Sunday, January 15, 2012

Zappos and 6PM customer accounts hacked.

I got an email today from 6PM.com and Zappos (yes, I know I have shoe issue,I'm working on it!) to reset my password, because their database which contains my, as well as millions of others customer information was hacked. Is it legit? Seems like it, I also read it on the New York Observer site as well as Huffington Post.


What to do? Go the the Zappos and/or 6PM.com website, and you will see a CHANGE PASSWORD link. Sign in with your old one and they will email a link to the password change page to the email address on your account.

Here is the email I received from 6PM:


First, the bad news:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on 6pm.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
THE BETTER NEWS:
The database that stores your critical credit card and other payment data was NOT affected or accessed.
SECURITY PRECAUTIONS:
For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.
We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that 6pm.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.
PLEASE CREATE A NEW PASSWORD:
We have expired and reset your password so you can create a new password. Please create a new password by visiting 6pm.com and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.
We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@6pm.com.

Thursday, January 12, 2012

WTF Daddy?


This was an email I got from a customer who manages and creates websites. He had a real frisky time with GoDaddy, a domain and web host device, but resolved it after some real bronc riding. He tried to transfer a domain and pay for one year, and they (oops!) accidentally signed him up for two years and then initially refused to correct their own mistake.

As you can see, BUYER BEWARE!!

My client's email to me, posted with his permission.

A friend of mine passed away. Since I managed her website and the domain name was set to expire in February, 2012 with Godaddy, I called Godaddy to move her account into mine and renew it for one year at my expense. I stated specifically that I needed to:

1) Move the account into mine
2) Renew the domain for one year
2) Consolidate it with my other domain names, which means that they would all then be set to renew March 2013

The representative at Godaddy asked for my credit card number, and confirmed that it was valid and matched the one on file, then said the charge would be ca. $24. I asked why it was double the normal yearly fee of $12.17. The representative informed me that he had entered a period of two years. I immediately said, no, I only wanted one year.

It was too late. The rep at Godaddy told us me I would have to either:

1) Cancel the domain name and start over, causing the website to be disabled for several days, or
2) Accept the two year registration, in spite of the mistake made by Godaddy

It was difficult to convince Godaddy that I should not be penalized for an unauthorized credit card charge from their side, as this is, in fact what it was.

Following hours of phone calls and rejections I threatened to call the Better Business Bureau, and only then was issued a refund for the extraneous year. To Godaddy's credit, I received the refund for one year, while the registration of the domain name will remain intact for two years. In fact, I didn't want the domain name to run for longer than year, but considered it an acceptable solution. Godaddy's reasoning as to why they couldn't change the length of the domain name term was that they are not the owners of the .com and .net domains, but rather only the registrar of it and an independent company owns these, and therefore Godaddy cannot change registrations once they are completed. I didn't research why this was so or whether it was actually correct.

Moral of story:

1) Charges made by phone must be reviewed before being finalized
2) Charges made without authorization must be refunded in full with no penalty
3) It IS possible to refund charges without a lapse in service if the billing department uses its resources to the full
4) Although the technical support at Godaddy is usually first rate, their billing department is behind the times in terms of customer service.

Saturday, January 7, 2012

THE GREAT ASSASSIN GROUP OF EXHIBITION

Today I got an email from a hired assassin, who told me he( or she) was paid $15,000 to kill me, but if I contacted him, I could pay a FIRST installment of $5,000 and I would get a tape that would identify the person who hired him. Now I checked out the name on the email address (bayinde99@att.net) , Ayinde Bukola, a Nigerian that I found on Facebook as well as a few eDate sites. Seems like a nice kid, likes music, looking for a serious relationship, maybe marriage. It's very likely that his name has been used and his email hacked.

This kind of "Pay us or we'll kill you" spam has been around for at least about 5 years, most of them originating from Russia. So what do you do if you get this? If they don't address you by name, or know any personal stuff about you, just delete it. If the email contains any info, like your name, address, phone, etc, you should report it to the Police, and the 


http://www.ic3.gov/

Here is a snopes article about these types of "hit man" scams:

http://www.snopes.com/crime/fraud/hitman.asp


Or you could call:





Here is the email, complete with the logo and pictures of weapons included:



http://www.stanford.edu/group/resed/stern/zapata/07-08/assassins.jpg
 
Am very sorry for you my friend, is a pity that this is how your life is going to end as
 soon as you don't comply.
As you can see there is no need of introducing myself to you because I don't have
any business with you,
my duty as I am mailing you now is just to KILL/ASSASSINATE you and I have to
do it as I have already been paid for that.
Someone you call a friend wants you Dead by all means, and the person have spent
a lot of money on this,
 the person also came to us and told me that he want you dead and he provided us
with your name ,picture and other necessary information's we needed about you.
So I sent my boys to track you down
and they have carried out the necessary investigation needed for the operation on you,
and they have done that but I told them not to kill you that I will like to contact you and see if your life is
 Important to you or not since their findings shows that you are innocent.


I called my client back and ask him of you email address which I didn't tell him what I wanted to do
with it and he gave it to me and I am using it to contact you now.
As I am writing to you now my men
are monitoring you and they are telling me everything about you.

Now do you want to LIVE OR DIE? As someone has paid us the sum of $15,000usd to
kill you and we  are willing to tell you that you have to pay us the
sum of $5,000usd for the first payment so we can
legit your attention so we can forward the tape to you we
 shall send it through DHl or FedEx for you
to view the video and discussion between both of us okay.
Get back to me now if you are ready to
pay some fees to spare your life,
If you are not ready for my help, then I will carry on with my job straight-up.


WARNING: DO NOT THINK OF CONTACTING THE POLICE OR EVEN TELL ANYONE
BECAUSE I WILL KNOW. REMEMBER, SOMEONE WHO KNOWS YOU VERY WELL
 WANT YOU DEAD! I WILL EXTEND IT TO YOUR FAMILY, IN CASE I NOTICE
 SOMETHING FUNNY.

DO NOT COME OUT ONCE IT IS 6:16PM UNTIL I MAKE OUT TIME TO SEE YOU
AND GIVE YOU THE TAPE OF MY DISCUSSION WITH THE PERSON WHO WANT YOU
DEAD AFTER YOU HAVE COMPLIED WITH MY DEMANDS, THEN YOU CAN USE IT TO
TAKE ANY LEGAL ACTION..


GOOD LUCK AS I AWAIT YOUR REPLY

ATTENTION: IF YOU THINK YOU ARE SMARTER THAN US, YOU CAN GIVE US A
TRY DON'T REPLY US BACK AND SEE WHAT WILL HAPPEN TO YOU IN THE NEXT
TWO DAYS I PROMISE YOU, YOU WILL BE DEAD.

http://world.guns.ru/userfiles/images/sniper/sn06/ai-awp762.jpg
THE GREAT ASSASSIN GROUP OF EXHIBITION...............