Tag Archives: anti-spam

Topics dealing with spam and how to avoid it.

The Importance of NAT on Your Website

website legal graphicNAT or NAP, Your Website May Not Be Legal

Whilst looking for an example to show a possible new customer, I noticed one client’s website was missing the company name and address.

You guessed it: NAT – Name, Address, Telephone number. Or NAP if you drop the “Tele”. AKA Business Information.

On this page you can read about:

  • legal requirements for showing NAT on your website
  • why you probably need it anyway
  • how to stop hackers scraping it
  • how to maintain it with BlueTree CMS
  • what to do next

Rules for Business Information on Websites

Your website is an official business document, like an invoice. According to the Companies Act (2006), whether your business is incorporated or not, with one exception, your website must display your Company Information. The actual information required varies by the type of registration, but all include:

  • the registered name or trading name
  • registered or trading address
  • registration number and place of registration (if registered)
  • sometimes, trade organisations to which your business subscribes

The only time this doesn’t apply is for unregistered sole traders, trading under their own name. However, it’s still worth including because:

  • in these internet rip-off times, it helps to prove your business is real
  • search engines use it, among other things, to decide your site’s “authority”, so it affects your position in search results
  • business directories, a useful SEO tool, use it to qualify their listings and some won’t list you without it

business info block from BlueTree CMSMoreover, it’s very easy to do with BlueTree CMS – and to protect that important data from web crawlers that generate spam.

BlueTree CMS has a spider-proof, “Business Information Block” feature that handles your name, address, and phone number.

NAT Tips

Get this right at the start and you won’t find that, later on, you have a big review exercise that you’ll never start because it’s too big and too boring.

  1. always use your full trading name, including the “Ltd” bit
  2. make sure your information is consistent everywhere on the internet

You may not be too worried now, but at some time you’ll see competitors above you in search results. If you don’t get all this right, search engines may penalise your website, or maybe not display it at all.

  • Domain Registration: search engines check the Business Information on your website against that of the “Registrant” in your “whois” data
  • Business Directories: search engines check against other sources, too, including directories like Yell, Thompson Local, and 181
  • Correct Business Information: a search engine may prefer to display your business information, perhaps wrongly, from its favourite directory if the version on your website is different

Web Crawlers and Spam

Whilst it’s largely irritating, not dangerous, spam is  a big time-waster. Worst case, someone may use it to steal your business identity.

Don’t just type your Business Information into your web pages. Make sure your CMS protects it from “spiders”, the computer programs hackers write to crawl the web and collect such information.

How to Spider-Proof Your Business Information

website settings dialog in BlueTree CMSFirst enter your NAT, just once, in the Sitewide Settings panel.

The CMS will use the data to display your pretty Business Information Block, like the one at the top of this post. It contains:

  • the trading name
  • your address
  • your phone number: click to dial on a smartphone
  • your email address: click to open a new mail with your address in the “To” field
  • optionally, a thumbnail Google map, centred on your postcode, which opens full size in new window, when clicked

You need only display your full Business Information in one place, but you may want to put NAT, in whole or in part, on several pages, to make it easy for customers to get in touch with you. You can include this block, as many times as you want, anywhere on your website, by typing,
—-Contact—-
on a separate line, just like that, with no other characters.

And, anywhere on your website, even within a paragraph, if you type that same telephone number with no spaces, BlueTree CMS will convert it to a clickable link, hidden from web crawlers. It will do the same with your email address.

Your Business Information Is Safe

Whilst humans will be able to read your Business Information, web crawling software will not. There’s more than one benefit:

  • less spam and fewer time-wasting phone calls
  • the information is consistent across your whole website
  • if it ever changes, update it only once and all your pages change immediately

What to Do Next

Disclaimer: We are not lawyers. We offer the information on this page in good faith but please don’t rely on it. Take legal advice.

1. Establish Requirements for Your Type of Business

Registered businesses must display more than this basic information. The requirement for partnerships is different from that for limited companies, for example. Search for a phrase containing your registration type, e.g.

website business information required for [registration type] site:gov.uk

The “site:gov.uk” parameter will ensure you see results from the UK Government (apart from the ads), just to be on the safe side. If you omit it you’ll see results from solicitor websites, too, which is fine but maybe not definitive.

2. Check Your Domain Business Information

Often forgotten, your domain registrar holds a copy of your Business Information. Check yours by typing your web address into this page at whois.com. The registrant (hopefully you) is able to change this if it’s wrong.

3. Check Your Business Information Elsewhere

This is the subject of our second post in this series. If you’d like a notification when it’s published, please sign up using the “Find this useful?” button, bottom right.

References

  1. Companies Act (2006)
  2. Online domain registration check
  3. What to do if your domain registrant isn’t you

Another Email with Links

This Spam Email is from Fedex – NOT!

Here is another example. Read about the first here.

There’s usually a flurry of mails like this around Christmas. People can be taken in more easily if they’re expecting a delivery, as many do at this time of year.

Example of spam from Fedex

How to Spot It As Spam

There are two give-aways in this mail, on top of the time of year, which should make us all more vigilant:

  1. The word, “postrider”, which looks like a word made up by someone who couldn’t translate it from another language;
  2. The format of the “Get Postal Receipt” button, which looks very unprofessional.

What to Do Next

Our advice is always the same,

  • Don’t click any links, nor open any attachments;
  • Delete it or mark it as spam;
  • If you feel public-spirited, and it claims to be from an organisation, search for what they want you to do about spam.

Fedex has a whole micro-site about spam, which makes useful reading. It contains examples of common spam emails.

Finally, here’s a page with how to report spam to lots of major organisations. Thank you Marjolein Katsma.

Beware of Emails Containing Links

An Email from Facebook – Not!

Yesterday I received this spam email, “Here’s some activity you may have missed on Facebook.”

Example of a suspicious email which should be reported to Facebook

 

It looks quite Kosher, but I always check mails that want me to click on a link to a website. Just as well! It wasn’t going to send me to Facebook al all, but to somewhere else entirely. Actually www.hausfrisia.de is the web site of a holiday villa, but not the page in question. A hacker has hijacked their site, or their DNS.

This happened to a small business in Portishead earlier this year. Read about it here.

Don’t Click a Link

CHECK BEFORE YOU CLICK – even if you recognise the sender. It may be too late afterwards. Remember, the better-known the sender, the more likely they are to be imitated.

  1. Check the From address, in this case it’s, Facebook [agroinfo@pub….rect] agroinfo? Isn’t that enough on its own?
  2. In Outlook, hover on a link to see the targetHover on the link, DON’T CLICK, and check the target web page address. In Outlook, example right, it appears in a small window, but Thunderbird displays it in the status bar at the bottom.
  3. Is the link plausible? In this case, NO – it’s nothing like Facebook!
  4. Still not sure? Check all the links. If they all go to the same web page then get suspicious.

When in doubt, leave it out.

What to do next

If you’re happy, click that link.

If you’re not, mark it as Junk or delete it NOW. If it’s from someone famous, as this one is, search for what to do. In this case, I searched for facebook notify suspicious email. I found this page on the Facebook site, which asked me to forward the mail to phish@spamreport.facebook.com.

So that’s what I did.

Another Example

Another example arrived today, apparently from Fedex. Read our post here.

Website Malware Attack

What Happens in a Malware Attack

On Monday, I was looking for a local business which I know, so I searched for what they do. Does anybody use Yell or BT.com any more? They didn’t appear in my search results. So, thinking this might turn out to be an SEO sales opportunity;-) I searched for it by business name, specifically.

Bing's malware warning panel.

Bing’s Malware Warning

Bing listed them this time, but when I clicked the link to open their website, this note appeared next to the search results. Bing would not take me straight to their website.

Google, similarly, listed them but with this immediate and scary warning, “This site may harm your computer.” One click fewer than Bing, you notice.

If you go straight to an infected website, your browser will warn you very clearly not to open it, too. If you decide to visit, be prepared to get rid of some spam!

This is all very upsetting for web user and site owner alike.

Why Malware Attacks Happen

Hackers, the source of malware, seek out weak targets. Everyone is vulnerable.

Think of your website like your house: how do you reduce the risk of burglary? You make your house less attractive to burglars than those around it. You buy a house in an area with a low crime rate. You fit decent locks and security lights. You fence the garden, install robust, lockable gates, and plant thorny bushes in vulnerable places. And then you take out insurance so that, should the worst happen, you can replace what you’ve lost.

All these points have website equivalents:

  • Chose a secure web host, one with a good reputation, big enough to afford the serious cost of real security, small enough not to be a target;
  • Understand, implement and check your client and server firewalls and anti-virus systems; keep them up to date;
  • Cover web server gateways with strong passwords and change them regularly;
  • Make sure somebody with sufficient authority “owns” your domain name and those ISP passwords;
  • Validate carefully all data entry fields, blog comments, and anywhere someone else can data enter into your website, as this is where many hacks come from;
  • Keep your operating system, web server and database software up-to-date with the latest versions to cope with new threats;
  • Take regular back-ups – and test them – so you can get back up and running fast if disaster strikes.

And keep constantly vigilant: add regular website audits into your Business Continuity Plan.

Further Reading on Malware

Here’s some more information about malware attacks.