We’ve noticed a new email threat, this one involving a notice from Efax which tells you that a new fax has arrived. In the email there is a link, supposedly to the fax, which the sender expects you to click. If you do happen to click the link, you’re taken to a completely different site, not the Efax site that is indicated in the link. At that point you might download the file, a zip file which has ‘pdf’ in the name. In that zip file is a virus and/or malware which will most likely install a keylogger or other spyware on your computer. This is what the email looks like:
No matter how real this looks, the email is NOT from Efax.
If you were to hover your cursor over the link, shown here in black, you would see another URL down at the bottom left. Here is where the link actually leads:
Although the link says it leads to Efax.com it doesn’t. Down on the bottom left you’ll see ‘maroc.com’ and a zip file. Whatever you do, don’t click on that link!
Now, Efax is a real company. We’ve used them in the past and they’re handy if you don’t have a fax machine or, in our case, when your telephone system does not support a fax machine. (VOIP lines do not support faxing.) If you were to check the apparent address of origin by hovering your cursor over the email in your inbox, you’d see this:
This looks like the email is from Efax.ca. It isn’t.
It’s only when we look at the message source (right click the email in the inbox before you open it and choose ‘view message source’), that we see where the email really originated. Here’s what we found:
The sender is actually ‘host.informationoutput.com’. They have faked the origin ‘inbound.efax.ca’.
To sum all of this up, here’s what we’ve got: An email that appears to be from Efax.ca, but isn’t. A link that appears to lead to Efax.com, but doesn’t. Finally we have a fax that isn’t a fax, it’s a zip file full of malware/spyware or a virus. Dangerous stuff, right? Our feeling is that you’d really have to go out of your way to get infected this way but people actually do get hit every day. We’d suggest reading this post a few times. All of the information you need to figure out if an email is legitimate is here. Feel free to share it with friends and family.
This post is about one email. Believe us when we say that we receive many such phishing emails every week. They might appear be from Efax, a bank, a government agency or a company that you may or may not have dealt with in the past. They all have one thing in common. If you don’t catch them and happen to click on the link, you’ll be in trouble. Be careful out there, OK?
Thanks for reading! Questions or comments are welcome. You can also ask questions on our Facebook page. Here is the link: Computers Made Simple on Facebook
_________________________________________
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
One of our readers got into a real jam recently while travelling. From her description, it’s a situation that any one of us could encounter when we’re out of the country. Here’s what happened to her. See if it’s possible for you to be in the same situation.
1. Our reader uses Hotmail/Outlook, the free email service from Microsoft. Millions of people use the same service, including the people at Computers Made Simple. We should point out that she has used the same hotmail account for over ten years.
2. As she didn’t travel with a laptop or connected mobile device, she made use of various computers to access Hotmail. Because of this, the security people at Outlook/Hotmail locked up her account. Until she could prove who she was, she could not sign-in.
3. If you’ve ever used one of the free web-based email services, you’ll know that you are often required to be able to receive a code via an SMS/text message sent to your mobile phone. Guess what? Our reader had used her landline as her contact number but had it disconnected while she was away. Ooops! No way to receive the code.
Does any of this look familiar? Could you see yourself in this situation? Even if you do travel with a cell phone, you probably wouldn’t have the use of the same number. Many people purchase a SIM card in the country they are in but this will not let them use their old cell number.
Microsoft/Outlook expected our reader to know something about her last ten emails, the subject line or the sender, in order to prove she was the account owner. Is that something that you would be able to provide? After jumping through seemingly endless hoops, our patient reader did get back into her account. We weren’t much help at all, to be honest, but her experience made us question what we would do if we were in the same situation.
Locked out? What’s the solution?
Whether you use Hotmail or Gmail or Yahoo Mail, what trials and tribulations would you face if you were to head off on an extended trip through various countries? We can imagine that more than a few travellers have met with the same situation as the one in which our reader found herself. Yikes! The problem we face here at Computers Made Simple is that we don’t have an answer. Well, not a free one anyway. More on that later.
We’ve posted the question on Slashdot plus we’re doing some research into solutions. Once we find out how to avoid the problem, we’ll post the answer. Meanwhile, here are our suggestions:
1. Use a current and active cell phone number when setting up the security settings for your email account.
2. Leave that phone with a trusted relative/friend who will be able to receive any security code that you need to verify your identity.
3. Have your email forwarded to another account. This is only a partial solution but it could alleviate some of the tension when you can’t get into your main account.
That’s three but there are probably more that we can’t come up with right now. If you have some suggestions, let us know. Have you found yourself in the same situation? What happened? Did you manage to get back into your account? Let us know in a comment below or on our Facebook page. Here is the link: Computers Made Simple on Facebook
Finally, there is a fool-proof solution to all of this but it isn’t free. In our next post we’ll explain how to become your own postmaster. It’s not that expensive but it takes a bit of technical know-how to set up.
Thanks for reading!
________________________________________
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
We had an opportunity recently to stage an event where everyone was invited by email. While there are a few online sites that will create a nice looking invitation for you, and yes they are free, these places require access to your contact list. We we troubled by this right away. Once a site has access to your contacts, that leaves the door wide open for identity theft, no matter how secure the site tells you they are. We decided on an alternative.
We use Outlook for some of our email accounts. Outlook is actually two things so let’s sort it all out. Remember Hotmail? Well Outlook is the new Hotmail. Instead of hotmail.com, which still works by the way, MSN wants you to use outlook.com to access your online email. That’s one Outlook. The other Outlook is the email app/software that is part of Windows. If you use your ISP’s email, which we don’t recommend, Outlook is what you need to access it. There are other email clients but most people use Outlook. It’s a standalone app, not linked to a browser. Got it so far?
TIP: Another reason for using Outlook for the invitations is this: They won’t end up in a junk mail folder. Your contacts know you and get your emails in their inbox. If you use an online event invitation service, more than likely the email won’t even be read by the recipient, even if it says that it’s from you. Their email provider may sense that something is amiss and place the email in their junk folder.
Today we are talking about the website email, outlook.com. If you use outlook, hotmail, or ‘live’ for sending and receiving emails to your contacts, you can also create decent looking invitations using it alone, no need to use a website where you have to sell your soul to invite people to a party. Here’s how you do it:
1. Once you’re in your email account, click New to create an email. You can either add contacts now or after you’ve got the invitation designed.
2. Up at the top, left of center, look for the word Options. Click on it and make sure that Rich Text is checked:
Rich text makes it all happen.
3. Once rich text is set up, look to the right and use the icons to choose your font size, typeface, type colour, etc. Here are the icons you can use:
Bold, Italics, etc. They’re all here.
TIP: Set up everything and just start typing. If you look for your cursor, it won’t be there and if you click inside the email, you will lose all of your settings. Remember that.
4. Once you have the words, highlighting and colors ready, you can add photos to your invitation. Here’s how:
‘Picture inline’ will add a photo right inside your email invitation.
5. Here’s what our lame but very quick attempt looks like:
For something that is free and private and safe from identity theft, it’s not too bad, is it?
6. Once you get it all set up, make sure you save it as a draft so you don’t lose it. Then add your recipients, including yourself, and send it out. Outlook/hotmail usually has restrictions on the number of emails you can send at once so you may have to do this all in more than one step .
TIP: Why send it to yourself? Any important email should also include a copy sent to you, either in the email address slot or as a Cc/Bcc (carbon copy or blind carbon copy). That way you know if the email was sent properly. (Bcc means that no one but you can see that you sent the email to yourself or to anyone you Bcc it to.)
You’re done! We’re quite sure that someone with design talents can come up with something better than our effort.
Thanks for reading! Questions, comments and suggestions are all welcome. Comment below or Like us on our Facebook page and comment there. Here is the link: Computers Made Simple on Facebook
________________________________________________
Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!
Although we don’t get nearly as many as we used to, some very dangerous emails still make their way into our inbox. Which ones are those? Emails with attachments, that’s what we’re writing about today. We’ll give you a few tips on how to stay safe and protect yourself from these malicious emails.
1. What’s an ‘attachment’?
Most of the time, an email is just words that someone has typed, no different than a text message. Some emails looks much like a webpage, specifically those from companies that you’ve chosen to deal with or receive ads from. Nothing much to worry about there, right? Complications arise when someone attaches a file to an email. Let’s say you’re sending a resume to a company that’s hiring. You could copy and paste your CV into the body of the email or you could attach the whole file to the email. The format for this file may vary, from PDF to .doc to .docx, etc., but the full file is sent with the email. At the other end, the person who opens that email has to download the file and open it on their computer. (Some online email providers allow documents to be opened with their email program but not all do this.) Hopefully, you’ll see where this is going. What if that attachment isn’t a simple Word document?
2. How do I know if an email has an attachment with it?
If you use Outlook/Hotmail, it will look like this:
The icon of a paper clip means these emails have attachments.
3. What are the dangers of email attachments?
Some types of files, zips for instance, contain executable files within them. An executable file is one that actually does something, as opposed to a photo that you simply look at. Some other types of files, pdfs for example, can have an executable file hidden inside them. You are not able to send unzipped executable files any more, most email providers, if not all, have chosen to eliminate ‘exe’ files as attachments. This doesn’t mean that you’re safe, just that you have to be more careful.
If you somehow get an .exe file and click on it, you could be allowing a virus to take control of your computer or installing a key-logging program which will remember everything you type then send that data to an identity theft gang; any number of bad things, in other words. That’s why attachments can be dangerous.
4. How do I know if an attachment is safe?
Here are some simple rules to follow when faced with an email that has an attachment:
A. Do you know the sender?
B. If you know the sender, is the attachment described in the email? “I’m attaching a copy of my latest resume. Could you check it over for me?”, something like that.
C. If you know the sender, does the subject line of the email look like something they would say? “Hey! Look at this hot pic I just took!” is an example of something you shouldn’t open, let alone download the attachment.
D. Are you expecting an email with an attachment from someone you know or a company you deal with. Is the company you contacted sending you the manual for something you bought? Is a government agency sending you a new tax form? Did you request something from this person or company?
You’ll have to answer these questions yourself but A. is a definite NO, right? C is very popular now, specially on social media sites but often in emails. Basically, you have to use your head. If you delete an email that has an attachment, don’t worry about it. The rule here is to protect your computer and your identity first. If the attachment was legitimate, that person or company can always send it again.
TIP : Outlook/hotmail has a cool feature that locks attachments and pictures in emails from persons or companies that are not on your contact list or who you haven’t certified as being safe. Here’s what this looks like:
This is why we suggest that you use an online email client.
Don’t know the sender? They’re not on your contact list? Outlook protects you from the hidden dangers in these emails. You have two choices besides deleting these. If you know the person or company, click ‘Wait, it’s safe!’. If you’re uncertain, click ‘I’m not sure. Let me check’. If you choose this one, Outlook shows you a bit more of the email but still keeps some things locked down. In the photo above, there are two attachments and we know for sure that these are malware/viruses or other nasty things. Besides, we’ve never heard of the sender. We’d have to go way out of our way to get infected by this email but, unfortunately, people do this every day. Now you know the dangers.
Thanks for reading! Let us know if you have questions or suggestions about this or anything else ‘techish’. Like us on Facebook so you can keep up with our posts and tech tips: Computers Made Simple on Facebook
All this week we’re posting tips on ‘safe computing’; how to keep safe online. While we write about PCs mostly, these tips will apply to Macs too, most of them anyway. If you use an Apple computer (a Mac), don’t assume that you’re safe from these exploits. You’ll need to stay on your toes no what what type of computer you use.
Email – Threats in your Inbox:
We all get large amounts of spam email every week. Normally any junk email easy to spot. Some types of phishing emails are a little bit harder to pick out. Here’s an example of a phishing email in one of our junk folders:
We don’t have a Discover card but if we did, we just might open this.
Out of the millions of people who receive an email like this, a certain percentage would almost certainly have a Discover card, right? Let’s see what the email is all about:
Oh no! ‘Irregular activity’ on our non-existent Discover card.
Whether these emails mention Discover cards or bank accounts or airline tickets, there is one simple way to check if they are phishing emails. Aside from the fact that your credit card would call you on the phone to report ‘irregular activity’ on your card or account, don’t you think they would know your name? Any emails from these kinds of institutions, and they don’t send out many at all, would always have your name in the subject line as well as in the body of the email.
We get a notice once a month about our account statement being ready, complete with our name in the subject and our name in the salutation of the email. We also get emails from PayPal about different specials they are running and, again, our name is right up front in the subject line.
Obvious Clues:
Aside from the name issue, this email has a couple of other clues that it’s a fake. At the top, you’ll see that it purports to be from ‘discover@email.discover.com, which is probably a legitimate address. If that’s the case, why would the link in the body of the email lead to ‘cicfif (dot) cn’? That .cn is the top level domain for China, in case you didn’t know. When did Discover start using a domain in China for their security office?
Besides that, as we mentioned before, credit card companies don’t email their customers when there is a problem. Speed is of the essence in these situations. The companies don’t want to interfere with their customers activities but they do want to minimize any fraudulent use of the credit card in question. There’s nothing faster than a phone call to settle these issues. An email would never be used.
Phishing. What the heck is it?
Any unofficial (fake) email or website that asks you to fill in your personal information is said to be phishing for that information. While a virus is bad and malware can really slow down your computer, phishing can hit you right in the purse or wallet. If someone gains access to your bank account or credit card details, they can clean you out in a matter of minutes. Depending on which bank or credit card company you are with, you may or may not be liable for these losses. It’s always a good idea to check out the fine print before something like this happens.
How to Protect Yourself:
1. We strongly suggest that you use an online email account, as opposed to one that is with your ISP (Internet Service Provider). We use outlook.com (formerly hotmail), gmail and yahoo for our various accounts. Why is this important? Primarily because none of the emails from your online accounts are actually stored on your computer. Since you have almost unlimited storage space with these companies, as opposed to the limits set by your ISP, you don’t have to download the emails to read them. As a matter of fact, outlook doesn’t even let you download your inbox. Dangerous or phishing emails never reach your computer, they stay on the online servers.
All of these online email companies have very strong anti-virus/malware filters in place, far stronger than what your ISP probably uses. Before an email gets into your inbox, it must pass through very strict screens. If you have set up your account correctly, most junk emails will end up in your junk folder. You will not be able to click on any links contained in them until you certify that they are safe.
2. Don’t click on any link in email that is not from someone you know or a company that you do business with and has mentioned you by name in the email. Even if the email is from a friend, we’d suggest not clicking on it until you can verify that they actually sent you something. If their email account has been compromised, whatever form of malware that did it will now be accessing your contact list and sending out emails as soon as you click on the link.
3. Since email links can be faked, think about alternative ways to access your credit card or bank account online. Type the address into your browser yourself if you feel the email might be legitimate. Here’s how a link in an email can be faked, in case you didn’t know. Click on this link (it is totally safe, believe us): www.freestuffforyou.com What? No free stuff? Not today, just free information.
4. Here’s a trick for you, one that might keep you safe in the future. Your browser has a cool feature in it that you probably never use. Hover over any link that you see, no matter if it’s in an email or on a website. Don’t click on it, just hover over it with your cursor (mouse). Down on the lower left, right at the bottom of your screen, you’ll see where the link really leads. Try it with our fake link just above this.
That’s it for today, just some simple tips on keeping out of trouble with email scams and phishing. These are things that you actually have to try to get stung with. Your actions in these situations control whether you get into trouble or not. Later on this week, we’ll deal with things that are out of your control. Stick around. Better yet, like us on Facebook and keep up with our tips, tricks and posts: Computers Made Simple on Facebook
Thanks for reading!
a little bit of hi-tech, a little bit of common sense and a lot of fun
