It's easy to assume maliciousness in something like this but it is just as easily explained by just stupidity.
My Fiance has a fairly common name, and is the owner of the associated gmail account (think John.Smith@gmail.com). Several older women in other states have the same name...and seem to repeatedly beleive they have her email. My fiance got so frustrated with Walmart orders, amazon orders, bills, personal emails being sent to her that she tracked one lady down and called her.
The lady got angry that my fiance was 'using her email address and hacking her' and had to have it repeatedly explained that the old lady's email address was in fact slightly different (number at the end). It keeps happening. the lady writes it down wrong, her husband enters it wrong, her HOA (at her new house) enters it wrong. When the HOA got it wrong we told them and they asked us to fix it for them...We finally seemed to get some purchase on behavior change when we cancelled one of her orders via email. But the amount of information/influence we had over her accounts with just email was amazing. At one point, her husband used my fiance's email to register a bank account. We called the bank and after explaining the situation were able to CORRECT the email address for her (we decided that a bank account was serious enough to fix it rather than just be annoyed).
I think its perfectly valid to be concerned this is malicious or evil...but so many people are just inept technology users.
I have a gmail account like this. One day, I got an email confirmation for a rental car reservation. A few months later, I got an email about repair costs for the car. A few months after that, a collection agency emailed me...
Maybe because this was all in Europe, when I said "you have the wrong email address," the agency actually replied that I was right, and I never heard from them again.
People have signed up for Skype and Instagram accounts with my email address.
I've gotten an email intended for my brother.
I get notifications from a pharmacy for a 60+ year old Dutch woman.
I got a hotel booking confirmation with enough information in it to manage the reservation. An ex-colleague works for the OTA who sent it, so I mentioned it and said they need to validate emails. He knew about the problem, and it's somewhere in their backlog.
Validate email addresses, people! There are hidden customer service and legal costs if you don't.
I wonder how many people think that if they're called "John Smith" that Google will a) just make the email for them and b) that they're the only John Smith around the town/state/country
And even if you validate, what'll most likely happen is that people will still type the wrong email then get angry the system didn't guess their correct email
sigh
At least my name is pretty rare, but I've occasionally gotten emails to some with the same first name (think company LDAP email completion)
I'm in exactly the same boat. I was around when Microsoft launched Outlook.com email addresses and managed to snag firstnamelastname@outlook.com. I have a very common english name.
I received private emails from all over the world. When I started I'd reply to each one to explain the situation, but it all became too much and now I just delete it or create filters to send it to junk.
I discovered a distant relative in Ireland because he signed up for job alerts with my email address. Fortunately one of them sent the offer that had his resume embedded in it, so I called him and we had a chat, five minutes later I'm speaking to his 81 year old Nan about her grandfather's brother who moved to Australia.
I've also received Amazon gift cards on the US Father's day. I emailed Amazon every time saying it's a mistake and they should refund it, but they refuse to because the recipient isn't allowed to refuse the gift card only the orderer can change the order.
Reminds me of the couple that lives on a farm that is the default geolocation for 600 million IP addresses. Their farm has been visited by authorities for a long time.
And in my work, we always know the direction to null island, because stray robots will head right for it. I even thought about writing a short story about all the stray / bugged out robots piling up on the seafloor near it.
I have something similar. So imagine you have johnsmith.com as a domain name. And then someone with the same name gets johnasmith.com (there's an a in there for a middle initial). And they use john@johnasmith.com but they and probably others keep missing the "A" in the middle since it's easy to miss. I have email for my domain forwarded to me and the amount of email I get is staggering.
I've talked with the guy via e-mail and he is nice and all so I used to forward them to him but he's never gotten many of them fixed after I asked multiple times so I've stopped.
There is another guy with the same name as me with a similar gmail as mine and I've gotten pretty sensitive emails for him from lawyers, bill collectors, etc. I generally let the senders know in those cases but the rest I ignore.
So yeah, many times it's ineptitude.
I'm kind of surprised in this case, though, why so many restaurants send out food without a credit card or some other method to pay in advance. 9 years ago when it started most just took it on faith and sent food out but pretty much everyone requires pre-payment nowadays.
I share my name with someone who lives in Florida. Actually his first name is spelled differently, but mine is the common variant in English speaking countries.
So from time to time I receive emails directed to him. I know he studied at Miami Dade college, did an exchange year in Venezuela, got a job as a waiter, then switched to multi-level marketing (I almost wanted to email him and suggest to reconsider his career choices). One time I got asked to register to a payroll service and enter my bank account information to receive ACH transfers.
I have the same problem but it has gotten worse. Before I was tracking this guys as he moved from one country to another before settling in Canada. I knew when he got married. His wife mistaken my email address as well. And as he changed his email address to another service, I was receiving his email on that service too.
And then it got worse. Several people coming of adult age started to use my address. First it started out as college papers and then it went to career searches. And now shopping and banking. I don't know who these people are so I can't forward them the emails. But I have gotten their international phone numbers.
I'm a French speaker, thanks. I'm not expecting someone who obviously lives in the US to care enough and input an é, unless the auto-correct does it for you maybe.
You're confusing the (French, I think?) word "fiancée" with the English word "fiancee" derived from it; English uses the 26-character latin alphabet for words. Compare "resume" versus "résumé" or "sushi" versus (IIRC) "すし" or "the" versus "þe" (showing that basic syntax words are not exempt from this).
Nope. For example, any issue of the New Yorker is replete with uses of diaresis (see eg https://www.newyorker.com/culture/culture-desk/the-curse-of-...), and the OED does list fiancé; née and naïve are also pretty common; I was taught to spell words that had ligatures (eg hæmatology, œsophagus) at school...though I'm ancient. Wikipedia has more examples of this kind of orthography https://en.wikipedia.org/wiki/English_terms_with_diacritical... ... (yes I know this is 'just' wikipedia, but it links to more references on the topic)
> At one point, her husband used my fiance's email to register a bank account. We called the bank and after explaining the situation were able to CORRECT the email address for her (we decided that a bank account was serious enough to fix it rather than just be annoyed).
Heh, someone else managed to attach their PayPal account to my email address, and there's no way for me to disavow or remove it.
Thankfully, I've never been able to recover their password because PayPal requires more user information that I don't know.
Unfortunately that also means that I'll never be able to create a PayPal account with that email address.
PayPal does allow the "+" suffix for the user part, so you could do yourmail+suffix@domain.com and the mails they send will end up at yourmail@domain.com (it's part of RFC 2822, and it works for Yahoo, GMail (I've tried both), apparently outlook.com, and maybe others: https://www.ghacks.net/2013/09/17/can-now-use-email-aliases-... ).
When I moved countries, PayPal didn't let me change my country of residency, so now I have a user+[2 letter country code]@domain for the PayPal account in the new country. For IKEA it was a bit more silly because they seem to have several customer-facing systems, and 1 system worked fine but another didn't like this concept (I couldn't log in)...
I have this same weird problem. Fifteen years ago when I was in college, my friends gave me a nickname, which was a combination of an obscure movie and obscure song title and my first name. As near as I could tell, this was a completely new word. A search for the nickname revealed nothing, I was able to register nickname@gmail.com (when Gmail came along), and nickname.com/.net/org. I registered AIM accounts, Yahoo accounts, ICQ accounts all with that name. Everything I did online was that moniker, and I was the only person using it as near as I could tell.
Since then, other people have either come in contact with it or arrived at the same conclusion, and now I get e-mails for nickname@gmail.com-- in particular one individual-- I get business e-mails for him (he seems to be a graphic designer), he registered his Netflix account under my e-mail (which I promptly closed). For years I got his power bills electronically, as well as other spammy ephemera that's directed at him.
I am not being hacked. Nobody is using my CC information or accessing my e-mail. I cannot for the life of me figure out what chain of incompetency has lead to me repeatedly getting this individuals personal e-mails.
This is a great reason to not have gmail/yahoo/outlook/hotmail addresses: It's really hard to accidentally send an email to my domain. And people misentering my address are very unlikely to hit another valid one.
You'd be surprised. There is a Texas law firm whose domain is my domain name + "law". Guess who receives a significant portion of their "confidential" messages and inquiries?
totally agree. but it is also sooo convienient as a junk mail address for signups.
Just like biometrics aren't a password but are a good user ID, I have a couple different email address that I use for very different purposes that involve different exposure. My work email never has anything not work related, my personal email rarely gets ads and I prune it aggressively...my gmail looks like a syphilitic brain and I don't mind because I know what it is.
I do that in a fine-grained way with my personal domain: I receive mail addressed to any user at the domain. I never give out the same address twice. I can filter mail based on the "To" field, and always know how senders ultimately got my address. It works out because spammers never send mail to random other users at the same domain; I think trying unconfirmed users would be a quick way to get themselves blocked by common spam filters.
A fun thing I found this way: Samsung won't let you sign up for an account if the string "samsung" appears in your email address. Must be annoying for Big.Samsung.Fan@example.com!
I have a dedicated, very generic sounding domain name just for signups.
I use a custom email for each service. Like xyz.amazon@my-generic-domain.com for Amazon, xyz.ycombinator@... and so on.
All email is forwarded to a single catch-all account from a good provider, so it is just as convenient to use.
But it is trivial to isolate what emails came from which service, who has leaked my email to spammers, to just block a individual recipient, ... . It also makes it easy to have multiple accounts without the annoyance of a fallback email.
I wish I had switched to this method much earlier.
Ideally that domain would be used by at least a few hundred people to prevent associating via domain name though, with different prefixes (see xyz above) for each user.
For over a decade I've used hushmail's aliasing feature which allows you to create such custom emails (e.g. dontspamme-hackernews@nym.hush.com) on the fly almost instantaneously. I use one per service that requires an email to sign up. Works great.
You can do it with the free account, too.
Just delete one if you are obviously getting spam because of a service selling their email lists. Which is a reality for "free" services. Bonus points because you can identify exactly who it is that is doing this and have the option of publicly shaming them.
Not really. I have started moving my emails from Gmail to my last name based domain and have already received a few emails meant for others - and this is a domain that I've had for many years.
There was a doctor up North who kept confusing my gmail address for his own. I would frequently get invited to speak at medical conferences, invited to weddings, stock tips. Regular sort of thing. I made generally polite requests to keep this at bay, and for the most part it took care of it until the next time.
I did finally lay waste to the problem when he decided that the prepaid Verizon phone he set up for his mistress needed to be associated with my account.
My gmail address is simply my last name. (I got it early). I get all sorts of things from other people with that last name. I've received things like cancer diagnoses (!) back before there were laws in place to protect medical records. Yesterday I got a shipment tracking for gold, noting the anticipated date and time it would arrive. (I could probably wait in front of the house and sign for it!)
Same thing with Yahoo for me. My last name is too short for gmail, though.
My last name also happens to be shared with the name of a large multi-national manufacturer. For some bizarre reason I get semi-regular emails looking for support help from customers of theirs in Iran. No other countries, just Iran. I also get e-mails from people that work for the company in India with photos of their company picnic. This happens about every other year although it's possible I've missed a few. I don't really use the account anymore.
They at least seem to throw a nice company picnic.
I've got a custom domain that's very similar to a law office & the owner of the law office and I have the same name, so I often get emails from the courthouse, clients, other lawyers, etc who must have written his email address down (he appends `law` to the end of the domain, while I do not).
I'm very frequently forwarding these messages and saying "I've deleted this on my personal account", but they don't seem to stop - has been happening for years. Seems like something he would want fixed.
One time, I even responded to another lawyer to tell him and he thought I was the intended owner and started riffing with me over email!
Gmail ignoring a '.' character in the email address has resulted in some interesting situations for me. Someone registered for an Amazon account with a version of my email address that was only a '.' different from mine to use a gift card, so all of the email came to me.
The number of places that let you register for an account without verifying the email address is huge.
I used to be kind of embarrassed that I didn't get myname@gmail. Was already taken in most ways. So,I made up a name I thought would fit in with some books I was reading.
In retrospect, I think I got very lucky in that. Makes spotting many sources of spam so much easier.
Similarly, having a phone number that is not a local one is amazing in cutting down bad calls.
Confused by the last sentence :) Isn't a phone number local somewhere? I had an out of state number for years. Just got cold calls from the other state.
Exactly this. I answer calls I know the numbers of, or ones from the area I live in. If it has the same area code as my phone, you can leave a message.
I don’t have a particularly common surname but used to get emails from a teacher in Alabama about her vacation days. In the end I managed to track her down at the school from google and asked her to update her email address on file, and haven’t heard anything since.
I also once got a hotel confirmation which I initially suspected might have been an attempt at misusing a cloned credit card, but that turned out later to be a simple mistake.
Incidentally the only time I have had my card cloned was in the ‘states, because they seem allergic to chip-and-pin, which has been the de facto standard in the uk (and Europe) pretty much since the turn of the millennium, and in the age of today’s health concerns, the use of contactless payments has seen a massive rise in popularity.
> My fiance got so frustrated with Walmart orders, amazon orders, bills, personal emails being sent to her that she tracked one lady down and called her.
I did that a year or so ago after I couldn't send the person a yard gnome for Christmas on the walmart account they set up using my e-mail. The billing notifications finally stopped on the one account I couldn't disable as they presumably paid off their industrial kitchen stove.
It was an interesting adventure tracking them down since I learned there are only three or four people in the (internet) world with my same first and last name...and a scary amount of information that can be found about people with just a little google-fu.
I have a first.last@gmail.com too with a reasonably uncommon South Asian name (+ unusual spelling).
I’ve received bank account registration emails, Income Tax registration details, and someone has even registered an Indian government biometric ID (Aadhar) with my email. Even elevator servicing invoices (one of these people is an apartment super, apparently).
Clearly many of these systems have bothered with email validation.
Sending polite emails to these organisations mostly hasn’t worked. The only time it has worked has been, oddly, the elevator company, because I emailed someone at their privacy team in their world HQ in Finland.
I have the same problem. I have a gmail account that is first initial + middle initial + last name. So if I were John Larry Doe it would be jldoe@gmail.com. There's not a week that goes by without me getting email that is meant for someone else.
Receipts from purchases, I get signed up on email lists (why don't more require you to confirm your email?!?), and quite a few personal emails, such as invitations to birthday parties, etc. Every now and then I'll get something that is rather sensitive, like confidential legal or business documents.
I haven't had anyone angry at me, and most of the time I simply reply and tell the person that they have the wrong email address. I just really hate the lists I get signed up on.
I have tracked down a few people through Facebook because they bought a digital item that was delivered through email.
How could it possibly be stupidity. Let me list the reasons why.
This is multiple orders to multiple restaurants over a span of years. You are not going to have that many people all with a similar address and all making exactly the same mistake.
If you order pizza and it doesn't turn up then you are going to call again and ask where it is. At that point the mix up will be revealed and you will be more careful in future.
I am very surprised the police haven't investigated. If this is costing multiple restaurants hundreds of euros per order then it seems they would be quite insistent the police get involved. They would all have records of when those orders were received so I can't imagine it would be difficult to check call records to determine if the calls all came from the same number.
I have an email address that is every bit as silly as my username on HN (i.e. something that I didn’t think could ever be entered by accident), and yet a man named Sean from Michigan (I’m British) is signed up to AAA with my email.
I was actually able to Google the combined information included in the emails over the past couple of years to pin down the guy’s home address. I did consider sending a postcard explaining the situation, but balked at the idea in the end, in case it came off more creepy than lighthearted.
I get the tech issue, but what's interesting to me is that this person seems to be affected by delivery services that charge ON delivery, which to me points towards malicious intent. It would be interesting to know if the delivery people know the person's name. The article is a little fuzzy there.
I've bumped into this one. There are two people who have close variations of my email address.
One is in Kansas City and mistakenly attached his power bill to my email. When I tried to notify them, they wanted to turn off the account entirely. I demanded they contact the person via the phone number on the account before making any changes.
The second recently purchased a house so I got all his closing docs. Even after notifying the real estate agent listed and the title company, I still got a few confirmations.
I have a common name gmail and almost every week I get a dating site, ebill, job offer, riot invite, party invite. It’s pretty funny how many sites work without confirming email.
Hi, I'm the one who posted this article.
I'm sorry I bothered someone by doing so, I can share, thought, why I did it.
I've been working on e-commerce for 20 years already and I have experienced or seen very curious things related to fraud, geo localisation mistakes, and false claims too.
As someone already mentioned in the comments, I thought this could actually be one of those cases.
Nothing to be worried about. All who answered did so, because the article interested them. If the article is bogus, it is not your fault, but the fault of the publishers. And I am quite convinced the article isn't bogus, just something very strange is going on there.
It's a perfect article to comment on and consider.
As you write many of us may work on e commerce projects now or at some point. Plus I would think many of us are problem solvers at heart.
It would be much more helpful if the linked article had an explanation of why this is happening (ordering system IT error, delivery confusion, funny name swap, etc), to make it interesting and something that has a takeaway point.
Right now it's just left like an unresolved mystery, as if the gods are just causing this for their amusement. But clearly there's a reason why this is happening, and the reporter couldn't be troubled to find out why.
Follow the money. Why doesn't he contact the delivery restaurant and find out who paid? Also, if he never orders pizza, have the restaurants put him on a "no delivery" list.
Reading the article, it sounds that it is pay on delivery, not on order.
> “I have always refused the deliveries, so I have never paid for anything,” he said, adding that the harassment is not only annoying for him, but also for restaurants.
> “It costs them money and they have to throw the food away. On the day that ten deliveries showed up, I did the math: it cost €450,” Van Landeghem said.
This! I was bullied a lot in high school including multiple pizza orders to our house from the local independent pizzeria. We went up and had a chat and they put us on the no delivery list which considering we lived about 250m from them wasn't a huge deal for us, but saved them wasting food, time and money.
I’m a US expat living in the Netherlands. I often have to use built-in browser translation services to fill out forms. It’s amazing how some forms completely break when using the translator. I’ve been born at NaN-NaN-NaN before, and submitted completely blank forms that passed client validation but apparently there’s no server validation.
I wonder if it’s this issue where the form gets the postal code but not the rest and they happen to live at “the default” for that location. This could explain their friend too.
I'm also a US expat living in the Netherlands, and several sites like my bank refer to me by my first initials and my last name, "DE HOPKINS", which gets translated as "THE HOPKINS". I supposed I should be glad they don't refer to me as "THE DONALD", that would be humiliating.
hahaha the same happened to me, I also remember when I had to register for an internet connection, I didn't have a Dutch bank account yet and my French IBAN was too long. Simply removing the maximum character limit from the input field was enough, and I was able to submit the form, they never asked anything and accepted my long IBAN gladly. It was XS4all, so not the small ISP either.
I had the same situation happen in Portugal with the water company. They limited the IBAN field to Portuguese length, I edited the input's code and submitted it that way. It worked.
It's about 20 km from where I live and featured in local news both a few years and a few months ago. So I would tend to believe it, although I understand the sentiment based on this article. That firms continue to deliver there is certainly strange although one story mentioned the delivering parties are coming from further and further away. The orders are getting larger too so probably the pizzerias are fooled by the too good to be true orders. I guess it's taunting and must be haunting for the man involved. He mentioned having a scare every time a scooter passes as night now. It should be quite trivial for police to solve considering most taunters won't do much opsec.
In belgium you only have uber eats and similar services in the big cities. Outside of those major cities pizza places do direct delivery, without a delivery intermediary.
I suspect it's likely what he thinks it is: targeted harassment by someone he used to know or came in contact with in some way. This kind of thing happens a lot. I used to encounter this sort of thing myself, when some people online decided to try to harass me this way.
As long as there exist services that'll let you deliver something to someone by filling out a form online, with an option to request payment upon delivery, this kind of thing will always be possible.
Doing it for years does seem pretty crazy, though. If it is harassment, the harasser may be mentally ill.
That doesn't explain why the pizza shops would continue to go along with this for years, not getting paid each time it happens. They would blacklist that address. Pizza shops blacklist addresses and phone numbers all the time.
Hell, I think half the reason this particular form of harassment is popular is because the target is often rendered unable to order pizza themselves, after getting blacklisted by every pizza shop in town.
It's unstated in the article, but it does say "orders of pizzas, kebabs, pittas and other food that he never ordered kept flowing in", which could mean it's a lot of different places delivering to him.
If the harasser is smart, they'd vary the restaurants and use a burst of different ones at a time in sequence, with long time gaps per restaurant.
And if the delivery driver isn't reporting it to the restaurants every time, the delivery person doesn't necessarily have a high chance of reporting it, so I see how it could continue for a while if there are a lot of restaurants in his delivery range. (Assuming it really is harassment, that is.)
Maybe the shops are laundering money, and pretend they are loosing money with their "victims", while actually registering a sale to allow dirty money to come in.
This solves the problem you get when laundering money with a food joint: you need customers.
Money laundering is often used as an explanation for seemingly bad business, but often it doesn't make any sense. Why would you send a pizza to a person who didn't order it and who will not pay? You can make fake orders without actually delivering any pizza. Actually producing and delivering the pizza is only expense and will increase the risk of attracting attention for specious orders (as in this article). If you really need to deliver an actual pizza for some reason, why not to a friend or relative rather than a random person?
maybe they just drive there with an empty pizza box and say here's your pizza. It would suck if one time after years and years of saying no thanks, if he said "you know what, I would like a pizza. yes" and then tried to pay.
The point of laundering money is to hide the origin of the money, and the way to do that is to exchange it for clean money.
You can launder money with a business: you pay vendors and employees with the dirty money. But then your receipts are the clean money.
That means you need real customers giving you money. So you do need to run an actual business.
(There are other ways to launder money, usually that involve spreading it around between various accounts so it becomes hard to track. But those don't require anything as elaborate as actually hiring employees, just a fake storefront so you can get a merchant account and some paperwork done.)
I always assumed the point of laundering money is that dirty money becomes clean once the government has a legitimate source for it. There is after all nothing technically different between clean and dirty money, it's the same bills.
So a business that is cash based claims $5 million in income from sales to customers. The business pays taxes on that $5 million. That $5 million in fact came from selling illegal drugs for cash. However, to the government the money is now clean as it originates from a legitimate source. The owner of the business can then send the profit to whatever place he wants with no worry. No real customers are needed.
edit: More specifically, a drug dealer cannot just deposit $5 million in cash into Wells Fargo without police intervention, a cash based business can.
I presume it's about making the income appear to be plausible to a tax inspector.
If you actually sell illegal drugs as a business, but claim to have a pizza place on your tax returns, the government might inspect you someday. If they find that you don't have any big pizza ovens, routine large orders for ingredients, staff of delivery drivers, piles of receipts from customers, etc, then they'll probably get suspicious very fast.
If you do make and deliver at least some pizzas on a appropriate scale, then things get a lot harder. They'd have to run down all of your customers and ask them if they ordered and received pizza, check if the dough order receipts are real and match the expected volume, are the delivery drivers real and how much work do they do, etc. Much more work to run down, and who has time for that? You could probably get away with it, for a while at least, as long as you didn't screw something else up.
Using the money to "pay vendors and employees" does not hide the source of the money. Laundering typically involves inflating
reported income so that you can slip the dirty money into your income stream. If you run a pizza business, you sell one pizza for $10, but in your receipts you claim you sold two pizzas for $20. Now you've laundered $10; it's hard for the government to prove that you didn't sell two pizzas that day, and the income will seem legit.
I don't know, the restaurants I suspect of laundering money around me don't bother faking customers. They are just empty most of the time.
Maybe they noticed that those adresses never cause problems (single old people) and are close enough to not be too annoying to deliver to?
Maybe they are just too lazy to do more, and it's enough for it to work?
Maybe they are using a lot more addresses but we don't get that information? But there is a limit to the addresses you can use, and you are supposed to have repeated customers.
Maybe there is something special about those adresses we don't know about?
I’m wondering how this works actually. Are they actually delivering pizzas or are those pizzas with expired ingredients or just fake boxes? I guess the latter doesn’t make sense since you’d notice more registered sales than what your raw materials are able to yield.
No, under the assumption the pizza business is laundering money, they are real pizzas. Key to business laundering money to appear real to audits, surveillance, etc.
Reason to give away pizzas would be to cutdown on marketing costs, since then you’re only filter for a “customer” is people that take random free stuff.
Similar but different setup is a fake lottery, where the winner was is preselected to win and the tickets are given away free to the public who have no chance of winning but provide there information. As long as the method of controlling the winner remains secret, it would be hard after the fact to prove the “randomly” selected winner was not random; clearly people do get caught and there are ways to detect people are doing this.
One last example would be a dry cleaning service, where they offer limited amount of to good to be true offers, then stock the rest of the clothes being “laundered” via cheap used clothes purchased at second hand stores.
A lot of these patterns show up in due diligence for business acquisition, especially mom & pop lines of business.
One theory they never covered in the show was that it could be a hedge fund doing this to generate receipts so they can analyze sales velocity. That's part of how the Luckin Coffee fraud was uncovered.
If that's true, why would they use the same address that often? isn't it the best way to be flagged and uncovered? it would be so easy to pick random addresses
I looked up Google Maps and zip code for Turnhout where the house in the article is is 2300. So the address must be like [number] [street] 2300(Turnhout), Antwerp, Belgium.
I don’t know why it’s not Albania or Andorra but makes sense it’s not Zambia.
What you’re saying makes sense but it contradicts what is written in the article. Also, there are many many different restaurants involved in this, so any one restaurant blacklisting him would not change it.
That interpretation is fine. He says "I have always refused the deliveries, so I have never paid for anything," but that's no indicator for whether the restaurant was already paid.
No, the likely harasser is searching for delivery services that allow cash on delivery for payment. They just don't use any services that only have pre-payment options.
That is what I am asking, if your delivering pizzas to the same address for a decade and your not getting paid, why keep delivering pizzas? Surely you can blacklist an address or ask for payment up front? There can’t be so many pizza places in delivery range of this guys house that you can order every day for ten years and nobody catches on that this address never pays.
"Stupidity" (often in institutionalized form where the department accepting the orders and the department trying to deliver the pizza don't talk to each other and everyone sees it as not their problem) is often a perfectly sufficient answer.
It makes me very interested as to what his address is, is it "123 Main St" or some other common name? I mean at a past company we had a ton of data pointing to our old office, places close by to our office, or home addresses of employees for testing.
That said unless all these places (it appears to not just be 1) have the same backend and the tests are run against each location I'm not sure if CI/CD is the right answer.
It gave me a laugh for sure and reminded me the terror around kicking off a job in our production clone (the only way to fully test some queries/processes due to size and real-world data needed). We had scripts that wiped things like phone numbers, emails, SSN, etc before it hit the clone but not all developers where diligent about adding to the cleaning script when adding new fields to the DB. My nightmare was sending out a batch of SMS/Emails to people alerting them to an issue (the staleness of the data would fire off false alarms) that didn't exist.
I wonder how long it took local pizza restaurants to figure out that this address is problematic and flag it, refusing service? I'd tolerate no more than 3 times. So, how many pizza restaurants are there in the area? 20? 50? 100? I don't know how this could last for years.
(That comes from an assumption that pizzas are not paid for in advance, which the article kinda implies)
- they don't handle ordering and delivery: those are outsourced, and so they don't get the address. Or they do manage ordering, but not delivery, and the ordering system has a bug.
- they benefit from those fake sales because they are laundering money through their restaurant
- they benefit from those fake sales because they have an insurance that pays for those
- they are using those addresses, that they know don't cause problems, to test something.
- they use the pizza delivery as an excuse to be here, and do something illegal (surveillance, delivering drugs, territorial presence, etc).
A relatively famous example of the fourth option was the Four Square Laundry in Belfast in the 1970s, which was actually a security services front which tested clothes for traces of gunpowder and explosives.
They had to run a book of initial 'customers' in order to capture the interesting trade.
Eventually it was outed with fatal results, but until then it had turned up a lot of intelligence.
Reply All's "Super Tech Support" segment is amazing and full of these weird tech issues. You should check them out if you haven't already. I can't recommend them enough.
If he was the only person receiving these deliveries I’d guess the most probable explanation was completely unrelated to his person - a GPS coordinate / default value in some frequently used application or service.
Or maybe something similar like an erroneous lookup in a database that actually contains his data, like somebody using production data in a database for testing purposes. This would explain orders of 14 pizzas at once, which may be a rare order size in production environments.
However, the fact that he seems to know a second person affected by this makes it way more likely that this is in fact a personal attack.
> “A friend of mine who lives in Herenthout is going through exactly the same thing as I am. She has been receiving pizza she has not ordered for nine years, too,” Van Landeghem said.
Either this problem is extremely common in Belgium, or this is a very suspicious coincidence.
I wonder if he's at the geographic center of his city or postcode. Sometimes a geocoding service will default to the center of an area if the address isn't precise enough or if it's using IP address based geocoding.
It doesn't say if the orders actually have his address on them or just show up.
Maybe the people ordering are using IE4 and too modern Javascript on the restaurants' site fail to return the correct address.
Luckily it's just pizza and not an artillery attack. I guess that'll happen soon enough, military bomber dropping a bomb in a wrong location because the soldier "ordering" the bombardment from the ground didn't update his app to the latest version...
A strange story. I cannot understand why the police isn't looking into it. At minimum, there would be a credit card number for each order which could be traced. There should be phone records. If this goes via a payment processor, they should flag the addresses.
The fact that the orders happen to two persons in parallel basically rules out any randomness in the process.
They are meant to be paid cash at the door as far as I understand. What I don’t understand is why the pizza places can’t just stop taking orders for that address. There must be a finite number of pizza places within delivery range.
I doubt there are credit cards involved; the article mentions that he refuses delivery each time so he's never had to pay for anything, so I assume they're cash-on-delivery.
Europe doesn't do the credit card thing to the same degree as in the US; cash purchases, especially for things like this, are much more the norm.
It depends, Europe is quite diverse. For example, practically everything is paid by card in the Netherlands, but cash is used in Spain. Although in these covid times, everything has to be paid by card everywhere I know.
Maximum contactless in 2019 was €25, above €25 pin required. After covid-19 this was raised to €50. All debitcards allow pin transactions. These numbers come from the pfd at [0].
But in the Netherlands food (and other online purchases) are nearly universally done with the local iDeal system. Germany and Belgium use Sofort, and for Poland there a few parallel systems. France and I guess Spain CCs are used.
Ah, then there to whole Maestro/VPay vs MasterCard/Visa thing. With CC I mean the latter, but its true they provide debit versions of those. My French bank provide a proper credit-CC though.
Right, I forgot, that it is still common here in Germany, where I live :). But if these orders come from one person, the orders should be traceable. Also, I don't get why the pizza shops don't have a larger incentive to not fall victim to this.
So here in Germany they will often call you back on a land-line to confirm the order (and to have a verified phone number associated with the order) pretty sure that's keeping fraud down.
Susequent orders don't require this anymore because they have the address on file.
This is really poor journalism. Where's the interviews with the restaurants and police? Speculation from industry experts? Anything more would make this a better article.
You're not a bad enough person to understand this wont work:
I've unfortunately known someone who had a psychic problem . If she thought you'd crossed her for anything howvere minor, she'd harass you for years. She always has a list of 20 or so victims.
She had a never-ending list of new friends, and was the most charming person possible to them. She'd get invited home to them, or found some excuse to come by. Then, when the new friend went to make e.g. some coffee, she'd borrow their phone/computer/wifi/... , commit a few minor crimes like the ones in the article, and by the time the coffee came she was back in the sofa and the new friend was none the wiser. It would take a few months before the friend catches on, at which she'd drop them like a stone and find some new friend to suck dry.
Police knows her very well. Every 2 year or so she voluntarily commits herself to a psychiatric institute, at which point the legal system backs off. After 2 weeks she leaves against docters advice and it all starts from 0.
Also, eventhough the phone numbers were not always the same, I guess over so many cases, there must be a way for an investigation to find useful information
I have a friend of mine that has been beaten up badly, twice.
10 years ago by his neighbours, in front of a witness. He got his jaw broken.
5 years ago by a random guy in the street, in front of a security camera that caught the dude car's plate. He got his nose broken.
In both cases, the police at best did nothing, at worst tried to activaly prevent action (loosing the case file, not registering it, not passing it around, or asking my friend to not go further).
So I'm expecting that for an old guy receiving pizzas, they have zero incentive to even think about it.
Where is this?
(Btw, if your friend is getting beaten up every 5 years and the last time was 5 years ago I'd tell him to hide or stay low for a while.)
Could just be a geocoding issue? Some data bug in a database somewhere that unfortunately ends up "redirecting" a load of addresses/postal codes etc to this guys house?
I sometimes receive my neighbor's mail (199 instead of 119), and he does too. One time I ordered pizza and it said it was delivered, but I never received it. I'm wondering if he ate my pizza.
Seems easy enough to catch the source of this prankster, if there is one. All he’d have to do, is notify the restaurants in his delivery radius, give them his address, tell them to never accept the order to this address. This alone should stop the orders, but to catch the source, ask them to take the phone number of the person placing the order, maybe to pretend to confirm the order, the restaurant calls back the person placing the order, if the person answers, give the # to the police.
It may be a bot? Either one with a bug, or a way for the authors to kill some competition?
The article doesn't say if the pizzas were ordered online or by phoning directly the shops.
At the begining, the bot would not have been able to call, but I assume now it's possible to make bots smart enough to handle pizza orders. It may even be a nice way to train one.
Reminds me of the couple that lives on a farm that is the default geolocation for 600 million IP addresses. Their farm has been visited by authorities for a long time.
And in my work, we always know the direction to null island, because stray robots will head right for it. I even thought about writing a short story about all the stray / bugged out robots piling up on the seafloor near it.
I think it might be a case of someone testing the delivery/ordering software in production with real data instead of dummy data?
That would explain why it went on for years. The test data won't be updated quickly and no one would flag it because it is not supposed to be a real order.
And the tester just happened to pick two friends, who live 20 miles apart in different cities, who have never ordered from the restaurant? That is both a remarkable coincidence, and a bizarre choice of test data.
I have a theory, which I hope is mostly wrong, and may or may not apply directly to this particular situation. We always hear about the cases where people from foreign countries are trolling celebrities or other high profile people. Why should people with malicious intent stop there? Why shouldn't we all consider ourselves a target of trolls? It only helps us lose faith in society. I am under the impression one of the relatively NEW tactics of groups (also why does it have to be groups and not angry individuals?) trying to cause civil unrest is to simply target every human being so they will all turn on one another, become hostile, and cause their own collapse.
I keep getting amazon packages to my apartment from a former tenant. I try to decline them but they sometimes get delivered while I'm not home. I can at least put return to sender letters in mailboxes. How do you deal with boxes?
I have used several food delivery services in Belgium, and all of them require upfront payment. Perhaps that’s why the restaurants didn’t blacklist his address. But regardless, it’s a weird story that seems unlikely
Or a slightly more likely he's a crazy old man who's got a few wrong orders. As you can tell by the fact his friend has as well.
Explains why no blacklist or why no police helping after 9 years.
There's no default value going on here. No one here ever wrote a web form or used a map? Try and understand the Appp map Las Vegas issue, don't just rote learn it.
I'm confused... if everything is paid for, why doesn't he accept them? Is it common for delivery services to deliver unpaid good?
And if he never orders pizza, can't he tell the pizza place to never deliver to his address? If that's already been done then a sign on the door would help a lot, no?
I was in the gmail beta so have a great first.last@gmail.com email address. The name is an extremely common asian name (there are like 5 people with my name in my town). I have gotten divorce papers to sign, okcupid account signup, jims worm farm order confirmation/delivery etc.
Once I received a payment via PayPal, of a few hundred dollars.
Luckily, before I needed to do anything or call PayPal, the payee realized her mistake and PayPal took the money out - they notified me. I can only imagine how freaked out the payee must have been.. ;)
Wow - that is really weird that it has been going on for that many years. Also strange that he had a friend who experienced the same problem. I suppose the pizza shop should do more to avoid it.
> A friend of mine who lives in Herenthout is going through exactly the same thing as I am. She has been receiving pizza she has not ordered for nine years, too.
That's rich, either she is in on it or they have common enemy.
Is she an old friend (like someone he meet in kindergarten) or a new friend that he meet while discussing this (for example, after posting this in some forum, he meet someone with the same problem and they become friends)?
There are constant discussions on online security on HN, but do not forget that accepting and eating food that way is a big security risk for your actual health.
It's basically like knocking on a door at random and asking the person who opens it to eat something you're giving them... Accepting sounds like playing Russian roulette.
"this risk is so low" is a leap of faith because you have no clue about that unless it happens to you all the time (where do you live??). It is playing Russian roulette by betting that the risk is low...
But kidding aside. I don't understand this guys problem. If it would annoy me then I would put up a sign that explains the problem and states that I don't take any food deliveries.
If I move into a new place I actually disconnect the door bell. Friends call by phone if they come and I receive my mail by a mail service. Somebody ringing my door bell can't be a good thing.
Sorry but why is this on HN? I kept reading and I was expecting some programming, off by one, Unicode, or whatever error that caused the problem. Or Some online Credit Card Fraud operation that used Food Delivery as whatever tools it may be.
But no, Nothing.
So again, why is this on HN? I am generally curious.
My Fiance has a fairly common name, and is the owner of the associated gmail account (think John.Smith@gmail.com). Several older women in other states have the same name...and seem to repeatedly beleive they have her email. My fiance got so frustrated with Walmart orders, amazon orders, bills, personal emails being sent to her that she tracked one lady down and called her.
The lady got angry that my fiance was 'using her email address and hacking her' and had to have it repeatedly explained that the old lady's email address was in fact slightly different (number at the end). It keeps happening. the lady writes it down wrong, her husband enters it wrong, her HOA (at her new house) enters it wrong. When the HOA got it wrong we told them and they asked us to fix it for them...We finally seemed to get some purchase on behavior change when we cancelled one of her orders via email. But the amount of information/influence we had over her accounts with just email was amazing. At one point, her husband used my fiance's email to register a bank account. We called the bank and after explaining the situation were able to CORRECT the email address for her (we decided that a bank account was serious enough to fix it rather than just be annoyed).
I think its perfectly valid to be concerned this is malicious or evil...but so many people are just inept technology users.