An Eclectic Mind

Don’t get fooled.

Today I got an e-mail message from American Express. It said, in part:

During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To American Express Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
American Express , Billing Department.

The type was tiny, which is probably why I didn’t notice the typos and spelling/grammar mistakes. Or perhaps I didn’t notice them because I’ve become so accustomed to skimming incoming mail rather than reading it.

The message looked official. It had the Amex logo and used their normal color schemes. But what really made it look genuine was the note near the bottom:

E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the American Express mentioned above can be accessed by typing https://www.americanexpress.com directly into your browser.

The hint that this wasn’t as legitimate as it seemed came when I pointed to the link to supposedly update my account information. The URL that appeared in a yellow box in my e-mail client consisted of an IP address followed by /home.americanexpress.com/.

Of course, the e-mail message wasn’t real. When I typed http://www.americanexpress.com/ into my Web browser and logged into my account, there was no indication of any problem.

Phishing, Defined

Wikipedia, everyone’s favorite online encyclopedia, defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one.

My spam protection software is very good at weeding out phishing attempt messages, so I rarely see them. This one almost fooled me. If I’d been suckered in like so many probably were today, I would have clicked the link and entered my American Express login information in the screen that appeared. That information would have been captured in the phishing net and used to access my American Express account online.

It Isn’t PayPal

One of the Web sites I maintain is for a friend of mine who makes and sells helicopter ground handling wheels: HelicopterWheels.com. He’s an older guy who’s only been using computers for a few years. When I set up the original site, he asked me to set up online ordering. I’ll be the first to admit that I know little about setting up ecommerce solutions. So I set him up with the easiest and most secure method of accepting payments that I knew: PayPal.

Now PayPal has a bad reputation with some folks and I’m really not interested in hearing reader complaints about it. I use PayPal for my online ordering needs and although it isn’t a perfect solution, it does work and it seems safe enough to me.

Unfortunately, my friend received an e-mail message telling him that he had to verify some PayPal settings. The message was a phishing scam and my friend fell for it. He got hit for a bunch of money — which I’m not sure if he recovered. He immediately blamed PayPal and had me take the Buy Now buttons off his site.

I felt bad for him. After all, I’d recommended PayPal. But I’m also not the kind of person who gets sucked in by phishing schemes. I assumed he wasn’t either. I was wrong.

Don’t Get Caught

So here’s the only rule you need to prevent yourself from becoming the victim of a phishing scam:

Never click a link in any e-mail message.

If you get a message from your bank or credit card company or PayPal or any other service that requires you to enter a user ID and password to access it, do not click any link in that message. Instead, go directly to the site by typing the URL into your browser’s Address bar or using a Bookmark/Favorite that you’ve already set up. If there is a legitimate problem with your account that requires your attention, you’ll find out after logging in the safe way.

Of course, there are plenty of clues that can help you identify phishing attempts:

• Messages not addressed to your name. For example, Dear Cardholder instead of Dear Maria Langer.
• Typographical, spelling, and grammar errors in the e-mail message. Do you think American Express would spell regularly wrong?
• Messages sent to an e-mail address that you did not register with the organization supposedly sending the e-mail message to you. For example, the message I got today was sent to my Flying M Air e-mail account, which is not on file with American Express.
• URLs that point to IP addresses rather than recognizable domain names. For example, http://35.32.185.43/account rather than http://www.americanexpress.com/account.

But you don’t have to worry about any of this. Just follow the golden rule listed above. Here it is again, in case you’ve forgotten: Never click a link in any e-mail message.

If you follow this rule, you should stay safe from phishing schemes.

Got a story to share? Use the Comments link or form for this post to speak your piece.

Call Me a Geek computers, credit, fraud, spam, Wikiedia

Too funny to not share.

Thanks to @jebro on Twitter for the link.

Call Me a Geek, For Laughs, Multimedia humor, videos, Windows

But Mike gets to use it first!

I’d treated myself to a new camera lens late last month. When I returned from Washington last week, it was waiting for me at home.

The lens is a Nikon 16-85mm f/3.5-5.6G AF-S DX ED VR Nikkor Wide Angle Telephoto Zoom Lens. It’ll replace the 18-55mm lens I bought on eBay last year — the same lens that crapped out on me about two months ago. (Another reason not to buy used camera equipment on eBay.) That lens was cheap and it felt cheap — lightweight and plasticky. This lens was costly and it has a weighty, quality feel to it.

But that’s not why I bought it. It was the Amazon reviews that convinced me. Although I’ll never rely on reviews there to buy a book — I’ve been burned before, in more ways than one — I find that reviews of camera equipment are generally fair and reliable. It’s easy to identify fanboys and people with a gripe against the company. Weed those out and you can get some solid opinions of the products. In this case, just about all owners liked the lens.

But it was comments like these that sold me:

I have both the 18-135 and the 18-200, yet this lens has become my everyday go to lens for most of my photography. …Given the great sharpness (especially in the 16-50mm range), VR, and almost total lack of noticeable CAs, I can highly recommend the 16-85 for a general purpose, on-the-camera-all-the-time lens. - D80Shooter

I think 16-85mm VR and 70-300 VR lenses is probably all amateur like me needs, with light and compact 16-85mm VR lens mounted on camera most of the time. - Alex

This is how I was using the 18-55mm lens — as an everyday lens. This one promised more flexibility with better optics.

Of course, when I got back to Wickenburg, I had just 3 days to do a ton of stuff. I didn’t have time to play with the lens other than to snap a few photos in the kitchen to check the focal length range. Photography would have to wait.

When we flew to Seattle on Friday, the new lens was in my camera bag with the rest of the camera equipment I take on the road. But with the back problems that have been slowing me down, I didn’t have time to do anything fun in Seattle, despite the fact that we had the whole day there. (I spent much of it sleeping off some painkillers.) The next morning, we began our helicopter flight from Seattle to Page. I was sitting up front, handling navigation while Louis flew. I had my hands full with directions for our scud-run south. I didn’t realize it at first, but Mike was sitting in back, snapping photos with the new lens. He continued to do so on both days of the flight and got quite a few good shots from the air. This photo, taken just outside of the Bryce Canyon area, is especially attractive to me because of the shadow created by the big, puffy, low clouds.

My photography was limited to shots taken on the ground, like this photo of my helicopter at the Spanish Fork, UT airport. Although the photo doesn’t seem too interesting in this low-res shot, it’s really impressive in full-resolution, with clear detail of the clouds — enhanced with the use of a circular polarizing filter on the camera (not in Photoshop) — and dramatic mountains in the background. I think it’s my new favorite picture of my helicopter.

I’ll be uploading the best photos from the flight to my gallery at Flying M Photos.

I’m in Page, AZ now, planning to spend the next month and a half flying tours around Lake Powell and Monument Valley. (You can learn more about my summer flying gigs on the Flying M Air Web site.) I’m also working hard this month to complete my 72nd book, which, unfortunately, I can’t talk about here. So while I’ll be very busy through August, I should have free time in September to go exploring. Antelope Canyon is less than 5 miles away and I expect to spend several mid-day sessions in Lower Antelope Canyon. There’s also an interesting rock formation called The Wave within 50 miles of here — not sure where yet — and if my back heals up, I’ll take a hike there. This new lens should be perfect for these tight locations, since it offers a really wide view without much distortion. (My fisheye lens can take some cool photos, but its a limited use lens.) I might also charter an airplane for some aerial photo work. Airplanes are extremely limited for this kind of work — helicopters are so much better — but it might be worthwhile to give it a try.

If you have a lens like this, I’d love to hear from you. Use the Comments link or form for this post to share your thoughts.

About the Photos, Call Me a Geek aerial, Bryce Canon, camera, Lake Powell, Nikon, photography

Initial thoughts about my new flight following solution.

My friend, Jim, is an Idaho-based R44 pilot with a company very similar to mine. He’s a single pilot Part 135 tour and charter operator who sometimes operates over very remote terrain.

Of Flight Plans and Flight Following

One of the challenges we face as charter operators is last-minute route changes requested by paying passengers. For example, suppose the passenger books a flight from Scottsdale to Sedona. I’m required by the FAA to file a flight plan that indicates my route so that if we don’t turn up in Sedona, they’ll know which way we went and can [hopefully] find us. But at times — sometimes after the flight is already under way — the passenger might say something like, “Can you follow the course of the Verde River to Camp Verde?” This is not the most direct route and it’s not likely to be the one I planned. But what do I do? Say no?

[The right answer is yes, say no. That's the answer the FAA wants to hear. But the FAA is not paying by the hour to conduct the flight. The FAA is not going to refer its friends to a friendly, accommodating pilot.]

The problem is, if I deviate from a route and something goes wrong, the search teams may not be looking for us anywhere near where we are. So they might not find us. And sure, I have an ELT (emergency locator transmitter) in my aircraft — even though it is not required by the FAA. But how well do those really work? It certainly didn’t help them find a pilot and his co-worker when they literally disappeared on a flight between Deer Valley in North Phoenix and Sedona nearly two years ago. They’re still missing.

And then there’s Steve Fossett. Or maybe I should have said, where’s Steve Fossett. They must have spent millions by now to find him and he’s still among the missing.

Airplane pilots and pilots flying in the flatlands of the midwest can request something called flight following from the flight service station (FSS). Flight following keeps you on radar so they pretty much always know where you are. The problem with helicopters is that we fly so darn low. Even if I flew up in nose bleed territory at, say, 1500 feet above ground level (AGL), the terrain in the area I fly is too mountainous to keep me on radar. I’d have to fly much higher to stay on radar. And if I’m going to be that high, I may as well fly a plane. So flight following is not a practical solution.

The True Geek’s Solution

Jim also flies in remote and often mountainous areas. And, like me, he’s a true gadget lover — someone who likes to fiddle with electronic toys. (I think he’s lusting for a POV.1 after seeing mine.) He was based in Chelan for cherry drying season and happened to see the SPOT Messenger displayed at the local Radio Shack. He went in and checked it out. Then he did more homework. Then he bought one and told me about it.

The SPOT Satellite Messenger is a personal location device. It’s about the size of my Palm Treo and, as you can see here, bright orange so it’s easy to…well, spot.

My understanding of the unit is that it combines GPS receiver technology with satellite transmitter technology. So you turn it on and it acquires its position via GPS. You can then use one of four different features, depending on the subscription plan you choose:

• The SPOT standard service plan, which costs $99/year, includes the following three features:
  • OK sends a text message or e-mail message to the phone numbers or e-mail addresses you specify. The message, which is customizable, tells the people on the list that you’re checking in OK and provides the GPS coordinates for your position. Those coordinates include a link that, when clicked, displays your position on Google Maps.
  • Help, is similar, but it sends a customizable help message to the people you specify. The idea here is that you need help and have no other way to contact someone who can help you.
  • 911 sends your GPS coordinates to the folks at the GEOS International Emergency Response Center, who, in turn, notify the appropriate emergency authorities. This is for real, life-threatening emergencies. The Response Center folks also contact, by phone, the two people you specify to notify them of the signal.
• The tracking upgrade option, which costs another $49/year, includes live tracking, which, when activated, sends you GPS position every 10 minutes or so to the SPOT folks. This information is visible to anyone who has been given access to a Share page you configure with or without a password.

Jim went with both plans. When I bought mine on Monday, I did the same.

First Thoughts

I’ve been playing with SPOT on and off since Tuesday morning. In general, I like it and I think it’ll do the job I intend to use it for — flight following on those long cross-country flights.

After configuring message recipients, I started out by sending a few OK messages. Although the marketing material makes it seem as if those messages are instantaneous, they’re not. After pushing the OK button, the unit will try for up to 20 minutes to send your OK location via satellite uplink. It’ll send the message 3 times, but only one message is forwarded to the people on your list. For experimental purposes, I made myself one of those people. I had to wait longer than 20 minutes to receive one or two of the messages. To be fair, part of the reason for that could be my location at the time — flying between Wenatchee and Seattle in mountainous terrain. (I don’t think my cell phone was receiving very well.) The delay is satisfactory, once you realize that it’s not an instant communication.

For obvious reasons, I have not used Help or 911 yet. Let’s hope I never have to.

I did set up tracking. It took several tries to turn it on properly. The unit does not have a screen, so you have to rely on understanding the blinking lights to know what it’s doing — if anything. Twice I thought I was enabling tracking, but discovered that all I did was send OK messages. Once, tracking was on and in trying to turn it on, I really turned it off. In all cases, it was operator error. Evidently, you cannot turn on tracking during the 20-minute period in which an OK message is being sent. Since both features use the same button, it’s pretty easy to do one thing instead of the other if you don’t pay attention to how long you hold down the darn button.

My husband complained that the messages he received did not include the date and time. We later realized that it was because he was not viewing the message on his phone; he was viewing its summary. (My husband is text message challenged.)

The e-mail version of the OK message is handy because of the link it includes. Click it and go right to Google Maps with the position clearly marked. Here are two examples. In the first one, we’re flying just to the east of Snowqualmie Pass over I-90. In the second one, we’re sitting on Pad 6 at Boeing Field in Seattle. These images are at two different magnifications. All GoogleMaps features work — it’s just the location put into GoogleMaps. My personal Messages page on the FindMeSpot.com Web site displays all points with the option of displaying any combination of them on Google Maps. It also enables me to download these points to a GPX or KML format file for use with a GPS receiver or GoogleEarth.

The Share page feature, which is still in beta, was not working when I first tried it. But it’s working now — and quite well! I set up a page that does not require a password so anyone could check in and see where I was when I was traveling with SPOT tracking turned on. Apparently, it only shows the past 24 hours of activity, so it you’re checking it now and there’s nothing going on, it’s because I’m not traveling with SPOT. But here’s what it looks like right now; as you can see, I spent a lot of time exploring Walla Walla, WA today:

A few things about this feature:

• The lines between the points (which, for some reason, are not showing up in the screenshot) do not represent tracks. I was in a truck today and did stay on roads.
• If the unit did not have a clear shot of the sky, the point that should have been recorded wasn’t. This wasn’t a problem today, since I had the unit sitting on the dashboard in the broiling sun — partially to see if heat would affect it. (It didn’t.)
• Clicking a point in the list on the left side “flashes” that point in the display. You can also click other controls to get more information.
• If you leave this page open, it will automatically update. So you can watch new points appear if you’re tracking someone. Way cool.

The URL for this feature is long and impossible to remember, so I created a custom URL using TinyURL: http://www.tinyurl.com/FindMaria. I invite you to try it for yourself.

Overall

My overall opinion is very positive. It will certainly give me peace of mind while flying in some of the remote desert locations I fly in. I think it’s worth the $150 unit cost plus annual subscriptions.

Even if something goes terribly wrong out there, I want to be found.

My next challenge: getting it to send OK messages to my Twitter account. Anyone have any ideas?

Call Me a Geek, Flying, Social Networking aviation, GPS, review, technology

How many updates can a person stand?

I’m off the Internet grid these days. Indeed, every single time I post to my blog, I’m doing so by connecting my MacBook Pro to the Internet through my Treo 700p’s Dial-Up Networking (DUN) feature.

This is not a fast connection. In fact, it can take over an hour to download a 30 MB file. When I need to do a real update, I have to find an Internet cafe with a fast connection. Or sit in my truck in front of a neighborhood home and use its connection.

So imagine my annoyance when Windows Vista on my Dell laptop popped up with this message today:

Are they kidding?

I just updated three days ago when I was fortunate enough to pick up the neighborhood connection in my trailer. Yet Microsoft has 67.1 MB more of “important” updates for me. That doesn’t count the 43 “optional” updates or the 2 “extras.”

No wonder the Internet connection at the local library is so slow. The five or six Windows PCs at the workstations there are probably spending all day every day downloading updates.

Call Me a Geek, Days in My Life software, Windows