All posts by Jerry Stern

Is this Email Safe? Is this Robocall for Real?



I’m often asked whether an email is real, or safe, or dangerous. And the same question shows up applied to web sites And robocalls are rampant right now, and seem to pick up around year-end. What’s real?

Short answer: If you think it’s a scam, it’s probably a scam. It’s either an attempt to have you open a software installer, or read a fake purchase order, or link to a web site selling garbage.

Scam emails have a few things in common:

  • Fake urgency. Act Now! Limited Time Offer! Your computer is infected! 
  • False Authority. These are quotes from big-name companies and “experts” pushing whatever they’re selling.  The quotes either not real, or from people who are not experts in the correct specialty.
  • Fake address. The email address of the sender is from the wrong domain name. 
  • Poor English. Spelling, grammar, or usage are wrong. Incorrect capitalization is common.
  • Jumbled. Word order is typical of languages other than English.
  • Short. If there’s an attachment or a link, the message is frequently one line, because that makes it more difficult for SPAM filters to recognize a bad message.

Good emails and web sites:

  • For an email, the sending email address is at the same domain as the web links. So mail ABOUT Chase Bank is FROM Chase.com, not a Gmail account.
  • Have phone numbers, especially a direct-dial non-toll-free  number.
  • Have a physical address. Even a post office box is OK. That physical address is required by law in commercial emails, under the CAN-SPAM act.
  • Emails have a WORKING Unsubscribe link, also required by law. 

When in doubt, look it up:

Some of this applies to products as well; check these sites to look up the reputation of a company or a web site.

On Google.com, type in the site or product name, and ‘complaints’. Then in the results, look for companies that you know that do reviews, including any of these:

There are other review sites, but be aware that most small sites have poor moderation, and bad reviews could be from competitors. And of course, there are companies that “manage reputations” and that basically means “flood review sites with good reviews until the bad reviews are pushed off the first page.” The companies above are somewhat skilled at detecting those duplicate submissions, and these are not, but may still provide some useful information. The ‘grain of salt’ guideline applies:

For any question of “Is this file I received safe to open?” you can upload it at VirusTotal.com, and it will do multiple antivirus scans immediately.

In general, online reviews of companies or products that are a single line of text, and don’t actually mention the name of what they’re reviewing, are likely bulk submissions from a paid reputation management service. Ignore them, and read the longer reviews signed with real names, or (on some sites) marked as ‘Verified Purchaser’ or similar.

Bad emails and web sites:

  • Hide their physical location. Contact, if any, is by email or chat. There is often no clue as what country they are in.
  • Offer to ‘install software to allow you to view’ their page. That’s an offer to install malware. Close that page.

Both good and evil web sites have:

Encrypted web sites, with addresses starting with https. While secure web sites do provide protection from information entered into an online form from being read ‘in-traffic’ as it goes through the internet, https links do not provide confirmation of identity, just encryption. A “green padlock” link can provide identity confirmation, but only if it’s issued by a known “certificate authority”, and checking the encryption certificate for the issuer is going to show information that is mostly not easy to understand; it’s not a good indication of good or evil.

Already on a Site, and Suspicious?

High-pressure web sites tend to scroll forever, and show an auto-starting video, with no indication of length, that does not allow you to skip ahead. They’re selling the modern equivalent of snake oil, or the cure-all nostrum of the day. They’re promising something that they won’t tell you the price of until you get to the end of that video. They’ll pack that video with, again, fake urgency and endorsements from impressive experts you’ve never heard of, and it’s all just formula pressure sales that are modeled on the old in-person free seminars that push real estate investment books to anyone willing to sit through 4 hours of talking. Close that site.

“We’re from Visa/Mastercard, contacting you about lowering your rate…” Unless you are a bank, you don’t have an account with either the real MasterCard or Visa companies; you have accounts with banks. Visa and MasterCard are credit card interchange corporations, and they do business with banks, not individuals. Visa and MasterCard are competitors,  and they would not co-market interest rate discounts even if they sold accounts directly.

SkyNet called: They want their Terminator back, and they have low credit card rates, too.

Caller-ID is now reliably fiction. I sell phone service, as ‘voice over internet’ or VOIP, and in the setup of each user, you can type in anything you want to be visible as the caller ID information. Telemarketing phone systems change that text constantly. The newest such call here showed ‘Discover Card’ as the caller, but the computer-read script started with claiming to be from Visa/Mastercard’s security department.    

Overall:

Always look at the sender’s email address. If it doesn’t match what’s claimed in the email, there’s something wrong. 

Always look at link destinations before you click; just float the mouse over the link and look in the bottom-left corner of your screen for the destination. It should match the addresses and email domain. 

And be suspicious. Always. The internet makes the wild, wild west look lawful and organized. At the very least, they had a local sheriff.

BackBlaze

Did you Break the Internet?

When it looks like the internet is dead, there are some basic troubleshooting steps you can take to see if you’ve really broken it. (And so far, the answer has been ‘no’.)

Reboot First. And Then Take a Step Back

I know that most of you live in Outlook. Or maybe QuickBooks. So separating the outside world (“internet”) from your computers and networks is, well, fuzzy. Badly defined. Vague-ish. But Outlook is a horrible test of whether or not the internet is up. Testing the internet with Outlook is like saying that if your car can’t move, Interstate 95 is a parking lot. It’s sometimes true, but not really useful for troubleshooting traffic.

So if Outlook stops working, first check if you can reach a popular web page, basically a site that never goes down. Open a browser and see if you can get to Amazon.com or CNN.com. 

No, not Google.com, because Google’s plain white website is so clean and empty that you can’t tell if you’re looking at Google, or at your computer’s memory of Google, what it calls the ‘cache’.  (More on error messages below.)

Is it Down, or Just You?

So if the web page works, and your mail does not, what does that mean? Well, it’s either Outlook (got a bad update, got a bad third-party add-in, got muddled), or your mail server, or the connection in-between. It’s too complex a topic to cover in detail here, but the quick check is to test the web page that matches your email address. If you can reach that, it’s probably an Outlook problem.

For example, if mail isn’t working, and your address is admin@yourdomain.com, check that the web page yourdomain.com is up and working. If it’s up, probably an Outlook issue. If it’s down, your next step is to see if the site is down for the rest of the world, or you have some local issue. You do that on this website:
https://DownForEveryoneOrJustMe.com/

It works just like it sounds. Enter a web page address, and it will tell you if it can see the page, or if it’s just you.

Big Site Down?

If you are trying to reach a popular site, and it looks down, you can test that, too. If Facebook goes down, or Verizon, AOL, Comcast, or a few hundred other popular sites, check it here:
https://DownDetector.com/

The pages are sorted on DownDetector by the number of people checking to see if a page is down, so the with the most reported errors are at the top. Use the search box to look for other sites. Click the site logo to see details; there is a complaint list, newest-first, and an outage map. Frequently, DownDetector will show a regional outage faster than AmericaOnline or Comcast will update their outage pages.

Error Message Numbers

If it isn't here, that's 404.

The internet has error numbers. They tell your browser anything that isn’t an actual web page. If you try to visit a page, and it replies to your browser with a 404, that means something.

  • 404 Not Found (Check your sppellin’)
  • 301 Moved Permanently (and here’s where it went. Google, re-index this.)
  • 302 Moved Temporarily (Be right back. ‘till then, look here.)
  • 403 Forbidden (Sure you shouldn’t have a login for that page?)
  • 500 Server Error (This web server has gone stupid. It’s not you, it’s me.)

These are not totally reliable. If a web page editor changes the name of a page, and you go to the old address, you will see either a 404 (Not found), left no forwarding address, or a 301 (Moved Permanently), change of address to this trendy new place. It takes a human to file that change of address, er, I mean to add the 301 to a list of forwarded addresses. 

There are more, many more errors, mostly of no use to end users. They’re handy for computers talking to each other, and it’s not just web pages, but can include other internet communication: 

  • 407 Proxy required
  • 408 Request Timeout (slow internet or overloaded web site)
  • 200 OK

And then there’s this one:

  • 418 I’m a Teapot

That’s what happens when you tell an internet-connected teapot to brew coffee. OK, it was an April Fool’s gag in 1998, and it got stuck. It’s now an officially-accepted reminder that the internet was designed by humans, with all that implies. More here:
https://en.wikipedia.org/wiki/Hyper_Text_Coffee_Pot_Control_Protocol

http://save418.com/

What’s a Google Alert?

Search

Do you know what’s going on around you? Do you keep an eye on your neighborhood? Google Alerts does that. It helps you watch what’s going on. Basically, it searches the web on a schedule, and sends an email when it finds what you wanted.

First, Google Alerts is online here:
https://www.google.com/alerts

You can use Google Alerts to tell you when your name (or your street name) shows up in new search results, or news, and get an email announcement and link. You can choose how often you are notified, what language to look for, or just look for very specific things. Search wording that works in a normal Google Search will work in an alert as well. (More on that below.)

So you should have an alert at Google for your name. And your kids’ names, maybe a news alert for your neighborhood. But how about your business partners, suppliers, and customers?

Example: If you use a company to run 1099 and W-2 forms for your staff’s tax forms, you should know if they have a security breach. Like this one:
https://krebsonsecurity.com/2018/07/human-resources-firm-complyright-breached/

That article tells about a security problem at ComplyRight.com. In short, they’ve been hacked. There is no notice on their front page or their news page. But wait, they’re better known by another name, efile4biz.com, which lists a ‘family of brands’, not including ComplyRight, of PosterTracker, TrackSmart, I-Rdirect, and PosterGuard.  How would you know? A Google Alert would tell you as soon as it was mentioned on any web page indexed by Google.

In my own case, I have permanent search alerts on key business partners. For example, web service companies, really cloud companies of any type, tend to merge out of existence and go away or become something else. The ‘RMM’, or ‘remote monitoring and management’ providers, have been very active lately–you can’t tell who used to be what without a lineage chart. I have Google Alerts in-place on any service company I would have a problem moving away from quickly, so that I know about mergers before they’re implemented. 

Banks are also bad that way, constantly merging. Google Alerts tells me about mergers months before there are any notices directly from a bank that’s about to merge.

How about evil? Well, yes. There have been times when I wanted to have early notice if certain characters showed up in newspaper crime reports or bankruptcy notices. Alerts can do that, too.

Finally, Google Alerts on your own trademarks and company name tell you when you are getting noticed on the ‘net, in reviews or in social media. Google yourself, but use automation.


Google Searching, Slightly Advanced

You can improve search results at Google by adding some extra instructions. Example: It’s not safe to search for a phone number at Google for any electronic product. The results are poisoned. That’s a real term for search results that include dangerous links, either hoaxes or malware. Here are what different searches can do.

Hewlett Packard printer tech support phone 

This results in a page that includes BOTH real and fake tech support numbers; half of the first page is to service companies who will say “We are the tech support for this product” when they definitely are anything but that. We want to avoid that problem.

site:hp.com printer tech support phone 

Better, adding ‘site:… ‘ creates a list of ONLY web sites that are at hp.com, and related sites like support.hp.com, and there are no dangerous results in the list. 

Local Searches

If you type ‘hotels’ into Google, it will, by default, show you hotels near your location. It just knows, based on your IP address, or your signed-in account at GMail, or through a cookie from DoubleClick (owned by Google), or in many other ways. If you actually wanted a hotel listing for a specific area, you can search by location with the name of the city and state, or the zip code.

Hotels near 90210

That gets you to Beverly Hills.

Reminders of Math Class

Some of you studied Boolean Arithmetic, or remember Venn Diagrams. They’re related; both deal with sets of things. As it applies to search, looking for “eggs and bacon” versus “eggs bacon” is not the same thing. The ‘and’ means that every entry in the results must include both items, and “eggs bacon” shows results that include eggs but no bacon, and bacon without eggs, as well as all the results that include both. Venn Diagrams would call that the intersection of the sets, versus the Superset. Boolean Algebra uses ‘AND’ to show ONLY the search results that include both words, or ‘OR’ to include either/both/any results.

The reason why Google search results have always been better than other search sites was, at first, that they defaulted to all ‘and’ searches, while most sites, twenty years back, used ‘or’ searches by default, because their computers and indexes were too slow to narrow that search. Now, Google results are still ‘and’ searches, but there is also considerable computer work based on trying to show what you want instead of what you typed, and that takes a lot more than just studies of supersets.

Egg dishes -bacon

Adding a – before a word means that you don’t want results that include that word. So this search will show you egg dishes but not include any that have bacon. Bonus: Adding the dash for a negative search word also works on Amazon and eBay. (Boolean version: egg dishes NOT bacon)

“Your Full Name” 

Placing a search inside quotes means that you want everything in that search just as you typed it. Without the quotes, Google looks for pages that include all those words in any position on the page, and in any order. 

related:jeep

This tells Google to look for sites like that you entered. The results tend to be less about buying a thing, and more about news or competitors.

There are more ways to search, and an article of search tips here:
https://www.lifehack.org/articles/technology/20-tips-use-google-search-efficiently.html