Press 4 To Give Us All Your Money

By | November 22, 2011
1 Comment

I guess it had to happen: phishers are not only trying to snag you by setting up fake banking websites, now they’re trying to snag you by setting up fake switchboards too.

Tim McElligott writes in Telephony Online that scammers “posing as a financial institution and using a VoIP phone number e-mailed people asking them to dial the number and enter the personal information needed to gain access to their finances.” Simply put, the phishers in this case aren’t directing you to a fake website where you enter your password and other data sufficient for them to empty your account; they’re directing you to an automated phone service, where you’d give the same details.

The information comes from Cloudmark (“the proven leader in messaging security solutions for service providers, enterprises and consumers”), which claims in a press release that it has seen two separate such attacks this week:

In these attacks, the target receives an email, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem. Callers are then connected over VoIP to a PBX (private branch exchange) running an IVR [an automated voice menu] system that sounds exactly like their own bank’s phone tree, directing them to specific extensions. In a VoIP phishing attack, the phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN.

As Telephony Online points out, setting up this kind of phone network is easy. “Acquiring a VoIP phone number is about as hard as acquiring an IP address or a domain name,” it quotes Adam O’Donnell, senior research scientist at Cloudmark, as saying. “Phishers figured out how to quickly and fraudulently get that information a long time ago.” An old PC with a voice modem card and with a little PBX software and you’ve got a company’s phone tree which can sound exactly like your bank, O’Donnell says.

This all makes sense. Indeed, we should have seen it coming. It’ll be interesting to see how banks cope with this. Right now their argument has been that if in doubt, a customer should phone them. That no longer is as watertight an option. They could argue that customers should not respond to any email they receive, but that’s also not always true. Banks and other financial institutions need to communicate with customers.

One solution to this is the signature: Postbank last month launched a service where all its emails to customers come with an electronic signature. The only problem with this is that most email clients don’t support the service — only Microsoft Outlook. This is a bit like giving customers a lock that only works on certain kinds of door.

Perhaps banks are just going to have to pick up the phone. If customers are now under threat from automated phone trees maybe the solution is not more technology, but less? A cost the phishers are unlikely to be able to bear would be an actual voice on the other end of the line that sounded familiar and authentic. The only question then would be for the customer to establish the authenticity of the banking assistant.

Book Launch Parties. Not Just For Authors

By | November 22, 2011
0 Comment

The NYT/IHT has a piece by Rachel Donadio on how the New York literary set is now eschewing book launch parties, apparently because they have belatedly realized they don’t actually create much of a buzz for books. No mention of the rise of print on demand, the e-book or successes like 37 Signals’ recent instant bestseller Getting Real.

But what I liked was the ‘Luvvie’ moment at the end, when Fran Lebowitz, veteran partygoer and writer, suggests that parties shouldn’t just be held for writers:

The line you hear most often today is that the book party is “just for the author.” And why not? “When you finish a book – not that I have a lot of experience finishing them – it’s such a Herculean effort that you feel that you deserve everything,” Lebowitz said. “It’s like coal mining. The only people I feel sorrier for are coal miners. And they never have parties; they sometimes don’t live through the day. But I’m sure if you ask them each day when they come out of the mine if they think they’d want people passing around canapés, they’d say yes.”

This raises all sorts of interesting issues. Beyond the wonderful image of a soot-blackened miner emerging from the gloom and looking forward to a beer and a soak being accosted by a waitress proffering a champagne flute and a platter of hors d’oeuvres. First couple of days it might be fun but it might wear off. I do like the idea though. What other professions might it work for? Car mechanics? (“I’m home, dear. Sorry abot the axle grease on the doorknob. Ooo! A surprise party? For moi? And foie gras!” Accountants, emerging from behind their computer screens to a tickertape parade celebrating their dizzying work on the Flubelstein Account? (“Drink up Johnson. We’ve got some dancing girls jumping out of an oversized ledger in the next cubicle.”) The possibilities are endless.

Revisiting the Kryptonite Affair

By | November 22, 2011
1 Comment

(This post is also available as an experimental Loose Wireless podcast )

Remember the Kryptonite Affair? It was back in September 2004 when a company that sold bicycle locks crashed into the power of forums and blogs and came away battered and bleeding when it failed to respond in Internet time to complaints that some of its bicycle locks could be opened with a Bic pen. Here was my take at the time (well, not exactly at the time; I was only a couple of months late). Kryptonite became a poster boy of how not to handle adverse PR when it comes via the Internet. (A Google search for BIC Kryptonite throws up more than 51,000 hits.)

But now a reassessment of Kryptonite’s response has begun with a post by Dave Taylor, a writer, speaker, entrepreneur and blogger. Dave interviews Kryptonite PR chief Donna Tocci, and concludes that Kryptonite’s response was in fact measured and swift. Instead, he says, a myth has developed around the whole incident that should be laid to rest:

Always remember that ultimately the company has to meet its market, too, not vice versa. Oh, and don’t discount the effect of mythologizing along the way too: Kryptonite handled its situation with savvy and professionalism and has recovered its position, but the “myth” of bic pens and the crushing blow of blogging has grown far beyond the reality of the situation.

An interesting perspective. But what myth, exactly? That BIC pens can’t open some Kryptonite bike locks? Yes, they can. Indeed, Donna was quoted by the NYT at the time as making the argument that arguing that locks made by other manufacturers shared the same vulnerabilities.

Then there’s the “myth” of Kryptonite’s allegedly slow and leaden response to the whole thing. Dave says a myth emerged that “the company wasn’t paying attention to the blogosphere and that it took weeks for it to learn that there was a problem”. Hugh MacLeod of gapingvoid at the time was merciless in his chronology, saying that there was nothing on the Kryptonite website to suggest there was a problem with the bike locks until at least Day Seven. This is not exactly true. Kryptonite did post something within a few days on its website offering free replacements to any owner “concerned about the security of this lock” while not acknowledging there were problems with the locks, or indeed, why customers might, or should, be concerned.

But is Dave right in saying that the myth wasn’t true, since “Donna and her team were aware of the problem from the very first day”? Well, a couple of things here. Just because Kryptonite was aware of the problem from the first day doesn’t lessen the problem. Even Donna herself acknowledges that she should have posted “a note on our website about us working on the issue a day or two earlier.” Indeed, one could argue that if they did know about the problem from day one, they should have put something on their website to reassure customers, or given them some hint that there was a problem, before they started doing anything else.

Indeed, what is surprising about the whole episode was not the discovery that some bike locks could be opened with a plastic biro, but that information along these lines had been available for 12 years in the form of an article in a biking magazine. Obscure, maybe, but if the argument is that the blogosphere is just too big too monitor effectively, what about bicycle magazines? How many are there in the world? Maybe 200? 1,000? Is that too many to monitor, over a 12-year period?

The bigger point is that the issue spread like wildfire when it resurfaced 12 years on because of the Internet. That’s what the Internet does, or can do. Kryptonite’s failure was letting down its customers who looked to its website for guidance. So when Donna says “we know that the majority of the people who participated in our lock exchange program heard about it from traditional media sources”, instead of this being evidence to back up Dave’s skepticism that “a lot of blog pundits are fond of pointing to this situation as an example of why companies need to keep track of the so-called blogosphere”, I’d say it highlights the opposite.

If you visit a company website a day or two after damaging news has broken about that company’s products, and there’s no sign of any acknowledgement on the website about this, why would you then keep revisiting it until there is something there? It may not be fair, and it may not fit your schedule, but the Internet requires an in-time response, even if it’s just “we are looking into reports that there’s a problem with some of our products. If you’re concerned, drop us an email and we’ll get back to you.” It’s not rocket science.

So, Dave is right in that Kryptonite will forever be associated with PR problems in the Internet age, and it’s good to get a bit of balance in there. But perhaps the myth he is pointing to is that Kryptonite as a company and brand were permanently hobbled by the episode. Donna — who still has her job — agrees, saying the brand is not “as damaged as the blogosphere would have you believe”. She gives no sales figures. But she also acknowledges that the tubular lock — the source of all the problem — no longer exists as a Kryptonite lock. Indeed, more than 380,000 of them have been replaced. She’s a good PR person: she portrays this as a positive, a sign of the company’s logistical skill. But how could one argue the demise of one’s main product, and the expensive replacement of hundreds of thousands of units, as a good thing? I’d say that it’s a pretty fitting testament to the power of the Internet. On balance, I’d say, the “myth” stands.

Revisiting the Kryptonite Affair

By | November 22, 2011
0 Comment

Remember the Kryptonite Affair? It was back in September 2004 when a company that sold bicycle locks crashed into the power of forums and blogs and came away battered and bleeding when it failed to respond in Internet time to complaints that some of its bicycle locks could be opened with a Bic pen. Here was my take at the time (well, not exactly at the time; I was only a couple of months late). Kryptonite became a poster boy of how not to handle adverse PR when it comes via the Internet. (A Google search for BIC Kryptonite throws up more than 51,000 hits.)

But now a reassessment of Kryptonite’s response has begun with a post by Dave Taylor, a writer, speaker, entrepreneur and blogger. Dave interviews Kryptonite PR chief Donna Tocci, and concludes that Kryptonite’s response was in fact measured and swift. Instead, he says, a myth has developed around the whole incident that should be laid to rest:

Always remember that ultimately the company has to meet its market, too, not vice versa. Oh, and don’t discount the effect of mythologizing along the way too: Kryptonite handled its situation with savvy and professionalism and has recovered its position, but the “myth” of bic pens and the crushing blow of blogging has grown far beyond the reality of the situation.

An interesting perspective. But what myth, exactly? That BIC pens can’t open some Kryptonite bike locks? Yes, they can. Indeed, Donna was quoted by the NYT at the time as making the argument that arguing that locks made by other manufacturers shared the same vulnerabilities.

Then there’s the “myth” of Kryptonite’s allegedly slow and leaden response to the whole thing. Dave says a myth emerged that “the company wasn’t paying attention to the blogosphere and that it took weeks for it to learn that there was a problem”. Hugh MacLeod of gapingvoid at the time was merciless in his chronology, saying that there was nothing on the Kryptonite website to suggest there was a problem with the bike locks until at least Day Seven. This is not exactly true. Kryptonite did post something within a few days on its website offering free replacements to any owner “concerned about the security of this lock” while not acknowledging there were problems with the locks, or indeed, why customers might, or should, be concerned.

But is Dave right in saying that the myth wasn’t true, since “Donna and her team were aware of the problem from the very first day”? Well, a couple of things here. Just because Kryptonite was aware of the problem from the first day doesn’t lessen the problem. Even Donna herself acknowledges that she should have posted “a note on our website about us working on the issue a day or two earlier.” Indeed, one could argue that if they did know about the problem from day one, they should have put something on their website to reassure customers, or given them some hint that there was a problem, before they started doing anything else.

Indeed, what is surprising about the whole episode was not the discovery that some bike locks could be opened with a plastic biro, but information along these lines had been available for 12 years in the form of an article in a biking magazine. Obscure, maybe, but if the argument is that the blogosphere is just too big too monitor effectively. Fair argument, but bicycle magazines? How many are there in the world? Maybe 200? 1,000? Is that too many to monitor, over a 12-year period?

The bigger point is that the issue spread like wildfire when it resurfaced 12 years on because of the Internet. That’s what the Internet does, or can do. Kryptonite’s failure was letting down its customers who looked to its website for guidance. So when Donna says “we know that the majority of the people who participated in our lock exchange program heard about it from traditional media sources”, instead of this being evidence to back up Dave’s skepticism that “a lot of blog pundits are fond of pointing to this situation as an example of why companies need to keep track of the so-called blogosphere”, I’d say it highlights the opposite.

If you visit a company website a day or two after damaging news has broken about that company’s products, and there’s no sign of any acknowledgement on the website about this, why would you then keep revisiting it until there is something there? It may not be fair, and it may not fit your schedule, but the Internet requires an in-time response, even if it’s just “we are looking into reports that there’s a problem with some of our products. If you’re concerned, drop us an email and we’ll get back to you.” It’s not rocket science.

So, Dave is right in that Kryptonite will forever be associated with PR problems in the Internet age, and it’s good to get a bit of balance in there. But perhaps the myth is that Kryptonite as a company and brand were permanently hobbled by the episode. Donna — who still has her job — claims the brand is not “as damaged as the blogosphere would have you believe”. She gives no sales figures. But she also acknowledges that the tubular lock — the source of all the problem — no longer exists as a Kryptonite lock. Indeed, more than 380,000 of them have been replaced. She’s a good PR person: she portrays this as a positive, a sign of the company’s logistical skill. But how could one argue the demise of one’s main product, and the expensive replacement of hundreds of thousands of units, as a good thing? I’d say that it’s a pretty fitting testament to the power of the Internet. On balance, I’d say, the myth stands.

The Future of Animal Advertising

By | November 22, 2011
0 Comment

For those of you who listen to podcast versions of my slot on the BBC World Service, this isn’t one. Apologies. What this is is what I hope will be the beginnings of more regular podcast fare known, tentatively, as Loose Wireless. To start off, it’s just me yakking away on subjects that interest me, either stuff I’ve already written about or stuff I’m reading about. I’m hoping to be joined by a few collaborators later, but for now it’s just an experiment. If it doesn’t take up too much time, and there’s an appetite for it, I’ll try to do more. Here’s today’s edition of Loose Wireless, which takes a look at three stories in today’s International Herald Tribune, which seem to carry a theme, best described as: Could cows be the next form of online advertising?

Here it is