ItsGeekToMe.co

The official home of It's Geek to Me on the web!

Issue #432: November 1–7, 2015

Like this content? Share it with your friends!

FacebooktwitterredditpinterestlinkedintumblrmailFacebooktwitterredditpinterestlinkedintumblrmail

Q: Do you know when Windows 10 will be available for Surface tablets?

– Jim H.
Shalimar, Florida

A: I’m not certain why you think there’s a wait, Jim.  You can update your Surface to Windows 10 just like everybody else can update their own PCs.  You have to take some steps to get the ball rolling though.  First, you should see the “Get Windows 10” app appear near the bottom-right corner of your tablet’s screen.  This app is automatically installed by Windows Update, so if you don’t have your tablet set to install updates automatically, you might have to go and get it yourself.  After that, you must use the app to reserve your copy of Win 10, then wait.  Unfortunately, Microsoft doesn’t really tell you how long you’ll be waiting.  It could be a few hours, or it could be a week or more.  Eventually you’ll receive a notification that Windows 10 has downloaded and is ready to be installed.  At that point, you’re ready to go.  You can read more about this process at tinyurl.com/IGTM-0432A.

One thing that’s been rather glossed-over in this whole update process is what to do if the Get Windows 10 icon doesn’t show up on your screen after installing everything available via the Windows Update site. This happened to my while trying to update an Asus Transformer T100, which I had previously updated from Win 7 to Win 8.1.  Just in case that’s what’s happening to you, I’ll share my experience.  In researching the problem, I discovered that there are several reasons why the icon might not appear, most of which didn’t apply to me, and probably don’t to you either.  They included the copy of Windows that I was trying to upgrade from might not be activated, or it did not have a genuine, unique license key (it was, and it did).  Another possible reason was that the device was part of a business domain, and therefore managed by corporate IT support (it wasn’t).  One small subset of Windows versions are not eligible for the free update, specifically, the Enterprise Edition, and Windows RT, including 8.1 RT.  My problem turned out to be that a prerequisite Windows Update did not successfully load, and it took quite a bit of doing for me get that update to install so the process could proceed.  But, proceed it did, and ultimately I successfully updated even the most stubborn among my devices.  You can read more about such problems, and download an automated troubleshooter at tinyurl.com/IGTM-0432B.

 • • •

Q: Today I received this message on my Gmail account:

“Hi William, On Sat, Sep 12, 2015 2:05 PM GMT+2, we noticed an attempt to sign in to your Yahoo account from an unrecognized device in Netherlands.

 If this was you, please sign in from your regularly used device.

 If you haven’t recently signed in from an unrecognized device and believe someone may have accessed your account, please visit this link to change your password and update your account recovery information. Thanks for taking these additional steps to keep your account safe.  

Yahoo”

and of course it said: “replies sent to this email cannot be answered.”  I do have that Yahoo account.  When I click the link I get a site that says it’s Yahoo and wants me to sign in and change my password. How do I know that this is legitimate? If it is not and I sign in I am giving them my password. Since I have no knowledge of the claimed attempt to sign in from the Netherlands my paranoia gene is already activated.

– William I.
Shalimar, Florida

A: As well it should, Bill.  This is an obvious phishing attack, made even more so by the fact that you don’t even own the account on the site in question.  I will say that you violated one of the cardinal rules of web security by clicking that link without knowing what it was.  These days, it’s possible to pick-up malware just by clicking a link, so you should always know exactly what you’re clicking on for your own safety.

The way to know for sure if it’s legitimate is to carefully examine the e-mail. Look first at the address of the sender.  If they’re writing about your Yahoo! account, the e-mail is going to come from Yahoo!, not from ajax.com, NutritionHut.com, or from a foreign domain that ends in .pl, .ca, or something similar.  Next, examine the link before you even consider clicking it.  Just because the visible text says it’s going to take you to Yahoo! doesn’t mean it really will.  Hover your mouse over it and look for a tooltip, or look in the status bar at the bottom of the window for the actual URL.  If you do click it, and end up in your browser, look at what shows up in the address bar to see where you actually are.  The page displayed may look exactly like a sign-in page you’re used to seeing, but that means nothing!  You are correct when you say that if you attempt to sign-in, you’re simply giving away your password.

Of course, if all else fails, and you find that your account has been compromised, the first thing you want to do is change the password to lock the bad guys OUT!


 

Web-Only Content:

I thought some of you readers might appreciate a real-world example of what we’re talking about.  I routinely get e-mails that appear to come from PayPal, containing ominous warnings about how my account has been compromised, and the dire results of my not taking immediate action.  Here’s an example:

PayPal Phishing 1Looks innocent enough, right?  Except that I didn’t apply for a PayPal Debit MasterCard.  Ooh!  Maybe someone tried to take out a card in my name, and PayPal is protecting me.  Let’s take another look.

Look what I see when I hover my mouse over the sender’s address:

PayPal Phishing 2

Oh dear!  It looks like someone spoofed their address to make it look like it came from PayPal.  Still, the address is from someplace called “accounts.com”.  That must be legit, right?  Maybe there’s a single website that every other website uses to manage their user accounts?  (NOTE:  There is NOT a single website that every other website uses to manage their user accounts!!!)

As if that’s not bad enough, look what I see when I hover over the link that they want me to click — you know, the one labeled “Resolution center”:

PayPal Phishing 3

Whoa – www.flora-iran.com?!?  I don’t even want to KNOW what that is!  And even if I did want to know, I wouldn’t want to find out by clicking on it!  Also note the page on the site is “tmp.html”.  Yeah, that seems like a legitimate name for the “Resolution center” page.

As you can see, the clues are everywhere, and are often ridiculously and hilariously obvious if you know where and how to look.  This is only one small example of a phishing attack.  It is up to YOU to learn how to identify these, and protect yourself, your data, your privacy, and your user accounts.  Good luck, and happy computing!

– Geek

Total Views: 4111 ,

One Response to “Issue #432: November 1–7, 2015”

  • The Geek says:

    I was very saddened to read in the obituaries on November 11th of the passing of William G. Ingersoll Jr., the “William I.” in the column above.

    Bill was an avid reader of this column, and one of the most prolific question askers I’ve had the pleasure to deal with in the 8 years the column has been publishing. No fewer than SIX of Bill’s questions have been featured, including the one above. I shall miss getting e-mails from Bill, and I hope for peace and comfort for his family during this time of loss.


Leave a Reply

Follow Us

FacebooktwitterrssFacebooktwitterrss
October 2020
S M T W T F S
 123
45678910
11121314151617
18192021222324
25262728293031

Search the site

Archives