Category Archives: Newsletter Reprints

Is That eMail for Real?

The easiest way for hackers and ransomware to mess with your computer is social engineering. Basically, that means ‘Wear the appropriate repair-guy uniform, walk into the building looking confident, and go directly to the system that you will be “fixing.” No one challenges that, right?

OK, well then, would you click on this email? I don’t remember ordering a pricy server from Amazon, but it looks like I’m getting one. I guess I’d better look in there and see who ordered it for me; could be that my account was hacked. 

Fake Amazon Order

So what’s wrong with it? Here goes, most obvious and visible items first:

  • I ordered no such thing.
  • The sender’s email address has the wrong domain, ‘’ which is also not the web address for Wonder Woman’s family island.
  • The return address for Amazon orders is generally
  • The format of the email is simpler than the usual Amazon shipping confirmation, missing gray backgrounds, logos, and a picture of each item ordered. It looks a lot like an Amazon confirmation from ten years ago.
  • The order number is not a text link in the email, and the last section has too many numbers.
  • “it may take 24 hours for tracking information to be available in your account.” No, tracking shows up in Amazon before the email is sent; it’s Fedex and UPS that will just say ‘label printed’ until the next morning.
  • Finally, not visible above, if you float your mouse over the ‘Order Details’ button, which is missing the orange logo that Amazon would normally use, you will see the link, which goes to usintecmedical_ com_br, not Amazon. That ‘’ points to a site in Brazil, probably hacked.

What to do? Will this big Dell system show up at my door? No. I TYPED ‘’ into my browser, didn’t follow the link, and checked. No surprises there. However, that medical address in Brazil would likely have looked like an Amazon page, asked for a login, which it would keep and use, and then forwarded you to the real Amazon. Or the site would attempt to install malware. Be suspicious. These fake confirmations can look like they come from nearly any large company.


Computer Security Errors 101

A reprint from the PC410 Security Newsletter:

password isn't a password

I’m asked “is this safe?” over and over again. Usually, it’s a link in an email. And congratulations to those of you who stopped long enough to recognize a suspicious link, or asked before clicking your way to the web site of some Nigerian Prince with millions in oil money to give you, but who also wants to encrypt your hard drive for ransom and steal your bitcoins while capturing your email passwords so that he can send out a few million more Nigerian Prince letters from your email account.

OK, it’s usually not that obvious. Here are the security errors I see most often.

Passwords in plain sight.

No, don’t write your passwords on the monitor, or a Post-it note, or a label on the bottom of your keyboard. And don’t leave a file called ‘Passwords’ on the desktop, either. It’s really not the Windows login password that’s at risk here: anyone with physical access to your computer can read all the data without the password, by erasing the passwords with a program loaded from a bootable USB stick, or by removing the drive and connecting it to any other computer.

The passwords that should never be visible are banking passwords, email account passwords, QuickBooks passwords, any account that has payment information stored. That includes logins at Amazon and iTunes. Security issues at online merchants have occurred because, well, “someone contacted us, with your password, so we shipped them what they wanted, where they wanted it. And then they reset the password. Wasn’t that you?”

Re-using Passwords

Passwords should be unique. If you have a “usual password” for everything online, stop it. Change it everywhere. When online merchants and service companies have security issues, they invalidate millions of passwords, and make you reset your password, by making it look like you forgot it. You didn’t, they gave it away, so now they’re asking for a new one, because they couldn’t take care of the last one.

So all those sets of millions of hacked passwords from the recent online “We were hacked” events, containing both login names and emails, is ‘out there’, where other hackers will assume that if your password at Amazon was ‘i-want-it-now’, then your password at any of a hundred other sites is likely the same. So they try it, in bulk, and take over some percentage of those accounts. Worse, they take over accounts at multiple web sites from the same victim at once; that’s havoc multiplied into identity theft.

Now, if your password is the same everywhere, when one site says something that means, in real life, “we lost it, give us another,” that means that you have to reset it everywhere you used it. If each site had a unique password to start with, that risk is avoided.

Only One User Account in Windows

So what’s the risk of only one Windows login account? There are two:

1) When there’s just one Windows user, that user is an administrator, with full install rights, and any malware that arrives on the computer can run an install program without any need to enter a password–sometimes, there is no on-screen indication of new software at all. The account used to surf the web and open email should be a ‘limited’ or ‘standard’ account, which can’t install software. In addition, there should be an account with administrator rights, used for installing software and updates, and nothing else; it’s not for web surfing.

2) With only one account on the computer, it’s harder to repair that account if it’s damaged. This is a problem that didn’t happen much until Windows Vista came along, but since then, user profiles, also known as Windows user accounts, can become corrupted, and after login, there’s one of these messages on-screen:

  • The User Profile Service service failed the logon. (That error message is courtesy of Microsoft’s Department of Redundancy Department.)
  • You have been logged on with a temporary profile.

In both cases, you can’t reach your desktop or your files. If there is a second account to log into, a remote fix is usually possible. If not, especially with the “Service service” message, the repair can’t be done remotely.

Jerry Stern
Chief Technology Officer,