I have more news on the previous post about being phished. Read about it at the updated post here.

UPDATE 28/05/10: Some more news about this below.

About two hours ago, I got a rather unusual email. So much so, I’m posting this immediately. At about 6am, after spending several hours downloading (or waiting for the download to finish rather) a backup file of my site, I noticed an email in my inbox. The following is an account of some good sceptical thinking, balanced with the wish to serve my customers well…

Note: I’ve included all normal formatting of my email notifications that come through my site. This will become important later…

Order inquiry

Lillian Garelick [lilliangarelick@yahoo.com]

Hello Good day and how are you i am interested in ordering from you some of the Puppets you have for sale and will like to known if you could ship to my Address in Japan.

Will Appreciate to read back from you in the mail asap.

This message was sent via the messaging system on Puppets in Melbourne - Professional Shadow Puppets. http://www.puppetsinmelbourne.com.au/shop.php

Naturally I was pretty excited to get an inquiry about my products, but as usual get a little annoyed when people can’t figure out how to use the very obvious ‘buy me’ buttons and the like. It’s also fairly obvious if people bothered to reading my shop FAQs and policies that I ship anywhere, but I digress…?

The reason it’s important to include the bottom info of the email is that as you can see, it tells me what page of my site the person was looking at when they send it: making it easier to track down in my web stats. Also important. Whenever I get an email (comment, inquiry, whatever, via my site’s email form) I log into my webstats account to find out more info about how they found my site, what they looked at, etc. It may seem like spying, but it tells me a lot about how I can help the person (ie. if they inquire about Pelham puppets but don’t actually read the Pelham puppets post, etc etc) as well as where my marketing strategies are working or failing.

So it was when I checked my stats for this one, and noticed something odd (for easier reading, I’ve slightly formatted the stats):

Host Name? 41.204.252.168. IP Address 41.204.252.168. ISP AFRINIC. Domain STARCOMMS.COM
Country ??? NIGERIA. Returning Visits - 0 Date Time WebPage
25 May 2010 ???? 04:47:53
?? Send an email message - Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redirect_t
o=http%3A%2F%2Fwww.puppetsinmelbourne.com.au%2Fshop.php
http://www.puppetsinmelbourne.com.au/
25 May 2010 04:47:47
Page title not available
http://www.puppetsinmelbourne.com.au/htsrv/message_send.php
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redire
ct_to=http%3A%2F%2Fwww.puppetsinmelbourne.com.au%2Fshop.php
25 May 2010 ?04:45:54 ??
Send an email message - Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/shop.php?disp=msgform&recipient_id=1&redirect_to=http%3A%2F2Fwww.puppetsinmelbourne.com.au%2Fshop.php
http://www.puppetsinmelbourne.com.au/
25 May 2010 04:45:10
Puppets in Melbourne - Professional Shadow Puppets
http://www.puppetsinmelbourne.com.au/
http://www.puppetryaustralia.info/pupaus_03/puppets_4_sale.html

At the bottom (or just above this text) you can see they found my site via Puppetry Australia, which isn’t so unusual. Lots of my hits come from there: though none of my sales funnily enough. No, the odd bit is that the IP address is listed as coming from Nigeria. Even without the obvious suspicion of scams, most of my sales/inquiries don’t come from the African continent. In fact, they never come from there. And that’s not including the most obvious thing of all: the person said they were in Japan. Of course, that doesn’t mean much since many people hide their real IP, although I’ll note that the email headers specify no relays were used. (I’ll also note that I have email filters on my site - you spam me, I block your email address. The htrsv/message_send.php url appears either when you haven’t filled the turing test in properly, or when the email filter bans you from emailing me.)

So I wrote a short but polite note back, giving the person the benefit of the doubt…

Thanks for your inquiry: yes, I ship anywhere in the world including Japan.
All of my current products are listed for sale here:
http://www.etsy.com/shop/puppetsinmelb
You can browse the listings and check the shipping prices quoted for each.

Let me know if you have any further questions.

Now here’s where it gets interesting. Not a few minutes later, I get this response. I’ll add my own editorial comments in between, since it’s easier to read (the reply is long):

Naomi,

Good to read back from you and i really appreciate your response to my inquiry,
the items that will be needed are stated below:
Oyster Shadow Puppet
Qty Needed …………………. 40
Seahorse Shadow Puppet
Qty Needed …………………. 40
Candy Eyes
Qty Needed …………………. 40

At first, I didn’t read this bit (being annoyed that they don’t seem to understand the concept of ‘use Etsy to make the order’), but then when drafting my reply, saw the quantity. It was even more clear from this that it was a fake inquiry, since who in their right minds orders 120 puppets? And 40 of each? Too weird for words…

?Also i have my delivery address stated below:
1-7-1 Konan Minato-Ku
Tokyo, 108-0075,
Japan

This is an after-thought, once I started writing this up… but thinking about the below comments about the whole transaction, I did a quick google on the address. It occurred to me: how do I know the address is real or not? It’s a good fake out because people from overseas won’t know if it is. Unless they google that is. This is what I found.

Concerning the shipping , the likes of UPS, DHL and others? always don’t take care of the charges down here. Charges like handling, customs and duties etc.? We have experienced? such situation before? and i don’t want to experience such a thing again,you do not need to worry about the stress involve and all documentations because i have a shipping company that have delivered to me in the past,i really like their services ,I will like you to contact the shipper SHIPPING LINK COURIER SERVICES at there email (shippinglink79@gmail.com) which i used in the past immediately at the provided email Below:
shippinglink79@gmail.com

Ok, at this point I’m like “what the?” What are you on about? Who asks to use a shipping courier whose only method of contact isn’t a website but a gmail address? Lucky for me, I’m used to doing a little digging on companies (years of checking out acting agents ? don’t ask) and am smart enough to at least do a google. No results for the name (“Shipping Link” or “Shipping Link Courier Services”), or for either email address (Lillian’s or the shippinglink one).

Mainly though, I’m just pissed off that someone thinks they can tell me how I should run my business. If it’s legit, they have a lot of hubris. Luckily I doubt they’re anything but a scam.

You should notify them with my customer id#JP34572948J, pickup address, my delivery address together with the total cost of items.
I will need you to obtain a quote from Shipping Link Courier immediately and get back to me with:?
Total cost of items
Total cost of shipping via Shipping Link Courier
Total cost of both items and shipping?
Once i get these details, i will proceed by sending you the credit card information which the charges should go to.

Yeah, I really don’t want your credit card number. If this was a legit inquiry, then you wouldn’t be emailing me your frigging credit card number (or address for that matter), and you would be smart enough to figure out that Etsy and similar sites work wonderfully because they create a wall of protection between seller and buyer.

Thanks and i look forward to reading back from you with a quotation. I really appreciate your efforts towards the Success of this order.?
Kind Regards,

Well, at this point I’m very suspicious (not having done the google check for the address yet), but still, I’ll give them the benefit of the doubt. Besides, I’m smart enough to know that the customer isn’t always right and to stick to my guns when I don’t want to be pushed into something I’m not comfortable with. So I reply:

Hi Lillian,
Please make an order using the link provided; not only does it deal with all the transaction stuff, but this way I don’t have to collect any information from you about payments (such as credit card numbers) which protects your privacy and secures said information. (I also can
not process credit card transactions myself) The site will also calculate the total price + shipping costs for you based on your location.

I appreciate your concerns about shipping, however as I’m located in Australia and use the excellent services of our Australia Post, I would rather ship through them. I can arrange to have the items shipped as registed/insured (which obviously raises the cost of shipping, but does give you extra protection if things get lost or damaged). ?I’m not familiar with Shipping
Link Courier, and can’t seem to find any information about them on the net and don’t feel comfortable sending anything through a company I’ve never used before.

I got a reply pretty quick before, but about an hour later and still nothing… Not that I expect anything back! It was only after sending the last email that I really started to think about how this scam works…?

Evidently, the trick to this scam is that you email the gmail (), get a ‘quote’, then pay for the ‘shipping’. Likely the code provided above as the customer id is probably just used for differentiating which payment came from where (or if this is a group effort, which person gets the commission/total). The trick is not only in scamming you out of some money (probably why the quantity of items is so high, so that you’re forced into paying a reasonable amount for ‘shipping’), but in the whole transaction. It doesn’t sound as if it’s a “pay for shipping first, then I’ll pay you” sort of thing. Most likely, the credit card that would be used to pay for the order is stolen or fake. At which point, two people get screwed: the seller, and whoever they’ve stolen the credit card from. The puppets/order gets returned, because as we see above, the address isn’t real, and by this point it doesn’t matter because the scammers have gotten your money already.

I have to admit though, this is a really personalised phishing exercise, and it wouldn’t surprise me if it didn’t get other people who were less cautious or too anxious for sales; or just too na?ve. Even without knowing anything about being a ‘net’ detective, IP addresses, or anything, you can easily figure out if the inquiry is a scam or not. So long as you’re a little sceptical of odd requests of course!

What makes this sad though is that they could be targeting other puppeteers: remember the referral page? Puppetry Australia isn’t all that popular (or active), and one would have to be specifically looking for puppetry subject matter to get there; or rather, to get to my site from there. So if you’re getting similar emails, don’t bother replying. The benefit of the doubt may be useful, but far more useful is the ability to say no to customers. Especially ones who are so darn fake. UPDATE 28/05/10: I have not received any reply from my above message, however, I have received news from a similarly-linked (on Puppetry Australia) Aussie puppet seller who was indeed contacted using the exact same text and email address. Please beware!

I had a post all written for today, but on checking my email before pushing publish, I received an email. An email so odd, that I’m not only posting its contents, not only doing it in lieu of something else pretty big, but I’m creating a whole new category on my blog page. (I hope Part Two never arrives)

You see, I get emails. I get emails from people asking me questions about puppetry in Australia. Sometimes I get questions about puppetry; with no location given. Sometimes I get random emails from people just to tell me they’re glad to see someone talking about puppetry. I’ve had multiple random emails from people asking me to view their Youtube videos (not spam, I mean puppet-related). I get emails about link exchanges, but this, this is really the weirdest of them all. And it’s only weird if you’re me, or anyone who knows me, or anyone who spends more than two minutes browsing my site. In fact, it’s only weird if you, you know, bother reading anything on my site at all.

This email comes courtesy from someone seeing the event notification on Puppets and Stuff for my School of Puppetry next year. On the home page, new and upcoming events are posted. The following is the text for the ad:

"(I can’t believe I hadn’t posted this here yet… I’ve already got many places filled, so those Aussies should book now if you plan on coming!) So you’ve seen Avenue Q, Sesame St and The Muppets and want to build your own puppet? Perfect! Puppets in Melbourne presents the School of Puppetry, where for six weeks you get to make your very own muppet-type puppet! Learn everything from design and character to materials and tools; from making the head to attaching rods! Basic design, building with foam, methods of operation; you’ll learn everything to make your very own professional-looking puppet. Included in the classes are easy-to-follow worksheets, patterns, your very own puppet stand for display at home, a short lesson on performing with your puppet, and much more. And of course, you get to KEEP the puppet you make! You don’t have to have craft experience, just enthusiasm!

Dates: Saturdays 23rd, 30th Jan; 6th, 13th, 20th, 27th Feb 2010. Times: 9am - 4pm. Venue: Meeting Room at Northcote Library, 32-38 Separation St, Northcote (Melbourne). Cost: $318 per person, inclusive of materials and tools (add another $30 for a copy of The Foam Book, an industry standard resource and accompaniment to the classes). Places are limited to 20 people. More info and online registration at http://www.schoolofpuppetry.com.au"

Fairly standard stuff right. And if you’d read it, you might get some clues as to why the following email (with identifying info removed. A lot of the email in fact, is identifying info with a bio and history of the person involved) is so damn odd to me:

"Dear Madam /  Sir,

Let me introduce to you a well-known Czech actor and puppet theatre actor, educator [name removed].

In 1972, [named person attended such and such… performance history].

[Person named]’s professional career was interrupted in 1976 because of political persecution. Since that time, till the end of the communist rule in the former Czechoslovakia, he was taking part in unofficial cultural projects and in various happenings. As a member of the [company] he was appearing in three non-conform performances that were meeting with a good response in so called unofficial cultural society. 

In 1985, [more history]. 

Since the changes of the political climate at the end of the last decade, he has been professionally engaged as an actor in the [company] in Prague. With this theatre, [person named] appeared on stage in almost all European countries. In 1996, he took part in the theatre tour in England (especially trough [sic] the County of Kent), in 1997 he took part in several theatre festivals in former Yugoslavia, [examples given].

With his pantomime performance, he took part in the following festivals or tours:

[Range of years and international tours] 

[Person named] will be pleased to take part in your school (performance or show, show for children) in year 2010 or 2011.

I hereby send a reference to [person named]’s website and I also attach some pictures from his performances.

[URL to person named’s website. My blogging system doesn’t allow uploads via the contact function, so I received no images.]

Please let me know whether you find this proposal interesting.

Thank you,

Best regards,

[Name of someone else entirely]"

Now I know the title ‘School of Puppetry‘ can confer prestige on an event that is slightly unwarranted, and that indeed this was kind of the promotional effect I was going for. But can someone tell me, where in the above ad, it suggests that this ‘School’, this six-week event, held in a library, which includes information about puppet building classes and NOT anything else, could lead anyone to conclude that the ‘School’ is in fact: a building or institution in its own right, with regular funding, that could support and pay for an international artist to attend and perform, that has anything to do with performances themselves (producing, programming, or presenting any performances at all, adult or otherwise), or that, based on the info provided about the artist (much of which you can’t see) the person would have any relevance at all to the event that I have proposed. … Besides, what the hell does "performance or show, show for children" mean? A performance for adults, but a show for children? … :?:

I know that sounds harsh, so here counter it with what I replied which is much more polite (but still bewildered):

"Hi [name of someone else entirely],

Thank you for sending me the information about [person named]. However, I think there is some confusion: the ‘School of Puppetry‘ is merely a title, it’s not a large organisation or institution. The event I am running is a small six-week workshop for adults to learn how to make muppet-style puppets in a library in Melbourne, Australia. It’s the first time I’m running such classes, and the title ‘School of Puppetry‘ is mainly to encourage local people to register for the event.

Though I appreciate the interest, I am a one-woman company with no funding who can offer no international collaborations, productions or programming of any sort. I don’t present performances myself or work with large theatrical companies, I’m just a puppet maker who’s offering some building workshops.

I’m sorry I can’t assist, but I have bookmarked [person named]’s website (I keep a pretty large database of puppetry links) and wish him and yourself luck in finding opportunities for performance.

Regards,

Naomi Guss"

The worst thing about this email? The person spent three minutes looking at the SOP website, literally the first six seconds on the ‘More’ page (where, you know, the important info is) before heading to the other pages, only to spend the last two minutes actually typing in that message.  

Seriously, I’m now going to have a policy of: if you send me weird emails, emails that include your inability to read what’s already on my website, inability to use critical thinking or comprehension skills, then be prepared to either have me not reply, or have your email posted here.

Cause this is just getting silly now