Pages

Tuesday 25 October 2022

Barclaycard commercial trouble

 Barclaycard commercial trouble

All I wanted was the statements for the company credit card from June till now. So I went to the web site that I've used before to get them, but it wouldn't let me log in. I tried the two possible usernames, with the correct password, and I got a "703 error" - it couldn't recognise me.

So I called  Barclaycard commercial. I got talked through doing what I had already done, and got the 703 error again. So I waited a couple of days.

Meanwhile, I filled in the form on their web site to get help.  That got me an answer that talked me though logging in to the online system. It was as if no-one had actually read about the problem I had getting into their system. I tried following their instructions, and again got the 703 error. 

 So I phoned again (0800 008 008) and spoke to Andrew there. He told me that the 703 error was a known problem that they've had for the last couple of months, and that they were working as fast as they could to fix it. In other words, there was no way I could use their online service to get the statements. So I asked for another way, and he said that this is done by a different department, he'd ask them to send the statements by email.

An email arrived, telling me that  "You have received a PGP Universal Secured Message" and that I should "each out to sender within 48 hours
and get your One Time Passphrase (OTP)". So I called 0800 008 008 again, and was told that I'd be phoned with the OTP.

A couple of days later, I hadn't been phoned, so I called 0800 008 008and said, maybe they called the wrong number, or maybe I was out, and this time I gave them my landline and my mobile to call.

I didn't get a call.

Then I got two emails. One told me the URL where the secure message was and also gave me the passphrase. The other one told me the URL, but not the passphrase. This seems to be a different system?

So I copy-pasted the URL into the browser, told it my email address and the passphrase; it let me in and told me to change the passphrase. I had to try a few times because it hadn't mentioned that I needed at least one capital letter, one lower case, one number and a punctuation mark. And, by the way, the passphrase that they sent me, didn't conform to that.

So, at last, I could access my statements. Which led me to another problem. It looked like this.

Nearly illegible. And it got worse when I scrolled down to the individual payments. So I phoned again to tell them about this, and also to tell them that they shouldn't have told me to wait for a phone call, because on their second attempt, they sent me the passphrase in the same email as the URL to access.

Pretty bad security, by the way, because if that email had been intercepted, the bad guy would have been just as able to access my statements as I did, since he would also know my email address (it was also in that email, of course). The complicated system that they used, was no more secure than if they'd just emailed me the pdf. Because a bad guy intercepting the pdf, could equally have intercepted the email that gave all the details about how to access the pdf.

Banks aren't very good at security. I sent them back an email to tell them so.

Your attempt at security is pathetic.

You sent me an email which, if intercepted, would give the bad guy full   
access to my statement. I have xxxxxed out the important details of that   
email.

How is this more secure than the much simpler procedure of simply emailing
me my statement?

Is there anyone at Barclays who understands security?

 And none of this would have been necessary if your problems with the "703
error" on your online system had been fixed.

Please take this as a formal complaint.

So, to print out the statement, I used Libreoffice Draw as a pdf reader, and that gave me a sufficiently legible version.



Monday 17 October 2022

Targeted scam

Targeted scam

I've just received a targeted scam.

It started with an email with the subject "Catch up". The from-address was someone I knew a very long time ago, but hadn't actually met in person. I'm calling him xxx xxx:

sorry to bother, do you order on amazo n?
 

I didn't understand that, so I answered:

I don't understand your question.

The clarification came back:

Thanks for responding, do you shop on Amazon ?

So I replied "Yes". At this point, I was wondering what this was about - perhaps he wanted some advice on using Amazon? But why was he asking me?

And then came the main email.

Glad! I've been trying to purchase a $150 Amazon E-Gift card by email, but it says they are having issues charging my card. I contacted my bank, and they told me it would take a couple of days to get it sorted. I intend to buy it for my Friend of mine who is diagnosed with stage 4 mesothelioma cancer, It's her birthday today. Can you purchase it from your end for me, I am just trying to put a smile on her face in this trying times. I'll send you a check regarding the refund later. Here is her email (r.holcomb1948@outlook.com )and have it ordered From Me Please and the message space, write Happy birthday Dear Rita, Stay strong in the Lord and in the power of His might. Eph. 6:10, 

Let me know once you order it and send me the confirmation once it’s done.

Well. That clarified the situation. I'm supposed to spend $150 and send it to "Rita" (I'm guessing that this is another email address used by the scammer). And then he'll send me a check (not a cheque, so this must be coming from the USA). Later, he says.

Oh, really? My guess is, the check won't arrive, and I'm $150 down. I thought that the bible quote was a nice touch.

So I've sent four emails back. The first was to the genuine email address of the person that the scammer was pretending to be, to warn him about what was happening. The second was to the scammer:

I have a better idea. I have my own merchant account, so I can probably bill your card where Amazon couldn't. So, if you give me your card number, expiry date and CVC number, I can bill your card for $150, and then send the $150 gift card using a different credit card to Rita, along with your inspiring message.

If we move quickly, we might be able to get this done on her birthday.

And on catching up - I've often felt a bit guilty about the joke I told you when we last met, do you remember? I'm sure you do, because you were quite angry at the time. I hope that you can find it in your heart to forgive me for that.


Of course, the joke part was total fiction, because we've never actually met. I just thought it might help the plot along a bit.

The third was to "Rita" (I've redacted it slightly).

I would like to wish you a happy birthday.

You might wonder who I am; I know xxx xxx, who reached out to me to help him to send you a birthday present.

Hopefully, the present is now on the way.

I will be praying for your fight against your medical condition.

John 15:7 If you remain in Me and My Words remain in you, ask whatever you wish, and it will be done for you.

And the fourth email was to admin@hotmail.com and admin@outlook.com (again, redacted for posting here).

I received the following email from xxx@hotmail.com. I don't think
that the sender really was "xxx xxx", which is the name he claimed.
I have not sent any money.

Perhaps you might investigate the authenticity of the email addresses
xxx@hotmail.com and r.holcomb1948@outlook.com.


And I enclosed the email that made the request for $150.


My guess is that the scammer has gotten hold of the contact list for xxx xxx and is sending emails to everyone on that list, asking for this $150. I hope that closing the "Rita" email address will put a spoke in his wheel.




Monday 10 October 2022

Growth, growth, growth

Growth, growth, growth

But how? The UK has a labour shortage.  From farm labourers and fruit pickers, to doctors and nurses. And a labour shortage has a very negative effect on economic growth.

One answer is, of course, more babies. Currently, we're seeing 1.6 babies per woman, and a steady population needs about 2.1. And it's hard to see how that 1.6 could be increased. Tax incentives, maybe? Awarding a medal "Hero-mother of the United Kingdom" if you have four or more babies? But I can't see any such scheme having a significant impact on the decision whether to have more children. Also, there's a big lag - even if we started heavy swiving tomorrow, the babies wouldn't reach the workforce for 19  years or more. And during those 19 years, they would be a burden on our housing, our health systems, our schools and so on.

And governments don't look that far ahead anyway, so not only it wouldn't work, also it won't be tried.

So what's the alternative?

My grandparents came from Russia, about 120 years ago. They were immigrants, refugees from the pogroms. Russia didn't want them, but the UK welcomed them (welcomed isn't quite the word). Immediately, my grandparents (and later their children, grandchildren and so on) joined the labour force.

But we've reversed all that. We left the EU to "take back control", in particular of immigration. That didn't work, of course, because much of UK immigration was from outside the EU.

But maybe we could encourage more immigration from European countries like France, Germany, Italy, Spain, Poland and so on? And how could we do that?

Leaving the EU wasn't a good way to encourage immigration from Europe.