Deceptive Site Ahead, or Not

Written: March 20, 2018

Yesterday I received a rather alarming email from the Google Search Console Team telling me that one of my client web sites had “Social engineering content detected” on it.

Email warning

Email warning

I double-checked that the address was really from Google and that the links were really going to Google. Hmm, that didn’t sound safe so I immediately browsed the client site and then my browser window promptly smacked me with a big red warning message:

Deceptive site ahead

Deceptive site ahead

I clicked the link for Details and read it, then visited the page against all of the warnings. I even examined all of the source code, trying to find something malicious like injected Javascript code or something altered in the HTML, however it was all OK, nothing was wrong. The particular page did have a Form that requested an email and password, which was all legitimate and had been coded back in 2015, working flawlessly for three years now.

In the Google Search Console there’s a link to request a Review of your questioned page, then it asked me to explain why I though a Review was warranted. I explained to Google that the page was coded in 2015, worked perfectly, and that nothing had been injected or changed. Then I waited.

Fortunately, the next morning I received another email from the Google Search Console Team:

Review successful

Review successful

I’m all for having Google scan my client web sites then inform me when something looks wrong, infected or deceptive, however in this case their search produced a false positive. As a result it created some amount of fear and panic inside of me, then it took me time to research what Google was inferring, inspect the code, run some tests, and finally convince myself that nothing was wrong at all, and to communicate to Google that a review was warranted.

I’m hopeful that Google cleans up their efforts to detect infected or deceptive web pages, but also reducing the number of false positives that are trigged, because my time is valuable.

Adding a MailChimp PopUp Form to your WordPress Site

Written: March 9, 2018

I have a WordPress client that uses MailChimp for emailing updates to their customers, so they wanted an easy way to prompt web visitors to join their email list. We already had a MailChimp form on their WordPress site, but the client wanted to have a PopUp appear after 5 seconds on their Home page that would invite visitors to opt in. After spending a few minutes doing a Google search I found several methods that simply didn’t work, then finally hit the one that did work, so here’s what you need to make this happen:

  1. WordPress web site
  2. MailChimp account
  3. JetPack Plugin for your WordPress site

Let’s start off with what you need to do in MailChimp, login to your account the click Lists. Select and click your desired List, then click the link for Signup forms. Finally, click the icon: Subscriber pop-up

Subscriber pop-up

Subscriber pop-up

In MailChimp select the Format, I chose Modal which means that the pop-up appears in the middle of the web page. Under Display I selected 5 seconds. I added an Image to the pop-up, then changed my Text.

pop-up design in MailChimp

Pop-up Design in MailChimp

Everything looked OK, so I was ready to create the code for this pop-up form, click the button: View Code

copy mailchimp code

Copy MailChimp Code

Select this code, then Copy it to your clipboard, Control+C on Windows (Command+C on Mac).

We want to Paste this MailChimp code into a widget area in WordPress, so login to your WordPress site and click on: Appearance> Widgets

From the list of Available Widgets find and click on: MailChimp Subscriber Popup (Jetpack)

I added this widget to the Header area of my Theme, so your Theme would probably have different sidebar names, choose your theme-specific sidebar.

Header Sidebar

Header Sidebar

Here are the details of my sidebar after I pasted in my MailChimp code:

paste MailChimp code

Paste MailChimp code

Notice how WordPress will alter your pasted code from MailChimp after you Save the form. I setup a condition to Show the pop-up on the Home page only, remember that in MailChimp is where I defined that the pop-up appears after 5 seconds.

I then browsed the Home page and waited 5 seconds, sure enough there appeared my pop-up MailChimp form:

MailChimp test

MailChimp Test

To complete the test I entered my email address and clicked the Subscribe button.

Back in MailChimp I viewed my List and searched for my newly added email name:

new mailchimp email

New MailChimp email

There you have it, we just added a MailChimp pop-up to our WordPress site using the Jetpack Plugin with some Copy/Paste and logo customization. Now the client can attract even more web visitors to receive email updates which will save them both time and money, a win for everyone.

Tags:

Oregon Health Care Web Site Woes

Written: February 12, 2018

I don’t really like the idea of being forced to choose healthcare from a government site instead of the free market, but that’s the system that we have so I make the best of it. Today I received an email message about my health care account:

State email

State email

The first funny thing about this email is that Apple mail moved it straight into the Junk folder, probably because of the very odd email address of NoReply.Forms@hsoha.state.or.us

The second point which bothered me is that the state of Oregon knows my first and last name, plus my account number, however none of that information is shown in this email, so it really looks like a phishing scheme instead of a legitimate email message.

Point three of concern is that there is no personal information like John Smith, Deputy Director of Oregon Health Services listed in the message.

Fourth point of caution are the two hyperlinks for http://oregonhealthcare.gov because when you click these links you get redirected to another address at http://healthcare.oregon.gov/Pages/index.aspx, something that criminal web sites regularly do. I mean that state is going out of their way to make me not believe this email at all. I then have to guess that the proper link to click is called Already Covered:

Already Covered

Already Covered

Next I have to read a paragraph to find yet another link to click:

one.oregon..gov

one.oregon.gov

This link actually brings me to the correct web site address that should’ve been in the email to start with, but for government reasons wasn’t. Finally, so I try my login credentials:

Login

Login

Of course my password is rejected because the government wants me to change it again, so another several clicks and I have yet another new password. Now it tells me that I have two cases to consider:

Two Cases

Two Cases

I try both cases, yet each one has no new messages for me:

No messages

No messages

So, I’ve spent some 15 minutes trying to read a message from one.oregon.gov, yet there aren’t any messages. Can you imagine how frustrating my web experience with this government web site is right now?

It’s really beyond all reasonable expectations to have citizens like myself trust the ineptness of the Oregon web site that is here to help me with health care information and insurance.

I have many online accounts like for banking and my IRA that are 100% functional and easy to use, nothing like the brokenness of the one.oregon.gov web site. I’m counting the days until health care decisions and web sites go back to the private sector again, because honestly the old web sites worked quite well and for a price that I can afford.

Tags: ,

Remember to Update your WiFi Router Firmware to Stay Secure

Written: January 18, 2018

Today I received an email from Netgear, my vendor for WiFi router used in the home office, so I read through it and decided to follow their security advice and follow the simple steps.

Netgear email

email from Netgear

It’s also best practice to double-check any email message like this by viewing the From address, and then hovering the cursor over any link just to make sure that you know where the link is pointing to before actually clicking it. This email passed my scrutiny, so the next step was to browse the link and find out what version of firmware I already had:

Firmware Version 1.0.0.16

So yes, there was a newer version of firmware at 1.0.0.18, so I started the update process and watched the progress bar:

firmware updating

Firmware updating

The update process only took a few minutes, so not a big deal in lost productivity for me. When the firmware update was complete I checked to see the latest version number of 1.0.0.118:

Version 1.0.0.118

You should always update to the latest firmware when your WiFi Router vendor sends you an email. When you purchase a new WiFi router make sure and register your product so that you can receive these useful update email notifications.

My previous update was in October 2017, so it looks like Netgear takes security seriously and continues to support their WiFi routers with new releases as soon as they find any exploit.

Tags: , ,

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com