Author Archives: Mark Fielden

author's firefox monitor dashboard showing number of data breaches detected

Check Your Email Isn’t Exposed on the Dark Web

Pwned: Exposed on the Dark Web

“Pwned” is a deliberate typo for the word, “Owned”. “To Pwn” has its roots in the computer games world; it means to beat someone comprehensively.

Why Worry?

Email addresses on the dark web are available to hackers and spammers. At the very least you’ll be getting unwanted emails. The worst case: you’re on the way to getting your identity stolen.

A President Pawned

Yesterday I received an email from the president of an organization for which I do voluntary work. It said, “Do you have a moment I have a request I need you to handle discreetly. I am going into a meeting now, no calls so just reply my email.”

I checked the email address and, needless to say, it wasn’t from the president at all.

Since the committee members all received a similar mail, my first thought was that someone has hacked the account. However, it’s easy to check, so I did.

Pwned in Data Breaches

A “data breach” is where information has been exposed to public view, either intentionally or not. Turns out that the president’s email address was exposed in two data breaches, now available on the dark web.

president@ First Breach

The first was back in 2017, when the address was used by the previous president. This may have exposed the email address and password. I say, “may”, because it may be just the email address that’s exposed, without the password.

president@ Second Breach

The second is more serious and more recent: February 2019. Whilst it doesn’t include email addresses, it does have dates of birth, employers, genders, geographic locations, IP addresses, job titles, names, phone numbers, physical addresses. An email validation service, verifications.io, was hacked. To check an email address is valid, services like this comb all public records to build a comprehensive profile of the person behind the address.

Personal Data Available on the Internet

You’d be surprised how much of your personal data is available to on the internet. Records may be public, such as Companies House, the electoral roll, telephone directories, even on your own website. Or easily accessed, like Facebook and LinkedIn. Or may be given securely, in good faith, and then sold under the cover of small print, a practice used by some DNA profiling websites, for example.

Check Your Own Data Breaches

Check your email address at Have I Been Pawned. Enter your address here, and it’ll scout the dark web and list data breaches that contain it. Check all your addresses if you have more than one.

Check regularly using their monitoring service, which sends alerts to your inbox if it spots any of your addresses on the dark web.

alerts on have i been pawned menu

Protect Your Identity

  1. change your password on any breached websites, or delete your accounts
  2. make sure your anti-virus software and firewall are always up to date
  3. use strong passwords (HM Government has tips for staying safe online)
  4. use a Password Manager to generate, save and protect strong passwords (free password managers here)
abstract image made from at signs

Do You Break These Email Rules?

I Must Have Written Millions of Emails

Over the years, I’ve seen, and made, all sorts of mistakes with emails. To fix them I’ve adopted seven rules. They’re so obvious it’s a pity I (and maybe you?) don’t always follow them :o(

I often break rule 5 trying to be friendly, especially in these COVID-ridden times.

If you want to read the explanations below, please go ahead. If you don’t have time, here’s the list. Click a rule to see a brief explanation.

Rules for Writing Effective Emails

Rule 1. One topic, one email
Rule 2. Main point up front
Rule 3. Don’t change the subject
Rule 4. Email when you’re fresh
Rule 5. Keep it brief
Rule 6. Take care with Reply All
Rule 7. Check your spam folder

Simple, innit? Do you always follow these rules? I try.

Rule 1: one topic, one email

The most effective emails contain just one question or message. Busy people receive 100s of them. They scan emails, so second and subsequent messages are often missed, rarely acted upon.
Back to list.

Rule 2: main point up front

For busy email scanners, if you want something to happen, ask in the first sentence. Leave white space afterwards for emphasis.

Add all the reasons you want below. Some may read them. Your main actor will probably be too busy. However, s/he will see you have loads of justification and might actually act. If there’s no justification s/he may notice that, too.
Back to list.

Rule 3: don’t change the subject

How often have you said to yourself, “I said that in my email yesterday”?

Did you change the subject? Did you start a new conversation in reply to something else? And did you Reply All? It’s convenient if you’re talking to the same group of people. Many people, seeing “RE:” on the same subject line once too often, won’t bother to read it.

If you want to talk about something else, start a new conversation. One with suitable words in the “Subject” field. See rule 6, too.
Back to list.

Rule 4: email when you’re fresh

Don’t email late at night, when you’re tired, or after booze / chocolate / whatever turns you on. I’m not going to explain this rule further. If you really feel the need, wait until tomorrow to press “Send”.
Back to list.

Rule 5: keep it brief

After you’ve finished writing that important email, read it again and see how many words you can remove without affecting the meaning. If it’s a really important mail, get someone else to do it too.

If it’s very short, why not your entire message easily into the Subject field?

Nobody likes spending time on unnecessary waffle. People will appreciate your brevity.
Back to list.

Rule 6: Take care with Reply All

For two reasons, do think about “Reply All”.

  • save people time by not sending them irrelevant copies to open
  • don’t copy people into conversations that don’t concern them – it can be embarrassing

If the original sender copied in other people, they intended them to be aware of the conversation, maybe join in. Reply All can, inadvertently, share information you regret, especially if you change the subject (rule 3).

Avoid wasting people’s time unnecessarily: “Reply All” only if you think the sender was correct. Back to list.

Rule 7: Check your spam folder

Email systems continually update their spam filters. This is great, but they sometimes think  mails you really want are spam.

Before you switch off for the night, look through your spam folder. Move non-spam to your inbox, otherwise links won’t work. Then delete the rest.
Back to list.

key workers rainbow with delivery truck, NHS logo and heart

BlueTree Supports Key Workers

A Badge of Honour

We’ve added this logo to our website in support of key workers during the Coronavirus difficulties. We made the badge to say “Thank you” to all key workers, visible and less so.

The NHS logo sits on the back of a lorry, as an inclusive gesture to all key workers. The rainbow also indicates inclusion, this time of races, creeds and gender preferences. The heart shows the love our doctors and nurses must feel for all humanity to do what they do in such difficult and dangerous circumstances – and the love we all feel for them and everyone working to keep us going. The little blue tree is for us, the rest of us, sitting on the sidelines, doing our bit by staying in and staying safe.

Everyone Knows Key Workers

Everyone knows a nurse or doctor, or a family with one.

When you’re out on your daily exercise hour, you’ll probably see a lorry or van delivering things to keep the rest of us alive, a bus driver taking key workers to work, or a refuse lorry clearing up our mess. Their risk level is lower than that of NHS staff, but they’re more at risk than the rest of us in our self-isolation.

Meadows Day Nursery, Cheltenham, is one of our clients. They’re just another type of business working behind the scenes to help the front line of these virus wars. Whilst many nurseries have closed, Meadows is open, looking after the children of key workers, so they’re exposed to potential infections. Key worker mums, dads and carers are on the front line and their children could bring the virus into the nursery.

Stay Safe, Everyone

So, let’s all obey the rules and hope to come out of this in one piece at the end.

Thank you to the NHS and all care workers, pharmacists, bakers, posties, shopworkers, therapists, delivery drivers, refuse collectors… and all the other unsung, overworked, under-paid, often exploited people who do so much for our community under everyone’s radar. Coronavirus has raised their profiles. Let’s hope we – and our politicians and business leaders – remember them long after the dust settles and life returns to normal.

Or maybe we’ll have a new, fairer and long-lasting version of “normal”.

General Data Protection Regulations (GDPR)

GDPR Ticklists to Help You if You Missed the May 25 Deadline

the word privacy in a sort of google fontWant to go straight to the ticklists?

Or straight to the sole trader bit?

I wonder how many businesses have deleted 75% of their hard-won contacts with “essential you opt back in” email campaigns? And they will lose them, because of this knee-jerk reaction to GDPR.

  1. everyone receives so many they’re ignoring them
  2. they’re probably not necessary
  3. they may be illegal under other regulations

You do need to act, but there’s no need to panic, even if you missed the deadline. This myth-busting piece in The Guardian may help put your mind at rest.

Like most of you guys, we’re a very small business, and this is our take on how it applies to us. This is what we’ve done, and what we’ll be doing in future. This post covers,

BlueTree GDPR Promise

We promise to treat all personal data with respect, and we’ll never knowingly share it with anyone else, nor use it for any purpose other than that for which it was collected.

GDPR Tasks to do Before May 25th

GDPR seems common sense, and we don’t have to change much anyway. Our compliance is based on this understanding:

  1. Make a list of all the places you hold personal data. We have one in a Word document.
  2. Be clear about what data you collect and why. For marketing, we hold email addresses, phone numbers and, for accounting, postal addresses.
  3. Write and Publish your Data Protection Strategy, optionally on your website. Here’s ours.
  4. Draw up plans to implement your strategy; you might not finish implementing them it before 25 May.

Before or After May 25th

  1. Only use personal data for the purpose you collected it and don’t share it with anyone else. We don’t.
  2. Hold personal data securely. We use networked, personal computers, with strong passwords. We store some in “the Cloud,” where it’s held securely by reliable, global corporations, namely Google, Dropbox and MailChimp. We don’t think we’re liable for breaches they may make, though we may need to contact people affected.
  3. Add people to your marketing list only if they opt-in; we use sign-up forms.
  4. Avoid collecting data from minors. We’ll do our best to identify them.
  5. Respond promptly to requests for copies of personal data you hold. We’ll do so for anyone who requests it on this form (it’s our usual contact form).
  6. Allow people to amend or delete their data. We’ll do this if they request it on the same form.
  7. Add an unsubscribe link in marketing emails and delete unsubscribed people. No need for us, MailChimp does this anyway.
  8. Tell the Information Commissioner, and people affected, if you get hacked. We can do this if it ever comes to our notice.

Simple GDPR for Sole Traders and Micro-Businesses

BBC Radio 4’s Money Programme (20 May) had some advice for sole traders and small organisations. Sadly, I can’t find it any more. The example they used was a small allotment society, and the advice covered micro-businesses (like sole traders and partnerships) too. T

 

Anyway, this is what we do.

  1. GDPR applies to the personal data of business contacts, not to personal contacts, though if you do business with a friend or relative, that contact is affected.
  2. Existing contacts. There’s no need to stop mailing people already on our list:
    1. It’s fine keep personal data we have already, if we have a good reason to do so, e.g. they owe us money, or we do work for them sometimes. This is called a “legitimate interest”, apparently.
    2. It’s also fine to keep it if they gave us consent when we collected it; we won’t be asking anyone to opt in again unless we’re sure they didn’t consent.
    3. If we want to use personal data for anything other than why we collected it, we’ll ask for consent.
  3. New contacts, people whose data we want to store. We’ll ask their permission, tell them why, and that we’ll change or delete it if they ask you to.
  4. Security. We’re sure the paces we store it are secure. These include phones, computers and “cloud” storage; they’re protected with a PIN or password.
  5. Website. We collect personal data on our website with a sign-up or contact form; it’s encrypted, secured with an SSL certificate (HTTPS) – more on our blog here, and protected from web spiders with a reCAPTCHA,
  6. Updates. We promise to supply, change or delete their personal data if anyone asks.

You’re also supposed to have procedures in place, but sole traders and tiny businesses don’t do this formally, as a rule. Here at BlueTree, we have a list of places where we store personal data (MS Word document) and a short GDPR policy statement, published on our website.

Free GDPR Tick List Templates

We like tick-lists: lists of things to do, expressed as 1-liners. They’re terse task reminders, in sequence if that’s important. Print them out, tick off the jobs as you do them, then file the completed list as evidence of completion.

There are two GDPR template tick-lists in this document: start-up and on-going. Yours to use as they are, or modify, so long as you don’t blame us if anything goes wrong. Here’s your link.

Disclaimer and Where to Find GDPR Advice

We’re neither legal eagles, nor GDPR experts, and we’ve decided what to do after researching the subject. You’re welcome to copy what we do, but please don’t hold us responsible if anything bad happens.

By all means, copy our policy and put it on your website, but please don’t copy / paste it. We explain this here, help for new web page authors, “Golden Rule”.

If you search for “GDPR” using your favourite search engine, you’ll find masses of information. This is a problem: there’s too much, so how do you know which is correct?

We’ve found these pages both credible and informative.

  1. Information Commissioner’s advice on GDPR
  2. Federation of Small Business’s GDPR Preparation Checklist
  3. Myth-busting explainer article in The Guardian

Best of luck!

PS: If you think we got anything wrong, or have a question, please leave a comment here. It’ll help others reading this post as well as us.

how google chrome identifies a secure website

Encryption: Improve Your Search Position Step 2

Step 2 is About Encryption

digital encryption padlock on green screenThis time we’ll discuss website security, what it is, why it’s important, and what you need to do about it.

This is a long post, so I’ll summarise it.

The Internet is becoming more security conscious. Some web browsers now issue warnings when you visit a website that isn’t secure. The others will follow. Warnings put visitors off. If you don’t want to lose visitors to your site, you need to encrypt it.

The next post in this series will explain how we are encrypting all BlueTree CMS user sites.

Meanwhile, in this post:

But first, a story.

A Website Encryption Story

We just finished a new website for a client. Stuart was very happy with the design and content, but there was a problem. He checked it on his phone, only to be told that the site was not secure! His SSL certificate doesn’t match his website.

browser pop-up that shows when an SSL certificate is invalidNow, he doesn’t have an SSL certificate, neither does he need one – any more than anyone else, that is.

We traced the problem to his phone’s over-zealous software. Our servers host many websites, some of them encrypted. The phone software wrongly assumed that, because one of the sites has a security certificate, it must apply to his as well.

No website owner wants to see something like this when visitors go to their website. So we installed a correct, temporary certificate for him.

Why Encryption Matters

Clandestine forces are eroding the Internet ideals of free speech and openness. Internet freedom is under threat from wealthy individuals, corporations, hackers, even government agencies, with

  • fake news designed to mislead
  • trackers that collect personal details
  • algorithms that control the news we read
  • data collection to support identity theft and secret government snooping

Encryption is one way the good guys are fighting back. They’re persuading us to encrypt our websites. As one encouragement, search engines are starting to reward encrypted websites with better rankings.

Here are two more reasons:

  1. The GDPR Data Protection Regulation: if you collect any personal information on your website, it should be secured to reduce your risk of compromising it.
  2. My antivirus software, Webroot, puts a big green tick next to search results it deems safe. So do many others. You’ll notice that the search result below has HTTPS:// in front of our web address. This means the website connects securely with your browser. The “S” stands for “Secure”.search result with green checkmark showing it is safe to visit

Back to top.

Benefits for You

Here are four reasons to encrypt your website:

  1. Your visitors won’t be put off by dire warning messages, like Stuart was
  2. Visitors will see at a glance your how google chrome identifies a secure websitewebsite is safe, because their browsers will display a closed padlock in the address bar; this is Google’s Chrome browser making it obvious
  3. Hackers won’t be able to snoop on your visitors
  4. Google will rank your website higher, some say as much as 5%

Many internet users are not tech savvy, so may not notice. Don’t expect this to last, however. How long ago was it that nobody understood the cookie message you now see on every website?

firefox insecure login warningWorse, if you’re asking for feedback, or collecting an email address, they’ll certainly notice something like this.

Chances are they’ll move away and you’ll lose their input or a valuable lead.

Back to top

Secure Websites Are Encrypted

My browser talks to your website using text messages. They’re structured formally, but you can read them using Windows Notepad or Apple TextEdit. Anybody can read them, including hackers.

you accessing our website over the internet cloudThese messages run over the Internet, AKA The Cloud. On the way, they pass through many servers. Servers are computers and can be hacked, exposing your messages to hijack.

Encryption converts the messages into gibberish using a cypher, possibly the oldest form of secret writing. Julius Caesar used a simple “Shift Cypher” in his correpondence. With a shift cypher, you swap each letter of the alphabet for another. “A” becomes “F”, for example, “B” becomes “G”, “C” becomes “H”, and so on. Each letter is shifted six along in this example. So BLUETREE becomes VFOYMLYY.

It’s fairly easy to crack. “E” is the most commonly-used letter in the English language…

Digital encryption is much more sophisticated, as you can imagine. It’s so secure that the US Government has tried to ban it – for some reason :-).

Back to top

Digital Certificates

Your website needs a Digital Certificate to make encryption work. Issued by a trusted authority, the certificate must be installed on your web server. The certificate provider verifies your website is owned by your company, and the certificate is proof that all was OK.

Once the certificate is installed, “HTTPS” will appear before your domain name in the address bar of each visitor’s web browser, and all communication will be encrypted. The S after HTTP stands for “Secure”.

When you look at a secure site, your browser will examine the certificate and establish that,

  1. a trusted party issued it
  2. it’s current and valid
  3. it’s related to the site you’re looking at (this is where Stuart’s phone software went wrong in the story above)

When it’s happy, your browser and the server will swap encryption keys, and you’ll be able to see the web page content. The keys are discarded at the end of your session.

There’s a complete explanation here that’s nicely written and easy to understand.

Back to top

In Conclusion

Encryption matters. All websites will be encrypted eventually. Steal a march on your competitors by encrypting yours now.

The time is right. The world moves on, the Internet world faster than most.

  • Our certificate cost over £100 a year ago and you can now get one free
  • Anti-virus software and web brosers are starting to identify non-secure sites, which they call “unsafe”

As the software evolves, some make mistakes, as Stuart discovered. Recent developments mean we can avoid this happening to your website.

In a later post, we’ll explain what we’re going to do about it, and how our plans will affect you.

How to Delete Many Files Selectively

Or, How to Save Loads of Time – a salutatory tale of back-ups, restores, and being cross with oneself for not reading instructions on the website carefully.

caution: be sure to read the last sectionBe careful if you try this. Before trying this, read the last section, even if you skip through the rest.

Why I Need to Delete Many Files

When you make websites, you amass a lot of files and you need to take care of them.

I have a new security system where I back-up all my websites – and everything else for that matter. It’s a 1TB Seagate Backup Plus external drive. It has its own back-up software, which works fine. However, I thought it wise to test file restore before needing it in anger.

There is no instruction book, but there’s help on their website, and 4MB of PDF user manual. Naturally I read it all 🙂

To test the restore mechanism (you should always test your back-ups – too late to find it isn’t working when you’ve lost your hard disc!) I decided to restore one file. That must be easy enough! I followed my nose and restored all the files on my C: drive except the selected one! Not only that, but I’d selected the “don’t overwrite” option, apparently, so every existing file was joined by its twin!

In a few moments, my file system had doubled in size, almost filled my disk, slowed down my computer, and I’d made myself very cross into the bargain!

OK, so that was just plain stupid. It was my fault entirely – should have read the instructions more carefully. Having written many pages of website, CMS and software help over the years,

  1. I know how difficult it is to be both terse and definitive, and
  2. I’m very familiar with the support desk acronym, RTFM: Read The … Manual!

Oh dear, now I’m now the on the receiving end, in a mess, what should I do about it?

example in windows explorer showing some files with the (2) suffixDeleting Many Files, Method 1

Now, luckily, the duplicate files are easy to spot. Each has the same filename as its twin, with “ (2)” appended before the period. Like this, right.

That’s easy enough to fix. Each time I open Windows Explorer I plan to delete the duplicate files manually, selecting them all with Ctrl-click and pressing the Del key.

More Reasons to Delete the Files

After a week or so using method 1, I’m not making much headway. Having deleted loads of files, the free disc space hasn’t increased very much. I can’t begin to guess how long it’s going ro take me to delete them all.

Then I open a picture using Picasa. Immediately, it starts indexing all the duplicate images – there must be 1,000’s of them! How on Earth am I going to get rid of all those?

This quickly became tedious, as you can imagine! So I need another method.

results searching for .txt in windows explorerDeleting Many Files, Method 2

If Windows is indexing your files, you can search for them using Explorer. Here we’re looking for files with a .txt extension in my Dropbox. Type a search term into the search box, top right in the Explorer window.  “*” means “anything”, so “*.txt” will list all files with a .txt extension. Not only that, but Explorer will list all the files matching the search term in this folder and all its sub-folders.

To delete them, use the mouse or press Ctrl-A to select them all, then press the Del key to remove them.

search results showing some files I do not want to deleteBut I only want to delete those with “ (2)” at the end of the filename, so, sadly, this won’t work for me. If I type “ (2)” into the search box, Explorer lists all the relevant files from all the sub-directories, but Explorer’s idea of what’s relevant is not the same as mine.

It lists every file with a 2 in the file name. I want to keep some of these. If I do it in My Documents, this method will delete files I may want to keep. It works the same with other search phrases, such as (2) or “(2)”.

This is because parentheses mean something to Windows Search: “Find everything inside the brackets.” Hence it lists all files whose file names contain 2.

How to Find File Names That Contain “(2)”

It suddenly occurs to me that (why didn’t I think of this earlier?), had I been using Microsoft’s original operating system, MS-DOS, I could have identified the duplicate files easily using a wildcard search. A search for *(2).* finds all files whose file name ends “(2)” with any file extension.

Now, Windows Search is very powerful. You can read all about it here. It even has a command that allows you to use these old search queries. To use the old syntax, begin your query with, tilde, “~”.

windows explorer identifies the correct files

So, all I need do is to press Ctrl-A, select all these files, and Del, delete them and move them to the Recycle bin. I test this in my Dropbox folder, which I can easily reinstate if doesn’t work.

Let’s try it in My Documents! It works.

More Files to Delete

Now the duplicates have gone from My Documents and from my Dropbox folder.

The Seagate system’s default setting seems only to backup and restore data files and images, not system files, .exe’s, .dll’s and other program files. There are many data files and images in the system directories, so I still have a lot of duplicates. Let’s run it on C:\ as well, to get rid of all the duplicates everywhere.

Conclusion, After Deleting Many Files and Saving 100’s of Man-hours

Even with all the testing, this process only took half an hour or so. I now have no files with (2) appended to the file name. It would have taken months to do it the manual way.

It also looks as though Picasa has lost the duplicates too. I checked several picture folders and they have all gone. In fact, Picasa tells me it’s “compacting its files to save space”, so it’s definitely noticed something going on!

I’m really pleased with the result!

Be Very Cautious When Deleting Files This Way!

caution! use with careDeleting one wrong file can be disastrous. Losing several, ten, one hundred, one thousand, when you don’t intend to, can be life-changing for your business, your marriage, your relationships…

  1. Always test your method on a directory (with sub-directories) that don’t matter: I tested this on a test folder, with test sub-folders, before doing it for real, then on my Dropbox folder, which can be recreated easily;
  2. Always back up your file system before you try anything like this, so you can recover your start position in case you make a mistake;
  3. IF IN DOUBT, LEAVE IT OUT!
    Get expert help from someone like Nortech Computers.

 

Portishead Picture Quiz Results

Child having fun with Portishead Christmas Picture QuizThanks to All Who Entered the Picture Quiz

Well, thanks to everyone who entered our quiz. It appears that, for every entry we received, there was at least one who started it but didn’t finish. From the feed-back we received (so far) everyone seemed to have had a good time.

Sorry, you can’t do the quiz again. We might decide to rerun it :o)

Picture Quiz Winners

We enjoyed meeting up with our two winners. They are, in a way, opposites.

First Prize PresentationThe first belongs to one of Portishead’s oldest families. With 29 points out of a possible 32, the winner was David Gale, retired auto engineer who has lived in Portishead since he was one week old. He knew some of the answers and solved those he didn’t by cycling around. “The trickiest one was the Seafarer’s Sculpture,” he said, “but once I worked out the most Easterly stone, I knew te answer. A school friend of mine had worked there, all those years ago!”

David’s was also the first entry received, making it an even more formidable achievement. Since there was no under-18’s winner, he chose the cash prize rather than the champagne.

Second prize winnersSecond prize, for scoring 27 points, goes to Paul Black, a new resident. This was a team effort from Paul, his partner Lynda French, and their Golden Retriever, Oscar. Paul moved to Portishead in 2005. He is a Homeopath and Bowen Therapist, who works in Portishead and Weston-super-Mare, and Lynda is an Acupuncturist. Visit Total Health Homeopathy to find out more.

Paul and Lynda are keen cyclists, run with the Portishead Running Club, and Paul is treasurer of the Portishead Yacht & Sailing Club. He said, “Oscar really enjoyed exploring different places in Portishead to find the answers. So did we!”

Lin Lawrence was one whose entry never made it. She emailed, “Loved the quiz. Lovely to know more about the place we live. Think I go around with my eyes closed. We are going to take it with us on a Devon weekend with the gang; it will make for an interesting evening.”

How We Calculated the Results

Since the “Judges’ decision is final,” we created a Master Result. You could have seen it here at one time, by clicking a link, but we’ve removed it in case we run the quiz again.

Next, we compared every entry with the master and scored it this way:

  • Wrong scored zero;
  • 100% correct answer, 2;
  • Satisfactory answer, 1.

In the case of a tie, we would add a bonus point for answers that go the extra mile.

Beware of Emails Containing Links

An Email from Facebook – Not!

Yesterday I received this spam email, “Here’s some activity you may have missed on Facebook.”

Example of a suspicious email which should be reported to Facebook

 

It looks quite Kosher, but I always check mails that want me to click on a link to a website. Just as well! It wasn’t going to send me to Facebook al all, but to somewhere else entirely. Actually www.hausfrisia.de is the web site of a holiday villa, but not the page in question. A hacker has hijacked their site, or their DNS.

This happened to a small business in Portishead earlier this year. Read about it here.

Don’t Click a Link

CHECK BEFORE YOU CLICK – even if you recognise the sender. It may be too late afterwards. Remember, the better-known the sender, the more likely they are to be imitated.

  1. Check the From address, in this case it’s, Facebook [agroinfo@pub….rect] agroinfo? Isn’t that enough on its own?
  2. In Outlook, hover on a link to see the targetHover on the link, DON’T CLICK, and check the target web page address. In Outlook, example right, it appears in a small window, but Thunderbird displays it in the status bar at the bottom.
  3. Is the link plausible? In this case, NO – it’s nothing like Facebook!
  4. Still not sure? Check all the links. If they all go to the same web page then get suspicious.

When in doubt, leave it out.

What to do next

If you’re happy, click that link.

If you’re not, mark it as Junk or delete it NOW. If it’s from someone famous, as this one is, search for what to do. In this case, I searched for facebook notify suspicious email. I found this page on the Facebook site, which asked me to forward the mail to phish@spamreport.facebook.com.

So that’s what I did.

Another Example

Another example arrived today, apparently from Fedex. Read our post here.

Portishead Christmas Picture Quiz

Santa's hat, picture, question mark: Portishead Christmas Picture QuizAbout the Quiz

Have some local fun, out and about on the Internet!
Maybe even win a prize!

Sixteen photographs, all taken in Portishead, sit on a web page. All you have to do, is wander round the town with a print-out, smart-phone or tablet, and answer a question about each picture.

The main thing is to explore parts of the town that you maybe haven’t seen before. The quiz runs for the whole of December, so there’s plenty of time.

Couch potatoes may be able to get some of the answers on the Internet, but not all of them … we hope!

Background

The idea came to us when my wife and I were looking out to sea from Battery Point. We overheard someone say, “D’you know, I’ve lived in Portishead for over two years and I never knew this place existed!”

Perhaps there are long-time residents like us who have never walked around the Marina, too.

So, we thought it might be nice to encourage new residents to look around the old parts of town, and old Possett people to pluck up the courage and enter the new.

Hope you like it. www.bluetree.co.uk/quiz.

Don’t Demand a Username

Why do websites ask for a username when you set up an account? And why don’t website forms make it obvious what’s wrong?

I was prompted to write this post after becoming quite cross, trying to register a new account with a well-known shower manufacturer. I need a spare part to stop my shower dripping.

They wanted me to enter a username, so I entered one and completed all the other form fields with an *. Then I got this error message.

Example form requiring a usernameI read down as far as “Problems were found…” and didn’t spot the little message below. “My problem,” you might say. But why not show the problem in red? I wouldn’t have missed it then!

As it was, I completed the form several times, adding one more field at a time trying to find which * (obligatory field indicator) was missing. And typing the password – twice – each time.

Then I thought, I’m using the Chrome browser, with third-party cookies turned off. Switched to IE, where I keep cookies turned on, and tried again. Same result. Read here about why cookies are important.

Finally I spotted the real error and changed the username.

Guess what! My second username was rejected, and my third. Then I chose a username “bbbbbbbbbbbb” and completed the purchase.

But WHY ASK FOR A USERNAME AT ALL?

Everyone else uses your email address. Just think of the time you’d have saved me – and probably loads of other people, too. ‘Nuff said!