Email address

Saving a Contact Group in Outlook 2016

February 14, 2017 by Mike Ellis Leave a Comment

Have you ever received an Outlook 2016 contact group from someone and weren’t sure how to handle saving it into your contacts so that you could use it? I know that I have, and others I’ve worked with have as well. You would think it would be as simple as opening the group (which usually arrives as an attachment in an email) and saving it. In fact, as this screenshot shows, “Save & Close” is one of the options available to you.

But the key here is at the top, with the red arrow pointing at it. It’s the dreaded “Read-Only” message, hiding in plain site like malware hidden in a steganography file. What that tells us is that, no matter how many times we click the “Save & Close” button — over and over and over again, we’ll never save that contact group into our contacts.

So, how do we get around this? Well, there may be multiple ways around this, but for me, the simplest way for me is this.

Open the message up in it’s own window. So, when you do this, you’ll have one window with your main Outlook program running, and another window with the mail message that contains the contact group.
In the main Outlook 2016 window, click on your contacts.
Switch back to the mail message with the contact group, and click and drag the attachment to your contacts in the main Outlook window. The contact group will be created in your contacts, and all of the names and their email addresses will be there.

So there you have it, a simple way to add a contact group from someone else into your Outlook 2016 contacts.

NOTE: Another option for doing the same thing is to drag the contact group directly to the contact icon.

Save

Phishing Attempts from Friends: What to do

October 24, 2016 by Mike Ellis Leave a Comment

This morning I received a phishing attempt from a person I know, albeit not very well. Martha is a church friend, someone that I’ve met on a handful of occasions, but not one that I would expect to receive email from that wasn’t directly related to a project at church. This morning, though, I received a phishing attempt from “her”, and I got to thinking, what should you do when you begin receiving phishing attempts from friends?

In this instance, it’s pretty clear that my email provider believes this is a phishing attempt, and I agree with them in this case. Their banner is clear, they are warning me to be on alert, that this may be trouble if I do anything with this email.

In cases like this, as I mentioned, if it’s a phishing attempt, the initial response is to just delete the message and move on. But when it’s someone you know, my instinct is to also notify that individual so that they can be aware of the attempt, especially if they are not aware of the activity.

There are a few scenarios that could apply in this circumstance:

Your friend may actually be sending phishing attempts on purpose (not very likely)
Your friend’s email account could be compromised, and someone else could be sending them without their knowing. (Maybe, but still less likely in my opinion)
Someone else is sending phishing attempt emails and spoofing (forging) the email from to be someone other than the person sending the email. This could be done automatically as the result of a virus on a computer or via a manual process. (much more likely scenario)

In this instance, what I did was to send an email to Martha, letting her know that I received the email. Normally, my suggestion in this case would be to communicate with Martha via a different communication mechanism, for example, by phone if you received an email, or something like that, but in this instance, all I had was her email address, so I communicated that way.

When you receive a phishing attempt from someone, what do you do? Just delete the email, or attempt to notify them? Let me know your thoughts in the comments, and thanks!

Breaking News: Yahoo! Data Breach

September 22, 2016 by Mike Ellis 3 Comments

Breaking News out of Yahoo! The company confirms that as many as 500 million data accounts were breached by a hacker in a huge data breach. Information obtained through the data breach may have included names, email addresses, dates of birth, telephone numbers, and possibly even encrypted or unencrypted security questions and answers. Yahoo! believes that the hack is the result of a state sponsored attack, but at this point information is scarce on all of that. However, regardless of the source, the data breach occurred, and here’s what you should attempt to do if you rely on Yahoo! for your email:

In your browser, go to login.yahoo.com to access the login screen.
Enter your login username, then click Next.
Enter your existing password, then click Sign In.
After you login, look near the top right of your browser for your name, hover over your name, then click on “Account Info“. I’ve linked that page in case you have any issues.
On the left side of your screen, click on Account Security, then in the middle click on “Change password”.
Enter your new password, type it again to verify it, then click “Continue”.
After you change your password, you will receive an indication that it has been updated. Click “Continue” to proceed.

Keep in mind, if you access your Yahoo! account from any other devices, such as automatically on your phone, you need to update the password on those devices or you will lock yourself out.

Any questions? Reach out to us and we’ll be happy to help! Just contact us via email, or you can give us a call at 919-606-6725, leave us a comment below, or even send us a Facebook message or a Tweet!

Account security is a big priority for all of us, so it’s important that we all do our part to keep our online presence safe and secure!

Beware of Phony Tech Support!

July 6, 2016 by Mike Ellis Leave a Comment

Yesterday I received from the North Carolina Department of Justice Alert mailing list a warning — to beware of phony tech support. The ruse is elaborate and devious, and can cost you hundreds, even thousands, of dollars if you fall victim. Here’s the email I received:

Phony tech support and overpayment: two scams in one

For years, crooks have charged victims to repair nonexistent problems on their computers in order to gain access to sensitive personal and financial information stored inside. Now they’ve added a new scam: trying to talk you into long-term technical support that is actually just an excuse to swindle you out of as much as $10,000.

It starts when you agree to charge the tech support membership to your credit card. The scammers call back a few days later to say the company is closing and needs your bank account information so they can to refund money directly into your checking account. To get the so-called refund, they take a large cash advance from your own credit card and deposit it into your account. Next, the con artists claim that they’ve accidentally overpaid you by thousands of dollars and need you to wire the extra funds back to them, usually in China, India or the Philippines.

These greedy crooks have been known to take out another credit card advance, put those funds into the victim’s account, and then claim that the first wire transfer didn’t go through. Victims have been convinced this way to send multiple wire transfers to the scammers. One elderly North Carolina woman ran up $10,000 in credit card debt when she fell for this scam.

Remember:

Avoid tech support scams. You can learn more about phony tech support from Microsoft and the FTC.
Be very skeptical if anyone asks you to wire money overseas. Once you’ve wired money it’s nearly impossible to get it back.
If you receive one of these calls, report it to the Attorney General’s Office at 1-877-5-NO-SCAM or online at www.ncdoj.gov.

I’ve been a subscriber to the NCDOJ Alert mailing list for years, and I suggest you do the same. Click the link to subscribe. Also, check out their website for their list of alerts that they have written about in the past.

So how do you know who to trust? I’ve written a post about that, please read it, and remember that you need to do your homework when it comes to who you are going to trust. Contact us if you have any questions, or need any support for your computer. We are a source you can trust.

How do you know who to trust to work on your computer?

Phishing Attacks — is there any way to prevent them?

June 13, 2016 by Mike Ellis Leave a Comment

{Editor’s Note: Today we conclude our look at Phishing Attacks, and focus on what we, as internet users, can do to prevent receiving them at all. Click the links to read part one and part two of this series.}

Phishing Attacks — is there any way to prevent them?

Written by Mike Ellis.

Over the past two posts, we have looked at phishing attacks, defined what they are, and learned how to detect them. The big question, though, on almost everyone’s mind is whether or not there is any way to prevent them. That, unfortunately, is a tough thing to do. However, there are things that can be done to minimize the chances that you will receive these type of attacks, so let’s go into them in more detail to see what we (and our mail providers) can do to address this issue.

The unfortunate circumstance is that even the most poorly written phishing attack email is going to catch unsuspecting, unknowing, or otherwise misguided individuals 3% of the time. In a post from the folks at Sophos, the data suggests that elaborately written phishing attack emails are successful upwards of 45% of the time — nearly 1 and 2. The post is dated, but the likelihood is that the numbers are still pretty accurate, simply because the hackers are always changing their tactics to stay one or two steps ahead of the competition. So what can we do? Here are some things you can do to help your security posture:

Stay on guard at all times when accessing the internet and your email. My colleague, friend, and former boss Kim said it best several years back, but the adage still applies today — don’t think that anything you receive in email is private. There are way to many mail servers that the email has touched from point A to point B in the delivery, so never think that the message is private that you receive in an email. To expand on that point, don’t think that a credit card company, bank, or any other financial institution will contact you via email to conduct business.
Provide alternate methods of verifying your account ownership. As much as I dislike supplying my phone number to sites as an alternate verification method (my first thought is always “Who is going to use this to try and sell me something?”), if your account is ever compromised, having an alternative to a second email address may allow you to regain access to your account much more quickly.
If you can, turn on 2-step authentication. 2-Step authentication, also known as 2-factor verification or authentication, is a security measure whereby when you login to your account — whether it is an email, bank website, or some other account — the account then contacts you via another means to establish that it is really you logging in. Often, this is by sending a text message to your phone with a code for you to enter to complete the authentication mechanism. The thought process is that while your email password may be compromised, chances are much lower that your phone will be stolen at the same time. Often, financial institutions such as American Express, Chase, and others will only require you to enter the 2nd authentication method the first time you login to the website from a new computer, and you can tell it to remember the setting. Or, you can tell it to prompt you each time.

These are but three things that you can do immediately (in most cases) to increase the security of your internet usage and to cut down on the chances of falling victim to a phishing attack. Fortunately, the majority of the big email providers are already implementing checks against messages to try and filter the amount of SPAM, virus, and phishing emails that their users receive. Additionally, businesses with their own IT staff can (and probably have) install systems to check against these types of email messages. In the end, improving the security of our networked computers isn’t about one solution — it’s a process of using many techniques to reduce the chances of your computer, and by extension, your identity, from being compromised.

Phishing attacks are still around, to this day, and aren’t likely to go away any time soon. Just last month, the Milwaukee Bucks NBA basketball team fell victim to a phishing attack, and W-2 information was compromised. The simple fact is that far too many people fall for these types of attacks every day for the hackers to stop using the technique. The key is to make sure that you aren’t one of the victims.

Phishing Attacks — how do I detect them?

June 10, 2016 by Mike Ellis 1 Comment

{Editor’s Note: We continue our look at Phishing Attacks. Yesterday, we talked about what a phishing attack is. Click here to read part one.}

Phishing Attacks — how do I detect them?

While phishing attacks are extremely common in today’s internet environment, the fortunate reality is that the vast majority of phishing attack emails that are received are very poorly written and have little chance at success. When you receive an email from an unknown person, there are several things you should look at in consideration of whether or not the email is a legitimate one:

How is the grammar? Does it read like an email should? Or are there obvious grammar and spelling issues that indicate it may be bogus?
Are there any links in the email, and do those links give any clues about the legitimacy of the website?
Does the email seem just to good to be true? Are you getting something for nothing? Chances are that if it seems like that, then the email isn’t legitimate.
Look at the sender — does the name that it is coming from and the email address that is used match, seem legitimate? Or, as in the case of an email I received today, are they so different that it is obvious?
Lastly, is the email from a company that you deal with on a regular basis, or is it from someone that you never use?

In the image below, I’ve taken an email I received and marked it up with some details that you should look for in emails you receive. As you can see from the image, it was flagged as SPAM, so they obviously think that it isn’t legitimate.

From the top, these are the things that stand out to me:

Notice the grammar. The subject at the top just doesn’t read cleanly. No comma is needed, and no hyphens are needed in the “for-your-order” section. Also, I didn’t place an order.
Look at who the email is from. The “name” is Walmart-Reward Points, but the email address is listed as Dolores@wmoneyj.racing. Definitely not an email from a Walmart email account.
I don’t shop at Walmart very often, so I wouldn’t expect an email from them.
In the link, you need to be careful because it is a shortened link. In this case the link references a “t<dot>co” link, which is a shortened Twitter link. The reason you need to be careful, though, is that it isn’t obvious what the shortened link will translate into. Fortunately, others have worked on translation websites that will help you out. In the example above, the link in that email translates to Retail Promo USA.

In our example above, the real question is whether this is a phishing attempt or not. The short answer is maybe it is, maybe it isn’t. It could be that the website the link redirects to will prompt us for some PII (Personally Identifiable Information) that could be used to steal our identity. Or, it could be that the link will attempt to install some malware of some sort — perhaps spyware or adware that will turn our system into a pop-up nightmare. In any event, in my eyes, it isn’t legitimate.

In conclusion, the biggest factor in determining the legitimacy of an email is to rely on good old common sense. Remember the adage, people — it it sounds too good to be true, it probably is. Remember, phishing attacks are a common way that someone attempts to steal your identity. Be smart, don’t fall prey to a phishing attack.

Do you have any questions? Please feel free to leave them in the comments, or reach out to me. My phone number is 919-606-6725, my email is mike@techsolutionsnc.com, and you know the website already. Thanks, and have a great day!

Email address

Related articles

Phishing Attacks — is there any way to prevent them?

Phishing Attacks — how do I detect them?

Footer

Archives