Month: January 2022

Have you experienced an increase in simple text messages that appear to be intended for someone else? I have; in fact, I’m receiving, on average, three of them per day, and it’s getting rather annoying. The picture at the top of this post is a recent sample.

You probably have some familiarity with SMS scams, i.e., scams perpetrated by text messages, but this doesn’t look like any of the ones I knew about previously. There’s no link to tap on, no well-known company name, no imperative and no real sense of urgency. And you probably already know to just delete all texts like that without a second thought. (Well, hopefully you already know that. If you didn’t, then consider yourself informed.) But this is just a casual, “how ya doin’?” type of text message from someone I don’t know, and apparently intended for someone else I don’t know. So, what harm could there be in texting back a “Sorry, wrong number” message? Which is exactly what I might have done if I hadn’t been busy when the first one arrived and if a second, third and fourth such message hadn’t arrived so soon after the first.

Plenty, it turns out. I had to do some online digging in order to find out what these harmless-looking messages from strangers are all about. Most of the search hits were predictable: warning after warning to delete, without any kind of response, any text message that exhorts you to tap on a link or call a phone number. But messages like those are direct attempts at phishing – called “smishing” when perpetrated by text message – and I already knew about them. I finally happened upon a video clip of a TV news report about the kinds of text messages I’ve been receiving lately. It turns out that they are a relatively new form of social engineering, and an indirect attempt at smishing.

According to the news report, if you respond to one of these texts, the very least that will happen is your cell phone number will end up on a “suckers list”, a list of people likely to fall for texting scams. But the scammer will also try to strike up a conversation with you. They may include a photo of a pretty woman, if they think you’re male, or a hunky man, if they think you’re female. Depending on the sort of information the scammer wants to get from you, the photo may be more than just a head shot, and the person pictured may be dressed in a sexy manner or not at all. That may be an attempt to get you to share a compromising photo of yourself. (That’s not the scam an old guy like me would fall for, but I’m told that many people in their teens, twenties and maybe even thirties are quick to share semi-nude or even nude photos of themselves.) Or the scammer may try to convince you to share financial information, account credentials or personal information. Ultimately, that information will be used to blackmail you, raid your bank account, charge things to your credit cards or steal your identity.

It’s easy to sit there reading this and say to yourself, “Oh, I would never fall for that!”, but social engineering is the art of gaining your trust in order to convince you to willingly give over whatever it is that the scammer wants. There is no doubt in my mind that the perpetrators of this scam are very good at this. The best way to avoid falling for the scam is not to engage them. Just delete the text without responding.

As far as steps you can take to avoid this scam, there currently aren’t many. You could block the phone number, but the scammers use throwaway phones and phone numbers to perpetrate these scams, so the chances are your next scam message will come from a different number. You could forward the text message to “7726” (spells SPAM on a phone keypad), which all the major US cell phone carriers are supposedly using to collect spam reports. Personally, I couldn’t figure out how to do that from my smartphone without it looking like the spam came from my own number, but maybe it’s easier to do this on your phone. You could call your cellular provider, which might be an attractive option if your cellular account doesn’t include unlimited texting, but if you get as many of these irritating texts as I do, it seems to me that you’ll spend a lot of time on the phone with your cellular provider if you do that. Your best option may be to set your phone to block text messages from all numbers not in your contact list. That wouldn’t work for me, because my cell phone number is my business phone number, but I would seriously consider doing that for a personal cell phone number.

My quest for information also turned up some gleeful reports from people who claimed to have counter-scammed the scammers, by texting back things like “Congratulations, you have successfully subscribed to ‘Prayer of the day’! Your account will be debited $0.50 for each new daily message.”, followed by what appeared to be increasingly desperate attempts by the scammer to cancel the “service”. Take these with multiple, large grains of salt. First of all, all those counter-scam reports I saw were 3+ years old. Second, cell phone scammers are probably savvy enough to know that even if they did opt into such a service and couldn’t cancel it, they could solve that problem with a call to their own cellular provider. That’s assuming they’re using their own cellular account in the first place. If they’re using a throwaway phone or account, they won’t care, because they probably provided stolen payment information to the provider in the first place, and their intention is to just ditch it at the end of the month or whenever the provider gets wise to them and shuts the account down, whichever comes first. So, your best bet is to follow my first piece of advice: do not engage.

By now, you may have noticed that Windows 11 has a new menu that appears when you click the Network, Volume or Power glyph in the Taskbar’s Notification Area:

(I added the red outline for clarity. When you hover your mouse pointer over any of those three glyphs, the section of taskbar indicated by the outline will appear to light up slightly.) The menu that appears is called the Quick Settings menu:

This is actually a bit annoying if your goal is simply to connect to a wireless network, because it adds a step. In Windows 10, you could simply click on the network glyph, which would pop up a list of available wireless networks, choose a network from that list and enter the password for it. In Windows 11, this menu first appears. Next, you have to click on the “>” button next to the Network glyph (which now looks the same as the wireless network icon in Mac OS and on most smartphones if you’re connected to a wireless network, looks like a monitor with a little antenna sticking up next to it if you’re connected to a wired network, or looks like a wire representation of a globe if you’re not connected to a network). For me, at least, this is not intuitive, and when connecting to a new wireless network, I often find myself staring at the Quick Settings Menu, as I try to remember what I’m supposed to do next. In any case, once you click on the “>” button, you can finally click on the desired wireless network and enter the password for it.

The other icons that appear on my Quick Settings menu, shown above, are the default icons, as I haven’t changed them. They are: Bluetooth (“C1L” happens to be the name of my Bluetooth earbuds, which I am using right now as I type this), VPN, Airplane Mode, Focus Assist, Night Light, (screen) Brightness, Audio Volume, Power settings (the battery), Quick Settings Menu Settings (the pencil) and Windows Settings (the gear). But the nice thing about the Quick Settings menu is that you can change what appears on the Quick Menu. A little bit. So, I’ll go ahead and click the pencil glyph so you can see whyI haven’t changed my Quick Settings menu.

The buttons shown in the upper part of the Quick Settings Menu can now be removed, by clicking on the crossed-out pushpin in each button’s upper right corner, and even rearranged, just as you can rearrange pinned icons on the Start Menu. But rearranging these buttons is of limited value, because there just aren’t that many of them, and rearranging them here has no impact beyond how they appear on the Quick Settings Menu. The ability to rearrange the buttons would be of more value if you could add more buttons. Well, in fact, you can add more buttons; just click the + Add button at the bottom:

This is the list of additional buttons you can add to the Quick Settings Menu. As you can see, it’s not a long list, and the reason I haven’t added any buttons to my Quick Settings Menu is because I have no use for any of them. But each of them is potentially useful to somebody. If you have a use for any, then add away, and click the Done button when you’re finished.

Adding more buttons to the Quick Settings Menu will not change the glyphs that appear in the Notification Area in any way. But adding them will make the corresponding functions more convenient for you to get to — if you can remember to click on the Network, Volume or Power glyph in the Notification Area to get to them!

Next week, we’ll begin exploring the Quick Settings Menu buttons.

I received an interesting – and scammy – letter in the mail last month. It was from a company calling itself “United States Domain Authority” and, at first glance, appeared to be a reminder to renew my lebowitzit.com domain name. The letter was a slick job, liberally festooned with American flags on both sides of the letter, and even on the envelope and return envelope. (Apparently, when people see American flags, they’re supposed to drop all caution and common sense and just do what purports to be the patriotic thing, which, in this case, would be to pull out the checkbook and respond to the pitch.) Here is the letter for you to see:

(For those of you wondering, I did not blank out my company name or address because I purposely post those online. I only blanked out the data items that someone might, for whatever reason, use to respond to the ad in my name.)

So, how did I know this was a scam? The answer is that this is one of those situations in which knowing just a little bit about your own organization can save you, even if you don’t know a whole lot about what it takes to have an Internet presence. Specifically, I knew that my domain name wasn’t up for renewal, because I had just renewed it several weeks before the date on the letter.

That had me looking more carefully at the letter. The next thing that stuck out, other than those pervasive American flags, was the big, bold text in the upper right corner, which proclaim “MARKETING SERVICES”. A letter from my domain name registrar, were they to send me one, would not have such text. It would be focused on domain name renewal, which is what they would be all about. Before you think that the scammers are doing you a favor by clearly identifying their wares as “MARKETING SERVICES”, they aren’t. The reason that text is there is because it is a federal crime to use the United States Postal Service to perpetrate fraud, which is exactly what making a letter like this look like a domain name renewal notice is. So, they prominently label the letter as “MARKETING SERVICES”, and then design the rest of the letter to distract your eyes from that text. This is what’s known as covering one’s legal a**.

Recognizing the remaining clues that this letter isn’t what it appears to be requires at least a bit more technical knowledge. But that’s OK — that’s what we’re here to provide!

Let’s start with the name of the sender: United States Domain Authority. It’s fairly easy to do a web search and find out if they actually are a domain name registrar, but I can tell you that I know which companies handle most domain name registrations in the United States, and this company’s name didn’t sound familiar. I also happened to know it isn’t the name of my domain name registrar. And if you read carefully, you can see the letter discloses, in smaller print, and in the middle of a paragraph that’s easy to gloss over, that they admit that they aren’t a domain name registrar:

Next, we have the cost. There is no MSRP for domain name registrations, as far as I know. Prices vary from registrar to registrar, and also depend on the exact domain name you are registering. Registrations in certain top-level domains can be extremely expensive. But I knew from my past domain name renewals that $289 was very high for just one year.

In fact, all this letter is really selling me is an opportunity, if you can call it that, to have my domain name listed in some directory that I’ve never heard of. That’s a dubious value, to say the least, and certainly not worth $289. For all I know, all it would do is put me on a list for receiving more junk mail, which I can certainly do without. There’s even the possibility that the letter is from a company that’s just a front for collecting account information to be sold on the dark web. I honestly don’t know or care. I just thought it made for an interesting blog entry and subsequent denizen of my circular file.

Some of the work I do involves transferring data from one device to another. This includes computer storage drive upgrades, recovering data from non-working computers. getting data from PC to Mac or vice versa, and more. To do this, I have an array of USB devices of various types and capacities, including flash drives (also known as “thumb drives”, which is the equivalent of calling a facial tissue a “Kleenex”, or “pen drives”, a phrase that I believe originated in the UK, although I don’t know its etymology) and USB hard drives, as well as several devices that enable me to connect several different kinds of internal hard drives and solid state drives to a computer’s USB port.

I recently needed to replace my 1TB USB hard drive. A lot has changed since I purchased that 1TB USB hard drive, in terms of the per-gigabyte cost of storage and the technologies used to connect them. Mulling this over, I still rarely need drives larger than 1TB, but since most computers nowadays have at least one USB 3.x port, many also have the smaller, more versatile USB C ports, and data recovery tools that run outside of Windows have supported both of those connections for some time, I opted for a Crucial X6 SE USB 3/USB C Solid State Drive. I’ve had an opportunity to use it a couple of times now, and when plugged into a healthy computer that supports its fastest connection options, it can copy large amounts of data in blessedly short periods of time. (Of course, if the computer isn’t healthy or only supports a USB version older than 3.0, it will be limited to much slower speeds.) As a solid state drive, it’s also fairly impervious to drop damage, unlike my USB hard drives. And it’s compact and lightweight enough to have a permanent home in my laptop bag. It’s surely a fine addition to my toolkit.

Looking over my collection of USB drives, pictured above, offers a snapshot of how external storage has evolved over the last 15 years or so. Note that all of these drives cost $85 or so at the time they were purchased.

Starting from the top, I have a Western Digital My Passport 250GB model, official model number WD2500ME-01. This is a very old drive, purchased new sometime in 2007-2009, since all the manuals I can find for this line of drives mention support for Windows 98SE through Windows Vista. (Windows 7 came out in 2010.) It works well enough, but the conventional hard drive inside spins at only 5400 RPM, which is on the slow side for a hard drive, and its interface is USB 2.0. Between its relatively slow speed and small capacity, I only use it for small data transfers, and then only if my other drives are unavailable.

Second from the top is a unit that started out as an Iomega Prestige 500GB model. The reason it’s in a funny-colored case that says “acomdata” instead of “Iomega” is because I transplanted it into a 3rd party drive enclosure. Iomega, which was known for its innovative storage products in the 1990s, was no longer so innovative by 2012, when I bought this drive. They were selling relatively low-cost USB hard drives, though, which is mainly what attracted me to this model. I hadn’t owned it for six months when its mini-USB port broke. Since it was still under warranty, I sent it in for warranty service, finding out in the process that Iomega had been acquired by Lenovo, which fulfilled my warranty. Alas, the mini-USB port on the drive I got back didn’t last any longer than the first one did. At that point, I could still have sent it in for yet another warranty repair or replacement, but a quick look on Amazon.com told me that I could get a 3rd party enclosure for the drive for about what it would cost me to send the drive back to Lenovo again. I gambled that the mini-USB port on the 3rd party enclosure would last longer than the one on another Prestige drive would. That gamble paid off, and the drive still works fine. However, like the WD My Passport drive, it doesn’t get used often anymore, because while its capacity is more in line with what I need for data transfers, its USB 2.0 interface makes it quite slow, although not as slow as the My Passport drive.

The third drive from the top is a Seagate Expansion 1TB USB hard drive. I bought it in 2017 or 2018, and it’s the drive I’ve been using most often, because its USB 3.0 interface makes it much faster than the WD My Passport and the Iomega Prestige. I actually used to have two of these, but one was ruined when I dropped it on the floor accidentally. Unlike the My Passport and the Prestige drives, whose drives could theoretically be replaced with off-the-shelf hard drives or solid state drives, the Seagate Expansion uses a specially-made hard drive with a USB circuit board instead of a conventional SATA board. This meant there was nothing I could do but recycle the whole thing. This is the drive that’s being replaced.

Finally, at the bottom, we have my brand new Crucial X6 SE. The solid state drive inside it is many times faster than the conventional hard drive in the Seagate Expansion, and when plugged into a computer with a USB C port (or a USB 3.2 Type A port), it supports data transfers of up to 800MB/sec. Its real-world maximum speed is probably closer to 500MB/sec, but that would still make it three times as fast as the Seagate Expansion drive it replaced. (Despite USB 3.0’s theoretical top speed of 625MB/sec, I’ve never seen the Seagate Expansion copy faster than 175MB/sec, and it rarely exceeds 130MB/sec.) That means it’s far better for moving data to and from modern computers with very fast NVMe solid state drives.

It’s always interesting to see how technologies evolve over time!