Yes, it’s new, it’s improved. Maybe. It’s Windows 10, and the latest and allegedly greatest version yet is due to auto-update itself in April and May. In April, Edge goes away, to be replaced by Edge Chromium. For most users, it was already gone, but now it’s no longer an option, the April Patch Tuesday (April 13th, 2021) updates remove the original Microsoft-written Edge, which could now be called Edge Legacy, and replaces it with the new Edge version based on Chromium, which is basically the source for Google Chrome. I’m not saying it’s bad, the issue is not the software but the forceful install and the constant barrage of anti-competitive messages asking to change browser defaults away from what you’ve set as your choice of browser. So that’s April.
And then, probably in May, there’s the semi-annual update, to be known as Windows 10 21H1. Supposedly a quick update, 5 minutes. My test ran 2 hours, but that was from a DVD updater, which is the only option for updating until the actual release. So, maybe quick.
More in the April PC Updater News, free newsletter, available now, along with back issues.
The February newsletter is out. It’s how best to NOT use Notifications, Add-Ons, and fake tech support phone numbers. You can protect yourself from constant popups and slow computers, and outright fraud, by learning what it is you’re clicking on, and knowing when to be suspicious.
Back to Basics: a phish is an email
that’s ‘fishing’ for you to click a link or take an action that hooks
you into a scam, either to take your cash or control your online
accounts, or convert your computer into an online employee (‘bot’) of
the phish-sender (the ‘botnet herder’).
And a ‘spear phish’ is a targeted
phish, customized to just one recipient, frequently with scary amounts
of inside knowledge, like the names of coworkers, where you bank, and so
on. In-between, there’s just a rough attempt to make the message look
personal, usually by taking the domain from your email
(yourbusiness.com) and using it throughout the email. It’s rarely a true
one-recipient spear phish, unless you are a public officer of a large
corporation, or a ‘target of value.’ Some of the Democrats hacked during
the last election were attacked using spear phish emails. For most of
us, we’ll just see phish with some mail-merge insertions of our email
addresses in a few spots.
So, do you believe that the email shown below is real? Did I win the lottery?
I hope there were only ‘no!’ answers
for that. The “UNITE STATE” company mentioned, Facebook, is made to
appear to have a Canadian address, a South African bank, and a FREE
email address from Yahoo of Japan, and a phone number with a South
Africa country code of 27. And they’re asking for enough information,
with that driver’s license, to run a credit check or apply for a loan.
So, clearly I did not win a lottery that I never entered in the first
place.
So, if no one believes that phish, why
is this one so convincing? It’s a new version, just showing up this
month in very large numbers, somewhat shortened because the original
content is far too crude to include here:
Hello there, Hope u do not mind my english sentence structure, because i’m from Germany. I contaminated your machine with a malware and im in possession of all of your personal data from your operating-system… (vague threats of web site history recordings here) After some time additionally, it pulled out every one of your social contacts. If you ever would like me to remove your everything i currently have – transmit me 790 us in btc it’s a cryptocurrency. Its my account transfer address – 141… At this moment you will have 26 hours. to make up your mind Once i will receive the transaction i’ll eliminate this video and every little thing thoroughly. Or else, please remember this evidence would be sent to your contacts.
Some of these show up with your own email address as the ‘from’ or ‘reply-to’ address. It’s faked. Scammers who have your real email login information use it to send bulk mail, not ask for Bitcoin.
There have been a lot of these for the last two months, blackmail letters with Bitcoin payment demands and claims about webcams. Bitcoin is difficult to trace and impossible to call back. Delete these hoaxes. Some of them include real passwords-mine included a password for a video website I visited 6 years back, so I know that “learntoprogram.tv” was hacked and lost their user list.
I know that site was hacked because I
gave it a unique password. No passwords used online should be used in
more than one location, because once a site owner realizes that they’ve
been hacked, they don’t tell you. They just set the database for
everybody to “lock out user until they request a ‘forgot my password’
reset link.” But if they were hacked, that means that some hacker has
your email address and a password that you have used, somewhere, at
least once. So they’ll start bulk attempts to use their new
million-address database of stolen email and password pairs to log in at
the top 50 banks, Amazon, the Apple Store, even some online games where
you’ve built up a powerful character to take over. They’ll attempt to
log into anything with digital resale value or a cash equivalent. If
they succeed, they can take over that account, and whatever it contains.
Again, don’t re-use passwords. When they’re hacked on one site, they’re tested elsewhere and everywhere.
