Midway through Thanksgiving week, 9 spams of 2 types made it to my anti-spam filter. Hundreds of spams may have been deleted along the way, but these 9 showed up in MailWasher Pro. Most were already marked as spam, but I let them come through just so I could look at them. By the end of the week, my collection was approaching 50 items.
Several were fake "renewal" notices for services that I've never used. These are harmless except for those who believe that what they've received is an actual invoice for a service they want.
This looks like a legitimate invoice, doesn't it, complete with options for 1-, 2-, 5-, and 10-year service and a (NEW!) "lifetime" offer for just $500.
Does the offering company do anything? Probably. It's likely that they have some automated process that "submits" your website to "hundreds" of "search engines". Only a few legitimate search engines really count and they generally recognize and reject automated submissions. So your payment of $75 to $500 is wasted.
Read the text at the bottom of the message! It says By accepting this offer, you agree not to hold DS liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DS 3501 Jack Northrop Ave. Suite #F9238 Hawthorne, CA 90250 USA, This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DS and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DS reply with Remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents of this letter is strictly prohibited.
Here's another offer from another company. This one looks a bit more legitimate because it's formatted like a real invoice, but notice that it says "EXPIRATION NOTICE" and "EXPIRATION PROPOSAL DATE" instead of "INVOICE" or "STATEMENT".
The companies that send out these fake "renewal" notices are very careful to stay within the bounds of legal "solicitations", but they're still illegitimate.
Those "offers" are legal and they're convincing enough that an overworked accounts payable clerk might easily mistake the "offer" for a legitimate invoice and pay it. The worst that can happen is that you'll be out whatever was paid.
The next 3 items are attempts to plant malware on your computer. You have to do the heavy lifting, but the fraudsters can be reasonably good at enticing you to do what they want. Let's look.
This one is so clearly fraudulent that it's hard to believe anyone would ever fall for it.
For one thing, the sender has the domain "local-hospital.com". If you've ever spent any time in a hospital, you know that they have names.
The message was clearly composed by someone without knowledge of English grammar or punctuation. The subject line ("Please Pay Attention") is laughable.
The same is true for the "Delivery Notification" message, purportedly from FedEx, but with a sender's address of deveilzparadise.com. The ID number is 5 digits, but FedEx numbers are considerably longer.
This time the attachment is purportedly a Microsoft Word file, but it's probably a zip file.
On the so-called Cyber Monday, I received 3 messages that contained the same text: "Dear william.f.blinn, we have detected a suspicious money ATM withdrawal from your card. For your security, we have temporarily blocked the card. All the details are in the attachment. Please open it when possible." The messages mentioned no bank. One came from what appeared to be an internet cafe, the second message had an address that indicated Brazil was the country of origin, and the third came from Vietnam. Although I'd have to give the scammer responsible for these an extra point or two for timeliness, I did not open the attachments.
The top award goes to the scammer who sent a message that claims to be from Standard Bank (South Africa). A payment has been made to my account, the message says, and the crook who sent it was smart enough to spoof a "standardbank.co.za" address. The scammer also uses Standard Bank graphics and links for support.
The attachment is a zip file. Before we look at how a zip file can be dangerous, let's consider one more spam that, while not very good in presentation, is distressingly convincing unless you know what to look for.
This claims to be a payment reminder from Macmillan Distribution in Basingstoke, England. It seems to want a payment of either $666.39 or £666.39, but represents it as ¡666.39. That's clue number one. Or maybe it's clue number two and the first clue is the fact that I haven't purchased anything from Macmillan publishing.
That could be less of a clue if the message reached an accounts payable person, but one would hope that such a person would know enough to find an invoice before paying. That, of course, is the point of the attached zip. It claims to offer additional information.
So a conscientious accounts payable clerk would open the zip file, open the file contained in the zip, and thereby infect the computer.
A more conscientious clerk would examine the message and see clue number one. Another clue is the number in the subject line. Macmillan has been around for a long time. If A/C is supposed to be an invoice number, it's far too low. If A/C is supposed to be the account number, it would have to be from a very old customer. Macmillan was founded in the mid 1800s.
The most convincing part of the document is the "From" line: PANGBORNE, DONNIE <DONNIE.PANGBORNE@macmillan.com>. It cites the Macmillan domain, but a well-trained employee would know not to trust this information because it can be easily changed. And by "easily", I mean that the average high school student would be able to do it or find out how with a bit of searching.
The image shows the IP address of the originating server. I obtained that by examining the message source. The message came from 39.54.165.59 on port 59453. The port number is highly unusual, but let's disregard that for now. I used Neustar's WhoIs IP lookup tool to find out who the IP address is assigned to.
To my great lack of surprise, I found that this is an IP address that belongs to the Pakistan Telecommunication Company. At this point, the attentive and conscientious accounts payable clerk would realize the message for what it is: A fraud.
Zip files are harmless by themselves, but they can contain malicious content. I downloaded one of the zip files and found that it contained a Javascript file. Zip files don't automatically extract their contents and, even if they did, the Javascript file would be harmless until the user clicked it. So you have to make two mistakes.
First, you have to download the zip file and extract the contents. Second, you need to double-click the Javascript file. But how does that work?
It's surprisingly simple: Double-clicking a Javascript file (which may be disguised as something else) will launch the Windows Script Host and execute the script. The bad news is that scripts run by Windows Script Host are not sandboxed in the way they would be in a browser. And you may not even know it's a Javascript file.
By default, Windows hides the extensions of "known" file types. This is one of the most idiotic decisions that Microsoft ever made and it's the first thing I change on any new Windows system. If you hide extensions, a file called MyStuff.doc.js will appear to be MyStuff.doc in Windows Explorer. This kind of obfuscation goes all the way back to the original "I Love You" malware that caught a lot of people (including me) by surprise so many years ago.
BOTTOM LINE: Be careful what you download. Be even more careful about which files you choose to open. If you've never heard of a bank, there a slim chance that you have an account there.
The just-released version of Adobe Dreamweaver CC 2017 includes many new and useful features, but it also includes some significant bugs that suggest problems exist in Adobe's internal quality assurance program as well as with external beta testers.
One of Dreamweaver's new functions is pure genius: Whichever pages you had open when you closed Dreamweaver will be open again when you start the program. (If you don't like this feature, you can turn it off.) I have to think that most people will love this. After all, what are you most likely to want to do when you open Dreamweaver -- continue with the page you were working on previously. Still, it's surprising and different -- but please give it a chance before you turn it off.
I've found lots to like here and a few things to dislike.
The interface now offers four levels of contrast from light to dark, but it's not always easy to read the code view side of the screen. I like the dark interface, but the code panel displays comments in dark gray text on a black background. Maybe somebody with younger eyes would be able to read the result. There's probably a way to tweak the code view settings, but so far I haven't found it.
A code view option for multiple cursors is hard to explain but easy to understand once you've used it. If you need to write the same thing on multiple lines simultaneously, there's no longer a need to copy a line and paste it several times. Just expand the cursor to cover several lines and start typing. If you're familiar with the column mode of UltraEdit Studio, you'll immediately understand this.
The new version seems to look more toward coders and that's a good thing. Today's websites depend more on coding than on what can be accomplished with a WYSIWYG editor. Dreamweaver has been the best of both worlds for many years, but has concentrated more on the design view and live view side. This time around, coders get some love.
Updates to the Code Editor are impressive. If you're new to coding, you really should learn what's going on behind the scenes and the improved Code Hints will help with that. Experienced coders expect hinting because it make the process faster. Novices will learn from the code hinting, which isn't limited to just HTML. CSS, JS, and other web standards are included, too.
The coding improvements are not without problems, though.
Dreamweaver has a code view and a design/live view. The screen can be fully code view or fully design- or live view. The split view can couple design view or live view with a code panel. The code view has been updated significantly in this version and that's where I've encountered the most bugs.
Code View Misalignment: It seems to me that the code panel should keep the edit point either aligned with the design view or place it around the middle of the code view screen. That's not what happens. The active lines in code view seem frequently to be at the bottom of the screen and selecting a control can show only the first line of the control instead of the entire control.
For example, double-click an audio control. The entire control is selected, but only the first line is shown in code view. Selecting a control generally means that you want to do something with it and doing that requires what seems to be the unnecessary step of scrolling to get the code into view.
Copy/Paste Problems in the Code Panel: I have encountered some instances in which copying and pasting lines in code view seems not to work as expected. This is a situation that I haven't been able to replicate repeatedly even though I've seen it happen several times. A code section that is surrounded by comment tags doesn't reliably replace an equivalent section.
The workaround involves copying code to the buffer, selecting code in the target area and deleting it, then pasting the copied code from the buffer. In the past, deleting was unnecessary.
The Class Selector is Broken: Probably the most frustrating bug involves what's called the class selector. I reported this bug to Adobe and it has been confirmed as a "known issue". Several other users have indicated that it's a significant problem for them.
Class selectors are used to apply cascading style sheet (CSS) classes to sections of code. Modern sites may have hundreds of selectors and previously selecting them was easy: The user simply had to start typing the first few letters of the selector name. Now it's necessary to scroll through the list in the slowest way possible.
It's also no longer possible to tag multiple selectors even though this is something that's essential for many sites that are based on frameworks. Code view, in fact, has the largest number of "known issues" and many of these involve basic functionality:
I have said many times that Adobe uses Agile development procedures better than any other software developers. Not this time, though.
None of the problems I've found or the ones that Adobe lists as "known issues" are deal breakers, but they are disappointing. On balance, there's more good than bad, but there's a lot more bad than I've come to expect from Adobe.
The increasingly common method of providing support to customers is on-line chat. According to a recent survey, we still want to talk to humans when the chat system doesn't suffice.
Driven by millennial shoppers embracing new technology like chatbots and messaging apps, chat has surpassed phone and email as the most popular way for consumers to interact with retailers, according to a new study from customer engagement software and services provider "[24]7". Yeah, that's their name -- complete with the brackets.
"A Retailer's Guide to Chat" shows that 29% of consumers prefer to interact with retailers through on-line chat (26%) or messaging apps (3%) when making a purchase. About 29% prefer to use the phone and 27% prefer email to communicate with retailers.
Based on a survey of more than 1000 consumers, the study highlights the important role that millennials are playing in this shift. Among consumers ages 18 to 34, 37% chose chat as their favorite way to contact companies, while less than a quarter ranked phone or email as their top choice.
As consumers use more messaging apps in their personal lives, the study suggests chat is emerging as a primary communication channel for retailers as well.
According to [24]7's chief marketing officer, Scott Horn, messaging apps are valuable for retailers that want to enhance relationships with consumers, particularly younger buyers. "With chat technology rapidly evolving, it's becoming a much more efficient and engaging customer-service channel."
The growing use of messaging apps by businesses has the potential to further accelerate the trend toward chat as a primary way to communicate with retailers. More than a quarter of consumers say they're open to interacting with a company through a messaging app and that number jumps to nearly 40% for millennials.
Why the change? The main advantages are convenience, access to conversation history, and ease of use. When asked to weigh which retail technology would most improve their shopping experience, 21% said receiving proactive order updates through messaging apps would be most useful.
Not all chat sessions involve a human on the other end. About 40% of consumers say they would be willing to have automated conversations with a chatbot. Use of these automatons has increased as artificial intelligence has improved. In fact, about 10% of millennials say they would prefer to deal with a robot instead of a person. That might not be a good indicator for society overall.
But relax. Humans continue to play an important role in customer experience. More than 60% of consumers say that they prefer working with a human instead of a robot at all times. About 13% say that they will work with a chatbot as long as they can easily escalate the conversation to a human representative.
When it comes to resolving post-sale problems, 40% of the survey respondents said they would choose the phone and 21% would select a chat option.
Horn says that the most effective uses of new methods will provide effortless transitions to human agents when the situation requires it. "Consumers still value a human touch in their interactions with retailers, even as AI improves their customer experience."
The study is based on a survey of 1007 US consumers that was conducted on-line in late September.
You can read the full report on the [24]7 website in PDF format.
AskIT is a new free on-demand support service that claims to help anyone who has a technical question. The service recently launched a beta version.
The service is free and provides technical assistance and support for common everyday issues and problems related to computing, connectivity, peripherals, security, and software. More than 2000 IT professionals have been certified by the parent company, CompTIA, a provider of vendor-neutral skills certifications for the global IT workforce.
Questions asked on the company's website are routed directly to a CompTIA certified technician. The service is available day or night, on weekdays and weekends. How is this free? Well, it seems that it's a foundation operated by the philanthropic arm of CompTIA, an IT industry trade organization. Donations are accepted.
According to the organization's website: The IT industry needs more workers — and more workers need more opportunities. CompTIA’s IT philanthropy arm, the Creating IT Futures Foundation, is taking on this workforce challenge through research, program development and partnering. We create on-ramps for more youths and adults to prepare for, secure, and succeed in IT careers.
CompTIA-certified technology professionals at AskIT can address a range of technology topics across a variety of devices including computers of all types, printers, smart phones, and tablets. The service provides answers and solutions to common questions and problems. Common assistance areas include:
Connections are encrypted and the chat history is visible only to you and the tech professional you connect with. No individual information is posted to a user forum and it won't be shared with other AskIT users.
To learn more, visit https://askitnow.com/.
