the iMentor

Hints & rants

This weB-LOG is about the musing of a technical consultant. It is the iMentor's thoughts on technology and the human condition.

GO TO ARCHIVE
March 15, 2020 No Comments

Chopping wood

Episode 581

March 21, 2020

i buy a cord of wood each year to burn in my living room stove.

 

The wood is already cut to about 16” so it fits into the stove.
These pieces of wood do not ignite as easily as i would like so i split them with my axe.

i never thought that one of my household chores would be chopping wood, but i am glad that it is.

There is time to think while chopping wood.
A split log burns more easily because the fire can work its way more easily into the jagged surfaces.

Ideas are like unsplit logs.

An idea occurs as a single concept, whole and complete in itself.
To understand an idea i must first split it open and look inside.
Once open i can work my way into the jagged edges to reveal the true content of the idea.
Each time i split the idea in half i get closer to the component ideas within.

During this process it is useful to employ split-half reliability analysis.

Compare one half of the idea to the other for consistency.
If two arguments are made, do they both share the same conclusion?
Sometimes half of the idea must be discarded to reveal the real gist of the the thought.
Sometimes half of the idea must be discarded to reveal the error in the thinking.

Let’s use an email from Apple regarding my iCloud storage plan as an example of how to analyze with split-half reliability.

A note of caution: Do not click on links in suspect email as i do in the following example. Leave the investigation to the professionals.

 

The email subject was “Subscription Billing Problem.” It included an Apple logo and was formatted in the typical black white and grey of an Apple correspondence.

First, split the email into graphics and text.
The graphics were spot on. The size, shape and color of the Apple logo are correct. The grey background behind subjects is typical.

So let’s discard the graphics and focus on the text.
Split the text into font format and layout.
Title fonts are identical.
Body fonts are a different point size. OK… a minor point.

 

Discard fonts and let’s focus on layout.
In the copyright section the copyright symbol is missing. The word “Apple” has a space between the two “p”s. Apple’s address is missing. “All rights reserved” is not a link, as it is in actual Apple emails.

 

Let’s make a note about the typos (Apple doesn’t do typos) and move on to content.

The title of the email was “Subscription Billing Problem.” Nothing is ever a “Problem” with Apple. Billing might be an “issue” or require attention, but never a problem.

The most obvious indication of fraud is that the email was sent to 454 recipients. All of the recipients had @mac.com email addresses. Most Apple users have @icloud.com or @me.com email now-a-days. The recipients of this email are in alphabetical order. Why? And why was an email about my billing problem sent to 453 other people? Also, all 454 people were included in the “To:” field, in the clear, and not BCCed. Apple would never do that.

My email address is not included in the body of the email which it is with Apple correspondences. 
The message is from “The App Store team.” iCloud storage is not managed by the App Store, but by iTunes.

Apple does not call iCloud storage a “Subscription”. It is a “Plan.”

 

Split the content into text and links and let’s see where the links go.

i emailed one of the recipients and the message did not bounce back so the list might consist of real email addresses. Perhaps it was harvested from the Internet.
When i hovered over the “update your payment method” link it showed a destination of “jollofrewards.com. Not Apple’s domain. When i clicked on the link it sent me to a page on benzinejeans.com. More about that later.

Jollof Rewards is an insurance company. Benzine Jeans main website is down for updating.
Benzine Jeans being down could be a sign that their website was compromised and they are doing repairs.

Now we are on to something.

When i clicked on the “update your payment method” link in the email i was sent to a convincing Apple ID sign in page.
The site was identical to Apple’s except for some font differences. Also, the Password field was shown while Apple reveals the password field only after you enter the Apple ID.

i entered a made up Apple ID and password. The page logged me in with my fake credentials and a dialog appeared saying that “Your Apple ID has been locked for security reasons. Please verify your Apple ID.” i clicked “Continue.”  An Account Verification page appeared showing my fake Apple ID. Here they wanted my Name, Date of Birth, Telephone number, Social Security number, home address, Credit Card name, Credit card number, expiry date (Apple would have called it an “expiration” date), Card security code, ATM security code and to choose a Security question and provide an answer.
Apple would never ask for much of this information. No account asks for your Social Security number. Asking for an ATM pin is the same thing as asking you for a password. It just isn’t done by a legitimate organization.

 

Imagine if someone had blindly clicked on the email link and provided all the information truthfully on this fake website. These bad guys would have stolen their identity.

Don’t be fooled.

Use Split-half analysis and critical thinking to navigate this electronic world we live in.

Never trust a computer.

Related Posts

Leave a Reply