Saturday 26 January 2013

Should you judge a book by its cover?

Sometimes you can judge a potential "investment scheme" by the way it looks. You just can.

Is that him or just
a picture stolen from
 the web somewhere?
In comes a spam email from "Willie R Burke" saying:
"Now here is the best thing out there to grow your money !
I Am Embarrased Get To Tell You Again and Again about ProSun
I am sending this to Non-Profits That-WE-Care so much for today!"
So much for spelling, grammar and syntax. Clearly this is a Ponzi scheme of some sort, all the clues are there, but let's just be terribly superficial and judge the claims by the way they look, not their content.

The email goes on:
"You are Invited to Join: ProSun-PRI.VATE INVESTMENT PLAN Pri.vate Plan GROUP of Non-Profits,Charities, and Churches),

Changing lives together: We Believe in a Better Living Every Day. As a Non-Profit within the Christian Community, the we shares our Resources to Work to Rebuild the American Dream,One Day at a Time!

ProSun: An investment/lender to small businesses of hard asset loans with a certain rate of return and little cha.nce of default. Although various investments (for example, savings accounts or blue chip stocks) meet these requirements), a Treasury bill is the most common example of a risk less investment.

Our low risk investments have a low level of risk. Our Secure Company, Pays 2.15% Compounded every Business Day."
Clearly someone has keyboard issues.

The email give a link to the "Profitable Sunrise" web site that looks like this:


Which I'm sure you'll agree is just horrible.

Included on the site are images such as this:


and claims such as these:


Ask yourself. Would you trust this organisation with your money?

Sometimes you CAN judge a book by its cover, you really can.

Friday 25 January 2013

The banks can do more

Last week I wrote about how you and I must do everything we can to protect our identity. I didn’t mean in some philosophical, existential way, I mean purely practically. I meant our banking and online identities.

Your bank cards are extremely dangerous things. I don’t just mean that you can go crazy when you’re spending, they’re also a serious crime risk.

You’ll have heard about the crooks that place a secret camera on the ATM that watches and records the keys you press on the ATM key pad. They then use a simple card reader that they insert into the slot where you slide your card and they can quickly produce both a copy of the magnetic strip on your card AND your PIN. Minutes later and they can have a replica card and your money will disappear as quick as a flash.

The simplest way to prevent all of this happening is to treat your PIN the way you would treat cash. Don’t let people you don’t trust look after it for you and, above all, don’t leave it lying around. Every single time you enter your PIN into an ATM or a point-of-sale device in a store or restaurant, cover your hand as you type in the number. Ideally you shouldn’t even be able to see your fingers yourself. If you can’t, then nobody else can and without your PIN a skimmed card is useless.

Critically you shouldn’t ever allow your card out of your sight. There are plenty of cases of staff in restaurants being part of the crime, having been taught by their criminal friends how to copy the card and can then watch as you enter your PIN. You should never let your card out of your sight. Never.

It’s just as risky online. “Phishing” is the latest online way of stealing your identity.

The crook emails his victim, or perhaps a million of them at once, saying that the security of their bank account has been compromised. The email advises them to click on a link in the email to reactivate their account. That link goes to a very cleverly crafted replica of the genuine banking web site, not the real one.

Once there they’ll be asked to enter their user User ID, password and often their PIN. They sometimes even ask for a whole range of other things including all the details often used to prove their identity like their address, date of birth and passport number. 

Not surprisingly many, many people naively enter these details, not realising that they’re giving away their online identity.

Within moments a crook in a far-flung country will have signed onto their bank’s web site, signed on to their account using their identity and, before you know it, will have done their best to transfer money out of their account.

To their credit the banks have been working hard to do this. My bank, for instance, doesn’t allow me to create a new recipient of money without sending a message to my cell number that I then have to enter onto the web site. Without my banking details, my user id, password and my cellphone it’s much harder for a crook to take my money and pay yourself.

However, the banks need to do more. In Europe and even in South Africa banks have introduced “Chip and PIN” cards. Instead of the traditional magnetic strip, these have a tiny microchip embedded in the card. The advantage is that these microchips are much harder to copy than the old magnetic strip giving you an added level of protection

Unfortunately we’re lagging behind, yet again.

The future is even more advanced. The biggest problem with chip and PIN cards is that they still have the magnetic strip because certain countries, most notably the USA, still use them in ATMs. It’s ironic that the supposed technological world leader is lagging behind. The result of this lag is that even newer techniques are being investigated.

The BBC reported recently on ATMs in Japan and Poland where you identify yourself using your finger. Not your fingerprint but the pattern of blood vessels inside your finger which is apparently more personal than a conventional fingerprint.

However none of this helps prevent one of the biggest area of digital crime, the internet. More and more of us are buying things on the Internet and that’s a situation when PINs, signatures, magnetic strips and microchips can’t help.

The bad news is that the fight against crime is an on-going, never-ending, constant battle. Every new thing that the banks invent to help protect us (and them) is going to be cracked by the crooks.

The biggest challenge that you and I face with our cards, other then the crooks themselves, is the banks themselves. Our banks make it very clear that unless we can prove a fraud was their fault then it was our fault. Given that it’s almost impossible to prove it was their fault you and I are in a very difficult position.

But that’s changing. Not yet in Botswana, but elsewhere, in the countries we usually follow. In 2009 in the UK their Financial Services Authority introduced new Payment Services Regulations. These turn the tables completely. In the UK it’s now up to the bank to prove that the customer was at fault. The FSA stated that "It is for the bank […] to show that the transaction was made by you, and there was no breakdown in procedures or technical difficulty" before they can hold you responsible.

We should be pushing for the same here. While the banks are doing some thing to protect us, there is a lot more they can do. They could at least catch up with our foreign cousins and put their customer’s needs above their own.

The Voice - Consumer's Voice

Dear Consumer’s Voice #1

I saw on Facebook that someone was offering Windows and Microsoft Office and lots of other software. When I contacted them for prices they said they could give me the version of Office 2010 with Microsoft Access for P280. Can this be true? Is this legitimate?


No, it’s certainly NOT legitimate. The version of Microsoft Office you mention sells for ten times that amount so anyone who offers it at that price is clearly selling pirated software.

I got in touch with the guy by text message and pretended that I was interested. He confirmed the price of P280 for the full version of Office 2010. I asked him whether I would get the original installation CD to keep and he said “No, u dnt remain wt the CD”. Clearly he’s up to no good, selling pirated copies of software. If he’s not careful he’s going to end up prosecuted, fined heavily or even sent to prison.

The silly thing is that there are versions of Microsoft Office that are very reasonably priced these days. You can even get competitor products such as Open Office that are entirely free. I’ve tried Open Office myself and while it’s not quite as cute as the Microsoft equivalent it’s perfectly good when you consider that it’s free. There’s really no excuse for buying pirated software. If you do you’re just as criminal as the crook selling it.

Dear Consumer’s Voice #2

I have purchased a car from a local company on the 9th June 2012 and the agreement was for it to arrive in 4 weeks on the 18th July 2012 but it did not arrive. I asked them so many times about the car they keep on telling me different stories and dates. I have paid all the amount that was needed for the car, everything. Even now I am still waiting its been 7 months please help me.


This is yet another example of how easily buying imported cards can go badly wrong. You’ve never driven the car you’ve paid for up front, you have no idea exactly how long it will take to arrive, you’re not even sure that the car you ordered will be the one that arrives. The whole car import industry is the extreme end of a business that it, let’s face it, already a bit suspicious.

Please send me the full details of the vehicle you bought and the contact details of the company you’ve been dealing with and we’ll get in touch with them. I’ll ask them whether you’ll ever get your car.

Conference warning

I’m not a big fan of conferences, they’re usually just an opportunity to spend your employer’s money on having a quiet day or two in a hotel conference room and getting a free lunch.

They’re also a way people think they can make a lot of money. Sometimes they do this by neglecting certain things. Like customer care and their legal obligations.

We heard from someone who booked to attend a conference by a visiting management “expert” which was cancelled at the last minute. The organisers contacted the people who had already paid advising them that they would rebook them on to the new conference when it was rescheduled later this year. They also invited them to attend a short seminar by another speaker for free.

Unfortunately our reader couldn’t make the new date but still attended the free seminar. Then, because she can’t attend the dates later this year she asked for a refund. The organisers refused, saying that because she attended the free seminar she was now committed. Haven’t they heard of Section 15 (1) (e) of the Consumer Protection Regulations 2001 which says it’s a failure "to meet minimum standards of performance" if the supplier fails "to promptly restore to the consumer entitled to it a deposit, down payment, or other payment"?

So far the organisers are ignoring my emails. I wonder why? I’ll keep you informed. Have you had the same experience?

Update: The organisers got in touch saying they won't give her a refund. We won't be giving up!

Celebrations

The staff of BancABC, particularly Bonolo from the Game City branch and Calvin from the Square Mart branch for rapid and excellent service.

Keep the celebrations coming in!

Thursday 24 January 2013

Botswana Guardian article on EurExTrade

Get a copy of the Botswana Guardian and read their article on EurExTrade. Quotes from Yours Truly and also the fearsome Mel Brown from NBFIRA.


Wednesday 23 January 2013

An Amway update

In case you're wondering how much money people make from Amway...

Amway are required in the UK to publish annual earnings disclosure statement (it's a link to a pdf document) outlining how much (or how little) their "Retail Consultants" make from their businesses.

In the UK in the period October 2010 to September 2011 the average "Customer Volume Rebate" paid to their 16,287 Retail Consultants was, wait for it, £41. About P450.

It's important to note that this is an average. The highest amount paid was £556, the lowest was £20. It's even more important to understand that this was just their earnings. It takes no account of the costs needed to earn that money. That average figure of £41 was before they deducted their costs for their phone, internet connection, power, stationery, petrol and coffee.

By all means join Amway if you want to keep busy but please don't think you'll make any money from it.

[Click here to see my earlier comments on Multi-Level Marketing schemes.]

Friday 18 January 2013

Protect your identity

Your identity is perhaps the most valuable thing you possess. I don’t mean in some philosophical, existential way, I mean purely practically. Losing your identity could lose you every thebe you possess.

My wife, who is a banking expert, is understandably paranoid about her banking identity. While we’re both big believers in online banking, cellphone banking and, in fact, anything that means we don’t have to enter Hell itself (a bank at the end of the month) we’re aware of the risks associated with technology in banking.

Even the simplest form of banking technology, your bank card, is profoundly risky. Whether it’s a simple ATM card, a debit or a credit card, it offers crooks a great opportunity to steal all your money. Critically, you must understand that in most situations, if this happens, it’ll be all your fault. Most of the time your cards can only be used in conjunction with the PIN, the number that only YOU should ever know. A crook can’t do anything with a stolen card unless he knows the PIN. The bad news is that they often DO know your PIN.

I heard recently of a case where a bank customer stormed into his branch demanding to know why the bank had allowed a thief to withdraw a small fortune from his account using the ATM. They sat him down and showed him the pictures the ATM had taken at the time the withdrawals had been made. Oh, he had to say, that’s my daughter.

We’ve heard the same story many times. Children, siblings, nephews, nieces and friends all knew the PIN for the victim’s card. Most of them didn’t know that many ATMs take a picture every time the machine is used.

Other times it’s more conventional crooks, not a relative or friend. Quite often they place a secret camera on the ATM that watches and records the keys the victim presses on the key pad. Combine that with a simple card reader that they insert into the slot where you slide your card and the crooks can get both a copy of the magnetic strip on your card AND your PIN. Minutes later and they can have a replica card and your money will disappear as quick as a flash. And the bank will say it’s your fault.

Are they right to do that? Unfortunately they probably are. It wasn’t their fault that crooks stole your identity. You might argue that the banks should take more precautions to ensure that crooks can’t “skim” your card but that’s exactly what they ARE doing. Only a couple of weeks ago one of the biggest banks alerted customers to a slightly different way the ATM would behave to reduce the risk of skimming. I’m certainly no defender of banks but they ARE making some efforts to reduce the risk you and I face.

The simplest way to prevent all of this happening is to treat your PIN the way you would treat cash. Don’t let people you don’t trust look after it for you and, above all, don’t leave it lying around. Every single time you enter your PIN into an ATM or a point-of-sale device in a store or restaurant, cover your hand as you type in the number. Ideally you shouldn’t even be able to see your fingers yourself. If you can’t, then nobody else can and without your PIN a skimmed card is useless.

While my wife’s the big promoter of protecting your banking identity I’m the one paranoid about my online identity. I’ve seen too many friends lose their identity online to be complacent about it. Again, this isn’t some middle-aged, technophobic objection to new technologies of Facebook, Twitter and the web in general, I’m just very concerned about IDs and passwords and what can happen if they’re stolen.

Most of us will now have received an email from an acquaintance announcing that they suddenly left the country to attend a course or a conference, their wallet or purse was stolen and now they’re stranded in a foreign country and desperately need to borrow a few thousand. Can you assist?

Of course this is a scam. Your friend is at home watching TV, not stuck in a foreign hotel short of cash. What’s happened is that your friend’s email account password has been stolen. A crook persuaded your friend to disclose his email password and has now signed on, as him, changed the password and has now emailed everyone in his online address book with the story about the foreign trip and need for money.

This email is NOT really from Standard Chartered.

So how does a crook persuade you to disclose your password? That’s quite easy. He “phishes” for it. It’s really quite easy to do. Send an email to your victim, or perhaps a million of them at once, saying that the security of their email account has been compromised. Advise them to click on a link to reactivate their account. That link goes to a very cleverly crafted replica of the genuine email site, not the real one. Once there they’ll be asked to enter their user User ID, password and a whole range of other things including all the details often used to prove their identity like their address, date of birth and passport number. Not surprisingly many, many people naively enter these details, not realising that they’re giving away their online identity.

This is NOT really the Standard Chartered Online Banking web site.

Exactly the same thing happens with bank accounts. An email from “your bank” arrives with a similar story and including a link to a fake bank web site. Within moments people give away their online banking details to a total stranger. They often never realise that this is how a crook got their details and stole their savings. Yet again the bank is entirely within it’s rights to say that this wasn’t their fault, so they’re not going to compensate you. This was entirely your own fault.

Please, in 2013, make this your New Year Resolution, along with being more patient with your spouse and cutting back on the booze and pies. Protect your digital identity the way you would protect your real-life identity.

Thursday 17 January 2013

Play the NIIBT game

Here's a fun game for you to play.

See if you can find any evidence that any of the people mentioned on the web site of the so-called Northern Ireland Institute of Business and Technology (British) actually exist. Go on, it's a challenge. I've failed every time so far.

A reminder. Despite their name, they're not in Northern Ireland and they aren't British.


Check out also the number of fake universities they claim their "Visiting Faculty" seem to have attended.


Pacific West University is a now defunct diploma mill.

Let me know if you find just a single real, traceable human being. Being so far away (Malaysia in fact) they probably don't know that I mentioned on TV this week as a good example of a fake educational establishment.

Saturday 12 January 2013

Technology

Occasionally technology can be really useful. Yes, I know it can be fun, it can be entertaining and it can even be slightly sexy but it can be useful as well.

A few weeks ago, a friend’s son had been shopping and he left the family Apple iPad in the shopping trolley when he left the store. Unfortunately, even though he quickly realised what had happened, by the time he got back to the store the iPad had already gone. A disaster.

Or was it?

Luckily, months before the iPad had gone missing, his Mum had taken the time to switch on the “Find My iPhone” facility that comes with all Apple iPhones, iPads and computers. This facility allows the device to be tracked to within a few metres, so long as it’s connected to a wireless network, or in the case of this iPad, a cellphone network.

As soon as she heard that the device had gone missing she got on the web, visited iCloud.com and she could see on an online map that it was still in the parking lot of the shopping center. She immediately called the Police and arranged to meet in parking lot. In fact she was met by a combination of the Police and the BDF, presumably looking tough and keen for some action. The son was now at home looking at the tracking information on the internet, talking on the phone to his Mum and the forces of law and order, directing them to where the device appeared to be. As they closed in, he used another secret weapon. From the iCloud web page he could instruct the iPad to emit a loud beeping noise, loud enough to reveal it’s precise location. Seconds later they found their misplaced iPad underneath the base plate of a lamp post.

They couldn’t be sure but the guy walking away in the distance, looking over his shoulder, was probably the thief who presumably thought something supernatural had just occurred. Unfortunately he got away.


This was a very good example of how useful technology can be. Tools like Find My iPhone give you a little hope that lost and stolen valuables can be traced and recovered. Even if you can’t recover your stolen device there are still other tricks you can use. You can remotely set it to “Lost mode” so it can’t be used. You can even remotely wipe the device so your personal data can’t ever be seen. You might not get your iPad back but you can make sure the thief has a worthless piece of equipment he can’t dispose of. It’s a great example of how technology can help consumers like you and me.

Unfortunately technology isn’t always that useful. You’ve only got to read your water or power bill to see how the technology used by those providers doesn’t seem to be helpful or easy to understand.

But I’m feeling optimistic. Find My iPhone isn’t the only useful bit of technology you and I can use.

My other favourite bit of incredibly useful technology is the SMS alert system used by many banks. If you haven’t signed up for this service from your bank then do so immediately. You’ll get a free SMS every time something happens in your account. Until you’ve seen this you can’t imagine how much confidence this gives you. You see instantly where your money is going. If your bank doesn’t offer this service ask them today when they plan to. If they say anything other than “tomorrow” then tell them you’re changing banks.

Internet banking is another good example. Almost all banks now allow you to control almost every aspect of your bank accounts over the internet. You can check your balances and transactions, you can make transfers and payments, schedule regular payments and adjust your daily transaction limits. Almost everything you can do if you go to the branch. Why anyone with Internet access doesn’t use it to do their banking is bizarre.

Perhaps best of all is the way certain organisations are using technology to help us to help ourselves. The Attorney General’s Chambers put the laws of Botswana on the web some while ago and I still think it’s a remarkable thing. Our laws are written in language that is easy to understand and they’re a great resource for all of us. Knowing the interesting parts of the Penal Code, the Consumer Protection Regulations and the Public Health and Food Hygiene Regulations is an essential body of knowledge we should all possess.

It’s strange that a branch of our Government, not exactly the most responsive of organisations, is the one taking the lead in these areas. When can we expect to see banks, insurance and investment companies and utility companies like power and water suppliers educating us in the same way?

Maybe 2013 will be the year that the companies to which we give our money will start trying to advise us properly. Maybe certain banks will start selling us bank accounts that are the best for us, their customers, rather than the ones loaded with charges that impoverish us. Maybe they’ll use some technology to tighten up their security and reduce the level of card-cloning and skimming we experience. In the week before writing this I heard of three separate stories of people having their bank accounts raided by criminals hundreds of kilometres away. Yes, of course it’s possible the customers had accidentally revealed their PIN numbers but I suspect there’s more to it than that in some cases. Clearly the crooks were sometimes using cloned cards in devices they know only require a signature, not a PIN. We need the banks to insist that stores use the latest technology to protect us.

With a little luck 2013 will be a year of technology really being used for our benefit, rather than just for exploiting us?