossible") and threaten legal action ("We'll reciprocate") and finally call my bank and cancel my card.

In the last 4 months I've gotten 2 calls for having "won a trip to Florida" because I bought some magazines "a year ago" (it was five).  But beyond that, nothing bad happened.

[Starver]

Depends on how they're configured.

Anyone can log into any email address.  It's not meant for anything that would have private information in it.  It's supposed to be a "use once and throw away" type services.

As I understood it, then.  Just saying that for my purposes, I like to have some form of permanence (albeit the possibility of black-holing) in my registration addresses so that I have the opportunity to reset passwords, get notifications, etc.

(Also, it would seem to me that various automated registration scripts not black-listing registration addresses in certain well-known 'open' domains[1] might be considered counter-productive to the whole concept of having to register, i.e. making at least a trivial attempt to link input to a 'real' person.  If I put my website administrator hat on, that would be my big concern.  And I know that's as easy to fully accomplish as to ban all proxy servers, the hydras that they are, but certainly well-known ones should by now be well documented in a form usable by both spammers and anti-spammers...  Though as I haven't worn my website administrator hat for quite a while, at least as far as forum registrations are concerned, I'm a bit disconnected from that part of the process.)

[1] Used to be true for Hotmail/etc, but from the last time I registered somebody up to something like that, it asked so many personal details (enough so as to allow the mail host to avoid being accused of allowing an open mail relay, but admittedly I could probably register myself as a Mr Cameron at 10 Downing Street without alerting anyone other than possibly GCHQ[2]) that I was embarrassed on behalf of the person I was helping set up their account.  I'm not sure whether long-standing accounts, that were more free in their creation, ever needed to be 'information upgraded' to make them as legitimate.

[2] Hi there, GCHQ peeps, or whoever it is who took the trouble to grab this bit of watchword-heavy internet traffic from out of all the rest.  Keep up the good work.  Sorry, my language skills aren't up to the level I heard you were desperately needing, as reported on the radio recently.  And commuting from here would be a pain, anyway.

[Starver]

All you have to do is send me your pin-card with your pin-number!

PIN: Personal Identification Number
PIN Number: An example of RAS Syndrome.  (=>Redundant Acronym Syndrome Syndrome)

I'm aiming to purge the world of the term "PIN Number", even at the expense of momentarily sending this thread on a further tangent.  Realistically, I have absolutely no expectation of being successful, but I have to try.

(Not to mention that "pin-card" is an intrinsic misnomer for some form of debit/credit/etc card that you do not use in an "ATM Machine", just an ATM.)

[Sowelu]

Query:  Is the "ATM" a machine?  Yes?  Good.

If you refer to something by its proper name, then you want to clarify what object you are referring to, it is standard to include more information like the class of objects that the one you're referring to is a member of.

Not that I can think of many other things that are called ATMs, but still.

[Starver]

[...]I called an hour later to cancel ("I'm sorry sir, due to the deal we have with the publisher, that's impossible")[...]

Not really of much use to you, now, but I'd be quite surprised if you don't have some form of Distance Selling Legislation in your jurisdiction and don't have some form of cooling-off period (7 days, 30 days, might depend on the type of service) in which you are completely and utterly allowed to cancel a purchase with any legitimate telesales company, possibly even visiting salesman (certainly unsolicited, possibly invited).

The legitimate telesales company will be prepared to suck up the low volume of such retractions that they'd expect (individual people tend to retract very few times), even if they haven't got some form of revenue protection scheme set up for that eventuality, or the ability (regardless of what they might say to you) to transfer the deal to the next schmuck/interested party.

Of course, their raison d'etre is to maximise their sales, so they'll protest, as yours did (for whatever reason), but even their paper contracts and verbal patter saying otherwise are probably muted by the variation of the old "except where limited by local laws" variation.  Not that I'm an expert, and you (as do I) really need to brush up on the exact details before you can launch into a full on retraction.  I just tend to say no to anything (while keeping them on the phone for half an hour).  These days.  I've made the odd irrational minor purchase in the past, in the past, and like most people have very rarely actively exercised my right to renege on such a deal.