How Not to Get Caught in a Phishing Net

Posted on by
1

Don’t get fooled.

Today I got an e-mail message from American Express. It said, in part:

During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To American Express Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
American Express , Billing Department.

The type was tiny, which is probably why I didn’t notice the typos and spelling/grammar mistakes. Or perhaps I didn’t notice them because I’ve become so accustomed to skimming incoming mail rather than reading it.

The message looked official. It had the Amex logo and used their normal color schemes. But what really made it look genuine was the note near the bottom:

E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the American Express mentioned above can be accessed by typing https://www.americanexpress.com directly into your browser.

The hint that this wasn’t as legitimate as it seemed came when I pointed to the link to supposedly update my account information. The URL that appeared in a yellow box in my e-mail client consisted of an IP address followed by /home.americanexpress.com/.

Of course, the e-mail message wasn’t real. When I typed http://www.americanexpress.com/ into my Web browser and logged into my account, there was no indication of any problem.

Phishing, Defined

Wikipedia, everyone’s favorite online encyclopedia, defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one.

My spam protection software is very good at weeding out phishing attempt messages, so I rarely see them. This one almost fooled me. If I’d been suckered in like so many probably were today, I would have clicked the link and entered my American Express login information in the screen that appeared. That information would have been captured in the phishing net and used to access my American Express account online.

It Isn’t PayPal

One of the Web sites I maintain is for a friend of mine who makes and sells helicopter ground handling wheels: HelicopterWheels.com. He’s an older guy who’s only been using computers for a few years. When I set up the original site, he asked me to set up online ordering. I’ll be the first to admit that I know little about setting up ecommerce solutions. So I set him up with the easiest and most secure method of accepting payments that I knew: PayPal.

Now PayPal has a bad reputation with some folks and I’m really not interested in hearing reader complaints about it. I use PayPal for my online ordering needs and although it isn’t a perfect solution, it does work and it seems safe enough to me.

Unfortunately, my friend received an e-mail message telling him that he had to verify some PayPal settings. The message was a phishing scam and my friend fell for it. He got hit for a bunch of money — which I’m not sure if he recovered. He immediately blamed PayPal and had me take the Buy Now buttons off his site.

I felt bad for him. After all, I’d recommended PayPal. But I’m also not the kind of person who gets sucked in by phishing schemes. I assumed he wasn’t either. I was wrong.

Don’t Get Caught

So here’s the only rule you need to prevent yourself from becoming the victim of a phishing scam:

Never click a link in any e-mail message.

If you get a message from your bank or credit card company or PayPal or any other service that requires you to enter a user ID and password to access it, do not click any link in that message. Instead, go directly to the site by typing the URL into your browser’s Address bar or using a Bookmark/Favorite that you’ve already set up. If there is a legitimate problem with your account that requires your attention, you’ll find out after logging in the safe way.

Of course, there are plenty of clues that can help you identify phishing attempts:

  • Messages not addressed to your name. For example, Dear Cardholder instead of Dear Maria Langer.
  • Typographical, spelling, and grammar errors in the e-mail message. Do you think American Express would spell regularly wrong?
  • Messages sent to an e-mail address that you did not register with the organization supposedly sending the e-mail message to you. For example, the message I got today was sent to my Flying M Air e-mail account, which is not on file with American Express.
  • URLs that point to IP addresses rather than recognizable domain names. For example, http://35.32.185.43/account rather than http://www.americanexpress.com/account.

But you don’t have to worry about any of this. Just follow the golden rule listed above. Here it is again, in case you’ve forgotten: Never click a link in any e-mail message.

If you follow this rule, you should stay safe from phishing schemes.

Got a story to share? Use the Comments link or form for this post to speak your piece.

Facebook Ads

Posted on by
2

A more targeted approach to advertising?

The other day I discovered Facebook ads.

Let me take a few steps back before I move forward.

I have a Facebook account. I even have 50+ friends on that account. But I don’t use Facebook. Frankly, I feel that I have far better ways to spend my time than “writing on walls” of my friends, playing online games, and browsing a social networking site for social interaction.

The only reason I ever go to Facebook is to respond to friend requests. If I personally know the requesters or interact with them on Twitter, I accept the request. Otherwise, I ignore it. I also ignore invitations to most groups. After all, if I’m not there, why join a group?

Every once in a while, I come really close to killing my Facebook account. Then I figure, what the heck? It doesn’t cost anything and I have most of the notifications turned off so it doesn’t even bother me much.

But the other day, when I was on Facebook responding to a request from someone I don’t know who happened to go to the same high school as me (I can’t make this stuff up), I noticed the ad column on the right side of the page. At the very top was an “Advertise” link. Since I’m always looking for new, affordable ways to advertise my helicopter tour and charter business, I clicked the link.

I won’t bore you with the details. Simply said, the advertising feature makes it very easy to create targeted text/image ads that link to a site or page. You can pay per impression or per click. You can set per click and per day maximum budgets, so you don’t have to worry about going broke. And, since the only place these ads appear is on Facebook, you don’t have to worry about some Webmaster clicking up a link to squeeze a few more pennies (or dollars) out of you.

Arizona by HelicopterGift they Won't ForgetI set up two ads. One (left) is for my multi-day excursions. It’s displayed to male college graduates throughout the US, aged 25-50 who like helicopters, adventure, etc. My logic is that this is the kind of trip that would appeal to men and since it’s not exactly cheap, the college graduate and age requirements may limit the impressions to folks who have more money to spend. (Although who has any money to spend these days?) The other (right) is for Christmas gift giving. I targeted that geographically to the Phoenix area, with no other limitations. Clicking either link takes you to Flying M Air’s Web site where the clicker can find more information and pricing.

Facebook has some good management tools to help you see how many times each ad has appeared and has been clicked. For example, on the first two days my ads were online — and that’s not even 2 full days — they appeared a total of 60,000 times and were clicked 16 times. While you might not think that’s very good, I’m thrilled. I don’t want people to click if they’re not interested, since I have to pay for each click. The campaign is under its daily budget (so far) and I can remove or suspend either (or both) ads any time I like.

So I’ve set up two ads to run for a full month. Let’s see where it takes me.

Comments? Want to share your experiences with Facebook advertising or some other pay-per-click system? Use the comments link or form for this post. Please limit your responses to experiences as an advertiser, though. I’m not interested in reading about the success or failure of someone’s get-rich-quick on Web advertising scheme.

No Child Left Behind?

Posted on by
4

Sure, they can pass tests. But can they tell time?

I had a heavy shock today in the Safeway Supermarket in Wickenburg, AZ when I witnessed the following exchange between a cashier/manager and the teenage clerk who was bagging groceries at her register.

Girl: Do I get a break today?

Cashier (after studying a break sheet): Yes. You have lunch at 3 o’clock.

Girl: What time is it now?

Cashier (pointing to the clock on the wall): Look at the clock.

Girl (laughing): I can’t tell time on that.

I looked at the clock. It was a typical wall clock — you know, the round kind with two hands and a bunch of numbers. It read 1:35 PM.

Me (to the girl): You can’t tell time on a regular clock?

Girl (still laughing): No.

Teenage Guy behind me on line: I can’t either.

Me (to the girl): And you think that’s funny? What school did you go to?

Girl (still laughing but now moved to the end of the next register; I think I was scaring her): Wickenburg.

We’ll cut the conversation here, mostly because I became outraged and had to be calmed by the cashier, who is about my age. I reminded her that I learned how to tell time when I was 5 and I’m sure she was about the same age.

The point of all this is the fact that today’s kids apparently lack basic skills that they need to get by in life. How can an 18-year-old girl not know how to tell time on a standard analog clock? What else does she not know how to do? Read? Write in full sentences? Spell the words that might appear on a job application?

How the hell does she expect to get anywhere in life? Or is her highest aspiration to be a bagger in a grocery store? No offense to folks with challenged kids, but mentally retarded people can do that.

Yet apparently, this kid can pass the tests she needs to graduate high school.

No child left behind? Sure.

A Different Kind of eBook

Posted on by
2

My first full-length, destined for electronic publication ebook.

In the spring, I was approached by one of my regular publishers to do a new title for them. This was a surprise. After all, as the computer user base is getting ever more sophisticated, sales of print computer how-to books for the beginner to intermediate market I write for are getting ever smaller. I honestly don’t expect to sell titles on new computer topics anymore.

But this book was different in two respects:

  • It would be published as an ebook only.
  • It would be handled as a work for hire.

An Ebook only in Publication

I should start by saying that everything about the book would be handled just like any other book I wrote for that publisher. I’d have to use a special Word template that I don’t particularly care for but have plenty of practice using. The book would go through the usual collection of editors and production staff: tech editor, copy editor, production editor, proofreader. I’d review the manuscript after each editor was finished with it and mark up my comments and corrections. I still had to get the book done more than a month before it was due to be released.

It was just like writing any other book.

The only difference is, at the end of the process, a case of books didn’t arrive on my doorstep. In fact, it wasn’t until yesterday — nearly two months after the book’s release — that I finally tracked down and downloaded my own copy.

QuickBooks 2009 for Mac CoverThe book, which is titled QuickBooks Accounting 2009: The Official Guide for Mac Users, looks good. It’s in standard page size and orientation (which is something I don’t agree with for ebooks, as I discuss in “Thinking Outside the Book“), with a very pleasant layout and design.

The book is an easy onscreen read on my 24” iMac monitor, but I suspect it might be a little tougher on a smaller monitor if the reader can’t see a full page at a time. It looks to me like they thought readers might want to print it out. (I hope they don’t. It would be a terrible waste of paper.) There are plenty of color screenshots (they got that right) although for some reason they didn’t use color graphic elements, as they do in my other books, which are printed. (Still can’t figure that one out.)

The book uses Adobe Reader’s Bookmarks feature to link to headings from a sidebar and the index’s page number references link back to individual pages. There aren’t any in-text cross-reference links, but part of the reason for that is that I couldn’t use page references as I wrote, so I never referred to specific pages in the text. (FrameMaker was an excellent publishing tool for this sort of thing.)

Security Settings for PDFDistribution of the book is apparently limited to folks who buy QuickBooks 2009 for Mac and somehow get a special code with a Web address. They go to the URL, enter their name, e-mail address, and the code, and the book is downloaded. It opens right up in Acrobat, without the need to enter any special codes, but the word SECURED appears in parentheses in the title bar. A peek at the Security settings for the document shows that certain actions are not allowed, but they aren’t the kind of actions that would prevent anyone from getting the most of the book. In fact, they’re the same settings I would have used if I’d released the book as a PDF.

So I’d venture to say that anyone who downloaded the book would be satisfied with the way it was published. Sure, it’s not in print, but at the same time, it’s also not costing them a penny to obtain.

Thoughts on Piracy

Of course, limited distribution of this ebook will not remain limited. In fact, I’m sure it’s already out there on pirate sites, like all other ebooks eventually are.

It may seem odd to readers to learn that I really don’t care how this book is distributed or who “steals” it. But that’s got to do with the way I was paid for it. I wrote it as a work for hire. That means I got paid a flat fee and handed over all rights to the work. There are no royalties to worry about, so sales is not an issue. I negotiated a price I could live with up front, got my money, and did my job. Even though the book has my name on the cover, it’s not really something I have any kind of ownership of.

I’m pretty sure my publisher had the same deal for the book, but their number was bigger. So they may not care about this book hitting the pirate sites, either.

Lessons Learned

The goal of the publishing project was to create a user guide for QuickBooks 2009 for Mac. To keep costs down and prevent readers from having to buy a printed book, the powers that be decided to go with an ebook. This may reduce revenues all around, but it also saves a lot of money and the bother that goes with print publishing.

I think that’s what ebooks should do: put quality information into the hands of the folks that need it without wasting resources while sufficiently compensating authors for their knowledge and efforts.

I look forward to the next edition of this book.