How To Avoid Phishing and Spear Phishing

Phishing is when someone sends you an email that looks like it came from a bank or service you trust. They try to get you to open an attachment that compromises your device or to click on a web link and to sign in on a malicious website.

Spear phishing is the same as phishing, except the email you receive is especially crafted just for you. The attacker has researched you well and knows who your friends, family and associates are. They may know who you work for and what you are working on. The phishing email received in a spear phishing campaign looks much more authentic, appears to come from someone you know and may refer to something you are working on. Spear phishing attacks have a much higher success rate.

Follow these two simple rules to avoid a phishing or spear phishing campaign:

  1. Never open an attachment unless you are 100% certain that someone you trust sent it to you. If you have any doubt at all, pick up the phone and call the person.
  2. Never click on a website link unless you are 100% certain that the person or organization that sent it to you is someone you trust. When you do open the link, check your browser location bar at the top for the following:
    • The location should start with https://
    • The part after https:// should be the domain name of an organization you trust. For example, it should say and not Everything from the first forward slash to the final forward slash in the location should be a name that you trust.
    • The https:// part should be green if you are using Chrome and it should also say “Secure” to the left.

If you receive an email that looks suspicious in any way, just delete it. Then pick up the phone and call the person who sent it to you. They may not know their email account has been hacked.

How To Avoid Social Engineering

Social Engineering is what happens when someone phones you and pretends to be an organization or individual that you trust. They will try to get sensitive information out of you including passwords, usernames and a description of systems that you have access to.

This kind of attack is common and is used to commit tax refund fraud. It is also used to gain access to your bank accounts. You will even find attackers trying to get access to your workstation by telling you that they have found something wrong and asking you to install their software to fix it.

You can use a simple technique to avoid social engineering scams. Usually the individual will claim they’re from a reputable company or organization. Simply hang up, find the organization’s central number, call back and ask for that individual or someone in the same role.

Using the callback method is an effective way to defeat social engineering.

Staying Safe Online: The Connect4 Cyber Security Survival Guide

Today I’m publishing a guide that I hope will help improve your personal online security. This guide focuses on the basics – how to reduce the life-altering risks we face as we navigate the internet.

This is a Cyber Security survival guide. I’m going to start by giving you a clear picture of the current state of Cyber Security. Then I’m going to prioritize what you should be protecting. I’m going to focus on the biggest risks and I will explain how to reduce the risk for each category.

If you find this useful, please go ahead and share it extensively.

Current State of Cyber Security

Would you believe it if I told you that there’s a 66% chance that your data has already been stolen and will be stolen again and again? Unfortunately, it doesn’t matter whether you use secure passwords, two-factor authentication, are young or old, or which websites you visit or businesses you do business with. At various points in your life, your data will be stolen. And in all likelihood, it will be stolen repeatedly.

Today, 64% of Americans have already had their data stolen through data breaches. That is almost 2 out of three people.

In the past 3 years we saw the first data breach of more than 1 billion user accounts with the Yahoo breach. That breach affected 1 in 7 people on our planet! In the United States, the OPM breach included the data of our top spies, including their fingerprints and personal data. Even our intelligence services can’t protect highly confidential personnel data.

Data has been stolen from private companies, intelligence agencies and the military. Even cyber security companies have had their data stolen.

How Data Is Stolen

Even if you use a strong password, two factor authentication and best practices for security, your data will still be stolen because the companies whose services you use in some cases will fail to protect their own networks and systems.

How to Prioritize What to Protect

If data breaches are the new normal and if you accept the premise that they are inevitable and unavoidable, the problem we need to solve in our personal and business lives becomes “How do I reduce the risk and the impact of a breach?”

It’s helpful to start this conversation by trying to prioritize what we need to protect. I’m focusing on the really important, upper level things and this is my prioritized list so it’s possible your list could be in a different order.

  1. Information about us that could help criminals target us in the real world.
  2. Our financial means – savings accounts, ability to borrow, and our assets.
  3. Sensitive personal information – medical records, tax data and other private data.
  4. Our ability to earn an income through our reputation and our ability to provide products or services to people.

Preventing Criminals from Targeting Us in the Real World

In most of the developed countries, it is rare to hear stories of real-world targeting of individuals through information they have ‘leaked’ into the cyber realm. But in developing countries where there’s a greater disparity of wealth, or if you happen to be a superstar or athlete in a developed country, it might be good to:

  • Never show high value items (like jewelry or cars) online.
  • Share your location in general terms, and if you want to share a specific location, do it after you have left that location.
  • Don’t share information that may indicate when or how much you’ve been paid.
  • Consider making social profiles only available to people you have approved.
  • If you work for someone or some entity with access to highly confidential information, avoid disclosing who your employer is and what your job title is. This includes public websites like LinkedIn.

Protecting Your Financial Means

I’m not concerned with credit card fraud in this section. That risk falls on the vendor and transactions can be reversed. Instead, I’m focused on the kind of risk that can have a permanent impact on your financial well-being.

If an attacker is able to authorize a wire transfer from your savings account, they can empty your bank account and the funds may never be recoverable. This risk applies to savings accounts, checking accounts and investments like brokerage accounts and money market accounts.

If they are able to borrow in your name, it can permanently damage your credit score and your ability to borrow money to buy a home, for example.

I suggest taking the following steps to reduce the risk of large scale financial fraud:

  1. Make a list of savings and investment accounts. Audit each account to determine how you prove your identity when transferring funds and get a clear idea of what an attacker would need to do to commit fraud on each account.
  2. Implement any additional security provided by your banks or brokerages:
    1. callback to a predetermined number.
    2. authorization from multiple parties prior to transferring funds.
    3. two factor or hardware-based authentication.
    4. limiting transaction size when not in person.
    5. real-time alerts.
  3. Monitor account statements weekly. Make this a routine.
  4. Place a credit freeze on your credit report if you are in the U.S. This restricts access to your credit report and makes it difficult for thieves to open up accounts in your name.
  5. Place a fraud alert on your credit report – also if you are in the U.S. This lasts 90 days and forces businesses to verify your identity before issuing you credit.

In all of these cases above, if you are able to choose a password, choose one that is complex (more than 12 digits and including uppercase, lowercase, numbers, and other characters), and use a password manager.

Protecting Your Sensitive Information

Sensitive data that you need to protect includes your medical data, tax data, and social security number. There are two surprisingly easy ways of protecting this information.

First, try to avoid creating data about yourself. If it doesn’t exist, you don’t need to protect it. You will frequently find forms that ask for your social security number or equivalent. Most of the forms don’t actually require it. Don’t provide it if it’s not required.

Second, the best way to protect data is to delete it. Once again, if it doesn’t exist, it doesn’t need to be protected. Don’t hoard sensitive data. When you do need to store and protect your sensitive data, encrypt it and use strong device passwords.

Protecting Your Ability to Earn an Income and Protecting Your Reputation

Most of us rely on some type of IT infrastructure to earn a living. Whether you are an architect, photographer or computer programmer, it is important that you secure the systems you use. Here are a few tips to secure your own systems and the services you use:

  • If you have a WordPress website, make sure that you have a malware scanner and firewall in place, and look into upgrading your security by using SSL.
  • Use a password manager like Last Pass to automatically store and generate long complex passwords that are different for each system you access.
  • Secure your phones, tablets, laptops, and PCs by using disc encryption when available and use complex passwords for device access.
  • Avoid adding data to systems that you need or use.
  • Enable two-factor authentication on all systems or services you use.
  • Keep backup drives in a secure place and destroy sensitive data that you don’t need. Never simply throw backup devices in the trash without either using a secure wiping software or physically destroying them with a large hammer.
Protecting Your Online Reputation

If you use social media, never simply ‘Share’ or retweet someone else’s post until you have fully read it, understood it and also understand any context around it. If you accidentally share something that is highly controversial without fully understanding what you’re sharing, you may find your professional reputation severely damaged.

Secure any social media accounts that you own. If your account is hacked, it may be used for spam which could damage your online reputation.

Secure any websites that you own. If your website is hacked, it will damage your search engine ranking and infuriate your customers if their data is stolen. This can have a severe impact on your reputation. If you use WordPress, install Wordfence which will help prevent a hack.

When installing apps on your smartphone, avoid apps that are aggressively viral. Some apps gain access to your contacts list and can SMS, private message or email your contacts a message from you that suggests they also sign up for the service.

How to do SEO for Small Websites

I hear it all the time: “My website or budget is too small for SEO.” “We don’t have the traffic…no one ever visits our site.” Believe it or not but you should spend time on SEO especially if no one visits your site. SEO for small websites is even more important than SEO for big websites.

The whole point of SEO is to make your website more visible. If you’re not doing SEO, your visibility isn’t increasing. Think about it – doing just a little SEO could mean the difference between having 0 visitors and having a few warm leads from your site.

Here’s how to do SEO for small websites with little to no traffic.

  1. Develop a content strategy – most small sites hesitate to create a content strategy because they think it’s too much work. It takes some work and advance planning, but it’s well worth it. In today’s world, people want answers – people are seeking authoritative answers to their questions. Do you ever turn to Siri for the answer to a question? Where do you think these answers come from? They come from people who create website content. Research long tail keywords. Plan ahead of time and try to publish two blog posts a week. Branch out to different content types. Share your content on all the big social networks like Facebook and Twitter. If you’re part of a niche group – like therapists – consider smaller social networks and niche sites.
  2. Nurture a following – marketing is interactive. Brands engage customers through social media and many top bloggers have ongoing conversations in the comments section. You need to identify your audience, build a solid value proposition, and then build your audience through guest posting and paid advertising.
  3. Optimize your site for mobile – truly optimizing a website for mobile devices is more than creating a mobile version. You have to change a lot but start with page speed.


You don’t need a huge website to get some of the best SEO results. Follow my tips for how to do SEO for small websites and your website will become more visible. The lesson is that it’s never too early or too late to learn the basics.

How to add internal links to your website

Adding internal links to your website is a critical part of SEO as well as improving usability on your website. This post will provide you with the best practices for adding internal links to your website. But before we start, it’s important that you already:

  • have written content – pages or blog posts – on your site.
  • are continuously creating new content. Getting into a regular publishing schedule is important in order for this technique to work effectively.

Link from content-heavy pages to other content-heavy pages

The best internal links are those that connect one article to another. This creates a strong internal linking structure deep within the site. If your website navigation is decent, you’ll have enough linking structure to the site’s main pages such as the homepage, the about page, the contact page, etc. You don’t need to link to these pages!

Create text links using anchor text

The best links use descriptive anchor text. What do I mean by descriptive anchor text? Anchor text is the word or words that are linked to another page.

Your internal links should use anchor text. But not – click here. Click here is not descriptive. It doesn’t tell the user what the click will do or where it will go. I recommend linking using phrases that describe what the target link is about. Here are some examples:

If I want to link to an article about raising sheep, I would do it this way:

If I wanted to link to an article about Google Hummingbird, I would do it this way:

In each of these examples, I’m associating the subject of the link target with relevant phrases.

Do not do these things when creating internal links

  • Do not try to create an exact match between the anchor text and the link target. This technique, known as “exact match anchor text” has been associated in the past with SEO penalties through the Penguin update.
  • Do not use phrases like “click here.” This adds no value.
  • Do not link more than one sentence. An entire hyperlinked paragraph is clunky and unsightly. It makes for a poor user experience. Just stick to a few words or a phrase.

Every time you write an article or blog post, link to four or more old posts.

When you write a new piece of content, you should link to old articles. If you can, try to add five links.

Why? Google likes sites with new content and uses that as part of its ranking algorithm. Links from new pages add new page value to older pages.

Update old blog posts with new internal links

You’ll get the largest boost from your internal links if you combine it with another easy SEO technique – updating old content. When you update old content, Google will scan it again, re-index it, and likely boost its ranking slightly. Here’s a good process to follow when updating old articles:

  • Add a new paragraph of content at the beginning, explaining the updates.
  • Add several new paragraphs throughout, adding additional or updated information.
  • And most importantly, add several new internal links to the content you’ve recently created.

Adding links in places where it’s logical and value-added

Look for areas in the content where the subject matter overlaps. These are logical points of connection to create an internal link.

Broken Backlinks

Make sure you don’t have broken backlinks. These can hurt the final outcome!


How to Use Long Tail Keywords in Headlines

According to Worldometers, every day we are inundated with more than 2 million blog posts and 200 billion emails. No matter what you are writing – blog posts, emails, online ads, or anything else – the headline is a crucial element. How do you get people to stop and read what you write when there’s so much competing content? If you get the headline right, you will probably be positioned at the top of the search results pages. A truly great headline might even prompt people to respond and share your article. Keyword-rich headlines will improve your website rankings and increase engagement with your audience. Your target audience is looking for blog posts that will solve their problems and address the keywords they typed into Google’s search box.

Follow this 3-Step Process for Using Long Tail Keywords in Your Headlines

First Step: Research and choose long-tail search terms.

Let’s stay with Google AdWords Keywords Planner for our example.

On the dashboard, type in your main keyword phrase (e.g., start small business) and click the “Get Ideas” button.

You can see the long-tail keywords that we’ll integrate into our blog post headlines:

starting a small business checklist
best small business to start
steps to starting a small business
help starting a small business

Second step: Model popular and viral headlines.

You can’t just pick long-tail key phrases. You also have to identify viral content specific to your industry, learn from it, and then improve upon it.

When you find headlines that have been shared thousands of times on Facebook, Twitter, LinkedIn, etc., it means that you can get great results, too. All you have to do is study them and incorporate the underlying strategies into your own content.

How do you find these viral blog post headlines?

Visit BuzzSumo, input your main keyword (i.e., start small business), and click the “search” button.

The two viral headlines are:

5 Simple Ways to Start a Small Business ~ 102,658 Facebook shares
6 Things I Wish Somebody Had Told Me When I Started My Small Business

Third step: Create your headlines using the viral headlines as a model:

Original Headline: 5 Simple Ways to Start a Small Business

Keyword phrase to integrate: steps to starting a small business

Unique and keyword-rich blog post headline based on the model:

7 Steps to Starting a Small Business and Growing It
3 Simple Steps to Start a Small Business That You’ll Love

When I find a headline that makes me click, I’ll copy it, study it, and create a unique and better one.

Check For Vulnerabilities In Your Connected Devices

Last week’s DDoS attack on Dyn shut down portions of the internet. A DDos attack is a distributed denial of service attack. Dyn is a major DNS provider. The attack was created by a botnet that took control of a bunch of different connected cameras that still had the default passwords in use. In order to understand how to protect yourself, you need to check for vulnerabilities in your connected devices. And to do that, you need to understand what a DDos attack is and what DNS is first.

What’s a DDoS attack?

At the most basic level a distributed denial of service attack works like this. An attacker sends an onslaught of packets – essentially just garbage data – to an intended recipient. In the case of the most recent attack, the recipient was Dyn’s DNS servers. The server is overwhelmed by the garbage packets, can’t handle any new incoming connections, and eventually slows down significantly or crashes entirely. What’s new about this particular attack is that it’s now possible for an attack by a group of hijacked insecure network devices. The group of hijacked insecure network devices become a DDoS army that can work together to bring down a website.

What’s DNS?

DNS stands for Domain Name Servers. These are the internet’s equivalent of a phone book. Domain Name Servers maintain a directory of domain names and translate them to IP addresses. Without DNS, we would have to remember the IP addresses for websites instead of their easy to remember names. Google’s IP address is but most IP addresses are far harder to remember.

Why Should I Check For Vulnerabilities in Connected Devices?

Since last week’s DDoS attack was created by a botnet that took control of a bunch of different connected cameras with default passwords, it’s important to run a scan on your own network to make sure you don’t have any devices that are essentially open and accessible to an internet hijacking. To scan if you have such devices on your network, Bullguard Security created IoT Scanner. Go to the site, click the scan button, and IoT Scanner will look for open ports on your network.

If IoT Scanner comes back saying that your network can be breached, that means some device that’s connected to your Wi-Fi network has an open port that makes it accessible from the internet. This could be on purpose if you’re running a server or have some other device that you can access from outside your home network. If you’re not doing that and IoT Scanner says your network can be breached, then it’s a good idea to contact your IT professional and see which device has that open port.

Like most tools, take the results with a grain of salt and use this as a starting point to really secure your network.

Online Shopping? How To Get The Best Price

Thanks to dynamic surge pricing, retailers have made online shopping more complicated for shoppers. It used to be easy – practically any online shopping purchase was less expensive than one made at a brick and mortar store. With dynamic pricing – businesses set prices based on market demand and user browsing – online shopping requires creative tactics. Follow the tactics below and I guarantee you’ll get the best prices for anything.

Abandon Your Cart

This is the online shopping way of playing hard to get, but sometimes it really pays off. If you’re not in a hurry to order something, leaving items in your cart may prompt retailers to email you a discount code after a couple of days. “Did you forget something?, their emails might say. “Here’s 25% off!” Just make sure you’re logged in while you’re shopping or else they won’t have an email address on file to send a code to.

Open A Chat Window

Take advantage of any ecommerce site that has chat support. Many of these chat tech support people have the ability to offer you discounts or offer you items that are in stock but not yet on the website. This works particularly well for big companies. I’ve used this online shopping strategy with success on the Dell Outlet site many times.

Use Wikibuy

Wikibuy is a web-brower extension. With Wikibuy, customers browse Amazon while the extension searches through hundreds of sellers for better prices and coupons.

Shop on Mondays

Optimal shopping times and days vary depending on what you’re buying. Prices change based on the day of the week or month, and different retailers operate on different markdown schedules. In general, however, you can score the best deals shopping online on Mondays, especially if you’re looking to buy consumer electronics.

Set Up Alerts

There are ways to alert yourself about price drops and also to predict when prices may drop in the future. CamelCamelCamel lets users monitor price fluctuations for any item on Amazon.

Go Under Cover

Believe it or not, but much of the pricing that you see on Amazon is based on your own browser and purchase history. If you go incognito and eliminate some of the information that retailers have on you, you might find that prices are lower. One easy way of doing this is to browser in a different browser from the browser you’ll use to make your final purchase.

Be A Brand Evangelist

If you show interest in a brand by signing up for email lists, you will often get exclusive offers and early sale access. You also get a lot more junk email so there’s a clear trade-off.

5-Step Checklist for Revamping Your Small Business Online Presence

According to Adweek, 81% of consumers conduct research online before buying something. You almost certainly already know this and pivoted your business storefront online years ago, but unless you are remarkably vigilant of the latest trends, your online presence could probably use an upgrade.

Changes continuously sweep across the internet, social media, Google, and the content marketing world. Your online business presence must change too, or you risk receding into obscurity, stagnating with an out-of-touch website or, god forbid, a MySpace page. Most small businesses aren’t maximizing their online presence. Less than half of small businesses advertise online, pay attention to Search Engine Optimization, or have a social media presence, and a quarter of small businesses don’t have a website at all.

For those who wish to gain a competitive advantage, consider this 5-step checklist for revamping your online presence before 2017:

  1. Re-assess and Segment Your Target Market

Before you make any actual changes to your online presence, it’s important reconsider your target market. Identify the common characteristics of your target market. Then segment that market into specific groups of people. Without segments to focus on, you will never have a highly-focused and effective campaign.

For example, an online clothing store has segmented their market – men’s and women’s – to push customers down the sales funnel toward their desired destination. Customers are looking for something specific from you – so direct them to that segmented goal.

  1. Listen to and Engage with Your Audience

Now that you have your target market segments, engage with them and conduct some experiments. Find the best channels to interact with your potential clients. Social media platforms often break down along demographic lines. Do you have a professional, career-oriented customer base? Try LinkedIn. Focused more on female creatives? Try Pinterest. Once you’ve zeroed in, engage with your audience, track their online activity, and set up Google Alerts to figure out how to best design your online presence to match your audience’s tendencies.

  1. Optimize Your Landing Pages for Conversions

The main goal of improving your online presence is to maximize conversions, turning a casual visitor to your website into a customer. Your landing page is therefore mission critical. Most site visitors spend only up to 8 seconds before leaving your landing page. This means that you must use the most effective design tactics possible to keep your visitor’s attention and readily satisfy their needs. Also remember that every page on your site is a possible landing page – not everyone will enter your site through the front door.

  1. Don’t Forget About Mobile

There are still many small business websites that aren’t optimized for mobile devices. This should be a major concern. To make the most of your online presence, make sure you hire a web designer who works in responsive design, who can create a flexible website for both desktop and mobile.

  1. Take Advantage of Google

Your business may not show up on Google Maps unless you’ve claimed your Google My Business. If you haven’t done this yet, do this immediately. Google accounts for more than 70% of all desktop searches. If you’re not maximizing your use of everything that Google has to offer, you are invisible to many potential customers.

How To Get Great Online Reviews

Great online reviews are important to consumers and businesses. With today’s fast pace and the ubiquity of internet access, consumers consult online reviews before making purchasing decisions. Reviews can literally sway you towards or away from a product or service. Whether these reviews are on Amazon, Google, Yelp, or a medical doctor review site doesn’t really matter. What is important for businesses is understanding that buying decisions are influenced by online reviews. People trust online reviews almost as much as personal recommendations.

No matter how hard you try, you will get some bad reviews. They are inevitable. Somewhere along the line, a customer will have a bad experience and will voice their displeasure to the world. While you can’t stop this from happening, it’s not the bad reviews themselves, but how you deal with them that has the biggest impact on future buying decisions.

The most effective way of reducing the negative impact of negative reviews is to increase the number of positive reviews.

Getting your customers to give you good reviews can be tricky.

The Most Important Thing You Can Do To Get Great Online Reviews

When it comes to getting good reviews, there’s one thing that makes a huge difference. Deliver an exceptional customer experience. Happy customers will help you grow your business.

Ways To Get Positive Online Reviews

Here are five legitimate and effective ways to get positive online reviews.

Ask The Right Customers

Your customers might love you and be thrilled to be doing business with you, but you’re not at the center of their world; they are. They aren’t spending their free time coming up with ways to help your business. If you want that help, you need to ask for it.

But if positive online reviews are what you’re looking for, then you need to be asking the right customers. The right customers are the ones who are getting the most value out of your product.

If you know some of your customers are referring other customers, then first reach out to the referrers for a review.

Ask at The Right Time

The best time to ask for an online review is when the value that you’ve delivered to the customer is at the top of their mind, making it easy for them to recall what happened and write an honest review.

Ask the Right Way

Want to lose your credibility as a business with a single word?

Send an email asking for “good” reviews. Or “positive” ones. Or any other adjective that suggests that you might be trying to tell your customers what to write, even if it isn’t true.

How to ask for a review (in an email)

Hi _________,

Thanks for coming in the other day. I appreciate your making time to see us.

If it’s not too much trouble, I have a quick request: could you please leave an honest review on (Yelp, TripAdvisor, Google, blog, etc…) Here’s a link.

Even a sentence or two would be hugely appreciated. If it helps us get more awesome customers like you, it’ll let us keep making (your business) better for you.  J

Thanks, and if there’s anything I can do to help you, don’t hesitate to let me know.

If You Get Ignored, Don’t Be Afraid to Ask Again

If your request for a review didn’t even get opened, that doesn’t necessarily mean that a customer doesn’t want to help you. You may have caught them at a bad time, or your email might simply have gotten lost in the fray of the average bulging inbox. Remember that ultimately customers with great experiences will want to give you a good review. It’s just a matter of timing. So don’t be afraid to ask your great clients two or three times if you get ignored.

Make It Easy for the Reviewer

Perhaps the most important step in getting great online reviews is making it easy for your reviewer to give you a great online review. Make sure your directions and expectations are clear and concise and if possible be sure to include a link directly to the online review form.