noel alanguilan

i’ve been receiving a lot of these emails of late. they’re scams in my view. the first one came from the “facebook team” saying that i have to “submit a new, updated account agreement” and that i should “unzip the attached file and run the agreement.exe by double-clicking it.” the other is supposedly from the “microsoft team” providing a system scanner to check and get rid of the conficker.b virus in your computer. these are email scams to get a user to run the attachment which is actually a virus. so when you receive them just delete them.

below are samples of the scams i received. i’ll likely post an excerpt any new emails that i think are scams.

from the “facebook team”:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement,
regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

from the “microsoft team”:

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly.
Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program.
We are supplying all effected Windows Users with a free system scan in order to clean any
files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent
your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

watch out. these are scams. do not fall for them.

this is what i saw when i logged in to my yahoo mail this morning. new interface. and that’s not the only thing that’s new. if you look closely near the bottom left, partially covered by the pop-up window, is the applications section. you’re already familiar with calendar and notepad but there are new things there. the first one (covered) is called big sender–tagged as “The better way to send files – large files, videos, photos, and entire folders.” next is edit photos–“Connect right to your Yahoo! Mail and Flickr for basic photo fixes, collages and amazing effects, plus touch up tools, tons of fonts, oodles of shapes and stickers.” then there’s my photos–“See, share, and organize your photos right inside your Yahoo! Mail.” then the last one is the paypal application.

there are a couple more applications–automatic organizer, flickr, photobucker and yahoo! greetings–that you can add to the section. and i’m almost sure that more will be added in the coming months.

the new interface is not available with yahoo! business mail yet. but i expect to follow in a couple of months.

looks like i have something new to play with, at least for a couple of hours.

p.s. a happy birthday to lito

this is a follow up post to securing your gmail.

google has made it easier for you to permanently use https when you access your gmail account. that’s from login and logout and everything in between. in gmail, click on your “settings” located on the upper right hand of the browser screen. this will bring you to the general settings of your gmail account. scroll down to the bottom and you will see “browser connection“. click on the “always use https” and then click on “save changes“.

and you’re done. easy.

please understand that doing this will make your gmail session a tiny bit slower because of all the encryption/decryption that’s going on between your browser and google mail. the upside is you secure your gmail account.

there exist a tool that can “automaticaly steal ids of non-encrypted sessions and breaks into google mail accounts” and it will be released to the public in a few weeks. the tool was presented in the recent hackers’ conference in las vegas called defcon. click on the link above if you want more technical details.

essentially what the tool does is to allow a hacker (unsuspecting or otherwise) to get into your gmail account and do what s/he pleases — like change the password. scary stuff.

the solution is simple enough — encrypt your entire gmail session and not just the login portion. to do that both the server (google mail) and the client (your browser) have to talk to each other via ssl (secure sockets layer) all the time. fortunately, google was informed of the vulnerability about a year ago so they took steps to implement ssl on their side of the fence. browsers has ssl-support built in.

all you have to is to add an “s” to the “http” portion of the google mail address making it look like “https” (without the quotes of course) and you’re done. preferably, you should do this at the start of your gmail session when you log in.

yahoo mail suddenly acted up — web access to both the free yahoo mail and the bizmail part is not working. i don’t know if its a maintenance thing and if it is then yahoo should really inform their user base. as of this writing, there’s no mention of the downtime in the yahoo mail blog. logging in to yahoo mail classic doesn’t work either.

other services — at least, the ones i use like webhosting, yahoo groups — appear to be working fine. only the mail services appear to be down.

bummer. really.

update: 2008.06.26: Y! mail is back online. from what i have gathered, yahoo mail moved the javascript serving duties to another domain (yimg.com) which noscript — a firefox add-on for the paranoid — was blocking. i just unblocked the site and everything’s good again.

every once in a while it happens. i get an e-mail that looks legit but on closer inspection it turns out that its not. here’s one of the ways i find out if an e-mail is bogus or not.

this first e-mail (shown below) appear to be from rapidshare.com — a webhosting provider. the e-mail provides a link to “reactivate my disabled account”. when i put the mouse over the link, the firefox status bar tells me it points to another domain and not back to rapidshare.com. this alone should trigger some alarm bells.

out of curiosity, i clicked on the link and after a redirect it showed me the screen below. note that the page is asking the user’s login details for a rapidshare.com premium account but the real domain name shown on the browser’s address and status bars are not from rapidshare.com but from another webhosting service based in poland (az.pl). the alarm bells should be loud enough at this point.

the lesson here is to look before clicking. check if the link points to the proper domain by putting the mouse over the link and see if the status bar is showing the right domain.

this next e-mail (shown below) is a little sneakier and claims to come from e-trade.com — an online financial products and services provider. take note of the difference between the link provided in the e-mail and the one shown on the status bar. if you didn’t see any difference, take a closer look.

the difference is that the link’s domain name is etrade.com and the domain name in the status bar is thetemplab1.com. warning bells.

clicking on the link, the browser shows me a page (shown below) asking for the user’s id, password and trader’s password for etrade.com but the domain name in the address bar still shows the wrong domain name. really loud warning bells.

again, look before you click.

note: the target of these phising attempts are the clients of rapidshare.com and etrade.com. rapidshare.com and etrade.com, as far as i know, are legit websites.
disclosure: i am not connected with either company.

today i got an e-mail from someone-that-cannot-be-named in huge (about 2cm high) bold letters, “please stop sending me notices“. or something to that effect.

talking face to face with a person is different when communicating with the same person via e-mail. to express emotion in an e-mail one has to be a little creative with the use of letters and punctuation marks. a normal conversation would mean using the regular form of a sentence with a capitalized first letter, lower-case letters and a period at the end or mostly lowercase letters. a sentence using all capitalized letters means you’re shouting that sentence. then there’s the emoticons.

so the sentence above is roughly equivalent to chewing my head off. the thing is i don’t even know the person. i don’t think i would care to.

i currently manage about five lists and this is the first time that someone requested for something to be done in this manner. most of the time i get polite requests which i’m happy to oblige if i can.

it just goes to show you that getting an expensive education and/or having loads of money doesn’t really equate to having good manners.

a couple of years ago one of my hard disks crashed. it wasn’t a major crash but i lost a good number of files nonetheless. i do have backups but since then i have tried to offload most of my files from my desktop and/or laptop to the internet.

at the time, one of my fast growing files was my e-mail. i used outlook express and it fit my needs then. but as more mail slowly crept in i realized that i was hitting outlook express’ limits and the space being occupied by my mail was getting uncomfortably bigger.

so i decided, off with the pop mail and go with web-based e-mail. there are definite advantages to this move:

pluses

• i can access my mail from anywhere and on any computer with an internet connection.
• i would think that all my mails would occupy approximately 3 gigabytes of space. maybe 4. i get plenty of pictures, videos and documents and i do not delete them. that’s a lot of space for just e-mails and none of that is occupying space in my local system. outlook’s (not the express version’s) default capacity is 2 gigabytes.
• should my local hard drives or system fail my e-mail data is still safe and i can still access them.
• should i refresh or change my system i do not have to worry about restoring my mail setup and files from backup.

minuses

• no internet. no e-mail. i will not be able to access even the one’s that i’ve read already.
• security is dependent on the service provider and strength of the password. so i use several passphrases and rotate them regularly and i got (i think) a pretty good webmail service provider — yahoo!

i would think that the advantages outweigh the disadvantages. if you want more info on service providers there is a comparison of webmail providers from the wiki.

i get a lot of forwarded mails from friends containing jokes, quotes, stories and whatever. when i open the mail i see this longish list of people which forwarded the mail to their friends who forwarded to their friends, etc. until the list of recipients is nine times longer than the actual message at which point it eventually arrives in my box.

this list of people usually includes names of the recipients and, of course, their e-mail addresses. this is a valuable resource for spammers. imagine that. someone else has gathered all the information they need for their spam bots and it just arrives in their mailbox. at no cost and all with very little work. they send their thanks, by the way.

please don’t just forward that joke. take a little time to “clean it” of the e-mail addresses of others. after all, it came from a friend and you’re sending it out to your friends. give them that little courtesy along with your joke, quotes, stories and whatever.

i suggest that you place your own e-mail address in the to: field and then put all rest of the e-mail addresses of the people you’re sending that joke to in the bcc — blind copy furnish. this way, no other eyes will see the addresses of your friends.

the other day i received an e-mail which looked a lot like spam but it didn’t get filtered. i took a closer look and i found out that the address of the sender was my e-mail address and it was sent to the same. i’m absolutely sure i didn’t send anything with a subject “january 74% off” let alone to myself. and with yahoo! doing my mail serving needs i’m sure i didn’t. they would only allow a limited number of e-mails per day.

this is interesting. curiosity gets the best of me and i opened it up. it just contained an image. i set my mail reader not to show me any images when i open an e-mail. i’m not about to start with this one.

the juicier part would be to look at the e-mail headers. its that part of the message that is not normally seen by the reader. in part, it is used as a troubleshooting aid to look for kinks in the mailing system. it has the data from what service provider it came from, which mail server received it, and where it was sent. all e-mail programs would have a way of letting you see the full headers of a particular e-mail. i use yahoo’s web interface and the headers is located on the right side of the open e-mail message.

click on the full header and you’ll get to some of the e-mail internals.

the first line in the screenshot above is suppose to be the sending address — who sent it. the second line with the return path is the e-mail address that will be put in the to: field when you click on reply. the fifth to seventh line (received) is interesting. it shows where the e-mail was supposedly sent from — a dsl subscriber in russia — and which server in yahoo! received it.

i got another spam with the same subject and opening the headers reveals something similar but the fifth line (received) is different. it says intel sent it but when i checked the ip address the sender is from poland. hmmm…

two similar mails from two different countries. this leads me to the conclusion that the spam mail wasn’t sent by me (or yahoo!) but by a botnet that is posing as me.

you may have received something similar so you can likely check it using the steps i took.

disclosure: i do not like spam and i do not and will not knowingly send any. i take great pains to make sure of that. my firewall here only allows sending via one particular yahoo! smtp server. and we don’t even use pop mail. all of us use yahoo!’s webmail interface.