Thursday, June 14, 2012

3 Things That Inspire Me: Vol 2


I’ve been following an amazing blog, The Simple Dollar, for a while now - and I wanted to share with you one of my favorite features: Ten Pieces of Inspiration. Each week, writer Trent Hamm talk about 10 things that inspire him to (quote) “greater financial, personal, and professional success.” I get so gosh darned inspired by his posts that I thought I would create my own “inspiration posts” in homage to his great work.


#1 - My Dog

This is Denver (Photo by Erin Cronican)
I have had my dog, Denver (also known as “Denver Dog”) since she was 11 weeks old. She’s now 16, with a birthday coming up on September 9, if I’m so lucky. She’s frickin’ awesome. She has lived in 7 apartments and 3 houses in 7 cities and 2 states. She has met and lived with more men than I care to count (and I’m a serial monogamist, so they were lengthy stays.) She likes it when I sing, so it became a really sad day when her hearing left her and she no longer responded when I vocalized. She has a serious attitude problem, which you’ll see in the photos. She rocks my world, and I’m inspired by her “living in the present” attitude daily.

Caption Contest! Please comment below with what Denver is thinking! (Photo by Erin Cronican)

This is what Denver looks like when she gets caught in my underwear. Bad dog. (Photo by Erin Cronican)


#2 - Subway Stations

Photo by Erin Cronican
I’m stunned by the beauty of old buildings. Always have been. For some reason subway tunnels and stations, especially those that retain some of the old fixtures, fill me with awe. I find myself taking photos of people, subway cars, light fixtures, and the tracks to try to capture the beauty that I see. Sure, subways can be sweaty and gross (take a look at the posts I written about my subway adventures) but I’ve never felt so liberated by being whisked throughout my city by a piece of steel.

"Is this antique subway car real?" (Photo by Erin Cronican)


#3 - Signs That Makes Absolutely No Sense

Apparently, this machine dispenses bacon. (Photo by Erin Cronican)

You can find me whipping out my camera at the most random times, and chances that it’s because I’ve seen a crazy sign. New York is notorious for these, because people are just chomping at the bit to express themselves. I find that my crazy, “punny” side comes out to play and I get no end of delight in sharing my twisted thoughts with those around me. I appreciate irreverence, word play, and a well-timed foul joke. I’d love it if you’d post links to some of YOUR favorite signs (in the comments section below!)

This is Rice to Riches, a rice pudding place in the East Village. (Photo by Erin Cronican)


What inspires you? Have a comment or question? Leave it by clicking below!


Erin Cronican's career as a professional actor and career coach has spanned the last 25 years in New York City, Los Angeles and San Diego. She has appeared in major feature films and on television, and has toured nationally with plays and musicals. She has worked in the advertising & marketing departments of major corporations, film production companies, theater magazines, and non-profit acting organizations. For more information, please visit http://www.erincronican.com.




Thursday, June 7, 2012

Troubling Phishing Scam- Updated November 2015



©iStockphoto.com/Dave Pilibosian

There have been a lot of scam, phishing, and hacking incidents over the last few months, most recently with today’s announcement that LinkedIn had 6.5 million passwords stolen. What’s fascinating about a lot of these is that they are perpetrated via email, and these email scams look totally real.

I had one that was really chilling last month. About 3 weeks ago, I received a text message at 8am from my bank asking me if I had just made a purchase in the amount of $50.00 from a direct marketing company. Those of you know me know that I was sleeping at that hour, so I texted back to tell them “no.” They told me there would be someone from the fraud department calling me immediately. As I waited, I checked my email and saw another fraud alert come in via email. Turns out, 4 separate transactions had been made that morning. The first one was only for $1, and the others totaled around $200. (I could only imagine that the $1 charge was a test to see if the purchase would go through.) I checked my wallet and saw that my card was there, so the debit card number had to have been taken from somewhere online. Luckily, I called the number on the back of my card and spoke with the fraud department at my bank, had the charges reversed, canceled my card, and got a new card ordered. I was also able to stop by the local branch and get a temporary card while I waited for the new one to arrive. It was very easy, and I was very relieved.

A few days later, I received an email from what looked like my bank at the email address they have on file for me. The email said that the fraud investigation had been started, and I just needed to click a link to login and download the fraud report documents. Here’s the exact text of the email:

ERIN CRONICAN,
Welcome to the Chase Customer Claims Secure Document Exchange.You recently contacted Chase regarding your claim number 083968193080001. Your documents are available for your review.

Per our telephone conversation, you will need to register to our secure website by clicking on the link below or copy and paste the link into your browser’s address bar.
https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=phSeJFa%2F%2F9WRKM3ZLLggyEPH7ry%2Bg4gbYPann6g3awA%3D
Your user name is erin@erincronican.com
Your initial password is: 4Fc4dC7K (you will need to change this on first login). 
On your first log in, you will be required to select a new password. NOTE: This site is different from Chase.com and passwords are not related. Updating your password on Chase Customer Claims Secure Document Exchange will have no impact on established Chase.com passwords.

Once registered, you will be able to access your customer correspondence on our secure website. You may be offered the option to complete and sign the form online if you wish to do so.
Thank you for using Chase Customer Claims Secure Document Exchange.
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262.

Seems innocent enough, right? But guess what? This email was not from Chase.

Most likely, this is from the same folks who stole my debit card number.

The first red flag was that they openly said, "This site is different than Chase.com.” And, true enough - they were sending from an email address with the domain “secure-dx.com.” If you go to their website, you get forwarded to “wolterskluwerfs.com/info/sdx/index.html,” a professional looking website that describes them as a secure document exchange service. But then, if you notice, the link they asked me to click is for a completely different domain. The fact that these two domains didn’t match made me concerned.

The second red flag was the email saying I had documents to review. I figured that if this were true, the person on the phone (when I reported the fraud) would have told me to be on the look out for documents. And if not, then the person at the branch (where I got my temporary card) would have mentioned it. It seems to me that if a customer is defrauded, a business would go to great lengths to make sure that further communication removes any possibility of fraud. This email was a surprise, and that in itself raised a red flag.

The third red flag was that they said I would need to change my password immediately upon logging in, and mentioned that my password here would have no bearing on my password at my bank. I found this to be odd and my Spidey sense went on overdrive. I’m sure that what victims do, to make things easy, is change their password to the same password they use at their bank. If I had clicked the link and done what they said, most likely they would have been able to get into my bank account directly and completely wiped me out.

So, I did some Googling, and I found something startling - this scam has been reported as far back as 2009.

So, I forwarded the email to Chase (their website says suspicious emails should be sent to abuse@chase.com) to see if it was truly from them, and the stock response I received said that it was, in fact, a scam. Here’s what they said:

Thank you for sending us this e-mail. We have received multiple copies of this message and have already forwarded it to our fraud department for additional investigation. Although the e-mail appears to be from Chase, it is not. It has been designed by fraudsters with the intent to trick you into providing private information about yourself and your accounts. This is known as “phishing,” and the number of people who fall victim to this scam is unfortunately rising.

If you have responded to the e-mail with any information please call us immediately using the number on the back of your card, on your statement or from the “Contact Us” link on Chase.com. It is not our practice to:

- Send e-mail that requires you to enter personal information directly into the e-mail
- Send e-mail threatening to close your account if you do not take the immediate action of providing personal information
- Send e-mail asking you to reply by sending personal information

You should never reply to, click or enter any information if you receive a suspicious e-mail.

We actively investigate each of these attempts and work hard to stop any further unauthorized e-mails from being sent. Although we did not send the e-mail, please know that we regret any inconvenience or concern it may have caused you.

Thank you, E-mail Customer Service Representative

Sounds good, right? BUT -- the reply came from this email address “Abuse <abuse9@cigpopmail.bankone.net>.” I checked that domain name, and it comes up a dead link. Not to say, of course, that this email is a fraud too, but I’m a little tired of getting emails from websites that are NOT from my bank’s domain name. Better safe than sorry, I checked their website again and found an alternate address to mail to (accountatrisk@chase.com.)I wrote to them asking for a personal reply rather than a stock reply, so that I can make sure that this response is legit. I’ll let you know what I find. [UPDATE June 20: Chase's response above was legitimate - which I confirmed by phone.]

The thing that's scary is -- somehow, the person who stole my card number also had my email address -- the same address I had on file at the bank. They have such a complete scam going - they knew I would get the card canceled when I noticed the charges. Any normal person would have clicked the link in the email -- I just happen to be more careful and detailed than most so I avoided that catastrophe.

I decided that my only real recourse is to post this information, in full, so that you all can be aware of this scam and, possibly, avoid it. If you have had any problems like this, or with this exact scam, please leave a comment below so that those who are researching this scam can learn your story.


UPDATE: June 20, 2015

So, this is really odd. If you scroll down and read the comments you'll notice that on June 17 an anonymous person lambasts me for posting this warning on my blog. (Go ahead and read it now -- I'll wait.) I ended up having to delete some of his comments because they were becoming more and more incendiary. But that's not the odd part. The odd part is the less than 24 hours later, MY CHASE DEBIT CARD WAS STOLEN AGAIN. 

The same thing happened - I got a text, email and phone message from a Chase asking me if 2 recent transactions wrre mine. When I called the number on the back of my card we confirmed that my card had been compromised. This time I was forearmed and forewarned and I asked the fraud department if they would be sending me an email from a document exchange asking me to fill out an electronic form on the exchange website. He told me unequivocally that THEY WILL NOT SEND AN EMAIL ASKING FOR PERSONAL INFORMATION TO BE GIVEN. 

But sure enough - today I received the EXACT same email from the Document Exchange requesting my private information to be entered into a website. QUELLE SURPRISE. 

Now, it may be some kind of voodoo-like coincidence that my card was stolen one day after some anonymous editor person rants on my blog trying to get me to stop researching shady and fraudulent practices. But I'm grateful - because it forced me to ask point blank questions of my bank to be perfectly clear what their procedures are and which are fraudulent. 

No matter what kind of anonymous person wants to convince us that our due diligence is problematic, KEEP GOING. I want to commend you on doing your research and reading this far. Please continue to post your experiences below so that other people can benefit. 

Addendum:

Now- after doing some research I do see that the original response I got from abuse@chase.com may have been from their company (albeit not as transparently as makes sense.) But I recommend that you actually get a rep on the phone using the number in the back of your card, which will guarantee that you are speaking with someone authentically from Chase.

UPDATE: June 23, 2015

I just received a second email from "Chase" - here it is with the long headers first:
From: chase_customer_claims@secure-dx.com
To: Erin Cronican
Reply-To: chase_customer_claims@secure-dx.com
Received: from chaseatmweb1.secure-dx.com (unknown [209.235.35.118]) by ismtpd-050 (SG) with ESMTP id 14e22cc884e.10dc.108068 for ; Tue, 23 Jun 2015 23:41:46 +0000 (UTC)

Subject: Chase Customer Claims Secure Document Exchange Password Hint
 
----
The Chase Customer Claims Secure Document Exchange password hint that you provided for the registered User Name erin@erincronican.com is below.
Password hint: 'password is 4Fc4dC7K'.
If this hint has helped you to remember your password, then please login by clicking this link
https://sdx.chase.com/consumerdcx-chase_atm/private/main.jsp?username=phSeJFa%2F%2F9WRKM3ZLLggyEPH7ry%2Bg4gbYPann6g3awA%3D
User Name: erin@erincronican.com 
If you still can't remember your password, then please click this link and you will be emailed a new one. 
https://sdx.chase.com/consumerdcx-chase_atm/guestaccess/ForgotPassword?resolve=reset&j_username=erin%40erincronican.com 
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262.

I did some research on the phone number they say is for Chase claims, and I found this fascinating legal claim against a company called "Star Cash Processing" - http://www.dbo.ca.gov/ENF/pdf/2010/StarCash_dr.pdf. But I have seen the phone number also listed within the depths of Chase's website, so it's hard to know what's legitimate.

This situation is getting weirder and weirder - I'm just now noticing that the "password" they gave me in the 2012 and the 2015 emails were exactly the same. It makes the comments I got a few days ago that much more disturbing.


UPDATE July 8, 2015

Since mid-June when my card was most recently compromised, I have gotten EIGHT (8) copies of this exact email sent to me, over and over again, telling me to download these fraudulent documents. They are relentless!


UPDATE August 5, 2015

Since my last post I have received no fewer than 20 more copies of a new email, this time telling me that my password has been changed. Funny, though - the "new" password is exactly the same as the old password:

chase_customer_claims@secure-dx.com To: Erin Cronican
Reply-To: chase_customer_claims@secure-dx.com
Chase Customer Claims Secure Document Exchange Temporary Password
Your Chase Customer Claims Secure Document Exchange password for the registered Email ID erin@erincronican.com has been changed to
    4Fc4dC7K
Please login by clicking here and carefully entering your registered Email ID and the password above (note that you will be required to choose a new password upon logging in).
To contact Chase for claim related questions or to withdraw your claim, please call 1-866-564-2262. 

UPDATE November 3, 2015

Since my last post I have received no less than 1 email PER DAY (and sometimes 2-3 within the same hour) with the exact same message as above (offering me a new password to login, though its' the same as every password they have ever sent to me.)

In other news, see below for several more anonymous commenters trying to convince us that this scam is legitimate.


UPDATE November 4, 2015

Wouldn't you know it?! After several years of receiving the exact same email message from this "secure-dx" company, the very next day after battling with a commenter (see below) I receive a brand new message from them, telling me my password has been changed and they're giving me a new one. And it actually IS a new password, not like in the hundreds of messages I've received in the past where my new password is the same as the old one they gave me.

It may be a coincidence that their communications made a sudden change the day after these comment exchanges, but after so many years of the same message over and over, a coincidence doesn't really feel like the right description. It feels like I'm being watched. This seems especially so because of how many anonymous posts are from people swearing the secure-dx is legitimate, but they never answer my specific questions nor reveal who they are. Are they a part of the fraud and they're trying to make sure that my readers view them as safe?

Again, do your due diligence and you should be just fine. After all of this, nothing severe has happened to me. Chase has been great about returning any money that has been stolen and getting a new card issued has been only an inconvenience.

I'd like to hear from you. Please share your experiences in the comments section so everyone can learn from what you've seen & heard!


Have a comment or question? Leave it by clicking below!

Erin Cronican's career as a professional actor and career coach has spanned the last 25 years in New York City, Los Angeles and San Diego. She has appeared in major feature films and on television, and has toured nationally with plays and musicals. She has worked in the advertising & marketing departments of major corporations, film production companies, theater magazines, and non-profit acting organizations. For more information, please visit http://www.erincronican.com.






The Fine Print

All content in this here blog is released under a Creative Commons by-NC-ND license. That means you're free to share it, republish it, refer to it, include it in your wedding vows, whatever... PROVIDED you

a) credit me (with my name, my blog's name, and a link back to my site- displayed at the top of the blog)
b) you don't change anything
c) you don't use it to make money.

To view the license, click here. To learn more about Creative Commons, click here.

Popular Posts


Top Blogs Acting blogs & blog posts Arts Directory for New York, New York
Blog Directory & Search engine Blog Directory My BlogCatalog BlogRank
Follow the erin cronicals