The great PayPal Services scam

Posted in Scams at 9:18 pm by blog

Has anyone ever heard about the “buyer protection” scheme PayPal offer, whereby buyers who have been ripped off can file disputes and hopefully try to get their money back…
Well, it turns out this does not apply if you buy anything deemed as a “service”, and many unscrupulous companies are using this to their advantage to rip people off. Take the following example.

We signed up for a dedicated server from a company called “Shrikehosting”. Paid for it up front on a Friday evening, and received an automated reply stating the server would be up and ready within 24 hours.
24 hours passed and the server was not up, in fact we had not heard anything so we filed a support ticket… It wasn’t until monday that we receive a reply stating that they don’t work at weekends, and that the server would be up later that day.
So we wait another 24 hours, still nothing… A few mails ping back and forth for about a week, each time they insist the server is “nearly ready”.
Meanwhile, we have already been inserted into their billing cycle, so we are already 1 week into the service we paid for, while having actually received no service.
So we query this and ask that the billing cycle be started when the server is brought up, and ask that the server be made available soon.
Another week, and they have not responded at all, and now blacklisted our email address so we cannot contact them anymore.

So we file a dispute with PayPal. For those who aren’t familiar with the dispute process… You file a dispute, which gives up to 20 days for both parties to communicate and try to resolve their differences. If you reach an agreement then the dispute can be cancelled, or allowed to expire after 20 days. If not, then either party can escalate the dispute to a claim at any time before the 20 day deadline. The idea is that then PayPal will investigate the dispute and make a decision on wether to issue a refund or not.

Our dispute was pretty simple. We had paid for a service which was supposed to be delivered in 24 hours, we had not been provided that service after 2 weeks, and the 2 weeks of waiting were being counted against the 1 month of service we had paid for up front.

Shrikehosting immediately escalated this dispute to a claim. They were clearly not prepared to talk, and were already familiar with PayPal’s claim process and how to use it for their fraudulent advantage. The escalation message said “This payment was for a service, 1 month server hosting and not for a physical product”.

PayPal very quickly denied our claim, and under their system once a claim has been denied you have no recourse for appeal or to make any further claim. They consider the case closed, and you well and truly screwed.

Luckily, we had paid by credit card so we had one course of action left – to dispute the charge with the card issuer. Luckily, the card issuer being a proper reputable bank and not an unregulated fraud haven like PayPal, accepted our dispute and credited the value of the transaction back to us immediately.

Had we paid using a debit card, or by a direct bank transfer which PayPal are always trying to encourage people to use (wonder why) we would have had absolutely no recourse and would have completely lost our money.

So if you are planning to commit fraud, simply start offering some kind of services online… Make a nice shiny looking website, and only accept PayPal as a form of payment. Don’t worry about what the services are, because you will never have to actually provide them. For a little extra credit, see if you can keep the victim fooled until after one or more billing cycles so you can rip them off even more.

Announcing Sales Divert

Posted in Uncategorized at 8:47 pm by blog

Sick of marketing calls and companies which demand your phone number for the sole purpose of calling you up to sell you stuff you don’t want?

So give them the following US number: 1-254-243-1704

This number goes through to an automated system that plays samples of Borat saying various random things… He starts off saying hello, and then says he’s pleased to meet you, followed by a few other quotes. In my limited tests, unwanted callers usually tend to speak to Borat for a while, as they think the person saying hello and asking who he’s speaking to is a real person and not a recorded message.

For legal reasons I think I will have to add a recorded message at the start saying that the call is being recorded, then I will be able to record the calls and post them here…

Laughable scams…

Posted in Scams at 8:42 pm by blog

So today, as with most days, i received a phishing email, this one purporting to be from eBay and asking me to visit a URL to “confirm” my security details… What made this one so special? judge for yourself:

Date: Wed, 14 Jan 2009 23:51:20 +0800
From: Support
To: undisclosed-recipients: MISSING_MAILBOX@MISSING_DOMAIN ;
Subject: Messge from eBay -

Dear eBay Member,
This is your official notification from eBay. Your online has expired.
If you want to continue using our service you have to renew your online.
If not, your online will be limited and deleted.
To confirm your Account records click on the following link:

Thank you,
Scott R. Shipman, CIPP Senior Counsel, Global Privacy Practices eBay Inc.

So apparently my “online” has expired, and it will soon be limited and deleted unless i confirm my username and password to eBay’s new chinese division which is kindly being hosted by Guangzhou University Of Tradicinal Chinese Medicine.

I can’t believe anyone could possibly be stupid enough to fall for a scam as pathetically engineered as this one… It doesn’t even look in the least bit light a legitimate email from eBay.

Searching through your bags/pockets at the ticket barrier?

Posted in Pet Hates at 8:37 pm by blog

Something that really really annoys me, is people who are about to board a bus, or go through the ticket gate in a train station… And they will get right up to the barrier or the ticket reader on the bus, and then stop dead while they search through their bags or pockets looking for their ticket!
Why the hell couldn’t they have found their ticket beforehand, and had it ready?
You can usually see the bus coming up the road, plenty of time to find your ticket… The ticket barriers in stations don’t exactly move around, so you know well in advance of arriving there that you will need to present a ticket.
It is extremely annoying to be stuck behind someone like that, or be stuck on a stationary bus while someone wastes your time searching for their ticket.
It’s just as bad when someone spends time hunting through small change to find the right fare… You know how much a bus ticket costs, why haven’t you got the exact change ready in your hand BEFORE THE BUS ARRIVES?
People who don’t have their ticket ready for inspection on boarding a bus or reaching a ticket barrier should be sent to the back of the queue… If the bus or train leaves before they can find their ticket then it should be THEIR OWN FAULT… And maybe they will be a bit smarter and more considerate of others in future.


Domain name suggestions

Posted in Uncategorized at 8:37 pm by blog

I am looking to register a new domain name for the free disposable mail site – currently http://commodore.in.

Basically what this site does, is allow anyone to read email for any address at the supported domains anonymously… The site currently has 4 domains for mail receiving:

  • dharmatel.net
  • commodore.in
  • slave-auctions.net
  • deadchildren.org
  • You can receive for any address at these domains, and read it anonymously for free. This is extremely useful for sites that force you to sign up with a valid email address for whatever purpose, such as posting a comment or downloading something. If you use your real email address, these sites could send you mail continuously or worse, let spammers get hold of your address either by selling it to them or suffering a security breach allowing them to get it. If you use the free disposable mail service, then that’s where the spam will go to and you don’t have to worry about it.
    The site also has a nice AJAX-ish interface, based on Roundcube webmail.

    Because some of these domains may come and go, i need a permanent domain for the service… Something simple, easy to remember and to the point, something like tempmail.com, but that is already taken…

    All suggestions welcome, post suggestions as comments below!