Another round of virus infesting emails directed at Facebook users (Facebook=the new Microsoft?).   I always see things like this in batches and this is about the fourth round of similar emails.

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.
Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,

The Facebook Team

Of course, an agreement would never be in an executable file and you should never run an executable file sent to you by email by persons unknown.

Recently a colleague of mine sent a flustered reaction about a solicitation she had received by email where the sender had said they received her address from “Such and Such” Chamber of Commerce.  She went on to say, she wasn’t even a member of that chamber- how could they be distributing her email address?  Did HER Chamber share the information with another Chamber?

I responded with an explanation from my own observations and experience and received some good feedback on how helpful this information was, so I have decided to share it here for all. It seems this isn’t as intuitive or obvious as I used to think to many business people.

Dear Y,
No, I wouldn’t assume that your chamber shared your address with another chamber or anyone else for that matter.  This is simply a spammer who didn’t bother to change his form letter to the chamber that you are member of from which he (or a company he uses for marketing) harvested your email address.

Here’s the reality :

1. All Chambers have member directories which include address & email addresses. This is a “benefit” so their members can do business with other members
2. Some of these member directories are online- accessible from anyone in the world.
3. People will abuse this, whether THEY are members of that chamber or not.
4. It costs VERY little to hire someone to transcribe an online directory or scanned printed directory into a database of names & addresses that can be used for mail merges etc.
5. THOSE lists get passed around ad infinitum (maybe you were in the THAT chamber five years ago, the 3rd party created list is not updated as chamber memberships change). I just had someone I know locally send me another Chamber’s mail list. I didn’t ask for it and I don’t use lists, but it was handed to me nonetheless. That person was trying to be a “good guy” by providing this resource to his business buddies.
6. Spammers want to make their letters look legitimate and personable. “So and so” gave me your name gives them more credibility than having no point of reference.
7. Sadly legitimate small businesses don’t even think they are SPAMMING when they do this. These are LOCAL businesses soliciting other local businesses.  They have so-called marketing firms or buddies tell them it’s a good idea, that they’ll get the client out in front of “5000” area businesses or such.  I even work with groups that use purchased lists- ultimately, even with assurances from the list source, those groups have no real control of how those addresses were obtained.
8. I get emails AND phone calls AND mail from people CLAIMING they are also members of the Fair Oaks chamber when they are not. I get email AND phone calls AND mail from people who have harvested my address from various other sources (I can tell since I often use alternate email addresses for different groups and associations).
9. A group I am with even had a past member posted a nasty blog entry a couple of years ago claiming that the group “sold” their contact information to spammers. This wasn’t the case.  Reality is—UNTIL a couple of years ago—the group’s member directory was posted online, making it easy for a spambot to harvest members emails. 
10. This spamming and unwanted solicitatious behavior will not stop, especially with such easy targets of consolidated data.

Again, posting member directories with contact information was and still is TYPICAL behavior by associations and chambers. If you’ve ever been or are in any sort of group with a member directory, your email addresses, phone numbers, and addresses have all been exposed by many sources for a very long time.

Sadly, good intentions have been exploited by others. Small businesses unwittingly become spammers as they see nothing wrong with soliciting other local businesses (see my past post The Definition of Spam).

Just a heads up that another round of phishing is going around targeting Adwords customers.  If you get the following email, DELETE it- it contains links to NON-Google sites that are set up to extract your credit card information from you.  They are indiscriminately mailing domain contacts with standard email addresseses such as info@.

From: Google-AdWords [mailto:adwords-noreply@google.com]
Sent: Wednesday, November 05, 2008 8:37 AM
To: Information
Subject: Account Reactivation.
 
——————————————————————-

Dear Advertiser,

Our attempt to charge your credit card for your
outstanding Google AdWords account balance was declined.
Your account is still open. However, your ads have been suspended. Once
we are able to charge your card and receive payment for your account
balance, we will re-activate your ads.

Please update your billing information, even if you plan to use the
same credit card. This will trigger our billing system to try charging
your card again. You do not need to contact us to reactivate your
account.

To update your primary payment information, please follow these steps:

1. Log in to your account at http://adwords.google.com/select.
2. Enter your primary payment information.
3. Click ‘Update’ when you have finished.

———————————————————————–
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please visit the Google AdWords Help Centre
———————————————————————-

Thank you for advertising with Google AdWords. We look forward to
providing you with the most effective advertising available.

 

This week I started noticing a large-scale phishing attack against enom user accounts. 

Emails are being randomly sent to common (e.g. sales@, info@, admin@ etc), dictionary and to randomly-gener ated addresses, and so will be received by a lot of people without ENOM accounts, including YNot Web customers. The mails are very well-written and look very legitimate.  The first one I received left me scratching my head as I thought “but I have NO enom accounts.”  I’d mostly expect some confusion and some slight panic as the messages are warning of downtimes as well as “complaints” against you for inaccurate whois information.

The emails seen so far use subjects like the below (click for full letters that we have gathered):

• maintenance at enom.com – warning!
• attention: Inaccurate whois information.
• Inaccurate whois information.
• Warning: Inaccurate whois information.
• Your domain must be deleted today

The “from” addresses are randomly selected and may include:

• support@enom.com
• info@enom.com
• info2@enom.com
• customercare@enom.com
• tech@enom.com

The emails sent vary from merely mentioning maintenance and including an account login link, to enticing clicks by saying that your domain has been suspended unless you login and verify data. Links will take you to a non-enom site such as enom.comsys52.net which will store a person’s logon details for later exploitation.

If you receive such a message, DELETE it.  If you happen to be an ENOM user and have clicked on a link in one of these messages and entered account details(even if you weren’t sure if you were an ENOM user and you entered ANY account information) , you have unwittingly compromised your accounts. Immediately change your login information to your ENOM account and contact ENOM to inform them that you have been the victim of a phishing attack.

Today I received notification that Constant Contact is changing their policies and will no longer have unlimited trial usage for mail lists with under 50 subscribers (useful for some of the non-profits or clubs that I’ve worked with). Now any list from 0-500 subscribers is subject to the $15 per month rate.
Also changing recently is the Express Email Marketing service that we resell through our YNot Shop. This service once was extremely affordable- as low as $9.95 per year! – but now the lowest we are allowed to offer it is $3.99 per month.
With all these recent pricing changes, I thought I’d take the opportunity to resummarize some of the autoresponder and mail list services I’ve previously recommended (see May 26, 2006) with their current 2007 monthly and yearly rates.

Service	Lowest Monthly Rate	Lowest Annual Rate	Restrictions at this price
AWeber	$19.95	$179.40	10,000 subscribers/unlim list
Constant Contact	$15	$153.00	500 subscribers
Express Email Marketing	$3.99 $7.99	$43.00 $86.28	250 emails per month 500 emails per month
Email Aces	$8.95	$107.40	2500 subscribers/1 list
GetResponse	$17.95	$145.40	unlimited/unlimited list

For the smallest lists, Express Email Marketing still wins out as the economical choice, however for larger than 250 but less than 2500 subscribers/emails Email Aces jumps into play, with GetResponse being the best value for large list owners or business with needs for unlimited lists (both Express Email Marketing and Email Aces cheapest plans only allow for one single list).

Okay, having the same question come in from several different clients is a sign that I just need to add the answer here. 

Question: How do I Share files with clients/colleagues/prospects when it is too big or gets blocked from going through email?

Answer: By using one of the many File Sharing Services available on the web.

File Sharing Services are basically renting space to host files specifically- sometimes for backup purposes, sometimes for sharing and collaborating with teams, sometimes to just make a large file available to someone who cannot receive it through email, etc.

You are probably familiar with places that specialize in photo sharing so your friends and family can see your vacation pix, etc. That is just a basic use.

True filesharing sites are more secure. The one I sell through the YNot Shop lets you upload files to a secure location and then email them to your recipients (instead of emailing an attachment, it emails them a link to download the document).  Here’s the link to read more:
Online File Folder (as low as $5/year )

Other file sharing services allow you to set up several users that are allowed to share and view the same space with the option to set some accounts with upload abilities(you) and some with download abilities (your clients). If you’re not a YNot Web client, or prefer one of these other scenarios, here are some other providers off the top of my head:

XDrive (free – $10/month)
GoDaddy ($6/year, go to Email options to find File Folders there)

Now granted, this is not the only way to share files.  Most web hosts will let you set up passworded FTP sites or you could also set up a password protected directory on your web site that holds files and such for downloads.  You then give the password to only those people you want access.  However, I have found this method seems overly complicated for most my clients and the small expense of a third-party file sharing service is worth it for ease of use for both them and their intended file recipients.

Lately I have been receiving a huge amount of spam- not those normal levels of annoying amounts that get stuck in my spam filter anyway- but a noticable influx alot of which is getting through my spam filters with business-like topics such as “RE: Our meeting” and “Nice to meet you”.

So I started to investigate and fortunately for me, MOST this new spam is coming through one particular address.  See, I set up addresses just for this purpose- spam avoidance.  Not only can I change this address, I can set up “spam catchers” to discover who may have leaked my address to spammers.  Let me explain.

The address I am getting this huge new amount of spam is one I use for ‘art’ related services- stock photography, icons, images, etc. that I use in the course of my business.  I have used this address for three companies.  Suspiciously, I recently cancelled my membership with one of these companies… so I have my main suspect.  Often companies will sell or give your contact information to 3rd parties which is why you MUST read their privacy policies.

So to prove where these spam may have originated from (in case the two companies I continue to work with are not honoring their privacy policy), I just added two addresses- one for each of these companies and updated my profile with each.  My previous email address no longer exists and I will be instantly alleviated of the spam.  If either of my current art contacts sells or shares my address, I will know exactly who the problem-child is and end my business-relationship with them.

Forwarding email addresses are great for this purpose– check your domain registrar or web host. Most of them (including YNot Web) include Free Unlimited forwarding or “alias” email addresses. Try it out -especially when you are unsure of who you are dealing with on the internet.