Charles Tips – Scamming Web Developers

Most of the articles I submit are to help the average web user or website owner learn a few web related tidbits. This one is geared toward web developers.

The scam asks about doing web development and whether it can be paid via credit card. It lets you know right away that they have a good budget to make the site. They also tell you they want it to be like a particular other site that you can check out to see what the project will entail.

Then the scam is presented – the scammer needs a favor. When you write back and ask what that favor is, here is a verbatim response I received:

“The favor i need from you is. i would give you my card info’s to charge for $7,700 plus credit card company charges, so $2,000 would be a down payment for my website design and the remaining $5,500 you would help me send it to the project consultant that has the text content and the logo for my website so once he has the $5,500 he would send the text content and logo needed for my website to you also the funds would be sent to him via Instant Transfer or Cashier Check into his account, sending of funds would be after funds clears into your account And also $200tip for your stress So i will be looking forward to read back from you. Thanks”

Then I indicate my credit card company doesn’t allow such transactions. I never hear from them again…

Most scams are built upon the greediness of the mark – purposely using poor grammar and presenting what looks like it’ll be a easy way to make some quick cash. That’s how they trick you out of your money. We all know the old saying: If it sounds too good to be true, it probably is.

Charles Tips – Another Domain Scam

Explained really simply, domain names are just pointers that convert recognizable words or characters to Internet addresses so we can view a website. Whenever a domain name is created, its creation date and expiration date are publicly available.

There are many domain scams out there. A rather common one I often see is where an unscrupulous company tries to overcharge you for your domain name and get control of it.

The main way they do this is by first scaring you into thinking you might lose your domain name because it is expiring. They do this by sending a carefully crafted letter to you through the postal service. The message appears at first glance to resemble an invoice convincing you to renew your domain name with them. These messages are very convincing.

Reading the “invoice” carefully actually reveals it states it is not an invoice – but in fact it is an “offer”. That statement is what keeps it “legal”. Amazingly, some of the companies that trick domain owners like this have been prohibited from operating in Canada after being legally challenged by the Canadian government.

My advice is to always check with your domain provider when presented with anything appearing to be a bill that appears suspicious. It will save you a lot of headaches going forward.

Charles Tips – Persistent Scammers

I’ve written several articles about specific scams that are occurring on a regular basis on the Internet. They seem to subside for a short time – a very short time – and then a wave of them happens again.

One of the worst – as far as I am concerned – are the ones where the email recipient is being told they must verify their email. These have some common traits with most Internet scams:

1) A sense of urgency – they want you to take care of this immediately

2) A time limit – they give you within 24 hours to act

3) A threat – they tell you your email will be locked.

The first thing you have to understand is that nearly everyone gets these on occasion. I have received them myself in which they are made to look like they are from CharlesWorks. So when our clients get these they tend to become very worried very quickly.

I can’t stress enough that most legitimate companies will not send out messages like these. To fall prey to these can be a real nightmare. With access to one’s email these days the bad guys can wreak havoc in one’s life. The worst cases are called identity theft!

Don’t be the unfortunate one who falls prey to these scammers. If you have been “notified” of something serious – call your provider up and speak with a representative. Just like at my company – it’s a lot easier for us to allay your fears than to have to try to clean up the mess that can happen with compromised accounts.

Charles Tips – Inflated Maintenance Plans

Along with all the many scams out there on the Internet are what I’d call the “inflated monthly maintenance plans”.

Paying expensive expensive maintenance fees
Paying expensive expensive maintenance fees

These are usually fixed monthly pricing plans that include hosting and website maintenance. Such plans are touted as providing the business owner with a means to budget ongoing website maintenance, so-to-speak.

I’ve seen many of these offerings since 1998. I’ve also spoken with many website owners who have had such plans. They’re almost never advantageous to the business owner.

In most cases, business website owners had paid up to several hundred dollars a month for these plans – for many years in some cases. Most never had any work done to their websites. Those who did have work done indicated it was far less value than they had paid for with their “budget”.

Put specifically in dollar terms, some had paid thousands of dollars for only about a hundred dollar’s worth of web updates over time. For that reason I highly recommend businesses avoid such plans.

In short, be very careful about doing business with web companies or web developers that want to sell you these inflated monthly maintenance plans. Paying for website work on an as-you-need-it basis will almost always cost you much, much less in the long term.

Charles Tips – The big SEO Scam

I’ve mentioned SEO (Search Engine Optimization) throughout many articles. While it is important – I believe it’s the most abused area of website development.

SEO scammers are great liars
SEO scammers are great liars

It’s important for your business website to be found in the search engines. That is best and most inexpensively done by having pertinent material in your website so the search engines see your website as pertinent or closely related to a topic.

There are many unscrupulous individuals and companies out there selling just plain bogus SEO. It’s often impossible to discern the truth. There are no regulations or meaningful certifications in this field.

As an example – let’s say you receive a dozen Viagra spam messages in a month. Does that mean you need it? Certainly just because a number of spam messages are saying you need something doesn’t turn it into a fact.

Why would you believe the same about SEO regarding your search placements on the Internet? Our web clients are bombarded with spam and with phone calls saying they need this and that for their websites. Some fall prey to these sales pitches and some even go out of business as a result of spending hundreds of dollars each month on scams.

Your web developer should care about you as a client – should want you to be as successful as possible and not up-selling you right out of business.

The worst part of the SEO scams is they can oftentimes hurt your placement with the search engines.

Don’t fall prey to the scamsters selling these bogus “services”. Check with your web developer FIRST about such offers to find out if they are for real or whether you actually need them.

Charles Tips – Halloween Spoofs

It’s Halloween time again so I thought I’d mention Halloween Spoofs! Well, actually email spoofing happens year round.

Halloween Spoof Ghost - Okay - Spoofing has nothing to do with Ghosts!!An example of spoofing is when emails are sent that are addressed from you (and maybe to you) but you didn’t send them. In that case your address has been “spoofed”.

Spammers and scammers alike do this. There are a couple reasons it’s done.

Sometimes it is malicious. Let’s say someone goes onto numerous websites to sign up for information as XYZ Company. So a ton of spam is sent to XYZ. XYZ finds itself barraged with email and phone spam – wasting lots of their time.

More often XYZ is spoofed to appear to be the sender of spam. Folks local to XYZ are more likely to open the spoofed emails. The spam really isn’t from XYZ – just made to look like it is. So recipients think XYZ is spamming them. They’re annoyed with XYZ and report them as spammers and complain and so on.

Fortunately, spoofing doesn’t account for most Internet issues. It just makes life miserable for XYZ – the target – for a while.

The good news is that usually spoofing usually only lasts a few days. The actual sending server is identified and blocked or shut down.

Always report these issues to your email administrator. Early intervention saves lots of headaches in the long term.

Charles Tips – Rampant Phishing

When working in the web world as I do, Internet scams appear to be everywhere.

Phishing is defined as the act of attempting to trick the recipient of a malicious email into opening and engaging with it.

It’s amazing how people fall for phishing scams. They fall for them mostly because the emails are designed to appear like the writer isn’t too bright. So immediately the recipient thinks they have the upper hand. Many count on the recipient’s greed – believing they’ll get something for nothing.

The bad guys that develop these schemes are experts. All they do is work scams – day and night. They wouldn’t continue if it didn’t pay off in the long run.

Phishing
Phishing – Will you bite?

I read someplace that billions of dollars annually are conned out of people through the various scams out there on the Internet. For the most part – I hate to say – they can’t be stopped. They are sent from all types of email addresses, all types of servers, from all over the world.

Bottom line is that you should keep deleting them. The best course of action is to stop responding to them and opening them. Report them as spam or report them as phishing attempts. Your email provider may provide insight with how to do this. They will ultimately stop coming.

Remember that if the bad guys can’t trick you into parting with your money they will focus on someone else – until they find someone who does. Just don’t be that someone.

Charles Tips – The “Send me Bitcoin” Scam Continues

We had intended to continue weekly with our web developer checklist. However, this week we’re presenting this post because so many people are receiving these bogus scam messages trying to trick them into paying an extortion.

This scam we mentioned quite a while ago. It has continued to pick up steam – plowing its way through every part of the Internet. It IS a SCAM. Do NOT pay it. We’ve had numerous people contact us that they are receiving such messages.

Here is is below in English and Chinese:

ENGLISH

Hello there!

You may have noticed that I sent an email from your account.
This means I have full access to your device.

I have been watching it for a few months.
The truth is that you are infected with malware through an adult website you have visited.

If you are not familiar with this, I will explain.
I created high quality spyware. It allows me to gain full access and control over your device.
This means I can see everything on the screen, turn on the camera and microphone, but you don’t know.

I can also access all your contacts and all communications.

Why is your antivirus software not detecting malware?
Answer: My malware uses the driver, I update the signature every 4 hours so that your anti-virus software is silent.

I made a video showing how you can satisfy yourself in the left half of the screen, and in the right half you will see the video you watched.
One Key! All of your contacts in email and social networks will receive this video! Your life will change forever!
I can also post access to all email communications and messengers you use.

If you want to stop this ʌ
Transfer the $362 amount to my bitcoin address (if you don’t know how to do this, please write to Google: “Buy Bitcoin”).

My bitcoin address (BTC wallet) is: *********************************

After receiving the payment, I will delete the video and you will never hear my voice again.
I will give you 50 hours (more than 2 days) to pay.
I received a notification from this letter and the timer will work when you see the letter.

It doesn’t make sense to file a complaint somewhere because it can’t be tracked like my Bitcoin address.
I have not made any mistakes.

If I find that you shared this message with others, the video will be distributed immediately.

Good luck, goodbye!

CHINESE

你好!

您可能已经注意到,我从您的帐户发送了一封电子邮件。
这意味着我可以完全访问您的设备。

我已经看了好几个月了。
事实是,您通过您访问过的成人网站感染了恶意软件。

如果您对此不熟悉,我会解释。
我创建了高质量的间谍软件。 它允许我获得对您设备的完全访问权限和控制权。
这意味着我可以在屏幕上看到所有内容,打开相机和麦克风,但您不知道。

我也可以访问您的所有联系人和所有通信。

为什么您的防病毒软件没有检测到恶意软件?
回答::我的恶意软件使用驱动程序,我每4小时更新一次签名,以便您的防病毒软件无声。

我制作了一个视频,展示了你如何在屏幕的左半部分让自己满意,在右半部分,你会看到你观看的视频。
一键! 您在电子邮件和社交网络中的所有联系人都将收到此视频! 你的生活将永远改变!
我还可以发布您使用的所有电子邮件通信和信使的访问权限。

如果你想阻止这个ʌ
将362美元的金额转入我的比特币地址(如果您不知道如何做到这一点,请写信给Google:“购买比特币”)。

我的比特币地址(BTC钱包)是:**********************************

收到付款后,我将删除该视频,您将永远不会再听到我的声音。
我给你50个小时(超过2天)付款。
我收到了这封信的通知,当你看到这封信时,计时器会起作用。

在某处提交投诉没有意义,因为无法像我的比特币地址那样跟踪此电子邮件。
我没有犯任何错误。

如果我发现您与其他人分享了此消息,则视频将立即分发。

祝你好运,再见!

AND IT IS IN MANY OTHER LANGUAGES AS WELL!

Charles Tips – Are they a Registered business?

Our exposure to thousands of web clients has shown us many folks who’ve been exposed to scam artists, fly by nights, and outright crooks over the years. We’ve had clients that had paid money down to previous developers with no work done whatsoever.

Luckily, most legitimate reliable web development businesses have ethics. Part of building confidence in one’s client base is doing what is necessary to be a legitimate business. Fly-by-nights don’t bother with registering their business or any of the other numerous details of doing business that being a legitimate business entails.

It’s very simple to check to see if a business is legitimate – i.e., registered. Here are links to websites where one can check out businesses in several states in and around New England: NH MA ME VT

Doing a little research like this can save you a ton of headaches later. Dealing with a business that is willing to do the initial work of operating legitimately greatly increases the odds they are going to be reliable and honest in their dealings with you.

While there’s never a total guarantee, coupling this with other items in our checklist helps narrow the field to give you the best odds of developing a good business relationship.

Charles Tips – Do YOU own your website?

This is a question that, amazingly enough, not everyone thinks to ask. We have had a number of people who received poor service from their web services providers come to us. Imagine their surprise when they discover that they do not own their website!

Our philosophy is very simple – anything you’ve paid in full for – meaning there is no open balance on your account – is yours. Period. We really have no reason to want your website. We just want to be paid for work done, your domains and services rendered.

Unfortunately there are many unscrupulous people in the web business. They use their ownership of your content as a method to hold you hostage – forcing you to keep paying them. It’s an unfortunate reality on the web. We have never operated that way.

Just about as bad are the large companies that you can build your website at quickly ans easily. However, there is no way to move that website from them. Your site operates ONLY on their proprietary servers so can’t be moved elsewhere. Folks usually discover that after realizing there are insufficient options for website expansion or customization. Then they’ve lost all the time and energy put into a website they don’t own.

We’ll be glad to tell you if you’ve been trapped like this.

Charles Tips – Web Developer Checklist

It’s increasingly difficult sorting good companies from bad ones on the Internet. There are still ways to find the best, reliable web development companies. We’ve compiled this recommended checklist as a starting point. The order these are in isn’t necessarily important since ALL points are important!

Check to see if your web development company:

will ensure that YOU own your website when it’s paid for
is legitimately registered to do business within its State: NH MA ME VT
has been in business for at least 10 years
has several or more people
carries workman’s compensation on its employees
carries liability insurance
maintains a committed presence in networking groups
is accredited and has a good rating with the Better Business Bureau (https://BBB.org)
understands your community and reciprocates by referring business to you
has a phone contact where one can at least leave messages
has an email contact where one can send information
provides automatic site updates at no additional ongoing charge
backs up websites every night for at least a month
provides website encryption (SSL) at no additional ongoing charge
does not require hosting or domain contracts
does not overcharge you by selling sell inflated monthly maintenance plans
provides partial hour web work billing (9 minutes work charged 9/60 of hourly rate)
can respond to most maintenance requests in 3-4 days
has general familiarity with trademark and copyright issues
is proficient with WordPress through experience and training

Over upcoming weeks check here for details about each. Contact us with any questions, we exist to serve you!

Charles Tips – Email Update Scam

Last week I wrote about possible dangers of “FREE” offerings.

While verbiage varies, the end result is the same if you follow their link: headaches of an unimaginable magnitude for you!

Here’s an example of many I see each day in our company emails:
____________________________________________
Dear  charles@charlesworks.com ,

Your mailbox quota is full.
This may cause your mailbox to be disabled or you may no longer be able to receive more emails

to continue using your mailbox. You will need to upgrade your mailbox quota immediately. This service is free.

 Re-update your account 

Note: Failure to update your account might lead to permanent deactivation of your account.

Thanks,
The Security team. 2019

____________________________________________

Clicking lands you on an extremely convincing page. One wanting me to enter my email login information even had “© 2018 CharlesWorks” in it.

These work based on two principles: Offering the FREE “we’ll fix it” service and threat of imminent services loss. Together they convince you to bite. Especially that sense of urgency! Remember the world isn’t going to halt if you don’t act right away – it can wait until you deal with it properly.

Companies don’t have you “verify” your email account this way. If anything seems fishy concerning your email, call your email provider and ask for assistance. That’s what you pay them for!

Charles Tips – Free Counters

It surprises me how many people still fall for anything with “FREE” attached to it. We shockingly still see “free counters” on many websites. They’ve been around as long as the web. Newbie web users still get fascinated by counters showing site visitor numbers.

There are problems with some freebies. If you visit a website and see that 3 people have visited it, that doesn’t exactly instill confidence in the site.

An aesthetic issue is that really nice, elegant looking websites don’t usually have counters. So site visitors aren’t distracted by traffic to the site. In fact, site counters are simply not that much in fashion these days.

Another problem is that many free counters are actually security risks. For an example, I recently read about a “Free SuperCounter Widget” that many have been using. It redirects site visitors to other sites (like dating and gambling and so on). So folks installing this counter were unwittingly sending site visitors away from their site.

Even more insidious is where the counter loads malware/viruses into the website – infecting site visitors as well.

The bottom line here: Yet another simple lesson about getting what you pay for. If your site has been infected, contact us or your developer for help.

 

Charles Tips – Email Extortions

With 20+ years in the web business, scams and schemes to steal from people still amaze me.

Several web clients have made me aware of a scam to frighten them into making a bitcoin payment.

They’re from addresses like “Anonymous Hacker” or even your own email. Subjects are “You have been hacked” or similar. They gloat they’ve infected you through some (usually unsavory) site you visited. They explain how they did it in terms most folks don’t understand – making you think they are really an expert – and frighten you into believing they’re monitoring your computer.

They threaten to send very personal items and even videos of you to everyone you know unless you comply with the demand within some short time period. They warn if you report them, they’ll distribute the “dirt” on you immediately.

We try to force these messages to spam on our servers. Sometimes they get through. We reassure several people each week they are a scam because they usually are.

However, devices DO get hacked. If you truly believe you’ve been hacked, you should see your IT person or someone who specializes in “cleaning” computers ASAP. We can recommend folks who can help.

Charles Tips – Spam

We get many questions about spam (Junk E-mail). Spam clutters up your email. It’s also used to deliver online scams and malware/viruses.

A common question is “Any idea of why I’m seeing spam emails in my Inbox?” Spammers most likely got your email address from your friends or acquaintances – people you know and correspond with – whose computers or phones were compromised. Their contact lists get added to the spammers lists. Spammers also get emails from when we purchase online and from finding email addresses on websites.

Spam is difficult to avoid. One way to handle it is to hit the delete key. That’s much the same as just throwing junk mail away that’s delivered by the mail carrier.

However, spam email can be filtered. The good news is that better than 98% can be filtered into a junk email folder.

One filtering problem is determining which are actually spam – Home Depot, Lowe’s, Staples or other vendors are spam to many and not spam to others. Good mail servers allow users to “mark” items as not spam in that case.

There are numerous email servers that behave in just as many ways handling spam. If spam is an issue, check with your email provider about your options for handling it.

Charles Oropallo (Charles@CharlesWorks.com) started CharlesWorks in Peterborough NH in 1998. His team does website design, hosting, search engine optimization (SEO) and related web services.