Importance of Shredding for Security

How we handle security for our sensitive items at home is important. With all of our concern these days about our online security, secure disposal is often overlooked when it comes to home or office security.

Aurora AS1000X shredderI have been using an Aurora AS1000X that I purchased from Staples for many years now. I like to think of it as my “big boy” shredder. It is rated to do 10 sheets of paper at a time. It can be set to work automatically when paper (or a credit card) is inserted into the middle of the feed slot. It also has a “reverse” setting so it can be unjammed if it gets stuck. For safety, the slot is small enough to prevent nearly anyone’s fingers from entering it.

Paper credit card and bank statements and invoices received via mail that are simply thrown away can be a huge security risk. Anything that contains sufficient parts of your credit card or bank account numbers should be shredded or burnt (or both). Also, credit card companies often send those low interest offers in the form of checks that can be used against your credit card accounts. If these checks end up in the hands of the wrong person, you could be in for many headaches. All this can be easily avoided by shredding such items you do not intend to use.

In addition to paper items, most of us have credit cards we need to dispose of on occasion. When credit cards become expired, compromised or simply worn out and needing replacement, they need to be disposed of in a secure manner to avoid giving out the information on them. Just like with paper, shredding is my preferred way of disposing of old credit cards.

Made it through the shredder

That being said, I recently ran into an issue trying to shred an outdated shopping card issued by one of the large banks. Much to my dismay the card had passed through the shredder with the account number still readable. The card appears to be made of metal covered in plastic. In such a case, I had to use a metal shear to manually cut the card into pieces small enough to prevent the information from being ascertained from the card!

Bottom line is that your home office is incomplete if you are without a shredder. A good shredder can save you many headaches in the long run. Also, the output from your shredder makes excellent kindling for getting a fire going in your fireplace, wood stove or firepit! And as an added benefit, you can rest assured it the shredder output is truly unable to be reconstructed after burning.

Charles Tips – Adding Akismet comment spam protection

Akismet provides a convenient and free way to protect your personal WordPress site or blog from spam.

Many times we’d like to allow comments to be left on our WordPress site. The hassle with this can be the tremendous amounts of spam that come through the forms on websites.

Akismet is a compact WordPress plugin that filters the incoming comments. It is pretty straightforward to use and pretty easy to set up as well.

Install the Akismet plugin

The first step in this process is to ensure that the Akismet plugin is installed in your WordPress website:

      • Log into your WordPress website’s dashboard as an administrator
      • Click on Plugins in the left dashboard navigation column
      • Look and see if Akismet is listed – if it is – and it is not activated you can proceed to the Akismet Setup step below – otherwise
      • Click on Add New under Plugins in the dashboard navigation column
      • If you don’t see Akismet in the plugins, then in the text box to the right of the work Keyword in the row starting with Featured type in Akismet – then click on its Install Now button. Do not activate it yet.

Akismet Setup

To set up Akismet you will need an API code from the Akismet site. The first step in that process is to navigate to:
https://akismet.com/plans

This (as of the time of this writing) brings you to a page that should look similar to the screenshot below.

Akismet offering pricing page
Akismet offering pricing page

To get the free version of Akismet comment spam protection, you will need to click on the Get Personal button on the above page.

Once you’ve done that, you should see a page similar to the one below. Before attempting to fill out anything on this page, we need to set that $36 / YEAR to $0 / YEAR. Click on the $36 / YEAR box and drag it to the left.

Akismet Default $36 per year page
Akismet Default $36 per year page

Dragging that $36 / YEAR box to the left should change the page to display something like the one below showing 0$ / YEAR. You can also see that the information to fill in has changed.

Akismet $0 per year page
Akismet $0 per year page

Now fill in the information completely. Note that you need to be able to check all three checkboxes indicating the following:

      • you don’t have ads on your site
      • you don’t sell products/services on your site
      • you don’t promote a business on your site

If these are the case, then you will qualify for a free, personal plan.

All you have to do once you have gotten this far is follow the directions on the page below.

Akismet signup complete page
Akismet signup complete page

Finally, it is suggested that while on that settings page in Akismet, you can choose to show the number of approved comments beside each comment author and choose whether to show a privacy notice or not. Then just click the Save Changes button and you are on your way!

Charles Tips – PPP Pandemic Scams

The pandemic we are dealing with doesn’t always bring out the best in human nature. Such times are when scammers are more apt to take advantage of people. Many people are feeling anxious and helpless. Add economic issues and it’s clearly a recipe for depression and uncertainty.

Phishing
The bad guys are everywhere just waiting for you to click on their phishing traps!

Most small business owners have heard of PPP (Payroll Protection Program) loans. These are to help businesses stay alive and keep people employed during this pandemic. There are incredible numbers of scams involving PPP loans.

Most scams come through email. They also happen over the phone. Unbelievably, calls and email are great mediums for scammers. Emails trick people into loading viruses onto their computers. Both manipulate people into volunteering personal information! The result is identity fraud and/or account thefts.

Internet and telephone scams have one important factor in common: instill a sense of urgency in the mark. If the scammer can make you think you need to act on this right away, you probably will.

I suggest you:

1) Deal with bankers/lenders at respected institutions you actually know. Use the drive-through window if you must to set up an appointment.

2) Call your banker/lender if you get an email or phone call offering their help with the PPP loan – even if the email or phone call appears to be from a legitimate source.

3) Understand that emails and phone numbers can be spoofed – made to look like they’re from a legitimate source.

Be cautious and you won’t have to regret the unimaginable headaches that those who have suffered identity theft and other losses have experienced.

Charles Tips – Scamming Web Developers

Most of the articles I submit are to help the average web user or website owner learn a few web related tidbits. This one is geared toward web developers.

The scam asks about doing web development and whether it can be paid via credit card. It lets you know right away that they have a good budget to make the site. They also tell you they want it to be like a particular other site that you can check out to see what the project will entail.

Then the scam is presented – the scammer needs a favor. When you write back and ask what that favor is, here is a verbatim response I received:

“The favor i need from you is. i would give you my card info’s to charge for $7,700 plus credit card company charges, so $2,000 would be a down payment for my website design and the remaining $5,500 you would help me send it to the project consultant that has the text content and the logo for my website so once he has the $5,500 he would send the text content and logo needed for my website to you also the funds would be sent to him via Instant Transfer or Cashier Check into his account, sending of funds would be after funds clears into your account And also $200tip for your stress So i will be looking forward to read back from you. Thanks”

Then I indicate my credit card company doesn’t allow such transactions. I never hear from them again…

Most scams are built upon the greediness of the mark – purposely using poor grammar and presenting what looks like it’ll be a easy way to make some quick cash. That’s how they trick you out of your money. We all know the old saying: If it sounds too good to be true, it probably is.

Charles Tips – Another Domain Scam

Explained really simply, domain names are just pointers that convert recognizable words or characters to Internet addresses so we can view a website. Whenever a domain name is created, its creation date and expiration date are publicly available.

There are many domain scams out there. A rather common one I often see is where an unscrupulous company tries to overcharge you for your domain name and get control of it.

The main way they do this is by first scaring you into thinking you might lose your domain name because it is expiring. They do this by sending a carefully crafted letter to you through the postal service. The message appears at first glance to resemble an invoice convincing you to renew your domain name with them. These messages are very convincing.

Reading the “invoice” carefully actually reveals it states it is not an invoice – but in fact it is an “offer”. That statement is what keeps it “legal”. Amazingly, some of the companies that trick domain owners like this have been prohibited from operating in Canada after being legally challenged by the Canadian government.

My advice is to always check with your domain provider when presented with anything appearing to be a bill that appears suspicious. It will save you a lot of headaches going forward.

Charles Tips – Persistent Scammers

I’ve written several articles about specific scams that are occurring on a regular basis on the Internet. They seem to subside for a short time – a very short time – and then a wave of them happens again.

One of the worst – as far as I am concerned – are the ones where the email recipient is being told they must verify their email. These have some common traits with most Internet scams:

1) A sense of urgency – they want you to take care of this immediately

2) A time limit – they give you within 24 hours to act

3) A threat – they tell you your email will be locked.

The first thing you have to understand is that nearly everyone gets these on occasion. I have received them myself in which they are made to look like they are from CharlesWorks. So when our clients get these they tend to become very worried very quickly.

I can’t stress enough that most legitimate companies will not send out messages like these. To fall prey to these can be a real nightmare. With access to one’s email these days the bad guys can wreak havoc in one’s life. The worst cases are called identity theft!

Don’t be the unfortunate one who falls prey to these scammers. If you have been “notified” of something serious – call your provider up and speak with a representative. Just like at my company – it’s a lot easier for us to allay your fears than to have to try to clean up the mess that can happen with compromised accounts.

Charles Tips – Hosting Includes Encryption

Website visitor safety is extremely important. I’ve mentioned terms here before like SSL, encryption, security and so on. A padlock that shows with an encrypted site using https in some browsers.These involve that little green or grey lock in front of the web address in your browser. Clicking on that tells you whether the encryption is valid and what site it’s issued to.

Providing encryption was traditionally expensive for website operators. However, it can be had for free these days. There’s no reason not to have it.

Encryption refers to a method on website servers that helps ensure you are actually on the website you think you are on. This greatly reduces the risks of fraud.

Ripping you off is a top priority for many nefarious individuals and organizations on the web. One method is tricking you into giving your credit card or other personal information on a “fake” site or web page. These pages often look exactly like those of your bank’s or credit card company’s or even your email’s login pages.

There’s usually a small one-time charge for initial setup. Website owners should check with their hosting company or web developer to ensure website encryption (SSL) is included in their monthly hosting at no extra charge. If need be, it’s worthwhile to move to a company whose hosting provides this.

Charles Tips – Rampant Phishing

When working in the web world as I do, Internet scams appear to be everywhere.

Phishing is defined as the act of attempting to trick the recipient of a malicious email into opening and engaging with it.

It’s amazing how people fall for phishing scams. They fall for them mostly because the emails are designed to appear like the writer isn’t too bright. So immediately the recipient thinks they have the upper hand. Many count on the recipient’s greed – believing they’ll get something for nothing.

The bad guys that develop these schemes are experts. All they do is work scams – day and night. They wouldn’t continue if it didn’t pay off in the long run.

Phishing
Phishing – Will you bite?

I read someplace that billions of dollars annually are conned out of people through the various scams out there on the Internet. For the most part – I hate to say – they can’t be stopped. They are sent from all types of email addresses, all types of servers, from all over the world.

Bottom line is that you should keep deleting them. The best course of action is to stop responding to them and opening them. Report them as spam or report them as phishing attempts. Your email provider may provide insight with how to do this. They will ultimately stop coming.

Remember that if the bad guys can’t trick you into parting with your money they will focus on someone else – until they find someone who does. Just don’t be that someone.

Charles Tips – Nightly Website Backups

Your website is an important investment. Whether you made it yourself or paid to have a professional develop it for you – you wouldn’t want to lose it. We have taken on clients who were with the largest company in the world who lost their website because of having no backup. The terms for doing business with that company even state they are not responsible for the loss of the website.

Nightly Backup Server

I couldn’t imagine not backing sites up. Nowadays the technology is ever present to back everything up. In the not too distant past, hard drives were much more expensive than they are now. Hard drive space is extremely inexpensive nowadays – so there’s no excuse for a company to not make backups.

One third of today’s sites are on a platform called WordPress. Security updates happen often and changes can be readily made to WordPress sites – so they need backups at least every day. Whether there’s a server catastrophe or simply one of your employees blowing up your site while making changes – it can be recovered.

Definitely protect your website investment by hosting with a company that provides daily backups of your WordPress website every night for at least a month. That will avoid having to restart your website from scratch.

Charles Tips – The “Send me Bitcoin” Scam Continues

We had intended to continue weekly with our web developer checklist. However, this week we’re presenting this post because so many people are receiving these bogus scam messages trying to trick them into paying an extortion.

This scam we mentioned quite a while ago. It has continued to pick up steam – plowing its way through every part of the Internet. It IS a SCAM. Do NOT pay it. We’ve had numerous people contact us that they are receiving such messages.

Here is is below in English and Chinese:

ENGLISH

Hello there!

You may have noticed that I sent an email from your account.
This means I have full access to your device.

I have been watching it for a few months.
The truth is that you are infected with malware through an adult website you have visited.

If you are not familiar with this, I will explain.
I created high quality spyware. It allows me to gain full access and control over your device.
This means I can see everything on the screen, turn on the camera and microphone, but you don’t know.

I can also access all your contacts and all communications.

Why is your antivirus software not detecting malware?
Answer: My malware uses the driver, I update the signature every 4 hours so that your anti-virus software is silent.

I made a video showing how you can satisfy yourself in the left half of the screen, and in the right half you will see the video you watched.
One Key! All of your contacts in email and social networks will receive this video! Your life will change forever!
I can also post access to all email communications and messengers you use.

If you want to stop this ʌ
Transfer the $362 amount to my bitcoin address (if you don’t know how to do this, please write to Google: “Buy Bitcoin”).

My bitcoin address (BTC wallet) is: *********************************

After receiving the payment, I will delete the video and you will never hear my voice again.
I will give you 50 hours (more than 2 days) to pay.
I received a notification from this letter and the timer will work when you see the letter.

It doesn’t make sense to file a complaint somewhere because it can’t be tracked like my Bitcoin address.
I have not made any mistakes.

If I find that you shared this message with others, the video will be distributed immediately.

Good luck, goodbye!

CHINESE

你好!

您可能已经注意到,我从您的帐户发送了一封电子邮件。
这意味着我可以完全访问您的设备。

我已经看了好几个月了。
事实是,您通过您访问过的成人网站感染了恶意软件。

如果您对此不熟悉,我会解释。
我创建了高质量的间谍软件。 它允许我获得对您设备的完全访问权限和控制权。
这意味着我可以在屏幕上看到所有内容,打开相机和麦克风,但您不知道。

我也可以访问您的所有联系人和所有通信。

为什么您的防病毒软件没有检测到恶意软件?
回答::我的恶意软件使用驱动程序,我每4小时更新一次签名,以便您的防病毒软件无声。

我制作了一个视频,展示了你如何在屏幕的左半部分让自己满意,在右半部分,你会看到你观看的视频。
一键! 您在电子邮件和社交网络中的所有联系人都将收到此视频! 你的生活将永远改变!
我还可以发布您使用的所有电子邮件通信和信使的访问权限。

如果你想阻止这个ʌ
将362美元的金额转入我的比特币地址(如果您不知道如何做到这一点,请写信给Google:“购买比特币”)。

我的比特币地址(BTC钱包)是:**********************************

收到付款后,我将删除该视频,您将永远不会再听到我的声音。
我给你50个小时(超过2天)付款。
我收到了这封信的通知,当你看到这封信时,计时器会起作用。

在某处提交投诉没有意义,因为无法像我的比特币地址那样跟踪此电子邮件。
我没有犯任何错误。

如果我发现您与其他人分享了此消息,则视频将立即分发。

祝你好运,再见!

AND IT IS IN MANY OTHER LANGUAGES AS WELL!

Charles Tips – Been in business for 10+ years?

The Small Business Association said in March 2019 roughly 30% of businesses failed during their first two years of opening. At the five year mark about 50% failed. At ten years around 70% had failed.

Remember this is ALL businesses – not just web businesses. I’ve seen many go under in the years since 1998 when I started in this business. Usually that news comes from our new web clients – who don’t even know what happened to their past developers – they just became unreachable or unresponsive.

Obviously there is no sure thing – no guarantee – that any business is always going to be there. That being said, there are many things that measure the likelihood of success. Look at factors like five to nine employees versus few or none. Look at employee longevity. Look at how they get their business – through referrals versus constant advertising. Look at whether they have a handful of web clients versus many.

Don’t risk having someone handle your web presence who won’t be there for the duration. Common sense dictates that a company that’s been around over ten years with a team that does most of its business through referrals for many, many clients is going to be way more reliable for you in the long term.

Charles Tips – Do YOU own your website?

This is a question that, amazingly enough, not everyone thinks to ask. We have had a number of people who received poor service from their web services providers come to us. Imagine their surprise when they discover that they do not own their website!

Our philosophy is very simple – anything you’ve paid in full for – meaning there is no open balance on your account – is yours. Period. We really have no reason to want your website. We just want to be paid for work done, your domains and services rendered.

Unfortunately there are many unscrupulous people in the web business. They use their ownership of your content as a method to hold you hostage – forcing you to keep paying them. It’s an unfortunate reality on the web. We have never operated that way.

Just about as bad are the large companies that you can build your website at quickly ans easily. However, there is no way to move that website from them. Your site operates ONLY on their proprietary servers so can’t be moved elsewhere. Folks usually discover that after realizing there are insufficient options for website expansion or customization. Then they’ve lost all the time and energy put into a website they don’t own.

We’ll be glad to tell you if you’ve been trapped like this.

Charles Tips – Web Developer Checklist

It’s increasingly difficult sorting good companies from bad ones on the Internet. There are still ways to find the best, reliable web development companies. We’ve compiled this recommended checklist as a starting point. The order these are in isn’t necessarily important since ALL points are important!

Check to see if your web development company:

will ensure that YOU own your website when it’s paid for
is legitimately registered to do business within its State: NH MA ME VT
has been in business for at least 10 years
has several or more people
carries workman’s compensation on its employees
carries liability insurance
maintains a committed presence in networking groups
is accredited and has a good rating with the Better Business Bureau (https://BBB.org)
understands your community and reciprocates by referring business to you
has a phone contact where one can at least leave messages
has an email contact where one can send information
provides automatic site updates at no additional ongoing charge
backs up websites every night for at least a month
provides website encryption (SSL) at no additional ongoing charge
does not require hosting or domain contracts
does not overcharge you by selling sell inflated monthly maintenance plans
provides partial hour web work billing (9 minutes work charged 9/60 of hourly rate)
can respond to most maintenance requests in 3-4 days
has general familiarity with trademark and copyright issues
is proficient with WordPress through experience and training

Over upcoming weeks check here for details about each. Contact us with any questions, we exist to serve you!

Charles Tips – Checking Web Content

Whether face to face or on the web, there’s only one chance to make a first impression. This short checklist contains “must haves” for a website. It’s unbelievable to leave them off a website. We’ve seen web developers as well as web do-it-yourselfers not provide the following.

Phone number – You’ve lost credibility right away if there is no phone number. Many people – yes even today – understand that talking actually accomplishes more faster.

Contact email – We recommend posting an email address. Some use forms keeping email hidden. Forms are easily “spammed” making more work.

Business location – Tell visitors at least what city you’re in. Customers wanting to deal locally appreciate this.

Hours of operation – Whether you expect foot traffic or take appointments, there’s nothing worse than guessing whether you’re open or not.

Who to deal with – Let visitors know who they can deal with. Staff shrouded in anonymity don’t appear helpful.

Aesthetics – Websites should appear clear and organized. Visitors expect some things in certain places – like navigation. Make it easy find items/topics and get around the site.

Website success happens by building visitors’ confidence in your business. Providing as much information as possible will help immensely with this process. Contact your web services provider for assistance. They, just like we at CharlesWorks, should be there to help.

Charles Tips – Who owns your Domain?

Domain ownership is like home ownership. Domain fees are like home taxes. Stop paying taxes and see who really owns your home!

Domains are sold through hundreds of “domain registrars” around the world. It costs in excess of $50,000 to become a registrar. Registrars answer to ICANN (Internet Corporation for Assigned Names and Numbers). It maintains a database of all domains to ensure domains can’t be duplicated.

Most domains are registered by web development companies. Accepted common practice is to obtain domains for their client, set it up and build a website accessible with it.

Losing a domain can easily be avoided. Common reasons I have seen for folks to lose their domain names are as follows, in the most common order:

1. Renewals ending up in spam buckets or returned with dead/outdated email addresses.

2. Church parishioners/employees who have a falling out.

3. Business employees who move on regardless of circumstances.

Avoid Gmail, Yahoo or other “freebie emails” with your domain. You’ve ZERO control over and can’t even call them.

Seek out reputable web developers OUTSIDE your organization to handle your domain names. Avoid “one man shows” and startup developers. Use BBB accredited businesses who’ve been at it at least 10-20 years. They’ll likely look out for you and protect your domains.