Beware online scammers

Beware online scammers

Watch an animated video of this article

Stay safe from scammers this Christmas season (and always, actually!) by getting to know their most common scams. This advice comes from Amazon, but it applies to all online sales and shopping of course.

They ARE out there and you ARE going to come into contact with them. If you’re reading this, then you’re online and there’ll be one way or another they can find your contact details.

  • Order Confirmation Scams. These are unexpected calls/texts/emails that often refer to an unauthorised purchase and ask you to act urgently to confirm or cancel the purchase. These scammers try to convince you to provide payment or bank account information, install software to your computer/device, or purchase gift cards. Remember, if you received correspondence regarding an order you weren't expecting, you can verify orders by logging into your Amazon account. Only legitimate purchases will appear in your order history – and Customer Service is available 24/7 to assist.
  • Tech Support Scams. Scammers create fake websites claiming to provide tech support for your devices and Amazon services. Customers who land on these pages are lured to contact the scammer and fall prey to their schemes.

Remember, go directly to the help section of our website when seeking help with Amazon devices or services. If you do use a search engine, use caution. Legitimate Amazon websites contain "amazon.com" such as "amazon.com/support".

Here are some important tips so that you can identify scams and keep your account and information safe:

  1. Trust Amazon-owned channels. Always go through the Amazon mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.
  2. Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.
  3. Never pay over the phone. Amazon will never ask you to provide payment information, including gift cards (or “verification cards”, as some scammers call them) for products or services over the phone.

If you receive correspondence you think may not be from Amazon, please report it to us. For more information on how to stay safe online, visit Security & Privacy on the Amazon Customer Service page.

Additional resources:

Stay safe, have a great Christmas and New Year, and may all the scammers learn what it means to be a decent human being on this one over-crowded planet we have to share.

So, what is a Website Care Plan and why do I want one?

So, what is a Website Care Plan and why do I want one?

Watch an animated video of this article

Hopefully, your website will be a great asset for your organisation. Be it bringing in sales, generating leads, providing information and education, whatever you’re trying to achieve, the investment you’ve put into your website should be giving you a positive return. Even if you don’t ‘sell’ directly from your website, it still positions your organisation as someone that the visitor can trust.

Websites depend on software, and there’s a few levels. Let’s compare to a car. Just like your car, your website needs regular maintenance to itself. For a car, think of the weekly tyre-pressure checks, oil-level check, top up of windscreen washer, look for oil leaks, make sure the tyres aren’t bald or rubbing, check lights all work etc. For a website, maintenance comes in the form of software updates, security updates and performance optimisation – preventing the bad guys getting in and keeping things running smoothly.

Other levels of maintenance would be akin to the roads that we drive on. Do you fix the potholes? Probably not. Do you manage the webserver that powers your website? Probably not. But someone needs to. Road maintenance is outsourced and handled by someone else, and for your website, what we’re talking about is webhosting. Typically, you’ll be paying a separate fee for webhosting (annual or monthly), and that should include making sure the server is maintained on your behalf.

However, where the website is concerned, it is up to you to handle maintenance – or contract with someone to do it for you. Just like a car, if you don’t look after your website, you run the risk of a breakdown. This could cause you to lose revenue through lost sales or enquiries, never mind the waste of time and the aggravation of getting things fixed up.

You also need to remember that there are unfortunately some bad apples in the world. It’s pretty common for most websites to be targeted by multiple automated hacking attempts each day. Yes, that will include your website, regardless of what it does, sells, provides or contains.

Attackers look for weaknesses that they can exploit. If an attacker gains entry, you could suffer from data loss, malicious content being uploaded or even just a defaced website. All very unpleasant actions that can be very damaging for your business.

As a web marketing expert, we understand how important it is that a website stays secure and up to date. This is why we offer Website Care to our customers.

A Website Care plan is a monthly service where we look after your website. We keep it updated, install security updates and ensure that it’s performing as expected. We also make sure there are frequent backups in case things somehow go really wrong, so we can get you back online quickly. And we monitor the site 24/7 to be notified straight away if it isn’t working as it should.

The whole process is designed to give you peace of mind. We want you to feel comfortable and happy in the knowledge that your website is in good hands. This allows you to focus on more important tasks in your organisation.

You may even be on a Care Plan with us now. If you are, then you’ll already know about the benefits of keeping your website secure.

There are a few myths when it comes to Website Care though:

Myth #1 – A Website Care plan is just a way of you making more money

We provide Website Care to protect businesses like yours. The damage to a business from a hacked website can be extremely expensive. Anything from lost sales to stolen data will cost you time and money.

The worst example of this would be if your website was hacked and the hacker was able to steal credit card data from your customers. Damages at this level can be difficult to recover from.

Being completely honest with you, Website Care also brings predictability to our business. Your payment means we can focus our attention on helping you and keeping your business safe. It’s a partnership, not a profit machine. We know your website, we know it’s up-to-date, we can tailor advice and suggestions better.

Myth #2 – I don’t need you, I can update my website myself

Firstly, if you have the skill set to look after your own website then you absolutely can look after it yourself. It’s definitely possible.

However, you may not possess this skill or knowledge. You may not know how to keep your website updated. You might not understand the different threats that your website faces.

In this situation, it would be unwise to attempt to go it alone. It only takes one mistake or one unlucky moment to cause you a headache and an expensive problem.

Myth #3 – I don’t sell anything on my website, so it’s not important

If you’ve invested money in a website for your business, then it should be considered an asset.

You don’t need to sell something directly from your website in order for it to be important. Think about why you have a website in the first place, and the value it provides to your website visitors. Your visitors may be at different stages in the buying cycle, with only a small percentage ready to purchase your products or services. Or they may be seeking knowledge, advice or guidance in your area of expertise.

Usually, your visitors are either researching a problem that they’re facing or looking for a solution. A potential customer can visit your website to learn more about how you can help them with their problem. It provides trust and shows your expertise.

Your website is almost always more important than you think it is.

If you’d like to learn more about our Website Care Plans and how they can help you keep your website safe, check out our page here.

You might like to download our free guide to understand how to keep your website safe and learn about the regular maintenance that your website needs to stay secure – it comes with a short series of emails that build on that guide too.

5 questions you’ll want to ask me about website care plans.

5 questions you’ll want to ask me about website care plans.

One of the most fundamental things you can do for your website is to prevent it from breaking. Alarmingly, there are still many business owners who don’t take web maintenance seriously enough. It’s natural to think that, since you built it, you can manage it. But having a hands-on approach to your site care simply isn’t sustainable over the long run.

How much do you know about website care plans? What are your questions on professional website care? If you’re seeking answers to these questions, read on.

1. Why are care plans so important?

Your website is powered by software, just the same as your phone and your computer/laptop. And as you are well aware, software needs to be kept up-to-date to keep the bad guys out, to fix bugs and problems that have been discovered, and to add new features and capabilities.

So your website is no different, there are constant modifications and improvements to its software that you are highly recommended to keep up with. While it may not be so important to add all the latest bells & whistles, it is vital to ensure that your website won’t fail when a visitor tries to use it (for example, buy something, send you an enquiry, or sign up for your newsletter). It is equally vital that you don’t let others break in and take control of your website through security faults in the software. Just think, if you found one of your windows at home wasn’t closing any more, you’re more than likely not going to leave it that way or you risk someone burgling the place. So it is with your website, don’t leave those back windows with broken locks.

This is real-world stuff too, and I’ve had a number of clients come to me after being stung. One organisation had recently launched their new website, it was hacked and defaced with less-than-pleasant content, and they lost the whole investment. Website security and maintenance wasn’t their ‘thing’ (and absolutely no reason for it to be) but they paid a hefty price for just assuming everything could be left alone once the site was published.

2. My website isn’t that big or complicated, do I still need a care plan?

No matter how simple your website, as mentioned above, it is powered by software – and someone needs to look after that software to keep it updated. I’m a big fan of continuously making small updates, rather than waiting for long periods and then catching up with everything in one go.

Waiting longer means risking your website getting attention of the wrong sort while a security hole has been discovered, even though there’s a fix which you haven’t got yet. It also means there are more significant software changes which risk incompatibilities or untested jumps from old version to latest version.

Small updates often is the go!

3. Can’t I just run the updates myself?

Of course you can! You can service your own car too. And fix your own plumbing. And a myriad of other DIY tasks, at work or at home.

But here’s the thing – what’s the best use of your time? I know for a fact that you have exactly the same 24 hours in every day that I do. What would be the best way you can spend your work time and avoid losing your leisure/family time?

I would guess that while most updates are quick and easy, sorting things out when there’s a hiccup is not going to be a favourite activity of yours.

Outsourcing your website care to a professional who has the tools, the knowledge and the experience to keep your website humming is an investment in your business, freeing you to spend that time on growing and building your business.

4. It doesn’t seem that complicated, so what’s included in a care plan?

Website care from Winch Websites is more than simply ensuring that the website software is updated every so often. Those updates are an essential element, but on top of that, all websites under our website care have a range of additional “add-ons” activated to make sure the website is all good.

For example, daily backups that are independent of webhosting. What if there’s a fire at the data-centre where your website (and its webserver backups) are housed? That was an event that took out thousands of websites in March 2021. Eek! 😱

Website security is another benefit of website care by Winch Websites – if your site is hosted with us, you already get excellent security protections, this is stepped up for website care clients.

Higher website care plans include blocking spammers from using your website forms, and 24/7/365 monitoring with auto-alerts (to us) if your website disappears for any reason.

One thing may particularly appeal to busy people is that all plans include some time to make changes to your website – update that paragraph, amend that pricing, replace that photo etc. Send an email and it’s taken care of for you.

5. Doesn’t my hosting company do that?

Horses for courses. Your dentist is good at teeth, but I don’t know that you want to be buying home-made toothpaste and/or toothbrushes from her/him. Hosting companies may provide some elements of website care – you should certainly expect them to be maintaining the underlying webserver that powers your website software, for example.

Hosting is not a high-profit-margin business though, so one way or another you’d need to be paying for additional attention given to your site. Your site is unique, with its combination of words, images, functions and tools. It’s not an environment that works particularly well for highly automated mass-scale operations.

So while you could expect site backups, good security, and reasonable performance, investing in someone who is familiar with your site, can give it one-on-one attention, and who can help you make sure your website is doing positive things, is an investment that will pay dividends.

For more info about website care by Winch Websites, take a look at the range of plans available and what they include. These are structured to help you as the owner of a website be confident that it is doing what it should and that there’s someone on hand for when it isn’t, and to assist in keeping it accurate, correct and fresh. Get in touch if you’d like to chat about website care for your website.

I would especially love to hear from you if you have ideas and advice on what else a website care plan needs to be of value to you.

Game of two (login) halves

Game of two (login) halves

While the government of the day has recently pushed cyber-security to the fore, it’s nothing new and is likely more ‘politics’ than ‘large-scale attack’. The motivations for anything politicians do rarely prioritise the community above self-interest.

All the same, in the wake of this scare campaign, it is a good time to have a think about your own cyber-security. To quote the PM;

I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Does this affect you? Probably not directly. If your medical records are inaccessible, if your tax office dealings are blocked, your bill payments fail, your internet service is offline, you can’t pay for groceries at the supermarket – it’s going to be inconvenient to say the least. But there’s not much you can do about it all.

However, your personal cyber-security is still important. Really important. There is only a small chance that you’re going to be “hacked” (broken into). It’s much more about Identity Theft.

If I have enough information and in particular access to your email account, I can pretty much ‘be’ you. I can take out loans, I can buy expensive items, I can cash in your superannuation, I can retrieve passwords and logins to your online accounts.

You MUST protect your email account. Nobody cares who you write to or what you write about – it’s being able to use your email account to pretend to be you that matters. Your email account is often a weak link in the chain.

Can you make it the strongest link? Absolutely. A good password is a great start, of course (no “123456” here!) but there’s a huge improvement that is quite easy to make. It’s called “Two factor authentication” or 2FA for short.

2FA is about adding a third element to your login;

  • who you are (eg. email address or UserID)
  • something you know (eg. password)
  • something you have (a gadget)

Our local Winchelsea & Anglesea Community Bendigo Bank introduced 2FA for their bank accounts years ago. A small device with a button and a display, each time the button is pressed it shows a 6-digit number. When logging in to do internet banking, I must enter my UserID, my banking password and a 6-digit number. Nobody can get in unless they have that device.

The same thing can be done with email accounts. Instead of a device, though, you use your smartphone with an app to generate the number. So likewise, nobody can login to my email account unless they know my email address, my email password AND get a number off my phone.

Note that the numbers generated change every few seconds. It is almost impossible to guess or predict the number, they are generated using some clever randomising maths.

This means anyone trying to break into my bank or email accounts will fail EVEN IF they know my password and UserID somehow.

Have a think about the online logins that you use which would cause you pain if someone knew your password. Especially your email. Find out if you can enable 2FA, and work through the procedure to make it happen. It is so worth it.

When a password isn’t enough…

When a password isn’t enough…

We live in an age where passwords and PIN-codes are everywhere. Phones, computers, email accounts, government services, bills and utilities, apps, bank accounts and dozens more. All need and expect some form of password. Here’s a cautionary tale for what might happen if you forget one.

Since the year dot, many many aeons ago (back in the 1980’s, I mean), passwords were invented for electronic ‘stuff’ to keep out people who shouldn’t get in. Keeping private things private. Keeping national secrets secret. Keeping unique technologies unique.

We'll never guess her password cartoon

There are a few password strategies around on how to create and manage strong (ie. unguessable) passwords. Very often, you will find that these strategies can be challenged or even come unstuck in the face of Password Rules. Every system, every organisation, can create their own Password Rule and it’s highly likely you’ve encountered them – for example, your password must contain at least 8 characters, and in those 8 there must be both letters and numbers and at least one capital letter. Some password rules require one or more “special characters” such as $, & or %.

So we end up with a grab-bag of different passwords whether we like it or not.

What happens when we forget one? A classic example is the password to a GMail account. You created an email account using Google’s free GMail service years ago, put in a password that matched their Password Rule at the time. You added that email into your smartphone and tablet, using their quick-and-easy tools to do so. Then you happily started using the email account.

Of course, you never had to put in that password again. Your computer, your phone, your tablet all remember it for you. Or better yet, if you’re like me you have a password manager app that remembers on your behalf, so you can have a ridiculous password that you don’t even know anyway (and couldn’t reveal even under torture or hypnosis!).

Then you get a new gadget, or more likely try to sign in to your email account on someone else’s computer (let’s say while you are travelling). You are asked what your password is. You simply don’t know or can’t recall.

Now you enter Verification Twilight Zone. You need to prove you are who you say you are, that you should be allowed in even though you don’t know the password. GMail do this verification thing sometimes when you DO know the correct password, but are signing in on some device you haven’t signed in on before. They might even do it on your normal device, for some reason.

How do you verify yourself? Well. It all depends…. but it depends on what you did when you created the account.

  • Were you asked a few special questions to which you had to give your own answers? For example, “Where were you born?” or “Mother’s maiden name”. You’ll need to remember the exact answer you initially gave.
  • Did you have to provide your mobile phone number? You’ll be sent a one-off code to your phone which you’ll need to copy back into the sign-in.
  • Did you provide an alternative email address, belonging to yourself or someone else you can trust? A one-off code will be sent to that email address which you’ll need to copy back into the sign-in. You’ll be shown only part of that alternative email address to jog your memory eg. joe***@big****.com, so you’ll need to remember which one you initially gave.

Here’s the thing. If you can’t successfully navigate through the Verification Twilight Zone, you can find yourself going round and round in circles trying to guess the correct answers. If you are unable to provide what is requested – you simply cannot get in. Short and sweet, you have lost access.

For some services (such as online banking), there may be someone you can call so you can prove to them that you are the right person, and they can maybe reset your account password. But don’t count on it in these days of identity theft, fraud, and privacy laws.

As for GMail? It’s too bad. You need to register a brand new email address and tell everyone you’ve had to change. A real pain. You’ve lost access to everything that was in that email account unless you can work through the Verification Twilight Zone somehow.

So the moral of the story is to make sure you have an excellent memory, or more practically to make a secure note of not only your password, but also your verification answers. And keep them updated (once a year or so should do it). Dead alternative email addresses and expired phone numbers are of no use at all.

Beware the Verification Twilight Zone!

How low are YOUR barriers to entry?

How low are YOUR barriers to entry?

Let’s focus on my business for a bit. Usually, I’m all about my client’s business (the “if they do well, I do well” perspective), but we’ll flip it around for a change.

The websites/web-marketing industry is undergoing huge changes. Has been for years, of course, along with technology in general. Ask a website designer/builder to go back 5 years and recall how websites were built, and compare to today’s tools and techniques. It’s chalk and cheese.

  • faster
  • easier
  • slicker
  • more effective.

And cheaper. Like most technology (except iPhones, it seems…!).

In the last couple of years, there have been 2 major developments that have led to a massive surge in the number of people who say they are available to build you a fabulous website. “Page builders” which greatly reduce or even eliminate the technical knowledge needed. And “Software as a Service” which lets you subscribe to functions & tools & facilities that you need, when you need them, without having any hassles with installation, maintenance, upgrades or backups.

You may have seen the Wix ads, or Squarespace, or GoDaddy. Yes, you can DIY – build a website right now, and it will indeed look good, at low cost (to start with). Get up and running in an hour or two. They don’t lie.

So we have a huge number of ‘experts’ out there now. The web industry has such low barriers to entry that it has become an enticing side-gig, a part-time activity that fits in with the full-time job or study. All you need is a reasonable internet connection.

The result is apparently a reverse hourglass effect. Squeeze at the bottom of the market (lots and lots of competition for low-priced projects), squeeze at the top of the market (high-ticket projects attracting increased attention from mid-range players who can easily access more advanced capabilities).

In the middle, though, there seems to be a more positive effect for business such as Winch Websites. A project can now include functions and facilities that would have been financially out of reach to small and micro businesses or non-profits. It’s here that clients typically already have experience with owning a website, and recognise the skills, expertise and benefits that a professional brings to play. Websites are no longer about the technology – it’s about what they are there to achieve for the organisation. More sales? More signups? More donations? More enquiries or leads? The focus is on the outcome, not the tool. Find out what the outcome is first, then find the best tool to make that happen. Then fine-tune and optimise, forever. Something worth investing in, in other words.

Anyway, what I’m getting at is that although the website and web-marketing industries have very low barriers to entry (and therefore many, many participants), it doesn’t mean that getting something good is easy and cheap as chips. A decent investment really should pay dividends.

However, riding shotgun with the low barriers to entry is the lack of regulation and control. If you haven’t come across outrageous claims already, you won’t have to go far to find some. Think “website in a day”, “Google page 1”, “10x your sales”.

How about your own industry? How easy is it for a newcomer to come along and think “Hmm, that looks like an easy way to earn money. I’ll say I can do it and then work it out from there!”?

If you too have low barriers to entry, you’ll be familiar with all of the above. And like as not, you too will have had customers who’ve tried the cheap and the quick, been burned, and are now looking for experience and knowledge.

When you go looking for website and web-marketing services, please bear in mind that there’s little to stop people saying what they like in internet-land. Take claims with a small pinch of cynicism and maybe do a bit of due diligence. Ask or look for evidence that your chosen service provider has done this sort of thing, and that it’s worked. Be ever-so-slightly distrustful of reviews and testimonials unless there’s evidence to back them up as genuine customers.

At Winch Websites, I’m well aware that the competition for your web-marketing dollars is global, huge, and a minefield of options, technicalities, capabilities and playing with the truth. I aim to provide honest and accurate advice, and if we aren’t a good fit for each other in terms of outcomes and objectives, I’ll happily refer you to services or businesses that are.

I want to take care of your website so that you can take care of your business – over the long term, ongoing. That’s not going to happen unless you get great value from Winch Websites. So next time you’re looking for website design & build, website care or email automation services, please get in touch. At the very least, you’ll get something to compare against. And I’d love to hear what you think when you do compare, business feedback is so hard to come by!

Good luck in your business, and may low barriers to entry be no barriers to your success!!

Interested in working with us?