I believe Amazon is leaking delivery information.
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered. I would like to ask if people order from Amazon check your spam folders for messages with attachments claiming to be from UPS or others. I would like to try and see if its just me or if there is a systemic problem at Amazon. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered.
I would like to ask if people order from Amazon check your spam folders for messages with attachments claiming to be from UPS or others.
I would like to try and see if its just me or if there is a systemic problem at Amazon.
I almost never see any. Certainly nothing correlated with amazon orders. -- Len Sorensen
It is also possible that you have researched the product from a browser and the browser is giving this info away, or that Google is leaking this search info to others. There are many ways ocmpanies could track your intentions! Try searching google from an anonymous browser, unconnected to your email, but then doing the AZN purchase from another browser, and see how that works. On Wed, 15 Jan 2020 at 15:00, Alvin Starr via talk <talk@gtalug.org> wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered.
I would like to ask if people order from Amazon check your spam folders for messages with attachments claiming to be from UPS or others.
I would like to try and see if its just me or if there is a systemic problem at Amazon.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered.
I had that very thing happen to me on an order from Amazon about ten days ago. The phishing was via a note from UPS that they couldn't deliver a package, but to get it I had to give them my credit card number ... at the time I was surprised, since it followed close on the heels of one delivery and right while I was waiting for another. So, almost plausible. But as usual, the phishing email was so clumsily written and executed that there was no question but that it was a fake. -- Peter King peter.king@utoronto.ca Department of Philosophy 170 St. George Street #521 The University of Toronto (416)-946-3170 ofc Toronto, ON M5R 2M8 CANADA http://individual.utoronto.ca/pking/ ========================================================================= GPG keyID 0x7587EC42 (2B14 A355 46BC 2A16 D0BC 36F5 1FE6 D32A 7587 EC42) gpg --keyserver pgp.mit.edu --recv-keys 7587EC42
On 1/15/20 3:46 PM, Peter King via talk wrote:
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered. I had that very thing happen to me on an order from Amazon about ten days ago. The phishing was via a note from UPS that they couldn't deliver a package, but to get it I had to give them my credit card number ... at the time I was surprised, since it followed close on the heels of one delivery and right while I was waiting for another. So, almost plausible. But as usual, the phishing email was so clumsily written and executed that there was no question but that it was a fake.
Yep that's it. Here is what I got.
Dear Customer,
We attempted to deliver your item at 1:30pm on 14th January, 2020. (Read enclosed file details) The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details) Class: Package Services Service(s): (Read enclosed file details) Status: e-Notification sent
Read the enclosed file for details.
UPS Customer Service.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
These social engineering fraud methods are increasingly sophisticated. Why break into your house when you can do the same from the comfort of North Korea/China/wherever and a bit of location misdirection? I find these social engineering phishing methods quite fascinating. These big companies resell their data willy nilly, so who can predict what phishing schemes people can think up. I use 3 browsers: FF, Chrome and Tor. I banish all Google-related activity to Chrome. I encourage as much misdirection and mayhem of user activity as possible. On Wed, 15 Jan 2020 at 15:50, Alvin Starr via talk <talk@gtalug.org> wrote:
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered. I had that very thing happen to me on an order from Amazon about ten days ago. The phishing was via a note from UPS that they couldn't deliver a package, but to get it I had to give them my credit card number ... at
On 1/15/20 3:46 PM, Peter King via talk wrote: the
time I was surprised, since it followed close on the heels of one delivery and right while I was waiting for another. So, almost plausible. But as usual, the phishing email was so clumsily written and executed that there was no question but that it was a fake.
Yep that's it. Here is what I got.
Dear Customer,
We attempted to deliver your item at 1:30pm on 14th January, 2020. (Read enclosed file details) The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details) Class: Package Services Service(s): (Read enclosed file details) Status: e-Notification sent
Read the enclosed file for details.
UPS Customer Service.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On 1/15/20 4:03 PM, Don Tai wrote:
These social engineering fraud methods are increasingly sophisticated. Why break into your house when you can do the same from the comfort of North Korea/China/wherever and a bit of location misdirection? I find these social engineering phishing methods quite fascinating. These big companies resell their data willy nilly, so who can predict what phishing schemes people can think up.
I use 3 browsers: FF, Chrome and Tor. I banish all Google-related activity to Chrome. I encourage as much misdirection and mayhem of user activity as possible.
My wife uses my Amazon account and I have recently purchased some stuff for my 90ish mother-in-law. So Google, MS and Amazon must think I am a very old cross dressing, gender fluid senior with bad eyesight. ;) There is some mayhem for you. Here is a thought... An AI program that in the background runs random searches over the internet to try and confuse the tracking software. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
It it possible that an advertisement can "know" the page it was deployed in? Or even just some properties of the page it was displayed in? Via this means an advertiser could know you had just , or were about to buy X.
From there, the world is your oyster.
David On Wed, Jan 15, 2020 at 3:50 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered. I had that very thing happen to me on an order from Amazon about ten days ago. The phishing was via a note from UPS that they couldn't deliver a package, but to get it I had to give them my credit card number ... at
On 1/15/20 3:46 PM, Peter King via talk wrote: the
time I was surprised, since it followed close on the heels of one delivery and right while I was waiting for another. So, almost plausible. But as usual, the phishing email was so clumsily written and executed that there was no question but that it was a fake.
Yep that's it. Here is what I got.
Dear Customer,
We attempted to deliver your item at 1:30pm on 14th January, 2020. (Read enclosed file details) The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details) Class: Package Services Service(s): (Read enclosed file details) Status: e-Notification sent
Read the enclosed file for details.
UPS Customer Service.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- David Thornton https://wiki.quadratic.net https://github.com/drthornt/ https://twitter.com/northdot9/
On 1/16/20 2:13 PM, David Thornton via talk wrote:
It it possible that an advertisement can "know" the page it was deployed in?
Or even just some properties of the page it was displayed in?
Via this means an advertiser could know you had just , or were about to buy X.
From there, the world is your oyster.
David True. But the ordering is from within the amazon application for fulfillment by amazon. I had 1 order that was fulfilled by the vendor and that one did not generate a phishing email.
Also these are not advertisers sending me spam to buy the latest LG TV or some-such. This is phishing hoping to infect my system and own it or make it part of a botnet.
On Wed, Jan 15, 2020 at 3:50 PM Alvin Starr via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
On 1/15/20 3:46 PM, Peter King via talk wrote: > On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote: > >> When I order something from Amazon not long after I get emails from various >> phisherpeople claiming to be UPS or some other delivery company. >> The messages are coming through an old email address that is badly spam >> filtered. > I had that very thing happen to me on an order from Amazon about ten days > ago. The phishing was via a note from UPS that they couldn't deliver a > package, but to get it I had to give them my credit card number ... at the > time I was surprised, since it followed close on the heels of one delivery > and right while I was waiting for another. So, almost plausible. But as > usual, the phishing email was so clumsily written and executed that there > was no question but that it was a fake. > > Yep that's it. Here is what I got. > > Dear Customer, > > We attempted to deliver your item at 1:30pm on 14th January, 2020. > (Read enclosed file details) > The delivery attempt failed because nobody was present at the shipping > address, so this notification has been automatically sent. > > > If the parcel is not scheduled for re-delivery or picked up within 72 > hours, it will be returned to the sender. > > Label Number: (Read enclosed file details) > Class: Package Services > Service(s): (Read enclosed file details) > Status: e-Notification sent > > Read the enclosed file for details. > > UPS Customer Service. >
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net <mailto:alvin@netvel.net> ||
--- Post to this mailing list talk@gtalug.org <mailto:talk@gtalug.org> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- David Thornton https://wiki.quadratic.net https://github.com/drthornt/ https://twitter.com/northdot9/
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Thu, 16 Jan 2020 at 14:28, Alvin Starr via talk <talk@gtalug.org> wrote:
On 1/16/20 2:13 PM, David Thornton via talk wrote:
It it possible that an advertisement can "know" the page it was deployed in?
Or even just some properties of the page it was displayed in?
Via this means an advertiser could know you had just , or were about to buy X.
From there, the world is your oyster.
David
True. But the ordering is from within the amazon application for fulfillment by amazon. I had 1 order that was fulfilled by the vendor and that one did not generate a phishing email.
Also these are not advertisers sending me spam to buy the latest LG TV or some-such.
This is phishing hoping to infect my system and own it or make it part of a botnet.
On Wed, Jan 15, 2020 at 3:50 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On Wed, Jan 15, 2020 at 03:00:36PM -0500, Alvin Starr via talk wrote:
When I order something from Amazon not long after I get emails from various phisherpeople claiming to be UPS or some other delivery company. The messages are coming through an old email address that is badly spam filtered. I had that very thing happen to me on an order from Amazon about ten days ago. The phishing was via a note from UPS that they couldn't deliver a package, but to get it I had to give them my credit card number ... at
time I was surprised, since it followed close on the heels of one delivery and right while I was waiting for another. So, almost plausible. But as usual, the phishing email was so clumsily written and executed that
On 1/15/20 3:46 PM, Peter King via talk wrote: the there
was no question but that it was a fake.
Yep that's it. Here is what I got.
Dear Customer,
We attempted to deliver your item at 1:30pm on 14th January, 2020. (Read enclosed file details) The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details) Class: Package Services Service(s): (Read enclosed file details) Status: e-Notification sent
Read the enclosed file for details.
UPS Customer Service.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Reviving this thread from the dead. Is it possible you have a smart doorbell. Apparently they are sending data. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-t... Dave
On 2/2/20 6:11 AM, Dave Cramer wrote:
Reviving this thread from the dead.
Is it possible you have a smart doorbell. Apparently they are sending data. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-t...
Dave
Ya. I saw that one also. I have a dumb doorbell. The only way it could be dumber is if was a rope attached to a bell. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Sun, 2 Feb 2020 at 11:17, Alvin Starr <alvin@netvel.net> wrote:
On 2/2/20 6:11 AM, Dave Cramer wrote:
Reviving this thread from the dead.
Is it possible you have a smart doorbell. Apparently they are sending data.
https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-t...
Dave
Ya. I saw that one also.
I have a dumb doorbell.
The only way it could be dumber is if was a rope attached to a bell.
I'll bet ring isn't the only smart thing leaking info. Dave
On 2/2/20 12:07 PM, Dave Cramer wrote:
On Sun, 2 Feb 2020 at 11:17, Alvin Starr <alvin@netvel.net <mailto:alvin@netvel.net>> wrote:
On 2/2/20 6:11 AM, Dave Cramer wrote:
Reviving this thread from the dead.
Is it possible you have a smart doorbell. Apparently they are sending data. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-t...
Dave
Ya. I saw that one also.
I have a dumb doorbell.
The only way it could be dumber is if was a rope attached to a bell.
I'll bet ring isn't the only smart thing leaking info.
Dave
I recently saw this article. https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cel... Most of the things I knew of as isolated issues but seeing them put together goes a long way to painting a scary picture. The idea of giving away an SDK that feeds information back to the SDK developers for monetizing leaves me both horrified and in admiration of the audacity. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
participants (6)
-
Alvin Starr -
Dave Cramer -
David Thornton -
Don Tai -
lsorense@csclub.uwaterloo.ca -
Peter King