Should I take the security protection offered after the most recent security breach?

//
What is the current status of a company that wants to offer security protection for your credit card purchase and your identity? Is it “Target” initiated?

Target, a retail chain in the United States, is the company whose security was breached recently in a fairly massive theft of account information from their customers. Unfortunately, this gets really complicated really quickly. Compromised companies like Target try to do the right thing for their customers, but of course there’s always somebody who wants to come along and take further advantage of the situation.

Read moreShould I take the security protection offered after the most recent security breach?

Why Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

//
Using Hotmail, now Outlook.com, and my address is “something” @hotmail.com. In the past two days, I’ve received several messages from my bankcard company: the first, an alert that a payment is due soon, and the second, an acknowledgement that payment has been scheduled. Each includes “Please enable HTML in the message text.” I have not done anything to disable HTML. Principally, I don’t know how and secondarily, I’d be afraid to find out the consequences if I did. Previous account-related messages from this company included the link to the card users login page. The current message does not have this link. Thinking that something may have accidentally come unhooked in my Hotmail settings, I looked in options for anything indicating how to enable HTML. Finding nothing, I went on the net and searched “Enable HTML Hotmail” and found Ask Leo! I’ve read through the topics here and searched “Enable HTML Hotmail Outlook” and found no answer. Messages from other sources contains links, none contained a request to enable HTML. Please advise what I’ve done and how can I undo it so I can easily attend to this credit card.

I don’t think you’ve done anything and I don’t think there’s anything to undo.

There are several reasons why this kind of thing can be happening. Most of them boil down to an improperly constructed email message on the part of the sender. In other words, it’s not you, but the sender.

Read moreWhy Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

Can I Rely on the URL Shown in the Browser’s Status Bar Being Accurate?

//
In a recent article, you said to only click links in email when you know the sender AND that they recently sent you a link. Your accompanying discussion and advice is excellent and very helpful. I have a further question for clarification. When I place my pointer over a link in an email or a web page, a URL shows up in the left end of the banner at the bottom of the screen. Can I be certain that this is the address that I will be sent to? In other words, can the bad guys disguise their actual undesirable URL with one that looks okay but still sends me somewhere else that I wouldn’t want to go?

Good question, but the answer is you can’t really trust the URL that appears in the status bar at the bottom of your email program or web browser.

There are several reasons why. Let’s talk about a couple of them.

Read moreCan I Rely on the URL Shown in the Browser’s Status Bar Being Accurate?

Should I back up if my machine is infected?

//
I try to be careful about opening my email, but there’s a hacker out there who has the names in my address book. He or she sends out emails that look like they come from people I know. Their email address doesn’t show up, so I can see the address is not correct, but some made up address. The title is something like “Look here” and the message is “Hello, excellent website!” with a name of the website. I opened it thinking that the email was from my son. I got two of these kinds of emails and one after the other before I got suspicious and realized that I’d been hacked. So far, nothing bad has happened. Now I’m afraid to do a backup because it might mean the importation of the virus into my external backup drive. Is my thinking about this correct?

It is and it isn’t.

When people think their machine is infected, I typically tell people to backup that machine. Yes, you are backing up a possible infection, but that’s actually okay. You’re never going to actually restore that infection simply because you know that it’s there.

So why backup?

Let’s walk through the scenario.

Read moreShould I back up if my machine is infected?

Why Does Legitimate Email from PayPal Instruct Me to Click a Link?

//
As you stated and I’ve preached to my own family, you should never click a link in an email that purports to be from PayPal – never. If there’s something that needs to be checked out, go to the PayPal site yourself by typing paypal.com in your browser’s address bar or clicking on your bookmark – never click on an emailed link to PayPal – got that? And yet my monthly email statement from PayPal includes a link to login! Why is PayPal practicing business in this manner? We both know that they know that they’re not ignorant of the risky behavior fostered.

You are 100% correct. I agree with you – I wish PayPal didn’t do this.

Now, I can postulate a few reasons why PayPal might choose to behave this way … but I still can’t really justify it.

Let me throw out a few of my ideas.

Read moreWhy Does Legitimate Email from PayPal Instruct Me to Click a Link?

Why Am I Getting (or Sending) Emails that Contain only a Link or Spam from My Contacts?

If you’re getting emails from a contact of yours that have either no subject line or one that doesn’t make sense and the message consists of a link to a site that you’ve never heard of…

Your contact’s email has likely been hacked.

If people are telling you that they’re getting these messages from you… well, you can guess what it means.

It’s your email account that’s likely been hacked into.

Read moreWhy Am I Getting (or Sending) Emails that Contain only a Link or Spam from My Contacts?