COVID-19 Corona Virus and NHS Test and Trace

The COVID-19 Virus

The UK’s NHS today launched its COVID-19 “Test and Trace” system in England.

I have seen no discussion of fraud, but this system is an open invitation for scammers and fraudsters.

People will apparently get unexpected phone calls from NHS “Test and Trace” telling them they have been in contact with the COVID-19 infection, and they must immediately self-isolate for 14 days. The phone call will also ask for details of who they’ve been in contact with. It seems the “Test and Trace” system will use all sorts of methods – maybe including one’s use of credit cards – to track your movements and who you may have been in contact with.

RIPE FOR FRAUD

Scammers will exploit this. They have shown that they are more than willing to use fake emails (for example, pretending to be Microsoft, HMRC, the police, BT and so on) to get you to respond (or click on a link) to provide more details about yourself. They will then use these details – sometimes in very creative ways – to steal your money, get access to your emails (and thereby steal your money or get your relatives of friends to lose money) and so on.

Scammers and fraudsters are also very happy to use phone calls that start “This is Microsoft” or “This is Windows Support” or “This is BT” to involve you in a scam which will end up with you losing money.

NO WAY TO CHECK

So you can be sure scammers will soon start making phone calls that start “This is NHS Test and Trace” and end up costing you money, sometimes thousands of pounds. Banks (or credit card companies) don’t usually refund this money because “you were negligent in giving out confidential details”.

All far as I know, there is no way to check if a “Test and Trace” call is genuine. The government doesn’t seem to have thought of this. It’s not clear yet what information a genuine Test and Trace call will ask you for, or what you might believe, but it could quite feasible involve credit card details or other private information. And they might quite well say “it’s the law, you have to tell us” (which is isn’t, and you don’t).

HOWEVER, if you’re happy to tell them more-or-less public information like your credit or debit card numbers, your bank account number (it’s on every cheque you write, after all) or your email address, I wouldn’t tell them any security information. They don’t need to know any passwords, PINs, login details, “memorable data”, security answers, and so on.

BE CAREFUL

This is old advice: you shouldn’t click on links in emails, trust any website (unless you know how to check), or believe any email is from who it says it is. Emails that start “Hello” or “Dear Customer” are not being sent to you personally, so your account hasn’t been suspended, you haven’t won the lottery or become eligible for a refund or compensation.

So it’s the standard advice, nothing new, but a new opportunity for fraud. Fraudsters are clever, ingenious, resourceful, and convincing. Always be on your guard. Just as you don’t cross the road without looking, don’t trust something because it’s on your commuter, found by Google or “looked trustworthy”. Be suitably suspicious!

Replacing an old PC or laptop with a new PC or laptop

A lot of people seem to be replacing a Windows 7 PC (or laptop) with a new Windows 10 one, and for many people this may be the first time they’ve actually replaced a computer with a new one. Here’s some tips:

  1. Take advice on what to buy. Like having driving lessons, it’s important that the person giving the advice actually knows what they are talking about, and that their knowledge is reasonably up to date. This often rules out the sales assistant in the high-street shop (who are often selling a washing machine one minute and a PC the next) and the brother-in-law “who knows a bit about computers”. Some are very good (shop staff and brothers-in-law) but a lot aren’t, and it can be hard to know the difference.

    Too many people have told me they bought their laptop based on the colour or the screen size. Fine, but you wouldn’t buy a car based only on the colour or the radio, so you’re going to have to find out a bit more about computer jargon. In particular think about (a) processor – some are really slow – I’d got for at least an Intel Core i5 at time of writing (Feb 2020) and (b) memory or “RAM” – get at least 4GB, preferably 8GB and (c) storage or “disk” – the more the better. “SSD” storage is faster than “HDD” storage, but costs more. You probably need advice of whether it’s better to go for a smaller SSD or a larger HDD for about the same price, but in any case I’d want at least 128GB of SSD storage (preferably more for most people) or at least 1TB or HDD storage.

    After that, you can think about screen size, colour, etc. Many laptops no longer come with a CD or DVD drive – does this matter to you? (You could always buy an “external” one and plug it in. Same with 128GB of SSD storage – it this isn’t enough for you, you could always buy an “external HDD” and just plug it in to provide more storage. (Even so, I’d never have less than 128GB of SSD storage, although such laptops are readily available. Too little internal storage and you won’t even be able to do Windows updates.)
  2. Your data. This is stuff you’ve created or stored on the old PC (documents, photos, spreadsheets, presentations, maybe some mail items), and is personal to you – you can’t just buy it. Or it’s things like music, movies, and audiobooks that you’ve bought and downloaded.

    These can usually just be “copied across” to the new computer (although there can sometimes be problems with copyright material such as movies that you’ve bought).
  3. Programs. Some programs (or “apps”) are provided with Windows, some aren’t. The ones that aren’t might be free, or might need to be paid for.

    Programs can’t generally just be “copied across”, they have to be re-installed on the new computer. So let’s say you had a copy of Microsoft Office 2003 on your old computer. To get that on the new computer it will need to be re-installed, which raises a number of questions: do you still have the original DVD from which is was installed? Do you still have the “product key” that cam with it? Is the product key still valid? Does the new PC have a DVD reader? Does Office 2003 actually work on Windows 10 (the fact it worked on Windows 7 proves nothing).

    If it’s not possible to reinstall a specific program (and you still want it), you’ll have to buy a new version. So it’s probably time to replace Office 2003 with a later version. You could download Office 365 from Microsoft for a subscription of £60 per year, or maybe you could use something similar, but free. Something like Libre Office.

    A particular concern is mail. Some people do everything online these days, so their mail and messages is all on Facebook or Gmail, say. But many (usually older) people still use either a paid-for mail program (for example Outlook) or a free mail program such as Windows Live Mail or the Windows 10 “Mail” app. It may well be that the free mail program that you used on the old PC is not available on the new PC, so you make have to learn a new mail program, and – if you have years of stored mail – it may be necessary to copy mail, contacts, calendar, and to-do entries from one computer to another, and maybe import them into a different mail program. This can all be tricky, and is very dependent on individual circumstances.
  4. Hardware. You new PC will need to be attached to your broadband (usually easy if you know the wi-fi password) and any printers and scanners (etc) that you want to use. This can be tricker: such devices need a “driver” to work with Windows, and if your moving from Windows 7 to Windows 10, you’ll need a Windows 10 driver. For newer, reputable, models of printer such a driver will often be download automatically be Windows 10. But sometimes such a driver has to be downloaded manually (and there are websites out there that offer drivers for download that in fact contain a virus) or – especially if the printer is over about six years or from a less supportive manufacturer, such a driver may not exist (because the manufacturer hasn’t written one) in with case your old printer probably won’t work with Windows 10, ever though it did work with Windows 7.
  5. History. Stored passwords, autofill or suggestions when you start to type a website or email recipient, and a few other things depend on the computer’s memory of what you have previously typed. The new computer won’t initially have this memory, which surprises some people, but is will build up again over time, of course. The memory of some things can be copied across, but it’s tricky and not usually worth is. Stored passwords can be retrieved, but you should be keeping a secure record, of course. See my article on Password Managers.

Finally, it helps to understand that each of your type of data needs a particular program to view/play it. So your music file needs a music program to play it; your picture file needs a picture viewer to display it; your document needs a word processing program to show and edit it, and your spreadsheet needs a spreadsheet program to view and edit it.

One type of file can often be handled by different programs, and this especially seems to confuse people moving from Windows 7 to Windows 10. So take your picture files (often called “jpg” files): it may be you had your Windows 7 set up to use “Windows Photo Viewer” to display such files. Now, Windows 10 doesn’t include “Windows Photo Viewer” but it does include an app called “Photos” which will display .jpg files. But it’s a different program, so although your photo will look he same, to print it may be different that what you were used to with Windows Photo Viewer.

It’s the same with (say) music or spreadsheets. Just because you produced all you spreadsheets with Excel 2003 (part of Microsoft Office 2003) on Windows 7, doesn’t mean you have to use any version of Microsoft Office on Windows 10. You could use Libre Office (mentioned before), which is free and is well able to open, edit and save Excel 2003 spreadsheets. Or maybe you has iTunes to play music on your old PC: in many cases you don’t have to have iTunes on your new PC (although you could) – there are many other music programs which could play your music files (although some types of music files may contain “DRM” or Digital Rights Management which may prevent you playing (say) content you bought from Apple being played using non-Apple software. This was very unpopulat with users, though, and has largeley – although not completeley – died aout.)

All these problems are soluble, but it takes up-to-date knowledge. Personally, I don’t get on the the Microsoft “Photos” app that comes with Windows 10, so I use InfanView which is much better (and free), but has to be downloaded, it doesn’t come with Windows.

So, in summary, changing your computer is a bit like changing your car. There may be a few new things to learn – the windscreen wiper switch is on the other side – and some things may not be able to be carries forward – the old spare tyres you’d been hoarding may not fit the new wheels. More surprisingly, you may find that your favourite picnic hamper no longer fits in the boot of your new car.

But overall, once you’ve got used to the new car, and sorted out a few niggles, you’ve be glad you bought it. It’s nicer, smoother, more rust-resistant, and safer than the old one!

Good Password Practice

My customers are getting a lot of scam e-mails that say, in essence:

“I an a hacker and I know your password is tulip123. I have recorded you looking at porn. If you don’t send me £1,000 in the next 24 hours, I’ll send an embarrassing video of you to all your friends and contacts”.

In my example, the person getting the e-mail really does have a password of tulip123, so it’s all a bit worrying.

The e-mail is a try-on, of course: the “hacker” doesn’t have an embarrassing video of you. But how does he (or she, but I’ll use “he” here) know your password?

Well, he doesn’t. He’s not even a hacker; he’s most likely bought a list of e-mail addresses and password from somewhere, and is e-mailing each one to try to extort money. I guess it works, or at least the perpetrators think it will, because it’s very widespread.

Note he doesn’t say what password. Is he claiming he knows my mail password, my Amazon password, my PayPal password, my computer logon password, or what?

They’d all be different, right?

You can check if any of your passwords are for sale. Just put in your email address here. (I wouldn’t normally suggest putting your email address – and especially not a password – into a web page, but this one is well-known, has been around for a long time, and seems to be reputable. But as you’ll find, in the world of computer security, trusting the things are what they seem may be unwise.)

Here’s what I got:

As you can see, I’m on Linked In – and my email address and password (my credentials) were revealed in a “breach” that Linked In suffered in 2016. (I’ve since changed them.)

If I had used my Linked In password and e-mail address for, say, my Amazon account, anyone who had my LinkedIn credentials would also be able to log into my Amazon account. That’s why it’s very unwise to re-use passwords.

But what about the passwords themselves. I wonder how easy mine might be to guess? Well password-cracking programs exist, and they are pretty good. They are cleverer than you’d think – they start with common passwords – things like secret123 and welcome123 and pa55word – before going through all the combinations.

The same website that I mentioned above can also check all the passwords that have been revealed on the “dark web” and tell you how many times a password you are considering has been used and revealed. I tried tulip123:

And Tulip123:

And tuliP123:

So, here’s my four rules for passwords:

  1. Make each one different.
  2. Make them a random set of number, digits and symbols.
  3. Make them at least 12 characters long.
  4. Write them down in at least two places, and keep the list up to date.

All this means you’ll have to use a program to generate, store and back-up your passwords for you. Using a Password Manager is the only sensible way to handle passwords. I have an article on password managers here.

Finally, consider using Two-Factor Authentication (2FA) for important passwords. The most common form of 2FA sends a code to your mobile phone every time you log in from your computer, and you have to type in this code as part of the log in process. But don’t do this for mail if you use a mail program (sometimes called a mail client), for example Microsoft Outlook. In that case, see if your mail provider support the use of an Application Password when using a mail client. Gmail and G Suite do, but BT, Yahoo, Sky, TalkTalk and so on mostly don’t.

PS: When I ask people which is their most important password, they usually answer “the bank” or similar. In fact, it’s not: for most people, their mail password is their most important password. This is because once someone knows your mail password they can sit back and watch every mail item you receive (and possible every mail item you send). They can do this from their own computer anywhere in the world – they doesn’t need access to your computer. Now consider what happens if you forget the password to (say) you Amazon account … Amazon sends a link to your e-mail which will allow you to re-set your Amazon password. So anyone who knows your email password can probably change any other password to one they know.

Additionally, If someone else can read all your e-mails, consider what happens if you’re buying a house, say. The day before you are due to send your solicitor the deposit, you get an email from him/her (the solicitor, as you think) mentioning they have changed their bank, and would you send the money to their new account, as follows. It looks genuine, is signed in the normal way and with the right name, and has all the right logos, so you believe it … and lose you money. The person with your mail password saw you were about to send a large amount of money (by reading your email) and was able to see exactly how he or she had to make the fake e-mail look. He had a newly set-up account waiting (scammers often trick someone else into letting them use their account), you transferred the money to it, he transferred the money into Bitcoin and closed the account. No trace.

There are plenty of well-documented examples of this. Google found me these three, but there are plenty of others. Protect that email password!

How to avoid solicitor conveyancing email scam that costs house buyers

Property sellers warned not to email solicitors: ‘We lost £204,000’

More Reading

Articles

Password Cracking Evolution
Top Ten Password Cracking Techniques used by Hackers
Testing a Password Cracker

Password Strength Testers

These sites say they don’t store your passwords, or even send them over the Internet, but I haven’t checked them.

https://random-ize.com/how-long-to-hack-pass/
http://password-checker.online-domain-tools.com/
https://www.comparitech.com/privacy-security-tools/password-strength-test/

Windows 7 Ending?

Now January 14th has passed, people are seeing this:

You can click on “Don’t show me this again” to stop this coming up all the time.

Here’s a question from one of my customers:

I see that Windows 7 finishes in January, do you think it’s worth upgrading my computer to Windows 10? How much is the cost for this?

I am being asked this sort of question a lot recently. Here’s my answer.

When Microsoft ended support for Windows 7 on 14th Jan 2020, nothing particularly changed as far as most people were concerned. If it worked on Jan 13th, it still work on Jan 15th.

There are two implications though:

  1. Microsoft no longer has people working on Windows 7, so any problems that are found with it won’t be fixed. There is only one area where this matters – security flaws. If a security weakness is found in Windows 7 in the future, it won’t be fixed. Arguably, this makes Win 7 less secure as time passes, but personally I think the dangers are overstated. It’s ages since any security flaws were discovered in Win7, and anyway most home-PC attacks are not based on security flaws in the operating system, they are based on tricking the user.

  2. More importantly, other companies will stop testing new versions of their products on Windows 7, because if Microsoft has lost interest in it, they reckon they can too. So Sage 2021, for example, probably won’t be guaranteed to run on Windows 7. It may do, but Sage won’t guarantee that it will. So if you run any program that needs to be kept up to date, there’s no guarantee that this will be possible after 2020. For most people that doesn’t matter much – even if future versions of some program won’t work, the version they have now will still be fine.

    The problem eventually comes, for most people, with their browser – the thing they look at web pages with. Things like Chrome get regular updates to cope with fancy new websites. Over time, never versions of Chrome won’t work on Windows 7, and you might not be able to view some websites properly.

    You’d also have to find an anti-virus program where future updated versions will work under Windows 7, but that should be fairly easy, at least for a few years. I think Malwarebytes that I recommend will be OK.

All that takes ages to really become a problem – several years. So I’d say there’s no need to do anything for a year or two, but when the time comes to buy a new computer, it probably should use Windows 10. All new computers do, anyway.

It’s a bit like running an old car. I used to have a Saab, and then Saab went out of business. Nothing stopped me running the car, but
over time spare parts got harder to get (but not impossible). But after a while it didn’t meet new emission regulations (it was a diesel)
and they wanted to change me for driving into London (plus the congestion change) and higher road tax. So when the time came to
change it, I couldn’t buy another Saab anyway, but I bought a petrol car rather than another diesel. Same when they phased out 4-start petrol – nothing changed overnight, but over a few years we all changed to unleaded.

So it’s the same with Windows 7. No need to do anything for a couple of years, but when you buy your next PC, don’t expect it to be Windows 7.

Windows 10 is OK anyway, and much of it is better than Windows 7. It’s pretty similar to Windows 7, so (unlike with Windows 8) people usually get used to it reasonably quickly.

Log in to G Suite

G Suite is Google’s paid-for version of GMail. You can use your own domain name with it, so you can be paul1@pdoc.co.uk rather than something ending @gmail.com.

You log in exactly as you would with GMail. The process varies a bit depending on what you have been doing before. Start by going to the Google search page (for example http://google.co.uk) in a web browser, such as Chrome, Firefox, Safari, Edge, Internet Explorer or Opera.

The Google page will look like this (although on some days the “Google” lettering might look quite different, if Google is celebrating someone’s birthday etc). We’re interested in the bit at the top right, which I’ve circled in red:

If it looks like this (below), you are already logged in to GMail or G Suite (the little circle will contain your initials or a picture):

In this case, click on the circle, and either choose your account from the list or click on “Add Account”

If you click on “Add Account”, you will see this. Type in your G Suite email address:

Click “Next” to carry on logging in. You will be asked for a password (and in some situations a text message may be sent to your phone with a code you also have to type in).

If the bit at the top of the Google search page looked like this:

In this case, click on “Gmail”. You may be asked for your Google email address or you may be shown a list of addresses you have previously used, like this:

You see this if you have previously used a Google email address with this browser

In this case, if the email address you want to use is not shown, just click on “use another account” and type in your G Suite address, as before:

It’s a lot simpler than it sounds!

Sound not working?

If your sound has suddenly stopped working, and you’re running Windows 10 (version 1803) and received an automatic Microsoft update on or around 11th October 2018, Microsoft have a post about how to fix it here.

There’s also a rather more technical Reddit thread here which explains how to fix it from the Command prompt or a Powershell prompt (in either case it must be an admin-level prompt). Essentially, list the drivers with

pnputil /enum-drivers

and find the one that looks like this:

Original Name: intcaudiobus.inf
Provider Name: Intel(R) Corporation
Class Name: System devices
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Driver Version: 08/22/2018 09.21.00.3755
Signer Name: Microsoft Windows Hardware Compatibility Publisher

Note the “Published Name” – let’s say it’s this:

 Published Name: oemXXXX.inf

Finally, do this command, using the value you found instead of oemXXXX.inf:

pnputil /delete-driver oemXXXX.inf /uninstall

Sound should now work. No need to restart the PC.

This only affects PCs which use Intel High Definition Audio; by 12th October 2018 Microsoft had withdrawn the update, but if it has already been applied, it stays applied and your sound won’t work.

Password-protect a spreadsheet

It can be useful to protect an Excel spreadsheet with a password, for example before sending it by e-mail. Password-protected files are also encrypted, so there’s no way of seeing their contents without knowing the password.

You can do the same with Word documents. The process is virtually identical to that described below for Excel.  Access databases can also be password protected, although it’s a little more complicated (look for File | Info | Encrypt with Password).

Here are step-by-step instructions for putting a password on an Excel spreadsheet. Continue reading Password-protect a spreadsheet

Freeserve E-Mail to End

Anyone with an email address from Freeserve, Orange, or Wanadoo will find that it doesn’t work after 31st May 2017, and they won’t be able to access their account or send or receive emails.

Freeserve was bought by Orange years ago, and then Orange was bought by EE and now EE is part of BT. So the current owners have decided to shut down all the old email systems they have inherited.

Their explanation (and a full list of the affected email systems) is here.