Scams: Energy Bill Service Scam

Lets Have A Look At An Energy Bill Service Scam

Here we have a classic scam email captured in its natural environment, which presents a good opportunity to learn how to spot them. This one is rather straightforward and deceptive. Note the alarming nature of the email, intent on distracting attention away from the fact that your “energy bill” is being sent from Japan. It is worth noting that email addresses are notoriously easy to spoof, so it won’t always be so obvious. Scam emails can just as easily appear as if they came from a legitimate source.

A better tell might be the obligatory “click here” link. If you hover over it with your mouse, the link itself is suspicious – the URL has nothing to do with an energy company. Link targets are much more difficult to fake, but can sometimes look very similar to a more legitimate address, so look closely!

This scammer even has the nerve to instruct you to add their email address to your approved mailing list so that future scams won’t be blocked by your spam filter. It is never a good idea to do this unless you are 100% certain the email is legit.

As always, if you receive an email like this, do not immediately click on the link. Instead, open up your web browser separately and navigate to your actual utilities company’s website if you are concerned. Delete the email and go about your normal business.


Domain Slamming

Domain Registry of America and Domain Slamming

Domain Registry of America and Domain Slamming

If you have ever registered a domain name of your own, you may have received an alarming letter or ‘bill’ alerting you that your domain name is about to expire, and giving you an ‘easy way’ to renew it. The letters look legit at first glance. But checking with your host will usually indicate your domain is fine and does not need an urgent renewal. Even if it does, you can do so through your registrar for the normal price.

So what gives?

Is this a scam? How did they get that info, and is this even legal?

The answers are a little nebulous, like so many scams. We’ll shed some light on just what is going on here.

Domain Registry of America (among other names) is a borderline-legal scam designed to convince you to switch your web hosting for inflated prices. The company itself generally has a post office box in the United States, but seems to have other addresses in other countries and is presumed to come from abroad. This makes the legality more difficult.

Your postal address and information is obtained from “WHOIS,” a public database of registered domain names. The letter is not actually a bill, but carefully written document designed to persuade the domain owner to switch domain hosting to their company at highly inflated prices.

What to do?

If you receive one of these notices, the best thing to do is just ignore it. But let’s go into some detail on how you can be SURE you are not going to lose your domain name.

1) Know the name of your registrar. The registrar may or may not be the same as your web host, but know who your domain is registered through. If you get notices from anyone other than your registrar, you can generally dismiss and ignore them. As a note, your domain name and host may not expire at the same time.

2) Know when your domain name expires. This can save you the potential loss of a domain name and all the trouble that comes with that, and it can also spare you quite a bit of anxiety, wondering when the expiration date is going to happen. Some companies will email you to let you know, but it’s good to remember this anyway.

3) Put your domain name on autorenewal if at all possible. You can’t just do this and forget it – credit cards expire as well, and it’s good to check up on things, but if your domain is set to autorenewal it’s less likely to slip past you.

What happens if you lose your domain name?

Other than purchasing it back for generally much higher costs, there are not a lot of options after losing a domain name, beyond getting a new one, changing your business card and information everywhere, and making up for lost emails. The single best option is to educate yourself, not fall for the scams, to keep track of your own domain name renewal so as not to risk losing it to begin with.

Don’t let Domain Registry of America alarm you. This and many other scams are out to make a dollar (or many). Education is key. When you know what you’re reading, you know what you can ignore. And for more information on various scams, visit us here at Appletree MediaWorks.

Domain Scam

Phishing for Paypal

Have you ever received an email from PayPal, informing you that your account has been limited or compromised, and to click on a link to correct things? Been tempted to follow the instructions to fix the problem? Or did you recognize the scam when you saw it and deleted the email?

Phishing for Paypal

The Paypal Phishing scam is one of the most prevalent email scams on the web today and the spoof emails often look legitimate, using an email address that seems to match Paypal, using Paypal’s own logo and graphics that match the website.

But How Does It Work?

The trick to the scam is to get an unsuspecting user to click on the link. This link takes the user to a spoof site that may look very close to the real thing. Here the user will be prompted to log in (handing over their Paypal login credentials), and then enter personal data including banking and credit card information. This information will be sold later on the internet black market.

How Can I Tell?

How can you spot the scam? It can be tricky to find the clues, and generally it’s just easier to circumvent the problem entirely. Paypal won’t write you an email entitled ‘dear member’ or ‘dear customer’ – the company uses your real name or company name. They also won’t use a variant URL although this can be tricky to spot.  Instead, there are appropriate steps to take if you do think you are receiving a scam email.

What Should I do?

1) Don’t click on the link. This will take you to a spoof site. Instead, if you wish to log into your Paypal account, go to your web browser and type in the Paypal URL by hand.

2) Don’t download any attachments or programs. This goes for virtually any unfamiliar email attachment, but especially Paypal: the company will not send you these things.

3) Go to Paypal’s website and search help for ‘scam’ where the company will provide you with an email to forward to Paypal so they can follow up on who’s putting out that particular scam.

4) If you think your info has been stolen or you find suspicious activity on your account, there are steps to take as quickly as possible, to minimize the damage done.  Paypal has set up a Security Guide on the steps to take to combat fraud, if you believe you have been a victim.

Update 2/24/2015

Google has been sending out emails making reference to Google Play Phishing. This is exactly the same technique we mention above, but it’s directed toward Google Play Developers, designed to get them to click quickly, without thinking.

Remember, when in doubt, navigate through your browser to the proper website and check things out – do not click on readily supplied email links.

Web Host-age Negotiations 101

Website Hostage Negotiations

“Help! My web host won’t give me access to my files! They won’t relinquish my domains! They’ve taken my website hostage!” Though it seems like a crazy scenario, these cries are heard far more often than you might expect. Like a rogue valet driving off with your shiny new car never to return, as soon as you hand a web host your keys, you’ve entrusted them with more than many people realize; and not all of them are willing to simply return your property once the time has come to part ways.

How do I know if my host has gone rogue?

Often, a business owner won’t even realize there is a problem until they attempt to switch hosts. Only after requesting their web assets do they realize that their host isn’t cooperative. How do you know if your host is holding you hostage? Here are a few tell-tale indicators that we have identified over the years:

  • The host in control of your assets is unresponsive or dodgy, often taking weeks to respond to simple requests. When responses are finally received, they ignore any part of the request which involves them giving you more access to your property.
  • The host may become entirely unresponsive by phone.
  • The host becomes unwilling to bend server settings to suit your needs, but equally unwilling to assist in helping you switch hosts to one that will.
  • Your host does not give you access to any sort of control panel so that you can manage the website yourself; or, the control panel is limited in such a way that you cannot manage hosted domains or backup databases and files.
  • Generally, if you find yourself second-guessing good business decisions based on your web host’s temperament that day, your host has gone rogue. It’s time to get out.

How do I regain control of my website?

Okay, so you’ve decided to break up with your web host. It turns out that breaking up isn’t always easy to do. There are several aspects which you must consider:

  • Domain Names
  • Website Files
  • Databases
  • Email

The most important part is your Domain Name. This is your company identity – guard it as well as you can. We always recommend having your domain names hosted in a separate location from your website. That way, if your host goes rogue, you still hold the keys and can always simply point the DNS at a more reputable target while you work behind the scenes to regain control of your files. If your bad host is also in control of your domain name, the process can be more involved, but is still doable. Here are the steps we recommend for regaining control:

  1. Make certain that you are paid up on your hosting and domain registry fees. Sometimes, hosts will hold you hostage until you pay your bill. Domain registry fees are even more important, as failing to pay them can cause you to lose ownership of your domain name entirely.
  2. Do a Whois lookup on your domain and look for the Administrative Contact’s email address. If this is set to an email address you can check, transferring the domain will be simple. If not, see if you can change it in your host’s control panel.
  3. Set up an account at GoDaddy or another Registrar of your choice. Make sure it is not the same place where you wish to host your website. From here, begin a domain transfer. An authorization code will be sent to the Administrative Contact on the domain. If that is an address that your host controls, they will receive the email.
  4. If your host received the authorization code, you should submit a formal request to the host that they forward the code to you. If email or phone requests are ineffective, send a USPS Certified Letter. If the host is still unresponsive, send one from your lawyer. If your host/registrar is approved by ICANN, they are bound by certain legal requirements.

Website Files are usually easier to obtain. Very few hosts – even if they’ve gone sour – fail to provide at least FTP access to your site. If not, you can use a website downloader tool such as HTTrack to download an offline copy of the website. Keep in mind that this will not download any server-side code such as PHP.  Depending on the complexity of your site, this may or may not be the final word, but, it is better to at least have a working offline copy in case you need to hire a developer to restore the site to operable status and need a frame of reference.

In order to backup your databases, you will either need access to a hosting control panel or a clever developer. If you are unable to backup your database through your host’s control panel, sometimes it can be done with code. One trick I’ve used in the past is to install a copy of phpMyAdmin in a folder within the live website, examining the website files to find the database login information. This, of course, requires that you have at least FTP access to your server. If phpMyAdmin will not work, a good developer can sometimes write custom scripts to export essential database tables.

Email addresses will most likely need to be recreated on the new host regardless of your situation. Make sure that you have a list of your active email addresses before making the move. Additionally, for any accounts that have a lot of important emails stored, use a program such as Outlook to download existing email from your host before pulling the plug. It is a good idea to do the final transfer on a weekend or late at night when you are unlikely to miss important emails during the switch.

So as you can see, though bad web hosts can be a nightmare to deal with, they aren’t the end of the world. Here at Appletree MediaWorks, we have navigated some of the worst and come out on top. Feel free to drop us a line if you find yourself unable to navigate these troubled waters. We’ll be more than happy to help. And we won’t go rogue on you – we promise! (it’s super bad for business) 🙂

Joe Job

How to Survive a Joe Job

To a budding or established company on the web, the possibility of cyber attacks is very real and can be damaging to your reputation if not handled correctly. One of the worst of such online threats is the all-too-common “Joe Job” attack.

Essentially, a Joe Job attack happens when an attacker sends fake (spoofed) spam email that appears as though it originated from your domain. Email has always been one of the most insecure protocols on the Internet – anybody with even a minimal knowledge of technology can send email “from” whoever they want, without much effort.

Usually you become aware of such an attack when you begin receiving a flood of angry email replies to the spam (since the Reply-To address is often your own). Now begins the long arduous task of saving face amongst the onslaught of defamation. It seems daunting, but we have compiled a comprehensive guide to surviving a Joe Job attack, should you be unfortunate enough to become a victim:

1. Create and if these do not already exist. These should either be set up to forward to you, or you could configure your email client to also receive email from these addresses. This is so that information sent from SpamCop and other blacklist services is not missed. Whenever somebody submits one of the spam emails to SpamCop, real time reports will be forwarded to Fortunately, SpamCop is smart about these things and will realize that the emails are not originating from your domain.

2. Set up a spam information page with information about the attack and a form where victims can submit the header information from the offending emails to help you expedite the investigation. In cases where the attack is being carried out by a devious competitor, this will have the benefit of letting them know you’re onto them, and they need to stop. It also helps the people who are receiving the spam. They may be hearing about your company for the first time by receiving the defaming spam, and the proactive ones will almost certainly be browsing your site looking for answers. It will help immeasurably to provide them with the information they are looking for, letting them know that the email did not come from you and that there is something they can do to help end the attack. As you begin to receive more information it will also help with your own investigation. Appletree’s Joe Job information page is an excellent reference.

3. Create an alert link from your home page that directs people to the spam information page without distracting the customers who are there under normal circumstances. The point is that you need to address the issue with an official response and a way for proactive victims to do something meaningful to help stop the attack.

4. Once people begin sending you full header information thanks to step 3, you can begin doing some research to find out where the attacks are coming from. As you view the full headers, the only line which cannot be faked is the “Received” line, which usually contains the originating IP address. This may or may not be useful because a smart attacker will often bounce their emails off of several “open relay” servers, effectively hiding their original location. This information will still be very valuable to SpamCop, however, in building up a blacklist of known “open relay” servers, which will be beneficial in the long run. Make sure to create a SpamCop account and submit all of the spam emails you receive.

5. Notify your web host about what is going on. Even though the emails are not being sent from their servers, it is good for them to know what is happening. Sometimes web hosts will help with the investigation.

6. Utilize your social networks – blogs, Facebook, Twitter, etc – to send out helpful “security” reminders, while being sure not to instill fear. The people in your own network will appreciate the information even though they most likely did not receive the spam email. The spammer usually has different targets and goals, separate from your own. It is always a good idea, though, to make sure your own customers are aware of your spam policy and that you are actively on top of keeping them safe while doing online business with you.

Other than that, be very gracious and kind to the victims who complain about getting spam from your company. Being knowledgeable enough to briefly explain the nature of the problem will go a long way towards turning potentially bad press into a network of allies.