Charles Tips – Halloween Spoofs

It’s Halloween time again so I thought I’d mention Halloween Spoofs! Well, actually email spoofing happens year round.

Halloween Spoof Ghost - Okay - Spoofing has nothing to do with Ghosts!!An example of spoofing is when emails are sent that are addressed from you (and maybe to you) but you didn’t send them. In that case your address has been “spoofed”.

Spammers and scammers alike do this. There are a couple reasons it’s done.

Sometimes it is malicious. Let’s say someone goes onto numerous websites to sign up for information as XYZ Company. So a ton of spam is sent to XYZ. XYZ finds itself barraged with email and phone spam – wasting lots of their time.

More often XYZ is spoofed to appear to be the sender of spam. Folks local to XYZ are more likely to open the spoofed emails. The spam really isn’t from XYZ – just made to look like it is. So recipients think XYZ is spamming them. They’re annoyed with XYZ and report them as spammers and complain and so on.

Fortunately, spoofing doesn’t account for most Internet issues. It just makes life miserable for XYZ – the target – for a while.

The good news is that usually spoofing usually only lasts a few days. The actual sending server is identified and blocked or shut down.

Always report these issues to your email administrator. Early intervention saves lots of headaches in the long term.

Charles Tips – An Email Contact is Essential

This week is a closely related follow up to last week’s article. As I mentioned then about a lack of a phone number, it seems like it would go without saying that a website trying to sell something should have an email contact someplace on it.

Last week I was referring to a web developer’s website with no telephone number or email address on it. Some developers put forms on their sites to try to get out of displaying an email address. The main issue with forms – besides the fact that form output is more often than not considered spam by many mail servers – is that people generally don’t want to fill them out. It’s much easier these days to click on an email link and send off an email saying exactly what you want to say. Of course you can speak it even more clearly but email may be the next best thing.

If you can’t find an email address to contact someone, my advice is to just move along to the next prospective web developer on your list. You want to deal with a web development company that makes it easy to be reached.

Charles Tips – The “Send me Bitcoin” Scam Continues

We had intended to continue weekly with our web developer checklist. However, this week we’re presenting this post because so many people are receiving these bogus scam messages trying to trick them into paying an extortion.

This scam we mentioned quite a while ago. It has continued to pick up steam – plowing its way through every part of the Internet. It IS a SCAM. Do NOT pay it. We’ve had numerous people contact us that they are receiving such messages.

Here is is below in English and Chinese:

ENGLISH

Hello there!

You may have noticed that I sent an email from your account.
This means I have full access to your device.

I have been watching it for a few months.
The truth is that you are infected with malware through an adult website you have visited.

If you are not familiar with this, I will explain.
I created high quality spyware. It allows me to gain full access and control over your device.
This means I can see everything on the screen, turn on the camera and microphone, but you don’t know.

I can also access all your contacts and all communications.

Why is your antivirus software not detecting malware?
Answer: My malware uses the driver, I update the signature every 4 hours so that your anti-virus software is silent.

I made a video showing how you can satisfy yourself in the left half of the screen, and in the right half you will see the video you watched.
One Key! All of your contacts in email and social networks will receive this video! Your life will change forever!
I can also post access to all email communications and messengers you use.

If you want to stop this ʌ
Transfer the $362 amount to my bitcoin address (if you don’t know how to do this, please write to Google: “Buy Bitcoin”).

My bitcoin address (BTC wallet) is: *********************************

After receiving the payment, I will delete the video and you will never hear my voice again.
I will give you 50 hours (more than 2 days) to pay.
I received a notification from this letter and the timer will work when you see the letter.

It doesn’t make sense to file a complaint somewhere because it can’t be tracked like my Bitcoin address.
I have not made any mistakes.

If I find that you shared this message with others, the video will be distributed immediately.

Good luck, goodbye!

CHINESE

你好!

您可能已经注意到,我从您的帐户发送了一封电子邮件。
这意味着我可以完全访问您的设备。

我已经看了好几个月了。
事实是,您通过您访问过的成人网站感染了恶意软件。

如果您对此不熟悉,我会解释。
我创建了高质量的间谍软件。 它允许我获得对您设备的完全访问权限和控制权。
这意味着我可以在屏幕上看到所有内容,打开相机和麦克风,但您不知道。

我也可以访问您的所有联系人和所有通信。

为什么您的防病毒软件没有检测到恶意软件?
回答::我的恶意软件使用驱动程序,我每4小时更新一次签名,以便您的防病毒软件无声。

我制作了一个视频,展示了你如何在屏幕的左半部分让自己满意,在右半部分,你会看到你观看的视频。
一键! 您在电子邮件和社交网络中的所有联系人都将收到此视频! 你的生活将永远改变!
我还可以发布您使用的所有电子邮件通信和信使的访问权限。

如果你想阻止这个ʌ
将362美元的金额转入我的比特币地址(如果您不知道如何做到这一点,请写信给Google:“购买比特币”)。

我的比特币地址(BTC钱包)是:**********************************

收到付款后,我将删除该视频,您将永远不会再听到我的声音。
我给你50个小时(超过2天)付款。
我收到了这封信的通知,当你看到这封信时,计时器会起作用。

在某处提交投诉没有意义,因为无法像我的比特币地址那样跟踪此电子邮件。
我没有犯任何错误。

如果我发现您与其他人分享了此消息,则视频将立即分发。

祝你好运,再见!

AND IT IS IN MANY OTHER LANGUAGES AS WELL!

Charles Tips – Been in business for 10+ years?

The Small Business Association said in March 2019 roughly 30% of businesses failed during their first two years of opening. At the five year mark about 50% failed. At ten years around 70% had failed.

Remember this is ALL businesses – not just web businesses. I’ve seen many go under in the years since 1998 when I started in this business. Usually that news comes from our new web clients – who don’t even know what happened to their past developers – they just became unreachable or unresponsive.

Obviously there is no sure thing – no guarantee – that any business is always going to be there. That being said, there are many things that measure the likelihood of success. Look at factors like five to nine employees versus few or none. Look at employee longevity. Look at how they get their business – through referrals versus constant advertising. Look at whether they have a handful of web clients versus many.

Don’t risk having someone handle your web presence who won’t be there for the duration. Common sense dictates that a company that’s been around over ten years with a team that does most of its business through referrals for many, many clients is going to be way more reliable for you in the long term.

Charles Tips – Web Developer Checklist

It’s increasingly difficult sorting good companies from bad ones on the Internet. There are still ways to find the best, reliable web development companies. We’ve compiled this recommended checklist as a starting point. The order these are in isn’t necessarily important since ALL points are important!

Check to see if your web development company:

will ensure that YOU own your website when it’s paid for
is legitimately registered to do business within its State: NH MA ME VT
has been in business for at least 10 years
has several or more people
carries workman’s compensation on its employees
carries liability insurance
maintains a committed presence in networking groups
is accredited and has a good rating with the Better Business Bureau (https://BBB.org)
understands your community and reciprocates by referring business to you
has a phone contact where one can at least leave messages
has an email contact where one can send information
provides automatic site updates at no additional ongoing charge
backs up websites every night for at least a month
provides website encryption (SSL) at no additional ongoing charge
does not require hosting or domain contracts
does not overcharge you by selling sell inflated monthly maintenance plans
provides partial hour web work billing (9 minutes work charged 9/60 of hourly rate)
can respond to most maintenance requests in 3-4 days
has general familiarity with trademark and copyright issues
is proficient with WordPress through experience and training

Over upcoming weeks check here for details about each. Contact us with any questions, we exist to serve you!

Charles Tips – Checking Web Content

Whether face to face or on the web, there’s only one chance to make a first impression. This short checklist contains “must haves” for a website. It’s unbelievable to leave them off a website. We’ve seen web developers as well as web do-it-yourselfers not provide the following.

Phone number – You’ve lost credibility right away if there is no phone number. Many people – yes even today – understand that talking actually accomplishes more faster.

Contact email – We recommend posting an email address. Some use forms keeping email hidden. Forms are easily “spammed” making more work.

Business location – Tell visitors at least what city you’re in. Customers wanting to deal locally appreciate this.

Hours of operation – Whether you expect foot traffic or take appointments, there’s nothing worse than guessing whether you’re open or not.

Who to deal with – Let visitors know who they can deal with. Staff shrouded in anonymity don’t appear helpful.

Aesthetics – Websites should appear clear and organized. Visitors expect some things in certain places – like navigation. Make it easy find items/topics and get around the site.

Website success happens by building visitors’ confidence in your business. Providing as much information as possible will help immensely with this process. Contact your web services provider for assistance. They, just like we at CharlesWorks, should be there to help.

Charles Tips – Email Update Scam

Last week I wrote about possible dangers of “FREE” offerings.

While verbiage varies, the end result is the same if you follow their link: headaches of an unimaginable magnitude for you!

Here’s an example of many I see each day in our company emails:
____________________________________________
Dear  charles@charlesworks.com ,

Your mailbox quota is full.
This may cause your mailbox to be disabled or you may no longer be able to receive more emails

to continue using your mailbox. You will need to upgrade your mailbox quota immediately. This service is free.

 Re-update your account 

Note: Failure to update your account might lead to permanent deactivation of your account.

Thanks,
The Security team. 2019

____________________________________________

Clicking lands you on an extremely convincing page. One wanting me to enter my email login information even had “© 2018 CharlesWorks” in it.

These work based on two principles: Offering the FREE “we’ll fix it” service and threat of imminent services loss. Together they convince you to bite. Especially that sense of urgency! Remember the world isn’t going to halt if you don’t act right away – it can wait until you deal with it properly.

Companies don’t have you “verify” your email account this way. If anything seems fishy concerning your email, call your email provider and ask for assistance. That’s what you pay them for!

Charles Tips – SSL hype

Let’s broach the topic of SSL (Secure Socket Layers) and their importance on the web.

Using SSL is like sending certified mail through the post office. Mailing certified letters requires a signature by the receiver. The sender knows it got to the right place. SSL is instantaneous!

SSL is a security protocol (specified way of doing things) that helps guarantee that the browser you are typing information into is actually connecting with the website you believe you are connected to. This is extremely important when doing online banking, sharing private or personal information, or using your credit card. SSL is important regardless of the device (phone-tablet-laptop-computer) you’re using.

Besides ensuring you’re reaching the correct destination, SSL is MOST important when using devices through public WiFi (hotspots). They can be “snooped” by hackers. “Snooped” means hackers can sit in a parking lot near a place with WiFi and easily record all data communications happening. It is a hacker’s gold mine for people not security conscious.

Businesses expect to pay roughly $70-$199/year plus installation for SSL on a website. At CharlesWorks, it’s part of the hosting – with NO additional ongoing charges.

SSL is important! Feel free to contact us for more information.

Charles Tips – Email Extortions

With 20+ years in the web business, scams and schemes to steal from people still amaze me.

Several web clients have made me aware of a scam to frighten them into making a bitcoin payment.

They’re from addresses like “Anonymous Hacker” or even your own email. Subjects are “You have been hacked” or similar. They gloat they’ve infected you through some (usually unsavory) site you visited. They explain how they did it in terms most folks don’t understand – making you think they are really an expert – and frighten you into believing they’re monitoring your computer.

They threaten to send very personal items and even videos of you to everyone you know unless you comply with the demand within some short time period. They warn if you report them, they’ll distribute the “dirt” on you immediately.

We try to force these messages to spam on our servers. Sometimes they get through. We reassure several people each week they are a scam because they usually are.

However, devices DO get hacked. If you truly believe you’ve been hacked, you should see your IT person or someone who specializes in “cleaning” computers ASAP. We can recommend folks who can help.

Charles Tips – Email Etiquette

We’ve gone off the deep end attempting to communicate entirely via email. Are we saying what we mean so say?

The “Subject:” should reflect the current content – especially in replies where the original idea has changed.

To ensure questions are responded to, keep the message simple and stick to expecting one answer about one question. People generally do not answer multiple questions.

Use a courteous greeting and closing. Email does NOT have voice inflection. Words appear demanding when you USE ALL CAPITAL LETTERS or numerous exclamation points – or terse when you treat email like text messages.

Including the previous message helps recipients understand your response. Generalities cause confusion and unnecessary back and forths.

It’s polite to include a “signature” with your name, your affiliation, your phone number and perhaps your address to enable easy followup.

Attachments are not meant to blast information to many. A giant file to a huge group is wasteful and rude. Large emails over phones is frustrating.

Messages requiring immediate attention are best dealt with via phone calls. Don’t assume people check email constantly.

Check the recipients list. Replying to ALL sends to ALL recipients. It might be shared with unexpected recipients.

Be careful what your message contains!

Charles Tips – Review your Website

Customers want specific info about products and services. If there have been no changes since your website launched, they’ll look somewhere else.

New info triggers search engines to re-scan your website and index it according to what it sees as current and popular, relative to other websites in your industry. Distinctive and useful content helps the search engines recognize what your site is about. Posting new content on a regular basis gives the search engines a reason to scan your site more often.

Updating depends on your industry and who your competition is. The important thing is to review your site on a regular basis. We recommend a website review at least once a month.

Ensure your contact information up to date – nothing is worse than nonworking phone numbers or wrong hours. Your navigation hyperlinks all need to work as well. Good testimonials are an absolute plus. Noteworthy news posted can also help broadcasting your latest and greatest developments.

If you’re website doesn’t allow you to easily change the text in it, you should consider updating to one that will.

Keeping your website material up to date will help keep your current clients as well as add new ones.

Charles Tips – Email Security

Compromised email can be an important component of identity theft. People take much of today’s electronic communications for granted.

Think about what’s connected to your email accounts – activities like shopping and even online banking to name a couple. Hackers getting into your email can give them an open doorway into many aspects of your financial and personal life. The losses incurred through compromised email can be enormous.

Good security practices are great deterrents. Start by using strong passwords to mitigate such losses.

Wireless connections can be “sniffed”, meaning hackers can wait nearby and record the information being sent and received over the connection.

Always access your email using encryption. Encryption makes it close to impossible to decode the wireless traffic. With email clients like Outlook, Thunderbird, Apple Mail or even a mail apps on phones, make sure encryption is turned on. With webmail through web browsers be careful to access it using https:// to ensure an encrypted email server connection.

Free wireless hotspots are a haven for hackers. You are pretty safe as long as you are using encrypted connections.

If you don’t understand how to set up and use encryption, call your web hosting, email or device provider for help. Don’t risk potential losses.

Charles Tips – Spam

We get many questions about spam (Junk E-mail). Spam clutters up your email. It’s also used to deliver online scams and malware/viruses.

A common question is “Any idea of why I’m seeing spam emails in my Inbox?” Spammers most likely got your email address from your friends or acquaintances – people you know and correspond with – whose computers or phones were compromised. Their contact lists get added to the spammers lists. Spammers also get emails from when we purchase online and from finding email addresses on websites.

Spam is difficult to avoid. One way to handle it is to hit the delete key. That’s much the same as just throwing junk mail away that’s delivered by the mail carrier.

However, spam email can be filtered. The good news is that better than 98% can be filtered into a junk email folder.

One filtering problem is determining which are actually spam – Home Depot, Lowe’s, Staples or other vendors are spam to many and not spam to others. Good mail servers allow users to “mark” items as not spam in that case.

There are numerous email servers that behave in just as many ways handling spam. If spam is an issue, check with your email provider about your options for handling it.

Charles Oropallo (Charles@CharlesWorks.com) started CharlesWorks in Peterborough NH in 1998. His team does website design, hosting, search engine optimization (SEO) and related web services.

Charles Tips – Passwords

In keeping with the basics, a common issue we see at CharlesWorks involving our web clients in general has to do with passwords.

A trick to remember with passwords is to keep them simple yet complex and different enough so they aren’t easily guessed. A very good way to have a secure password is to use words or combinations of words that mean something to you but not anyone else. It’s also more secure if you use a capital letter where one would not normally be expected. Here’s an example of making a typical word into a secure word just by changing which Letters within the word are capitalized:
PeteRborOugh

Or you could go a step further by using numbers in place of some of the letters so you have both numbers and capital letters:
Pet8Rbor0ugh

To really beef up security, in this example we’ll make it 2 words separated by a hyphen or a number:
hEll064bYe

Using a couple words in this manner will pass the security requirements for many systems. You can use a couple words that you can remember and therefore don’t have to write down anywhere.

Needless to say, post-its on your monitor should be avoided. Hopefully this CharlesWorks tip will help get you away from that habit!

Charles Oropallo (Charles@CharlesWorks.com) started CharlesWorks in Peterborough NH in 1998. His team does website design, hosting, search engine optimization (SEO) and related web services.

Charles Tips – Introduction

Welcome to The Web Corner!

Charles Oropallo, CharlesWorks founder, Peterborough NH
Charles Oropallo, who owns and founded CharlesWorks in 1998 in Peterborough NH

Charles Oropallo from CharlesWorks in Peterborough NH will be bringing you articles on popular web topics with helpful hints. Most are simple, some are for the more experienced. All should be useful and educational. We will address:

    • Passwords with our focus on making them secure – yet easy to remember.
    • Common Internet scam information about domain name renewals to perhaps save you a lot of grief going forward.
    • More Internet scam information about Directory Listing scams to again save you a lot of grief.
    • SEO (Search Engine Optimization) in layman’s language and how it works.
    • Current web design products like WordPress – a free content management system for building websites.
    • Some information about spam and how you get onto those spammer’s lists.
    • Common myths and misconceptions about domain names aimed at helping you protect your online brand.
    • The ease (or not) of website self-maintenance for do-it-yourselfers.
    • The importance of shopping local and supporting your own community.
    • Things to know about email security on your phone or on your computer or on your tablet.
    • Website hosting and the advantages to local servers vs cloud storage.
    • The occasional pitfalls of having your friends help you with your web needs.
    • Reviewing your website now and then.
    • A little about email etiquette and things to avoid.
    • A common email extortion to ignore.
    • Secure Socket layers (SSL) and the surrounding hype.
    • Some tips and thoughts about choosing domain names.
    • Free counters and issues surrounding most “free” web stuff.
    • Info about a common “you need to update your email” scam.
    • A brief explanation of “the cloud” as applied to the Internet.
    • Social media – Facebook in particular – and how it relates to your web presence.
    • How long you have to get site visitor’s attention.
    • Who owns your domain and info about domain ownership.
    • Checking up on your web content and the minimum needed.
    • Checklist to help you find the best web developer.

And more! We’ll update this page over time with the topics we cover each week!

Lots to share!

Email us with questions/suggestions. Check back here at Charles Tips each week to see our weekly installments!

Charles Oropallo (Charles@CharlesWorks.com) started CharlesWorks in Peterborough NH in 1998. His team has performed website design, hosting, search engine optimization (SEO) and related web services for thousands of web clients on four continents.