Another round of virus infesting emails directed at Facebook users (Facebook=the new Microsoft?).   I always see things like this in batches and this is about the fourth round of similar emails.

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.
Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,

The Facebook Team

Of course, an agreement would never be in an executable file and you should never run an executable file sent to you by email by persons unknown.

Recently a colleague of mine sent a flustered reaction about a solicitation she had received by email where the sender had said they received her address from “Such and Such” Chamber of Commerce.  She went on to say, she wasn’t even a member of that chamber- how could they be distributing her email address?  Did HER Chamber share the information with another Chamber?

I responded with an explanation from my own observations and experience and received some good feedback on how helpful this information was, so I have decided to share it here for all. It seems this isn’t as intuitive or obvious as I used to think to many business people.

Dear Y,
No, I wouldn’t assume that your chamber shared your address with another chamber or anyone else for that matter.  This is simply a spammer who didn’t bother to change his form letter to the chamber that you are member of from which he (or a company he uses for marketing) harvested your email address.

Here’s the reality :

1. All Chambers have member directories which include address & email addresses. This is a “benefit” so their members can do business with other members
2. Some of these member directories are online- accessible from anyone in the world.
3. People will abuse this, whether THEY are members of that chamber or not.
4. It costs VERY little to hire someone to transcribe an online directory or scanned printed directory into a database of names & addresses that can be used for mail merges etc.
5. THOSE lists get passed around ad infinitum (maybe you were in the THAT chamber five years ago, the 3rd party created list is not updated as chamber memberships change). I just had someone I know locally send me another Chamber’s mail list. I didn’t ask for it and I don’t use lists, but it was handed to me nonetheless. That person was trying to be a “good guy” by providing this resource to his business buddies.
6. Spammers want to make their letters look legitimate and personable. “So and so” gave me your name gives them more credibility than having no point of reference.
7. Sadly legitimate small businesses don’t even think they are SPAMMING when they do this. These are LOCAL businesses soliciting other local businesses.  They have so-called marketing firms or buddies tell them it’s a good idea, that they’ll get the client out in front of “5000” area businesses or such.  I even work with groups that use purchased lists- ultimately, even with assurances from the list source, those groups have no real control of how those addresses were obtained.
8. I get emails AND phone calls AND mail from people CLAIMING they are also members of the Fair Oaks chamber when they are not. I get email AND phone calls AND mail from people who have harvested my address from various other sources (I can tell since I often use alternate email addresses for different groups and associations).
9. A group I am with even had a past member posted a nasty blog entry a couple of years ago claiming that the group “sold” their contact information to spammers. This wasn’t the case.  Reality is—UNTIL a couple of years ago—the group’s member directory was posted online, making it easy for a spambot to harvest members emails. 
10. This spamming and unwanted solicitatious behavior will not stop, especially with such easy targets of consolidated data.

Again, posting member directories with contact information was and still is TYPICAL behavior by associations and chambers. If you’ve ever been or are in any sort of group with a member directory, your email addresses, phone numbers, and addresses have all been exposed by many sources for a very long time.

Sadly, good intentions have been exploited by others. Small businesses unwittingly become spammers as they see nothing wrong with soliciting other local businesses (see my past post The Definition of Spam).

Recently I received a Phishing scam email that was written to target people who host websites with a popular hosting company (in this instance, HostGator clients). The email subject was “web hosting update” and read:
“Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.
Please confirm your FTP details by using the link below:”

As with all Phishing attemplts, the link did not link to Hostgator servers, but the scammers fake, deceptive website. You can generally view the destination URL by hovering OVER a link in an email in programs such as Outlook, noting that scammer URLS usually start out with what looks like a legitimate address but on careful examination continue on to a longer domain name (ex. http://paypal.com.leggtts.co.uk or such)

As always, be careful when receiving requests from companies to ‘confirm’ or ‘reset’ your login information. Always use your own bookmarked links to access your accounts, not one in an email that say “use the link below”.

(The information is  from an email warning sent earlier this week to all our clients using the Wordpress platform.  If you are a past YNot Web client from 2006 or later and did NOT receive this email, PLEASE contact us at 916-436-1638 to confirm whether this information pertains to you.  Email or spam filtering may have kept you from receiving this vital information.)

Over the holiday weekend, information went out that there is a worm virus making its way across the internet looking for old, unpatched versions of Wordpress.  Only the last two versions of Wordpress- 2.8.4 and 2.8.3 (released in the last couple of months) are immune to this worm.

Most of YNot Web’s websites since the beginning of 2007 are built upon the Wordpress platform.  Our recommendation to each project client was to plan on upgrades once or twice per year.  You can see your Wordpress version by logging in to your Dashboard- it will display your installed version on the first screen.

If your site launched prior to August of this year and you have not upgraded or had someone else upgrade your site, I urge you to do so now.  Please also, make sure that you fully back up your files and the database before an upgrade is started.

Rest assured, if you have a monthly maintenance/retainer agreement with YNot Web, you have already been upgraded or been notified that your upgrade needs to occur this week.

Upgrades can be fast & simple, especially if done on a regular basis, but grow in complexity the more plugins (added features) you have and the larger the difference in versions (there were major changes at versions 2.3, 2.6, and 2.7).   Also, your hosting company choices can ease the complexity of upgrades.  If you are hosted with HostGator, our top recommended host since mid-2007, their backup system and Fantastico application control facilitate a smooth transition.

Again, if you do not have version 2.8.4, I urge you to make plans to upgrade now.  Please let me know if you need assistance with this- either by scheduling the work with us or if you need login/hosting account reminders to provide to someone else.  Attached below are some basic steps/best practices for anyone who wants to manage the upgrade on their own.

How to Backup-Update Wordpress on HostGator Hosting

Just a heads up that another round of phishing is going around targeting Adwords customers.  If you get the following email, DELETE it- it contains links to NON-Google sites that are set up to extract your credit card information from you.  They are indiscriminately mailing domain contacts with standard email addresseses such as info@.

From: Google-AdWords [mailto:adwords-noreply@google.com]
Sent: Wednesday, November 05, 2008 8:37 AM
To: Information
Subject: Account Reactivation.
 
——————————————————————-

Dear Advertiser,

Our attempt to charge your credit card for your
outstanding Google AdWords account balance was declined.
Your account is still open. However, your ads have been suspended. Once
we are able to charge your card and receive payment for your account
balance, we will re-activate your ads.

Please update your billing information, even if you plan to use the
same credit card. This will trigger our billing system to try charging
your card again. You do not need to contact us to reactivate your
account.

To update your primary payment information, please follow these steps:

1. Log in to your account at http://adwords.google.com/select.
2. Enter your primary payment information.
3. Click ‘Update’ when you have finished.

———————————————————————–
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please visit the Google AdWords Help Centre
———————————————————————-

Thank you for advertising with Google AdWords. We look forward to
providing you with the most effective advertising available.

 

This week I started noticing a large-scale phishing attack against enom user accounts. 

Emails are being randomly sent to common (e.g. sales@, info@, admin@ etc), dictionary and to randomly-gener ated addresses, and so will be received by a lot of people without ENOM accounts, including YNot Web customers. The mails are very well-written and look very legitimate.  The first one I received left me scratching my head as I thought “but I have NO enom accounts.”  I’d mostly expect some confusion and some slight panic as the messages are warning of downtimes as well as “complaints” against you for inaccurate whois information.

The emails seen so far use subjects like the below (click for full letters that we have gathered):

• maintenance at enom.com – warning!
• attention: Inaccurate whois information.
• Inaccurate whois information.
• Warning: Inaccurate whois information.
• Your domain must be deleted today

The “from” addresses are randomly selected and may include:

• support@enom.com
• info@enom.com
• info2@enom.com
• customercare@enom.com
• tech@enom.com

The emails sent vary from merely mentioning maintenance and including an account login link, to enticing clicks by saying that your domain has been suspended unless you login and verify data. Links will take you to a non-enom site such as enom.comsys52.net which will store a person’s logon details for later exploitation.

If you receive such a message, DELETE it.  If you happen to be an ENOM user and have clicked on a link in one of these messages and entered account details(even if you weren’t sure if you were an ENOM user and you entered ANY account information) , you have unwittingly compromised your accounts. Immediately change your login information to your ENOM account and contact ENOM to inform them that you have been the victim of a phishing attack.

As I reported back in late-March, there has been a new crop of phishing scams now targeting both Google and Yahoo advertisers.

Google finally officially responded this week by posting “How to avoid getting hooked” on their official Google Blog as well as emailing apparently all Adwords advertisers with an email which refers people to this article as well as notification that there have been reports of phishing attempts that falsely appear to be from the standard Adwords email address.  Google reminds advertisers that Google’s AdWords team would never send an unsolicited message asking for advertiser’s password or other sensitive information by email or through a link sent via email.   They also ask that advertiser’s report any phishing email to them completing their Report Phishing Form.

Google’s post goes on to include tips on how to avoid phishing- whether you are a Google advertiser or not, I highly recommend you follow these steps to protect yourself from any phishing attempts.