We’ve had a huge jump in the comments on one of our WeChat posts. Here is a link to the post: Weixin/WeChat – Shake your way to new friends Lately, the comments have focussed on what readers think are search results using the Shake feature that are skewed somehow. We think we’ve found the reason for this. Check out some of these screen caps. Maybe you can see where we’re going with this:
WeChat plus 54 other apps related to it.
We have both apps on our devices; WeChat and WeChat Voice. Both are made by TenCent International, the company that created WeChat. Can you trust these two apps? Sure you can. No problem. Let’s look at what other apps are available to ‘enhance’ your WeChat experience:
Same two at the top but lots more below.
Let’s see what we’ve got here. Find Friends for WeChat? Huh? Isn’t that what WeChat is all about? Why would you need to use an app to find friends for an app that finds friends? Something’s fishy here, folks.
Some of these are pretty sketchy, aren’t they?
One more, just in case you are missing the point:
Don’t even think of adding any of these. OK?
Just the same as on your PC, you’re at risk when you add software from companies that you are not familiar with. You have to ask yourself, why is this free? What will these people get from offering me free apps? Some get money from advertising. Others, unfortunately, have found a way to hijack WeChat’s Shake results. Instead of showing you other people who are shaking their phones, these apps will show you something else, usually spam ‘contacts’ who will try to get you to spend money on a product or service.
If you add any of these apps, you’re just asking for trouble. Remember those ‘free screensavers’ from a few years ago? Same thing there. After you installed them, your computer would start to act differently or would slow down to a crawl. Adding apps to your mobile device is reasonable safe, as long as you think about what you’re doing.
TIP: All you need is WeChat, nothing else. These add-on apps will do nothing but cause you problems. Some of these may actually hijack your mobile device, meaning that you won’t be able to remove them, even by reformatting or resetting your device. Your flash card would be toast, even your ROM (the brain of your device) might be attacked.
Install WeChat, maybe add WeChat Voice but nothing else. You’ve been warned.
In a previous post, we showed you how to cut down or eliminate email notifications from Facebook. That article is here: Stop Facebook Email Notifications Today, we’re going to show you how to recognize fake emails that seem to originate with Facebook. These emails can be spam or they can be what are called phishing attempts. Phishing is the act of stealing personal information, things like passwords and log-in information, through the use of various devious tricks, usually in email form.
What to look for:
Facebook usually uses your name in the subject line. Here’s an example:
Four emails. Three are real, one is not.
In this photo, we can pick out two real Facebook emails immediately. Why? They used the real name of the person they were sent to, that’s why. That leaves two suspicious emails. Let’s see if we can determine which of these are real.
This email has a username in the subject line AND it comes from facebookmail.com.
When we hover our mouse over one of the two real emails, we see that it really does come from ‘facebookmail.com’. Let’s see where the others come from. Resting our mouse over the one with ‘Gina’ in the subject line we see this:
First, we don’t know anyone named Gina. Second, check out the email source.
What on earth is ‘8kEyhjIP.com’? Obviously a spoofed email address from a non-existent dot com site. That leaves one email that may or may not be from Facebook. It doesn’t have a username in the subject line. Again, hover your mouse over the email to see this:
Although there is no username in the subject line, we know this is from Facebook.
Now, we can’t generalize here. Just as the phishing email had spoofed an address, the photo above shows what could also be a spoofed address. We’re pretty sure it isn’t but let’s open it, just in case.
Well, turns out that this is really from Facebook because it has the user’s name in it.
What’s in the phishing email? Let’s see.
A link to a Russian dating site…maybe. Two other phishing links at the bottom.
When you see something like this, delete it immediately. It’s not the ‘intimatehotdating’ link that is dangerous. That link may or may not be real but the two links at the bottom are very devious. See the ‘.php’ at the end of each link? That’s the giveaway. Should you happen to click on either one, we suspect that some kind of script would run. If you are logged in to your Facebook account, we assume that your credentials could be snagged. We also suspect that these links lead to sites which may install something akin to a trojan that would send the same message to everyone on your contact list.
The solution to all of this is fairly simple. Turn off all of your Facebook notifications. That way, you’ll know immediately that any Facebook emails that you receive are fake. If you are a regular Facebook user, you’re probably on your account almost every day. There’s no need to be hounded by emails about every little thing that you or your friends do there.
Thanks for reading! Questions, comments, suggestions are always welcome. Like our Facebook page to get all of our updates. Here’s the link: Computers Made Simple on Facebook
In our last post, we described how to encrypt an email using JavaScrypt, a simple but effective way to hide your personal information from prying eyes. That post is here: Encrypt Your Emails For Free. Today’s post assumes that you’ve read the linked one so, if you haven’t read it yet, head over and check it out. We’ll wait…
Back? OK, here we go. The message that we used yesterday was very simple but the encoded message was obviously encrypted. What if we still wanted to encrypt a message but didn’t want it to look as if it was in code? It’s pretty clear that an encrypted message would raise suspicions about its content, even if that content was completely innocent. Here’s how to solve that problem.
Steganography is the term for this process, hiding something in plain sight. There are several ways to do it but, for now, let’s stick with what we learned yesterday. To accomplish this task, you must have two browser windows open. First, open up the link from yesterday’s post. Here it is: JavaScrypt Encryption.
When the page opens, run through the same process as we described previously, generate a code, write a simple message and then encrypt it. You’ll end up with something that looks like this:
Gobbledy guck, mishmash, pure Blarney, right?
It’s painfully obvious that this is an encrypted message. Let’s make it look like bad poetry. Open this page: Stego! Text Steganography. Both pages are by the same person, more on him later, so they look very similar. What we’re going to do here is simply copying and pasting from one browser window to the other. Our aim is to hide the encrypted message in text that looks vaguely normal, in other words ‘words’. Let’s get going:
1. We will use the encrypted message in the photo above. Highlight it then right click and choose Copy. Go to the Stego page (link just above this), click in the pink box, right click and choose Paste. Under the pink box is the word Hide. Click it.
Click the Hide button.
2. Once you click the Hide button, a new message appears in the orange box at the bottom.
What’s this? Some gibberish?
3. What we have now is an encrypted message that has been transformed into something that looks a bit less intimidating and a whole lot less suspicious. What do we do now? We can’t decrypt this gibberish, not directly anyway. We have to ‘unhide’ it. Normally you would have to copy the words from an email then paste them into the orange box. For now, just erase the encrypted message in the pink window and leave the words in the bottom window. Like this:
Empty the top box and click the word Seek.
4. Click Seek and the original encrypted message will appear in the top box again.
Voilà! It’s back again.
This two page, multi-step process takes an email, or any text document for that matter, encrypts it, then changes the encrypted message into something that resembles normal English. If this text happened to be buried in a much longer document, there’s a good chance that it wouldn’t be noticed. While this whole thing takes a bit of extra time, we think you’re more likely to slip beneath the radar, if you know what we mean.
TIP: In order to use this system, all of the settings have to be the same for the encryption and the decryption as well as for the ‘hiding’ and ‘seeking’. Each page of the site gives you ample information to change the settings to your own specifications but be sure to make a record of those settings if you want to have a problem-free experience.
The site that we’ve linked to here belong to John Walker, co-creator of the Autodesk company and its software (AutoCad). Both pages that we’ve mentioned can be downloaded and run on your computer, no Internet connection is necessary. In other words, you could perform all of your encryption/decryption tasks ‘offline’.
Should you encrypt your emails? That’s up to you. We don’t but we sleep a bit better knowing that, if the need arises, we could. If you think the process described here is new, it’s not. The two pages we’ve mentioned were created in 2005. We are not naive enough to think that this simple encryption process is invincible to decryption by a third party and neither should you. What we have described here will keep your private information out of the hands of people who shouldn’t be snooping in your stuff anyway. Besides, it’s fun to experiment with this and it makes very interesting chatter at the dinner table, right?
Thanks for reading! Like us on Facebook and you’ll be able to keep up with our latest news and posts: Computer Made Simple on Facebook.
As of today, June 11, 2013, it’s been revealed the the U.S. government has been snooping in every email, every text message, every online chat and probably every other form of communication for quite a while. Your privacy is gone, you probably know that already, and we think it’s going to be a long time before you get that privacy back. We think that it’s not only the U.S. that is doing this. We’re in Canada and we’re quite sure it’s happening here, too.
How does all of this affect you? You’re probably saying, “I’m not doing anything illegal. I’ve got nothing to worry about”. That may well be true but this spying could affect your life in many different ways. Do you bank online? Do you do your taxes online? As you know, your tax information is supposedly between you and your tax department. It doesn’t matter if you are a hitman for the mob, as long as you declare your income, you are safe from prosecution by the tax department. That’s all changed, hasn’t it? Now the government knows you’re a hitman, they know how much you make and they know, likely, who pays you. Anything that you report to the IRS, for example, is wide open to every other government agency. This has been happening since 2007, by the way. Maybe it’s time to rethink how you do things on the Internet.
Today’s post deals with email encryption. We’ve been searching for an easy and free way to re-secure privacy when sending and receiving emails. We’re going to do at least two posts on this, so let’s get started.
2. The page itself is self-explanatory but we’re going to run through the steps to use it, just in case you get lost. There are three parts to any encryption process. First you need to know how to decrypt what you encrypt. If you think of encryption as the secret code writing that you may have enjoyed as a child, you know that in a simple transposition code, the person who gets your message must know how to rearrange the letters to read it. With the type of encryption we’re discussing here, you need a key to both encrypt and decrypt any message you send. The key takes the place of the encoding rules that you used as a kid.
As you can see on the JavaScrypt site, the key is the first part of the process. You can use your own or have one generated for you. The generated key is quite long and complicated but, obviously, very secure. In your case, you could use a simpler key that could be made up of a series of numbers and letters, something that is relatively easy to remember. Think of parts of your first address, your old cell number, your mother’s maiden name, things like that. If the pieces of the key are easy to remember, then you don’t have to write it down. In that case, although the key may not be as secure as the generated one, it is a bit more secure because it’s not written down anywhere, right?
3. Once you have the key, you need the message to encrypt. You may not have a need to send an encrypted email to a friend or relative but maybe you want to send personal information to yourself. Let’s say you want to save a copy of your password list. Encrypt it and send it to yourself in an email. As long as you remember the key, your information is safe and you can retrieve it.
Let’s generate a key on the site:
A text key is shown.
4. The site describes the difference between a Text key and a Hexadecimal key. We’ve used a Text key but read the description and make your own decision. Next comes the message:
Something simple for our example.
Enter the text in the green box. Don’t worry about length at this point. You can always send long messages in multiple emails.
5. Once the text has been entered and you have chosen a key, kit the Encrypt button:
Message above, encrypted message below. Jason Bourne would be proud of you!
6. So far we have two of the three parts we need. Let’s see how we get the third part. The encrypted message is in the pink zone. Let’s delete the original message from the green zone:
The original is now history but the encrypted message still remains.
7. Move down to the pink area and set your cursor up in the top left corner and hit the Enter key to move everything down one line. That will leave an empty line at the top, right?
An empty line is needed to copy and paste the key into the encrypted message.
8. Go up to the key line, highlight it and click the right mouse button then choose Copy. Go back to the pink area and click in the empty line, right click and choose Paste:
The key is in place now so press the Decrypt button.
9. As long as the green box is empty, the message will reappear there as soon as you press the Decrypt button.
There it is! As if by magic, the message appears again.
That’s it! You’ve just encrypted then decrypted a message than would be very hard to decrypt unless someone knew the key. How secure is this system? Secure enough that it would take a fairly long time for anyone to decrypt it, if indeed they could. The better the key, the more secure the message.
TIP: Keys are not a one-time, throwaway item. You could use a different key for each message but you could also use the same key for each friend. As long as someone has the key you used for encryption, they can decrypt your message.
If the key is easy for you and your friend/relative to remember, there is no need to write it down. Even so, you don’t want to send the key in an email, right? There are many ways to get the key to the person without using electronic means. Be creative!
This has been a long post but it’s an important topic, isn’t it? Let us know what you think about this or any other topic that’s important to you.
We own quite a few domain names here at Computers Made Simple. All are registered with one company, all are up to date and all are set to automatically renew on their respective anniversary dates. We get substantial amounts of email from our domain company but we also get emails from the vulture service that is known as ‘Domain Service’.
This particularly loathsome outfit scours the web for domains that are about to expire. Once they find such a domain, they send out an email, from a hotmail account if you can believe it, that looks like this:
This looks vaguely like a domain renewal notice.
Next, farther down the email, comes the prices:
Ridiculous prices for nothing, absolutely nothing.
Lastly, here is a description (in fine print) of what this email is actually soliciting:
This is a ‘search engine submission’, something that is completely unnecessary these days.
Once you read the fine print, you’ll see that this is just another scam. With the likes of Google and Bing, there is no need for ‘search engine submission’ at all. Additionally, this looks vaguely like a domain registration renewal, doesn’t it? Even if it it was, the prices are at least three times higher than any other company out there. There is no ‘lifetime’ renewal, by the way.
The big clue in this would be the originating email address. We can guarantee that no reputable company uses a hotmail address. The web is full of scams like this. We’ll try to help you identify them as they come to our attention.
Thanks for reading!
a little bit of hi-tech, a little bit of common sense and a lot of fun
