Saturday, August 26, 2017

Reply to New York State Attorney General on "Gas station skimmer theft in White Plains, NY".

Below is my reply to the New York State Attorney General person who contacted me:

from: Ken
to: ifraud@ag.ny.gov
date: Sat, Aug 26, 2017 at 9:00 AM
subject: your file number: 2017-1234567

Rachel Casey
Bureau of Internet and Technology

​It seems incongruous that you replied to my online complaint with a paper letter, which contained this completely inaccurate interpretation of my complaint:

"... it appears from your correspondence that you purchased merchandise with a credit card".

NO, I did not even attempt to purchase anything. My credit card number was stolen and used with hours by the criminal to purchase tickets online. Had some law enforcement entity acted promptly, the criminal could easily have been tracked down.

You targeted the online ticket selling company, Seatgeek​, but the real culprit was the Mobile gas station company where my credit card number was stolen. Seatgeek had possible complicity but more likely just bad procedures in that Seatgeek did not ask the criminal  for an expiration date or security number, which is on the back of the credit card. The criminal did not have the physical card, only the credit card number.
​​
​I wrote it up on my tech blog: http://techthoughtsmatinale.blogspot.com/​


The New York State Attorney General was informed via an online complaint form and that office sent this email acknowledgement:

from: westchester.regional@ag.ny.gov
date: Fri, Jul 7, 2017 at 10:20 AM
subject: Attention: Notification of Consumer Frauds Complaint Received
signed-by: ag.ny.gov
_______________________________
The FBI was informed at https://complaint.ic3.gov/default.aspx?#. No reply yet. The FBI online form requested the credit card account number and it was supplied as that number had been deactivated.
​___________________________​

​Let me know if anything happens with file number: 2017-1234567. Thanks.​

Ken
​neth Matinale
address​
914-123-4567

Monday, July 10, 2017

Gas station skimmer theft in White Plains, NY at Exxon Mobile station pump one run by Chestnut Mart.

White Plains, a city of about 50,000, is the county seat for the mostly affluent Westchester County, NY, which borders New York City to the north.

A White Plains resident was the victim of having his credit card number, but not the card, stolen while trying to pump gasoline into his car. The fact that the card itself was not stolen is significant.

Thursday July 6, 2017 at 2:58 PM the victim's credit card failed in its first attempt at the gas station at:

Exxon Mobile run by Chestnut Mart
174 Westchester Avenue (corner of South Kensico)
White Plains, NY 10601

Westchester Avenue is a very busy street and pump one, while one of the furthest from the Chestnut Mart convenience store that administers this gas station and others in the county, is clearly visible to MANY cars, including those stopped at that traffic light intersection.

The credit card was accepted on a second attempt and gas was pumped. The receipt for the first attempt had this URL on the back:

myexxonmobilevisit.com

The victim received an email message from his bank at 7:26 PM that same day, about 3.5 hours after the credit card number was probably stolen:

Subject: Account Alert: Credit Card Used Online, by Phone or by Mail

Account: Credit card ending in nnnn
Amount: $468.00
Made at: SEATGEEK EXCHANGE
On: July 06, 2017

This transaction occurred either online, by phone, by mail or at a physical location where the merchant keyed in your card number.

If you don't recognize this transaction, please call us at 800-nnn-nnnn
____________________

The victim called his bank about 11:45 PM and the call went past midnight. The bank stopped payment, cancelled the credit card number and mailed a new credit card with a new number in a cardboard envelope via UPS, which arrived Saturday, July 8.

The next morning the victim went to website myexxonmobilevisit.com and clearly informed Exxon Mobile of the theft and asked to be contacted but the oil company has not done so.

Before 7:00 AM July 7 the victim also went to the Chestnut Mart convenience store at the gas station and briefly spoke to a young male person behind the counter. When informed that a credit card had been stolen, he quickly took out multiple cards. When informed that only the number had been stolen but not the physical card, he showed no concern or interest.

The crook foolishly tried to buy tickets at seatgeek.com. After an exchange of messages with people at that online website located in New York City:
- How could any online transaction have occurred without the three digit security code on the back of the credit card and also without the expiration month/year of the card? That question was never even addressed by the seatgeek.com people.
- Even after supplying the cancelled last four digits of the credit card to seatgeek.com, they could find nothing in their database to indicate what tickets the crook attempted to purchase. Really?

Presumably, these would be digital tickets and the crook would need to either sell to another or use his own smartphone to gain entry to the event. Any competent and timely action should have been able to identify the tickets and phone resulting in either an arrest or really good information for further investigation and crime prevention.

The New York State Attorney General was informed via an online complaint form and that office sent this email acknowledgement:

from: westchester.regional@ag.ny.gov
date: Fri, Jul 7, 2017 at 10:20 AM
subject: Attention: Notification of Consumer Frauds Complaint Received
signed-by: ag.ny.gov
_______________________________

The FBI was informed at https://complaint.ic3.gov/default.aspx?#. No reply yet. The FBI online form requested the credit card account number and it was supplied as that number had been deactivated.

The victim tried to report the crime to the Westchester County District Attorney but ...

Westchester County website: westchestergov.com
Westchester County DA Website: westchesterda.net

The DA has his own website. Wait, it gets worse:

http://www.westchesterda.net/contact-us/complaint-form

... download, print and complete the compaint form...

The form MUST be mailed to the District Attorney's office to the address on the form.

We do not accept complaints via fax or e-mail.

_________________________

Yes, complaint is spelled incorrectly on the Westchester County DA website. And the Westchester County DA does not even accept a fax, you know, the way people could order a pizza in 1985. Many of us have not had a printer this millennium.

A message about the Westchester County DA was sent to the Westchester County executive and the Westchester County legislator representing the City of White Plains.

Gas station skimmer theft rising

to: Rob Astorino <ce@westchestergov.com>,
Benjamin Boykin <benboy78@aol.com>
date: Sat, Jul 8, 2017 at 9:38 AM
subject: Gas station skimmer theft rising

http://www.creditcards.com/credit-card-news/year-of-gas-station-skimmer-1282.php

County Executive and legislator,

Hey, tell the District Attorney. Impossible to contact DA office other than by phone. Complaints must be on DA paper form.

Oh, I was a victim of this in White Plains. Maybe the county legislators can hold DA accountable.

I just filled out an online complaint with the FBI. Yesterday I did that with New York State AG.

Westchester County should be embarrassed.

_________________________

Additional messages were sent to County Executive Astorino and legislator Boykin with more information, including:

A quick search finds plenty of jurisdictions where they inspect pumps and put stickers on them and educate constituents. I read that this crime is sometimes used to launder money, so it's not just some low level creep. And the businesses that run these gas stations, both the oil company and the convenience store, need to be held accountable and liable. Let them pay for those tickets charged to my account, not the bank, which just passes the cost along to all of us.

No reply by either.

Wednesday, May 17, 2017

Nextgen battery heated and smoked without outside electrical current.

I have two TVs in the same room using Verizon FIOS multi room DVR. The FIOS remote control is not paired to a FIOS box, so changing a channel for one TV, changes it for both. Same for pause, FF, etc. Not what I had in mind.

A friend described a solution that he got three years ago:

This device converts a regular remote into a radio signal remote. You then cover the light signal on one remote and one box with black tape and one remote is now light-activated, the other one radio activated, so they don't interfere with each other.
__________________

I checked it out and ordered the Next Generation Remote Control Extender directly from nextgen.us.

After it arrived I wrote this to my friend:

I put one of its little batteries in the base (flying saucer) to charge the battery and before I could plug it into the electrical outlet, the battery started to heat up and was smoking. I had a difficult time extracting the battery and it was HOT.

I never plugged in the "flying saucer".
________________

I then wrote to Nextgen:

order number is nnnn: battery smoked!

from: Ken
to: customercare@nextgen.us
date: Sun, May 7, 2017 at 4:43 PM

I received your product yesterday: Remote Control Extender.


This morning I put one of your little batteries in the base (flying saucer) to charge the battery and before I could plug the flying saucer into the electrical outlet, the battery started to heat up and was smoking. SMOKING! I had a difficult time extracting the battery because it was HOT.

I also inserted the single IR (infrared) emitter cord into the back of the unit before inserting the battery. The bottom compartment of the flying saucer has an A-B-C switch that was set to B. I did not see any instructions for it and left it at B.

I never plugged the "flying saucer" into any electrical outlet. Still haven't. Your special battery and/or your flying saucer base are defective.

​I left a voice message for Bob at 727-834-9400.

What the heck?
______________________

I never spoke to Bob, the big expert at Nextgen, after the battery smoked. Nextgen did not seem alarmed, which I found alarming. No explanation was provided. Today I received my refund.

Tuesday, May 9, 2017

Verizon FIOS v. Cablevision Optimum "tax" & fees, especially for voice service.

It's got to be public servants sticking it to semi-monopoly Verizon. The difference is stark, especially for voice service.

Comparison of "tax" & fees for current Verizon FIOS and that for Cablevision Optimum 7/16/16:

Verizon Surcharges & Fees What is this?voiceVerizonOptimum
TV
NY Universal Service Fund$0.12taxes and fees$4.03
NY State and Local Tax Surcharges$1.87Phone
Federal Universal Service Fee$3.15$3.15NY Excise Taxes$0.74
Federal Subscriber Line Charge$7.75$7.75Sales Tax$1.35
VLD Carrier Cost Recovery Charge$1.54?Verizon Long DistanceE-911 Fee$0.35
VLD Long Distance Administrative Charge$0.91?Verizon Long DistanceFederal Universal Service Fund$0.47
Video Franchise Fee$6.83Total Taxes & Fees$6.94
Regulatory Recovery Fee - Federal$0.08
PEG Grant Fee$1.00
Regional Sports Network Fee$2.91
Fios TV Broadcast Fee$1.75
NY Municipal Construction Surcharge$1.35
$29.26$10.90

Tax, etc. on land lines: "Verizon Surcharges and Other Charges & Credits SATURDAY, AUGUST 23, 2014

Sunday, February 19, 2017

Private Tunnel VPN: trying it. Hey, what the heck.

Makes as much sense as the wacky commercial VPN service providers mentioned in previous posts.

Private Tunnel VPN, of course, does not support the Chromebook but the "pricing" makes it reasonable for the device I'm most likely to use outside of home: my tablet.

Setup was mysterious and any comments would not be helpful to another human. Check it out.

VPN service providers: global empires or two guys in their underwear churning out "locations" on 1 or 2 servers?

This post is more concerned with where they work, not whether they work. They don't, at least not on a Chromebook.

VPN: do any of these damn things work? TUESDAY, FEBRUARY 14, 2017

A couple of years ago I tried PureVPN. I wrote a bunch of posts. You can click on the VPN label to the right to read them.

This week I tried two more such services ...

I wanted to be able to protect a Chromebook and an Android tablet.

ExpressVPN (based in Bermuda) ... free trial did not extend to the Chromebook app. Dropped free trial. (before trying to pay.

NordVPN (based in Panama; billed to Latvia) ...

My bank challenged both (PureVPN and NordVPN). I should have taken the hint.

Finally, how the heck would you know what, if any, protection they are providing? Do they really have servers all over the planet or are they a couple of guys in their underwear with a server hooked up to a generator? Are some a giant scam that uses customer info to rob them even more blind than the money charged for "service"?
___________________

PureVPN

https://support.purevpn.com/vpn-servers

​502 finds on this page for pointtoserver.com using browser function. Lends credence to my two guys in their underwear theory. It's the only domain I noticed.

I'm guessing that they simply defined 502 IP addresses on this one server and provide them to paying customers. Maybe like creating control cards in a JCL deck running an IBM utility in years gone by.



Organization: Domains By Proxy, LLC
Mailing Address: DomainsByProxy.com, Scottsdale AZ 85260 US
​​DomainsByProxy.com, Scottsdale AZ 85260 US

​So is PureVPN un Arizona or in Hong Kong as they present?​
​_______________


Organization: Go Daddy Operating Company, LLC
Mailing Address: 14455 N Hayden Rd Suite 219, Scottsdale Arizona 85260 US

It gets curiouser and curiouser.

https://en.m.wikipedia.org/wiki/Domains_by_Proxy

Domains by Proxy (DBP) is an Internet company owned by GoDaddy founder Bob Parsons. It offers domain privacy services through partner domain registrars such as Go Daddy and Wild West Domains.

Over 9,850,000 domain names currently use the Domains by Proxy service.
_________________


OK, so maybe PureVPN has two servers, one for each guy in his underwear.
_________________
_________________

NordVPN

https://nordvpn.com/servers/?gclid=CjwKEAiAoaXFBRCNhautiPvnqzoSJABzHd6hbndMQ2EQ0sK61fGgqz0VZ5M-ulp1jHH4_3ooeCWCkRoCPDjw_wcB

Wow, so many locations. Yeah, but only one domain.

Two different guys in their underwear.

https://www.whois.com/whois/nordvpn.com

Luxembourg, not Arizona like PureVPN, which uses GoDaddy.

REGISTRANT CONTACT
Name:Whois Privacy
Organization:Whois Privacy (enumDNS dba)
Street:BPM 333868, Rue Gabriel Lippman 34
City:Munsbach
Postal Code:5365
Country:LU
Phone:+352.27720304
Email:email@whoisprivacy.com
________________
________________

ExpressVPN

https://www.expressvpn.com/vpn-server

Hides its domain names behind country icons.


REGISTRANT CONTACT
Name:Domain Admin
Organization:Whois Privacy Corp.
Street:Ocean Centre, Montagu Foreshore, East Bay Street
City:Nassau
State:New Providence
Country:BS
Phone:+1.5163872248
Email:email@5225b4d0pi3627q9.whoisprivacycorp.com

Bermuda.
________________
________________

All three service providers I considered present a choice of "locations", suggesting that they have servers there, but I think it's just many IP addresses that pretend to be at those locations.

It seems like deceptive advertising. Too bad reviews and oversight don't seem to know or care.

PureVPN: OK with Windows 10 and Android 7 but still fails with Chromebook.

For the Chromebook I twice tried the generic instructions:

https://support.purevpn.com/chromebook-chrome-os-l2tp-setup-guide

Then from a chat:

You are requested to please use server address:

1) us2.ptoserver.com
2) uk2.ptoserver.com
3) au2.ptoserver.com
4) nl2.ptoserver.com
5) it2.ptoserver.com
6) sg2.ptoserver.com
7) au-sd1.ptoserver.com
8) ru-tv1.ptoserver.com
9) es1.ptoserver.com
10) hk1.ptoserver.com

_________________

I tried us2.ptoserver.com. All three attempts had the same result: connected, then dropped after a few minutes.

But it got me thinking about the essence of these VPN service providers and whether they are two guys in their underwear renting a server or two. More in a subsequent post.

Thursday, February 16, 2017

PureVPN being tried again at its invitation.

Previous post:

VPN: do any of these damn things work? TUESDAY, FEBRUARY 14, 2017

A couple of years ago I tried PureVPN. I wrote a bunch of posts. You can click on the VPN label to the right to read them.

This week I tried two more such services ... modest objective: protect my devices when away from home from garden variety pain in the ass intruders...

I wanted to be able to protect a Chromebook and an Android tablet...

ExpressVPN (based in Bermuda) ...

NordVPN (based in Panama; billed to Latvia) ...

Do they really have servers all over the planet or are they a couple of guys in their underwear with a server hooked up to a generator? Are some a giant scam that uses customer info to rob them even more blind than the money charged for "service"?
____________________________

The link was sent to the three companies:


from:Ken
to:support@nordvpn.com,
support@expressvpn.zendesk.com,
PureVPN
date:Tue, Feb 14, 2017 at 6:43 PM
subject:Tech Thoughts: VPN: do any of these damn things work?

Surprisingly, PureVPN replied and offered a three day trial. I accepted.

EpressVPN has an app for installing its stuff on a Chromebook. NordVPN and PureVPN offer instructions, which are their screenshots implementing generic Google instructions. Here are the links:




Only PureVPN mentions: 
  • Check Save identity and password
NordVPN does not show that on its screen shot.

All three seem the same.

Last night I got on my Chromebook as a guest. I then successfully implemented PureVPN. The IP address that it used to represent y computer was in Chicago. I learned this from independent software.

After a while I stopped using my Chromebook and when I went back to it a couple of hours later, the VPN connection had dropped, according to a Chromebook message.

Feb. 16, 2017, 9:00AM loading PureVPN app (5.6.0) onto tablet running Android 7.1.1. It displays as "Best Free VPN". It's not free.

I'm prompted for ID and password, then mode and I select privacy.

I appear to be connected. It shows United States and an 108 IP address, which traces to Bayside, which is local.

With no guidance and after viewing settings, I click on the plug icon, figuring that it will disconnect but instead it brings up location options. I click the icon to select location. I select Italy and when I find my way back to the main screen it shows in the lower left: Italy and a 172 IP address.

When I ask Google for my IP address, it initially shows the Bayside address and "Your public IP address". However, iplocation.net shows 172 ... Milan, Lombardi (IT).

whatismyip.com also shows Milan.

OK, so PureVPN has me in Italy. Let's see how long the connection lasts.

Feb. 16, 2017, 9:30AM Windows 10: From the PureVPN website, I'm downloading the app. Installing. Stealth. OpenVPN. Blah, blah, blah. It's been "finishing" for almost twenty minutes; appears to be stuck.

Oh, in another window there's a prompt for approval to install:

MICROSOFT SOFTWARE LICENSE TERMS
MICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013

I clicked OK. C++ finished and then so did PureVPN.

I logged in and selected "security and privacy" as I had done with the Android app. Then I requested a server in Canada. The PureVPN Windows app shows that my real IP address is hidden and that Montreal is were my IP address is. Cool.

Now let's see how long these connections last. Android is still in Milan, Italy since 9:20 AM.

I also need to try my Chromebook again.

Tuesday, February 14, 2017

VPN: do any of these damn things work?

A couple of years ago I tried PureVPN. I wrote a bunch of posts. You can click on the VPN label to the right to read them.

This week I tried two more such services, this time with a much more modest objective: protect my devices when away from home from garden variety pain in the ass intruders. I'm not concerned about the NSA. In fact I hope that the NSA is running some of these sites to track bad guys.

I wanted to be able to protect a Chromebook and an Android tablet.

ExpressVPN (based in Bermuda):
- supposedly the only service with a Chromebook app
- seven day free trial
- free trial did not extend to the Chromebook app
Dropped free trial.

NordVPN (based in Panama; billed to Latvia):
- no free trial; had to pay to play; promised refund in 5-7 days; will dispute with bank ASAP anyway
- detailed instructions to deal with a Chromebook
- Chromebook instructions did not work; chat and email advice descended further and further into tech hell where no customer should be asked to go
- even the Android app failed to connect.

My bank challenged both. I should have taken the hint.

Finally, how the heck would you know what, if any, protection they are providing? Do they really have servers all over the planet or are they a couple of guys in their underwear with a server hooked up to a generator? Are some a giant scam that uses customer info to rob them even more blind than the money charged for "service"?