Thank You Facebook Security

Written: May 11, 2016

Each morning after breakfast I start my work day by reading email messages to see what needs my attention or is urgent. This security message from Facebook stood out right away as something that I should look into right away:

Facebook email

The return address was from security@facebook.com, they knew my first name, the English was proper, the message made sense, and the link they wanted me to click was legitimate, https://www.facebook.com/login/. I certainly didn’t try to login to Facebook at 3:24AM using the Firefox browser on Windows 8, because my default browser is Google Chrome on Mac OS X.

Once I visited the login page I was greeted with a dialog telling me that my Facebook account was temporarily locked:

Your account is locked

The next dialog asked if I had tried to login on Facebook from South Korea, so I replied No. The third dialog let me know that my account needed to be kept secure:

Keep your account secure

They asked me to provide a new password:

change your password

New password accepted, so now I’m all set:

You're all set

Summary

The security folks at Facebook automatically noticed that someone was trying to login to my account from South Korea, which they blocked, and then for added security Facebook locked my account until I could respond to their email request to login and answer questions about my login history. I feel protected by Facebook and am quite happy to reset my password and continue using Facebook today. I did quickly look at my Facebook feed to double check that nothing had been posted as me by another person, and found the feed to be all safe. What a happy ending to the story.

Tags: ,

Yet Another PayPal Phishing Scheme

Written: April 29, 2016

I’ve been a user of PayPal since the very first days, enjoying how easy it is to send and receive money by email using my credit card or bank accounts. With success comes imposters who want to trick you into believing that they are PayPal, when in fact they are scammers sending out official-looking emails that look a lot like a real PayPal message. Here’s an email that I received today from a scammer:

PayPal Phishing

The logo looks official, but there are a few things that stand out to tell me that it’s a phishing scheme instead:

  1. The from address should be service@paypal.com, but it isn’t.
  2. The first letter in the first sentence isn’t capitalized.
  3. The spacing on the sentences and paragraphs aren’t right
  4. They don’t show my first and last name.

The final two clues that this is a fake are the From email address:

From PayPal email

And the hyperlink in the email is not going to any secure paypal.com address:

PayPal hyperlink

So the moral of this story is to continue using PayPal, however just double check any email from a financial institution like PayPal before blindly clicking the hyperlink. If I were to click this phishing hyperlink I’d end up at a site that would request my login credentials, giving them directly to the bad guys, who would then probably lock me out of my PayPal account and siphon off any of my PayPal funds or worse yet, get into my linked banking accounts.

Tags: ,

Are You Using or Offering Android Pay Yet?

Written:

I pretty much love all things related to Google because they are often free and quite useful to running my business and personal tasks, such is the case with Android Pay, a way to make purchases at retail locations using your Android phone, keeping your wallet at home or in the car. What is Android Pay? Fair question.

Android Payn

To use Android Pay requires that you have an Android phone equipped with something called NFC, Near Field Communications. The NFC is a type of secure, wireless system used on both your phone and the retailer credit card equipment. Next time that you visit your retailer look at their credit card terminal for this wave symbol:

NFC symbol

Yes, that symbol looks a lot like a WiFi signal, but don’t be confused because it really stands for NFC.

Next, check if your Android phone supports NFC. On my phone I swipe down from the top, then click the icon in the upper right-hand corner to find the NFC logo, clicking the NFC logo to turn it on or off:

NFC in Android

Install the free Android Pay app at the Play store, add some of your credit cards by snapping a photo of the front side, then start using Android Pay. There are over one million stores in the US that now offer Android Pay, so expect the numbers to keep increasing because it’s a winner. In my area I use Android Pay at:

To use Android Pay I double-check that NFC is turned on, click the Android Pay app, then place my phone on top of the credit card terminal. An email receipt is automatically sent to your phone by text message, so when you get home there are no more paper receipts and it’s quite easy to see where you’ve been shopping and what the amounts are.

I’m still waiting for Wells Fargo Bank to add NFC to their ATM machines, and the state of Oregon to allow the use of cell phone ID, then I can just about live without my wallet and only use my Samsung Galaxy Note 4 phone with Android Pay.

Samsung Galaxy Note 4

Tags: , ,

How to Not Change Your Password

Written: April 21, 2016

I’ve used the free Skype app for several years now and it has allowed me to speak with other professionals in San Jose and Tokyo for free by using a computer connected to the Internet. We all setup Skype accounts, then use the app to talk on our computers instead of making expensive overseas telephone calls. Way back in 2011 Microsoft paid some $8.5 Billion to acquire Skype and they pretty much left that company alone to run their business as before, that is until just recently. I received an email update from Skype yesterday telling me that a credit in my account was becoming inactive, so I decided to login to Skype and keep my credit active.

Microsoft wanted me to login with my Skype or Microsoft account, and I selected my Skype account. Next, it showed a dialog forcing me to update my password:

Skype Password

The first time that I tried this update password procedure I was confirming my password and the dialog told me that the passwords didn’t match, however it would let me go back and update the first password, it would only let me update the confirmed password. Uh, that is a catch-22, I couldn’t proceed because I had a typo in my first password yet I wasn’t allowed to change my first password. The only work around was to revisit the site at www.skype.com and start all over.

I’m all for security and sometimes prodding web users to update their passwords to something more secure, but when you do that prodding you need to allow a web user to update any field on the form, not keep them stuck on the confirmation password field only.

I would expect a small company to make an annoying user interface mistake like this one, but not a major corporation like Microsoft which should know better about using best User Interface best practices that allow a user to change any form field at any time, for any reason.

Tags: , ,

Recent Posts

Blog Tags

Blog Directory & Business Pages at OnToplist.com