Month: March 2020

Afraid of the wrong thing and how to know

Everyone needs to know about Snopes.com.

A woman I used to work with contacted me via Facebook messenger a few days ago. She was passing along a warning regarding a video containing a virus that formats your phone. The video was called “Dance of the Pope” and the notification included the suggestion to forward “to as many as you can”.

I hadn’t heard of this virus so did some searching right away before sending any warnings. As some of you may know, this is a hoax. Snopes reported it as such a few years ago. And a little more searching turned up .uk websites with articles dated this year that reported the hoax.

I thanked my friend for the warning and let her know that what I had found identified the message as a hoax. I also let her know about using the Snopes website to check for hoaxes and provided her with the link as well as links to some of the .uk articles I had found.

The unfortunate truth is people have tools in their hands that they know can cause pain or even economic loss if the tool is lost to them. What too few people know is where to get accurate information about risks and how to respond. Unfortunately, as far as I know, there’s only Snopes. And unfortunately, not enough people know about it.

If you read this, pass it on. Use Snopes to check for hoaxes.

Of course, malware writers are smart. And always devising new ways to infect systems. One day it may be true that “Dance of the Pope” is weaponized so if it is opened it does cause damage.

When that day comes the usual guidance of don’t open things you aren’t expecting will need to be a mantra everyone follows. And there will be an even greater need to know where and how to get reliable information to protect your digital life.

More phishing…

There’s more than one way to hook a fish.

Lets say you’ve become comfortable in your ability to recognize phishing email. You’re able to spot the strange “From” address hidden behind the reassuring “Billing Department” or “Customer Service” label that’s been applied. And even if that looks like it might be legit you know how to hover over links in the email and recognize something that says it came from Amazon should have amazon.com/ as the last part of the web address that comes before that very first single forward slash, “/”.

A business web address should always be https://businessname.com/maybemore or https://www.businessname.com/maybemore or https://businessname.org/maybemore and so on. The critical part of the address that tells you where the link will take you is between the paired // and the very first single /.

What do you do when everything looks legit? The “From:” doesn’t look strange, the subject isn’t alarming.

The message itself doesn’t try and make you panic. You can see the full email address and it looks legit. There’s no business website listed in the message but the part of the email address after the @ looks legit. And if you put the part after the @ into your web browser it does go to a legit website, in this case “equitybrands.com”.

Stop right now! There’s no contact info provided in the message. No corporate website identified. No contact phone or email provided. And there’s no info what this is about. Did you buy something and there’s a payment issue, forget to return something, detail about a pending refund…? There’s just nothing except a big blue “View File” button.

In case you can’t resist taking a peek at the “Payment doc.excel” file I did it for you.

It isn’t a regular Excel file because the last part of the file name would be .xls or .xlsx. Sorry but you do need to know that. Ignoring all this I clicked the “View File” button. It got me to the screen below.

If you haven’t got suspicious yet you should turn and run now.

There’s no identifying information for the company.

Why are you being asked for your email? It came to your email. Why is it asking for that now?

What password do you need to enter? Since your email is asked for it seems like a reasonable password would be your email password. Don’t!! Your email password is to get into YOUR email. Nobody else needs that.

Then there’s a conflicting statement at the bottom of this web page. See just below the “Submit” button? It says “Never submit passwords through Google Forms.” That’s because this phishing message is bringing you to a Google Form to collect your email and password. The criminal can’t prevent Google from showing you that warning on a Google Form but they’re hoping you won’t see it or will ignore it.

In summary, even if everything looks legit, if you’re asked to enter your email and password somewhere and you got there by clicking a link in an email DON’T DO IT!

Email and password are for you to get into your accounts. Don’t give them up at a website you got to by an email link.

Always go to the website your usual way and login. Then check your account to see if anything is needed.

If it isn’t a website you remember having an account at do not, do not, do not provide credentials to login. Call the business and ask what’s up!

Coronavirus and work from home :-/

Communication and planning make a world of difference.

The office I work from is in Manhattan, NYC. Up until yesterday we were going into the office for work. About 5pm an email was sent to all staff that they should begin work from home the next day. Not much other guidance except — work from home.

My primary function is to connect to remote point-of-sale systems and poll their transactions if the routine automated polling from the night before isn’t successful. Depending on the day there are a few hand fulls of locations to poll. I’m not currently doing a lot of end user support because there’s another person who has that for their primary role.

The work from home email went out about an hour before we closed for the day. I installed the needed remote host on my work pc so I could get to my internal resources and informed our acting CIO (small shop but the IT department head is referred to as CIO) it had been done. My credential on LogMeIn enables me to download the host associated with our account but, once the host is installed, the CIO or another person needs to add it to the list of hosts before I can actually make a remote connection.

When I let the CIO know what I had done his reply was, “What email?”! He hadn’t even been informed before the work at home email was sent to everyone that it was going to happen. And this for a change that would cause a significant number of people to contact IT and ask how they would be able to continue working. I would have been astounded except that I have now seen too many instances of poor to no internal communication which lead to ad hoc responses to many needs and inconsistent implementation of solutions.

I was fortunate to be IT director for a number of years at a business that was very proactive about communication and planning. (The business, sadly, was shut down by the parent and I haven’t succeeded in finding a similar role since.) As director I oversaw and participated in creation of policy and procedure for nearly every significant business operation that IT was part of or could have an impact on. The idea that a course of action would be taken that could require significant response from IT, or any department, to support it without consulting those departments prior to making the announcement would be unthinkable. How else to ensure some degree of readiness?

Who could’ve foreseen coronavirus? Depending the sources you read, several organizations and people have been advocating for more resources to study potential risk and impact from zoonotic diseases for years. If you haven’t seen it I highly recommend the following article / interview, The Man Who Saw the Pandemic Coming – Issue 83: Intelligence – Nautilus. Even though the specific virus couldn’t have been foreseen the effects of such an infectious disease and actions needed to counter have been foreseen.

After 9/11 many companies did make efforts to be prepared for disaster. Those efforts either never were taken or have been forgotten by my current employer.

I do very much yearn to be part of a forward thinking, proactive organization once again.