October, 2009 | Dangerous Common Sense

Today's Phishing Trips

Two phishing attacks are hitting my in-box hard today.

One tries to trick you into logging into your Facebook account to see the new features available to you. This is a really clever angle since earlier this week Facebook unleashed a site redesign which has been widely panned in part because Facebook didn’t pre-announce the changes or explain them.

This phishing email sounds like Facebook is responding to criticism by telling you of changes and inviting you to learn more about them.

Of course, if you do click on the link, you’ll go to a site that looks like Facebook but is, in fact, a fraudulent site somewhere in the European Union. The crooks want you to give up your Facebook user name and password. From there they’ll have access to your Facebook account and can post and send messages coming from “you” to trick your friends into giving up more information. Or worse.

The second attack is an email supposedly from the FDIC telling me that my bank has been taken over. According to a warning I heard on the radio, if you click on the link to the phony FDIC site, you’re asked to put in your bank account number and other identifying information. Guess what happens after you do this?

Practicing Safer Computing

Here’s how I quickly spotted these messages as phony:

I hovered my cursor over the links. Microsoft Outlook pops up a message showing the real destination of any link when the cursor is held over it. In these cases the destination started out with “www.Facebook.com” or “www.FDIC.gov”, but the location kept going and in both emails ended with a “.eu”. This means I’d be taken to crooked sites in the European Union and not to a business or government site in the US. (Check out an earlier post about a phishing attack for more information on uncovering where a link is really going to take you.)
The FDIC mail was sent to an email address that I don’t use for banking. xxx@ozdachs.biz simply is not used for those activities, so why would I get messages in that inbox?
I wasn’t expecting email from either organization. I don’t click on links in email when I am not expecting the message. Even when I do get a notice from my real credit card companies or bank, I don’t click on their link. Instead I type the address in myself (or use my bookmarked location).
I am getting multiple copies of each message. They’re being sent to every email address I have displayed on the Internet, and I think I am getting multiple copies to the same email account. No real sender would be so unselectively spammy.

Yeah, I could wind up falling for tomorrow’s phishing attack. I know no one is immune. But, these two didn’t get me. Don’t let them get you!

By Ozdachs|2009-10-28T12:22:49-07:00October 28th, 2009|Scams|0 Comments

Are All Hosting Services the Same?

My policy of using whatever web hosting service a client has previously signed up for has been challenged this month as clients have found hosting services with small annual fees that have turned out to be cheap rather than inexpensive.

Here are some basics about hosting and why you might want to let your web developer choose the service for your site.

At its simplest, a hosting service merely needs to be reliable so that 99.some% of the time anyone trying to get to your web site will see your information. Because of the limited requirements for hosting, it’s very tempting to sign up for a hosting plan that costs $5 a month instead of paying $200 a year in advance.

However, each hosting company offers different services and conveniences. The hosting businesses vary on how you can upload information to your web and the features included in their hosting packages.

Most businesses need only very simple hosting. But, there are some fundamental qualifications for a professional hosting service.

What You Need in a Hosting Service

Uptime. You want your site to be available 99+% of the time. Ask a potential hosting service for their uptime stats!
An online way for you to make certain changes to your account. The hosting company should provide you with a “control panel” which lets you add new email accounts, change passwords, and do other administrative chores.
File Transport Protocol (FTP) access to updating your web site. You want to be able to use common web authorizing programs like Dreamweaver which employ FTP to publish web pages. You don’t want to be limited to using the hosting services custom file updater.
Unrestricted, 24×7 updating to your site. Yes, you want only authorized users to be able to update your site, but authorized users need to be able to authenticate themselves and do updates from anywhere at any time. Typically, hosting services control access through a user name and password (which you can change). However, some hosting services demand more, and their additional security requirements — such as IP authorizing — can make updating your site difficult.
Mail accounts. You want to use professional looking email accounts that include your domain name (e.g., Galen@ozdachs.biz). You should be able to set up, modify, and delete at least 10 of these accounts for your hosting dollars.
Scripting language support. Even a straight-forward web site may include a contact form that you want validated. Or, the site may grow to use a login for certain pages. Or, other bright and shiny functionality may become a need. In any event, you want the host to support PHP and perhaps other scripting languages so that you don’t have to change hosting companies suddenly when you want to add a particular feature to a page.

Like many web designers, I charge clients by the hour. But, up to now I haven’t started the clock when learning the ins and outs of a new hosting company that a client picked. I figured that I was learning more about the hosting marketplace.

But, enough! After spending hours on work-arounds to comply with the quirks of some inexpensive hosting services, I have learned already!

Spending a reasonable amount of money for a full-service hosting company is truly the least expensive way to keep your site on the Internet. We recommend Webmasters.com who charges $120 year. From now on, I’m going to ask that clients use that choice… or make sure that the client’s existing service has the convenience and features we need.

By Ozdachs|2009-10-27T13:26:31-07:00October 27th, 2009|Professional Services, Web Design|2 Comments

Major Email Attack Today

Outlook Update email -- it is a fake! You’re not falling for this email, are you?

I have received at least six copies of this bogus email message so far today.

The email message claims to be a Microsoft announcement notifying you of a new update to the Outlook or Outlook Express email programs. Prominent in the message is a link you’re suppose to click on to download the patch from Microsoft.

The link displays as “http://update.microsoft.com/microsoftofficeupdate/KB910737/default.aspx?ln=en-us&email=galen@xxxxxx.com&id=950469769888131599309836639492603233….7986“. It sure looks like that if you click on the link you’ll be going to Microsoft for a download.

Don’t do it! The link is a phony!

How do I know?

First, Microsoft doesn’t send emails announcing updates. Their Windows Update program runs and, depending upon your preferences, installs updates or tells you do get them when you have time.

Second, when I read the email and place my cursor over the link, a pop-up tool tip appears showing the real location I’d be taken to. The real location doesn’t end with “microsoft.com”. The real location in the latest email I received ends with “ij1tli.com”. That domain is registered to:
Personal use
3-59-10 Izumi, Suginami-ku
Tokyo, Tokyo 1680063
JP

You could track this domain further, but all we really care about is that it’s not Microsoft!

If you click on the phony link to download the “patch”, you’ll download something. But, it won’t be a patch to your email problem. Instead it will be an evil program. One that maybe tracks your keystrokes when you log into your bank account and then sends your banking username and password to thieves. Or, a program that runs malicious software on your PC that will attack a website or send millions of spam messages.

Don’t fall for this attempt to fake you out. Just delete the emails… and make sure that your anti-virus software is up-to-date!

By Ozdachs|2009-10-21T13:02:00-07:00October 21st, 2009|Scams|1 Comment

Renew Your Domain and Pay Too Much

Yesterday a client forwarded an email to me that said his domain name registration was expiring. All he had to do was to click on a link and he’d be taken to a screen where he could renew the name for another year.
ISP Renewal web page
The renewal email is a scam, although possibly not illegal.

What was wrong with this reminder notice and renewal offer?

My client’s domain name (www.mycompany.com) is NOT registered with the sender of the email. He uses our recommended registrar, Webmasters.com.
The sender of the email notice, ISP Renewal Domain Name Services, prices the one-year renewal at $79.95. We pay $9.95 at Webmasters.com.
The renewal web page (at right) displays the logos of well-known companies, presumably to lend credibility to the web page. The companies whose logos are display, Oracle, Cisco Systems, IBM, and Microsoft have nothing to do with the renewal of my client’s domain registration. (I wonder if these companies know that their logos are displayed on the renewal page.)
The “from” address of the email is renewal@onlinereminder.org. The ending “.org” makes it look like the sender is a not-for-profit organization. However, no one has to prove that they are a non-profit to have a .org address. For-profit companies are free to register .org addresses to trick people into thinking that they are a do-gooder organization instead of a profit-making company. This practice isn’t illegal, but it rings my warning bells.

The fine print in the renewal letter does confess that:

If you wish to assign (emphasis added) ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider (sic) . You may also request your resent (sic) Domain Service Provider to extend your domain.

In other words, this company has no relationship with you. But, they want you to pay them to pay your current domain registrar to renew. The fee for this renewal is only 8 times what you would pay yourself.

Although their boilerplate renewal email includes a typo and admits to the worthlessness of the service, I am sure that some businesses fall for this scam. My client almost fell for it!

The truth is that many web site owners don’t know what “domain registration” is. They’re confused by hosting services, domain name registration, and all that “tech stuff”. The email’s conflating of hosting services and domain name registration into “Domain Service Provider” encourages this confusion. So, many owners will simply pay whatever “bill” that comes in to keep their web site up.

This scheme is similar to the phony invoice-looking mailings that businesses receive all the time. You know, the come-ons disguised as bills which the sleazy sender hopes will trick some business owner into paying for something that they haven’t ordered.

Sigh!

Another sleazoid is loose in the market place. All I can do is recommend that if you get an offer from ISP Renewal, trash it. It’s misleading and designed to trick you into doing business with them. And, based on their domain registration renewal ethics, I don’t think you want to do any business with them.

By Ozdachs|2010-11-21T16:05:04-08:00October 13th, 2009|Scams|0 Comments

How to Distribute Your Assets Your Way

Do you know who you want to inherit your assets? Or, are you facing probate of an estate? Or, are you watching out for an elderly relative or friend and want to make sure that their property and money are legally protected?

Marin estate planning attorneys at the Law Offices of Julia P. Wald service families throughout the San Francisco Bay Area with the full-range of elder law issues. Their forte is estate planning, and they are experienced in creating living trusts and drafting wills.

They also assist people who are not able to make their own decisions. They create conservatorships to protect the proposed conservatee from serious health problems and/or from undue influence in financial matters.

In addition, Julia and her team work with families on probating estates, establishing trusts, and responding sensitively to the unique needs of each client.

Julie recommends that you review your estate plan documents periodically, even if your personal situation is the same. Some State and Federal laws effecting inheritance and other topics change every year. A new clause or requirement might impact you!

I have known Julia personally for many years, and she’ll do a great job for you and your family. She’s familiar with traditional family needs and is also skilled and sensitive to non-traditional relationships.

Ozdachs worked with an existing web site design created by an artist who integrated the client’s own artwork into the pages. We focused the site content for Search Engine Optimization and visibility on the Internet while keeping the overall structure, look, and feel of the original design. There are more pages, words, and helpful information for visitors in the newest edition of this site.

Check out the Law Offices of Julia Wald’s updated, promotion-focused website. Read the FAQs and estate planning information. And, also give her a call so that you know your plans are current.

By Ozdachs|2009-10-12T16:22:13-07:00October 12th, 2009|Sample Clients|0 Comments