Charles Tips – Adding Akismet comment spam protection

Akismet provides a convenient and free way to protect your personal WordPress site or blog from spam.

Many times we’d like to allow comments to be left on our WordPress site. The hassle with this can be the tremendous amounts of spam that come through the forms on websites.

Akismet is a compact WordPress plugin that filters the incoming comments. It is pretty straightforward to use and pretty easy to set up as well.

Install the Akismet plugin

The first step in this process is to ensure that the Akismet plugin is installed in your WordPress website:

      • Log into your WordPress website’s dashboard as an administrator
      • Click on Plugins in the left dashboard navigation column
      • Look and see if Akismet is listed – if it is – and it is not activated you can proceed to the Akismet Setup step below – otherwise
      • Click on Add New under Plugins in the dashboard navigation column
      • If you don’t see Akismet in the plugins, then in the text box to the right of the work Keyword in the row starting with Featured type in Akismet – then click on its Install Now button. Do not activate it yet.

Akismet Setup

To set up Akismet you will need an API code from the Akismet site. The first step in that process is to navigate to:
https://akismet.com/plans

This (as of the time of this writing) brings you to a page that should look similar to the screenshot below.

Akismet offering pricing page
Akismet offering pricing page

To get the free version of Akismet comment spam protection, you will need to click on the Get Personal button on the above page.

Once you’ve done that, you should see a page similar to the one below. Before attempting to fill out anything on this page, we need to set that $36 / YEAR to $0 / YEAR. Click on the $36 / YEAR box and drag it to the left.

Akismet Default $36 per year page
Akismet Default $36 per year page

Dragging that $36 / YEAR box to the left should change the page to display something like the one below showing 0$ / YEAR. You can also see that the information to fill in has changed.

Akismet $0 per year page
Akismet $0 per year page

Now fill in the information completely. Note that you need to be able to check all three checkboxes indicating the following:

      • you don’t have ads on your site
      • you don’t sell products/services on your site
      • you don’t promote a business on your site

If these are the case, then you will qualify for a free, personal plan.

All you have to do once you have gotten this far is follow the directions on the page below.

Akismet signup complete page
Akismet signup complete page

Finally, it is suggested that while on that settings page in Akismet, you can choose to show the number of approved comments beside each comment author and choose whether to show a privacy notice or not. Then just click the Save Changes button and you are on your way!

Charles Tips – SEO Scammers

Almost all businesses get the usual spam SEO (Search Engine Optimization) phone calls. Recently, one of my web clients took one. As a result of such calls, she emailed me. She expressed a lot of concern about having been told very negative things about her web traffic and website operation. It sounded like he was trying to get her to spend money. Money she’d never see a return on her investment for.

High-pressure sales tactics are something I have instructed staff in all our years in business to avoid. CharlesWorks policy forbids selling clients anything they don’t need. The difficulty is that there are so many spammers and scammers out there sending the same messages that people believe them. You can tell the same lie a thousand times and it’s still a lie.

Among the thousands of websites we’ve handled, her particular business is very unique – especially during the COVID-19 epidemic. Her classes are limited regarding how many people she can have in them at any given time. I told her that she is the one who knows best what should be on her website. And she is the one who knows best what she has to offer and when she can offer it.

The nature of her business, it seemed to me, is based more on a following she has developed over time. And she is limited as to how many people at a time she can physically handle. And – much as I hate to say this – COVID is going to remain a thought in many people’s minds – at least through this upcoming winter season. Things will change when a vaccine is widely available. However, common sense dictates it will be a while before everyone generally has access to it.

I suggested she shouldn’t spend more than she absolutely has to – to just keep her business operational. Those small business owners who can stay in business through this pandemic will be the ones who do great once they reach the other side of this.

It’s troubling that someone had pressured her enough to do work on her site that she became stressed over it. Sales people who proceed with such a hard sell attitude are clearly desperate for work. Desperate people are not working with their customer’s best interest in mind. My advise is to not talk to these people.

My suggestions for dealing with these really hard line sales calls are:

      • Say to them “Please remove me from your calling list.” Once you say those words, they are supposed to do so by law. I regularly tell spammers this, and they generally don’t bother to call back.
      • Block their number through whatever mechanism your telephone carrier has set up to do that. I do this on a pretty regular basis with the robocalls (which are actually illegal in most cases) and take a few minutes to report them at the https://www.donotcall.gov/report.html site.
      • Go to https://www.donotcall.gov where you can put your phone numbers on the National Do Not Call Registry. Mine have been on this for many years.

While these suggestions don’t stop all the spam calls you’ll get, they do stop many.

Every small business owner can and should review their website. They should ensure that everything is up to date for offerings and schedules. That only costs them a few minutes. Because CharlesWorks charges for changes by the minute, those kinds of changes only incur those minutes of charges.

I hope this is helpful to you!

Charles Tips – PPP Pandemic Scams

The pandemic we are dealing with doesn’t always bring out the best in human nature. Such times are when scammers are more apt to take advantage of people. Many people are feeling anxious and helpless. Add economic issues and it’s clearly a recipe for depression and uncertainty.

Phishing
The bad guys are everywhere just waiting for you to click on their phishing traps!

Most small business owners have heard of PPP (Payroll Protection Program) loans. These are to help businesses stay alive and keep people employed during this pandemic. There are incredible numbers of scams involving PPP loans.

Most scams come through email. They also happen over the phone. Unbelievably, calls and email are great mediums for scammers. Emails trick people into loading viruses onto their computers. Both manipulate people into volunteering personal information! The result is identity fraud and/or account thefts.

Internet and telephone scams have one important factor in common: instill a sense of urgency in the mark. If the scammer can make you think you need to act on this right away, you probably will.

I suggest you:

1) Deal with bankers/lenders at respected institutions you actually know. Use the drive-through window if you must to set up an appointment.

2) Call your banker/lender if you get an email or phone call offering their help with the PPP loan – even if the email or phone call appears to be from a legitimate source.

3) Understand that emails and phone numbers can be spoofed – made to look like they’re from a legitimate source.

Be cautious and you won’t have to regret the unimaginable headaches that those who have suffered identity theft and other losses have experienced.

Charles Tips – Halloween Spoofs

It’s Halloween time again so I thought I’d mention Halloween Spoofs! Well, actually email spoofing happens year round.

Halloween Spoof Ghost - Okay - Spoofing has nothing to do with Ghosts!!An example of spoofing is when emails are sent that are addressed from you (and maybe to you) but you didn’t send them. In that case your address has been “spoofed”.

Spammers and scammers alike do this. There are a couple reasons it’s done.

Sometimes it is malicious. Let’s say someone goes onto numerous websites to sign up for information as XYZ Company. So a ton of spam is sent to XYZ. XYZ finds itself barraged with email and phone spam – wasting lots of their time.

More often XYZ is spoofed to appear to be the sender of spam. Folks local to XYZ are more likely to open the spoofed emails. The spam really isn’t from XYZ – just made to look like it is. So recipients think XYZ is spamming them. They’re annoyed with XYZ and report them as spammers and complain and so on.

Fortunately, spoofing doesn’t account for most Internet issues. It just makes life miserable for XYZ – the target – for a while.

The good news is that usually spoofing usually only lasts a few days. The actual sending server is identified and blocked or shut down.

Always report these issues to your email administrator. Early intervention saves lots of headaches in the long term.

Charles Tips – Rampant Phishing

When working in the web world as I do, Internet scams appear to be everywhere.

Phishing is defined as the act of attempting to trick the recipient of a malicious email into opening and engaging with it.

It’s amazing how people fall for phishing scams. They fall for them mostly because the emails are designed to appear like the writer isn’t too bright. So immediately the recipient thinks they have the upper hand. Many count on the recipient’s greed – believing they’ll get something for nothing.

The bad guys that develop these schemes are experts. All they do is work scams – day and night. They wouldn’t continue if it didn’t pay off in the long run.

Phishing
Phishing – Will you bite?

I read someplace that billions of dollars annually are conned out of people through the various scams out there on the Internet. For the most part – I hate to say – they can’t be stopped. They are sent from all types of email addresses, all types of servers, from all over the world.

Bottom line is that you should keep deleting them. The best course of action is to stop responding to them and opening them. Report them as spam or report them as phishing attempts. Your email provider may provide insight with how to do this. They will ultimately stop coming.

Remember that if the bad guys can’t trick you into parting with your money they will focus on someone else – until they find someone who does. Just don’t be that someone.

Charles Tips – The “Send me Bitcoin” Scam Continues

We had intended to continue weekly with our web developer checklist. However, this week we’re presenting this post because so many people are receiving these bogus scam messages trying to trick them into paying an extortion.

This scam we mentioned quite a while ago. It has continued to pick up steam – plowing its way through every part of the Internet. It IS a SCAM. Do NOT pay it. We’ve had numerous people contact us that they are receiving such messages.

Here is is below in English and Chinese:

ENGLISH

Hello there!

You may have noticed that I sent an email from your account.
This means I have full access to your device.

I have been watching it for a few months.
The truth is that you are infected with malware through an adult website you have visited.

If you are not familiar with this, I will explain.
I created high quality spyware. It allows me to gain full access and control over your device.
This means I can see everything on the screen, turn on the camera and microphone, but you don’t know.

I can also access all your contacts and all communications.

Why is your antivirus software not detecting malware?
Answer: My malware uses the driver, I update the signature every 4 hours so that your anti-virus software is silent.

I made a video showing how you can satisfy yourself in the left half of the screen, and in the right half you will see the video you watched.
One Key! All of your contacts in email and social networks will receive this video! Your life will change forever!
I can also post access to all email communications and messengers you use.

If you want to stop this ʌ
Transfer the $362 amount to my bitcoin address (if you don’t know how to do this, please write to Google: “Buy Bitcoin”).

My bitcoin address (BTC wallet) is: *********************************

After receiving the payment, I will delete the video and you will never hear my voice again.
I will give you 50 hours (more than 2 days) to pay.
I received a notification from this letter and the timer will work when you see the letter.

It doesn’t make sense to file a complaint somewhere because it can’t be tracked like my Bitcoin address.
I have not made any mistakes.

If I find that you shared this message with others, the video will be distributed immediately.

Good luck, goodbye!

CHINESE

你好!

您可能已经注意到,我从您的帐户发送了一封电子邮件。
这意味着我可以完全访问您的设备。

我已经看了好几个月了。
事实是,您通过您访问过的成人网站感染了恶意软件。

如果您对此不熟悉,我会解释。
我创建了高质量的间谍软件。 它允许我获得对您设备的完全访问权限和控制权。
这意味着我可以在屏幕上看到所有内容,打开相机和麦克风,但您不知道。

我也可以访问您的所有联系人和所有通信。

为什么您的防病毒软件没有检测到恶意软件?
回答::我的恶意软件使用驱动程序,我每4小时更新一次签名,以便您的防病毒软件无声。

我制作了一个视频,展示了你如何在屏幕的左半部分让自己满意,在右半部分,你会看到你观看的视频。
一键! 您在电子邮件和社交网络中的所有联系人都将收到此视频! 你的生活将永远改变!
我还可以发布您使用的所有电子邮件通信和信使的访问权限。

如果你想阻止这个ʌ
将362美元的金额转入我的比特币地址(如果您不知道如何做到这一点,请写信给Google:“购买比特币”)。

我的比特币地址(BTC钱包)是:**********************************

收到付款后,我将删除该视频,您将永远不会再听到我的声音。
我给你50个小时(超过2天)付款。
我收到了这封信的通知,当你看到这封信时,计时器会起作用。

在某处提交投诉没有意义,因为无法像我的比特币地址那样跟踪此电子邮件。
我没有犯任何错误。

如果我发现您与其他人分享了此消息,则视频将立即分发。

祝你好运,再见!

AND IT IS IN MANY OTHER LANGUAGES AS WELL!

Charles Tips – Email Update Scam

Last week I wrote about possible dangers of “FREE” offerings.

While verbiage varies, the end result is the same if you follow their link: headaches of an unimaginable magnitude for you!

Here’s an example of many I see each day in our company emails:
____________________________________________
Dear  charles@charlesworks.com ,

Your mailbox quota is full.
This may cause your mailbox to be disabled or you may no longer be able to receive more emails

to continue using your mailbox. You will need to upgrade your mailbox quota immediately. This service is free.

 Re-update your account 

Note: Failure to update your account might lead to permanent deactivation of your account.

Thanks,
The Security team. 2019

____________________________________________

Clicking lands you on an extremely convincing page. One wanting me to enter my email login information even had “© 2018 CharlesWorks” in it.

These work based on two principles: Offering the FREE “we’ll fix it” service and threat of imminent services loss. Together they convince you to bite. Especially that sense of urgency! Remember the world isn’t going to halt if you don’t act right away – it can wait until you deal with it properly.

Companies don’t have you “verify” your email account this way. If anything seems fishy concerning your email, call your email provider and ask for assistance. That’s what you pay them for!

Charles Tips – Free Counters

It surprises me how many people still fall for anything with “FREE” attached to it. We shockingly still see “free counters” on many websites. They’ve been around as long as the web. Newbie web users still get fascinated by counters showing site visitor numbers.

There are problems with some freebies. If you visit a website and see that 3 people have visited it, that doesn’t exactly instill confidence in the site.

An aesthetic issue is that really nice, elegant looking websites don’t usually have counters. So site visitors aren’t distracted by traffic to the site. In fact, site counters are simply not that much in fashion these days.

Another problem is that many free counters are actually security risks. For an example, I recently read about a “Free SuperCounter Widget” that many have been using. It redirects site visitors to other sites (like dating and gambling and so on). So folks installing this counter were unwittingly sending site visitors away from their site.

Even more insidious is where the counter loads malware/viruses into the website – infecting site visitors as well.

The bottom line here: Yet another simple lesson about getting what you pay for. If your site has been infected, contact us or your developer for help.

 

Charles Tips – Email Extortions

With 20+ years in the web business, scams and schemes to steal from people still amaze me.

Several web clients have made me aware of a scam to frighten them into making a bitcoin payment.

They’re from addresses like “Anonymous Hacker” or even your own email. Subjects are “You have been hacked” or similar. They gloat they’ve infected you through some (usually unsavory) site you visited. They explain how they did it in terms most folks don’t understand – making you think they are really an expert – and frighten you into believing they’re monitoring your computer.

They threaten to send very personal items and even videos of you to everyone you know unless you comply with the demand within some short time period. They warn if you report them, they’ll distribute the “dirt” on you immediately.

We try to force these messages to spam on our servers. Sometimes they get through. We reassure several people each week they are a scam because they usually are.

However, devices DO get hacked. If you truly believe you’ve been hacked, you should see your IT person or someone who specializes in “cleaning” computers ASAP. We can recommend folks who can help.

Charles Tips – Spam

We get many questions about spam (Junk E-mail). Spam clutters up your email. It’s also used to deliver online scams and malware/viruses.

A common question is “Any idea of why I’m seeing spam emails in my Inbox?” Spammers most likely got your email address from your friends or acquaintances – people you know and correspond with – whose computers or phones were compromised. Their contact lists get added to the spammers lists. Spammers also get emails from when we purchase online and from finding email addresses on websites.

Spam is difficult to avoid. One way to handle it is to hit the delete key. That’s much the same as just throwing junk mail away that’s delivered by the mail carrier.

However, spam email can be filtered. The good news is that better than 98% can be filtered into a junk email folder.

One filtering problem is determining which are actually spam – Home Depot, Lowe’s, Staples or other vendors are spam to many and not spam to others. Good mail servers allow users to “mark” items as not spam in that case.

There are numerous email servers that behave in just as many ways handling spam. If spam is an issue, check with your email provider about your options for handling it.

Charles Oropallo (Charles@CharlesWorks.com) started CharlesWorks in Peterborough NH in 1998. His team does website design, hosting, search engine optimization (SEO) and related web services.