I went for a walk along the old abandoned Duns to Greenlaw railway line yesterday. As a result of all the recent rain, a huge swath of this field was underwater. The cold nights had frozen the flood waters a peculiar milky white colour, and in the bright full sun of the early morning the distant ridge eerily looked like a misplaced sand dune.
I recently received a rather unusual email. I’d heard of them before, they’ve even been mentioned by comedians on stage, but I’d never seen anything quite like it; it was probably the longest phishing email I’ve ever received, but also the least effective.
Phishing, if you didn’t already know, is an attempt to obtain personal information (normally website login details, account passwords, bank details or even credit card numbers) by way of email. A well designed phishing email will look identical to the emails sent by reputable companies, typically PayPal, eBay or your bank, but it is entirely fake. The intent of these dubious messages is simple; they are designed to encourage the recipients to click on a link to a website which requires them to input their account details. The catch is (no pun intended), the website will also be fake, set up purely to capture a username and password or financial information. If successful, the party responsible for sending the phishing email will receive all the details they need to log into an account and do whatever damage they want (typically spend your money and empty your bank account as quickly as possible).
Awareness of this type of email scam is growing, but I felt inclined to address it following recent queries from some clients about messages they have received following the activation of certain online accounts. So if you want to avoid the possibility of falling for a phishing email there are various things you can do:
1. Firstly, ask yourself if you have actually used the website the email relates to? I have often received genuine looking emails from Barclays asking me to confirm my details. The messages could definitely fool someone into believing that they are real, but I’ve never banked with Barclays, which makes it an obvious attempt at phishing.
2. I have different email accounts and I use them for different purposes. If I receive an email asking for account confirmation to email address ‘A’, but email address ‘B’ is the only one my bank has on record, then it’s another attempt at phishing. If you only have one email account you may want to consider setting up a second just for banking.
3. If you receive a genuine looking message to the correct email account check who the message has been addressed to. If the message is addressed to “undisclosed recipients:” or you have been CC’d as part of a large group, then both these things indicate that it’s a phishing email.
4. Still not sure? Check who the message has been sent from. If your bank’s website address is www.bigbank.com then messages they send will typically be sent from an address ending @bigbank.com. If it’s anything else it could be a phishing email.
5. Other tell tale indicators are the links contained within the email; both the links you are being asked to follow and the links for the images contained within the email (if it’s in HTML format). Again, if your bank’s website address is www.bigbank.com then all links (including image links) should start with http://www.bigbank.com/… – if it’s anything else it’s a phishing attempt.
6. Lastly, if you are ever concerned about a phishing email the easiest thing to do is forget the email and go direct to the website in question without clicking on any links. For example, you receive a suspicious looking email from PayPal. Fine, file it away, open your browser yourself, type in www.paypal.com and log into your account. If there is a problem this will be confirmed within your account, if not, you were right to be suspicious and it was a phishing email.
There are however some attempts at phishing which really aren’t that complex. There’s no use of HTML formatting, there are no faked graphics, no requests to click on suspicious links or warnings that you might lose access to your account unless you take immediate action. This brings me back to the email I received; sometimes the phishing email is just a story (copied verbatim):
My name is Miss Guei Nadia Nina I am 21 years old Girl from Ivory Coast. I want to have a common relationship with you, I need to tell you more things, but first I need your help to Stand for me as a trustee.
My father Late Army General Robert Guei, was the former Military President of the Republic of Ivory Coast who was assassinated in the year 2002 by President Laurent Gbagbo who is in detention now facing judgment.
Some months after the remembrance of my father, my uncle conspired with my step mother and sold my father’s properties to a Chinese Expatriate. On a faithful morning I opened my late father’s briefcase in the village and found out document which my beloved late father used and deposit some money in a bank in Ivory Coast, with my name as the next of kin. I traveled out from the village to the city to withdraw the money so that I can start a better life and take care of myself. The Branch manager of the Bank whom I met in person told me that my present status does not permit me by the local law to clear money or make a transfer of money into an account, he advice me to provide a trustee who will help me and invest the money or I should wait till when I will get married it demand by their Authority.
I have chosen to contact you after my prayers and I believe that you will not betray my trust. But rather take me as your own blood daughter and help me. Though you may wonder why I am so soon revealing myself to you without knowing you well, I will say that my mind convinced me that you are the true person to help me. More so, I will like to disclose much to you if you can help me to relocate to your country because my uncle has threatened to assassinate me the same way my father was assassinated just because of his Estate. The amount is $26 Million and I have confirmed from the bank manager in Abidjan. You will also help me to place the money in a more profitable business venture in your Country.
However, you will help by recommending a nice University in your country so that I can complete my studies as soon as the money is transferred to your country. It is my intention to compensate you with 30% of the total money for your services and the balance shall be my capital in your establishment as soon as I receive your interest in helping me, I will put things into action immediately.
In the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction sincerely. Please do keep this only to your self.
I beg you not to disclose it till I come over because I am afraid of my wicked uncle who has threatened to kill me just because of my late fathers Estate.
Miss Guei Nadia Nina”
This story is clearly nonsense, it was sent from an address at Yahoo and it was also sent to multiple recipients (d’oh). No forgery, no gimmickry, no links, just a sob story and an email address. So in addition to the complex phishing attempts that are going on, be on the look out for the less obvious ones too, and to ensure a safe and secure online experience you should always keep your web browser up to date (consider installing a different browser just for banking too) and always make use of the latest security software that incorporates a firewall, malware, antivirus and spam software.
Following on from the above, I recently received the following phishing email:
Hope this mail meets you well, please permit me to introduce my self to you, my name is Paul Dansua, I am 19 years old, the only Son of Late Mr. Emmanuel Dansua who was a famous cocoa merchant based here in Abidjan , the Economic capital of Ivory Coast (Cote D’Ivoire). I am seeking for your assistance to help me transfer the sum of ( $7,500,000.00 ) Seven Million Five hundred Thousand United State of American Dollars that I inherited from my late father to your bank account. I am willing to offer you 15% of the total fund as a mode of compensation after the transfer for your time and effort. If you agree on this proposal and ready to assist me please indicate by furnishing me with your phone and fax numbers including your full address to enable easy communication between me and you. Waiting for your cooperation.
I still can’t quite believe that spammers think people are stupid enough to fall for this!
And another one:
“Greetings, from Miss Lare Faysolibe.
BP 30 Abidjan 07, Ivory Coast
Abidjan Coted’Ivoire (West Africa)
Please, may you receive this letter with peace of mind and with due respect as it may be very strange to you since I have not communicated or know each other before. I am looking for your cooperation in building a Tourist Hotel or Real Estate or to invest into another business you can advise me in your country. I am sorry if this is not in line with your business. I need your assistance to help me set up; develop the project with $5.4Million dollars only, which I inherited from my late father who is the owner of African Gold Market Investment West Africa, my late father has Gold mining site in Ghana. On the resumption of the project, you will be made a Director for the role and the assistance you rendered.
You will also be entitled to a percentage agreed upon between me and you before the commencement of the project. Your immediate reply will be highly appreciated and I shall give you more information on this project. I will be very happy to receive your acceptance reply to help me to accomplish this plan to come to your country to further my educations while you will be managing the investments on my behalf. Please kindly help me for the sake of God and humanity. I am anxiously waiting for your acceptance reply to help me out.
Miss Lare Faysolibe
I thought these poor attempts a phishing had died out – they seem to be on the increase these days!
Smart Swing Solutions, Melrose
Just completed the logo files for the new Smart Swing Solutions project. A range of different logo ideas were formulated around the curve of a golf swing, the shadow cast on the dimples on the surface of a golf ball, as well as a few concepts based purely on font selection. This logo (with the clearly recognisable outline of a professional golfer in mid swing) was chosen because of the immediate visual impact and the curve of the rising ball underlining the text. Onto the site design now.
In an earlier blog post entitled “In layman’s terms: Search engine optimisation, marketing and Google Panda” I briefly outlined traditional search engine optimisation techniques and how the Google Panda update had modified the way in which websites are indexed and ranked by Google. Ultimately the Panda update was a much needed clean-up of the websites in Google’s index; a digital spring clean to rid Google of duplicate sites, websites with similar affiliate content, spam websites and sites built simply to make money through click through advertising revenue. This was done in several different ways, but mainly by analysing content and website metrics.
The Panda update cleaned out many spam sites, but it also had a huge impact on website traffic and rankings for a considerable number of genuinely popular websites (some being removed from the index altogether, others plunging down the results pages to positions that seldom see the light of the sun; a fate often referred to by webmasters as “Death by Panda”). Despite this upheaval of the Google index, many spam sites and websites featuring duplicate content seemed to get away without penalty (or even appeared to perform better). Cue “Death by Penguin”.
Google Penguin is essentially a follow up to Panda, engineered to root out any spam sites and dodgy websites that feature poor or duplicate content, particularly those that stuff their website pages and inbound link text with far too many keywords. Amongst other things, Penguin looks out for low quality inbound links that are laden with keywords, and as a result sites with suspicious link building activity have been hit and seen a reduction in traffic as a result of lower ranking (and this is not to be confused with manual link warnings that appear in Google Webmaster tools, as these warnings have more to do with buying links and link networks). With Panda and Penguin on the loose there is nowhere to hide, and comments and tweets from Google have indicated that there will be a lot more “jarring” updates to come which will continue to stir up website rankings and traffic in a bid to ensure only the crème de la crème of sites are ranked highly by the engine.
You may be thinking that if your website features genuine content, no spam, no duplicate copy, no affiliate links, a high text to advert ratio and your content and links aren’t stuffed with every keyword imaginable, then Google Panda and Penguin have nothing to do you with. Unfortunately this is not the case. Although the updates were designed to clean out the web and ensure that only good quality websites feature high up the rankings, the net result of the changes mean that the bar has been set much higher for ALL websites. You may have a nicely designed and well optimised website that features several pages of original content, but if you want your website to perform well in Google then the chances are you need to enhance it by integrating with social media, developing and evolving more unique content, improving functionality and interest, then making certain that all these things improve visitor metrics and keep people on your site, as well as returning to it time and time again.
Border Motorhome Hire, Stow
Following the design of the logo earlier in the year, Scottish Borders Website Design launched the new Border Motorhome Hire website today. The brochure site features information on motorhomes, photos, rates, a route planner and newsletter sign up form. To add an extra level of creativity the statement “Wish you were here” (normally found on postcards) was turned into a question and repeated over the banner photo. After all, you can holiday wherever you want when you hire a motorhome!
We all know how annoying and frustrating it can be having to come up with a unique password for each of the many online website accounts we have. It’s quite convenient to use the same password, but recent website hacks have shown that this practice could compromise all that personal data and digital information we’re trying to keep locked away. A recent article revealed that the average web user has something like 25 online accounts but only 6.5 passwords. That may be handy when it comes to logging in (or reducing the time it takes to get into an account when you happen to forget the password) but if one of your accounts is hacked it means it’s very easy for the hackers to then access all your other online accounts. With the power of even an average CPU to play with, a hacker can run a script to test billions of password combinations in just seconds. If a hacker gets into one account then it’s really not difficult to try other accounts using the same password, or to run a script to guess at them. It may be a pain in the hyppocampus to have a different password for every website account, but if you want to secure your personal data, I recommend starting on the cod liver oil to help improve your memory.
License Production Music, Duns
Scottish Borders Website Design is very excited about this new venture. LPM is the music side of the business – a source of unique and highly original rights cleared music that will shortly be available for licensing in film, TV, radio, advertising and the games industry. LPM needed it’s own identity, but the shades of pink used within the icon connect it to Scottish Borders Website Design. The icon itself adds an element of symmetry, balance and movement, and is based on a spinning CD (or record, if you’re old school). We’re moving onto the website design and online music catalogue next.
Social media is an essential element of marketing and website promotion for businesses large and small. The Panda update that Google rolled out last year means that website developers, marketers and business owners can’t rely on old fashioned SEO and link building techniques to help keep their sites near the top of the rankings in organic search. Facebook might be thought of as online Marmite by some (I know more people who would rather repeatedly hit themselves in the face with a bouquet of thistles than use Facebook), but a significant company presence on Facebook, combined with a decent number of “likes” and links does aid website marketing and boost site traffic.
However, I think we need to question the true value social media has with regards website marketing and SEO. Facebook recently announced that 83 million of its accounts are fake. A quick search online will allow you to find websites that offer to sell “likes” and “followers” by the tens of thousands for Facebook and Twitter – these fake users appear to make a company or product considerably more popular than it actually is (all for $10 or under, thanks to assistance from outsourcing services in India and China).
In an article last July a BBC reporter set up a fake account, purchased “like adverts” and discovered “Within minutes people were starting to “like” my meaningless site, and within 24 hours I had 1,600 likes – and had spent my $10. Where were they from?”. 1,600 likes for a completely fake account and $10 profit for Facebook; not a bad business model. With fake users, fake likes and fake followers what’s next? Well just today, the BBC reported that a fake Facebook advert for £75 worth of free Tesco vouchers has fooled many users, and is nothing but a scam.
Don’t get me wrong, I’m not anti-Facebook, it is a very effective social media marketing tool, however I do still need to be convinced of Google’s consideration of social media when it comes to gauging site popularity and ranking of results in organic search. With companies profiting from creating fake Facebook accounts, and Facebook users and Facebook itself unable to accurately gauge which accounts, “likes” and followers are fake, should social media currently have a strong bearing on SEO and search engine results?