How to recognise scam emails and phishing attempts

Today I received an email from Santander Bank warning of a possible scam that’s circulating. These scams are nothing new but they are evolving to look like they come from reputable companies or companies that people use regularly. Small business owners are most at risk (as the images show below) with fake emails appearing to come from HMRC and Sage Accounting – commonly used by small businesses.

How to recognise scam emails and phishing attempts

This email I received prompted me to offer a few tips on how to recognise scam emails and phishing attempts that land in your inbox. I get these virtually every day but I have email addresses published all over the internet on various sites, so I do expect that my address will be farmed by these unscrupulous companies.

Here’s a few examples of the kinds of emails they use:

How to recognise scam emails and phishing attempts-HMRC

How to recognise scam emails and phishing attempts-sage

 

 

 

 

The idea is that if it looks like the email comes from a company that you are familiar with, you are likely to TRUST it, therefore increasing the chances of you attempting to open the attached .zip file.

Most of the time these emails have an attachment in the for of a .zip file. Zip files are used to compress files to make them easier to send digitally. Most people are familiar with using them. The problem here is that once you open the .zip file, you may have already activated a virus and inadvertently installed nasty software on your computer.

Some emails contain ‘fake links’ to sites. This is where the link displays something you know, but leads to another site that installs software on to your device. The way to test the link for integrity is to hover over the link and look in your address bar to see if it matches the text in the email itself.

Hover over the link below for an example:

‘Please visit http://www.medwayseo.com for more information’

If you click the link, it actually redirects to www.google.co.uk. You may notice that the address bar at the bottom of the screen shows that it is linked to Google, whereas the actual link looks like a link to the Medway SEO website.

Here’s how easy this is for website owners and email writers to edit the link:

How to recognise scam emails and phishing attempts-example

This is an the email I received from Santander Bank that has some great advice and links about scam emails and phishing attempts:

To make sure your personal details and computer aren’t compromised, we wanted to make you aware of a significant email scam that’s being received by some of our customers at the moment.

How to recognise the email
The email has an attachment which appears to be correspondence linked to the email.

All official emails from us will address you by name. If an email that says it’s from us doesn’t do this, don’t open any attachments within it.

What does the attachment do if it’s opened?
It can install a virus which will encrypt your computer files and the files on your local network. Once encrypted, the computer will display a screen with a count down timer and ask for a ransom payment for the decryption key to allow you to access your files.

What’s being done about the email?
The National Crime Agency’s National Cyber Crime Unit (NCCU) is aware of the email and is working hard to trace the source. Until they do, this email has been assessed as a significant risk. Anyone who is infected with this malware should report it via www.actionfraud.police.uk

What should I do if I get the email?
Forward it to us at phishing@santander.co.uk

If you open the attachment, the NCCU says it would never endorse paying the ransom and there’s no guarantee the fraudsters would give you the decryption key. Instead you should:

• help the NCCU find the source of the emails by reporting it at www.actionfraud.police.uk

• disconnect the computer from the network

• get your computer professionally cleaned.

Some anti-virus companies will offer corrective software solutions but won’t restore any encrypted files.

Read more advice at getsafeonline.org.uk

Other ways to protect yourself
There are some preventative measures you can take to protect yourself

Update your anti-virus and operating system with the latest versions
These will include any updates needed to protect you against new threats since the last time your software was installed.

Back up your files regularly
By preserving them off the network, they’ll be safe if your computer does ever become infected.

I have Trusteer Rapport. Will this protect me?
Trusteer Rapport protects you against viruses that try to steal your banking log on details. This virus is different in that it doesn’t steal anything but tries to hold you to ransom. As Trusteer Rapport isn’t designed for this type of virus it doesn’t protect you against it.

Questions
If you’re unsure if an email is from us, or have any other questions about this issue, contact us on 0845 600 4388. Lines are open 7am to 11pm Monday to Saturday and 9am to 9pm Sunday.

Yours sincerely

Santander Customer Services

Santander emailed me directly, addressing me by name with this information on how to recognise scam emails and phishing attempts – I still checked ALL the links before proceeding any further.

To summarise, the easiest way to know how to recognise scam emails and phishing attempts is to make sure the email is addressed to you personally, check that the links within the email are genuine and make sure you NEVER open a .zip file that you haven’t scanned with anti-virus software.

If you found this article useful, please consider sharing with your network.

How to avoid copycat websites when searching Google

How to avoid copycat websites when searching Google - Telegraph-articleFollowing recent news reports about so called ‘copycat’ sites apparently ‘duping’ people into paying more for the Congestion Charge in London, I have been moved to explain a little bit about how this happens and how to avoid copycat websites when searching Google. In essence, the company pays Google to list above the main TfL website and charges a fee for ‘managing’ the payment.

The specific article I am referring to in this article is this: ‘Transport for London warns of ‘copycat’ congestion charge websites’ and you can read the full article by clicking HERE.

The Telegraph has this to say on the matter:

Unofficial ‘copycat’ websites are charging motorists up to £6 extra to process their London congestion charge payments. Transport for London (TfL) said around 1,000 people a day are using unofficial sites to pay the congestion charge, often not realising their mistake.

The ASA (Advertising Standards Agency) have now ruled that the site must ‘make it clearer to users that it was not affiliated to the real TfL website’ – Click HERE for the official ruling page.

The image below shows how people are becoming easily confused or ‘duped’. I’ll talk about how this works below.

How to avoid copycat websites when searching Google - medway-seo

Here’s How to avoid copycat websites when searching Google by understanding how the sponsored listings work.

When a user visits Google.com and searches for ‘pay London congestion charge’ (or very similar search terms) they are shown a page of results. Google places ‘Sponsored’ adverts directly above the natural results. Natural results are ones that are given their listing position based on quality content and other criteria that Google sets. These are the results that would normally appear at the top, if there were no sponsored adverts to display. Companies pay Google to appear in the results page when certain search terms or keywords are used.

There is nothing illegal happening here. The company are not breaking any laws. They are simply making money from the uninformed or lazy internet users. It may not be the most ethical business model but we’ve all agreed to pay more for convenience of some kind in the past and companies will always exploit people for increased margins.

There are some clever marketing techniques being used by Google here to make people believe that they are viewing the most relevant results. If you look carefully, you will notice that the adverts are surrounded by a very light yellow box. Yes, on some screens it’s almost invisible. That’s because the colour is only 5% yellow and 2% magenta on the CYMK scale. This basically means it’s almost white!

How to avoid copycat websites when searching Google-yellow box
Yellow or off white?

At the top of this yellow box is a small piece of text that states ‘Ad related to pay london congestion charge‘. To the  right of this text is an ‘info’ icon that, if you click, displays the following message:

This ad is based on your current search terms.
Visit Google’s Ads Settings to learn more, block specific advertisers or opt out of personalised ads.

Now that you know the 3 points above, have a search and see if you notice the sponsored adverts now. All the information is there if you really look carefully. That’s Google’s back side covered. They’ve made it really clear haven’t they? Their argument would be that they have stated ‘clearly’ that these listings are adverts.

From the point of view of a web design and SEO company, we’re always having to explain our definition of ‘position 1’ on ‘page 1’ of Google. We actually mean the first listings that appear BELOW the sponsored ads. Seasoned professionals always discard the sponsored ads when viewing the results pages.

The practice of ‘clever marketing’ is nothing new but the ASA issuing a warning to the site is simply not enough to stop the problem. PEOPLE need to learn themselves how to recognise and avoid these kinds of marketing tactics. The same way you learned that your bank doesn’t EVER request you to ‘login to secure your account’ via an email message with poor grammar.

These ‘clever’ marketing people use the fact that MOST people either ‘don’t know’ how to spot the tricks or they simply ‘assume’ that the results come with integrity – and some won’t even notice! Supermarkets have been doing it for years to us all. Marketers make you think that you are getting a good deal when if fact, you probably aren’t.

Think about it – Google is free to use. How do you think they make money? They have to offer their advertisers something in return for revenue.

If you want to avoid copycat websites when searching Google, wise up and learn the tricks used by the ‘big boys’.

If you found any of this information useful, please consider sharing it with your network.

20 Celebrities using WordPress to manage their sites

http://metro.co.uk/ - Medway SEO
Metro UK use WordPress

Celebrities using WordPress?

Are you still wondering if WordPress is right for your business website? Here’s 20 Celebrities using WordPress to manage their sites. If I’m honest, a few surprised me!

We’ve used many systems in the past including Joomla, Drupal and PHPBB forum software. We settled on WordPress about 4 years ago and have never looked back. The flexibility and versatility has allowed us to create beautiful websites that do what we need them to. We’ve saved our clients thousands over the years. Old school web designers are worried about the rise of this system.

In fact, over 66 million websites run using the WordPress platform and with almost 20% of all the websites in the entire world using WordPress, it’s fast becoming a very smart move for business owners wanting control and competitive pricing.

WordPress is a content management system (CMS) that is great for static websites and blogs alike. With literally thousands of themes and plugins, there’s pretty much no limit as to the things you can do with WordPress. This publishing platform is truly dominating the World Wide Web and to emphasise the point, here are a few high profile Celebrities using WordPress that may just surprise you…

  1. http://metro.co.uk/ – Metro UK

  2. http://billcosby.com/ – Bill Cosby

  3. https://www.themillionpounddrop.com/ – Million Pound Drop

  4. http://llcoolj.com/ – LL Cool J

  5. http://snoopdogg.com/ – Snoop D.O.G.G

  6. http://toughmudder.com/ – Tough Mudder

  7. http://usainbolt.com/ – Usain Bolt

  8. http://a-ha.com/ – A-Ha

  9. http://www.tilda.com/ – Tilda Rice (I know, but it’s nice rice!)

  10. http://justintimberlake.com/main – Justin Timberlake

  11. http://www.rollingstones.com/ – The Rolling Stones

  12. http://www.sylvesterstallone.com/ – Sylvester Stallone

  13. http://jasonmraz.com/ – Jason Mraz

  14. http://marketing.dell.com/teamdellracing – Team Lotus

  15. http://digital.cabinetoffice.gov.uk/ – UK Digital Cabinet

  16. http://www.rd.com/ – Readers Digest

  17. http://www.russellbrand.tv/ – Russell Brand

  18. http://ninette.roh.org.uk/ – Royal Ballet

  19. http://www.ryanseacrest.com/ – Ryan Seacrest

  20. http://starwarsblog.starwars.com/ – Star Wars Blog

We’ve cherry picked a few of the best for the sake of bringing you this article, for the full list according to WordPress themselves, click here: http://wordpress.org/showcase/archives/ to see why more celebrities are using WordPress to manage their high profile sites – if it’s good for the Goose eh?

Inspired to work with WordPress?

Talk to us today and see how we can get you set up and started on the road to managing your own website at a fraction of the cost of traditional web design.

Satisfaction Guaranteed - Medway SEO

 

Cookies – are you legal?

Cookies – what they are and what they do.

Firstly, they are not oven baked cookies with chocolate chips inside. I know, it’s hard to take.

The type of cookie we are talking about is a small file (text file) that your web browser (Internet Explorer, Firefox, Chrome, Safari etc) uses to store information about your visit. When you browse to the same website again in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous behaviour.

The information stored is usually what pages you visited, if you logged in to the site, form preferences, visual preferences and so on. They cannot contain viruses or Malware.

An authentication cookie stores information about your logins so that the website knows if it’s OK to show you your personal content, like a profile page, or to show the content that non logged-in users are supposed to see. Web site owners use them for analytical reasons to help improve their SEO and website ‘conversion rates’ – basically, to see if the site is working as is should.

Originally formed in May 2011 and revised in May 2012, it became a legal requirement for all websites that use cookies to not only have a privacy policy saying what they used and why but also to have a clear link to that policy as soon as you go to your website. Many of you will have seen this on sites you have visited where you need to accept before a pop up disappears.

Our is located on the bottom right hand corner of our site:

Cookie Control-Sunshinewebde

More about cookies

Here’s what WikiPedia says:

cookie, also known as an HTTP cookieweb cookie, or browser cookie, is a small piece of data sent from a website and stored in a user’s web browserwhile a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.

Although cookies cannot carry viruses, and cannot install malware on the host computer,[2] tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals’ browsing histories — a major privacy concern that prompted European and US law makers to take action in 2011.[3][4] Cookies can also store passwords and forms a user has previously entered, such a credit card number or an address. When a user accesses a Web site with a cookie function for the first time, a cookie is sent from server to the browser and stored with the browser in the local computer. Later when that user goes back to the same website, the website will recognize the user because of the stored cookie with the user’s information.[5]

Other kinds of cookies perform essential functions in the modern Web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in under. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate himself by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user’s web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie’s data to be read by a hacker, used to gain access to user data, or used to gain access (with the user’s credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).[6]

Law and Compliance Info

ICO guidance – Source: ICO Website

Updated in May 2012, our cookies guidance (pdf) sets out the changes to the cookies law and explains the steps you need to take to ensure you comply. The updated guidance provides additional information around the issue of implied consent:

  • Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
  • If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
  • You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.
  • In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.

Here’s their FAQ video:

If you have any questions, please feel free to contact us.

Easy explanation of landing pages and squeeze pages

Do you want a really easy explanation of landing pages and squeeze pages? For the hardened web master or internet marketer, this is kids stuff. For the rest of the normal web users – it’s probably a little bit confusing and you’re probably wondering (if you have a website) ‘do I need a landing page or squeeze page?’ or even ‘what IS a landing page?’.

Forgive my tone from here on in as I’m going to try to explain this in a way that anybody can understand the concept – bear with me!

Web pages, SEO and landing pages – an idiots guide

explanation of landing pages and squeeze pages

A web page is a html document (a bit like a Microsoft Word document) that shows in your web browser when you visit it’s web address or URL (like: http://www.google.com). The page is ‘hosted’ on a web server and the web address or URL, points to that page. When you are on a web page, you can right click and ‘view page source’ – this will show you the ‘html code’ that tell the browser how to display the page to you. I think you’re still with me? OK good.

A web site is made up of a home page (as above) and other pages linked from the home page with different content – the home page being the page that the web address points to – your visitors ‘landing page’, if you like. It’s called this because its the place where visitor land when they type the web address into the browser. (Just in case, your browser is the program you use the view the internet such as Google Chrome, Internet Explorer, Safari, Mozilla Firefox etc.)

Most sites also have an ‘about us’ page, a ‘services’ page and a ‘contact us’ page. The contact us page will have a form where you can enter your name, address and a message that sends an email directly to the web site owner. Sometimes you get an automated email back saying ‘thanks for your message’. I think most people have experienced that kind of form on a web site and are familiar with the process. Continue reading “Easy explanation of landing pages and squeeze pages”