I read the news today. Oh boy.

Many years ago, in a different world in a different time, I owned a newsagents’. It’s a trade I love (I still tidy the magazine racks when I visit W H Smith) but that these days seems to sadly be becoming something of an anachronism, as more and more people seek their news online or, more worryingly, don’t seek it at all.

Back then, 26 million people read at least one newspaper every day, a figure that today has dwindled to less than half that. I can’t help but admit to being part of the decline: I haven’t bought a real newspaper in years, although I do subscribe to the digital versions of two national ‘papers’.

I suppose one benefit of the old paper shop was that at least you saw from the headlines on the shelf how other publications covered a particular story.

These days I get my news via Google, which can present its own problem: the Google bubble. If you were to take two identical devices and search for something uncontroversial like, say, UK immigration, you would get a broadly balanced set of results. If on one machine you then click an article of the ‘coming over stealing our jobs’ variety and on the other you choose a ‘rich multi-cultural diversity’ sort of article then, the next time you search, you’ll find the results begin to lean towards the view you clicked previously. Over time, you see fewer and fewer views that disagree with you.

This is not really anything new: newspapers were an authoritative source of facts, although whose facts were presented depended on the papers’ owners, and people bought the paper that mostly chimed with their world view. Today, the Guardian’s view on climate change (along with the vast majority of scientists) is that it is a very real threat or, as the Intergovernmental Panel on Climate Change (IPCC) puts it, “Scientific evidence for warming of the climate system is unequivocal.” Rupert Murdoch’s News Corp on the other hand has just waved goodbye to Rupert’s son James, who left accusing the company’s news outlets of “ongoing denial” of climate change despite “obvious evidence to the contrary”

News Corp claim they offer a range of voices on the subject but when 98% of scientists hold a view, is it ‘balanced’ to present 50-50 pro- and anti- views? On the other hand, 100% of scientists once believed that the Sun revolved around the Earth, and they were all wrong…

To avoid the Google bubble, I use a ‘news reader’ app which hides my identity, so I regularly see examples of how a particular news source ‘spins’ a topic:

“HMRC: Residential property transactions down 35.9%” Property Wire
“Residential property transactions jump 32 per cent in June – HMRC” Mortgage Solutions

or how a topic is a heinous crime:

“EU Shame: Trade chief Phil Hogan resigns after flouting coronavirus rules”

or absolutely justifiable:

“Dominic Cummings did NOT make mistake with lockdown trips – ‘What a witch hunt!’”

depending on whether the offender is ‘one of us’ or ‘one of them’. My thanks to the Daily Express for both headlines.

Unlike TV in the UK, newspapers have no legal requirement to be ‘balanced’ although they are generally expected to tell the truth, however they might choose to spin it. A useful guide to newspaper accuracy is how often a title is sanctioned by the press regulator, IPSO. For three years in a row, head of the field has been the Daily Mail which this year received 28 sanctions, of which 24 were for inaccurate reporting. Some distance behind were:

2nd The Times
3rd The Sun
4th The Daily Mirror
5th The Daily Express and the Daily Telegraph

Newspapers used to make their profit through adverts in their papers: the cover price might pay for some or all of the production and distribution costs, but the adverts were where the profits were made. These days, advertising has largely moved online, so much so that the Independent ‘newspaper’, which moved entirely online after its final ‘paper’ edition in March 2016, is now more profitable than the Telegraph Media Group, owner of the Daily Telegraph.

Websites generally make their money either by advertising – they get paid for each advert you view and more for ads that you click on – or by selling information about you so that you see ‘more relevant’ adverts, which is the model that Google, Facebook and similar use. It’s fascinating to discover that the EDP for example, which begins its cookie consent notice with ‘We value your privacy’, value it so much that they share details of your usage of their site with more than four hundred companies. That’s absolutely typical, no better, no worse than most other sites and the EDP perform a valuable local service and are well worth supporting, but ‘privacy’?

Which brings us on to social media… and that’s the topic I’ll pick up in next month’s article.

Posted in Uncategorized | Comments closed

Lessons from Lockdown, Part Two

As I write this, lockdown is easing, visitors have arrived in droves, and there is a sense of greater freedom for some. Others, though, are still wary – and who knows what will have happened by the time this is published! So the oapc guide to home-based activities continues…

TV and streaming

With most of the nation having to spend more time indoors during the pandemic, Ofcom’s latest survey confirms many people’s experience: we have been watching a lot more TV!

Traditional broadcasters saw their highest combined monthly share of broadcast TV viewing (59%) in more than six years in March, as people turned to trusted news services for updates on the virus. According to the report, British adults spent more than six hours each day watching TV and online video.

As lockdown progressed and broadcast TV began to run out of new programs, many turned to streaming services. Often associated with younger people, online films and TV kept us entertained for one hour 11 minutes each day, double the pre-lockdown level. And Ofcom found that one-third of 55-64 year olds signed up for paid-for services such as Netflix or Amazon Prime during the early weeks of the pandemic.

Demand became so high that streaming companies had to lower the quality of their output to avoid literally breaking the internet, an approach that ITV2 adopted some years ago… But don’t forget free services like BBC’s iPlayer and Channel 4’s All4, or even Youtube.

Reading

“In an uncertain time books provide not only an escape but also a means to find hope, companionship and comfort.” – Joseph Coelho.

As book shops shut and even Amazon took print books off priority delivery, publishers rushed to make as many books as possible available as e-books. Physical (real) books are still selling online, with a notable shift to for support independent stores. Let’s hope this continues in the ‘new normal’.

E-readers are widely available to download books – Amazon’s Kindle is the best known, but other services such as Kobo are available – and your mobile phone or tablet will have its own version: Google’s Play Books, Apple Books and, I believe, the Nokia Scrolls might still be available.

Do remember, though, that you never own an e-book – it is simply licensed to you: if your chosen supplier ceases to exist, it’s very likely ‘your’ books will simply disappear.

So just visit Norfolk Library’s ebooksdelves and gorge on what’s available there, including newspapers and magazines.

Online theatre

Those who love the theatre will find many online options, too many to mention in fact. Search online for your favourites – but here are a few to start you off:

Google ‘National Theatre online’ or ‘The Globe online’
Andrew Lloyd Webber’s theatre site has information on shows, plus some videos, at https://lwtheatres.co.uk/celebrate-theatre-at-home/

and you can find other options here:

https://www.whatsonstage.com/london-theatre/news/stage-shows-musicals-opera-free-stream-online_51198.html

Cultural tours

Why not widen your horizons with a tour of the greatest art, historical sites and museums in the world from your own armchair? So many to choose from (search for “virtual tours” for inspiration, or narrow it down by using the name of the place, gallery, artist or country you are interested in).

Museums

The Natural History Museum, The British Museum and the Royal Naval College, as well as many wonderful regional museums, have good online sites, which may include tours and short talks.

Galleries

The National Gallery, The Royal Academy, The Louvre, The Vatican and The Uffizi are all online.

You can find a virtual tour of the Sistine Chapel here:
http://www.museivaticani.va/content/museivaticani/en/collezioni/musei/tour-virtuali-elenco.html

Other ideas:

https://www.elitetraveler.com/design-culture/10-best-virtual-museum-tours

Monuments and historical sites

CyArk (a non-profit organisation) has, since 2003, been digitally recording and sharing online the world’s cultural heritage:
www.cyark.org/explore
And, if you’re at all unsure of your eyesight, why not try a virtual tour of Barnard Castle? Much safer than driving the family all that distance in these worrying times. https://360barnardcastle.holoscribe.com

Garden tours

There’s lots online for garden lovers, especially nice when the weather is disappointing at home!

National Trust: https://www.nationaltrust.org.uk/lists/virtual-tours-of-our-places
Royal Horticultural Society: https://www.rhs.org.uk/gardens
National Garden Scheme: https://ngs.org.uk/virtual-garden-visits/

Games and puzzles

Many of us dug out our old jigsaw puzzles to while a way an hour or two, and found it to be therapeutic. Others may have been playing card games or board games (Scrabble is the favourite in our household).

Many of these are available online, to play with others (human or robot) or alone, so why not search for your favourite and see if you can find an online version? Examples:
Online Scrabble https://wordfinder.yourdictionary.com/blog/10-places-to-play-single-player-scrabble-online-free/

Jigsaws

https://www.jigsawplanet.com/

Puzzle grids (for Only Connect fans) ranging from easy to fiendish https://www.puzzgrid.com/

On phones and tablets, there’s the very popular Words with Friends in your app store, and thousands of games besides, of very variable quality and often ‘supported’ by adverts – check the reviews before downloading!

For the more active – fitness

When the government ordered a nationwide lockdown, many people’s regular fitness schedules (whatever they are) were cancelled. But Bupa UK reports that two in three UK adults have been taking time in lockdown to exercise – 28% upped their usual activity and 17% were inspired to try something new.

This is not an area of which I have a lot of experience but apparently the most popular types of exercise include walking, gardening, jogging, cycling, using home gym equipment or joining in with online classes. 66 per cent of Brits credit regular exercise with helping them maintain good mental health while in lockdown.

Trainers and studios moved quickly, creating daily schedules of live-streamed workouts.

Local trainers Suzie Povey and Jaime Parry have kept many of our friends busy with online classes via Zoom, Facebook or YouTube. More info here:

Suzie https://en-gb.facebook.com/pages/category/Gym-Physical-Fitness-Center/Suzies-Fitness-1464249640459851/

Jaime https://www.facebook.com/JaimeFitSteps/

The most famous non-local is Joe Wicks, whose classes for children were rapidly adopted by the whole family (and some adults without children too, I gather). https://www.youtube.com/channel/UCAxW1XT0iEJo0TYlRfn6rYQ

The NHS has some online starter classes of 10-45 minutes here:

https://www.nhs.uk/conditions/nhs-fitness-studio/

For other ideas search the Internet for “online fitness”, and see what inspires you. (Some will be chargeable, but many are free, so be careful to check.)
So there you go, a few ideas perhaps to keep you occupied, entertained and fit, until the world begins to return to normality. Whatever that is…

Posted in Uncategorized | Comments closed

Lessons from lockdown

Back in February, a lifetime ago, I was trying to convince one of my customers of the benefits of internet banking. She wasn’t convinced: she and her friends preferred having cheques that they could post to each other to pay for their charity group’s activities.

Last month, I thought of her as I was scratching around for planning the topic for this month’s article. This seems a very different place compared to three months ago so I’ve been asking people how they’ve been using ‘tech’ to make lockdown a little more bearable or even to carry on working in an isolating and isolated world.

Almost everything that follows has been suggested by someone who would laugh out loud at the idea that they were tech wizards or experts and yet, between them, they’ve managed to come up with some things that I, a proud geek, had not even considered.

Communications had undergone massive changes, even before lockdown began: the number of landline calls made has more than halved since 2012 whilst mobile phone calls have skyrocketed. But now, particularly amongst those with all their own teeth and hair, the ‘mobile’ part is more important than the ‘phone’ part and voice calls (and even text messages) are being replaced by online messaging services like WhatsApp and Facebook Messenger.

Keeping in touch under lockdown has transformed the fortunes of some companies: little-known videoconferencing company Zoom had 659,000 UK users in January. By April that had risen slightly to – checks notes – 13 million. Significantly, many of these were older tech users: the proportion of online adults aged 65 and over who make at least one video call a week increased from 22% in February 2020 to 61% in May 2020. We were all doing it!

Libraries reported a surge in online borrowing during lockdown, with England alone gaining 120,000 new library members in the three weeks after lockdown began – 600% up on last year. I was one of that 120,000, my old membership having apparently expired due to lack of use. Loans of online e-books, e-magazines and audiobooks in the same period were double the normal level, after libraries closed on 23 March. One of my survey panel described them as her lifeline. Visit Norfolk Library here.

It’s possible that (funding permitting) this could be more than a flash in the pan. The Chartered Institute of Library and Information Professionals (CILIP) believes this could turn out to be a watershed moment. “Not only are we attracting an entirely new audience, we’re able to demonstrate that the library is every bit as accessible online as it is in person,” said spokesman Nick Poole as CILIP launched The National Shelf Service, a daily YouTube broadcast of librarians’ recommendations of e-books for children, young people and families.

Virtual book launches and literary festivals have become the norm, often wildly out-performing the expectations for the real-world events they have replaced: one small organisation had cancelled a room booking for 60 people, in favour of an online book launch that attracted 280 live ‘attendees’. Another thousand watched a recording in the week after the event.

Events in cyberspace have become much more common across the board, as venues attempt to claw back even a tiny fraction of the income they’ve lost. Beth and I have spent several delightful evenings listening to live acoustic music ‘at’ the Green Note, a tiny venue in London with a capacity of 65 until social distancing came along. Some of their Virtually Green Note events on Youtube and Facebook have attracted ‘crowds’ of several hundreds, many of whom donate the suggested £10 ‘tip’, split between artists and venue.

Survival is the only thing small venues can hope for at this stage. These are the places where artists from the Beatles to Ed Sheeran learnt their craft, part of a music business that contributes £5 billion to the UK’s economy. Along with local shops, all small businesses need our help like never before.

Many shops, large and small, were sensibly reluctant to take cash payments during the crisis, and so some of us have tried out the new experience of paying for shopping with a contactless credit card or even (gasp!) a mobile phone. This has also led to the realisation that, if you ‘bonk and pay’, you don’t need to visit a cash machine anything like as often – health and safety taken care of at the same time.

Although supporting local businesses is incredibly important – not just during a pandemic – when the lockdown restrictions were at their most restrictive many of my respondents turned to online shopping. Some were trying it for the first time while others were old hands, but many found they were buying even everyday staples like tea and cereals in a bid to avoid queues and infection.

Tesco reported that online sales for the three months to May increased by 48 per cent, whilst Sainsbury’s and Waitrose also reported strong online growth. I rather suspect that a fair few people will find that they like the convenience and simplicity of the process and not return to their old ways…

Thank you to everyone who contributed ideas for this article. I could not fit them all into the space available, so next month we’ll have some more. Although some of the ideas will likely fade as, God willing, the virus begins to recede, many of them would still be applicable in the future for those who can’t get out, those who have found something new, and those trying to find a greener way of doing something they already do.

Even though I never did persuade that lady of the benefits of internet banking when you live in a village without a bank, one of our friends had this to say: “I was always against internet banking, thought it was too risky…but we had the outside of our house painted in April. The guy only wanted payment directly into his bank account. He didn’t want cash or cheque…so needs must….. I went on line and found out how to go about it. A week later I was all set up with internet banking and I love it! So easy to check my balance, pay bills etc and wish I’d done it years ago!”

Respect science, respect nature, respect each other. Take care.

Posted in Lockdown | Comments closed

It could be you! But it probably isn’t.

Last month we looked at a few real email messages and unpicked some of the technical clues to watch out for:
• who sent the message?
• if I click the thing they want me to click, where will it take me?
But there’s often an easier way to spot a wrong ’un and that’s what we’ll be looking at this month, again using my own inbox for examples, with no technical mumbo-jumbo whatsoever.

Let’s begin with a message from a Mr hgdgd osndbds.

Really, Mr osndbds? That’s the best you could come up with? Your email wants me to believe you can connect me with the sum of $2,100,000.00 and that’s the name you’re going with? Well, actually no, because later in the email we find it’s really from:

Mr. Terry Moore
(Acting Manager of HSBC BANK, London United Kingdom.

Bonus point for just the one bracket, but still…

0/10 Must try harder.

Let’s move on…


Credit where credit’s due, they have taken the trouble to make it look like it comes from MBNA, but ‘Dear Customer’? No bank will ever send a message to Dear Customer and they will never ask you to click a button in an email to sort out a problem.
Speaking of which…

No introduction, not even Dear Customer. Just a big button labelled ‘Log in to Monzo’. Don’t.

One common factor in a lot of scam emails (and telephone calls) is that they will try to panic you into hasty action:

• Your payment for 16th Century Jewish bible is complete!
• Act now!
• Your machine is under attack!
• Your email/internet/bank account is about to be suspended!

It isn’t. Have a nice cup of tea and a Digestive. Then, if you’re still worried, contact the company directly – NEVER click anything in the email or give details over the phone and NEVER open an unexpected attachment.

Banking security

It’s probably worth noting a few dos and don’ts about online banking and security in general.

I always recommend having at least two email addresses, one for shopping, sharing and social, and one for family and personal stuff. That way, you can be notified (your phone or laptop beeps) when someone important contacts you, but your phone isn’t binging and bonging every time DFS have a sale. You could have a separate email address for banking, too, or just use the ‘family’ one, as long as you make sure to tick the box that tells the bank not to share your address and not to use it for junk mail.

I had a customer once who correctly deleted junk mail purportedly from every bank under the sun but happily clicked blatantly fake messages from Nationwide, because they were her bank.
It’s also worth pointing out that, of all the junk bank messages I’m listing here, none of them went to an email address that I actually use for banking, which is quite a big clue that something is not right…

Anyway, what’s next?

Let’s look at a couple of other things to be wary of:

Messages from people you know

I don’t have any of these in my inbox but I know someone who has. They appear to be from someone you know
Subject: Hi Beth

but contain a very short or unexpected message, like

Here, the golden rule is ‘If it doesn’t sound like the person you know, they didn’t send it’. A favourite trick of scammers is to steal someone’s email address book or contacts list and to send messages (apparently) from someone in the list to someone else in the list.

Sometimes it means Barclaycard get a message ‘from’ Nationwide but also (imagine it’s your contacts stolen) sometimes it means your brother gets a message ‘from’ your sister, and they are much more likely to click something they shouldn’t if they trust the person who sent it. A very popular example of this did the rounds on Facebook a while back. After all, if a friend sent you a message saying

“Is it you in this picture?”

would you be able to resist a little click?

If Auntie Flo always begins an email with ‘Hello Sweetie’, be suspicious when you get one that starts, ‘Hey Friend!’

It could be you!

It isn’t. If you ever receive an email telling you that you’ve won a lottery, the odds are very high that you haven’t. If you ever receive an email telling you that you’ve won a lottery that you didn’t enter, the odds are quite a bit higher. All they want from you are your bank and personal details.

Of course, if you actually do enter the lottery and you get an email from Camelot to tell you you’ve won, it’s worth going directly to the Camelot website and checking.

Or just give me the ticket and I’ll check it for you. You’re welcome.

In summary

In the past, viruses were an opportunity for bored geeks to show off to their friends but nowadays threats almost always exist to steal personal information and use it to part you from your hard-earned cash. Take your time, and don’t fall for their tricks.

Take care and stay safe.

Posted in Uncategorized | Comments closed

Save money – Have the Kenyan Road Minister pay your TV Licence!

Last month, we looked some of the basic information you need to help unravel whether a website is legitimate or not. I thought this month I’d share a few emails I’ve received, with some tips on how to spot the dodgy ones. Although old-fashioned viruses still exist, the majority of threats to your computer, phone and bank account are unleashed by you clicking on something you shouldn’t.

You might find yourself visiting an infected website (which then infects your computer), visiting a website that impersonates a legitimate website (maybe asking you to ‘update’ your security and credit card details which it then steals) or downloading an infected ‘attachment’ which installs something to send to a hacker on the other side of the world all the logins and passwords you enter. Or you might find you’ve won a lottery you didn’t enter, or been left money by someone you didn’t know, or just been offered a commission for being helpful:

“Dearest One,

I know this mail will come to you as a surprise since we haven’t known or come across each other before considering the fact that I sourced your email contact through the Internet in search of trusted person who can assist me.

I decided to contact you due to the urgency of my situation, My name is Miss Sofia Kipkalya Kones, 26yrs old female and I held from Kenya in East Africa. My father was the former Kenyan road Minister.”

Long story short, following the tragic demise of said Minister, there’s $6,700,000 sitting in a bank, of which 30 per cent will be mine if I can help ‘repatriate’ it. Naturally, my contribution would involve some fees up front, but I’d be more than covered by my ‘commission’.

First rule of internet scams: if it seems to good to be true, it isn’t true.

Mind you, that $2 million dollars would be handy:

“Subject: REMINDER: tvlicensing.co.uk 2020 | Your TV Licence is due for renewal – 4/9/2020 | Reference Number: CD3720427720
Date: Thu, 9 Apr 2020 03:38:17 -0700
From: TV Licensing <no-replays@fedecotopaxi.org.ec>

Hello,

Our records for the TV Licence on email: abc@123.co.uk (actually my private email address) indicates us that is due for renewal.

We do not need to issue you with a new licence until your existing licence is renewed. Your reference number for this change of details is CD4022429890. Please note, your TV Licence number remains the same.

Please visit our website untill April 10, 2020 to view your TV Licence online and update your details – just go to www.tvlicensing.co.uk/yourlicence.”

For space reasons, I’m omitting some of the content of these examples. Like last month, I should say that I’ll be including email addressess and company names where applicable. It could easily be the case that the legitimate owner of these has been scammed and the crooks are using their details without the owner’s knowledge. It could be. Easily.

So, what does CSI Heacham make of the above?

Firstly, it was delivered to an email address I’ve never used for TV Licensing. Ignoring that, try  Googling for tv licensing uk. As discussed last month, ignore anything marked ‘Ad’ – such as www.movemy.co.uk/tv_licence, and you’ll see that the correct website should be https://www.tvlicensing.co.uk/ 

That being so, why has this email arrived from no-replays@fedecotopaxi.org.ec ? Further down, it says ‘Just go to www.tvlicensing.co.uk/yourlicence’ which looks legitimate…

Until you hover your mouse over that link. This is the first line of defence against dodgy emails. When you hover your mouse over the thing a dodgy email wants you to click, you’ll often see – either at the bottom of the screen or as a pop-up – the actual address that clicking will take you to. You can get the same information on a mobile phone or tablet by putting your finger on the link and holding it down. After a second or so, a pop-up will show where you’d be heading if you tapped the link.

In this case, it wanted to go to http://www.ottenandpartners.co.za/aspnet_client/432thsdfhd.html

I’ve deliberately not made these links clickable to protect the unwary, but if you hover your mouse over the legitimate TV Licensing link above you should see this in action.

As we learned last month, ignore the http:// and everything after the first remaining / so we’re left with ottenandpartners.co.za – a company in South Africa. I’m fairly sure that’s not where TV Licencing has been outsourced to, so consider that a scam.

‎I’d email someone about this but:

“Subject: Important changes to your 1&1 lONOS emails:
Date: Wed, 15 Apr 2020 20:42:17 +0100 (BST)
From: 1&1 lONOS <simon@schfiresafety.co.uk>
Reply-To: 1&1 lONOS <simon@schfiresafety.co.uk>

New functions and updates for lONOS email have been published and we will inform you in writing before we apply them to your IONO email.

We may store incoming messages if we have not received your approval on or before April 17, 2020 to apply these new changes to your lONOS email.

We have made the authorization process easy, you may proceed to authorize this changes at   webmail.lonos.co.uk/Mail&Update.”

Now, I use 1&1 IONOS for some of my work, although I’ve never known them send an email from schfiresafety.co.uk before. Hmmm. Let’s see where that click will take me – hovers mouse and looks in left-bottom corner:

https://update.lonos.com.neptuneinternational.co.in/

You know this bit by now. Drop the https:// and anything after the first /, leaving update.lonos.com.neptuneinternational.co.in/

Last month’s article touched on ‘sub-domains’ like news.bbc.co.uk being part of bbc.co.uk. The rule is, find the Top-Level-Domain (the bit that tells you the country, like .co.uk or, here, .co.in) then work your way back from there to the first full stop you come to and then ignore everything before that.

So we can ignore the update.lonos.com, leaving us with neptuneinternational.co.in/

Is that a likely address for ionos.co.uk?

All of these examples want me to enter personal details, passwords, email address and banking details. Follow these rules and you should be able to avoid getting scammed into handing them over. Stay well and stay safe.

Posted in scams and cons, Security | Comments closed

How to spot a fraud

On moving to Heacham, I gave up my previous career as an international counter-intelligence operative, working out of a smoke-filled basement somewhere in Westminster.

Hello, I’m calling from BT. We’ve noticed some unusual activity on your line and we’d like to help you resolve the issue now.

Which of those two paragraphs do you think is more likely to be true?

I’d guess the majority of readers would have chosen the second, but those who know me will obviously have opted for the first and they would have been correct (although the truth will have to remain a secret between me and Sir Richard Dearlove).

Quite simply, BT would never ring you to tell you about an internet problem, unless you had rung them first. Nor would Sky, TalkTalk, Plusnet or any of the other major internet service providers.

Before the world came crashing about our ears, I had two appointments in succession where customers had been fooled into clicking something they shouldn’t: one a substantial financial fraud, the other a website designed to look like an official government site but charging a fee for something that would be free if you visited the correct site.

So this month’s article starts a series on how to avoid cons: visiting a dodgy website, clicking on a link in an email, or falling for a convincing phone call and putting yourself at risk.

Let’s start with a few definitions, so that we’re all on the same page:

Browser – a program you use to access the internet:

Chrome, Edge, Firefox, Internet Explorer (RIP).

Search Engine – a service you visit using your browser to find a specific item. Examples include Google, Bing, Yahoo and DuckDuckGo.

Mobile phones can do things slightly differently, blurring the lines between the two, but those are the basics.

Google has a search engine called, er, Google. Microsoft has a search engine called Bing. I often find customers get confused because you can use Chrome (Google’s browser) to access Bing (Microsoft’s search engine). And in Microsoft’s Edge you can search using Google…

Anyway…

When you search for a website, the results are presented to you in order of relevance, so the higher up the list, the more it matches what you’re looking for. What you see depends on your previous history, the browser you use, you privacy settings and more.

As an example, when you renew a driving licence, you might well go to Google to find the correct place. I did just that, and came up with this:




Anything strike you as odd there? Notice that little word Ad, hiding in plain sight? Depending on the program you use (Chrome, Edge, Firefox), it might look different but it tells you that the website isn’t there on merit, they’ve paid to be at the top.

I tried the same search using a number of different browsers and search engines and got varying results, from no ads to four, with names like applyukdrivinglicence.co.uk, licenceapply.co.uk and applydvladrivinglicence.co.uk

Now I wouldn’t for one minute say that any of these were dodgy companies set up to trap the unwary: I’m sure they all guide you through the renewal process for a very reasonable fee on top of any charges the DVLA raise. But the real DVLA site www.gov.uk/renew-driving-licence costs nothing to access, and charges only the government-mandated fees with nothing on top, so be careful.

My simple rule is, never click on a link that says ‘Ad’.

How to decipher a website address

Next month, God willing, we’ll look at spotting scam emails but let’s take a general look at how a web address (also known as the URL) breaks down. Here’s a straightforward one:

https://www.bbc.co.uk/news/business-52184229

Let’s focus on a few points. Every web address begins http:// or https:// so we can ignore that bit. That leaves:

www.bbc.co.uk/news/business-52184229

The internet uses the forward-slash symbol / to separate pages from website names (think Moby Dick / Page 4). So everything after the first / is just the page within the website. That means, to see if a site is genuine, we can ignore the first / and everything after

By ditching news/business-52184229 we’re left with www.bbc.co.uk/ which I’m sure you’ll recognise as a legitimate address.

Naturally, there’s a slight complication. Sometimes you’ll hear the phrase ‘domain name’ bandied about. Sticking with the BBC, their domain name is bbc.co.uk. But it’s also possible to have a sub-domain. This is a separate area but crucially still part of the main website. An example is

news.bbc.co.uk

If you type that into a browser, it will take you to bbc.co.uk/news, part of the BBC website.

The important point is, a sub-domain will only ever be separated from the main domain by a full stop, so

news.bbc.co.uk

is a legitimate part of the BBC but

news-bbc.co.uk

is not. It might exist as a website but that hyphen means it’s not part of the BBC.

Some unscrupulous companies might include letters hinting at legitimacy like, off the top of my head, applydvladrivinglicence.co.uk including the letters dvla. Not that I would for one minute suggest that applydvladrivinglicence.co.uk was an unscrupulous company. Not at all.

But any official government agency will tend to end in gov.uk, such as hmrc.gov.uk and if the site you’ve clicked on doesn’t, it probably isn’t what you think it is.

Next month, we’ll look at some real examples of not-dodgy-at-all websites that I’ve received but, in the meantime, keep safe, keep well and be nice to each other.

Posted in Uncategorized | Comments closed

Passwords and security (part three)

I’ve got nothing against country dancing.

Over the past couple of months, I looked at why it’s important to use a different password on every website and why a long one is better than a short one. I’ve also mentioned the importance of keeping contact information up to date, to make it easier to reset passwords when something goes wrong.

Now let’s look at an example of why this is a good idea, with a true story. There’s a chap in Canada with almost the same name as me, who regularly forgets to include his middle initial in his Gmail address when he signs up for things on the internet. I could tell you the gym he uses, his car and when it needs servicing, and the fact that he goes country dancing regularly. I know this because he’s signed me up for all their mailing lists.

For most of them, clicking unsubscribe has done the trick but the country dancing mailing list has been a tougher challenge. Despite the fact that the Gmail account in question has my address, my credit card details and my date of birth (and has done for more than ten years) they’ve refused to remove me from the list “because I’m somehow accessing his email”.

The other night I was sitting in front of the TV when my phone pinged with a message from Google: “Is it you trying to change your password from Pleasantville, Canada?” Tap ‘No’ and back to a gripping Scandi detective drama.

Ping. “Is it you trying to change your password from Pleasantville, Canada?” Tap ‘No’ and back to…

Is it you trying to change your password from Pleasantville, Canada?” Tap ‘No’ and go to make a cup of tea.

And that is a perfect example of why it’s important to keep contact details up to date, and it’s a perfect example of something very simple with a grandiose geek name: dual-factor authentication, sometimes abbreviated to 2FA.

Put simply, 2FA adds an extra hurdle for someone trying (legitimately or otherwise) to access your account. Something you know – like a password or your mother’s maiden name – can sadly be stolen quite easily in this day and age, particularly if you use the same password in different places. So 2FA adds something you have or something you are, like a phone or a tablet or a fingerprint.

It can be as simple as the example above: log in from a new device and the website sends a message with either a number to type in or a button to press to confirm that whoever is trying to login not only knows your password but has your phone. This is something you’ll already be experiencing more often when shopping, as banks are already using ‘Secure Customer Authentication’ to confirm that purchases are genuine.

On the one hand, this is another obstacle to doing what you want to do quickly and easily. On the other hand so are seatbelts, and the millions of people worldwide who wouldn’t otherwise still be here probably don’t regret losing two seconds every time they set off on a journey.

At the moment only about 5 per cent of online account holders have enabled 2FA but a recent statistic released by Microsoft might show why it’s a good idea: of the over one million Microsoft accounts hacked last year, 99.6% weren’t using 2FA. So out of a million people, statistically 50,000 ought to have been hacked but, presumably because of 2FA, only 4,000 of them were.

For most people, setting up 2FA is as simple as giving the service you’re logging on to your mobile phone number (it tends to be a mobile number because they can’t text a code to a landline). It’s also possible to install an app on a phone to generate a code to prove you’re genuine even if you’re logging on from a place with poor mobile signal (like, oh, I don’t know, Heacham). I use the Google Authenticator app but others are available.

Posted in Security | Comments closed

Passwords and Security Part 2

Last month, we looked at why it’s important to use a different password on every website and your homework was to sort out all those post-its and get your existing passwords organised in an address book – A for Amazon, G for Gmail but not everything under C for Computer…

So let’s look at what makes a good password. Which of these is harder for a hacker to crack:

EDe5u2&kvS

StapleBananaHamster

Most people instinctively opt for the first: it’s hard to remember, a weird mix of upper- and lower-case, plus there’s numbers and symbols. It must be more secure, surely?

No.

We talked last month about ‘hashed passwords’ – the magic numbers that your passwords are turned into and that are stolen when a website is hacked. The hackers have computers running round the clock, trying out random strings of characters and working out the number that translates to. It’s believed that, at the moment, any password with fewer than 12 or 13 characters has already been calculated.

One of my favourite websites – I should get out more – is www.howsecureismypassword.net

There, you can enter a password and see how long it would take one hacker with one computer to crack it. I’ll save you the trouble… EDe5u2&kvS would take about six years. Not bad, but remember that the hackers have already been working at this for years with more than one computer so, effectively, that’s already been guessed.

StapleBananaHamster? 318 Trillion Years. Staple£Banana24Hamster? 252 Sextillion years. That’s 252 followed by 21 zeroes.

These numbers are estimates and some combinations of words will fare less well, e.g. Manchester followed by United, but the most important thing is length. So two or three unrelated words, upper- and lower-case, numbers (family birthdays?) in between, maybe a symbol, and you’ve got a reasonable password. Looking round my palatial office in Oapc Towers, with magazines, books, boxes of stuff, Useful24Panasonic!Carpet comes out to one octillion years, which is secure enough.

But how to remember these very secure passwords? You don’t have to. Your computer will do it for you and fill it in again when you visit the website. Some people worry that this weakens their security and it does. But the chance of an easy to guess password being stolen in a website hack is much greater than the chance of the passwords being stolen from a correctly updated home computer, and using the same password everywhere means that only has to happen once. But don’t forget to update your Password Book whenever you change a password, because if your computer should suffer a disk failure, those passwords are very likely gone.

I should say at this point that you should only store passwords on your computer if you can trust everyone who accesses it. If you share it with kids or significant others whom you don’t want to automatically access your credit cards, a separate login for each of you and a master password to keep things secure seems like a good idea.

More secure and, in these days of using a PC, phone or tablet to access the same information in different places, more convenient is a password manager program, such as LastPass or Keepass. These, protected by a very secure password, will generate passwords automatically and fill them in again as required. It means you can routinely use a 20 or 30 character password like Z2$TXec3zK4PasmvQlTyE3d6Q$8Um1 and not have to write it down or remember it. They can also work across devices, so you can save a password on your PC and fill it in on your phone.

Naturally, these services make a very tempting target for villains but I still use one because the alternative is inevitably not so secure.

So, now that you’ve got all your passwords organised in your new address book, it’s time to start visiting websites and changing the old short passwords for nice, long, secure ones. While you’re there, make sure that the contact and security information is up-to-date. These days, most websites use a mobile phone number or an email address to send a code which allows them to confirm it’s you and so allows you to easily change your password.

One of my favourite ways of spending time with customers is trying to persuade a website to send a way of resetting a password, when the two alternatives are an email address that hasn’t existed since 2006 and a mobile phone number that was changed nine years ago, belonging to the customer’s daughter…

Next month, I’ll look at a way of making your log-ins even more secure, that many of you may already be using.

Posted in Security | Comments closed

Good News!

Researchers have discovered the biggest security threat to your online activities.

Bad news: it’s you.

When they think about ‘hackers’, most people imagine Igor in Russia, banging away at his keyboard and trying to guess what their password might be. The reality is very different. When you first sign up to a website, you’re asked to make up a password. The password you type in is turned into a unique number (a ‘hashed password’) which the website stores. Next time you log in, the same process happens and, if the two numbers match, the website knows you’ve typed in the correct password.

Most ‘hacks’ involve someone sneaking into a major company’s computers and stealing the entire database of customers’ detail, such as the three billion customers whose details were stolen from Yahoo in 2013. Those details “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers”, according to news articles at the time.

Hackers have computers running round the clock, typing in random passwords and listing the numbers they equate to, so that it’s possible to produce a list of the numbers and the corresponding words. In fact, even Wikipedia has a list of the top 10000 passwords. Particularly worrying is the fact that 91 per cent of all passwords used are in the top 1000 positions on that list.

So why does it matter?

These days, personal information is valuable: it allows you to prove you are who you say you are for banking, shopping, and all manner of transactions. So imagine the fun the crooks could have with the information stolen from Yahoo, which “may have included” everything you need to convince almost anyone that they were you, right down to your grandmother’s maiden name and the name of your first pet!

I’m regularly called out to help people who’ve been hacked or just forgotten their passwords. The phrase I hear most often is ‘I usually use…’ followed by a six-letter word and maybe a number. It’s the password they use everywhere. The world would be a simple place if we had one key that opened our car, house, shed, business, garage… Of course, if someone were to steal that key, suddenly you’ve lost everything. And yet three-quarters of the customers I visit use the same password or two on every website.

If someone breaks in to your email – and, in case you didn’t know, Yahoo ran BT email for years and in some cases still does – they can find out the banks you use, the companies you deal with, even what you’ve ordered recently. Your Amazon account reveals your postal address, phone numbers, email address and the expiry date and last digits of your credit cards. From your email, they can find out the banks and credit cards you deal with.

Put all this information together and it’s very easy to ring someone and pretend to be a bank with an urgent query – someone’s trying to break into your account and you must take immediate action – and relieve you of your hard-earned cash.

I’ll be talking about passwords and the like in more detail soon but, for now, it’s time for some homework. I’d recommend getting an old-fashioned address book – the one with A to Z tabs down the side. Grab all those post-its and bits of paper you’ve got in that pile and start writing them in the book. G – Gmail, etheldaardvark@gmail.com. Write down the password you use, in pencil so that you can change it easily, and the date you changed it last (or an educated guess).

When you’ve done that, we’ll have another look at passwords: what makes a good one, how to change them, how to massively improve your security, and other ways to avoid forgetting them in the first place.

Posted in Security | Comments closed

Goodbye, Windows 7. We’ll miss you.

January 14th 2020 is a sad day. It’s the day that Windows 7 reaches its ‘end of life’ and I feel like I’m losing an old friend. But what does ‘end of life’ mean, and how does it affect you? Read on…

Until Windows 10 came along, Microsoft supported each Windows version for ten years, meaning that for ten years Microsoft would fix errors that have been found and, crucially, patch the security holes that villains use to break in.

You may remember back in 2017 when the NHS and many other businesses were brought to their knees by a ‘malware’ infection. As the BBC pointed out a few months later:

“…all of this could have been avoided if security patches had been applied to protect the Windows 7 systems common throughout the NHS.”

Those really annoying ‘Windows is installing updates. Don’t turn off your computer’ messages have been a sign all along, telling you that the latest security features are being installed and updated.

So what happens in January?

Absolutely nothing. Not at first. But each month that goes by, for the 36% of computers still using it, the chances increase that a new way of breaking in to Windows 7 will be found and, if it is, you’re on your own. It’s possible that an up-to-date antivirus will help, but most of the computers affected in 2017 had one of those and were still compromised. In a nutshell, it’s no longer safe to use Windows 7 in two months time, unless it’s disconnected from the internet: no browsing, no email, no shopping, no banking.

What to do next

It’s time to make a difficult decision. Many old Windows 7 computers have the power to be updated to Windows 10 and run it perfectly well although, to be perfectly honest, I’ve never been a huge fan of Windows 10. It is certainly the most secure Windows there’s been but I don’t like its version of ‘privacy’, the way it installs programs you haven’t asked for (unless you delve deep into Settings) and the way it introduces a completely new version every six months, changing how things work and in some cases stopping things working completely: I’ve just had a month of laptops where the internet has stopped working and sometimes the mouse too. It’s a fixable problem: download a further update, over the internet that you can’t use…

Some machines might struggle with Windows 10 but still be perfectly capable – along with their newer, more powerful relatives – of running an alternative, such as Linux Mint. Mint is a very Windows-like system for the average computer user. It’s free, secure and for a typical user works more like Windows 7 than Windows 10 does. It’s fair to say that, under the skin, it’s a very different beast but I’ve been recommending it as an alternative for some years and I’m now finding my Linux customers recommending it to their friends and neighbours.

Mint still allows you to shop online, read your email, edit and create Word documents and Excel spreadsheets, edit your photos and videos, use Skype, and do most of things normal people do with their PCs. I installed it for my wife a few years back – not something I would do lightly! – and she has described it as ‘Windows with the annoying bits removed’. I can say no more.

Otherwise, there is always the option of buying a new Windows 10 PC or an Apple device or even a cheaper device like a Google Chromebook. Your system can usually be changed over without losing any of the important ‘stuff’ you’ve accumulated since your Windows 7 machine was a baby in 2009.

Please get in touch if you need help (although we do not sell computers ourselves we can advise on suitable options).

Posted in Linux, Windows 10, Windows 7 | Comments closed