Just need to vent...

So today, I got this unsolicited SMS text message:



Notice the SMS message has two spellings:

• "Your Wallet activation code"
• "Wallet Activation Service"

Not having asked for any change to my credit card or financial interfaces, I contacted the Citi bank group. Long story short, my COSTCO CITI card is deactivated and I'm getting a replacement.

Asking Mr. Google, I found:
https://www.themoneyedit.com/consumer-advice/Apple-pay-wallet-text-scam

Apple Pay Wallet text scam: how to stay safe from latest fraud attempt
Here is how to spot and avoid the Apple Pay Wallet text scam​

So looks like someone may have been 'scratching at my door.' Why and how remains an open question that I won't waste any brain cycles on beyond making sure all of my accounts are 'safe.' Password changes at a minimum.

"Here were two versions: 1) Even a paranoid can have enemies. 2) Just because you're paranoid doesn't mean they aren't after you. This adage has been attributed to Delmore Schwartz ..."

Bob Wilson

 

The internet is 'people'. People who would directly scam you for their enrichment. People who tell lies in hope that you will promulgate/tweet/X those lies. People who tell sorta-kinda lies to get clicks. People who post porn and cat videos because they know what you like.

Here and there, the internet also presents useful accurate information supported by a preponderance of current evidence. Overall it paints a disturbingly accurate picture of who we are. Such was not available before this new global bazaar arrived. At first glance it is probably accurate but icky description of who we are.

And yet, those inclined towards rational thoughts can feed selectively at the buffet.

 

I never reply to unsolicited messages, I just select Report Junk and Delete.

 

+1

 

FOUND it. Trojan horse:


I feel so foolish.

Bob Wilson

 

I receive several variants of that phishing text each week. Yes Bob, you were foolish to respond to it.

JeffD

 

Late one night at a train station in Barcelona, I wanted to make a call at a pay phone (yes, it was that long ago), and something went wonky on the call, so I dialed the number shown right there on the phone for customer service and had a long conversation there, which included, oddly in retrospect, giving them a credit card number.

About 40 seconds after hanging up, I thought "!!!" and went back and looked closely at the phone, and sure enough, the number I had called was on a plain paper sticker that someone had printed up and stuck on all the phones in the station.

Got a shiny new credit card number thanks to that one. Bit inconvenient, being abroad at the time....

 

Is good. New credit card, no bogus charges.

Bob Wilson

 

Athens 2004: the scam du jour was when somebody would ask to use your mobile phone- and then run away with it. We were wise to it and had leashes and lanyards attached. (Remember when mobile phones had attachments for those built in?)

One guy tried it on me, I just held the phone up so he could see the leash. He shrugged and moved on right away.

side note: that was also the last time/place I used a POTS modem.

 

Having fallen for a Trojan horse, it is time to reassess passwords. One hard requirement is they should be easily remembered by a 73 year old human but otherwise unique:

1. Income accounts - these are the holiest and need hardest passwords. Examples are income accounts both deposit and source. Recommend individual passwords between deposit and source.
2. Purchase accounts - these can only buy stuff and often have protective limits (aka., up to $50.) Examples are debit limited, credit card, and online purchase accounts (aka., Amazon, eBay.) A 'debit limited' account has no overdraft access other bank accounts and only holds what has been deposited. A shared account or single character, account identifier (i.e. "A" Amazon, "e" eBay ...)
3. Information accounts - social media such as e-mail, Facebook, X/Twitter, and forums like PriusChat. A single password only risks an embarrassing post, no financial risk.
4. passcode - four digit numeric codes like debit cards, car code, and smart phones. Individual codes.

Guidelines:

1. Reverse dates putting least significant digit first. So year 1969 becomes 9791. So MMDD becomes DDMM. Looking at B&N notation:
   1. YYyy -> [[1], [9,0], [0-9],[0-9]] ... choose significant but non-birth year
      • Life years makes the 3d digit [0, 4-9]
      • Historical dates expands to [0-2] or [5-3, 0-2] if dates in antiquity can be used
   2. MMDD -> [[01-12], [1-31]] ... choose non-birth date
   3. Recommend: [[0-9], [0-9], [1-31], [01-12]] ... yyDD or 10*10*31 ~= 3,100 guesses * 3! (order)
      • Bruit force, all 10,000 numbers 0000-9999
2. Text part, four or more characters
   1. Easily remembered misspelled words
3. Punctuation character(s)

Two-part authentication is great but hindered by 'the device' and 'server software.' The closest we have is sending a code to a hopefully working cell phone. Broken or mislaid device and you are locked out.

I will probably make an encrypted spreadsheet stored at two places and decrypt enabled by two devices.

Bob Wilson

 

I would suggest a Password Manager app from a trusted source - Norton Password Manager is free and comes with a Password Generator.

Norton Password Manager: What is it & how does it work?

 

My memory simply isn't good enough to keep track of all my needed unique passwords on essential accounts, with many different character and change frequency requirements. Too many password managers have been hacked. So all my passwords are stored on old fashioned paper and ink, vulnerable only to physical break-in, which these days is vastly less common than electronic break-ins, and from a far smaller universe of potential thieves.

The physical list is getting quite ragged and needs a fresh rebuild. There is one electronic copy on an old laptop, created for printing purposes only after that machine was permanently retired from the internet and put into airplane mode with its wifi access codes deleted, and was never linked to the current wifi service. But that copy is now outdated and needs a refresh too.

Browsers are configured to auto-login to non-critical accounts, such as PriusChat and news. But not to anything financial or medical.

 

I'm not quite that old fashioned ...

 

Fraud promulgated on social media:

Americans reported $2.7 billion in losses from scams on social media, FTC says - CBS Sacramento

 

One thing that is aggravating is the pants & shorts manufacturers dropping from 7 belt loops to 5. Really? Do overseas manufacturers really need to save that extra 2¢ per pair of pants? At least a couple domestic manufacturers haven't bought into the cheaping out on loops. It sometimes makes belts start to sag/wear prematurely ... & especially so - if you conceal carry, or hang other goodies from your belt. Stinking belt loops.

.

 

Suspenders.

Bob Wilson

 

I I have noticed that too... I stocked up on some 5.11 pants for summer and fall and Carharts for winter. I also adjust my IWB holster depending on my pants...Some options require a belly band style belt which avoids the need for belt loops all together. (ie swim trunks)
KUHL makes some great options...and SNICKERS from the UK have great built in pockets.

 

They go with your flannel plaid shirts.

JeffD

 

Button suspenders, none of those silly clip-ons.