Get Secure *Before* You Get Hacked

As I’ve been dubbed “Mr. Security” by my friends, family and clients (I pay significant attention to, and use, cybersecurity, privacy and software measures) but my pleadings with them to be secure often are ignored…until they get hacked. Then they plead with me to help them out and get their digital life on track. Usually it’s too little, too late, and the work to recover is enormous.

You should care deeply about your digital life and its security, especially since the risk of getting hacked is exploding! The World Economic Forum in its 2018 report (PDF) said blackhat hackers are gaining the upper-hand in cyber warfare…and they are coming after you…and even the experts can’t keep up:

“Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”

Here’s the good news: if you haven’t yet been hacked it’s likely you will at some point, so lets get you cyber secure NOW!

SECURITY CHECKLIST

I was delighted this morning to discover this Security Checklist, “An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.

The Security Checklist is very comprehensive, easy to follow, and one you should look at and implement as quickly as possible. It gives you the “why” and specific resources to use for each category, making this pretty brain-dead-simple to follow and implement:

  • Password Manager
  • Create a strong device passcode
  • Use two-factor authentication
  • Set up a mobile carrier PIN
  • Encrypt your devices
  • Freeze Your Credit
  • Use 1.1.1.1 for DNS resolution
  • Use a VPN
  • Cover your webcam
  • Use a privacy-first web browser
  • Use a privacy-first search engine
  • Review app permissions on your devices
  • Review your social media privacy settings
  • Educate yourself about phishing attacks

Go to Security Checklist

NEVER, EVER use PODS!

UPDATE 12/27/18 — PODS finally makes it right in the end
After I published this post, sent multiple tweets, emailed (and faxed to) the CEO, a customer advocacy guy (Nathan) was put on my issue. He and I interacted for a couple of weeks and no, I was not unreasonable but was clearly upset. I made certain Nathan knew I was NEVER going to let this go until PODS made it right.

Nathan did arrange to get our PODS container here one day before their “process people” said it would be here so that was a bonus. Since we had to be out of our temporary leased AirBNB townhouse, I’d asked for PODS to compensate us for hotel rooms for the 4-5 nights we’d be forced to sleep elsewhere (since our beds were in the container!). Instead they got off easy: since we’d closed on our new house and could stay there, we purchased two highly rated inflatable mattresses which were good enough to sleep on for a few nights but we wanted to be compensated for those. (Hotel rooms would have cost about $1,300 but the beds were about $400 and we thought that was reasonable).

Nathan also did get back to me with a compensation resolution the 2nd week of December. They would credit my account but only if I signed a pretty draconian release that would take down this post, tweets about this incident, any other social media posts (e.g., Facebook), and any complaints or comments to the Better Business Bureau or other forums.

Um….what?

I absolutely and flatly refused. After several more days (and me repeatedly asking for updates) PODS did do the right thing in the end as the credit was posted to my credit card on December 20, 2018 without me signing that release. Though this sum doesn’t make up for the angst, anger and anxiety surrounding the PODS-mistake arrival of our goods, it does somewhat soften the blow.

Ten days ago (on Tuesday, November 13, 2018) I scheduled the delivery of our PODS container (containing our household goods) to be shipped from Minnesota to California and arrive the day after we close on our house November 29th.

After a lengthy phone call that Tuesday I received the confirmation email so ordered PODS Hire a Helper and we were all set to receive our container the morning of November 30th, the day after we close on our new house.

PODS made a huge mistake and fucked us over though. We’ll be lucky to see our container until December 5th, five days after it was promised and I received the confirmation you see below, specifying its delivery would be made on 11/30/18!

TODAY’S HOLIDAY WEEKEND, KICK-IN-THE-BALLS

Here’s what happened. Today is the day after Thanksgiving and I received a call from a PODS “logistics clerk” Shyron Baker, who informed me that “we were unable to ship out your container since you did not complete a Gypsy Moth form (California requires it) and a new order since this is in ‘inter-franchise’ shipment.

WTF? I actually recall completing a Gypsy Moth form when shipping from Minnesota, which I handed to the driver who picked up the container. About the inter-franchise shipment, I have no idea. BUT WHY THE FUCK DIDN’T SOMEONE FROM PODS DOUBLE-CHECK THAT ALL PAPERWORK WAS IN ORDER AND EITHER TELL ME ABOUT THIS MISSING STUFF WHEN I SCHEDULED DELIVERY OR, MORE IMPORTANTLY, CALL ME IMMEDIATELY WHEN I HAD ORDERED SO AS NOT TO DELAY THE SHIPMENT!?!

Shyron proceeded to tell me that *I* would have to call to reschedule (shitty customer service, heh?) and that if I did so today it could be delivered by Wednesday, December 5th.

I blew up at the guy:

  • We close on the new house November 29th and PODS confirmed that the container was to be delivered the morning of November 30th and we need our stuff.
  • We have to be out of our rental townhouse by 5pm on December 1st. Without our household goods we have to rent two hotel rooms (one for my wife and me and another for our son) for four nights since we won’t have our damn beds!
  • We had scheduled movers to come to unload the container and now have no idea if they are available.
  • But mainly, this was PODS fuck-up and they were doing ABSOLUTELY NOTHING to make it right or help me.

All of my plans for this afternoon were put on hold and I skipped everything to deal with this PODS MISTAKE. Thanks for the great weekend PODS…you assholes.

By the way, here is the confirmation with my personal information redacted:

   

WHAT HAPPENED NEXT

I had to reschedule (again, they didn’t help me with this task at all) which I did immediately to have the next available date locked in: December 5, 2018, even though I fully intend to shake the PODS corporate tree on Monday to get it here when PODS PROMISED.

The young woman who helped me with my rescheduling was fine, but had very narrow ability to do anything but reschedule. So, after I kept hammering on her for help, she “escalated me” to Tier 2 customer support.

After I got on with this new Tier 2 person, I explained at length our situation but she basically could do nothing. She did send an email to the logistics department and received a near real-time reply. The email message essentially was that “no trucks are available since it’s a holiday weekend” and that “the December 5th date was the earliest available.”

Shyron, the original logistics clerk, also could do nothing when I emailed him back.

The bottom line? I learned that all three of them could only spout three things over-and-over-and-over again:

  1. Sorry for your trouble.”
  2. That is our process.
  3. That is all I can do.

But here is the big question: If PODS is so big on process — and they apparently have this stuff all nailed down — how did our order get so screwed up?

None of the PODS people had any answers except for those boilerplate responses, as though this kind of thing happens all the time. These three might as well have said, “This shit happens all the time and we basically don’t give a shit that you are upset. Order confirmation or not, you paid us, we have your stuff, so fuck you and you’ll get it when we get around to it and it fits our processes.” Seriously…this was the exact take-away message I received from all three of them.

The Tier 2 customer support woman did say something that I felt was truly the final “fuck you”. The only thing I didn’t hear was her chuckling while she said it, and I don’t think she understood that this additional escalation “process” would likely not conclude until after the container shows up, five days late:

An “escalation specialist” would review my case “probably Tuesday” and that “it will take 3-5 business days to listen to all calls and review all information and then that person will email you.”

SO NEVER, EVER USE PODS

So THAT is why you should never, ever use PODS to ship your stuff. If they do fuck up and make a mistake, they will not make it right, and remember….they have your stuff.

Beginning Monday morning November 26th, I’ll be calling in to PODS corporate to discover a logistics executive that might help me. I’m NOT going to let this go and bend over while PODS rams it in to me.

Is This a Scam by Symantec?

Can’t help but think that “Norton by Symantec” is trying to scare the beejeesus out of website owners with something that sure smells like a scam to me…or at least a really spammy marketing effort to bolster their contact lists.

One of my businesses, Innov8Press, recently began rebuilding a long-time client’s new website. Before the rebuild started we moved the client to a new webhost as their existing one wasn’t up to handling what the new site will require for technical resources.

This is a site we had built (but were not managing at the time) and is one we cleaned up after a hack two years ago and it has been clean ever since. FOR THE LAST TWO YEARS Google says it is clean. Sucuri says it is clean. The premium Wordfence security suite says it is clean.

So imagine my surprise that, after we’d moved the site, we saw this at the new webhost’s dashboard:

Then I go back to Sucuri — which again, had shown the site to be clean for TWO YEARS until we just moved it last week — and now this appears:

We’ve now invested a couple of hours:

  • Creating an account at Norton Safe Web
  • Interacting on the community forum (basically to ask, “WTF?”)
  • Downloading the verification file
  • Uploading it to the site’s server
  • Requesting a verification as the “site owner”.
SCAM OR JUST SPAMMY MARKETING?

Every fiber in my being tells me this is a spammy attempt to get website “owners”, whether the actual owner or developers like us, to signup for their services. At the very least it’s an attempt to identify website owners so they can email the shit out of us.

If Norton starts spamming us I’ll create a filter in Gmail to instantly set all their emails to “spam.” They’d better not think they can market to us in this fashion like some no-scruples startup, and basically waste the time of website owners like this.

Why This MICHELIN® Tire Promo is Essentially a Scam

READ THE UPDATE on October 31, 2018

Before we moved from Minnesota to California this past June, I put new tires on my son’s car so he could make the drive. What tires? Michelins.

Wait a second…didn’t I say in the last line of this post that I’d never buy Michelins again? I did…but my son worked at Costco and he said, “Costco has a no-fooling-around deal with tire makers. If they have rebates those go to Costco and then *Costco* sends out the rebate within a Costco cash card.” So we bought the tires and it worked.

My daughter called me two weeks ago and wanted those same Michelin tires at Costco so yes, I did it again for her and, because her Mom and I shop at Costco all the time, when the cash card arrives we’ll easily spend it.

Bottom line? The only way I’d do this deal again is through a retailer like Costco who has the rebate go to them and then *they* send it out or give you a deal at the cash register.

READ THE UPDATE on September 25, 2017
Looks like either their original email to me was boilerplate or this post, social media shaming, and other efforts got them to remove the obstacles for rebate payment:

In August I purchased four MICHELIN® brand tires for my 2013 Toyota Prius Persona. This is a car my air-traveling wife hardly drove and has only 18,XXX miles on the odometer. As such, its tires are ones I could have easily driven for another 10,000 or more miles but, since I’ll be driving it to California in the next few months and will be putting on a lot of miles once I’m there, I wanted new tires.

Fortunately there was a $70 rebate on the 60,000-mile rated MICHELIN tires and service for which I spent nearly $800 on (see the screenshot about the rebate). Though I absolutely detest rebates, mainly since companies make it very hard to comply with all the instructions in the hope they’ll fulfill as few rebates as possible, I am quite meticulous on how I apply for them to ensure I’m complying with instructions and thought this would be seamless and easy. After all, MICHELIN is a major company and is (I thought) above the plaid-sportcoat-like behaviors of other companies who try to block and make rebate redemption difficult enough that the vast majority of consumers find it more bother than its worth and stop pursuing the rebate as soon as push-back by the “fulfillment centers” occurs.

That said, readers of this blog know I *deeply hate* rebates, unless they’re the “taken at the checkout” kind which gives a discount immediately. Consumers hating-rebates-backlash is the primary reason why Best Buy began eliminating rebates entirely in 2005 since most are as close to scams as these companies can away with and not be stopped by the Federal Trade Commission or Congress.

In my view rebates like this one are scams since they prey on the likelihood that only 21.1% of total sales or 67.6% of incremental sales from people successfully submit information to receive the rebate or they mail in the original receipt and then get a letter saying something like, “We never received your receipt. Please send another” knowing that the consumer likely doesn’t have a copy, can’t get one, or deems it not worthy of the effort.

See more on my posts A Nikon example of why I *hate* rebates and Nikon fills rebate….but how? or read The Great Rebate Runaround in Bloomberg BusinessWeek which said this back in 2005 of rebate redemption amounts:

In November 2005, BusinessWeek estimated a return rate of 60 percent. Some estimates have been as low as 2%. For example, nearly half of the 100,000 new TiVo subscribers in 2005 did not redeem their $100 rebates, allowing the company to keep $5,000,000 in additional profit.

It’s that throwing obstacles in the way of getting one’s legitimate rebate which is why I believe this MICHELIN® tire promotion rebate is essentially a scam since I complied with 100% of the instructions for submission and never, ever should have received a follow-up email requesting “…a little more information.”

But it’s not just me. Many others have viewed rebates as a “scam” and this crap by manufacturers goes back a long time as this 2003 Slate article on The Great Rebate Scam illustrates.

Read More

Is PharmacyChecker Worth Using?

UPDATE on Wednesday, April 5, 2017
As I said in the last paragraph in this post, before publishing it I sent an email to Henry Harvey at PharmacyChecker.com. He sent it to Gabriel Levitt, the President who replied today and said, “I don’t blame you for being skeptical of an online pharmacy for a misspelling but I hope we can reassure you that you can and should trust PharmacyChecker. We just published an answer to your question on our new AskPharmacyChecker section.”

My reply was this:

Gabe,

Thanks for the reply. I really appreciate it. Commenting on that post is absolutely appreciated as well.

The misspelling was what kicked off my resolve to investigate further. Four things gave me pause which I will reiterate here:

1) GlobalCareRx registered this site with Privacy Hero, Inc. in NA whom I called…but they wouldn’t divulge who is behind the site. In addition there is no way to discover who is behind this site, if they’re Canadian or out of some hovel in Bangladesh, or some other place.

2) ​Their company address (Global Care Rx, 7-B Pleasant Blvd, Suite 1083, Toronto, ON, Canada, M4T 1K2) is The UPS Store and is a private mailbox (see: http://www.theupsstore.ca/41/ )

3) Their supply chain is unknown. On their site they say, ​”Global Care Rx contracts with licensed pharmacies in Canada, UK, Turkey, India and Mauritius, in order to provide you with the lowest possible prices for your medications.” and “Our international prescription service contracts with licensed pharmacies and fulfillment centers, and you can save up to 80% when purchasing medications from Global Care Rx.”

​The primary concern any consumer of pharmaceuticals has is the efficacy and safety of the drug one is taking. The secondary issue is cost which I’d hoped to address by finding a reputable online Canadian merchant who could help us.

But it’s that primary concern that I wanted to point out:  I have no trust when it comes to Global Care Rx (and actually others on your list, by the way). Turkey? India? Mauritius? Fulfillment centers? An old truck by the curb could be a “fulfillment center.” What are the chances that drugs that come from there have been temperature-controlled? Are not milk-powder or cut with something else?

When I was the VP of Strategic Alliances at Lawson Software (the ERP company) we had a major U.S. drug retail chain that was trying to track vaccines through the supply chain. If vaccines are out of a tight temperature range they become inert and don’t work. It was extremely challenging and the industry worked to solve it and did so. What assurances do I have that sites listed on PharmacyChecker.com aren’t a couple of guys looking to make a quick buck?​

~Steve Borsch

 

Previous Updates

UPDATE at 12:15pm CDT: Still seeking certain legitimate sources and I’m still not comfortable with even CIPA’s criteria for what constitutes a legitimate online pharmacy. Stay tuned for further updates…

UPDATE at 11am CDT: Found a legitimate online pharmacy called Canada Drugs and they are CIPA certified (Canadian International Pharmacy Association – put in just canadadrugs.com to check their validity). You can also look at this CIPA verified online pharmacies page to see all verified ones.

My wife and I are self-employed U.S. citizens and, as someone with individual insurance, we pay retail U.S. pricing for our prescriptions and definitely want to save money! Every year we expend literally hundreds of dollars more per prescription than Canadians do and we intend to shift our purchasing to a legitimate Canadian pharmacy.

One of the online checkers, one that apparently Google and Yahoo use for results, is PharmacyChecker. But I’m not sure I can rely on PharmacyChecker for due diligence on our behalf. Let me explain why.

After coming across posts at PharmacyCheckerBlog I went to PharmacyChecker and put in one of our prescriptions. Up came a listing of “PharmacyChecker Approved” outlets along with pricing which looked amazing.

I randomly chose to go to one of the sites and clicked on GlobalCare Rx. Examining all of their FAQs and poking around the site I grew suspicious (as I always do when there is no “About Us” or who is behind a website) but kept poking around…until I saw on their homepage that step #3 said, “Recieve your medication” with the word “receive” misspelled. There is NO way a legitimate site would allow a misspelled word like that on their homepage (at least my 250+ website clients would not!) so I poked around some more and discovered that:

  • GlobalCareRx registered this site with Privacy Hero, Inc. in NA whom I called…but they wouldn’t divulge who is behind the site.
  • Global Care Rx hosts their website (with thousands of others, no doubt) at Websavers in Canada.

​Having done supply chain software work in a past corporate life, I am VERY aware of the sensitivity to temperature ranges of shipped pharmaceuticals. Not only do any of us need to trust that an online pharmacy isn’t shipping something from some guy’s garage where he put milk powder in some capsules, I need to know that care is given to HOW something is shipped…so it isn’t sitting in some truck overnight freezing and, by the time it’s delivered, the prescription drug is now actually inert and of no use. Fortunately there are some smart people addressing this exact issue.

While the percentage I agree with what Trump doing is about 0%, this is one area where I hope his disruptive-grenade-throwing tactics make an impact.

I just reached out to Henry Harvey at Pharmacy Checker and asked him to please inform me as to why I should trust PharmacyChecker.com for displaying legitimate, trusted and “verified” sources.​ Hopefully he will reply and/or comment here on this post.