Tag Archives: email

Tech woes…

You know how sometimes a great idea turns out to be bloody awful? Welcome to my day.

I now, officially, only have a $hitty Outlook365 webmail client to work with. What’s worse, I’ve lost all the emails that used to live on my Opera Mail client. So if any of you emailed me in the last 12 hours, sorry, it’s all gone. Every. Last. One.

The one good thing out of today’s disaster is that I managed to export my Contact list before everything fell apart. The bad thing is that the Contact list only works with Opera Mail so unless I can get Opera Mail back up and running, I’ll have to re-enter the contact list manually. I don’t like my chances because apparently, few email clients like playing with Outlook365 email. The reason is something called ‘Exchange’. Exchange plays nice with the crap that is Outlook. It does not play nice with much else.

So, I have three options:

  1. Reinstall Outlook from Office 16
  2. Continue to use the shitty webmail client for Outlook365 email
  3. Keep searching for a non-Microsoft email client that works with Exchange

I’ve read about some workarounds including, Davmail & Thunderbird, Thunderbird & Exquilla, and eM mail [$49]. The first two will probably send my hair white, not grey. The last I refuse to even consider because saving money was what got me into this mess in the first place. And not even that much money…

Less that $100 AUD. That’s what I saved today by deleting my hosting account with GoDaddy.

“What with what?” you say.

In order to have your own website, you need a) a domain and b) a web host for that domain. There are lots of webhosts but I was using GoDaddy. Domains are peanuts – about $20 per year – but the web hosting can really mount up, especially when you have to pay a lump sum for the whole year.

That’s what I was facing this morning, so I rang Godaddy and asked if I could ditch the webhosting but keep my email addresses. The answer was yes, but the implementation did not turn out to be as easy, or cheap, as expected. For starters, the email addresses were linked to the hosting, but wait! For just $50 per year, I could get a plan that would allow me to keep both emails going.

“Great!” said I. “Let’s do it.”

That is the point at which I should have asked for ‘more information’, hung up and done some research. Clearly I didn’t, but that decision was at least partly due to phone fatigue. I’d waited 15 minutes to speak to a person in the first place, so by the time this plan was offered, I just wanted to get it done

I think you can probably guess the rest, not the nitty gritty details, but the general gist. I was committed, the process began, it was too late to turn back, things went wrong. And then things went even more wrong. 😦

Now here I sit, scratching my head and wondering how on earth I’m going to get myself out of this one. I do still have my email addresses, and they do sort of work, so if you write to me I ‘should’ be able to answer, but for the moment, that’s it. And I’ve wasted the best part of the day digging this particular hole.

So, the moral of this story is that Outlook365 is not great unless you’re committed to using Microsoft’s Outlook as well. Given how much I love Micro$oft, I’m feeling kind of sick at the moment.

Not happy,

Meeks


Beware! Origin Energy email scam

I just received a warning from the government website – Stay Smart Online:

https://www.staysmartonline.gov.au/alert-service/malicious-emails-impersonate-origin-energy

It’s free to register and the warnings can save you from malicious attack. Anyway, this particular warning referred to a new email scam that was reported by the Herald Sun newspaper on the 19th of July, 2017. You can read it here:

http://www.heraldsun.com.au/technology/origin-energy-scam-emails-new-malware-attack-hits-australians/news-story/9d5bd312efa909a548fb9e9e3ac00e23

Basically, the scammers have copied the Origin Energy bill payment email format to trick customers into clicking on fake links that will expose them to malware or worse. Sadly, this is an eventuality I predicted over a year ago when I wrote a post about this very issue:

‘What’s wrong [with email bills] is that each link is a potential opening for scammers to steal your information, especially that big, orange ‘Pay now’ button. You see, these days, the really good scammers can reproduce the Origin Energy logo, its fonts, the colours, even the text…PERFECTLY. If you were to receive one of these reproductions, you would need to look very, very carefully to pick the fake from the original. And let’s face it, how many of us scrutinise each email we receive, especially when we are expecting to receive it?’

You can read the full post here:

http://wp.me/p25AFu-2mi

The Origin Energy response has been to ‘teach’ customers how to spot a fake email. Not good enough. Here’s what I wrote in that same post from June last year:

‘And what do you think the big corporations are going to do about the theft of all my money? Will they pull their hair out by the roots and cry ‘mea culpa, mea culpa’? Not on your life. They’ll say that the fault was all mine. They’ll say that they warn customers about ‘scammers’ so it’s a case of ‘buyer beware’.

Having our accounts hacked is too high a price to pay for the convenience on offer. NEVER pay your Origin Energy bills via their emails. Pretend they’re just paper bills and go into your internet banking to pay them safely. Origin Energy created an opening for scammers and you didn’t have to be a psychic to know this would be the result. 😦

Meeks

 


Just for fun

Couldn’t resist showing you a screenshot of an email I received from Amazon today :

amazon-advert-1

I’m thrilled that Amazon is sending these emails out but…you’d think the algorithm would be smart enough to know I’m not likely to buy something I published myself?

One of the other recommendations was a little odd as well because it’s for a novel I’ve already bought [from Amazon] and read. Still pretty chuffed though.:)

cheers

Meeks

 


Possible new #email #scam ?

I’m not a programmer so I’m just guessing that the two emails below are scams, but whatever they are, any change of pattern deserves caution.

So what are these changes of pattern?

I’ve noticed two, and they both involve the email address of the sender. Before I show you what I mean, it’s worth having a quick look at the standard parts or components of an email address. I’ll use my gmail address [this is my public email only] to illustrate:

meekasmind@gmail.com

The components are as follows:

  1. the username – i.e. meekasmind
  2. the @ symbol
  3. the mail server – i.e. gmail
  4. the top level doman or extension – i.e.  .com

The @ symbol never varies but the username could be just about anything, same with the mail server, however the top level doman is usually restricted to a few familiar extensions. These include:

  • .com
  • .org
  • .net
  • .info

I’m sure there are more, but those are the main ones, off the top of my head. Outside of the US, these extensions often include the country code – e.g. .com.au for Australia.

Now have a look at the screenshots of emails I received just this week:

security scam concert-tickets

This is the first one I received. Note the .stream extension. Now it is possible that new extensions were approved while I wasn’t looking, but when I searched for the ‘concert-tickets‘ mail server from which the email supposedly came, I found nothing. Zip, zero, nada.

The next day I received three more emails with the hypenated mail server name and the .stream extension. Hmm..a pattern emerging here.

Then today a variation on the theme:

security scam or hack 2

Instead of a .stream extension on the email address, we now have a .download. Assuming the .download and .stream extensions are legitimate, just exactly how many of these extensions are there?

Note something else as well. Under ‘Improve Your Vision’ [which is a link to another web location] there is vertical line. That line is not a truncated picture holder [given that Firefox blocked the images embedded in the body of the email*]. Nor is it an error. That line is another link.

Why is that line potentially significant?

Because even people who know to be wary of links in emails might click it just to find out what it is.

For me, another suspicious thing is the lack of ‘other’ information in any of these emails. Now it’s possible that the blocked images contain more information – i.e. text – but as a form of marketing, this doesn’t seem to be very smart. Which leads me to suspect that it’s not really marketing at all.

If anyone knows anything about these ‘new’ extensions – i.e. whether they are legitimate or not – please reply in comments. Until we know for sure, however, please treat these kinds of emails as potentially dangerous.

cheers

Meeks

*The reason Firefox blocks at least some images in emails is that certain images ‘can’ contain malicious code. I’m not sure how that works, and I’m not sure how often it happens, but I know it’s a possibility.


#Email bills – Christmas for #scammers?

Here in Australia, Origin Energy [one of the big utilities companies] recently introduced gas and electricity accounts sent via email. Good idea? Not so, and here’s a picture of why:

email bills

The screenshot above is a picture of my new, email electricity bill. Notice all the red? Each one of those circles denotes a link to some address on the internet. Click on that link and you are automatically taken to that address.

So what’s wrong with that, you ask? We all use the internet a million times a day.

What’s wrong is that each link is a potential opening for scammers to steal your information, especially that big, orange ‘Pay now’ button. You see, these days, the really good scammers can reproduce the Origin Energy logo, its fonts, the colours, even the text…PERFECTLY. If you were to receive one of these reproductions, you would need to look very, very carefully to pick the fake from the original. And let’s face it, how many of us scrutinise each email we receive, especially when we are expecting to receive it?

Expectation lowers our defences.

I already expect to receive a mobile phone account [via email], and now I will also expect to receive gas and electricity bills, via email. I may scrutinise the first five, ten, 25 emails but after that? I’ll get complacent.

One day, I’ll be in a hurry and I’ll forget to check all the tell tale signs of a forgery. I’ll click on that big orange ‘Pay now‘ button in the email, and it’ll take me…somewhere. That somewhere will look like the  real deal as well so, still in a hurry, I’ll enter my banking details, pay the ‘bill’ and get on with my life. But one day in the not too distant future I’ll realise my bank account has been hacked. And in that moment of disbelief and horror, I’ll remember the day convenience, and a busy life style, made me follow a link in an email.

And what do you think the big corporations are going to do about the theft of all my money? Will they pull their hair out by the roots and cry ‘mea culpa, mea culpa’? Not on your life. They’ll say that the fault was all mine. They’ll say that they warn customers about ‘scammers’ so it’s a case of ‘buyer beware’.

But the truth is that the big corporations will NOT warn you about this particular type of scam because they do not want to put you off their new, much-cheaper-to-run email billing service. Origin intends to charge $2 for each paper bill from now on. I’m pretty sure the real cost of sending out a paper bill is nowhere near that much, so they won’t be saving $2 for every bill to every customer, but they will be saving something. Multiply ‘something’ by hundreds of thousands of customers and the bottom line starts to look a whole lot better.

So what’s the solution?

The solution is to print the bills off and pay them as you would a paper bill – by going directly to your internet banking and using BPay to pay the bills from there.

As a caveat, I have to say that I can’t guarantee that internet banking is 100% safe. I believe it is, but I can’t guarantee it. However…if the banks mess up with your money, they have to pay you back. If you mess up with your money, that’s it, it’s gone. You might try a class action suit against the corporation in question, perhaps citing negligence, but going through the courts could take years and may still not succeed.

Why not? Because no one held a gun to your head and made you click that ‘Pay now’ button.

This is the reason I keep bleating on about not clicking on links in emails. That little bit of extra convenience is just not worth it. And yes, it could happen to you.

Take care and stay safe,

Meeks

 

 

 


Australia Post #scam email

This one really had me going for a sec. Have a look:

Australia Post scam

We’ve been getting a lot of parcels lately, the Offspring and I, so when I saw this email, my first thought was that it was genuine. Luckily the weight shown below the bogus tracking number – 1.67 kg – made me suspicious as nothing we’ve bought has been heavy.

The very next thing I looked at was the ‘From’ line which reads:

Australia Post <clientes@gourmetconcept.es>

Quite apart from the weird email address for a supposed national postal service, the country code is ‘.es’ and that stands for Spain, not Australia. So I think I can safely say this was not from my friendly post office.

I can also say that as a scam, this looks bloody good. The graphics are all correct. I couldn’t see an obvious typo or poor grammar. No attachment to be wary of, and no obvious links taking you god knows where… BUT…have a look at that big red ‘Print out package info’ button. It doesn’t look like a link, but I’ll bet that it takes you somewhere that requires some kind of ID to be entered [I didn’t click so I don’t know for sure but I’m pretty confident].

So…a very clever scam email. If any of my aussie friends get one – delete, delete, delete!

cheers

Meeks

 


Spear Phishing – a nasty variation of the email scam

I came across an article this evening that talked about a hack attack against Kaspersky Labs, one of the best anti-virus companies around. Coincidentally, I happen use Kaspersky anti-virus software so I had a vested interest in finding out more.

I won’t bore you with the full story but apparently the hackers gained access to the Kaspersky networks via what’s called ‘spear phishing’. Excuse me?

This is an excerpt from the best explanation I found online:

Introduction

The latest twist on phishing is spear phishing. No, it’s not a sport, it’s a scam and you’re the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Learn how to protect yourself.

Email from a “Friend”

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: “Hi Bob” instead of “Dear Sir.” The email may make reference to a “mutual friend.” Or to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.

Using Your Web Presence Against You

How do you become a target of a spear phisher? From the information you put on the Internet from your PC or smartphone. For example, they might scan social networking sites, find your page, your email address, your friends list, and a recent post by you telling friends about the cool new camera you bought at an online retail site. Using that information, a spear phisher could pose as a friend, send you an email, and ask you for a password to your photo page. If you respond with the password, they’ll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right one, they’ll use it to run up a nice tab for you. Or the spear phisher might use the same information to pose as somebody from the online retailer and ask you to reset your password, or re-verify your credit card number. If you do, he’ll do you financial harm.’

You can read the complete article here:

http://au.norton.com/spear-phishing-scam-not-sport/article

What I find particularly unpleasant about spear phishing is that it uses personalised attacks to take you off guard. We all know not to bite when we get an email address to Dear Customer or some such generic salutation, but when we get something specifically addressed to us? Perhaps from a company that we actually do have contact with? How many of us would think to question that nice, convenient link?

Luckily most of us aren’t important enough to justify such an attack, but that does not mean we are safe. As a matter of principle [and habit!] we should make it a rule to NEVER use links in emails, no matter how convenient they are. It’s just not worth it.

Night, night

Meeks


%d bloggers like this: