Phew! You can relax now.
We’ve started to see a report in spikes in porn blackmail emails come through from various people over the last few days. These emails have been coming through on corporate email addresses generally and with corporate email addresses often being added onto personal mobile phones that often younger members of the family use, this has had a few people concerned. But it’s ok, don’t worry. This is a scam.
When I investigated one of the emails it was clear that the scanners were playing on people’s sense of fear with the demand often being along the lines of;
“Tiсket Details: ECW-209-57819
Camera ready,Notification: 21.02.2018 06:08:59
Status: Waiting for Reply 20xuVaAy8A0f64wMnKmJkL1FrF5Ky39Fu1_Priority: Normal
If you were more careful while playing with yourself, I wouldn’t worry you. I don’t think that playing with yourself is really awful, but when all colleagues, relatives and friends get video record of it- it is undoubtedly [bad for u.
I placed virus on a web-site for adults (with porn) which was visited by you. When the object press on a play button, device starts recording the screen and all cameras on your device begins working.
Moreover, my virus makes a dedicated desktop supplied with key logger function from ur device , so I was able to get all contacts from ya e-mail, messengers and other social networks. I’ve chosen this e-mail because It’s your corporate address, so you must read it.
I think that 330 usd is pretty enough for this little misstep. I made a split screen video(records from screen (interesting category ) and camera ooooooh… its awful AF)
So its your choice, if u want me to erase this сompromising evidence use my bitсoin wаllеt аddrеss: 1Lt4tLxQmZruKic23FYdAycB9a3GgTaacN
You have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will know.If ya want me to show u the proofs, reply on this letter and I will send my creation to five contacts that I’ve got from ur device.
P.S. You can try to complain to cops, but I don’t think that they can solve ur problem, the inquisition will last for several months- I’m from Estonia – so I dgf LOL”
Sounds legit, right? Well, aside from the obvious spelling mistakes, grammatical errors and unsociable hour to be sending such a threatening email, sure.
Thankfully with a bit of investigation we can see that the IP address where this email is coming from is, 220.127.116.11, which is based in Germany with a German web hosting company, not Estonia. And while it is possible to send emails from different locations with relative ease, this one just doesn’t seem to stack up. As when you view the IP address in your web browser, you notice the default cPanel page which shows you that the website does not exist. Now for those of you who know cPanel well, you’ll also know that you can visit www.example.com/cpanel to get to the login page, and likewise, you can do the exact same from an IP address, so 18.104.22.168/cpanel also takes you to the login page.
Also from knowing cPanel very well, I also know how to secure cPanel, and I also know that many people who use cPanel do not secure it correctly and with minimal testing, it is clear that there is no brute force protection technology in place on this “hackers” web server – ironic. So with handy little scripts designed specifically to brute force your way into a cPanel account, should you decide to ‘research’, this is a relatively straight forward thing to do on insecure web servers.
You’ll also notice the Bitcoin wallet listed where you can deposit the “ransom”, yet when you check the transactions against that Bitcoin wallet, you’ll also notice that this wallet has never had any Bitcoins transferred in or out of the account. Another sign that this is clearly a fraudulent email – and that the people behind this scam aren’t that successful.
All in all, this looks to be what’s known as a ‘script kiddie’ in the industry, i.e. someone who clearly thinks they know more than they really do. Now as a non-teckie, this email still can be rather intimidating. Thankfully with a bit of know-how, you can start to spot these ever increasing range of tactics used by the scammers.
Something to bear in mind for all the script kiddies out there… It’s one phone call to the authorities and they’ll be speaking to your web hosting company to get your contact details. In this particular instance I investigated, this appeared to be from a hacked website, so as always – keep your website and web server secure before a hacker finds a vulnerability. It is so easy to find and exploit vulnerabilities when you know what you are looking for…
On a final note, web browsers are designed with security in mind. Web browsers simply cannot access the hardware of your device without your express permission, regardless of the content you are browsing. As a simple example, uploading an image to a website, you’ll notice that this brings up a popup for your standard operating system controlled dialogue box. What this means in layman’s terms is that control has been handed over to the underlying operating system to determine how to proceed with the request and the web browser is waiting for a response to know what to do next. The web browser simple cannot turn on your camera remotely without you agreeing to it.
As a sub-note though, if a hacker manages to find a way to install a program on your device, then they will likely have full access to everything. So keep that in mind too…
You may remember the last product we launched, Tendo Jobs (https://www.tendojobs.com), the recruitment search engine that links employers directly with job hunters which is democratising recruitment. Since launching just over 12 months ago the platform has seen phenomenal growth with over 10,000 people having used the website during that time and attracting many well-known brands including the likes of the global taxi-booking platform Uber. This continues to grow month on month which is excellent to see. If you are recruiting and haven’t used the platform yet, we urge you to do so, it’s free and can be used as an additional tool for recruit candidates directly without the use of traditional and expensive recruitment methods.
Well, you’ll be glad to know that we’ve been busy working away in the background and are delighted to announce our latest product, GeezerCloud. This is a product that we’ve designed from the ground up to the cloud down, quite literally. Having been a chef myself for over 7 years in my early career, I can personally attest the laborious process involved with manually filling out printed sheets of paper while checking temperature records for fridges and freezers. Regularly checking temperatures is a critical part of food safety and is a legal requirement as part of HACCP within the catering trade, yet it needn’t be so time consuming and take a skilled member of staff away from preparing great food. That’s one of the reasons why we created GeezerCloud, to allow chefs to focus on what they do best, cooking awesome food and pleasing customers.
GeezerCloud is a hardware device coupled with a cloud based platform that is designed to automate the HACCP food safety legislation requirements for restaurants, those within the catering trade and further afield. GeezerCloud has been designed for commercial businesses that require regular temperature checks. Instead of manually filling out temperature checks on printed sheets of paper, GeezerCloud has been designed to fully automate this process for you, saving you significant amounts of time and money to focus on more productive activities.
To avoid having to repeat ourselves within this blog post, have a good read through the finer detail about GeezerCloud along with our special introductory offer which is valid over the next 4 weeks.
Find Out More
Well, this is a bit of great news for Contrado Digital. We’ve passed Google’s brand new Mobile Sites Certification and we believe we are the first in Lancashire to do so! This certification highlights that the mobile websites we develop are done to an extremely high standard to ensure your customers are happy customers when they visit your website. While what the non-technical users may just see as a “pretty website”, actually there is an awful lot going on behind the scenes, technologies, systems, processes, best practices and more that we know about so you don’t have to. We always say that any monkey can build a mobile website. Very few can build a mobile website that is designed to perform for your business. Whenever you are investing in a mobile website or a responsive website, make sure you are working with the right digital partner who knows what they are doing.
Want to chat about optimising your website for mobile devices? Then fill out your details on our contact form and let’s talk through the various options available to you within your budget.
The Mobile Sites Certification exam is designed to test your knowledge of advanced mobile website concepts, including the following:
- Value proposition of mobile websites
- How to improve mobile website speed
- How to create an effective user experience for mobile websites
- Advanced web technologies
- Module 1: Mobile sites and why they matter
- 1.1. Basics of mobile sites
- 1.2.1 User expectations
- 1.2.2 Impact on conversions and interaction
- 1.2.3 Why UX matters
- Module 2: Improving mobile site speed
- 2.1.1 Tools to get started
- 2.1.2 Understanding low bandwidth and high latency
- 2.1.3 Targets to focus on
- 2.2 Critical rendering path
- 2.2.1 Constructing the document object model
- 2.2.2 The render tree
- 2.2.3 The layout
- 2.2.4 Analysing the entire CRP in dev tools
- 2.2.5 Optimising the critical rendering path
- 2.3 Optimise content efficiency
- 2.3.1 Eliminating unnecessary downloads
- 2.3.2 Optimising encoding and transfer size
- 2.3.3 Image optimisation
- 2.3.4 Webfont optimisation
- 2.3.5 HTTP Caching
- Module 3: Creating an effective mobile UX
- 3.1 UX principles
- 3.1.1 Assess your mobile site
- 3.1.2 Learn what makes a good mobile site
- 3.2 Mobile site design best practices
- 3.2.1 Homepage and site navigation
- 3.2.2 Site search
- 3.2.3 Commerce and conversions
- 3.2.4 Form entry
- 3.2.5 Usability and form factor
- 3.3 Testing and measuring success
- 3.3.1 A/B testing
- 3.3.2 Measuring success with Google Analytics and metrics to focus on
- Module 4: Advanced web technologies
- 4.1 Introduction to Accelerated Mobile Pages
- 4.1.1 What is AMP
- 4.1.2 How AMP works
- 4.2 Introduction to Progressive Web Apps
- 4.2.1 Why build PWAs
- 4.2.2 Introduction to the app shell architecture
- 4.2.3 Introduction to service workers
- 4.3 User engagement and APIs
- 4.3.1 Intro to web push and notifications
- 4.3.2 Payment integration
- Take the Mobile Sites exam
Firstly to clarify, what happened to the people who have been impacted by the latest WannaCry Ransomware attack such as those having hospital appointments cancelled and suchlike is nothing short of a tragedy. I really do feel for the end users who have been impacted by this latest cyberattack that has spread so far and wide and has impacted people on a personal level. This rant below is not about the people who have been affected, this is about those organisations who quite simply have failed to protect their self against such threats due to poor security measures. Everything related to the latest WannaCry Ransomware attack is preventable.
Companies and organisations that have been impacted by the latest WannaCry Ransomware, I have one thing to say to you and that is that I honestly have no sympathy if you have been breached and have quite frankly failed to protect yourself. It’s the same situation whereby homeowners get burgled when they have left their front door unlocked and open, whereby car owners get their cars stolen in Winter when they have left the keys in the car running on the driveway for a chancer to take advantage of, whereby a car driver fails to wear their seatbelt, has an accident and injures their self. All of these things are preventable and most importantly, we all know what we should be doing in these situations so when the correct procedures and best practice aren’t followed, should we really have sympathy for those who have attacked by the latest WannaCry Ransomware?
Within 48 hours of being launched, WannaCry impacted over 200,000 computers in over 150 countries around the world. The WannaCry Ransomware was exploiting a known vulnerability in the Microsoft Windows operating system, a vulnerability that has been known about for at least 2 months publicly and much longer within the National Security Agency (NSA) which actually built a tool named EternalBlue which WannaCry is built upon.
This is a known vulnerability that organisations have simply failed to take seriously and act upon which is why I have no sympathy for those organisations impacted by the latest WannaCry Ransomware. The latest versions of Windows run automatic security updates and patches which means that as soon as vulnerabilities are known about, they are patched almost immediately and help to keep your company and organisation safe. In the situation with many of the NHS breaches, this comes down to computer systems and hospital hardware such as X-Ray Scanners running unsupported, vulnerable and unpatched versions of Windows XP. That’s right, an operating system that was launched in 2001, over 16 years ago, and has not been officially supported by Microsoft for over 3 years.
While organisations that have been impacted may indeed WannaCry while dealing with the fallout from this latest cybersecurity threat, personally I have no sympathy with those affected. Cybersecurity protection is a choice we all make. You choose either to protect yourself, or you choose not to. Clearly the right choice here is to protect yourself.
Have you been impacted by the latest WannaCry Ransomware? Then we can certainly help you resolve the issues your organisation is having and get you onto the right track to become a cybersecurity aware and secure organisation. Get in touch if you need help taking proactive measures to secure your business against cyberattacks.
You may have noticed, we take cybersecurity threats seriously which is why we ensure IT and web based systems are secure from cyberattacks. We help organisations like yours become a cyber aware and cyber secure organisation. We can only do so much ourselves, which is why we encourage organisations of all sizes to start investing in cybersecurity protection before you are the latest in a long line of statistics about the disruption and impact from cybercrime. If you don’t have the skills in-house to deal with issues like this, you need to be working with a company like ourselves to secure your business. You need to take the first step and reach out to IT security companies and ask them to help you to secure your systems. I write blog posts like this not to criticize and point fingers, but to raise awareness and encourage more businesses and organisations to become more cyber aware and secure.
We also sent out the email below to our mailing list who receive priority information on threats like this. If you aren’t subscribed yet, then make sure you fill out your email address in the footer.
WannaCry Ransomware and the NHS
As you will have likely seen on the news over the weekend there has been one of the largest Ransomware attacks in recent history which completely took offline the NHS, many local authorities throughout the UK and has now spread to over 150 countries around the world impacting over 10,000 organisations. As a business, you need to ensure you are protecting yourself against threats like this.
What is WannaCry and Ransomware?
WannaCry is the name of this specific piece of software that has been created by hackers which belongs to a group of cyber security threats known as Ransomware. Ransomware is when a piece of software holds your company to ransom by encrypting all of your data on your entire company systems (file systems, email systems, in-house servers etc.) and you can only gain access to this again by paying these hackers money for them to unlock your files. Money is often paid in cryptocurrencies such as Bitcoins as they are untraceable.
How to Protect Yourself Against Ransomware
Protection against threats like this is actually relatively straight forward. You must be taking proactive steps on a weekly basis to keep your IT systems up to date, patched and secure. Do not expect that either your IT person or your IT Support provider is handling this for you, you need to know exactly what processes are in place for these areas of protecting your business.
Secondly, staff training is extremely important to protecting your business from cyberattacks such as Ransomware. No matter how secure your IT systems are, if unaware staff open an attachment on an email or click on a link they believe to be genuine, this can bring down your entire company systems and stop work altogether. This in itself is not only costly in the form of not being able to work, it is even more costly to resolve situations like this after they have happened. Prevention and protection is always cheaper than the cure.
What to do Next?
As a business you should be investing in regular IT security support which helps to protect your systems from threats like this. This doesn’t have to break the bank either, the systems and technologies that are available today are a fraction of the cost they were 10 years ago which makes them affordable to businesses of all sizes. – Find out more
As a business you should be investing in regular staff training on cyber security threats to minimise the risk of one of your members of staff causing a damaging cybersecurity breach within your company based on lack of awareness. A workshop run at your premises or one of our group based sessions are prefect for companies of all sizes. – Find out more
We cannot stress this enough, when you are proactive dealing with cybersecurity threats, your organisation will be safer. Simply sticking your head in the sand and thinking that it will never happen to you has proven on many occasions to be a very bad decision and virtually always results in a cyberattack happening.
Travel is a competitive market, so it is important that your brand stands out from your competitors when customers are searching on Google for queries such as “Holidays to Kefalonia” and similar review type queries. Rich snippets are a great way to highlight your brand amongst your competitors which can generate additional traffic to your website from Google, leading to increased sales and enquiries.
So what are Review Rich Snippets and when do they show?
Rich Snippets are a form of structured data that simply helps Google to understand what the content on your website is about. There are Rich Snippets for a variety of areas and the one we are going to cover today is specific to highlighting review information on Google. What this means in practice is that when customers are searching for queries such as “Holidays to Kefalonia” or “Holidays to Kefalonia Reviews” there is a greater chance that Google will highlight your website with stars next to your listing as can be seen in the image below;
As you can see here, your eyes are instantly drawn to the listing that stands out from the others with the star ratings. In essence Review Rich Snippets require each individual Review to be marked up along with aggregating this data into an overall review based on all the review data. This information can be from your previous customers who have been on one of your holiday packages, so it is essential to be collecting this data from your customers at the earliest available opportunity.
How to Mark Up Review Rich Snippets
There are many ways to marl up Review Rich Snippet content which gets rather technical, so we’re only going to skim over this information as we don’t want to bamboozle you with the finer technical details. For the purposes of this blog post we’ll use the Greeka.com website as an example and take a look at what they have done to implement Review Rich Snippets on their travel website.
Firstly what you’ll notice when you visit their website is a listing of review information as you would expect to see as a user;
What’s important to note here is two pieces of information. Firstly, you will see the overall reviews listing at the very top which states that there are 71 reviews in total with the average being 5/5 for the reviews that have been left. Then beneath that you’ll notice an individual review that has been left by a customer. As a user, you’ll never notice Review Rich Snippets are there which is exactly why they exist. Review Rich Snippets for travel websites are in the code in the background which is telling Google that there are reviews associated with this specific item such as a holiday package, a resort, a restaurant or a specific hotel for example.
Here’s what this looks like in the background, the code below relates to the aggregate reviews which are what is showing on Google;
What you’ll notice is that there has been specific pieces of code wrapped around the content on the page which state that the destination has an average review of 5/5 from 71 people. When you read through the code you’ll notice there are specific pieces of information such as ‘best’ and ‘average’ and ‘votes’ etc. It is this information and more that Google is using to generate the visible star ratings on the Google search results that customers see when they are searching for travel companies.
Likewise you’ll also notice when reading through the code on the page that each individual review also has specific Review Rich Snippet data marked up around it too as you can see in the image below;
With information such as ‘reviewRating’ and ‘worstRating’ and ‘ratingValue’ for example being some of the key pieces of information Google requires to be able to see how the overall review ratings have been calculated.
Ok, that’s enough code for now. In essence, to get Review Rich Snippets and star ratings showing on Google it is important that you implement the code correctly which ties in closely with the technology that is powering your website. There is no one-size-fits-all approach here as every website is different.
If you’d like to implement Review Rich Snippets on your travel company website then get in touch and we’ll work closely with you to implement Review Rich Snippets so you can stand out from your competitors and boost website traffic and sales.
By default MySQL FULLTEXT search will not search for words that are less than 4 characters in length. For many things this can be great as many words less than 4 characters are generally stop words such and often aren’t valuable, for example words such as, the, and, if, on, etc. Although this isn’t always the case and in certain circumstances small words are actually really important. For example, let’s say you’re looking for a new developer job using any of the following technologies, ios, php, C#, .Net, ASP, etc. In these cases, the default MySQL FULLTEXT search default minimum characters actually prohibit results being found, which isn’t a great user experience. As such, you may want to update your MySQL FULLTEXT search functionality to enable smaller words to be searched for while quality results are being identified.
Edit My.cnf File
The my.cnf file on your web server generally sits under /etc/my.cnf and allows you to customise your MySQL configuration. You can edit this file by logging into your web server using SSH, navigate to the correct folder and run the command pico my.cnf which will allow you to edit the file.
Now you need to add the following line of code at the bottom of the fie which will allow MySQL FULLTEXT search to search for words with a minimum word length of 2 characters, ft_min_word_len=2
Once you have completed this, save the file.
Next you need to restart the MySQL service using the following command, service mysql restart which will ensure that the MySQL service will use the new configuration data once it has restarted. Should you experience a problem restarting MySQL, then remove the code you just added in the my.cnf file or comment out the code with a # at the start of the line. If you’re not aware, the following commands also exist which can come in handy should the MySQL service not restart smoothly, service mysql stop and service mysql start.
Rebuild All MySQL FULLTEXT Indexes
Finally you need to rebuild all your MySQL FULLTEXT indexes that you are using on your database. If you only need the smaller words to be searched on specific tables, then you clearly don’t need to rebuild the ones that aren’t relevant, although it can be handy as this could save you hours of debugging further down the line if different tables are using different minimum word lengths. Login to your phpMyAdmin if you’re running this on your web server to access the MySQL database then run the following command on which ever table you want to update, REPAIR TABLE <TableName> QUICK;
All done! Now your MySQL FULLTEXT Search will be able to search on smaller words than previously.
Some additional resources that can come in handy include official documentation about how to fine tune MySQL FULLTEXT searches.
Digital technologies, online marketing and cyber security is at the forefront of the world we live in for businesses looking to connect with their customers, grow their market share and keep customer data secure from cyber criminals. What this means is that many of the services we offer can often be confusing to businesses who aren’t heavily involved in this work on a day to day basis. That’s why we’ve hugely simplified our service offering to help businesses like yourself understand what we actually do and most importantly, how we can help your business grow.
Sectors We Help
We work with businesses of many varying shapes and sizes. We understand the following industries through and through which means that if you are working in one of these industries, then we can help your company with digital services;
What We Actually Do
In essence, we do three core activities, we build things, we make them perform with digital marketing and we keep your customers data secure online.
As can be seen as you browse around the website, high quality work with a results driven focus is at the forefront of what we do as we work in partnership with companies like yourselves who are ready to take your business to the next level. We don’t built cheap websites and we don’t offer cheap discount services because quite simply, you get what you pay for when working with cutting edge technology for your business. We pick up a lot of projects when others have failed to deliver.
Ready to take your business to the next level? Then drop me an email directly, firstname.lastname@example.org. I’d be happy to meet for a no obligation consultation and talk through where you are looking to take your business over the next 12 months and how we can help you along that journey.
For those of you using Microsoft Exchange for your email platform, be aware of the latest phishing email going around telling you that you;
“Your email have exceeded maximum disk quota allocated, we require re-activation to continue using mail service…. Our system will automatically purge out mail that have exceeded quota, to avoid this please kindly follow our instruction.”
As always, if any email looks suspicious, never click on any links that you see. In this particular case, the email ‘from’ address which has been blurred out above is clearly not from Microsoft, it was from an IT company based in Australia. It is likely they have been hacked their self then their web server was used as a way to attack more businesses. While the ‘from’ email address can be easily faked, when the from email address is clearly not from where you would expect, this is a clear sign that this email is fake. In addition to this, when you hover over the link in the email, the link URL is to a strange website with a lot of random characters which is another clear sign that this email is a phishing scam.
Always keep an eye out for phishing scams like this
You may have recently received an email from Google Search Console warning you that your website is being flagged as Non-Secure Collection of Passwords as can be seen below;
If you have been sent a message like this, you need to act before it is too late. You have received this message because your website is running over HTTP instead of HTTPS on pages that you collect sensitive information. Whenever either you or your users enter sensitive information on any website using HTTP, i.e. http://www.contradodigital.com/wp-login.php then this information can be seen in transit by anyone listening in on the network.
What you need to do
The solution to resolving these warnings is actually relatively simple. If you want to have a go at this yourself, then make sure you claim your free SSL certificate and update your website accordingly. If you need any help implementing this then get in touch and we can help you with the process.
Google Search Console, formerly called Google Webmaster Tools, has started to inform WordPress website owners when security updates are available. This is a great effort by Google to help website owners and businesses keep their websites safe and secure with regular WordPress security maintenance.
While this is a great step forward, as a business owner you must not wait until you see these kinds of messages from Google until you take action to update your WordPress website. These messages are purely focused at the WordPress Core files, which is only a small part of WordPress security. If you think of security like you would with a building, imagine WordPress Core files being your front door. Just because your front door is locked, it doesn’t mean that you haven’t left your windows, back doors, side doors and garage unlocked and open. It is the same concept with WordPress security. You must be taking proactive measures to protect your website against hackers.
If you aren’t sure how to go about dealing with WordPress security, then fear not, drop us an email and we can talk you through the options available.