Tag E-Commerce

The Big Brush Off

Michael 9 Comments
Who knew there was a name for it? I suppose that makes it easier for headlines and reporting, but this one you didn’t even see there. I first heard it when it popped up in the middle of a followup news story. “It’s called brushing,” the helpful reporter helpfully reported. Of course now it’s all over the place.
 
You remember those seeds people would find in the mail. Seeds from China not ordered yet delivered to mailboxes across America. In the third month of wide spread quarantines due to COVID, mysterious packages from China weren’t received with the awe and elation one might more typically express at finding surprise packages under a tree in December. It turned out the seeds were just that. Seeds. Mostly flowers, some herbs. Just seeds. And it turned out that just seeds weren’t just the only things showing up in mailboxes. People reported receiving sunglasses, stickers, speakers, and socks. The common factors in all these, besides the items starting with “s,” were the absence of any sender documents, invoices, or packing slips, and they weren’t ordered by the people receiving them.
 
“It’s called brushing.” It’s also not new. Last year multiple claims of unordered items being received were reported to Amazon as were they also in 2018. The earliest report of the scam I found was in October of 2017 and I wasn’t working that hard to find any. By then it appeared to be already very well established and a common practice in e-commerce. According to the Better Business Bureau brushing is the practice where a company, usually a third-party seller, sends items to an address that they found online or from a purchased mailing list. The intention is to make it appear as though a verified buyer purchased the product and wrote a glowing online review of the merchandise. This not only increases product ratings but since the item is actually “purchased” it increases the company’s sales leading to more contracts for the third party handler. Typically they are cheap items small enough that can be shipped inexpensively.
 
Representatives from various agencies and organizations including the BBB, the Federal Trade Commission, and the U. S. Postal Service recommend that if you receive an unordered package to contact the retailer or shipper if identified on the label and report that you have been the victim of the scam, and in the case of seeds or edible products to forward the package to local authorities or the United States Department of Agriculture. According to the FTC if you decide you want to keep the item you can because it is in its opinion a “free gift.”
 
Where is the downside except for the long shot possibility that a seed could turn your backyard a Little Shop of Horrors clone? For one, the one that all the experts keep bringing up, how did the sender get your name and address? Face it fellas, our names and addresses aren’t secret. I couldn’t begin to count the number of companies, agencies, clubs, and services that have my name and address. Of more concern that nobody mentions is this third party seller is posting a review in your name and that can’t be done unless you are signed into the site. Suddenly the recommendation everyone makes to change your passwords, even though they don’t say why, is making more sense.
 
And now finally after about five hundred words on brushing I get to the point of today’s post. Just how secure can we make our information even changing passwords and security questions on a regular basis. (By the way, those security questions – does anybody lie about them? Wouldn’t that make more sense? I mean if they are the last line of defense and somebody has already cracked your 23 character upper and lower case, number and special character containing password that you change every 4 days, surely they know what street you grew up on. But I digress.)
 
Banks and security, they don’t go together like pork and beans. I thought of this last week when my daughter told me her credit card issued by a local bank was used by someone to subscribe to some ongoing monthly service. She discovered this while she was reviewing her monthly statement. She contacted the vendor, confirmed the fraudulent charge, contacted the bank and was issued a new card, along with being issued the routine “change your password, PIN, and security questions” instructions. Because that card was one she used for some of her own recurring monthly subscriptions and payments she would have to reenter all that information in those sites. She recieved her new card and began the process of updating payment information when she noticed a vendor already had the new numbers on her profile. Thinking she had just done that and forgot she moved on to another and found their information had been likewise updated. This prompted a new call to the bank and she was informed that “as a service” the bank routinely provides the new information to recurring payment vendors. She reminded them her account had been compromised by way of a recurring payment vendor and asked if they thought was the best course of action to be distributing people’s private information. The response was “most people appreciate not having to go through all that work.”
 
Now that was the real brush off. 

Money for Nothing

Michael 1 Comment

This has been an odd week money wise and it’s only Thursday. I think it really came to mind this afternoon when I was trying to buy something on line and could not find an option to check out on the site. More on that later.

NoMoreMooneyOdd Week Exhibit A. If you were anywhere in the “48 states, Washington DC , and Puerto Rico” (more on that later too!) or even close by (and maybe even in one of those other two states) and you were seduced by “Black Friday in July” (oddly held on Monday and Tuesday) like I was, you might have purchased an all the rage, newest and hottest, must have, can’t live without item of the year, or an air fryer. In my case it was the air fryer. A week earlier I hadn’t even considered an air fryer but coincidentally Big Lots held its quarterly 20% off weekend immediately before Black Monday/Tuesday. If you don’t have a Big Lots in your state or country think of your favorite discount/buyout store. I saw an air fryer in the ad that came out in advance of the sale and thought “at that price I’ll try one” that price being almost half what it was in a department store plus an extra 20% off. Short story long, by the time I got there they were out. I’d not have given it a second thought except on Monday afternoon I was busy deleting emails when I came across a Macy’s ad featuring that very air fryer at exactly the same price I missed, extra 20% and all, at Big Lots. To make a shorter story longer, when the package came this week it included instructions to submit for a rebate for an additional $10. Just fill out the on line form and they’ll send me a VISA card with $10 loaded on it. The on line form included several fields, all required, including a space for “rebate code.” The instructions noted 6 or 7 countertop appliances each with its own rebate code. Except for my air fryer. Of course.

Odd Week Exhibit B: You remember a couple years ago Equifax, one of the big three credit bureaus who continually tell us how important it is to protect our credit, suffered a security breach that exposed the personal information of nearly 150 million people. They announced a settlement this week. The $700 million settlement includes $100 million in fines and $425 million in money set aside to reimburse associated recovery and corrective action costs for the affected people. Right away you can see some things wrong with these numbers. The fines and restitution amounts total $525 million leaving $175 million unaccounted for. Or more correctly unspecified. Well I guess those lawyers deserve something. They worked out a pretty good deal. The settlement specifies reimbursements of up to $125 per person for money spent on credit monitoring or identity theft protection after the breach as well as the cost of freezing or unfreezing credit reports at any consumer reporting bureau. Payments of as much as $20,000 also will be made for time spent remedying fraud, identity theft or other misuse of personal information caused by the data breach. The payment also covers up to 20 hours spent purchasing credit monitoring services or freezing credit reports at a rate of $25 an hour. So far that comes to $20,625 per claimant but there’s more. The settlement also cover out-of-pocket losses caused by the breach and as much as 25% of the amount consumers paid to buy credit or identity monitoring services in the year prior to the breach. That could raise each persons allowable recovery to $21,000 or more. Except the total specified in the settlement ($425 million) divided by the number of people whose data was compromised (147 million) comes to only $2.89 per person. The article didn’t suggest where the extra $20,997 per claim might come from. (And you thought you’d never use algebra in the real world.) It’s a good thing those lawyers got their couple million up front.

Odd Week Exhibit B-2: It was in the article about the Equifax settlement that I read the following:

“The settlement was reached between Equifax and the U.S. Consumer Financial Protection Bureau, the Federal Trade Commission. It covers all 48 states as well as the District of Columbia and Puerto Rico.”

What do you think – writer, editor, proofreader, or modern version of type setter? Or practical joke to see if anybody notices? Yes, I know it’s not exactly money related but it’s just too good to not mention!

Odd Week Exhibit C: That website way back in the opening paragraph. I even had my daughter check on her computer thinking the mobile site I had opened on my tablet was truncated. Indeed, no “cart” and no “check out” button or icon was on the desk top site either. We did find a “continue” button the opens a pop up window with a brief order summary that included “back” and “continue” options. Sure enough, “continue” was the choice to get the order finalized.

You wouldn’t think it should be that hard to give money away .