The B.C. number was published minutes after I posted this at 5pm, so I’ve just updated it… and it’s a good one, only 14 new cases. Great to see after yesterday’s spike… and although one day doesn’t make or break anything, that’s the direction we love to see.

Ontario’s growth continues to remain consistent, around 6% — which is a TTD of 12 days. Quebec is probably in a similar range, maybe less (ie better) — but is more volatile. They had a bit of a jump in today’s new cases, but that could be for many reasons. I’ll have a lot more to say about B.C. tomorrow after the modelling presentation… which you should watch, if you can… at 11am.

A couple of shoutouts while I’m here — to the staff and residents at the South Granville Park Lodge… my grandfather, who passed away many years ago… lived his last few years at that residence, and it was a peaceful and happy time, after a 94-year life full of extreme highs and lows. The staff was exemplary, and they unfortunately now find themselves a cluster of COVID-19 cases. I wish them all well.

And… a family friend in Montreal — who I’ve known my entire life… in fact, our families go back close to 80 years of knowing each other… 4 generations now… had been struggling in the ICU with COVID-19, on a ventilator for two weeks with a high fever that would come and go but never go away… well, as of this morning, I’m incredibly happy to report… no more fever and no more ventilator. He’s going to be ok, after a hellish 2-week nightmare. He is my age, my demographic, and at least as healthy as me. That struck very close to home… this thing is serious and this thing can hit anyone. But in this particular case, I probably can’t find the right words to express my relief. Whatever else, it’s been a great day.

And to radically shift gears, the rest of this post will serve as a bit of a public service announcement… these days, scammers, who may also be locked up in isolation, also need to make a living and are trying all sorts of new things, one of which is scary enough that a few people have reached out to me to ask if it’s for real.

You may have received an email where the subject line contains your password… and when I say your password, I mean some password you used somewhere, at some point in the past. And if it happens to be your current online banking password, that can indeed be really scary. I really hope that it’s not a password you use everywhere, because while things aren’t as scary as you think, you do have a bit of a hassle on your hands. But let’s break this down into little bits, and solve each piece of it.

  • how did they get my password and/or name and/or email address?
    – what else do they have?
    – how real is the threat?
    – what do I do?
    – what do I not do?First thing, relax. No matter how bad you think it is, it’s not.

    The email has your actual password, which is certainly enough to get your attention… and it then goes on to say that they’ve seized control of your computer and camera, have a complete log of you sitting in front of your computer doing whatever you do there, and a list of all the sites you’ve visited and all of your contacts. And unless you send them some amount of Bitcoin, they will send that video and list of websites to all of your contacts.

    Rest assured, nobody has taken control of your computer or your camera or your contacts or anything else. There is no video. It’s all complete bullshit. The scary aspect of your password sitting on the subject line means that somewhere, some site where you used that password got compromised… and if you use that password anywhere else, you really should change it… though I will point out that if it’s your “junk” password, it barely matters. I can assure you, some Bulgarian hacker has no interest in fiddling with your subscription preferences to “Turnip Harvester Weekly”. That being said, it’s always suggested you have unique passwords for everything, specifically for this reason — if some database gets hacked (which unfortunately happens more often than it should), that’s the only site and password-reset you have to worry about.

    Huge lists (with millions of names) exist for purchase on the DarkWeb where your name, email address and that associated hacked password are available. These lists sell for cheap, and anyone with some time and a bit of knowledge on how to merge a database with an email template can put together an email like the one you got, and send it to a million people. It is like casting a million little fishing lines into the ocean, and seeing what bites. Usually the email address it came from isn’t even valid, and the email will say — don’t bother trying to contact me. Or reply for proof that I have your contact lists. On that note, if it is valid, do not reply… because that might actually get you onto a list of “live ones”, which only means you’ll now be getting 10x the number of those scam emails in the future. And if you replied and if they did have a list of your contacts, again… relax… it didn’t come from your computer. At the end of all that, the scammer wants you to send some Bitcoin, and if you do, he’ll delete the video and leave you alone forever.

    So… they got your password from a hacked site. If you use that password anywhere important, go change it now. If they sent you a list of contacts to prove they know who you know… they probably got it from Facebook, which has an option that lets people find you via your email address. This is a security hole that everyone should adjust, because if they can find you on Facebook with your email address, and you have your friends list open to the world… then that’s how they know all these people you know. Fix that now… go to Facebook, under Settings, under Privacy… there is a section called “How People Find and Contact You” — settings for who can find you via your email and who can see your friends list and who can look you up via phone number. None of those should be set to “Everyone”. At worst, “Friends of Friends”. Just “Friends” is better. “Only me” might be best. That’s up to you, but lock it up so that random strangers can’t find you or your friends.

    The scammer wants you to send Bitcoin because it’s anonymous. Incidentally, if you need any further proof that this is all nonsense, consider that he’s sending the same Bitcoin wallet address to everyone. If you send him money, he actually has no way of knowing the money came from you. He’s hoping some of those one million little fishing lines will bite, and the Bitcoin wallet will just magically fill up from victims around the world.

    It’s always occurred to me that anyone who’s intelligent enough to be able to figure out how to purchase Bitcoin and then send it — probably wouldn’t fall for this in the first place. But that password thing is a little scary… so maybe it got you thinking in that direction. No worries.

    Summary of action items:
    – if you use that password anywhere, change it
    – review your Facebook settings as per above and adjust as needed
    – google your email address and see if that pops up any information you wouldn’t want out there
    – delete the email

… and stop worrying.


View Original Post and All Comments on Facebook