I have more news on the previous post about being phished. Read about it at the updated post here.

Well, as usual my bandwidth was hitting its limit. Yesterday it was pretty clear it would clock 100%, with still four days left til the end of the month. My pattern sales have been pretty decent (although not this month, it’s been very very slow this month) to cover an increase in fees, so I headed to Web Hosts Australia - my very awesome hosting company, and yes, I’m giving them a huge plug… cause they’re awesome - to see what the next plan was.

I saw the plan wasn’t too bad, only a $15 increase, which on the monthly average of pattern sales I could probably cover. But you know, I need a lot of bandwidth and not so much of an increase in storage space. So I wondered if the hosting company could make a custom plan for me. (It never hurts to ask, and if not, I’d upgrade anyway. It’s tempting to consider finding another cheaper host; but what I lose in dollars I more than make up for with friendly and timely assistance, practically 24/7 uptime, and practically no issues in terms of any other problems. After experiencing a really crappy host I appreciate the good ones when they come along and respect this company for the way it treats other customers as well as their competitors after having read replies and inquiries on other sites)

Anyway, the good news is: after giving them a rough calculation of what bandwidth I was using/needed, they bumped me up to a higher limit free of charge. And then gave me more-than-reasonable (read: cheap) rates per gig per month if I still hit my limit after that. 

Apparently I’m a "valued customer"!

You know, they’ve been so wonderful, I’m sorely tempted to start putting a link in my footer (why not, I do it for b2evolution, my blog platform, which is free!). But for now, this will do.

Web Hosts Australia, you rock!

UPDATE 28/05/10: Some more news about this below.

About two hours ago, I got a rather unusual email. So much so, I’m posting this immediately. At about 6am, after spending several hours downloading (or waiting for the download to finish rather) a backup file of my site, I noticed an email in my inbox. The following is an account of some good sceptical thinking, balanced with the wish to serve my customers well…

Note: I’ve included all normal formatting of my email notifications that come through my site. This will become important later…

Order inquiry

Lillian Garelick [lilliangarelick@yahoo.com]

Hello Good day and how are you i am interested in ordering from you some of the Puppets you have for sale and will like to known if you could ship to my Address in Japan.

Will Appreciate to read back from you in the mail asap.

This message was sent via the messaging system on Puppets in Melbourne - Professional Shadow Puppets. http://www.puppetsinmelbourne.com.au/shop.php

Naturally I was pretty excited to get an inquiry about my products, but as usual get a little annoyed when people can’t figure out how to use the very obvious ‘buy me’ buttons and the like. It’s also fairly obvious if people bothered to reading my shop FAQs and policies that I ship anywhere, but I digress…?

The reason it’s important to include the bottom info of the email is that as you can see, it tells me what page of my site the person was looking at when they send it: making it easier to track down in my web stats. Also important. Whenever I get an email (comment, inquiry, whatever, via my site’s email form) I log into my webstats account to find out more info about how they found my site, what they looked at, etc. It may seem like spying, but it tells me a lot about how I can help the person (ie. if they inquire about Pelham puppets but don’t actually read the Pelham puppets post, etc etc) as well as where my marketing strategies are working or failing.

So it was when I checked my stats for this one, and noticed something odd (for easier reading, I’ve slightly formatted the stats):

Host Name? 41.204.252.168. IP Address 41.204.252.168. ISP AFRINIC. Domain STARCOMMS.COM
Country ??? NIGERIA. Returning Visits - 0 Date Time WebPage
25 May 2010 ???? 04:47:53
?? Send an email message - Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redirect_t
o=http%3A%2F%2Fwww.puppetsinmelbourne.com.au%2Fshop.php
http://www.puppetsinmelbourne.com.au/
25 May 2010 04:47:47
Page title not available
http://www.puppetsinmelbourne.com.au/htsrv/message_send.php
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redire
ct_to=http%3A%2F%2Fwww.puppetsinmelbourne.com.au%2Fshop.php
25 May 2010 ?04:45:54 ??
Send an email message - Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redirect_to=http%3A%2F2Fwww.puppetsinmelbourne.com.au%2Fshop.php
http://www.puppetsinmelbourne.com.au/
25 May 2010 04:45:10
Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/
http://www.puppetryaustralia.info/pupaus_03/puppets_4_sale.html

At the bottom (or just above this text) you can see they found my site via Puppetry Australia, which isn’t so unusual. Lots of my hits come from there: though none of my sales funnily enough. No, the odd bit is that the IP address is listed as coming from Nigeria. Even without the obvious suspicion of scams, most of my sales/inquiries don’t come from the African continent. In fact, they never come from there. And that’s not including the most obvious thing of all: the person said they were in Japan. Of course, that doesn’t mean much since many people hide their real IP, although I’ll note that the email headers specify no relays were used. (I’ll also note that I have email filters on my site - you spam me, I block your email address. The htrsv/message_send.php url appears either when you haven’t filled the turing test in properly, or when the email filter bans you from emailing me.)

So I wrote a short but polite note back, giving the person the benefit of the doubt…

Thanks for your inquiry: yes, I ship anywhere in the world including Japan.
All of my current products are listed for sale here:
http://www.etsy.com/shop/puppetsinmelb
You can browse the listings and check the shipping prices quoted for each.

Let me know if you have any further questions.

Now here’s where it gets interesting. Not a few minutes later, I get this response. I’ll add my own editorial comments in between, since it’s easier to read (the reply is long):

Naomi,

Good to read back from you and i really appreciate your response to my inquiry,
the items that will be needed are stated below:
Oyster Shadow Puppet
Qty Needed …………………. 40
Seahorse Shadow Puppet
Qty Needed …………………. 40
Candy Eyes
Qty Needed …………………. 40

At first, I didn’t read this bit (being annoyed that they don’t seem to understand the concept of ‘use Etsy to make the order’), but then when drafting my reply, saw the quantity. It was even more clear from this that it was a fake inquiry, since who in their right minds orders 120 puppets? And 40 of each? Too weird for words…

?Also i have my delivery address stated below:
1-7-1 Konan Minato-Ku
Tokyo, 108-0075,
Japan

This is an after-thought, once I started writing this up… but thinking about the below comments about the whole transaction, I did a quick google on the address. It occurred to me: how do I know the address is real or not? It’s a good fake out because people from overseas won’t know if it is. Unless they google that is. This is what I found.

Concerning the shipping , the likes of UPS, DHL and others? always don’t take care of the charges down here. Charges like handling, customs and duties etc.? We have experienced? such situation before? and i don’t want to experience such a thing again,you do not need to worry about the stress involve and all documentations because i have a shipping company that have delivered to me in the past,i really like their services ,I will like you to contact the shipper SHIPPING LINK COURIER SERVICES at there email (shippinglink79@gmail.com) which i used in the past immediately at the provided email Below:
shippinglink79@gmail.com

Ok, at this point I’m like “what the?” What are you on about? Who asks to use a shipping courier whose only method of contact isn’t a website but a gmail address? Lucky for me, I’m used to doing a little digging on companies (years of checking out acting agents ? don’t ask) and am smart enough to at least do a google. No results for the name (“Shipping Link” or “Shipping Link Courier Services”), or for either email address (Lillian’s or the shippinglink one).

Mainly though, I’m just pissed off that someone thinks they can tell me how I should run my business. If it’s legit, they have a lot of hubris. Luckily I doubt they’re anything but a scam.

You should notify them with my customer id#JP34572948J, pickup address, my delivery address together with the total cost of items.
I will need you to obtain a quote from Shipping Link Courier immediately and get back to me with:?
Total cost of items
Total cost of shipping via Shipping Link Courier
Total cost of both items and shipping?
Once i get these details, i will proceed by sending you the credit card information which the charges should go to.

Yeah, I really don’t want your credit card number. If this was a legit inquiry, then you wouldn’t be emailing me your frigging credit card number (or address for that matter), and you would be smart enough to figure out that Etsy and similar sites work wonderfully because they create a wall of protection between seller and buyer.

Thanks and i look forward to reading back from you with a quotation. I really appreciate your efforts towards the Success of this order.?
Kind Regards,

Well, at this point I’m very suspicious (not having done the google check for the address yet), but still, I’ll give them the benefit of the doubt. Besides, I’m smart enough to know that the customer isn’t always right and to stick to my guns when I don’t want to be pushed into something I’m not comfortable with. So I reply:

Hi Lillian,
Please make an order using the link provided; not only does it deal with all the transaction stuff, but this way I don’t have to collect any information from you about payments (such as credit card numbers) which protects your privacy and secures said information. (I also can
not process credit card transactions myself) The site will also calculate the total price + shipping costs for you based on your location.

I appreciate your concerns about shipping, however as I’m located in Australia and use the excellent services of our Australia Post, I would rather ship through them. I can arrange to have the items shipped as registed/insured (which obviously raises the cost of shipping, but does give you extra protection if things get lost or damaged). ?I’m not familiar with Shipping
Link Courier, and can’t seem to find any information about them on the net and don’t feel comfortable sending anything through a company I’ve never used before.

I got a reply pretty quick before, but about an hour later and still nothing… Not that I expect anything back! It was only after sending the last email that I really started to think about how this scam works…?

Evidently, the trick to this scam is that you email the gmail (), get a ‘quote’, then pay for the ‘shipping’. Likely the code provided above as the customer id is probably just used for differentiating which payment came from where (or if this is a group effort, which person gets the commission/total). The trick is not only in scamming you out of some money (probably why the quantity of items is so high, so that you’re forced into paying a reasonable amount for ‘shipping’), but in the whole transaction. It doesn’t sound as if it’s a “pay for shipping first, then I’ll pay you” sort of thing. Most likely, the credit card that would be used to pay for the order is stolen or fake. At which point, two people get screwed: the seller, and whoever they’ve stolen the credit card from. The puppets/order gets returned, because as we see above, the address isn’t real, and by this point it doesn’t matter because the scammers have gotten your money already.

I have to admit though, this is a really personalised phishing exercise, and it wouldn’t surprise me if it didn’t get other people who were less cautious or too anxious for sales; or just too na?ve. Even without knowing anything about being a ‘net’ detective, IP addresses, or anything, you can easily figure out if the inquiry is a scam or not. So long as you’re a little sceptical of odd requests of course!

What makes this sad though is that they could be targeting other puppeteers: remember the referral page? Puppetry Australia isn’t all that popular (or active), and one would have to be specifically looking for puppetry subject matter to get there; or rather, to get to my site from there. So if you’re getting similar emails, don’t bother replying. The benefit of the doubt may be useful, but far more useful is the ability to say no to customers. Especially ones who are so darn fake. UPDATE 28/05/10: I have not received any reply from my above message, however, I have received news from a similarly-linked (on Puppetry Australia) Aussie puppet seller who was indeed contacted using the exact same text and email address. Please beware!

Tonight I’ve finished off the transfer for the UNIMA Australia site. It’s taken me a few days longer than expected, mainly because of blog bugs. As usual, there’s still a raft of things to do, but at least now I can take a break from it for a while: at most until 8th June when the soft launch happens.

I’m at about 85% of my bandwidth again (sigh, will it never end these bandwidth issues?), so I’m also hanging back from posting much until the start of the month. Rest assured, I’ll do a puppet blog award before the month is out.