Pelland Blog

Don’t (Always) Blame Your Webmaster

November 28th, 2023

Half the people with websites don’t even know what SEO stands for, but, like an addict, they never think they are getting enough of it. Without question, there is an obsession with the mystery of search engine optimization. Over the course of a year, I field dozens of emails and phone calls from people who have mistakenly been given the impression that there are magicians afloat who hold the keys to secrets that can outsmart Google at its own game. I hate to deliver the bad news, but don’t blame the messenger when I advise that there is no such magic wand. Want proof? Do a Google Search for “best magician in the world”, scroll down, click on “More results”, then repeat, repeat, and repeat. The DavidCopperfield.com website is as invisible as the Statue of Liberty in one of the great magician’s most famous illusions.

We are living in a time when too many of us expect instant gratification in everything that we do. The owner of a new (fictitious) campground in central Oklahoma, with a new website that was just launched the previous month, cannot understand why his website does not appear in the results — er, at the top of the results — when he searches for “campgrounds in the United States”. In large part, this expectation is driven by the countless emails that slip by our spam filters and the robocalls that evade even the best junk call filters, all claiming exclusive knowledge to the secrets to search engine placement. The first thing that you need to understand is that 99.99% of the outfits that contact you regarding so-called SEO services are scams, typically working out of overseas boiler room operations. Some may even represent that they are calling you from Google itself, in this case only the first in a series of utter falsehoods. They may also claim to be a “Google Partner” and display a badge to that effect. If that is the case, they are in violation of the Google Partners badge guidelines which specifically state, “You cannot show the Partner or Premier Partner badge on any materials, such as websites, that advertise Search Engine Optimization (SEO) services without a prominent notice saying such SEO services are not verified or endorsed by Google.”

If that in itself does not make you suspicious of what is being offered, dig a bit deeper and you will often learn that the alleged services involve “creating links in blogs, websites, and directories that are intended … to generate traffic to your website … so that search engines know that this site is important for both its content and the references made to it on other websites.” The “blogs, websites, and directories” referenced are usually owned and maintained by the SEO outfits themselves, with manufactured content that nobody accesses. These backlinks carry little if any credibility with legitimate search engines (which are basically Google and Bing these days) and have zero influence upon search results. In fact, these “White Hat SEO” services are in violation of Google’s webmaster guidelines because they involve the creation of what are considered to be unnatural or artificial links. Rather than helping the SEO of your website, paying for these alleged services could actually inflict harm upon your site’s SEO by penalizing your site.

The Domain Name Services scam. Either throw it out or forward it to the consumer protection division of your state Attorney General’s office.

My favorites are the scammers that send what looks like an invoice, with a “search engine optimization fee” to “renew your listing” on some worthless directory, implying that non-payment will result in the removal of your website from the directory and thereby cause its disappearance from Google search results. It is amazing how many people panic, do not read the fine print, and turn over what is typically about $300.00 — as well as their credit card information — to these thieves.

In other instances, the SEO scammers get really nervy and ask you for control panel or FTP (file transfer protocol) access to your website, or ask for WordPress account access credentials, so they can go in there to “fix” things. Do NOT under any circumstances give anybody other than your webmaster this level of access. If you ask them to provide you with the recommendations that you might provide to your current webmaster, they will probably hang up and move on to their next call, hoping to find somebody more naïve. In other instances, they might send you an auto-generated report that could look confusingly impressive if you are your own webmaster, although any competent webmaster will recognize the report as inconsequential bunk. In rare instances, particularly if you built your own website or hired a local tinkerer to build your site, there might be some serious errors and oversights that are in fact impeding your site’s SEO and that should be corrected. Would you like somebody working on behalf of a nearby campground entering your park and handing out sales literature to your campers, attempting to persuade them to camp at their park instead of yours? Think about it. If you have a relationship with your webmaster that is based upon trust in that person’s or company’s competence, there is no reason to panic. Anybody can find minor shortcomings and areas for improvement in another person’s work, but those are rarely of a degree that impacts a site’s search engine ranking. More often than not, the “problem” is impatience and unrealistic expectations on the part of the business owner. Going back to my fictitious campground in central Oklahoma (fictitiously located in Enid), an expectation to appear at the top of the search results for “campgrounds in Oklahoma” is unrealistic. When searching for such a broad term, it only makes sense that the results will feature broad resources such as Oklahoma Tourism & Recreation, KOA, Jellystone Parks, and Good Sam. It is somewhat more realistic to expect to appear in searches for “campgrounds in Garfield County OK”, and much more realistic to expect to appear in searches for “campgrounds near Enid Oklahoma”. Guess what? The most important factor behind appearing in “near me” searches is to claim and maintain your Google Business Profile, which is something that you, not your webmaster, should be doing. Needless to say, the paid “SEO experts” will never offer you such simple and useful advice.

This post was written by Peter Pelland

The Latest Scams: Be Alert, Don’t Get Hurt

January 20th, 2023

Sometimes I think that the Internet was invented by P.T. Barnum, the circus promoter and showman from New Haven, Connecticut. A century and a half after his heyday, modern-day hucksters seem intent on capitalizing upon the phrase “there’s a sucker born every minute” that is commonly attributed to the great Barnum. So-called phishing scams arriving via email are becoming more prevalent than ever. Phishing is an attempt to steal personal information or hack online accounts through the use of deception. Some are easy to spot, while others are more sophisticated in appearance and subsequently more difficult to detect. The people behind these schemes prey upon our fears and try to convey a sense of urgency to their bogus messages. My main words of advice are to step back, take a deep breath, and avoid the urge to panic.

Learn to detect and comfortably ignore the lion’s share of these scams by using an effective spam blocker on your email accounts. When a few slip past the filters and appear in your inbox, take a close look. Learn to hover and not to click. Is the actual sending address what it appears to be? One of the latest phishing scams to be making the rounds is the “Best Buy / Geek Squad Service Renewal” invoice. I will refer to three specific emails below, all alleging to be sent from Geek Squad (or in one instance “Geeks Squad Inc.). The first came from edfg0823@gmail.com, the second indicated that it came from messenger@messaging.squareup.com (and included an option for payment through Square), with a 160-character cryptic reply-to address, and the third came from dayaguena@gmail.com.

Although it is easy to attach any corporate logo to an email, in an effort to make the message appear to be authentic, would that familiar company really send out a message with spelling mistakes and sloppy formatting? Just because a message implies that your bank account, credit card, or PayPal account has been charged for a product or service that you never ordered does NOT mean that the sender actually has access to your account. What they are generally hoping is that you will fall for their scheme, want that alleged charge to be reversed, and unwittingly provide them with your account information in order to confirm the “refund”. By doing so, you will have then provided the scammer with the means to run up fraudulent charges on your account far in excess of the bogus charge that caught your attention.

The perpetrators behind the “Best Buy / Geek Squad Service Renewal” scams could possibly have access to Best Buy customer emails harvested during a 2017 data breach that exploited a vulnerability in the company’s online chat software; however, it is more likely that the senders use random email accounts under the presumption that a significant percentage of recipients will be recent or past Best Buy customers. (They could also be pretending to represent Walmart, Costco, Target, or any other well-known brand with an extensive customer base.) I have received several of these emails recently. One lists an “Order ID”, “Product Code”, and renewal fee of $417.00 that is ready to be charged to my account, telling me that “YOUR SERVICE HAS BEEN RENEWED”. The email (which consisted of a JPEG image) also reads, “According to our contact with you. Your plan will be auto renewed with in 24hrs and you will be charged $417.00”. The punctuation errors alone in that message should raise several red flags. Of course, they are hoping that I will call the “Customer Support Team” using the toll-free number included.

Another alleged “Geek Squad Subscription Renewal” was convincingly professional in its appearance, including a PDF invoice for a “Geek Squad Advanced Protection – Annual Plan” renewal at $229.99. It claimed that my “account” had just been charged, and included a toll-free number to call “if you want to cancel the Renewal and claim the refund.” The telltale signs on this invoice were the salutation of “Dear Dear”, my name listed as “Dear Customer”, and a random return address that is a residential home in Mississippi according to Google Maps. A third email followed the same modus operandi, had my name as “Existing User”, a random return address in a residential neighborhood of Brooklyn, and an alleged renewal fee of $299.87 for 3 years and up to 5 devices (the best deal yet.) It, of course, included a toll-free phone number “in case you wish to stop this transaction or stop auto-renewal”.

In the first two of these three instances, the toll-free numbers (which I called from a randomized phone number) were already disabled. The perpetrators hope that recipients will panic and call them immediately while their temporary phone numbers are still enabled. The third number was busy with other callers and asked me to leave a return phone number. Of course, they will then ask for a credit card or other account number in order to process the alleged “refund”.

Fight Back!

First of all, pay close attention to unsafe content warnings in your email software. Then never respond to requests for your private information, beware of messages that convey a sense of urgency, and never click on unknown links. If you are one of the millions of people who use Gmail as your email service provider, you can report a phishing email that may have made its way to the inbox on your computer by opening the message, clicking on the three vertical dots next to the “Reply” icon, then clicking on “Report phishing.” If a phishing email asks you to make a payment via PayPal, forward the entire email to phishing@paypal.com.

You may also forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. This organization includes ISPs, banks, online security companies, and law enforcement agencies. You can also report phishing attempts to the Federal Trade Commission at https://reportfraud.ftc.gov/. In the event that you have actually been a victim of a phishing scam, first contact your bank or credit card company, where you will probably want to change passwords and cancel your credit card. Then file a report with the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/. In most instances, you may also file a complaint with the office of your state attorney general. Nobody likes being a victim of what is essentially online crime, but it is good to know how to protect yourself and how to take responsive measures when necessary.

This post was written by Peter Pelland

Don’t Get Caught by the US Domain Authority Scam!

September 27th, 2021

It has been nearly a decade since I wrote about a scam that was circulating by a company that called itself Domain Registry of America. Their modus operandi was to send out bulk mailings to domain name registrants like you and me, after harvesting our names, addresses, and domain names from public registry records. The letters looked official, exploiting the American flag and warning that you were ready to lose your domain name unless you took immediate action by paying them a “renewal” fee. Many people failed to read the fine print, panicked, and paid the fees. In other instances, company accountants handled accounts payable, failed to recognize the scam, and paid the fees – always without reading the fine print. If 1 or 2% of the people who received these solicitations panicked and made payments, these thieves made an absolute fortune

The fine print was buried at the bottom or on a second page of the letter, had nothing to do with protecting your rights, and had everything to do with protecting the interests of the perpetrators. Basically, the fine print said that this was not an invoice, that it was a solicitation for goods or services, and that by paying the fee you were authorizing your domain name registration to be transferred to Domain Registry of America. You paid the nonrefundable fee, whether or not the company was successful at transferring your domain name registration away from its current registrar. If you have wisely locked your domain, which would prevent its transfer, you would have nonetheless lost the fee that you had paid. Should you realize your error after the fact and demand a refund, or ask your credit card provider to charge back the fee, Domain Registry of America would be willing to sell your domain name back to you for an added fee of $200.00. Additional fine print stipulated that, if you attempted to sue them, you would be responsible for payment of all of their legal expenses.

The parent company was Brandon Gray Internet Services (dba NameJuice.com). Though the letters from Domain Registry of America had a return address in Buffalo, New York, the company’s offices were actually located over the border in Markham, Ontario. The scam was so successful that there were international variations such as Domain Registry of Australia, Domain Registry of Canada, Domain Registry of Europe, Domain Renewal Group, and Liberty Names of America (where the letters would exploit the Statue of Liberty instead of the American flag.) In December of 2003, a United States District Court order on behalf of the Federal Trade Commission prohibited Domain Registry of America from engaging in these practices, but that failed to stop them. Today, the NameJuice.com website is still live, hosted on the company’s own servers, and the DROA.com website of Domain Registry of America now opens a suspiciously similar site that is operating under the Domain Registry Services name.

Very similar scams (often involving email rather than more expensive bulk mail) include one where the recipient is warned as some sort of “courtesy” that somebody has inquired into registering the .CN, .HK or .TW (the country codes for the People’s Republic of China, Hong Kong and Taiwan, respectively) version of your domain name and thereby jeopardizing your online presence. They then offer to sell you these versions of your domain name, along with a laundry list of other worthless variations – for an annual fee. First of all, unless your business has an internationally recognized brand name – such as Microsoft – nobody is interested in wasting money registering alternate versions of your .COM domain name, nobody has inquired about doing so, nobody would legitimately warn you, and these thieves are looking out for nothing but your money and your credit card number.

Another similar scam is the yet another that looks like a domain name registration renewal invoice, also preying upon the common fear of losing one’s domain name. It is actually a “warning” that some sort of non-existent SEO (search engine optimization) services are ready to expire, which will result in Google dropping your website from its search engine listings. One that is currently making the rounds comes in the mail and says it is from a company called United States Domain Authority, operating out of a post office box in North Carolina. The letters look both official and urgent, and they once again exploit the American flag to add to their credibility among the naïve. The “notice” says that it is for an “Annual Website Domain Listing” at an annual price of $289.00. Basically, you would be paying this fee for an essentially worthless listing on its own usdomainauthority.com website. The fine print reads that “This website listing offer is provided to leading websites throughout the United States to enhance their Website exposure and expose them to new customers through our directory. We are not a domain registrar and we do not Register or Renew Domain Names.” It continues, “THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE UNLESS YOU ACCEPT THIS OFFER.” The company is covering the legal requirements, though ethics, decency, and honesty are tossed aside. Fortunately for them, many people do not take the time to read.

This mailing from United States Domain Authority encourages payments by return mail or credit card online, asking that checks be made payable to “Domain Authority”. It lists a Web address of usdomainauthority.com, a domain name that was registered with GoDaddy on March 12, 2021. In other words, this outfit is selling $289.00 directory listings on a website that has barely been in existence long enough to be recognized itself.

Why do you get these letters, emails, and junk faxes? Simply put, because there are thieves in this world. When you register a domain name, your contact information is publicly accessible unless you pay for a so-called “private registration” … an additional $5.00 or $10.00 annual fee with most registrars. If you are capable of detecting scams, save that annual fee and let these people waste their money on postage; otherwise, you may want to pay for a private registration, where your contact information cannot be readily harvested. It is also important to always keep your domain name registration in “locked” status until such time as you might want to voluntarily transfer to another registrar. Most importantly, if you receive one of these solicitations, rather than just throwing it away, try to do your part to help put these people out of business by forwarding a copy of the correspondence to the U.S. Federal Trade Commission and the office of your state attorney general. There have been instances in the past where several state attorneys general have banded together and have gone after people like this.

Now if we could only stop the TV commercials with Joe Namath selling Medicare supplements, Pat Boone selling walk-in bathtubs, and Marie Osmond selling weight-loss products …

This post was written by Peter Pelland

Beware the “Sextortion” Scam: A New Form of Cybercrime Making the Rounds

October 28th, 2018

Most people realize that the ultimate in cyberwarfare would be for one country to take down the power grid, telecommunications network, financial industry, or military and defense networks of a foe country. There is no doubt that the United States, Russia, China and other countries maintain this capability but wisely withhold use of this “nuclear option” in cyberwarfare, although there have been instances where the waters have clearly been tested. As has been recently demonstrated, cyberwarfare tends to take a much more subtle and individualized approach, exploiting weaknesses in things like social networks and ballot tabulations. The same sort of approach, where individuals are targeted, is generally practiced in cybercrime, the aggressive bully that is the awkward little stepbrother of cyberwarfare.

Cybercrime takes a variety of forms but generally targets either individuals or individual companies. Small businesses, where there is often only a subtle distinction between a business and its owners, can be particularly vulnerable. In most instances, the criminal activity exploits vulnerabilities in the security practices of the target. These vulnerabilities include the failure to apply software patches and updates, unsecure office practices, and the use of weak, old, and/or repetitive passwords. The results include the easy entry of computer viruses and malware that can turn a computer into a bot on a criminal network or install ransomware that will hold a computer and its files hostage. The same vulnerabilities lead to the proliferation of phishing attempts and other email and telephone scams where the senders or callers impersonate trusted companies in an attempt to obtain passwords, secure information like social security numbers, your credit card numbers, or remote access to your computer.

One of the latest trends in cybercrime exploits a combination of known hacks and personal fears and anxieties. As most of us know, there have been a number of major websites that have been hacked in recent years, some instances more widely publicized than others. The ultimate victims are the individuals whose personal data has been breached and compromised. The term “pwned” originated in early online gaming as a typographical error in the word “owned”. If you have been “pwned”, it means that your personal information is now “owned” by others. To see if your personal data has been “pwned”, visit the “Have I Been Pwned?” website and enter your email address. At the time of this writing, there are 296 websites that have been “pwned” with over 5 billion accounts compromised. Some of the websites that have been hacked include Adobe, Ancestry, Avast, Comcast, Dropbox, Exactis, Experian, Forbes, Kickstarter, LinkedIn, MySpace, River City Media, Snapchat, Ticketfly, tumblr, and Yahoo. This list includes websites that you have probably used, and in all likelihood, your personal information has almost certainly been hacked. In my own instance, my email address has been compromised in 10 of these major hacks, most recently the Exactis hack in June 2018. That recent hack disclosed credit status information, dates of birth, email addresses, income levels, marital statuses, names, phone numbers, physical addresses, and much more from 340 million personal data records.

Stolen passwords are then readily exchanged, sold, or even made freely available on a number of forums and so-called “pastes”, utilized by cybercriminals who are well aware of the human tendency to reuse usernames (many simply the users’ email addresses themselves) and passwords across a variety of websites. Security breaches like the Yahoo and Dropbox hacks go back to 2012. Although savvy Internet users will have changed their passwords on those sites long since then, if those same passwords were used on other websites, the vulnerability remains. More recent hacks will expose passwords that are currently in use, demonstrating a strong argument in favor of changing passwords on a regular basis.

With this combined background information in mind, you will understand how I felt both alarmed and violated when I received an email one evening back in July that made it past the Gmail spam filter. The subject line included a username and password combination that I frequently used 10 or 15 years ago, indicating that somebody had gained access to my personal information, even though it no longer represented valid credentials. The email had successfully caught my attention and, at first glance, seemed like there could be cause for concern. It went on to allege that a visit to pornographic websites led to the installation of remote access and keyboard logging software on my computer that gave the hacker complete access to my email and social media address lists, as well as my computer’s microphone and camera. Cutting to the chase, the sender was threatening to send a compiled split-screen video of the sites I had visited, along with my “interactions” with those sites, to my friends and family members as allegedly compiled from access to my computer. The only way to prevent this from happening was to pay $3,200.00 in Bitcoin (a cryptocurrency that is popular with online thieves) using a key that was provided.

The facts that I do not spend my time visiting pornographic websites, do not have either a camera or microphone installed on my computer, would immediately know if somebody had remote access to my computer, my passwords are highly secure, and Trend Micro Maximum Security software shows that my computer is free of any malware, spyware or viruses, still left me feeling personally violated. The following morning, I spoke with an agent at the Federal Bureau of Investigation’s Boston field office who told me that this extortion scam had been circulating quite widely throughout the month of July 2018. (In fact, I found a variation in my spam folder a couple days later, with this second thief only seeking $250.00 in Bitcoin.) The agent also told me that there were people who reported receiving variations that were sent through the mail. I also have friends and clients who told me that they have received the same sort of email during the same time period and as recently as last week. I went on to file an online complaint with the FBI’s Internet Crime Complaint Center, commonly referred to as the IC3. There is also a page on the Krebs on Security website that outlines the “Sextortion” scam and currently includes nearly 1,000 comments from people like me who have received the emails and are trying to warn others from falling victim.

The lessons to be learned are to:

  • Be aware that your personal information has been stolen, probably on multiple occasions.
  • Your personal information can be used in extortion attempts.
  • Minimize vulnerabilities on your computer and run up-to-date security software.
  • Never trust any email that sets a deadline or seeks payment in cryptocurrency.
  • Never make an extortion or ransom payment.
  • Notify legal authorities if you are a victim.

It is challenging enough running a small business these days. Nobody needs to waste time, worries, or money with the perpetrators of online scams, who are going to continue to evolve into using more creative and credible formats.

This post was written by Peter Pelland

Red Flag Emails

October 15th, 2018

An email that recently made the rounds among campground owners encouraged them to “renew” their advertising on the Go RV Park website. In instances that were called to my attention, Maryland campground owners were provided a link to a page where they could see their advertising located, along with a $49.00 renewal price. The email also stated that the website had “acquired the Maryland Campground and RV Park Directory Inc. and SW Publications Nationwide.” At first glance, $49.00 sounds like a good deal, and the fact that your park (and every other park whose data has been harvested) is already listed makes the “renewal” make sense.

Take a second glance before reaching for your wallet. The “Maryland Campground and RV Park Directory Inc.” does not exist to my knowledge, although it sounds both legitimate and oddly similar to the directory of the Maryland Association of Campgrounds. Then, “SW Publications Nationwide” is another company that appears to be both nonexistent but very similar to “Southeast Publications”, a well-recognized vendor within the campground industry. Many of us tend to miss the little details, and many people who read “SW Publications” mistakenly interpreted that as “Southeast Publications”. Finally, the GoRVPark.com website sounds confusingly similar to the GoRVing.com website that is a partnership of the RVIA, the RVDA, and National ARVC.

In addition to your own listing and compiled listings of every other campground, the website features banner ads for industry giants that include KOA, ELS, Good Sam, Bass Pro Shops, and Walt Disney World’s Fort Wilderness Campground. This certainly suggests legitimacy, but who says that any of those businesses paid for, authorized, or might even be aware of their ad space (at least until now)?

Back to the $49.00 “renewal” price, that would truly appear to be a bargain. The company’s website offers a $149.00 advertising fee and says that “This $149.00 yearly price is for a LIMITED time only. RV Parks, Campgrounds & RV Resorts who sign up NOW will NEVER be subject to the regular annual cost of $499.00 per year.” Interestingly enough, this exact wording appears on the earliest appearance of the website on the Internet Archive, when it was apparently launched in 2010. How can this possibly be a “LIMITED time” offer? To further suggest its authenticity, the website claims that “Go RV Park is the #1 Google ranked portal and intuitive network of websites for RV information.” Beyond the fact that this gobbledygook is total nonsense, a Google search for “RV information” shows the website totally missing in action, at least on the first 10 pages of search results.

Fortunately, the assessment that I provided to the Maryland Association of Campgrounds was shared with its membership as well as National ARVC, which issued a press release warning members to read their emails carefully before responding to this type of offer.

Another type of email that is not specific to the campground industry but seems to continually make the rounds are the ones that scare recipients into believing that their domain names are ready to expire and need to be renewed immediately. Only the fine print (which many people either skim or do not read) explains that the senders are not domain name registrars but are selling highly suspect “traffic generator software tools”, implying that failure to pay for the “search engine optimization service by the expiration date, may result in the cancellation of this search engine optimization domain name notification notice.” (Don’t think for a minute that anything you do will stop these email notices!) Along with a number of payment links and the recommendation to “Act immediately”, the recipient will typically misread the words “Failure to complete your SEO domain name registration search engine optimization service process may make it difficult for customers to find you on the web.” This statement means absolutely nothing, but many people think that their domain name registration is ready to expire, or that their listing on Google is ready to suddenly disappear, and pay the fee (typically $84.00 or $86.00) before they realize their mistake. Fortunately, most reputable email service providers (such as Gmail) send these solicitations into spam folders.

Another email scam is the one that sells compiled email lists. They usually state that the lists are “opt-in verified, 100% permission based and can be used for unlimited multi-channel marketing.” One that I recently received began with the words, “Greetings of the day! Would you be interested in acquiring an email list of ‘RV Owners List’ from USA? (sic)” Another that came in within the last 48 hours offered “100K Email Marketing only for $160 USD, regular price $360 USD” or “900+ Million World Wide Email List only for $75 USD, Regular Price is $450 USD (sic).” Unless you like receiving spam yourself, want to get your email account closed, want to have an email marketing account terminated, and want to be reviled by most recipients, do not even think of buying or using a compiled list. Again, most of these solicitations end up on spam folders themselves.

Confusion over email scams like these is quite valid, as evidenced by the dozens of emails that clients have forwarded to me, wondering whether or not the emails are legitimate. Scammers like these profit tremendously if only a small percentage of recipients fall for the bait, and knowledge like this is your best defense against becoming victimized.

This post was written by Peter Pelland

There Is a Test for That!

June 14th, 2017

Here in my home state of Massachusetts, a problem in recent years involved elementary schools (already considered to be among the best in the country) that were concentrating too much effort on teaching students to pass the Massachusetts Comprehensive Assessment Test, commonly known as MCAS. More recently replaced by newer testing that is in line with the national Common Core Standards that have been adopted by most states, the problem with MCAS was that teachers had to devote far too much classroom time teaching students to score highly on tests rather than actually learning. I am not a teacher, but is seems to me that it is more important for students to learn effectively than to be taught to pass tests with the highest possible scores.

A similar issue takes place when companies that market their website services run bot-based tests that present audits of potential website errors, warnings and load speeds. There is no question that it is important to have a site that renders properly and loads quickly across a full range of browsers and devices; however, all speed tests have their limitations. To run an automated test that purports to present the final word on the quality of a website and the experience that it offers to visitors is a flawed concept at best and a competitive potshot at worst.

No bot can effectively measure the quality of the end-user experience because that is an inherently subjective process. There is a tradeoff between a site that is visually exciting and a site that loads instantly, and many of the “errors” that bots identify account for mere milliseconds in the scope of initial overall page load times. A site that consists of nothing but text will usually run a perfect score, but how many reservations do you think such a site might generate for a campground or outdoor resort? My advice is to avoid falling for the bait, particularly when it is offered by companies that fall short themselves when it comes to overall quality and integrity of design – factors that directly influence human-based decisions rather than bot-based tests.

Let me offer an analogy that relates to the family camping industry. Many parks have begun offering one of the many “wine and paint” sessions that have become popular in recent years. They all follow a similar formula, where an artist whose career has never caught fire leads a session where attendees drink just enough wine to encourage their creativity but not so much wine that they can’t find the end of the paintbrush with the bristles. The idea is for everybody to copy the painting that the session leader paints. The order of the day is uniformity, a lack of originality, and the building of self-esteem. If Pablo Picasso was still alive and attended one of these sessions, his work would be the laugh of the evening.

When it comes to websites, the single most important consideration is whether or not a site is mobile-friendly. A site that is not optimized for display on mobile devices – particularly smartphones – presents an impediment to the end-user experience. What is most important is how long it takes before a user is able to read and navigate your site. Whether some images might take a few seconds to load is not an impediment to that experience.

If you are wondering whether your website is up to par, ask for a human, personalized evaluation of its strengths and weaknesses. That will take some time and effort to prepare, but it will offer results that are based upon the actual experiences of human end-users, not the bots that will never contact you to make a reservation for Site 127 for the second week of August.

Times change, along with the ways that websites are viewed and the algorithms that determine how they are ranked in search results. The one thing that is consistent is the importance of working with a knowledgeable and reliable company with a trusted track record to stay on top of things and to represent the best interests of your company.

This post was written by Peter Pelland

It’s Never Too Late to Start Guarding Your Privacy

May 10th, 2017

I logged onto Facebook this morning, and I was immediately presented with a sponsored display ad hawking a t-shirt design that read, “Never underestimate an Old Man who listens to Neil Young and was born in September.” If I was naïve, I would see that ad and think, “Wow! This is my perfect t-shirt”, then order one. In the short time in which this ad has been displayed, it has been “liked” by 480 people, shared by 182 people (multiplying its reach at no charge to the advertiser), and has received 61 comments. Every one of those comments is from a man who confirms that he was born in September (usually adding a year from the 1950’s or 1960’s) and wants one of the shirts.


Man-NeilYoung-September-FacebookAd

Is the fact that I was shown this advertising a coincidence? No way! It is custom-tailored to my identity. If I went to the order page and modified the URL, I could display any of a number of t-shirt designs based upon:

  • The name of the performer.
  • The birth month.
  • Whether I was a man or a woman.

Here is an example:

Woman-Bob-Dylan-August-FacebookAd

To make the ad even more effective, the ordering page includes a countdown clock to create a false sense of urgency:

Ordering-Urgency-FacebookAd

Depending upon how you view it, being presented these ads is either a brilliant use of Facebook’s marketing potential or an egregious violation of the personal privacy of Facebook users. In this case, I was being shown advertising that was based upon the disclosure of my gender, age, month of birth, and taste in music … all information that I had either voluntarily or unwittingly published on Facebook for either my friends or the world to see.

Yesterday, I was presented with another variation of the ad, based upon the fact that I drive a Jaguar … another fact that I had disclosed on Facebook. Now, I can also order a coffee mug! I am sure that I could modify the URL on the ordering page to change the design to show the name and logo of just about any car company. (On a side note, I have to wonder if these performers and companies are being paid royalties by the t-shirt company for use of their trademarks.)

Man-Jaguar-September-FacebookAd

You may think that this is all innocent, fun, and the price we pay for the otherwise free use of social media apps like Facebook, but there is more involved. I don’t know how many times I have seen friends on Facebook post a complete set of answers to 50 personal questions such as the name of their elementary school, their first phone number, name of their eldest sibling, and so forth. Whenever I see this being treated as a harmless and fun exercise, I cannot help but ask myself, “Are you insane?” If any of these questions and answers seems familiar, it is because they are among the same ones that are used as security tests on your online banking or an e-commerce site when you reset a password. Yes, the name of your first pet can lead to the theft of your identity!

You may have seen the recent news about the “Google Docs” phishing scam that proliferated in e-mails on May 4, 2017, said to be the most effective e-mail worm since the “I Love You” virus that caused havoc back in 2000. The scam was effective because it looked legitimate (it is so easy to copy the appearance of a legitimate website!), came from somebody you knew (rather than some random name chosen by a hacker in Belarus), and was spread through the type of shared online document that we have come to accept as routine. Even cautious recipients who would never open an e-mail attachment from a stranger thought that it was safe to download the same sort of document that appeared to have been shared via a cloud service by a known sender. All of these scams, whether relatively harmless or downright nefarious, play upon the human willingness to trust those with access to our personal information.

At the moment, leading into Mother’s Day 2017, there are several gift card scams that are proliferating on Facebook almost faster than they can be identified and taken down. One purports to offer a $50.00 coupon for use at Lowe’s home improvement stores in exchange for taking a short survey, in which you will be disclosing a wealth of personal information. Another purports to offer a $75.00 coupon to Bed Bath & Beyond, the same sort of scam that attempts to gather your personal information for exploitation later.

As I have said in the title of this article, it is never too late to start guarding your privacy. In fact, today is the best day to begin!

This post was written by Peter Pelland

All Links Are Good … or Are They?

April 4th, 2016

One of my clients recently contacted me, concerned that his New Hampshire campground was listed without his prior knowledge or authorization on several websites that purported to be online campground directories. He discovered this when one of the sites contacted him on behalf of a camper who wanted to make a reservation to stay at his park and another contacted him to “claim” his listing. At first glance, these would appear to be good things, wouldn’t they? Any resource that is sending you business is generally welcome to do so. After all, your campground is probably sent online traffic from a variety of referring sites – everything from Go Camping America to your state association website to Good Sam to your local tourism association.

In the instances that my client described, something just didn’t seem right.

Over the years, a number of websites have sprouted up that are essentially directories of local businesses. Many of these have evolved from so-called “yellow pages” companies, and their business model is to persuade gullible business owners to pay for enhanced listings. In my own instance, about a third of these local directories lists my company’s street address correctly, but then locates us in the next town. Another third list our fax number as our phone number. Do I care? Not really, because these sites get close to zero traffic, and they have little if any effect – either positive or negative – upon the SEO of my company’s official website. These websites are working with compiled data, obviously harvested from unreliable sources.

The sites that my client described were an entirely new breed. Also based upon compiled data, their business plans are no longer focused upon selling enhanced listings but in providing reservation services where they collect referral or transaction fees. These can be problematic indeed. My client has gone through a fairly labor-intensive process of getting his business de-listed from several of these sites. The more that I looked into them, the better my understanding of how my client’s instincts were probably right on target.

Campground reservations are accurately perceived as a multi-billion dollar business, and companies that would like a piece of the action are suddenly coming out of the woodwork. Funded with infusions of venture capital, the focus is on generating income from the collection of processing fees on those reservations, either in real-time (with campgrounds that get on board) or with the type of delayed booking that initially caught my client’s attention. One such site posts that it “anticipates” use by 1 million campers per month, even though it does not currently show up as even a blip on the radar at Alexa, the leading provider of comparative website traffic analytics.

What is the problem with these sites? Well, first of all there is a problem with compiled data. How often is the data updated and how accurate is the initial source? (Think back to those local sites that list my business in the wrong town or with our fax number as our primary phone number, where incorrect data tends to perpetuate itself.) On one of these sites that my client called to my attention, I perused the campgrounds listed in my home state of Massachusetts. I am intimately familiar with the industry players in my home state, and I found fictitious listings, listings for municipal parks that have nothing to do with camping, listings for campgrounds that have been out of business for several years, and listings for summer camps.

The second problem is the potential for these sites to compete with your own official website and your own chosen online reservation engine, a situation that can only serve to confuse consumers and that could inflict harm upon your business. I know that I do not want any other company representing my business, and I would be feverishly protective against any threats to my company’s unique online identity. Particularly if pricing (that may or may not be accurate) or reservations enter into the equation, the potential for problems is very real.

Thirdly, if you choose to get on board, be sure to read the fine print. The “Terms of Service” listed on one of these websites, when copied and pasted into a Word document, consisted of over 20,000 words that ran 42 pages in length. That’s a far cry from the old-fashioned handshake agreement of years past and probably reason to proceed with caution.

Keep in mind that any online directories or search engines built upon compiled data (even Google itself!) need businesses like yours as much as you need them. Without listing real businesses that consumers are seeking, they have no product to offer. It is your decision whether or not to get on board with any particular website. Understand the potential risks and benefits, and then make a decision based upon what is best for your business and how it can most effectively meet the needs and expectations of its core clientele.

This post was written by Peter Pelland

If a Contest on Facebook Sounds Too Good to be True …

September 2nd, 2015

You probably know how that sentence ends. If something sounds too good to be true, it probably is too good to be true. In this case, there have been a number of hoaxes that have circulated on Facebook, and it is amazing how many thousands of people unwittingly think these “contests” are authentic before the pages get reported and eventually get taken down.

Over the weekend, one of my friends on Facebook shared a link and commented how she hoped she would be one of the lucky monthly winners of $5,000.00 in travel money being given away by Qantas Airlines. The page looked very authentic but I immediately detected a scam. The page had relatively few posts for a big corporation, all of which dealt with the contest, and I noticed that it had a total of only 14,190 “likes”. That low number of likes is a dead giveaway that you are not at a legitimate page. A quick search brought me to the real Qantas page, with 715,496 likes and, of course, no such contest.

It turns out that this is not the first time that Qantas has had to deal with the public relations nightmare that can result when people think that a business is somehow responsible for a scam in disguise. In an earlier instance this year, a fake page announced that the airline would be offering free upgrades to first class for all passengers through the end of 2015. That bogus page accumulated some 130,000 likes and over 150,000 shares in the first 24 hours of its existence. Yes, people can be very naïve.

Another friend not long ago shared a link to another Facebook page that captured his excitement. It alleged to be Chevrolet and was encouraging people to enter a contest to win a free Chevy Camaro. I noticed that all of its posts involved the fake contest, most extending the entry deadline in order to get more people to “enter”. Once again, I noticed that the page had relatively few “likes”, and I provided my friend with a link to the real Chevrolet Camaro page on Facebook, not surprisingly with 4,407,269 likes as of this writing. Until somebody reports a page that mimics the identity of a legitimate page and violates its legal trademark, scams like this will perpetuate indefinitely.

One way to quickly confirm the authenticity of a Facebook page is to look for the blue checkmark icon next to the page’s name, confirming that the page of a global brand or business, celebrity or public figure, or media outlet has been verified to be legitimate. Unfortunately, Facebook does not offer this authentication option to small businesses like yours and mine.

If you encounter one of these fake pages, you may be wondering why somebody has taken the time to create it. Typically, the pages are built by individuals who are engaged in the practice of “like farming”, hoping that their page will not be reported and taken down before they will be able to increase its value and profit from it in a black market engaged in the buying and selling of this type of content. Visitors to these pages are usually encouraged to “like” and “share” the pages, whether the incentive is a bogus contest, a chain letter, or simply a photo of a cute puppy or kitten. If a page has more “likes”, it will sell for more money to subsequent scammers who can then engage in more nefarious cons. Many of those are engaged in the collection of personal information that only begins with e-mail addresses and Facebook profiles but could very well end in full scale identity theft.

We all know people who have gotten their personal profiles compromised on Facebook. It can be a nightmare, but for a business, this type of violation can be far more damaging. As a business owner yourself, probably with a Facebook page of its own, you need to be vigilant about protecting your company’s online identity. There can be very real costs in crisis communications and the loss of consumer confidence in your brand. Back in 2012, another airline – Jetstar – suffered tremendous corporate damage when a scammer set up a bogus Facebook page and began posting highly offensive responses to customers posting questions to what they thought was its official page. Instances like this are nothing less than corporate sabotage.

Thinking hypothetically, what would be the direct – and indirect – impact of hundreds or thousands of people being led to believe that you were giving away free merchandise to anybody who showed up at your business next Saturday? It has been sometimes said that all publicity is good publicity, but it does not take much imagination to realize that this adage can be far from true.

Sadly, it is extremely easy to build an official-looking page with very little skill or talent. A con artist copies and pastes a few graphics and trademarks, registers a deceptively similar page name, then posts something that sounds so good to the unwitting that it goes viral faster than it can be taken down. If your business ever finds itself in this unenviable situation, it is imperative that you immediately report the bogus site and that no time is wasted before engaging in damage control and exposing the hoax as broadly as possible.

This post was written by Peter Pelland

Beware of Some of the Latest Scams

August 17th, 2015

I always try to do my best to warn readers to avoid getting entrapped by any of the wide range of scams that are prevalent today. We read about them in the newspaper and hear about them on the TV news, but most of us think that they could “never happen to me”, that they only victimize the elderly or people of lesser intelligence. Guess what? Scam operators are good at what they do, and they are getting better all the time.

The way that scams succeed is by being as believable as possible. People fall for the house rentals on Craigslist because the houses are actually there at the addresses listed. They are simply not available for rent, and they are not owned by the crooks who want to collect the first and last months’ rent and security deposits. As people become more aware of the scams, the scammers do a bit more research and become more creative in order to increase their odds of finding their mark.

419 Scams

I recently received a half dozen e-mails from a “woman” who expressed an interest in having a website built, a project that at first glance appeared to be a perfect fit for my company. One of “Jennifer’s” first questions was whether we accepted credit cards. (Had my answer been “no”, I am sure that would have been the end of the e-mails.) The scammer claimed to be based in South Carolina, had an established business importing specialty agricultural products from South America, had a “project consultant” who would be providing us with a logo and text, had a very generous budget, and was very anxious to get the project underway. What was vague was the actual identity of the business and her credentials, other than a fictitious business name.

When my searches for both “Jennifer Mark” and “DW Fresh” came up empty on Google, Manta, LinkedIn, and other online resources, I explained that we would need to review a full credit application and be paid a substantial deposit before any work could commence. Then came the kicker: The scammer offered to roughly double the required deposit, but needed me to do her a “favour” by paying her “project consultant” a $2,800.00 cash payment so that he would release the creative materials while she was “presently in the hospital for surgery”. In other words, I was supposed to accept a $6,500.00 deposit (most assuredly on a stolen credit card), then pay the scammer nearly half of that, with the funds gone from my account before the charge was declined due to the card being identified as stolen.

This type of advance fee fraud is what is generally referred to as a “419 scam”, based upon the section of the Nigerian penal code that addresses fraud schemes. It can involve letters, faxes or e-mails, and – as I have just demonstrated – it has gotten very creative, not necessarily involving extremely large sums of money or trips to Nigeria. What they all have in common is some sort of advance fee. If you run a campground, you could be contacted by somebody who wanted to reserve a block of 100 sites during your off season. That would be welcome income, but curb your excitement unless all of your questions are answered to your satisfaction and there is no suggestion of funds flowing in the opposite direction for any reason.

Officer Ray Fleck

Another scam that has been making the rounds lately has been a robocall from “Officer Ray Fleck”, allegedly working in the audit division of the Internal Revenue Service. I have received these calls. The caller, in a very brash and threatening voice, claims that the Internal Revenue Service is filing suit against you, and that it is imperative that you return the call to make a credit card payment that will satisfy your alleged tax obligations and prevent the filing of suit in your local court. Needless to say, the IRS does not employ a force of thugs who call citizens and demand their credit card numbers, but some people are easily intimidated, making this scam highly successful for its perpetrators.

Windows Service Center

Finally, the “Windows Service Center” scams are still alive and kicking. The callers – usually with heavy accents – claim that they are calling from Microsoft. They are hoping to reach people who have little technical experience and who are coincidentally experiencing some sort of problem with their computers. I received such a call from a person who identified himself as “Jim Sparkle”, and who said that he had been “monitoring my computer” and found that it had a “major problem”. He said that he was “doing his duty” because my computer was “ready to crash down at any time”.

What these scammers want is not only your credit card number but also remote access to your computer, allowing them to install spyware and steal sensitive information. They have various “service plans” that will solve your computer problems, of course suggesting the “lifetime” service plan which was, in my case, discounted to $299.00 and would cover any computer that I ever owned over the course of my lifetime. If you receive one of these calls and have some time to spare, act dumb, and string the caller along a bit (which can admittedly be a bit of fun). You will typically learn at the end of the call that people in other countries have an extensive vocabulary of English language profanities.

The point is that you need to remain vigilant and cautious whenever you are contacted under circumstances that just don’t feel quite right. If you receive an unsolicited contact by anybody who asks you for a credit card number, it is time to end the conversation and continue with business as usual. Scams will always be with us, but with a healthy dose of skepticism, you can prevent yourself from becoming a victim.

This post was written by Peter Pelland