My Best Teaching Is One-on-One

一対一が僕のベスト

Of course, I team teach and do special lessons, etc.

当然、先生方と共同レッスンも、特別レッスンの指導もします。

But my best work in the classroom is after the lesson is over --
going one-on-one,
helping individual students with their assignments.

しかし、僕の一番意味あると思っている仕事は、講義が終わってから、
一対一と
個人的にその課題の勉強を応援することです。

It's kind of like with computer programs, walking the client through hands-on.
The job isn't really done until the customer is using the program.

まあ、コンピュータプログラムにすると、得意先の方に出来上がった製品を体験させるようなことと思います。
役に立たない製品はまだ製品になっていないと同様です。

Sunday, August 16, 2020

Fake Account Activity Phishing (Was it really you?)

Lately, I've been seeing an increase in a certain type of social engineering -- aka, phishing for confirmation that my email address is live or phishing for passwords, etc.

Generally the subject line is something designed to cause you to feel alarmed:

Subj: SUSPICIOUS TWITTER ACCOUNT ACTIVITY

It might be more low key, though:
Subj: Confirmation request for Zoom password reset.

Of course, it could be Twitter, or it could be Google, Facebook, Pinterest, Line, Zoom, TikTok, Youtube, or any popular SNS service. Or a chat service like Discord. Or it could be an on-line merchant or delivery service -- Amazon, Kindle, Apple, eBay, DHL, FedEx, UPS, your country's post office, whatever. It might even be your country's tax or immigration agency.

It could be any service that operates on-line.

That is to say, it might claim to be any of the above or more. People can claim anything.

Here are some typical messages:

XYZ tried to log in to your Google account. Is this okay?
  • Ignore
  • Report

Or, similarly,

A login to Facebook was attempted from phone number 123-4567-8900.
  • This was me. it was safe.
  • This was not me. Report it.

 Or, in a slight variation,

Confirm your password reset for Pinterest.
  • Reset.
  • Do not reset.
If this was not you, you may safely ignore this message.

And this is kind of sneaky:

Click here to confirm unsubscribing from the PQR mailing list:
  • UNSUBSCRIBE ME NOW!
  • Please keep my subscription valid.
  • Report SPAM

And it could be for other things than password reset, like an order confirmation:

Please confirm your order for frozen pizza dough.
  • Yes, please send it.
  • No, I did not order it.

Or a delivery time confirmation:

You have requested delivery from Ebay user MNO between
10:00 and 12:00 this morning.
  • I can receive it then.
  • I can't receive it then, please reschedule me.

Of course, if you're not expecting these, you immediately suspect it's phishing. Don't you?

Maybe not the suspicious account activity?

Cardinal rule #1:

Always check the message headers.

Make sure the from: line has something reasonable. Random freemail accounts are not reasonable for this kind of message:

from: applecare_2349fasdfer43234@pink.freemail.com 

is clearly not an address Apple Care would use. Also, long to: long lists of people you don't know are red flags, even if your name and your e-mail server is in there:

to: jack.rees09@sannet.ne.jp,joel.rees52@sannet.ne.jp,
joel.ross12@sannet.ne.jp,jill.russet69@sannet.ne.jp,
janehaskel314@sannet.ne.jp,jody35@sannet.ne.jp,
james7734@sannet.ne.jp,...

Ask yourself, are you expecting some message related to this? If you do not participate in Pinterest and you get a message from them about your account, it almost certainly is not a valid message.

If you aren't sure, and you feel you need to be sure, you can always contact the claimed source by some other means. Find their phone number or e-mail in their website and contact them directly.

Never click a link in an e-mail message without a really good reason.


And there usually is no good reason. Live links in e-mail messages are just bad practice, even though almost everybody uses them now.

If necessary, you can right-click the link, use the context menu to copy it, and paste it into an empty text editor document so you can give the link the benefit of attention from your eyeballs.

Again, look for reasonable URLs. A message from Pinterest should not contain a URL for a free website server in China or Russia:

https://bot5773857734.serversrus.cn/asdkj324w34asd334/confirm-password

Is just not a link you should ever try to jump to, with a direct click or otherwise.

Again, go to the website in question using publicly known URLs to find somebody to ask, if it's important. If it's not important, ignore it.

People can claim anything. One of the first rules for protecting yourself is to doubt claims you have no reason to believe.

Another important rule is to do the hard part of the research yourself. Learn how to look at headers and the contents of URLs.

This post is not intended to teach you how to do the hard part, just putting out a heads-up:

Be careful what you click.\

2 comments:

  1. I always wonder what I clicked on that made my email available to scammers....phishers...

    ReplyDelete
    Replies
    1. They also try sequences of arbitrary usernames on known servers, hoping to hit real accounts and get replies.

      Delete

Courtesy is courteous.