Written: September 2, 2016
As a web developer I own my own domain name of www.tualatinweb.com and several others for clients. Almost every week I receive phony email messages from bogus companies asking me to renew my domain name, or else. Here’s a typical example that I just received a few minutes ago in my In Box:
After a quick glance it could be a credible email because it has a pleasant heading color of orange, and a big, blue button that they want me to push labeled: Renew Now
As an owner of a domain name it is important for you to keep your real account updated so that your web site continues in service without any embarrassing interruptions or down time. Now, let’s dive in and start taking a closer look to understand why this particular email is a phishing scam and not legitimate.
A legitimate vendor has my full name on file, and they will use it in all email communications. Notice that this email has name or personalization included at all. Strike one.
2. My Account Number
Where is my account number in this email? Not to be found. So that’s strike two, folks.
3. Who are You?
As I hover my cursor over the From email address is reveals that the sender of this email is using a domain name of romconsults.com, which is not my actual vendor’s domain name. And that gaffe makes it strike three. But wait, there’s more.
4. English grammar
They used a very odd phrase, “search engine registration” which makes no technical sense to me. Correct phrases would be “search engine optimization” or “domain name registration”.
5. Renew Now
Hovering my cursor over the big, blue button reveals a strange URL address of www.thedomainregistration.net, which is not the name of any vendor that I do business with.
Trust email only from vendors that you know, where they include your full name, show an account number, have a company logo, and use links to only vendor addresses that you are 100% certain of, otherwise it is a bogus email trying to phish your credentials and cheat you out of money.Tags: domain name, phishing
Written: August 16, 2016
I’ve been a daily user of Facebook for years, primarily at the start just for keeping in touch with family, relatives, classmates and friends at church. As time progressed I started using and creating a Page for my web business and Groups for my personal interests. So one thing I do every morning is look at the left side of my Facebook browser window and scan for new posts on my Pages or Groups, but all of a sudden this morning this info was totally missing from Facebook.
Instead of the very familiar Pages and Groups, now I have something called Shortcuts which isn’t what I want to use at all. It’s so frustrating to use and learn a UI like Facebook only to wake up to a change when nothing was broken before, so it really didn’t need fixing. Instead of instantly seeing my Pages and Groups, now I have to click in the upper-right on the Settings icon:
From this Settings menu I can see the two things that really interest me:
Of course, this requires me to perform two clicks instead of one click, decreasing my efficiency. Clicking on Manage Pages shows me:
Clicking on Manage Groups show me:
What Facebook really needs to do is allow me to define what I want to show under Shortcuts, which would be a list of my Pages and Groups, just like I had before the change last night.
Big note to Facebook, don’t change my left sidebar without giving me the option to keep it the same way it was. As my dad always taught me, “Son, if it ain’t broke, don’t fix it.”Tags: Facebook
Written: August 10, 2016
In my previous corporate job as a Product Marketing Manager I used to fly around the world for business and so I signed up for the United Airlines mileage program in order to earn free tickets and other perks. This morning I received an email from the MileagePlus United program, or so I thought. Just to be safe I did some quick checking on this email to determine if it was legitimate or just another phishing scheme to steal my identity and mileage points.
First up on the scrutiny list is just the heading of the email message itself:
This header showed the correct last four digits of my account number, and they also personalized the email by using my first name in the message. These are both excellent signs that the email is legitimate, because the bad guys typically don’t have this level of information about you, maybe they would know my first name but certainly not my account numbers unless United had been hacked.
Next up is the actual link that they want me to click on:
That link address appears when I hover my mouse over the sign in, and it clearly shows a trusted address of: news.united.com
Near the bottom of the email is a button, so I check out the link address for Learn more.
Once again, this link is OK because it contains: news.united.com. This is a trusted address that United Airlines does own.
United is a big company, so they always have a lot of legal text in the footer:
The final check is looking at the From address in this email:
That address of news.united.com is also OK, because it contains united.com, a trusted web address.
I also noted that the message itself was written in American English, and that the spelling was proper, the grammar was correct, and that the message made sense instead of being computer generated gibberish.
Well, there you have it, doing a little extra checking on official-looking email messages is worth the effort to validate that this was a legitimate email from United Airlines.Tags: phishing, United Airlines
Written: July 30, 2016
A few years back I organized my business as an LLC and one task is the annual renewal payment of $100.00, so I decided to venture online and make my payment at www.FilingInOregon.com/renew. Sure, it took more time than opening up my checkbook, filling it out, sealing the envelope, and placing in the mailbox. I didn’t expect the Oregon online form to ask so many questions, but I forged ahead, at least until the payment screen came up and I filled out my Visa credit card information and clicked Submit. Then I waited and waited, until after 30 seconds the page timed out.
Uh oh, that can’t be a good sign. Oh well, when I clicked the Refresh button on my browser I got an error page:
Oh well, how about going back to the beginning link and trying all over again? Nope, the system doesn’t like that approach:
So now I’m stuck in no-man’s land, where I’m pretty sure that they didn’t receive the $100.00 credit card payment, but they won’t let me even try again. This is a classic Catch-22 scenario, which is another reason that I cringe when the Oregon Secretary of State web site cannot process a simple renewal payment. Had I coded such a poor web site I wouldn’t even be paid, I’d probably be sued for breach of contract or something like it.
I’ll let you know if this story has a happy ending, but be assured that I’m frowning big time right now, wondering why the folks working for the state of Oregon cannot put together an online system that works, saves me time, and saves the state time.Tags: llc.license renewal, oregon, Secretary of state