Web Savvy Marketers

Don’t Make These 5 Domain Name Mistakes

domain name
Sad Brown Cat” by Francis Victoria Gumapac, used under CC BY / Modified from original

Your domain name is a critical component to your online presence. As your internet address, it points visitors to your website. Without it, you have no visitors, no readers, and no customers.

Don’t make these domain name mistakes and risk the safety of your domain name and website.

Mistake #1: Falling for the Fake Renewal Notice

Because all domain names must be registered with ICANN, the Internet Corporation for Assigned Names and Numbers, they are there for the taking by spammers and marketers who do Whois searches. By doing a ICANN Whois search, you can get a domain name’s data, including the owner’s name, address, phone number, and email address.

Having this one global internet has its drawbacks. After registering your domain name, you might start to receive marketing spam to the email address you used to register it with.

Watch out for the renewal notice sent by fake registrars (or very unethical ones). If you pay the renewal invoice to these fraudsters, you are not only losing money, but you could be initiating a domain name transfer. Your website and email, if you have it through your registrar, will crash and your original domain name provider will no longer be in effect.

Use extreme caution when you receive a renewal notice. Make sure you know who your registrar is and when your domain name expires. A quick check Whois search will answer these questions.

Any unsolicited domain name emails inviting you to either register for a new top-level domain name or to renew an existing one should be treated as if it is spam until you verify the information.

Mistake #2: Thinking You Own Your Domain Name When Using a Privacy Service

Whois privacy services are designed to protect your domain records from public viewing. Instead of our personal contact information, you will see the registrars (or whoever is selling the service). What most people don’t realize is that the name listed in the domain Whois record as the domain registrant is the owner of the domain.

In a rare dispute case, the owner of the case isn’t you, regardless of anything written in a contract of terms of service agreement. You have no legal rights to the domain.

Another concern is that some domain registrars will sell your private contact information for a small fee to anyone who asks. Also, if a law enforcement or government agency wants it, it’s as good as theirs. (This doesn’t seem like a problem, but the rumor mill has it that they will give out this information at the first mention of the word “infringement.”)

A simple way to handle this if you’re concerned about privacy issues is to have your web hosting company list their name and information. Having a good relationship with your web hosting company can help you solve a lot of potential website problems!

Mistake #3: Forgetting to Renew Your Domain Name.

Make sure you have a valid email address for your Whois records. Not only will this be used to contact you to verify any changes that are made, but to warn you of impending domain name expiration.

In both cases, there is often a time limit imposed by the registrant, and if not met, your domain name will be suspended. Trying to recover a lost domain name involves financial costs and a few headaches.

Consider signing up for automatic renewal with your registrar. Your web hosting company can also be responsible for your automatic domain name renewal, leaving you without the worry of following through on a reminder from a registrar.

Mistake #4: Paying Registrar Transfer Fees

You are free to transfer a domain name registered in a generic top-level domain to another registrar, assuming you meet none of the exclusions as outlined in ICANN’s policy on transfers between registrars. These include waiting more than 60 days from domain name creation, no evidence of fraud, and no reasonable dispute over the identity of the Registered Name Holder or Administrative Contact.

If you pay a transfer-out fee, which can be more than double the cost of the domain name registration cost, then you’re paying for a charge that’s in violation of the ICANN transfer policy. Ask your credit card company to reverse the charges, and be glad you’ve transferred out.

Mistake #5: No Registrar Change Protection

Unauthorized domain name transfers are easy to avoid by taking preventative measures. The registrar lock, once set by your registrar, prevents unauthorized, unwanted, and unintentional changes to your domain name.

Unless it is unlocked, no one can modify, transfer, or delete your domain name. While locked, you are still able to manage your domain name by renewing it. Only certain top-level domain names can have registrar lock, including .com, .net, and .org.

Another added security layer is auth code. Some of the top-level domains require an eight character authorization code before you can transfer it. The auth code is supplied by the current registrar, and you will need it to transfer to another registrar.

These protections are generally offered for free by your registrar, and are often put in place automatically. If you have a transfer complaint, go to ICANN and fill out their ICANN transfer complaint form.

The work of managing your domain name can be turned over to your web hosting company, leaving you worry-free. But it’s good practice to be aware of the mistakes to avoid as well as who is responsible for making sure your domain name is safe.

Latest Email SEO Scam On Mobile-Friendly Updates

mobile friendly websiteWhy is it we’re more likely to question the credibility of unsolicited phone calls than we are to suspect emails? Unsolicited emails selling SEO services continue to run rampant, and now there is a new twist.

Google’s Mobile Friendly Update has brought with it a new spate of false email claims. The latest email SEO scam claims that your website isn’t mobile-friendly and will lose its ranking in search engines. The scam email might also include claims that your site isn’t “search engine friendly,” has an outdated design and layout, and a huge bounce back rate.

Of course, without their professional SEO services, your site is going to suffer numerous harmful search engine calamities, including losing potential clients. These self-proclaimed SEO experts say they have the instant fix to your SEO woes, and too many businesses fall prey to crooked or ignorant SEO marketing swindlers every day.

Stay informed and avoid getting taken advantage of with these tips.

Don’t Respond To Unsolicited Emails

If an email is unsolicited, there’s a 99.99% chance it’s not trustworthy, particularly if it is trying to sell you something and is using inaccurate information.

Google warns site owners to “be wary of SEO firms and web consultants or agencies that send you email out of the blue.”

Reserve the same skepticism for unsolicited email about search engines as you do for “burn fat at night” diet pills or requests to help transfer funds from deposed dictators.

Read that again. If you’re worried about your website not being mobile friendly, this is definitely not your answer.

Look for Red Flags

If an unsolicited email claims that you are in need of their services due to something you are lacking, your first reaction should be to question their information. Where’s their reports to back up their claims? Do they have proof of what they say they’ve analyzed, such as your site’s low rankings, high bounce rate, and absent mobile-friendly design?

You can check with Google Webmaster Tools to see how your SEO is doing. Begin with their Mobile Usability Report. Raise any concerns you have with your web hosting company before making any decisions.

Check Their Reputation

Don’t rely on a few good reviews and satisfied clients. This doesn’t mean that they’re not scamming you or haven’t scammed anyone else in the recent past. Take the extra few steps of checking with sites like the Better Business Bureau, Rip Off Report, and your state’s attorney general.

You can also search using the title of the company followed by “review,” “complaints,” “spam,” or “scam.” Beware of search results that include pissedoffconsumer.com, rippoffreport.com, or complaintsboard.com.

Any publicly posted complaints are obviously a bad sign. Even if some reviews are from disgruntled consumers who are overzealous, consider that there are potentially a dozen unhappy customers for every one who took the time to write and complain.

Do Your Own Investigating

Before you decide to respond to an email – preferably one that isn’t unsolicited – do your homework and check out their references. You can dig even deeper by investigating their website, their social media sites, and the websites in their portfolio.

All the pieces of the puzzle should fit together to point to a reputable, trustworthy SEO service. They know what they’re doing, and it doesn’t take much for them to build a facade with all these different tools. They are counting on the fact that they know more than you, and that most interested parties won’t take the trouble to investigate beneath the surface layer.

As “Mobilegeddon” spreads its pervasive new algorithm across the world wide web, website owners and publishers will want to make sure their sites are mobile friendly. Don’t let the mobile-friendly scare tactic fool you. It’s just the latest in a series of fast-talking pitches that promise to fix your website of things that might not even need fixing.

Check to see if your site is mobile friendly by reading our latest post, Is Your Site Mobile Ready? Then check with your web hosting company to see what needs to be done to make sure your site is responsive to all screen sizes.

 

Why the Password Will Never Die

password is not dead
This work is a derivative of “door key” by woodleywonderworks, used under CC BY.

A password is like a house key. It’s job is to secure the lock on your door. If you were to lose your key and a burglar got a hold of it and broke into your house, would it be the key’s fault?

The key is merely doing its other job of allowing entry. The blame rests on the burglar, or the fact that you managed to lose your key.

The same goes for passwords. Blaming passwords for security problems isn’t looking at the whole problem. How the hackers are able to steal vast amounts of data is the real issue.

When deciding how to protect users, it boils down to a choice between security and usability. Most of the time, the choice leans towards usability to make it easier for users. No one likes being locked out of their accounts.

Multi-Factor Authentication Gives You Better Security

More services, however, are adopting the option of a multi-factor authentication system as a heightened security measure. This system requires the combination of several things in order for access to be granted to your data.

Google, for example, has adopted a two-factor verification system which requires two things. One is something you have, in this case a verification code sent to your smartphone. It could also be a physical smart card or token you plug into your device. The second verification is something you know, such as your password or PIN.

A third possible verification for multiple factor authentication is something you are, like Apple’s iPhone option of using your fingerprint. Other possibilities include face, palm, or eye (retinal or iris) scanning.

Making the shift from service utilization to service security will give you greater data protection. Requiring users to adopt added layers of security will assure heightened security. Leaving users in charge of changing their behavior to create better and safer passwords, for example, is a doomed mission.

How Do Our Passwords Fail?

Passwords are guessed, recycled from password dump sites, cracked through brute force attacks, stolen with a remotely installed keylogger, or totally reset by a hacker.

Because guessing is the simplest method, it’s hard to believe that people continue to use predictable, shoddy passwords. There are free password-cracking tools that are available to anyone who wants to try and break in, often with helpful YouTube videos so any novice can do it.

Passwords are reused with wild abandon. You know you do it. You create the perfect combination of letters and numbers, and every time you need to devise a new password for a new account, you fall back on your handy password creation.

Thanks to the inundation of password “hashes,” encrypted but readily crackable passwords that are dumped online for anyone’s consumption, your reused password makes for easy entry into multiple accounts through a single point of failure.

The invention of the cloud makes the ability to trick customer service reps into resetting passwords easier than ever. A hacker can find all sorts of personal information about you online and then use that to gain entry, first into one account, then into another.

The password is not dead, but we need to change our terrible password habits. Strengthen your password and create different versions for different accounts. Use multi-factor verification whenever it is offered. Keep your password keys safe so they can do their job.

Do your part to save the password from death.

 

More Password Hacking Methods and How to Stay Safe

Password hackers
This work is a derivative of “Credit Card Theft” by Don Hankins, used under CC BY.

Nearly half of all adults had their personal information exposed by hackers this year. The total number of accounts compromised was 432 million. This ongoing targeted theft isn’t going away.

Last month, 5 million Gmail usernames and passwords were published on a Russian bitcoin security forum. This follows the 70 million Target customers’ personal information, 33 million Adobe user credentials, 4.6 million Snapchat users’ account data, 3 million Michael’s payment cards, and 1.1 million Neiman Marcus cards.

The damage is real. Each record typically includes personal information, such as your name, debit or credit card, email, phone number, birthday, password, security questions and physical address.

It’s enough to get hunted down by an abusive ex-spouse. It makes you an easier target for scams. And even if only basic information about you is stolen, that can easily be paired with stolen credit card data, empowering impostors.

Top-tier hackers continue to take advantage of the fact that we are increasingly moving our lives online. They will often publicize sensitive information for other hackers to scramble and use. Their exploits are multifarious, leaving its victims – and potential victims – to scramble to stay ahead of their game.

What You Can Do To Stay Safe

By staying aware of the methods hacker’s use and taking the appropriate steps to prevent attack, you will be far safer than other users. “Cybercriminals exploit the weakest target first.”(CSIS Security Group)

WiFi Sniffing

Anytime you’re in public using your phone, tablet, or laptop, and you’re connected to a network outside your home, you’re opening the door to WiFi sniffing.

While you are browsing through an unprotected WiFi, you’re also broadcasting your data to anyone who wants to look. Because your data is sent to the router on radio waves, it reaches all connected devices at the same time.

Most users won’t be paying attention to the data you send, but the fact is, someone could be using a WiFi sniffer to pick up the information you’re broadcasting. Your URLs, passwords, usernames, and any other private data is up for grabs.

Use a VPN service which provides encryption in its connection. A virtual private network extends your private network across the public network, giving your WiFi-enabled device the same security it has when on your private network.

Malware Attacks

Malware are hidden programs that bury inside of your computer and then send data to other people without your knowledge. They are an epidemic on Windows and Android programs.

The most common method is through installing a keylogger or another type of spyware in your computer that watches what you type on the keyboard or see on the screen. In many cases, the goal is to steal entire systems of passwords and data, so the targets are often large organizations.

A devastating malware example is Zeus, a Trojan horse virus which made its appearance in 2007. This example combined the tactics of phishing with email to send users a rogue link. Once clicked on, the malware is installed in your computer and waits for you to log in to your online banking account.

In the case of Zeus, small businesses were a prime target, with $70 million stolen from 390 victims in one case in 2010. Educate yourself and employees on phishing email and link-clicking only on trusted sites and sources.

Security Questions

Hackers who gain access to your email account will often have an easy time of cracking your security questions. Because they have access to your social media, deducing the answers to basic security questions like “What city were you born in?” or even “What’s your favorite pet’s name?” is a walk in the park,

Once they manage to break through this flimsy security barrier, they are able to reset your password and get into your accounts. When you answer security questions, it’s a good idea to either answer with a lie or choose “other” when offered and create a security question that’s impossible for someone to guess.

Cyber Security Threats: Is This the Digital Wild West?

password hacking
Image is a derivative of “Cowboy” by Kevin Walsh under CC BY.

The battle is on and you’re a potential target. It doesn’t matter what you do to protect yourself from data theft, it is a real possibility.

Like a bank robbery, cyber threats will always be a present danger. As technology continues to advance, new methods of thievery are being devised.

You can, however, try to stay out of the crossfire. Keeping aware of the different password hacking methods used to steal your data is the first step in tightening your own security measures.

How Safe Are You from Password Hacking?

The most common form of hacking involves password and username theft. Our online passwords fail in every imaginable way when it comes to cyber security.

There are a variety of strategies hackers use to break into your accounts and steal your password. These three common methods are the first in the line of fire on your security.

Password Scavenging/Recycling

Most hackers rely on other more adept cyber criminals to grab your password and username. Scavenging takes place when the top-level hackers put stolen passwords hacked by compromising a database into a temporary public document for others to grab and use.

Once these hackers have their hands on your information, they try your password out on known services like PayPal. Imagine the fun they have when they discover that these users have the same password across many different accounts!

Phishing

Most of us have been recipients of attempted phishing because we have an email account. Hackers try to get your password and username (as well as your money) by pretending to be a website or company you trust.

The email will appear to be valid and authentic. Last week I received one from Delta airlines saying my ticket was attached and ready for printing. Funny thing is, I don’t recall planning on traveling to Oakland, CA!

Sometimes the emails are from your friends, but they normally will contain little information except the infected link.

Cloud Breaching

There’s a new school of hacking that’s rivaling phishing. This new wave of password theft involves breaching the cloud where vast amounts of data lie. If you weren’t already nervous about password theft, this new development is worth your attention.

Thanks to the recent news of the celebrity photo iCloud breach, more people are learning about this vulnerability. In the case of the celebrities, Apple said in a statement that certain celebrity accounts were compromised by “a very targeted attack on user names, passwords and security questions.”

Because we tend to reuse our passwords and usernames in multiple accounts, your personal information stored in the cloud is ripe for exploitation as one service allows entry into another. Tricking customer service agents into resetting passwords is a growing complication to this devastating method.

Stay tuned for more password hacking methods next week, followed by what you can do to protect yourself. Even the Wild West was eventually tamed.

 

6 Ways Your Site Is Hacked and What To Do About It

hackersAs you read this, thousands of hackers are working hard to hack your website and computer.

They are after your personal information, your social media accounts, and your website. Unfortunately, the safest measure to avoid hacking is to stay offline. Since that’s not feasible, you need to know what hackers do. Once you know that, then you can take preventive measures and worry a lot less.

Here are six popular hacker methods of attack:

Spamvertizing

When a site is hacked by spamvertizing, it means it’s included as a link in spam emails. The hacker has placed a piece of code somewhere on your site that redirects your viewers to a different site.

Why do they do this when they could simply send out emails with their own website link? Because spam filters have already flagged them as bad sites, and this way they can get more emails past spam filters.

The hackers will continue to spamvertize your site until it’s also flagged as spam and blocked, and then they will move on to a new site. This is when your web host will realize your site is spamvertized from complaints about the emails.

WordPress sites are common target as hackers go in search of new, uninfected sites to use for their spamvertizing.

Webcam control

Hackers are tapping into webcams around the world. To view some live action of webcam hacking, see Reddit’s list of controllable webcams. It’s hard not to when you know you can.

The scary news is there are ways for hackers to access your laptop camera or computer webcam without triggering the light that lets you know it’s being used. Despite all the claims otherwise, it appears there might only be one method to prevent this.

The most high-tech, failsafe way to protect yourself seems to be covering your camera lense with a post-it note or piece of tape. I used an expertly cut piece of Miss Kitty duct tape.

Phishing scams

Most of us wonder how anyone could fall for phishing scams. Those too-good-to-be-true emails that claim you have won a contest, job offer, or have money in an overseas account. Really?

Surprisingly, thousands of people fall prey to this each year, which is why these scams continue to flourish. Whenever you receive an email from an unknown source who is requesting information, never give anything away.

It’s no different than when you receive a phone call. You never provide any personal information to anyone unless you made the call to a verifiable number.

If you suspect your site is hacked with a phishing scam, call your web hosting company for assistance.

Trojan horse

Another use of phishing emails is the Trojan horse, where the hackers insert a virus into your computer. This virus can then send out spam email or attack other computers.

The virus is installed when you click on the file. Refrain from clicking on any link or opening any attachment. No matter how official the email looks, always go directly to the website to search for and open whatever is being offered.

Even if an email appears to be from someone you know, check with the sender to see if it’s valid before opening any attachment or link, particularly if there is little text included.

This scam can surface through social media with infected links. Be particularly wary of popups that tell you to update software or your video player.

Password hacking

The real trouble with password hacking doesn’t lie with intelligent guesswork. Most of the time, it involves data breaches at your web hosting company or another website that you’ve used your password with.

Sometimes, the hacker uses a virus embedded in your computer to access your system and record your passwords. Another method is to correctly answer your security questions. A simple way to avoid this is to supply answers that aren’t at all related to the question.

The bottom line is to create strong passwords, and to have different passwords for different accounts.

Open WiFi

Your business and home WiFi should be encrypted so outside users can’t connect. To be extra secure, set up a guest password with a separate guest password so your guests won’t have access to your files.

Once on your network, hackers and neighbors can surf to bad websites and download illegal files. They can see and record your activity and steal your information.

Just follow your WiFi router’s manual for instructions. When you’re in a public place, disable the WiFi if you’re not using the internet.

What to do about it.

Up-to-date security software

This is an absolute must. Security software will detect and prevent many viruses before they are installed. Be sure to keep it current at all times.

Plugins

Wordfence is my personal favorite WordPress plugin. They are a front line defense against hacker attacks. If for some reason hackers manage to slip through, Wordfence will alert you.

You get a lot of excellent site protection with the free version, and the paid features do even more, including early warning systems for spamvertising.

Google Webmaster Tools

This is a handy way to check and see if you’ve received a security threat. Go to your verified website in Google Webmaster Tools and click on Security Issues in the left side bar. It will let you know if they’ve detected any.

Cross-site Malware Warnings

When Google detects a site contains malware, it alerts users who are visiting the site with a browser warning. This lets users know that the content they are loading from a site has been identified as malicious.

Sometimes a site isn’t flagged on Google’s Safe Browsing list as unsafe, but there’s still a browser warning. This happens when a website has loaded content from a different site that contains known malicious content.

This is called a cross-site warning, and you will see this warning image:

site is hacked

If this occurs on your site, Google recommends locating and removing any reference to the domain that’s caused the browser warning. For more information on what to do, read Cross-site Malware Warnings.

Safe browsing site check

You can monitor the status of any site with the Google Safe Browsing diagnostics page. If you have any cause to doubt a site’s safety, this will help you determine if you should attempt to open it.

Beware of the Trojan Horse Emails

phishing emailsFraudulent email scams have upped the ante in their realism and ploy for urgency. The hard-hitting scams present themselves as the delivery services UPS, FedEx, and DHL, claiming that you’ve received a package.

Next, they want you to click on a link, or open an innocent-looking attachment of what appears to be a Microsoft Word document, or enter a legitimate-looking tracking number to check on your mystery package.

Hard to resist, right?

Once you’ve clicked the link or opened the attachment, it is impossible to resist. By doing so,  you’ve enabled the Trojan program to install itself so it can read your files, extract your confidential information, and then transmit all the goods to a server somewhere in the email-phishing hinterlands.

A Trojan differs from a virus in that a virus replicates itself – yep, just like in World War Z – and sends itself to other computers, whereas a Trojan is sent out by someone, often in a spammed email, and then installed by the unsuspecting victim.

Like the Trojan Horse in Greek mythology, a Trojan hacking program is hiding something that’s designed to attack you once it’s inside your system.

It hides within the phishing (as in phishing for information) email, which looks absolutely authentic, and because your curiosity is piqued – what can it hurt? – you go ahead and click. You thereby install the Trojan and begin the spiral into doom.

Your DNS records can now be modified and redirected so that incoming Internet traffic goes through the attacker’s servers, where it’s hijacked and injected with malicious websites and pornographic ads.

When a client of ours inadvertently installed a Trojan after receiving a UPS email, he called Super Savvy Carolyn to warn her about his doomsday fall. He continues to work with an IT professional who was able to retrieve some of his data.

The UPS email looks something this. As with both the UPS and DHL phishing email scams, when you hover your cursor over the link, the fake link is revealed, not a valid UPS or DHL link.

When I received a DHL phishing email, I remembered the all-important rule of thumb for attachments and links. When in doubt, go to the website directly.

I went to the DHL website, entered the tracking number, and discovered that it was an invalid number – duh! I also found their fraudulent email alert on the homepage. A happy ending to my story.

If you’re unsure of your own story’s ending and are concerned about a Trojan infection, this US government-certified publication outlines the steps to take. Go to the US-CERT site (Computer Emergency Readiness Team)  for more security tips and how to know if your computer is infected by a Trojan Horse or virus.

How to Avoid Infection from the Get-Go:

1. Know what you’re downloading and clicking!

Only download from trusted and well-known sites. Go directly to the website of the entity in question rather than the attached link. Don’t trust a pop-up or other unknown source for downloading anything.

2. Don’t go to untrusted or suspect websites!

Remember the rule for expiration dates and food items? It’s the same here.

When in doubt, throw it out!

3. Install a security software system!

If you own a Mac, use the Mac OS X’s built-in Firewalls and other security features. If you download a lot of media and other stuff, try ClamXav for Macs. For PCs, be sure to run up-to-date antivirus software like Norton Antivirus, and check out Mashable’s 5 Best Free Antivirus Software Options.

If you are unsure whether or not the program you downloaded or clicked on is infected, do a quick Internet search to see if other users reported issues after installing a particular program.

4. Avoid peer-to-peer file sharing applications!

By that I mean not only the obvious Napster-type of music file sharing, where you download often pirated small bits of files from many sources at the same time, but other sites as well.

Facebook, Twitter, Pinterest and YouTube are also vulnerable to malicious hacking. Links posted on these social networking sites are increasingly connected to malicious software.

The Facebook video masquerade and the Facebook bank account draining malware are two examples of cyber crime targeting social media’s most popular site. According to Symantec’s 2013 Internet Security Threat Report, “the number of phishing sites spoofing social networking sites increased 125%.”

Follow these tips to stay one step ahead of malware and Trojan Horse email and be safe from its hidden assault.

Flickr Creative Commons horse photo by Robin.

How To Prevent Zombie Hack of Your WordPress Site

Hackers seek out WordPressWhen you’re the most popular system out there, you’re bound to be singled out and attacked by jealous rivals. Just look at Microsoft and Google. The jealous underdog, Microsoft, even launched a Scroogled campaign in an attempt to undermine their arch nemesis, Google, the clear favorite.

Hackers Seek Out WordPress Sites to Build Zombie Army

WordPress is an obvious target by web-surfing culprits, with over 65 million users around the world. The crime campaign of recent brute force attacks against WordPress sites is a sign that a jealous rival has resorted to subterfuge.

The password-guessing nature of these attacks means the perpetrators are scanning the Internet for WordPress installations and attempting to log in using a list of over 1,000 password and username combinations, infecting over 90,000 IP addresses in its recent campaign.

“The attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” Cloudflare CEO Matthew Prince wrote in his blog post.

In other words, they are trying to build an army of zombies for future use in a cyber attack.

3 Things To Do Now

As a WordPress site owner, this means taking preventive action against becoming infected with a zombie-building virus. Take the advice of WordPress creator, Matt Mullenweg, and make three strategic moves to prevent hack of your WordPress site.

1. Change your password

There are several ways to change your password. The easiest way is to go to your WordPress dashboard and click on “Users” in your toolbar. Next, click on “Your Profile” and scroll down to the About Yourself section and enter in your new password.

You can also access your profile by hovering over your name in the top right corner and clicking on “Edit My Profile.”

The password strength indicator will tell you when you’ve found a strong password. Check out WordPress tips to selecting a strong password, which includes what not to do when choosing a password.

2. If your username is “admin,” or a suspect on the hacker list, change that too.

Most of you probably chose something other than “admin” when creating your profile. However, if you have “admin” or a common variant (i.e., adm, admin1, administrator, manager, qwerty, root, test, support, user), change it immediately.

If your username is the name you commonly use on your blog or website, changing it is advised. Remember, changing your username is half of your site security.

Here’s the list of the username/passwords that the hackers used in the recent brute force attack. Nothing like a glimpse into the mind of a cyber criminal, if this does indeed offer one.

For a simple step-by-step to changing your username, go here.

3. Keep your WordPress site and all plugins updated.

You know that little number that pops up next to the plugins on your dashboard? That’s the number of plugins that needs updating at any given time.

Before updating a plugin, check to see that the new version is compatible with your theme by clicking on “View version details.” Then update one plugin at a time, checking on a separate tab to see that your website is still functioning with the reload button.

Doing a website backup is another wise step before updating plugins.

If this sounds neurotic to you, then you haven’t experienced website failure from plugin conflict. If your site does go down, you’ll need to deactivate the plugin. If you can’t access your site to do this, you’ll need to go through your FTP (File Transfer Protocol).

Regular plugin updates are very important in keeping malware and hackers from finding a weak link in your site. Out-of-date and old plugins have been updated for a reason, and hanging onto them is an invitation for hackers to wrangle their way in.

If you are a Web Savvy client, call us, or call your Web hosting company to help you.

If your WordPress site has already been hacked, check with your hosting provider.

Flickr photo from Gabriel GM

Cybercrime Threatens to Break the Internet

Break the InternetCyber attacks have grown so big, so fast, and with so little preventive action in place that they’re being compared to a massive iceberg colliding with the Titanic.

“We see the threat coming [but] we haven’t taken adequate action to prevent harm, and every week the threat gets a little closer,” James Lewis, director of the technology and public policy program of the Center for Strategic and International Studies in Washington, was quoted in The Hill.

Last week saw the largest cyber attack in history. A DDoS (denial-of-service) attack at 300 gigabytes per second was aimed at Spamhaus, a European nonprofit organization that works to block spam from the Internet. A mere 50 gigabytes per second can derail a large bank.

Internet Highway Gridlock

DDoS attacks are like a giant traffic jam, where all the cars are trying to enter through a single gate, and everyone must show an ID card to get through. In the case of Spamhaus, CyberBunker, a web hosting service angry over being blacklisted, targeted them with an unprecedented amount of traffic in an attempt to make the service unusable.

As traffic clogged the Internet, other exchanges were affected and Internet slowed for mostly European users.

CloudFare, hired by Spamhaus to deflect the attacks, helped keep the site online. CloudFare’s co-founder and CEO, Matthew Prince, said, “I do expect that this record for the largest attack won’t be held long.  [A larger attack] could dwarf this in size. And that may, literally, break the Internet.”

Further damage occurred last week when three scuba divers tried to cut one of the main underwater cables that connects Europe off the coast of Egypt. Disrupting Internet service in Egypt and slowing down Internet connections as far away as India and Pakistan, the congested data was forced to flow the long way around the globe.

USA Launches Cybersecurity Order

In an effort to quell cyberespionage, Obama signed an executive order in February. The recent upsurge in Chinese hackers waging a cyber-spying campaign on U.S. businesses raised new security issues and new measures, including a ban on government agencies from buying China-made computers.

Not only are businesses and government agencies at risk, the people who are infiltrating our critical infrastructure are capable of wiping out  “our power grid, our financial institutions, and our air traffic control systems,” Obama said.

So what can you do?

“Clicking the Link” Strategies from the Department of Homeland Security

The Department of Homeland Security offers strategies for helping to prevent cyberattacks, focusing on email attachments.  Being educated on the “clicking the link” pitfalls is a critical first step in staying safe. Security tips won’t prevent all serious threats from crashing websites, but they will give you a road map to avoid common traps, including chain letters, email hoaxes, and urban legends.

Check Out These Kitties!

The growing threat has led some employers to adopt a program designed to educate employees with a simulated cyberattack.   By sending emails with links enticing people to click to see more adorable kitties, companies are training workers through “ethical hackers” to learn the techniques of true hackers.

DHS checklist for personal cybersecurity:

  • Never click on links in emails. Even if you think it’s a legitimate email, go to the site and log on directly.
  • Never open the attachments. Retailers will generally not send out emails with attachments. Only open attachments from known contacts and after checking the sender’s email address.
  • Do not give out personal information. When on the phone or in an email, either ask for a number to call them back, or contact the agency directly to verify the request. 
  • Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.
  • Keep your operating system up to date.  This includes your browser, anti-virus, and other critical software.
  • Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
  • Turn off email option to automatically download attachments.
  • Be suspicious of unknown links or requests sent through text message as well as email. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Have you been caught unaware through an email or other cyberattack method? What is your experience of cybercrime?

 

 

Blithering passwords

I imagine when the dementia starts to set in a few years down the road, I’ll just start blithering passwords. It seems everything I do is password related. Email, Twitter, Facebook, online accounts, pin numbers. Sometimes it gets to be too much, and like most people, I occasionally get a little lazy and use a weak password.

Earlier this week, I realized that someone was posting as me on my Twitter account. Unfortunately, instead of posting valuable information, they were posting links to material I didn’t want to promote, so I deleted their posts and changed my password. And hopefully anyone who follows my Twitter account didn’t really think I was promoting get-rich work-at-home schemes. The incident forced me to re-evaluate my password strategy. So now, my passwords are longer and have more *&%^ characters and will be changed more often.  Below are some other practices I will follow and recommend.

Five best password practices

  1. Change your passwords often.
  2. Make them hard to guess.  Use at least 8 characters in your password.  Don’t use words or names, use a nonsensical set of characters
  3. Make them hard to find.  If you must record them (and you will unless you have a better memory than most)  put them in a secure location — not on a sticky note on your computer monitor.  If you store them electronically on your computer — make sure they are not accessible.  Lock them up whether paper or electronic based.
  4. Don’t use the same password on all your accounts.
  5. Don’t share your password with other people.  Don’t email your password.  If you must have your password emailed to you because you forgot it, change it as soon as you log in.

 

Our Location

222 Pitkin Street, Suite 125
East Hartford, CT 06108
Phone: 860-432-8756

Talk to Us

Follow us, subscribe to us, email us, or call us at 860-432-8756. We’ll use our Super Savvy Tool Belt to stay in touch however you prefer.

Sign Up for Email Updates