Thursday, May 15, 2008

Domain Registry of America

Hi All, this is just a reminder that if you get snail mail from "Domain Name Registry of America" this IS junk mail. They are fishing for your domain name business, please re-read the first paragraph of the letter and don't panic :)
They send letters out every year about this time and I have gotten a couple of panicked phone calls already. So take a deep breath and smile.

Friday, April 18, 2008

Important to Lodging!!!!!! and small merchants

Level 4 Merchants- This means you guys!!! lodging, inns and b&b's and other small merchants (Mom & Pops)

Please forward this to other inns that you know as it is important!!!!!!

CISP BULLETIN-Level 4 Merchant Compliance Program Requirements

Most of you use third party reservations software to process reservations and take credit card information. Most of you that I work with use either Webervations or Availability Online, both are currently CISP-Payment Card Industry Data Security Standard (PCI DSS) compliant.

But-- this is the important part. You do not process credit card information through your websites, but because your website LINKS to the third party that does do it………….. if they get hacked, YOU are liable.

The result of this may be, that all of you may be required to install and institute an SSL (Secure Sockets Layer ) certificate on your website, even if you DO NOT process secure information through it.

Your credit cards companies in the next few months will be having security companies contact you about allowing a port scan of your website. This is not spam.

Please forward the email with the IP address they are requesting the scan to come from:

to me if you are one of my inns or to your website designer to take care of. I will contact the hosting company you are on and have them allow the port scan.

Depending on the credit card processing company and the security company you may be required to install the SSL certificate.

I am currently researching more information about this and will have some suggestions of some reputable companies to purchase an SSL certificate though. Currently my hosting company does offer them if they need to be instituted.

The rate for that is $35 to install it and $115 a year to maintain it. They can allow third party certificates but the installation charge is the same.

I don't currently know what other companies charge for this, but I will have more information as this continues to unfold.

Please find some current documentation about this here:

Wednesday, April 9, 2008

In my email box this morning

In the subject line: EVENT (thats all it said!)

The body of the email:
The Millionaire Entrepreneur Boot Camp
ATTENTION: NH Women Entrepreneurs

“Learn How To Get More Clients,
Close More Deals, Crush the Competition
And Add $250,000+ To Your Bottom Line
In the Next 10-12 Months. GUARANTEED!”

In 5 hours on April 14th, from 10-3PM at the (Blank) Inn, (Blank), NH you are going to be given a system of sales and marketing that will allow you generate an additional $250,000+ in income in the next 12 months…. 100%, MONEY BACK GUARANTEED!

If you are in sales or own your own business, what is going to be taught on how to take you’re career to the next level is going to blow your mind. Whether you sell home inspections, mortgages, real estate, insurance, MLM, web design....whatever..... the 5 hours you will invest
on April 14th will literally triple your client base and income in the next 12 months, by an entrepreneurial guru who started with nothing but a credit card at age 26 and parlayed it into millions by the time he was 30!!! He has been featured on CNBC, Fox News, USA Network, BRAVO TV and now comes to Portsmouth, NH for ONE DAY ONLY! and it’s 100%, UNCONDITIONALLY GUARNANTEED!!

FOR MORE INFORMATION GO To
http://www.yadayadayada.com

SPECIAL ADDED BONUS:
Once you register, email us back at yada@ yadayadayada.com
with your confirmation and you will RECEIVE an additional ticket
ABSOLUTELY FREE! TWO FOR THE PRICE OF ONE!

Ok, my first impression was to simply delete without opening it, but I get many emails from customers and new customers looking for information or quotes to just automatically chuck it. So I scanned it, looked in the context of the text (safely) and opened it.

The NH Women Entrepreneurs is what caught my eye. While I'm flattered that I would be put on some email list for this, this also irritated the heck out of me. Granted perhaps my response to his email was way to snippy but I couldn't resist!

I emailed them back to both addresses I could find and tracked down his bosses email also:

Please remove me from your unsolicited e-mail list!
A couple of comments because you caught me without my morning coffee, I MIGHT have been interested in attending the event, ~if~
1. Someone bothered to run spell-check on this. I don't recall GUARNANTEED!!
as being a word found in the dictionary.
2. There is no unsubscribe for this unsolicited e-mail!
3. I almost deleted the whole email because the word "EVENT" in the subject line
looks a lot like spam. Marketing Sherpa has great tips for this by the way.
4. And for future reference the email link at the bottom goes to your expired login session for your online email, not to the email address.
The seminar does sound interesting, but you all blew it with the email, sorry.

Ok, so I admit it was way to snippy, but having been responsible in the past year for 5 clients for which I do their email newsletters that go out to several thousand people, I try to bone up as much as possible on email etiquette. This is not to say I've never made a booboo, but that particular one had way to many pet peevey things first thing in the morning and hit my hot button.

I do have to give the guy credit, he emailed me right back and offered a free ticket to the event. Although it does tweak me that he emailed me back from both his AND his bosses email account....................................... wonder if his boss knows he reads his email?


Sunday, April 6, 2008

Phishing and Social Engineering Attacks

This morning, a friend sent me this, passed on from a large local company in the Northeast!

"Last night someone called into the (name deleted for privacy) datacenter stating that they worked for Dell and were assisting with a server issue. They sounded authentic and even knew some of the names of some of our associates. They then asked for the password to “login” so that they could continue with the work needed to be done on the server. That caused the support tech to pause and call the network technician and verify if Dell was truly working on an issue. The network tech stated that no work was going on and no password shall be given over the phone to anyone. The caller then hung up. I would like to thank (names deleted for privacy) for following their instincts and procedures by not giving out access information over the phone. But this is not the first of these events to happen recently to our company.

In the past month we have had a tremendous increase in the amount of phishing emails and now social engineering attacks to our system. Phishing attacks have been on the rise lately whereby people receive emails asking them to divulge personal or company account information. Now it seems as if randomly we will receive calls whereby unknown people try to get privileged information or account access info by tricking associates into giving it to them. We have many security controls already established, but if someone were to give out their username and password, the controls we have established would take time to discover the breach and would be after the fact. These attempts are called social engineering attacks.

Remember, never divulge account access (passwords) or user information over the phone to unknown or unconfirmed individuals! If it is someone that you should know and they need assistance, call them back on their known telephone number to confirm it is the person you think it is.

While many companies are experiencing these same issues we need to be particularly vigilant here at (the company) at this time.

Thanks! - (The Boss)"

Remember folks, none of the services we have set you up with will ever contact you by phone or email. You may recieve ICANN notices but will NOT receive requests for information! If it didn't come DIRECTLY from me as an inquiry for info, please forward it to me (so I can track it, if its email) and then delete the email, or take down the phone number if possible and any info they have already volunteered (i.e. I'm from Dell) and give to me and hang up the phone!

Tuesday, March 25, 2008

Lake Sunapee Bank Phishing Scam Plus!

Todays fun phishing e-mail scam targeting Lake Sunapee Bank customers, if an email is received from consumerloan@lakesunbank.com or financialservices@lakesunbank.com. Delete it!

It will ask you to call 888-284-5351 (with no link) or an alternate email asking you to click on the link to verify your cancelled account. This is a somewhat new variation on this type of scam. There is a mirror site set up at banksafe.com, similar to last years Bank of America fraudulent mirror site. The mirror site does indeed link in parts to the actual Sunapee Bank Site.

The 888 number (email has been received by several dozen people so far who have contacted me about it to verify) asks you for your card expiration date and CCV code. They already have your CC/Debit number, Hello and thank you Hannaford!!!!!!!!!!!!

Sunapee Bank is aware of the issue and the mirror site. If you have been not paying attention and have contacted the 888 number or have given out any info online, contact the Bank ASAP. 800-310-6356, they do have a small notice on the bank site itself.
http://www.lakesunbank.com/aboutNews.cfm?selNewsItem=1037

Wednesday, March 19, 2008

Newest Scam!

Emails from support@uscopyrightregistry.com - US Copyright Registry

If you receive an email with this in the content:

US Copyright Registry
244 Fifth Ave, Suite #2279
New York, NY 10001-7604
www.USCopyrightRegistry.com
support@USCopyrightRegistry.com
Toll Free: 1-800-634-5760

WEBSITE COPYRIGHT LICENSING NOTICE

This is a scam!

New Client Area Up and Running!

To all of our customers, our client help area is up and running at http://www.forfengdesigns.com/clientarea

If you have not received the user name and password to access this site, please let me know!

In this area you will find links to useful websites and online newsletters, PDF's of useful marketing both print and online related materials, tutorials and more!