Web scams rarely stand up to rational scrutiny. In the previous example, the "Inland Revenue Department" told me I was due for a tax refund. So why did I have to sign-in to my internet bank account? Since when did you have to do that so a third party could deposit money?

Similar thinking applies to our next scam, which came via an email from a relative's hacked Hotmail account. The brief message claimed my relly had just signed up for a way to make thousands of dollars a month from the internet. Why didn't I do the same?

Spotted the logical flaw yet?

Imagine you've figured out a way to make a lot of money from the internet -- legally. What would you do? Quietly get on with it, or build a website proclaiming your greatness and offering to sell your secret to others? Really, there's no logical reason to do the latter -- unless the selling of that "secret" is the way you intend to make money in the first place!

It's a bit like a man in a pub tellng you he has a proven, 100% guaranteed, foolproof way of making easy money. It requires very little work and no outlay. The full details are contained in this sealed envelope, yours for just $10. But don't open it till you get home because it really is a stunningly simple secret and we wouldn't want the whole world to find out.

It's only a tenner. So you pay your money, take the envelope home, open it up and find a note inside that says, "Copy out this piece of paper as many time as you like, seal them inside envelopes, and sell them like I sold you this."

It's the same with these websites. Trust me, if there really was a legitimate way to make gazillions out of the net with no effort, do you really think the likes of Bill Gates, Steve Jobs and Rupert Murdoch wouldn't utterly own it by now?


(Click for a larger view)

This particular page (still up at the time of writing) is particularly sneaky. At first glance it appears to be a genuine story from a large news site. There are links to other pages, to the weather, to other sections on the site, and even comments from readers -- not all of them wildly enthusiastic. Even the site's URL ...



...seems to fit the bill. Or at least until you start dragging your cursor around.

Just watch the Status Bar at the bottom of your browser as you run it over those links: Home, US, World, Politics, Entertainment ... they all point to the same page. And so does every other "link". This is virtually a one-page website! Well almost. Any of those links will lead you to further come-ons and inducements to sign up for the free trial offer ...



... which almost certainly involves a variation of "Just do what I did to you."

But there's one final giveaway that this is a scam. Move away from the page and you get this parting popup ...



Wow, a FREE trial offer at a "total cost of less than $5"???

[Exit, laughing.]

Posted by Geoff Palmer at 11:18 AM | Permalink | Comments ( 3 )

I'm getting sick of bullshit websites, so here's a quick guide to spotting them.

This week I received a breathless email from the Inland Revenue Dept saying I'm due for a tax refund. I checked the links and discovered that the IRD apparently operate from an email address in Germany and a website in Brazil, and that all they required was my internet banking ID and password. Huh? To give me a refund?

I also noticed the four banks I could access from their site -- the ANZ, ASB, KiwiBank and Westpac -- are also all run from the website in Brazil. Wow, who'd have guessed?

Scam, scam, scam. And it's easy to spot. Here's the email ...



Yes, it says it's from Inland Revenue, but look at the From line: m.boehm@freakmail.de. Alarm bell #1.

I only allow messages containing remote content from people I know, so that's prevented the IRD logo from displaying in the message. It's also triggered alarm bell #2 with a bold display of the actual source of that graphic.

Alarm bell #3 starts ringing just hovering the cursor over the Refund Me Now link because the status bar at the bottom of the window shows where this will actually take me ...



Yes, that ".br" means Brazil.

But let's pretend we're completely stupid, let's follow that link and see where it takes us.



Actually the web page is quite well done. Many of the ancilliary links point to real IRD pages, but there is that small matter of the actual address bar.



And hovering over the bank graphics shows they all lead to the same site too. Let's follow one.

Here's the bogus ASB signon page ...



... and here's the real one ...



Not much difference, but there are three critical warning signs. First off, the actual addresses;



Which one would you trust?

But most important is http / https difference. The latter signifies a secure sign-on via an encrypted channel. Firefox highlights these in green.



Never, ever, ever part with a banking signon that doesn't go via https. You might as well write your details on a Post-It note and stick it to your forehead.

If you're still in doubt, click on the VeriSign link. On the bogus site it does nothing. On the real site it brings up a valid site certificate ...



So there you have it. Spotting the scammers isn't difficult. In fact it can be fun. And don't forget to report them.

I'll have another bogus website in a day or two, but in the meantime if you receive a link to "news" story headlined


don't get too excited. It's just another scam.

Posted by Geoff Palmer at 10:39 AM | Permalink | Comments ( 3 )

It's one of the common Linux mistakes: forgetting to place the /home directory in a separate partition. It's not a critical failture, but it does give you a bit more safety and security. If the latest upgrade turns to custard or you accidentally trash something vital, you can simply reinstall the operating system knowing that all your user data, settings, etc. will remain untouched.

There's also a school of thought that says it means you can use the same user account when installing multiple distributions, but I'm a little hesitant here. Certainly you can use the same /home partition, but I'd suggest setting up different user accounts as there are sometimes subtle differences in program settings that don't translate well between different distros.


Making room
The first step is finding somewhere to put it, and that usually means adding a partition to the current drive. (That doesn't have to be the case of course. You could add it to a second drive, but you're still likely to want to partition the disk, so carry on.)

Obviously you can't repartition a drive you're currently working in so you'll need an appropriate bootable tool. For this I reccommend the System Rescue CD from www.sysresccd.org. I'll admit it's a little bit of overkill as it has tons more tools than just partitioning, but SysRescue is so useful I reckon it should be in everyone's toolbox.



Once you're into the GUI, start GParted from the menu and you'll get a screen like this.

OK, how much space do you give your new /home? That depends on you and the size of your hard disk, but as an indication, 70% of the 15GB I allocated to the / (root) partition on my main machine has been used (and I have lot installed!), so all the rest is /home. If it turns out you want more or less for any particular partition, changing things is just a SysRescue boot away.


Here I've resized the first partition and added a new /home.


Movin' it
Now we need to move the /home folder to it's new location. For this we'll use the command line so switch to SysRescue's Terminal.

Before we can do anything, we need to create mount points for the two partitions:  

mkdir /mnt/part1 /mnt/part2

and mount them  

mount /dev/sda1 /mnt/part1 mount /dev/sda2 /mnt/part2

Note that the /dev (short for "device") settings comes from GParted. Yours may be different!

If you now travel to the first mounted partition ...  

cd /mnt/part1

... and list its contents ...  

ls

... you should get a display like the following:

bin   cdrom  etc   homee       lib         media  opt   root  selinux  sys  boot  dev    home  initrd.img  lost+found  mnt    proc  sbin  srv      tmp

It's now simply a matter of copying the contents of the /home folder from one partition to the other:  

cp -av home /mnt/part2

Note that we're only copying the contents. The next step will mount and use that copy but if anything goes wrong, simply back out the next step and you'll be back where you were with a bootable disk.



Telling it where to go
There's one final step. We need to tell the root partition where the new /home partition now resides. We do this by editing root's file system table /etc/fstab. SysRescue has a built-in GUI editor called Geany so let's use that:  

geany /mnt/part1/etc/fstab

Add a line like the following:  

/dev/sda2 /home ext4 defaults 0 2

What does that all mean?
/dev/sda2 is the device name
/home is the mount point
ext4 is the partition type
defaults are mount options
0 is the dump frequency (disabled)
2 indicates the partition should be checked for errors at boot time after / (root) has been checked.

Save the file and we're done. Shut down SysRescue, reboot.

As a final check, run

df -h

to see where your filesystems are mounted 

Filesystem            Size  Used Avail Use% Mounted on /dev/sda1              15G  9.7G  4.1G  71% / /dev/sda2              97G 22.1G 75.6G  22% /home

Now enjoy your new /home!

Posted by Geoff Palmer at 7:24 AM | Permalink | Comments ( 2 )