Yes, that really is United Airlines

Written: August 10, 2016

In my previous corporate job as a Product Marketing Manager I used to fly around the world for business and so I signed up for the United Airlines mileage program in order to earn free tickets and other perks. This morning I received an email from the MileagePlus United program, or so I thought. Just to be safe I did some quick checking on this email to determine if it was legitimate or just another phishing scheme to steal my identity and mileage points.

First up on the scrutiny list is just the heading of the email message itself:

Mileage header

This header showed the correct last four digits of my account number, and they also personalized the email by using my first name in the message. These are both excellent signs that the email is legitimate, because the bad guys typically don’t have this level of information about you, maybe they would know my first name but certainly not my account numbers unless United had been hacked.

Next up is the actual link that they want me to click on:

United sign in link

That link address appears when I hover my mouse over the sign in, and it clearly shows a trusted address of: news.united.com

Near the bottom of the email is a button, so I check out the link address for Learn more.

United, Learn more>

Once again, this link is OK because it contains: news.united.com. This is a trusted address that United Airlines does own.

United is a big company, so they always have a lot of legal text in the footer:

United footer

The final check is looking at the From address in this email:

United, From address

That address of news.united.com is also OK, because it contains united.com, a trusted web address.

I also noted that the message itself was written in American English, and that the spelling was proper, the grammar was correct, and that the message made sense instead of being computer generated gibberish.

Well, there you have it, doing a little extra checking on official-looking email messages is worth the effort to validate that this was a legitimate email from United Airlines.

Tags: ,

Business Registration Renewal in Oregon

Written: July 30, 2016

A few years back I organized my business as an LLC and one task is the annual renewal payment of $100.00, so I decided to venture online and make my payment at www.FilingInOregon.com/renew. Sure, it took more time than opening up my checkbook, filling it out, sealing the envelope, and placing in the mailbox. I didn’t expect the Oregon online form to ask so many questions, but I forged ahead, at least until the payment screen came up and I filled out my Visa credit card information and clicked Submit. Then I waited and waited, until after 30 seconds the page timed out.

oregon, secretary of state, corporate division

Uh oh, that can’t be a good sign. Oh well, when I clicked the Refresh button on my browser I got an error page:

error page

Oh well, how about going back to the beginning link and trying all over again? Nope, the system doesn’t like that approach:

waiting

So now I’m stuck in no-man’s land, where I’m pretty sure that they didn’t receive the $100.00 credit card payment, but they won’t let me even try again. This is a classic Catch-22 scenario, which is another reason that I cringe when the Oregon Secretary of State web site cannot process a simple renewal payment. Had I coded such a poor web site I wouldn’t even be paid, I’d probably be sued for breach of contract or something like it.

I’ll let you know if this story has a happy ending, but be assured that I’m frowning big time right now, wondering why the folks working for the state of Oregon cannot put together an online system that works, saves me time, and saves the state time.

Tags: , ,

PayPal and Fubar

Written: July 15, 2016

I signed up years ago for PayPal because it was an easy way to make and accept payments online at sites like eBay, so when I get an email from PayPal I do pay attention. At first glance this email appears to be legitimate because of the layout, PayPal logo, and boilerplate footer content.

PayPal scam

My first suspicion came about because this email didn’t have my First and Last name included, and I know that PayPal always uses that information when they communicate with me. Secondly, when I hover my mouse over the link for try again it goes to some other website not related in any way to the real PayPal:

Try again

 

Same problem with the second link for send us an email, it doesn’t go to a PayPal site.

send us an email

 

The final detail to reveal that this is really just a phishing scheme designed to steal my credentials is the Login button:

send us an email

Double check any email supposedly coming from PayPal, and if the links don’t have paypal.com in them, then it’s just another phishing scheme to steal your identity.

There is a new site called Fubar that is supposed to be an online bar and Happy Hour, and I started to receive emails claiming to be from Fubar that looked rather plain:

Fubar

Since there were no graphics, no logos and not much formatting I decided to check out the links by hovering my mouse over fubar.com:

fubar link

Sure enough, yet another phishing scam because the link has nothing to do with fubar.com. Besides, my drinking and dating days are long gone as I am 27 years sober and married 33 years.

Tags: , ,

Thank You Facebook Security

Written: May 11, 2016

Each morning after breakfast I start my work day by reading email messages to see what needs my attention or is urgent. This security message from Facebook stood out right away as something that I should look into right away:

Facebook email

The return address was from security@facebook.com, they knew my first name, the English was proper, the message made sense, and the link they wanted me to click was legitimate, https://www.facebook.com/login/. I certainly didn’t try to login to Facebook at 3:24AM using the Firefox browser on Windows 8, because my default browser is Google Chrome on Mac OS X.

Once I visited the login page I was greeted with a dialog telling me that my Facebook account was temporarily locked:

Your account is locked

The next dialog asked if I had tried to login on Facebook from South Korea, so I replied No. The third dialog let me know that my account needed to be kept secure:

Keep your account secure

They asked me to provide a new password:

change your password

New password accepted, so now I’m all set:

You're all set

Summary

The security folks at Facebook automatically noticed that someone was trying to login to my account from South Korea, which they blocked, and then for added security Facebook locked my account until I could respond to their email request to login and answer questions about my login history. I feel protected by Facebook and am quite happy to reset my password and continue using Facebook today. I did quickly look at my Facebook feed to double check that nothing had been posted as me by another person, and found the feed to be all safe. What a happy ending to the story.

Tags: ,

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com