KC News

Advice about Phishing Scams and Fraudulent Emails

Don't be scammed!

Here is some extremely important advice about fraudulent emails, phishing scams, and identity theft.

E-mail fraud is now an extremely common tool used for IDENTITY THEFT.

These emails can take many forms, and they are often very demanding and contain strong, urgent messages.

Here are four examples:

* Phishing (pronounced "fishing")
- the sender poses as a company to trick users into giving away personal or account information.

* Illegitimate Offers
- e-mails that entice users to purchase popular goods or services at reduced prices (or before they're available to the general public), with no intent to deliver those purchases. Usually, these e-mails are designed primarily to obtain credit card or bank account information.

* Requests for Help
- usually these will offer you large sums of money or attractive rewards in exchange for "short term" financial assistance. One common example is the "sender" who asks the user to supply a bank account number to "hold" large sums of money until the "sender" can retrieve it. In exchange, the recipient is promised a percentage of the deposit. The "sender" uses the bank account number for fraudulent activity, and the recipient never receives the promised funds.

* Vishing
- Phishing scams now have a phone connection. First, it was "phishing," where criminals send e-mail by the thousands in hopes of tricking unsuspecting consumers into sharing confidential information.

These messages often include a link to a fraudulent website. Now, there's "vishing." In this latest twist, they use a telephone number instead. When you call, a person or an automated response asks for your personal and/or account information.

When you call your bank, use ONLY a phone number that comes from a REPUTABLE source, like your STATEMENT, the back of your credit or debit card or the phonebook.

If you have any questions please contact Kahl Consultants for more information!

McAfee Secure Hackersafe: Is it just a Waste of Money or a Marketing Scam?

 McAfeeSecure is a piece of marketing baloney and not a true security product.

Let me tell you why. McAfee acquired ScanAlert's HACKER SAFE in January 2008 and renamed it McAfee Secure. This product has a scanning tool that probes for web application security flaws and allows you to post a logo on your website to help increase trustworthiness with paying customers.

Is displaying a security stamp of approval on your website really mean more business for you? Well yes, a security logo actually might increase web sales, but you can probably achieve the same result without paying McAfee a dime.

Put another way, will the McAfee Secure seal make shoppers less skittish about spyware and identity theft? Probably, but so will some other less expensive logo. McAfeeSecure it is NOT cheap, costing well over $1,000 a year! That's a lot for what amounts to basically a website icon and a few security tests that your webmaster can manage!

Is your ecommerce website on a secure host with SSL? Then save yourself that money.  Just do the following:

  1. Confirm with your web host that your site has SSL and then simply upload your own free "SSL secure" graphic onto your site
  2. Have your webmaster ensure that your website software is all updated and kept current to avoid known security issues.
Don't take my word for it.  Here is one blog comment I found:

At best the McAfee Secure HackerSafe logo means the site at least takes security slightly seriously - and at worst the logo is meaningless.

To learn more read these articles:

False Sense of Security

McAfee competitor WebSafe Shield says 70% Of Customers ONLY Shop With Sites That Display A Security Protection Seal. WebSafe cost much less than McAfee and they even include PCI Certification and Seal.

Speaking of PCi compliance, it is now mandatory that your credit card processing is PCI compliant. For more info on PCI compliance check out the security video at Madeleine Austin Enterprises.

By all means put a free security icon on your website. By all means have your webmaster check to ensure your software is current and secure. And once you are PCI compliant you can also post an icon for that.

Blackmail? Extortion? What's wrong with Yelp?

Have you heard of Yelp.com yet? Yelp is a great tool for customers and also for local business owners.

Yelp, Inc. is a Web 2.0 company based in San Francisco and very popular in the Bay Area. They operate a social networking, user review, and local search web site.

But did you know that Yelp has been accused of BLACKMAIL and EXTORTION. Don't let them do this to you!

That's right, we do NOT recommend paying yelp for a business account. Spend your marketing dollar on something else.

Let me explain why.

Here is a typical yelp page for a restaurant:

It contains an ad for a competitor at the top. One advantage of upgrading to a paid business account is that Yelp will remove the competitor ad at the top of your listing. Sounds a lot like EXTORTION, don't you agree?

Why would you pay money to remove this little ad when:
(a) visitors can click from your yelp page to other yelp pages in seconds, with or without the ad.
(b) many internet users IGNORE sponsored listings online
(c) most yelp visitors want to read the USER comments

What can you do? Simple! Keep asking you happiest customers to leave more honest reviews on website such as yelp.com

For more information see also:

Yelp Scam

A Candid Yelp Advertising Review - Is Yelp Ripping People Off?

Good News America: FTC now prohibits Telemarketing Robocalls

Robotic Telemarketers are now prohibited by the FTC!

Telemarketers who transmit prerecorded messages (robocalls) to consumers face penalties up to $16,000 per call. The new requirement is part of amendments to the Federal Trade Commission (FTC) 2008 Telemarketing Sales Rule (TSR).

The FTC allows robocalls calls that do not promote the sale of any goods or services, or deliver purely "informational" recorded messages, for example:

  • Flight cancellation
  • Ordered delivery information
  • School opening details
  • Debt Collection
Human telemarketer calls are still allowed unless you register your phone number is on the National Do Not Call Registry.

Got a prerecorded telemarketing call? Complain to the FTC:

Do Not Call Registry website

Tel. 1-888-382-1222

The FTC works to prevent fraudulent, deceptive, and unfair business practices. File other FTC complaints here:


Tel. 1-877-FTC-HELP (1-877-382-4357)