This email arrived, allegedly from the US Postal Service. Nope, it’s a fake, it’s dangerous, and the USPS doesn’t do this stuff.

These are common, and dangerous. Clicking that link will result, usually, in the installation of a fake security program or a search hijack toolbar. The cleanup is routine bench work (call me if you’re local to Carroll County, Maryland), but even better, just click delete and avoid the problem. And maybe consider improving the filtering on your email; ask your mail provider for help.

These typically include a document you must print, and claim to be from any of these sources:

• Any delivery service, but especially USPS, UPS, Fedex, or DHL.
• Any of the top 50 banks.
• Any government body, but especially the IRS.

How do you know this is a fake? Put the mouse over the link for printing but do not click. Look in the bottom left corner of the screen to see the address that the link will go to. In this case, it should go to USPS.com. It doesn’t. In this email, there are more clues:

• They’re asking you to print a label. None of the groups these claim to be from will do that.
• The domains of the from address, the reply address, and the address in the printing link do not match each other.
• None of the addresses in the e-mail match the claimed sender.
• The email appears to be from a person, not a department, at a giant impersonal organization. That’s highly unlikely.
• The logo shown is not the correct logo. It’s not the right font or the right colors or it’s an old version.
• There are grammar errors, punctuation errors, or word choice errors in the e-mail.
• The instructions in the e-mail don’t quite make sense. In this case, you’re supposed to take a label to the nearest post office to get your package, and not to the specific post office that delivers to your street address.

Notice the shape of the C and S. The real USPS logo uses streamlined characters that are straight at the top and the bottom. The letters in the fake are a curved generic font.

Be suspicious of any e-mail that asks you to print a document, that claims to be from a big company, a big bank, or a government organization, or that is asking you to do something that that organization would normally handle by telephone, or by asking you to react in some other way than by printing a document. When in doubt close the e-mail and contact that organization in the way you normally would–pick up the telephone or go to their webpage, but do not, ever, click an e-mail link without looking where it goes first.

Jerry Stern is webmaster at PC410.com and Startupware.com.

Yesterday was Patch Tuesday. That’s the monthly release date for Microsoft to push out patches for Windows; it’s always on the second Tuesday of the month. Today, I’m getting phone calls about computers being down.

First call: “When I looked at the computer this morning, the screen said it was shutting down. It just sat there, so I rebooted. Nothing. Blank”

My questions: Does that computer run all the time? (Yes, it backs up at night to an external drive.)

So it hasn’t rebooted in a while? (I guess.)

“OK, unplug the external hard drive and any other USB storage devices, and reboot.” That fixed it.

Why? Because PCs of a certain age, circa 2003-2006, frequently dislike booting with a USB storage device plugged in. The machine is never turned off, until Windows Update comes along and forces a reboot.

Second call: “I thought I broke it. It was just sitting there with a spinning message forever. I let it run and it eventually shut down. My husband says I broke it again. You repaired it last week!”

Answer: LOTS of big patches last night. Slow shutdown was normal; patches were installing.

Hey, Microsoft! Automatic patching is clearly doing more good than evil, BUT clear communications would really help. Like “Your monthly security patches from Microsoft are installing right now. These happen on a regular schedule. Learn more at: (simple link that can be remembered for later)” NOT “Your computer is shutting down” or “Installing… Do not turn off your computer…” Clear messages that say that you’re working to improve their security are better than techie messages that say their systems are going DOWN. 🙁

Don’t scare your customers. That’s the job of the bad guys.

The Federal Trade Commission has gone to U.S. District Court, and shut down, at least for the moment, Innovative Marketing, Inc. and ByteHosting Internet Services, LLC, who they’ve identified as the source of such nasty-ware as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.

Here’s their press item:
//www.softwarekb.com/news/2008/12/11/court-halts-bogus-computer-scans/

This group of rogue programs has made this past year interesting for me. I clean up these programs more than any other type of malware, and yes, I get paid. But all in all, I’d rather be upgrading hard drives and building new systems.