What is SEO Spam and How to Remove It

SEO Spam, also called Spamdexing, is the practice of search engine spamming. SEO spam involves a number of methods, such as link building and repeating unrelated phrases, to manipulate the relevance or prominence of search terms indexed by search engines. Search engine spam is an attempt to change search engine rankings so that website traffic is redirected to a scam designed by a hacker. To do this, hackers gain access to a normal, healthy website, and then inject keywords and links to another website they have set up that is designed to defraud people.

Victims believe they are going to a legitimate website to buy something – usually male enhancement drugs, designer clothing, or sports gear – but they actually get scammed.

Hackers don’t create their own sites because the search engine algorithms are already good enough that they ignore the scam websites. By gaining access to legitimate websites and injecting links and keywords, hackers create a direct path to their scam websites. These hackers are piggybacking on your legitimate website ranking to get noticed.

A good way to understand this better is to open up your favorite browser and search with the terms “buy viagra cialis”. You may not want to do this at the office.

Now, without clicking anything, scroll through the results. Doesn’t it seem strange that the top result is a page on a museum shopping site? The third result is a page on a florist website. The last result is a page on the County Veterans Service Officers of Wisconsin. These are all examples of websites that have been hacked for spamdexing.

What types of SEO Spam are there?

Spammy links

Links are critically important to scammers. Without the links, there is no way to drive traffic to their scam website.

Spammy keywords

When shady keywords appear in the content of a credible website, search engines assume that it’s safe to index the site for those terms. And when people search online – for medicine, male enhancement drugs, sports gear, loan services, etc. – search results often include scams where the buyer pays for something she never receives.

Spammy ads

Sometimes a hacked website includes banner ads or calls to action (CTAs) that directs traffic to their scam website. This can be a fairly effective scam – especially if the hacker has hacked the code behind the call to action.

Spammy posts and pages

This is the worst case example. When a legitimate site already has a good search engine ranking, the hackers will create fake posts and pages dedicated to ranking for a spammy search term.

How can I protect my website from SEO spam?

Unfortunately spamdexing is always a threat for website owners, but the best way to defend yourself from these hackers is by strictly adhering to a few best practices:

  • Run updates – plugins and themes need updates constantly. Don’t ignore these. Updates almost always include security patches to keep hackers out. Without these updates, your entire website has an open backdoor for an SEO spamdexing.
  • Create strong passwords – easy passwords like pass1234 might be easy to remember, but unfortunately they are also too easy to guess. Make sure you are using strong passwords when they are protecting access to your website.
  • Create strong usernames – don’t use admin or administrator as your username.
  • Use a firewall – if you’re serious about preventing spamdexing on your website, a web application firewall is an absolute must-have. It protects you by updating definitions of known threats, kind of like a bouncer at a bar.
  • Scan regularly – the first step to fixing an SEO spam infection is to be aware of it. Too often, website owners have no idea they have been hacked until it’s too late.
  • Make sure your site is backed up – if you do get hacked, it’s always good to have a backup – just make sure the backup goes back before the hack.
  • Hire someone to do this if you don’t know how to yourself – this is the most important best practice on the list. Don’t step over dollars to pick up a penny. If you don’t know how to do all this or know that you won’t do it on a regular basis, hire someone to adhere to these best practices to defend yourself from seo spam.

What if I already have an SEO spam infection?

If your website is already infected with SEO spam, it is very important that you act quickly. This will not fix itself and it’s not a task that you can put off until you have time.

Every second that your website remains infected with SEO spam, you risk serious penalties. You could get blacklisted by search engines so you don’t show up in search results even after you clean your site. Or worse, your customers could go to your website to do business, see the SEO spam, and then never return.

Be patient. Removing SEO spam can take time. If you’re infected, fix it now and protect your visitors and your reputation. And if you don’t have SEO spam, make sure you are protecting yourself by following the best practices listed above.

 

How to Stop Comment and Contact Form Spam

Comment and contact form spam is a total waste of time and there are few things more annoying than sorting through junk mail to filter out varying degrees of junk email.

And if you don’t take the time to clean up all of the spam submissions (and figure out a way to ultimately stop them) you run the serious risk of damaging your brand’s reputation if these spammy messages ever appear on the frontend of your website.

As a website designer and developer you can rest assured because I can help.

There are ways to combat comment and contact form spam and make your life a little easier. I’m sure we all have things we’d rather be doing than sorting out through form spam.

What is Form Spam & Why Does it Exist?

Form spam happens when people submit unwanted information through online forms to phish or send abusive messages.

Form spam exists because spammers look for vulnerabilities in website forms so they can hijack them and use the website forms to relay email spam messages to others. These emails arrive in people’s inboxes looking like emails you might send. People unknowingly open these emails and click the links thinking they are going to your site only to find themselves on an entirely different website. Often the spammer is also trying to game the system by posting hyperlinks to other websites and products so they can gain link equity and a boost in SEO.

How Does Form Spam Work?

Form spam is performed in two ways:

  1. Manual Spamming – manual spamming happens when a company hires real people to manually fill out web forms with information linking back to companies that need link juice. This type of form spam is difficult to beat because human spammers can get through most anti-spam measures a website owner can put in place on his website.
  2. Spambots – spambots happen when programs are developed to seek out web forms and fill them out with the hope that the message will appear somewhere on the website. Think of a commenting or testimonial form that allows messages to publish automatically on your site (don’t do this) without approval can easily have this kind of spam. This type of spam is easier to combat because spambots aren’t human and have a tough time getting past most anti-spam measures.

Why Comment Spam is Bad

Some people will feel that it’s okay to approve comments they might feel aren’t actually legit. There is harm in doing this for the following reasons:

  • Google is cracking down on bad links. This doesn’t just include sites that buy links. It also includes sites that allow them. The last thing you want to do is degrade the quality of your site by allowing spam comments.
  • Comment spam shows lack of moderation. Comment spam gives users the impression that no one is at home maintaining the website. Suppose you are selling a product or service. Clearly you want prospects to believe you will care for them the way you care for your own website…
  • Your readers might not trust you. If a reader clicks on a link in the comments and is taken somewhere they don’t want to be they might not come back to your website.

Eight Ways to Stop Form & Blog Post Comment Spam

If you want to stop form spam, you have to do everything in your power to make it nearly impossible for the spambots to fill out your forms. At the same time, you have to balance usability and make your forms as easy as possible for real website visitors to fill out.

1. Use Contact Forms – Don’t use email addresses

If eliminating as much spam as possible is your goal, your first task should be getting rid of the email address on your website. Why? Spambots that troll websites looking for forms to fill out also look for email addresses they can harvest and use to spam others. There are ways to hide your email address from spambots, but the best solution is to use a paid WordPress contact form plugin like GravityForms or Ninja Forms.

2. Use Google reCaptcha

Google reCAPTCHA is the remake of Captcha. Remember this craziness? Although it was effective in reducing form spam it also significantly reduced real human traffic because it was so hard to use.

Google reCAPTCHA helps you detect abusive traffic on your website without any user friction. Now instead of having to type text or answer a question, site visitors only have to click a button identifying themselves as human so they can submit their form. The takeaway is that you should use Google reCAPTCHA.

3. Use the Honeypot Method

If you don’t like the idea of using reCAPTCHA, you can use the honeypot method instead. Honeypots are tiny bits of code that are used to catch spambots by presenting a hidden form field that only appears to spambots.

4. Ask a Question

Another technique is to incorporate a question into the form. You might use a text question or ask the user to answer a basic math question before they can submit the form. Here are some examples of questions you could use:

  • What is 5+3?
  • What is the first letter in the word “cat?”
  • What comes first, B or X?

The only thing that matters when you use this anti-spam strategy is that you make the question and answer easy enough for people to actually answer. And if you have a global audience, it’s important to remember to translate your forms into other languages.

5. Don’t Allow Links

One of the simplest solutions for stopping form spam is to stop allowing links on blog comments and forms. This won’t eliminate all form spam, but it will certainly reduce it. There are wordpress plugins that do this or you can add this line of code in your theme’s functions.php file:

remove_filter( 'comment_text', 'make_clickable', 9 );

WordPress doesn’t store plain text URLs as links in the database. Instead it changes them into clickable links on the fly. This code simply disables the filter that makes the URLs clickable. Don’t do this unless you know what you are doing or have someone on speed dial who knows how to help you if something goes wrong.

6. Install the Akismet WordPress Anti-Spam Plugin

Akismet checks your comments and contact form submissions against a global database of spam to protect sites from malicious content. This is not the end-all-be-all solution but it works well to complement some of the other solutions I have mentioned above.

Akismet’s top features are:

  • Automated checks of all comment and contact form submissions for spam
  • Automatically filters out submissions that look spammy
  • ‘Unspam’ feature for mistaken spam flagging – when something that isn’t spam is identified as spam

7. Turn Off Trackbacks

Trackback spam is often worse than comment spam. Trackbacks are manual notifications by one blogger that they have linked to your blog post within theirs. Pingbacks were created to automate this process.

8. Turn Off Comments After 30-60 Days

People who comment for link building purposes (SEO spammers) typically look for blog posts with high PageRank – Google’s 1-10 scoring of authority. Typically blog posts start out at a PageRank of 0 and only gain PageRank after a few months. This means that SEO spammers will be targeting your older blog posts.

Conclusion

There is no perfect solution for combatting comment and contact form spam. Whatever you do, don’t rely on a single strategy to stop all the spam on your website.

 

Free Writing & Blogging Tools Updated

I’ve recently compiled a list of free writing & blogging tools. Check out the list and let me know if I have missed any:

Why Every Business Needs A Lead Magnet

If you want to generate leads online your business must have a lead magnet. A lead magnet is essentially a bribe to nudge your target audience into your marketing or sales funnel. You ‘bribe’ a prospect with with a specific piece of value in exchange for their contact information that you can use to create a relationship that hopefully eventually leads to a sale.

lead magnet (a.k.a. “opt-in bribe”) is an incentive that marketers offer to potential buyers in exchange for their email address, or other contact information. – Optinmonster.com

Even if they like you, people aren’t going to part with their email address unless you can give them something special in exchange.

As an example of the lead magnet in action, suppose you have a blog post titled the top 10 ways you can improve your customer service. At the end of the post, you ask readers to join your email list for “updates”.

Or, suppose you ask readers to join your email list and get a free, downloadable PDF case study, detailing a real-life example of one business that used these 10 strategies to improve their customer service.

The second example is a much more powerful lead magnet because the offer is clear and specific.

The value offer of lead magnets are often pieces such as:

  • Case studies
  • e-books
  • White papers
  • Exclusive videos

However lead magnets can also be:

  • Free shipping
  • Free trials
  • Discounts
  • Tickets to an event
  • Tools

Make Your Lead Magnet Irresistible

Super Specific – the lead magnet should not be general. The more specific you are about the benefit of the lead magnet, the better job it will do in terms of generating leads.

Solves a Real Problem – the lead magnet must solve a real world problem. If it doesn’t help your prospective client, it’s not a good lead magnet.

Easy Win – the lead magnet should be quick, simple, and straight-forward and allow your prospect to achieve an easy win.

Quick Read – you don’t want to overwhelm your prospect. Something quick and easy to read and consume is best. PDF lists work really well.

High Value – this is really important. The lead magnet must actually deliver high value. To make it irresistible, it has to appear like a really good deal.

Instant Gratification – people love instant gratification. Create a lead magnet they can see and use immediately.

Demonstrates Credibility/Value – the lead magnet should reinforce what you do.

Why You Should Add a Promo Video to Your Small Business Website

Did you know that 45% of businesses use promo videos on their home page?

Unlike other video content you may use on your website, promo videos give you a chance to introduce yourself and explain what you do.

You can use promo videos on your small business home page, services page, or a product landing page to promote:

  • your products through demonstrations, 360 videos, etc.
  • your company by educating visitors on your business history, your organization’s focus on philanthropy, strong leadership, or some other meaningful item worth highlighting.
  • how a service works to improve the lives of others – this would work well for a non-profit organization.
  • how a product works – what it does and why someone should buy it.

Promotional videos have powerful benefits for business.

Humanize Your Brand

Have you ever noticed how much more effective a marketing pitch is if it comes from a neighbor or a friend or a human being who’s making a friendly pitch? Promotional videos with a strong human element help visitors connect to your brand.

AirBnB does this extremely well. Take a look at their What is Airbnb video below.

Beat Your Competition

If your competitors don’t yet have a promotional video, beat them to the punch. Your promotional video will show your visitors that you, your product, or your process is more transparent than that of your competitors. And when they put up their promotional video, they might appear to just be copycats.

Keep Traffic On Your Website / Help Visitors Stay Longer

Promotional videos help visitors interact with your website in a new and sometimes more intimate manner. Many visitors prefer watching a video over reading content, so a promotional video can also help you sell your products.

Speak Their Language

For many service-based businesses, it can be difficult to explain to prospective customers what you do or why they may need your service. This is even more true for tech companies or companies selling complicated products. A promotional video with a layman speaking can serve to cut through technical jargon.

Start A Conversation

If you have a brand new website or business, a promo video can initiate the conversation or experience a prospective customer may have with a brand.

Give Visitors Something To Share

People love sharing videos. 92% of people who watch videos on their phones share them with others. As long as the videos are configured so that they are responsive and work on mobile devices, they’ll basically have no excuse to not share yours.

This Old Spice video has 54,579,655 views on YouTube:

Increase Search Visibility

If you have great content, people will spend more time on your website. The more time that people spend on your website, the bigger reward Google will have for you in terms of search visibility.

How to Make a Great Promo Video

There are certain trends and phenomena that great promo videos have in common. These are:

  • Great promo videos are short. Usually less than 60 seconds in length.
  • Great promo videos are fun and engaging.
  • Great promo videos are located on relevant pages, landing pages, product pages, and always at the top of the page.
  • Great promo videos always have a call to action.
  • Great promo videos are always high quality. They don’t have to be high budget but they don’t have spelling errors or rough cuts.

It’s very important to only use high quality videos. You would never throw content on your website that’s half completed or full of errors. You also wouldn’t leave broken links on your site or use tiny images or text that visitors can’t see or read. A promotional video needs to blend in seamlessly with the rest of the content on your site and a low quality production could compromise that.

Link Building: Simple Steps to Increase Your Search Traffic

If you’re serious about increasing search engine traffic, you need to focus your efforts on link building. And you must be very systematic when it comes to how you create and promote your content. While it’s true that content is king, you can waste a lot of time and energy if you don’t have a clear content marketing and link building strategy.

Why are links so important?

To answer this, you have to go back in time to days of the internet before Google. Search engines like Yahoo! and Alta Vista were the market leaders. Their search results were ranked 100% based on a web page’s content.

Google’s PageRank Algorithm completely changed the game. Instead of simply analyzing page content, Google looked at the number of links to a page. Now, nearly 20 years later, links are still the best way to determine the quality of a page. Their algorithm keeps getting more complicated, focusing on link quality and not just quantity, but links and link building are still at the crux of search traffic.

If links increase search traffic to my website, how do I get more links?

  • Step 1: Find content worth linking to
  • Step 2: Create new content that’s even better
  • Step 3: Reach out to website owners that have already linked to similar content

Step 1: Find something worth linking to

Your goal is to create a high value page that you can use for links. Keep in mind that this needs to be real, informative, helpful content. Content so useful that people can’t help but link to it. The way you do this is to find content that has already generated a ton of links.

Step 2: Create new content that’s even better

The next step is to take what’s there and create new content that’s far better than the original.

Make it longer

Sometimes if you publish a blog post that’s simply longer or includes more suggestions that will be a difference maker. If you find a link magnet – the article that’s worth linking to – with a title like “50 Ways to Reorganize Your Kitchen”, publish a list of 150 ways.

More Current

Maybe you found a great article that is a link magnet but the content is old and out of date. That’s a great opportunity for you to come along and make it more current.

Snazzier Design

A visually stunning piece of content can generate many more links and social shares than similar content on an ugly page or site.

More Thorough

If you’re updating a list post, go deeper. Most list posts are just a dull list of bland bullet points without any deeper content that people can actually use. If you see a list post like that you can easily add a brief description and a reference that is a link to another site.

Step 3: Get your word out and reach the right people

Step 3 is the hardest part of the link-building process since it involves asking people for links. Instead of emailing random people, you need to find site owners that have already linked to similar content. The theory is that those people are likely more inclined to link to you if they’ve already linked out to another site.

So how do you do this?

  1. Use an SEO backlinks tool like (ahrefs.com, majestic seo, or Open Site Explorer) and export all of the links pointing to your competitor’s content into a spreadsheet.
  2. Omit referring web pages that don’t make sense to contact. Examples of these are forums, article directories, etc.
  3. Email all of them using the following type of template:

Hi [Name],

I was searching for some articles about [your topic] today and I came across this page: [url].

I noticed that you linked to one of my favorite articles – [title of article].

Just wanted to let you know that I created a similar one. It’s like [name of their article], but more thorough and current: [URL].

Might be worth a mention on your page.

Keep up the awesome work!

Best,

[your name]

Obviously you should tweak this template for every person you send this to.

Remember that the goal here is building quality links. You should aim to get a 10% success rate. Hopefully those links that you do get will increase your organic search traffic.

 

Master LinkedIn – 7 Quick Steps to Overhaul Your LinkedIn Profile

LinkedIn was founded in 2002. Unlike many of its social media competitors – Facebook, Instagram, Snapchat – LinkedIn has had sluggish but steady growth. LinkedIn now has almost 500 million users. LinkedIn has 3 million active job listings. 40% of LinkedIn users log in every day.

Like any social media platform, LinkedIn has both the power to promote talented individuals and the liability to destroy your professional image if used incorrectly.

Here are some social media rules and lessons on LinkedIn etiquette:

DON’T Send Spammy or Irrelevant Messages

For some people LinkedIn has become yet another place to bombard others with direct messaging sales spam. They are treating it almost like a secondary workplace email address.

Don’t treat your LinkedIn contacts like an email contact list and just send bulk communications. If you are going to message someone, be sure to write a custom message that is aimed at that individual and contains information that is relevant to them.

DO Use a Professional Headshot

LinkedIn is intended to be a professional networking social media platform. You are going to make first impressions with prospective clients, potential employers, and colleagues via your public profile. You cannot afford to have a photo which represents an image of you that you wouldn’t want others to see.

So, your professional headshot should not include an image of you: drinking alcohol, wearing offensive t-shirts, using holiday photos in general, smoking, wearing sunglasses, or making any ridiculous faces.

Above all, make sure you actually use a photo of yourself. This should show your entire face and should not be blurry thumbnail.

DON’T Make Negative Public Comments

Keep feedback constructive and look to provide this when it has been requested rather than assuming an individual wants to hear your view or opinion. In the same way you shouldn’t overtly criticize a fellow colleague in your workplace, think three times before commenting negatively on someone’s post. If you do feel compelled to respond to something, send the user you’re commenting on a personal message instead.

DO Use Personalized Connection Messages

When you connect with someone on LinkedIn you have the option to personalize your request to connect with a message. You should definitely personalize your connection message. For new connections or individuals you don’t have a relationship with, it’s just common courtesy to craft a personal message. While keeping it brief, hint at why you’re connecting with them. Why would this person be interesting in connecting with you?

DO Check in Regularly and Respond Promptly

Forty percent of LinkedIn users log in daily. As such, it makes sense to check in regularly and respond promptly to messages.

DON’T Keep Your Profile Private

LinkedIn is a powerful networking tool. Don’t hide yourself away. Build a profile that only contains information you’re happy to share publicly.

Do Make Regular Posts or Write Articles

You can write full-fledged articles on LinkedIn that can attract new connections. If your business is B2B, make quality posts on LinkedIn whenever you make business posts on Facebook, Twitter or any of your other social media platforms.

Content Marketing Lead Generation Tactics

Content marketing is one of the most important SEO factors in 2017. This should be no surprise to anyone. Google has long rewarded websites with relevant, quality content. What this means however, is that if small businesses want to compete with big businesses, they need to effectively use content marketing to generate a steady flow of leads. And if done correctly, content marketing will also create awareness, build trust, convert leads, serve existing customers, and help you generate referrals too.

The good news is that you don’t need as much content as you might think. Focus on quality over quantity. Consider writing just one or two blog posts a month, but make sure you adhere to the following system for using content marketing to generate a steady flow of leads.

Content Marketing Lead Generation

  1. Build a list of 6 of the most useful content ideas for your ideal customer
  2. Create a lead generating content upgrade for each of these 6 ideas
  3. Start promoting each idea in social media and advertising

Step 1 – What content should you produce?

The key factor here is to remember who your ideal customer is and remember that effective, lead-generating content is going to be content for that ideal customer. Using your knowledge about your business and your customers, and tools like the Google Keyword Tool, Spyfu, or Semrush, develop a list of core content topics and assign one or two to each month for the next twelve months.

Each theme should be a significant topic related to your business or industry and represent an important search term. Think about it as if it were a book. Each month is a chapter in what could be a book at the end of the year.

Step 2 – What exactly are content upgrades and how do I create them?

The idea of driving someone to your website or landing page and enticing them to give you their email address in exchange for something they are looking for is standard marketing procedure these days. However, the idea of bait for lead capture has evolved. The basic idea behind a content upgrade is this:

Write a great blog post and then when people show up to read it offer them an “upgrade” to the content (check list, video, case study) relevant to the topic in exchange for contact information.

If you can do this correctly, you can effectively convert visiting traffic to a lead funnel. The benefits of content upgrades are:

Creating Content Upgrades

One of the best ways to create a content upgrade is to look at your Google Analytics data and find the most popular content and then consider way to personalize a content upgrade for these posts. Hubspot has a great post from 2016 with 20 example of lead generating content – 20 Types of Lead Generating Content to Put Behind Your Landing Pages.

You don’t have to overthink this. Most people just want a snack – they aren’t looking for a manual. Here are some ideas for good content upgrades:

  • a checklist based on a how to post.
  • take a longer list type of post and then expand on the first 10 in more detail.
  • create a list of tools related to a particular type of advice.
  • create and offer a screencast showing readers exactly how you do something.
  • share a template.

Step 3 – Start promoting each article using advertising and social media

The Field of Dreams mantra just isn’t applicable anymore. If you build it, people won’t really come and they probably won’t find you online. You have to promote your content on social media. Here’s some advice from one of my favorite marketing blogs – Kissmetrics: 17 advanced methods for promoting your new piece of content.

 

 

How Not To Get Hacked – Six Easy Steps

There’s been a lot of talk about Russian hackers these days, and while the thought of getting hacked by the Russians (or anyone else) often conjures up thoughts of Jason Bourne, most incidents of hacking are actually much less sophisticated. Let’s face it, hackers, like us, often take the easy way out and go for low-hanging fruit. The good thing about this is that it’s relatively easy to avoid getting hacked. What follows is a simple primer – how not to get hacked – six easy steps.

How Not To Get Hacked Step 1:

Create Strong Passwords

The first and most important rule is to never use the word “password” for your password. Don’t use these passwords either:

  • 123456
  • 123456789
  • qwerty
  • 1111111
  • 123123
  • qwertyuiop
  • 123321
  • 666666
  • 1q2w3e4r5t
  • google

These were the most commonly hacked passwords in 2016.

What all of these have in common is that they are painfully obvious. It is very important to choose your passwords carefully. Don’t use the name of your dog or cat or children. All of these are easily guessed. Strong passwords are cryptic – a meaningless string of numbers, letters, and characters. It’s also important to not use the same password for everything. Your Gmail or Yahoo password shouldn’t be the same as your Facebook password and that shouldn’t be the same as your bank password. Imagine if you were one of the billion or so Yahoo users who were hacked! The hackers would suddenly also have access to your bank account and your social media presence. They could learn everything about you at once.

Check HERE to see if any of your email account passwords have been compromised. If they have (and they probably were), make sure you go change the passwords at the sites where you have an account (or you set up an account eons ago).

How Not To Get Hacked Step 2:

Stop Trying To Remember Passwords…Get A Password Manager

As a website designer I need nearly 1,000 passwords in order to get my work done. Even if I had a meaningful and secure logical way of producing passwords, I would never remember them all. For the past 4 years I’ve been using LastPass. Basically LastPass creates extremely complex passwords (more than 20 characters if I want) and then remembers them whenever I go to a website. All I have to do is create one very long strong password that works as a master password. The master password will then unlock a secure, encrypted vault that contains each unique password for all of your accounts. Password managers also integrate seamlessly into Web browsers, so you can quickly log into any of your accounts from any of your devices. The basic version of LastPass is actually free. If you want to use LastPass on your mobile devices, then all it costs is $1/month.

How Not To Get Hacked Step 3:

Use Two-Factor Authentication

Two-factor authentication requires you to enter a password and choose whether to receive a second code via email or your cell phone.  Then, that second code is either texted to your cell phone or sent to your email so that further authentication steps will be required. The exact methods may vary, but two-factor authentication is a much more secure way to prove that you’re you.

How Not To Get Hacked Step 4:

Be Wary of Public Wi-Fi

If you take the right steps to secure your Internet connections, you will probably be okay with public wi-fi. However, avoid doing the following things while on public wi-fi:

  • Don’t check email.
  • Don’t access your bank accounts.
  • Don’t shop online.

In general, whether on public wi-fi or not, seek out websites that start with https:// instead of http://. That extra “s” is a critical level of security. Legitimate shopping, bank, and email websites all use SSL encryption.

For more information about the danger of public wi-fi, check out Norton’s post on the risks of public wi-fi.

How Not To Get Hacked Step 5:

Be Defensive and Watch Out for Phishing Tactics

Spoofs are cyber criminals who try to steal passwords from people who actually know how to come up with complex passwords. This is also called phishing. They’ll get you to click on a link leading to a spoofed website that looks exactly like the one at which you have an account. When you “log in” to the spoofed website, your user log-in credentials are stolen. Do not click on the link. Instead delete the phishy email.

How Not To Get Hacked Step 6:

Trust Your Instincts

If an email or website seems suspicious in any way, delete it or don’t visit it. Many of the attacks – an email phishing campaign for example – attempt to take advantage of our caution and reason by appearing to come from an authoritative source – like our banks, credit card companies, or even the IRS. But in reality, most of those entities will mail you multiple letters before any action is taken. If something – even mailed to you – looks suspicious, pick up the phone and call your bank. Don’t use the number on the suspicious mailing or email.

How To Avoid Phishing and Spear Phishing

Phishing is when someone sends you an email that looks like it came from a bank or service you trust. They try to get you to open an attachment that compromises your device or to click on a web link and to sign in on a malicious website.

Spear phishing is the same as phishing, except the email you receive is especially crafted just for you. The attacker has researched you well and knows who your friends, family and associates are. They may know who you work for and what you are working on. The phishing email received in a spear phishing campaign looks much more authentic, appears to come from someone you know and may refer to something you are working on. Spear phishing attacks have a much higher success rate.

Follow these two simple rules to avoid a phishing or spear phishing campaign:

  1. Never open an attachment unless you are 100% certain that someone you trust sent it to you. If you have any doubt at all, pick up the phone and call the person.
  2. Never click on a website link unless you are 100% certain that the person or organization that sent it to you is someone you trust. When you do open the link, check your browser location bar at the top for the following:
    • The location should start with https://
    • The part after https:// should be the domain name of an organization you trust. For example, it should say paypal.com and not paypal.com.badsite.com. Everything from the first forward slash to the final forward slash in the location should be a name that you trust.
    • The https:// part should be green if you are using Chrome and it should also say “Secure” to the left.

If you receive an email that looks suspicious in any way, just delete it. Then pick up the phone and call the person who sent it to you. They may not know their email account has been hacked.