A New Era

Est. Reading Time: 2 minutes

A new era is about to begin, at least in reference to this website. With 2020 now thankfully in the pages of history, I have decided on some radical changes to this site and my web presence.

First, and most importantly for those who actually read this and aren’t here just to spam the comment section, the address of this site is changing. The winsome “quietly passing by me” address is going away in favor of something leaner, quicker to type, and more…representative.

The new address will be QPB.one. That’s right, six little letters (and a period) will get you to the site. Way back when I first picked the “quietly passing by me” address, it was an opportunity to go on the cheap for my web domain. I cost a mere $0.99 for that domain the first year. Of course, it was twenty times as much when I renewed, but it had grown on me, so I kept it.

I liked the domain, it was quirky and fun, but I’ve recently been making changes in other parts of my digital life, so it was time for it to go. It will no longer get you to this page as of February 2021. The domain will probably disappear for a time, maybe to be picked up by some other blogger and author. Who knows?

I was going to go simple and just get the address “QPB.me”…until I saw the price. Apparently, that is a premium domain and the initial cost was $1000. Yep, you read that right, one thousand dollars. Being the budget conscious blogger that I am, I decided not just no, but #$%@ no. This led me to other potential TLDs (top level domains – i.e. .com, .org, etc.) and I came across the .one TLD. Cool. Now my quirky address could be nonspecific. Huh?

My previous address suggested that things or people “quietly passed by me”, but now with the nonspecific “one”, things could be passing by me OR they could be passing by the reader. I still wanted the much shorter “QPB” and guess what? It was available and at a bargain. I am now saving over $10 on domain costs a year, and that wasn’t an introductory price. It will cost the same next year when I renew. Cool.

Second, I am retiring the Security Is site and wrapping the one article I published there into the soon to be renamed QPB site. I have enough WordPress sites to maintain as it is and there is no real reason to put security stuff on its own site. I now have moved that article, added an InfoSec category to my category list, and will begin to use tags to more specifically denote what topics are being covered in a post. So you will see that the KINDLY article I moved here has been categorized as InfoSec and Technology, with a tag of “Social Engineering”. This should reduce my workload and make it easier for you to find my articles, because if you thought typing quietlypassingby.me was long, I’m sure you felt typing securityis.quietlypassingby.me was excruciating.

That’s it for now. Look for an article about my NaNoWriMo victory back in November in the next few days. I hope…

 

Featured Image: Photo by Mohamed Nohassi on Unsplash

The KINDLY Method of Appraising Email

Est. Reading Time: 3 minutes

I wanted to discuss a topic that everyone deals with at some point – email.

Specifically, how do I figure out if an email is valid? Have I really won millions of dollars from a  lottery in another country? Does the president of my company really need me to send a purchase order for thousands of dollars right now? Does a foreign diplomat really need my help transferring millions of dollars into my country? Emails that use these approaches seem outlandish and easy to spot as fake, but a surprising number of people fall for these tactics every day.

Fake emails, also known as spam (but this is actually a different kind of email, with a different goal), phishing, spear-phishing, social engineering and other colorful names are sent by the millions every day to people all over the world. Many are far more subtle than the ones listed above. How do you tell what is real and what is fake?

There are all kinds of red flags that I can talk about, and methods of determining the validity of emails have been floated by information security bloggers and writers for years, but I offer this method as a quick reality check. I call it the KINDLY method. It is geared mostly to English speaking recipients, as much of the logic used is based on American spelling, speaking, and writing constructs, but it can be used by non-English speakers as well. Here it is:

K – If the word “kindly” is used in the asking portion of the email, as in “to secure your account, kindly log in with your username and password”, this is the first red flag. No English speaking person routinely uses “kindly” in this fashion in either writing or speech. This same idea holds true for other words and phrases that seem idiosyncratic and out of place, regardless of the language used.

I – Incorrect grammar and spelling. If the emails contains poor grammar or incorrect spelling, especially if purports to be “official correspondence”, it is most likely spam. This is, believe it or not, intentional, and intended to weed out the security aware from the suckers. Regardless of this, it is a major red flag.

N – No association. If an email comes from a company you do not do business with, such as a bank at which you have no account, it is most likely either general spam or an attempt to steal your credentials. If you haven’t ordered a package, don’t click on the link in an email claiming it is from UPS and has your shipping information attached. More than likely, that attachment is full of malware that will install onto your computer and cause mayhem.

D – Desperate timing. Evil emailers all want to create a sense of urgency. If they can rush you into a decision to click on a link or open an attachment, they have succeeded. Our logic breaks down sometimes when presented with urgent, time sensitive issues, even if those issues are fake. If the email states the matter is urgent, or payments are due today, or they have tried multiple times to reach you, more than likely the email is fake.

L – Links/Lottery. The letter L pulls double duty in this process.

  • First, it stands for links. If an email has a link in it, you can almost always hover over the link (don’t click!) and see where it goes. If the email claims to be from Amazon, but the link goes to somewhere other than “amazon.com”, for example “amaz0n.com.ru’, a domain I just made up, but one that has some characteristics that should be pointed out. See how the “o” in the domain is actually a zero? Also, see that the domain seems to contain “amazon.com”, but doesn’t end at “.com”, but actually ends in “.ru”. Spammers, malware spreaders, and phishers all use tactics like this to make links appear to be valid upon first glance.
  • Second, L stands for lottery. The plain fact of the matter is that NO ONE wins a lottery they never entered and you generally can’t be randomly entered into a lottery. Those millions of dollars you (supposedly) won in some lottery in another country are not real, I guarantee it.

Y – Yelling. Common Internet standards suggest that using all capital letters in an email, text, or post of any kind constitutes yelling. If you receive an email that uses all capital letters, especially when referencing large sums of money that you either won, or are available to you, you can rest assured it is fake.

So that’s it. The KINDLY method of appraising the validity of an email.