They Don’t Make It Easy

They really don’t.

Backing up for context.

Like most, our local supermarket chain–Lucky California and a few other chains under the same ownership–runs occasional contests. Makes sense: free goodies always attract customers.

Most recently, they partnered with Shell for a double whammy: the top prizes (awarded through drawings at the end of the contest) were free groceries for a year* and free gas for a year*. There were also smaller prizes, both for gas and groceries, and–to keep the excitement flowing–instant prizes of merchandise and loyalty program points.

* I’ll come back to what that means.

We always play the games. Why not? We shop there anyway, it doesn’t cost anything to enter, and we’re no more immune to the lure of “free” than anyone else.

Not that we expect to win anything significant. Last time, we won a free bag of chips. We made nachos.

This time, about halfway through the contest, we got an instant win for 50 loyalty points. That’s fine. We collect those, and every couple of months trade them in and get $20 off our next shopping trip. No other instant winners, and when the contest ended, we promptly forgot about it.

Months later, I got an email.

“Congratulations,” it said (with three exclamation marks). “Your online entry…has been drawn for the Groceries for a Year…!”

Let’s see. We’ve got gratuitous exclamation marks and bad grammar. We also have a “click here” link to claim the prize; the link points to a website that is not Lucky Supermarket nor the contest’s special domain. The sender’s email address is shown as being the contest’s domain, but the actual sending system doesn’t match Lucky, the contest, or the claiming website. The contact phone number in the email is not the same as the contact number on the contest website. And the message is signed by “Christine” (no last name).

That last one is actually a point in the email’s favor: most scam-spams include a full name, apparently because the scammers think it conveys respectability. Other evidence pointing to legitimacy: the email addressed me by name–spelled correctly–and my name isn’t part of the email address I’d used in signing up for the contest*.

* That’s by design, and for just this sort of occasion. If an email addresses me by the name in my email address, I can be fairly sure it’s spam.

So I was on the fence.

Contests and sweepstakes are required to keep lists of winners, and according to several online resources, you can sometimes check if your name is on the list by calling the contest sponsor. So I decided to call Lucky’s customer service number. No dice. The guy I talked to was very nice about the whole thing, but he didn’t have a list of winners, and he pointed out that until someone claimed a prize, they wouldn’t be on the list anyway. He suggested I write a letter to Corporate, or check the contest website for a phone number. Given that there’s always a time limit to claim prizes, the letter idea was pretty much dead in the water. And if the website had been compromised now that the contest was over, any phone numbers would be dubious at best.

I did take a look at the recent prize winners page on the website. Three of the four Groceries for a Year prizes had been claimed, and my name wasn’t on the list.

I flipped a coin and decided to take a chance. I filled out the claim form. It wanted my name, address, phone number, email address, birth date, and the address of the store I normally shop at. Since they already had all of that information from when I signed up for the loyalty program, giving it again was no big deal. It also required my SSN. I had qualms, but decided to take the chance.

About an hour later, I got another email from Christine (point in their favor for keeping the same name) thanking me for claiming my prize and asking me to fill out a W9 tax form, since the value of the prize was over $600. Fair enough; gotta keep the IRS happy, right?

I did check the contest website again and my name had been added to the list of winners. That relieved my mind immensely. Highly unlikely that if the site had been hijacked, the scammers would go to the trouble of adding names to it. After all, to make any such scam worthwhile, they’d have to target more than one underpaid writer.

So I filled out the W9 and sat back to wait for my prize.

Which, according to that second email would arrive in 6-10 weeks.

Free groceries for a year sounds great. Slightly less so when you realize the value has been capped. Specifically, it’s limited to $5200. That’s right, $100 a week. To be fair, pre-COVID, our weekly grocery bill did come in right around that number. Now, though, it’s gone up by thirty or forty percent.

Still, free is free, and saving five grand on groceries isn’t anything to sneer at. If food prices don’t go up significantly, the prize should still last us well into 2023.

Oh, and the prize is paid in gift cards. I had visions of receiving a box of 52 $100 gift cards, and wondered if they’d be date stamped, so we couldn’t use more than one a week. But there was that 6-10 week waiting period to find out.

Exactly a month later, I got a “Your package is on the way” notice from FedEx. I didn’t think much of it; I’d ordered several things online that week, so I was expecting to get several of those notices. However, this particular one was odd.

For one thing, the sender was listed as an individual, rather than any of the companies I’d bought from. Odder still, the sender’s address was listed as Modesto, California, but the package was shipping from Buffalo, New York.

That set my scam detector tingling again. Was this some kind of “send some cheap merchandise to a random person, then demand large sums of money under threat of being reported for theft” deal? Or a “forward the package to a third party, and when it arrives we’ll send you a check which will never arrive” game?

So I googled the sender’s name and Modesto. Hey, she’s a marketing manager for Lucky’s parent corporation and the street address is the corporate headquarters. Answers that question. (And no, her name isn’t Christine.)

The cards arrived on my doorstep almost exactly six weeks after I filled out the forms. And no, there weren’t 52 of them. Just eleven: one for $200, the rest for $500 each.

Then I notice the fine print on the back of each card, informing me that the cards need to be activated before use. Nothing in the accompanying letter, much less the earlier emails, suggests this has been done.

Dash off an email to Christine. Three hours later, she writes back to assure me that they are activated. Sure glad nobody intercepted the package–mail theft is endemic around here–or I would have been out my prize with no hope of recourse.

So, finally, we’re happy. But…

Let’s sum up: scammy emails, multiple domains in use with no transparency about their relationships, difficult to confirm legitimacy, lack of consistency between contacts, insufficient information at many steps.

From what I see online, this is typical for online contests. But why? Sure, if it’s hard to claim a prize, the sponsor will save money–most such contests have a “unclaimed prizes will not be awarded” rule–but hardly enough to justify doing it this way on purpose.

Is it possible that the people running these contests have never gotten a spam in their lives? Seems unlikely.

So why do they seem to be going out of their way to seem suspicious? Especially when they could make one simple change that would greatly reduce the awkwardness of the current system.

In order to submit contest entries, players have to have an account on the contest website. So, instead of sending an email directing the winner to a third-party website to file the claim, send one that directs them to sign into the contest website. That site can have the “please click here” to claim your prize.

Granted, it wouldn’t solve all the problems of the current system, but it would be a big step in the right direction.

Staying the Course

Every so often–especially when I’m having trouble coming up with something to post about–I’ll read through some of the blog’s archives. And, yes, today was one of those times. I spent an hour or so browsing through the posts from mid-2017 and, geez, not much has changed.

I mean, yes, there were some highlights: getting my author’s copies of The RagTime Traveler, Rufus integrating himself with the rest of our menagerie, watching the Mariners come from behind to beat the As in extra innings (with no Manfred Man!).

Some lowlights as well, naturally. Valerian and the City of a Thousand Planets, Senator McCain leaving the hospital to vote against making medical care more widely available, and the reminder of how little time we would have with Rufus.

But there’s a lot that I could have written in the past couple of months. The public’s increasing willingness to rush to judgement without evidence. The Mariners flirting with .500 (though this July, it’s Baltimore instead of Seattle). Apple trying to pass of incremental changes as revolutionary. Illegal fireworks. People claiming the inclusion of women in significant roles destroys their childhood memories.

Does this mean I’m stuck in a rut, or that everyone else is?

But all that aside, one post caught my attention. No, not the thing about the Project Fi Travel Socks (though, in keeping with the theme here, I’ll note that I still have ’em and wore ’em on last month’s trip to Sedalia). No, it’s the part about the Sedalia Holiday Inn Express’ horrid approach to computers and computer security.

Because five years after I wrote that post, the situation is even worse.

The Wi-Fi still offers the same three choices for signing on. Only now the HIE Club members’ method explicitly states that no password is needed. And you still need to log on multiple times over the course of your stay–though to be totally fair, the frequency has dropped to daily, rather than “every time you leave and come back”.

But the worst was that “Business Center” in the lobby. During our entire stay, I never saw anyone using them. Not once. And I don’t blame my travelers a bit. The only reason I tried them was to print boarding passes for our flight home*. And I mean “them” literally: I tried both computers.

* Yes, I know one can check in via smartphone and get the boarding pass there, too. I’m sure that’s what everyone else staying at the HIE did. But I needed paper passes. For reasons.

One of them wouldn’t turn on. At least that one’s not going to be giving away anyone’s credit card information. The other had a distinctly green screen, suggesting either an about-to-die video card or a really, really bad VGA cable. Either way, annoying but ignorable for my purposes. However, five minutes after I turned it on, I was still waiting for it to load the Windows desktop. And I mean literally five minutes, which means either a failing hard drive, a full-to-the-point-of-explosion hard drive, or an operating system crammed full of malware and harmless-but-unnecessary software. Or all three.

At that point, the helpful woman behind the registration desk offered to let me use her computer. Yes, the one that gives full access to HIE’s reservation system and all of that lovely customer data–including credit card numbers. Oy.

I didn’t lecture her. I thanked her profusely and tried to use the browser tab she helpfully opened for me before she turned away to talk to my mother. Oy, again.

Alaska Airlines refused to let me check in. Why? Because that browser was Internet Explorer, which is now officially unsupported by Microsoft and about to be removed from millions of Windows computers around the world. Oy, a third time.

Add a fourth “oy”, because there was nothing–including the helpful woman–stopping me from opening Edge to, you know, actually do what I needed to do. I could have opened any other program on that machine, or gone to any website in the world, and installed anything I wanted to.

I still didn’t lecture her. I checked in, printed our boarding passes*, thanked the helpful woman again, and went up to the room.

* By the way, there’s still no printer in that so-called Business Center. I suspect those machines are still network-connected to the printer I used under the front desk. Which implies that those printers are on the same network as every other computer in the hotel. So all of the malware on the Business Center computers has completely unimpeded access to the reservation system.

Ethically, I probably should have said something about the hotel’s inexcusable laxity, but what could she have done? She’s only a pawn in HIE’s corporate structure. Not that she would have understood why any of the issues were issues; in the few words we exchanged, it was clear that her computer knowledge is limited to turning on the computer she let me use and using HIE’s reservation system. I couldn’t spend the necessary hours to explain the basic concepts of access control, hardened perimeters, and software vulnerabilities, even if I thought she’d sit still for it.

Oh, and that green-screened “Business” computer? I checked on it as I went past. It had finally brought up the desktop, but was still struggling to open Microsoft Teams, Skype, and–I kid you not–Steam. Wait, it gets even worse. There was a Minecraft icon on the desktop and a recovered Chrome tab for a bank–with a user name and password prefilled in the Login fields, thanks to Chrome’s ever-helpful password manager.

Change. Who needs it, right?

Not a Good Look

Full disclosure–a phrase that’s highly relevant to today’s post–here: I have a Wyze camera. We use it for monitoring cats. At various times, it’s been the RufusCam, the LeftyCam, and the MeezerCam. Currently, it’s pointed at the Backyard Bowl, so we can see who shows up to indulge in gooshy fud and catnip.

So, given the background, you can easily understand why I’m rather perturbed by the recent reports of a significant security flaw in Wyze’s equipment.

Brief pause to remedy a potential knowledge gap: Wyze started out making amazingly cheap wi-fi cameras. Where most companies were selling cameras for $100 and up, one could buy a Wyze camera with most of the same features for $20. Obviously, they quickly became popular with people who wanted to keep tabs on pets, property, and progeny.

Wyze has since branched out into related products (video doorbells, door locks, camera accessories, for example)–and some not-so-related products like vacuum cleaners and headphones. Their focus has remained the same, though: most of the same features, but at a fraction of the cost.

A company selling security products should take great care to make sure their products are, you know, secure. Right? Maybe not. The latest reports suggest that Wyze not only knew about a bug for years before they fixed it, but Bitdefender, the security company that found the issue, kept quiet about it as well.

This isn’t the first time Wyze has been involved in security issues. As recently as 2018, there were reports that their cameras were sending information–metadata, if not actual video–to servers in China. Wyze eventually confirmed the reports, but blamed a third-party that was part of their backend infrastructure. In 2019, they accidentally removed security features from an internal customer database, leading to information on 2.4 million customers being exposed to the Internet.

To me, this latest failure is the worst. Not because of the severity of the bug. As I understand it, it’s not an over-the-Internet vulnerability; any attacker would need to be close enough to get onto the same wi-fi network as the target camera. My concern is that Wyze sat on the bug for three years before fixing it; even after it was fixed, they didn’t give their customers any information about the bug or how they might have been affected; and, arguably worst, they somehow persuaded Bitdefender* not to release any warning to the world about the bug until after they had finally fixed it.

* Highly annoying: Bitdefender’s much-delayed press release even suggests people should use Bitdefender’s products to identify vulnerable devices on their home networks.

More full disclosure: I recently started using Bitdefender’s “Total Security” software and like it. Ironically, the thing I like most about it is that it gives more information about threats it’s blocking than the anti-malware package I used to use.

As a society, we don’t require companies to reveal security breaches in a timely fashion, or to accept meaningful accountability–“Oopsie, my bad. So sorry we let hackers get your personal information,” is not accepting responsibility, right [insert the name of darn near every company in the world]?

But companies that specialize in security need to be held to a higher standard. They need to keep their clients in the loop when things go bad. And they have to make up for their errors. Not necessarily fines, though in some cases that might be the right thing, but something that makes them share the pain they’ve inflicted on their customers.

I’m not quite ready to toss out my Wyze camera–though I doubt I’ll be buying any more of them–and I’m not uninstalling Total Security either. Yet.

Nor am I urging anyone else to dump Wyze or Bitdefender. But I am considering it, and you should too.

That Felt Weird

Maggie and I did some socializing last week.

For the first time in two years. Which makes us sound anti-social by traditional standards, but these days, it’s, well, the New Normal. Rather a depressing thought, isn’t it? Sorry about that.

And, to be frank, I wasn’t sure I was ready to spend an evening with other people when none of us would be masked. Even though everyone was vaccinated, boostered, and had taken a rapid test. But the payoff would be huge, so I went.

I mean, given the chance to hang out with our godkittehs…


…why in the name of all that’s furry would I decline?

And after all the build-up, and wary anticipation, the strangest thing about the evening was how normal it felt.

I mean, I’ve seen a number of my cow-orkers unmasked, and they looked really weird. There has been a significant quantity of staff turnover, to the point where I hadn’t ever seen some of those people without a mask. Others, I’ve only seen with their masks on for two years.

Discovering they have mouths is disconcerting at best. Disturbing in some cases. I didn’t know one of them had a beard.

But everyone at the gathering last week–even the bipeds–was face-naked. And it felt perfectly fine.

Maybe the difference is that I’ve never seen them masked. But then again, at work I see customers without masks–people I’ve never seen masked before–and they look odd. What’s that pink, flappy thing where the mask should be? Is it supposed to be there?

Now what? Even though I’m no longer required to wear a mask at work, I’ve been continuing to do it, because it makes me feel more comfortable. Should I take a hit to my comfort level and do my part to push a return to the Old Normal? Or look at the rising caseload in countries like Germany and China and do what I can to establish a new New Normal–one where masking is acceptable, even when not required?

I’m open to going mask-free. Not eager, perhaps, but I’m willing to consider it generally or on a case-by-case basis. And there’s one very strong argument for keeping the mask on for another couple of months when I’m outside the house: I don’t know about you, but my hay fever has been much less of a thing than usual the past two Springs. I find I like not sneezing uncontrollably whenever trees throw reproductive material at me.

So, for right now, the mask stays on, with exceptions for special occasions. Like visiting Patti and Forti.

And now I have to do is hope there’s no major backlash coming. We don’t–really, really don’t–need anti-mask mandates. But I have this sneaking suspicion they’ll be coming soon to Florida, Texas, and other states that ought to know better by now.

An Interesting Idea

Hmm.

Apparently, Quebec has given up on the carrot and is ready to try the stick. According to news reports, the roughly 13% of the province’s population that haven’t gotten at least one shot will have to pay a tax penalty.

It’s obvious that appeals to common sense have gone as far as they’re going to. And incentive programs have probably reached their limits as well. One can only offer so many lotteries, after all, and anyone who might be lured in by cash payments, offers of food and beverages, or merchandise promoting local sports franchises has probably succumbed to said temptation.

Although, as the BBC notes, this isn’t the first attempt to force the unvaccinated to pay–they cite a monthly fine in Greece and Singapore’s refusal to pay for health care for the unvaccinated–it does seem to be an approach that few politicians of any stripe are willing to propose.

So, kudos to Quebec for trying something a little different. Some details remain to be worked out, of course. The size of the tax bill hasn’t been set–one wonders if it’ll be a flat amount, a flat percentage, or some kind of graduated number based on age, income, or political affiliation–and I doubt whether there’s any agreement yet over whether refunds are possible if people do get vaccinated after paying up. Or, for that matter, whether a cut-off date has been set yet, or if there’s still time for people to get their shots and avoid the charge.

Any such plan in the U.S. would inevitably allow for medical and religious exemptions–making it entirely useless–and then be tied up in the courts for years anyway. Plenty of well-known anti-vaxxers north of the border; will Quebec’s plan run afoul of them?

All that said, I’d love to see a similar plan tried in a region with a much lower vaccinated percentage*. Any brave state politicians want to give it a shot?

* As of a couple of days ago, less than half of the populations of Mississippi, Alabama, Wyoming, and Idaho were fully vaccinated. For that matter, Quebec is doing better than any U.S. state: Vermont had the highest vaccination rate at 78.21%, slightly behind Quebec’s 78.32% rate.

There must be ways to make it slightly less of a political suicide pill. Plenty of states have taxes that are only imposed on certain people: gas taxes to pay for road repair, property taxes to pay for schools, and so forth. Maybe some states could make a non-vaccination tax fly by making it conditional: you only pay the tax–with the funds being earmarked to go to state hospitals–if you’re unvaccinated and are hospitalized for COVID-19.

Nah, never going to work in the U.S. But I look forward to hearing how it goes over in Quebec–and whether it actually raises the vaccination rate.

Inevitably

What is it about me and Christmas?

It wasn’t all that long ago that I was gifted with kidney stones.

This year, Christmas began with a headache and mild nausea. A couple of Ibuprofen took care of the first, and breakfast largely resolved the latter. The lassitude and general unwillingness to move I blamed on “weekend” and “interrupted sleep due to pre-Christmas work schedules.” All went well until late evening, when the shivers started.

A couple of minutes, I could have blamed on the not-so-great insulation in our walls–nighttime temperatures around here have been in the low forties lately–but when they go on for the larger part of an hour, one has to admit to sickness. In any year that didn’t begin with “202”, I’d have said “seasonal flu” and retired to my bed. Not this decade, of course.

Sunday, I skipped breakfast–a once-every-half-decade-or-so event–because the thought of anything with any sugar in it made me a bit green around the gills. Fortunately, the chills had stopped, because finding my way to a testing center* while shivering violently would have been problematic. Pre-emptively called out sick to work for my Monday shift, ate a small dinner with no dessert, and basically fell asleep, rousing only to feed felines.

* Big “thank you”s to the person who recommended that testing center and to the staff who explained how to work the system so they could take me as a walk-in.

Felt much more functional on Monday. Got the results in the afternoon and, no surprise, they were positive*. So, despite being almost back to normal–as I write this on Tuesday, I’ve got a sore throat and am intermittently sneezy; at this rate of improvement, I should feel fine by the end of the week–I’m sidelined for an indefinite period.

* For the record, Maggie got tested on Tuesday, despite being largely asymptomatic, and we expect to get official word of her status sometime today.

Naturally, this has been playing out against the backdrop of the CDC’s new recommendation for shorter quarantines. Will they be adopted by my corporate masters? Or, more importantly, by my cow-orkers? They really ought to have some say in the matter.

Because, frankly, it’s only a matter of time before COVID-19 nails them too–as several people have said, it’s a minor miracle it took this long for me to get it–and I fully support what I assume is their desire to put it off as long as possible.

Regardless, the weirdest thing about the whole experience so far has been how normal it’s felt, and how matter-of-fact everybody has been about it.

“Hey, I’ve contracted a potentially life-threatening disease, and I might have given it to you, too.” “Don’t sweat it. Get lots of rest and feel better.”

I mean, yes, I’m fully vaxxed and boostered. It’s probably omicron*.

* The next person who tells me that omicron’s comparatively mild symptoms mean the end of COVID-19 is near is getting smacked across the face. The next variant could have omicron’s breakthrough infection abilities with symptoms as severe (or even worse) than the original strain. And the next person who refuses to get vaccinated because “omicron isn’t so bad” gets a baseball bat to the head–if you’re not vaccinated, there’s no guarantee that you’ll get omicron, rather than some other variant when your number comes up.

But still.

It’s not that people seem numb. It’s just, COVID-19 has become normal. A part of daily life.

And it’s putting me off balance. I expected to feel more alarm.

[Cat]food for Thought

With all of the doom and gloom in the news these days, it’s nice to know that there are still some uplifting stories out there. For some values of uplifting, anyway. And, since it’s been quite a while since we’ve had a cat in the news, let’s grab the opportunity.

Multiple sources* are talking up a cat who–according to the headlines–rescued his elderly human.

* I’m only linking one of the stories, because there aren’t a whole lot of details available. Consequently, the news stories all read pretty much the same.

In short, the human fell down a ravine. The cat sat at the top of the ravine and meowed. As a result, searchers found the woman sooner than they might otherwise have, and as of last reports, she’s receiving medical care and doing well.

Based on the story, it doesn’t seem like Piran, the cat, did much actual rescuing. But as we all know, headlines are often exaggerated. We’ll cut Piran some slack there. But still, there are a number of unanswered questions here that lead me to wonder if Piran is quite as much of a hero as the press suggests.

Why was the woman walking near the ravine? Was this a normal part of her routine, or a deviation?

Perhaps more significantly, why was Piran in the area? Did he normally join her on her walks? The story notes that he wasn’t actually at the top of the ravine, but outside a “nearby gate”. Near the ravine? Or just near the home of the neighbor who located the woman?

Maybe we can take the story at face value. Maybe Piran does follow his human around, saw that she was in trouble, and–disdaining the “Lassie” paws-on approach–hollered for help.

Or perhaps it was just a tragic accident. An argument that got out of paw–perhaps about the amount or type of food in Piran’s bowl–leading to an exchange of words and an angry stomp across the corn field. A careless step–or a distracted step as Piran calls a warning about the ravine–and now dinner is further delayed. And if the woman had, in fact, been down there for hours, Piran might well have tried a more active approach rescuing her, only resorting to calling for help when it became clear he wasn’t going to be able to drag her up the 70 foot slope.

But there’s a more sinister possibility, as well. Let us not forget that there are villainous cats as well as heroic ones. Ever had a cat underfoot while you were climbing stairs? How difficult would it have been for Piran to trip his human down that hillside?

Has anyone checked her will to see what provisions she’s made for Piran?

A State of Confusion

It’s been a week since California reopened. Is anyone surprised that now nobody seems to know what the rules are?

Hey, did you know you can take your own bags to the grocery store now? You can, even if no stores have put up signs saying so.

In theory, it should be simple. Nobody policed social distancing or capacity limits*, so officially removing those rules hasn’t really been noticeable.

* Officially, somebody did. Someone was responsible for making sure restaurant tables were far enough apart, “wait here” line markers were spaced correctly, and department stores weren’t packed shoulder to shoulder. But in practice–and, admittedly, in my experience–people have been amazingly good about self-policing. I’ve seen and heard of very few incidents of people being snapped at to back off, or self-appointed line monitors slapping knuckles.

For most people, the only question mark is whether they have to wear a mask. And apparently most people don’t have a clue. And really, that may be a good thing, at least around here. Because the overwhelming majority are defaulting wearing their masks. Granted, the SF Bay Area is one of the most highly vaccinated regions in the country, and I have no doubt that in places where people aren’t getting vaccinated in job lots, they’re also not wearing masks. Unless it’s at gunpoint*.

* Hey, there’s a thought: it’s no coincidence that areas where gun ownership is high are, for the most part, anti-vaccination and anti-mask. Maybe we need a public campaign to encourage vaccinated gun owners in places like Texas (39.76% vaccinated), Wyoming (33.58% vaccinated), and Mississippi (28.87% vaccinated) to defend their lives and property by “escorting” their neighbors to vaccination centers. Or maybe escorting teams of door-to-door vaccinators around their neighborhoods. Probably wouldn’t work–if only because volunteer escorts would be wildly outnumbered–but it’s worth considering.

At my day job, I’ve had several people ask me for permission to take their mask off. And yes, I mean ask. Politely. One of them was someone who, mere weeks ago when masks were still required, assured me loudly that he was fully vaccinated and he didn’t want to “wear the damned mask”. Quite a turnaround, and all because he now has options.

Even more people have asked me if masks are still required, but kept them on even after I tell them they’re free to remove them.

(For the record, my job is not one that requires mask-wearing, but I and all of my cow-orkers have agreed to continue wearing them indefinitely.)

I know my experience isn’t typical when looked at from a national perspective, but still, it’s nice to know that there are still a few pockets of sanity in the world.

Scammy: A Public Service Reminder

The malware scam has a long and ignoble history. We’ve talked about them before, most notably in the context of confusing the scammers. Back then (2014), we were seeing the rise of the robo-scammer. Surprisingly, it seems that was a short-lived phenomenon.

For the record, I keep an eye on what scams are making the rounds both out of personal curiosity and as part of my day job. A rare occurrence, being paid to do something I’d do anyway (that doesn’t involve writing).

Anyway, in the absence of data, I speculate that people hate talking to a computer so much that not enough people pressed 1 to allow the auto-dialer to connect them to a human being. It seems logical, anyway: the reason these scams are so successful is that the caller has a well-written and well-practiced script to panic the recipient into forking over their money and opening up their computer. No one is going to trust a robotic voice that says “Your computer is under attack.”

Heck, most people are going to assume that the robotic voice is the one that’s doing the attacking.

So we’re back to more traditional methods of scamming. But there are still new wrinkles.

Remember those popups that claim you need to install a special codec to see the video you’ve clicked on? They’re still around, but they’ve been joined by a new come-on. With the long-awaited and well-publicized demise of Flash, now we’re seeing popups telling would-be viewers that they need to reinstall the Flash player that has been removed from their browser.

I would have thought people would stop to ask themselves why Flash was removed in the first place, but apparently there’s a sufficiency of people who aren’t that self-inquisitive. Sufficient enough to keep the scammers happy, anyway.

Of course email spam is still a potent venue for scammers. The “I’ve hacked your webcam and will send your family pictures of you masturbating” letters seem to be on the decline. And good riddance. The current popular approach is a subscription renewal. “Hey, this is [large corporate entity]. Your subscription to our service is about to expire. Your card will be charged [outrageously large fee] tomorrow.” This scam works well because the fee is so high. “Five hundred bucks for a magazine/website/streaming service?” If the victim is actually a subscriber, they call to correct what they figure must have been a typo; if they don’t have the service, they call to prevent the large charge. Of course, if they aren’t a subscriber, the scammer is set with a script to apologize for the incorrect message, pitch the service in glowing terms at a much more reasonable price, and get a credit card number that can then be wildly abused.

Oddly, while the scammers go to great lengths to make the emails look like they’re coming from the real company, incorporating stolen graphics and boilerplate legal text lifted from actual emails, they often don’t make the slightest effort to forge the “From” on the email. Though the evidence suggests that they don’t need to make the attempt. People seem to be quite willing to assume that “john.smith@yahoo.com” is fully authorized to speak for Netflix, Fox News, or Xfinity. Or, more likely, nobody even looks at the sender’s address. Those big numbers apparently attached to their credit cards exert a magnetic attraction on the eyes.

The big winner from a scammer’s perspective, however, is still the phone call. Yes, Sam and Nancy and their ilk are still in business. Apparently, however, enough people have figured out that Microsoft and Apple aren’t monitoring their customers’ computers and phones that claiming to be “Sam from Apple” doesn’t work well enough.

Today, the caller is much more likely put a gloss of plausibility on their claim. “Hi, this is Jolene from Norton Security Services.” LifeLock is popular with the scammers, since so many people have subscriptions to LifeLock, either directly or through their association with Norton. Other name-brand security companies’ names are being abused as well: McAfee (many computers come with a trial version of McAfee antivirus installed, so people are used to seeing or hearing the name) and ADT–“Hey, I got my burglar alarm from them, I guess they’re protecting my Internet too”–are at the top of the list.

So let’s be careful out there. Remember, when someone says they’re watching out for you online, they’re telling the exact truth. They’re watching out for you and your wallet.

Onward

(aka Short Attention Span Theater 18)

True story.

I was coming home from work the other day–along Richmond Parkway, as it happens–when I witnessed what was, if not the stupidest driving maneuver ever, certainly one of the top ten.

Picture this: I was waiting at a red light, fourth car in line in the right lane. Two cars in the left lane. Nobody in the left turn lane. There’s a small bunch of trees on the corner to the right, which means you can’t see into the cross street until you’re actually in the intersection.

And coming up from behind me is a Mini of some sort*, zipping along at the speed limit, which happens to be 50 along there.

* I think it was a Countryman, but I’m often clueless when it comes to vehicular makes and models.

The driver wasn’t showing any sign of slowing down, and I was starting to get nervous. One doesn’t think of a Mini as “looming”, but this one was unquestionably looming in my rear-view mirror.

And then it veered to the left.

Without slowing down, it slewed across the width of the street into the left turn lane and stormed straight through the intersection, back across the full width of the street to the right lane.

About fifteen seconds later, the light changed to green–which means it had to still be green for the cross street when the idiot went through the red–but nobody moved for a good ten seconds, too stunned by the sight we’d just seen.

My immediate reaction was that the driver must be the same kind of idiot who gets his first vaccination and immediately stops wearing a mask.

On reflection, I think that’s too gentle an assessment. More likely, he hasn’t gotten vaccinated, won’t get vaccinated, and threatens to sue businesses that require customers to be masked because he thinks makes spread disease.

Moving on.

In the interest of keeping you informed of the doings of Xathanael Todd*, I bring you this excerpt from a letter I received from his father on Monday.

* Previous mentions are here and here.

“April 23rd, 24th, and 25th will be Xathanael’s final theatrical performances before graduating High School.

On The Fringe Children’s Theater in Vallejo is presenting an online production of Elephant and Piggy: We Are In A Play. Xathanael has been working there as Assistant Choreographer and Music Director. He is also starring as Gerald.”

Unlike the earlier performance noted above, this production will, in the spirit of the times, be streamed online. Tickets–a mere $5 each, though you can pay more if you wish–are available through Showtix4U, so even those of you who don’t habitually frequent Fairfield, California can attend.

I’m trying to figure out whether I can get some time off one of those days. Working evenings does have a down side.

As you may have gathered, yes, I’m back.

Late March or early April is generally when I post my “State of the Fourth Estate” summary. Last year, I was hoping to send out Demirep to my beta readers in June. I actually beat that estimate. The draft went out in mid-May.

Since then, I’ve written a grand total of zero words of fiction.

What I’ve found is that I need a certain minimum amount of structure in my life in order to write. And even after I returned to work after the lockdown, I had no routine. Schedules changed frequently, responsibilities shifted on a weekly–sometimes daily–basis. And then there were all of those one-off disasters falling into life, both political and personal.

Finally, however, life and work are settling down. I’ve made plans to carve out regular writing times. First for the blog, then for the novels. It’s going to happen. I’m going to make it happen.

Moving on again: see you Friday.