Category: Webmaster

STC RSS Feeds

STC has a number of RSS feeds for its publications. With the revamp of the STC website, the RSS feed addresses have been updated. If your community website has links to these feeds, you’ll need to update them.

RSS Feeds

STC Sites

 

 

Attempted Fraud Advisory–Spoofed Messages from Community Leaders Requesting Funds Transfers

By Ben Woelk

The STC Rochester Treasurer received a request that appeared to come from the STC Rochester President to transfer funds to a beneficiary. The email was fraudulent and only appeared to come from the STC Rochester President email address. However, the attacker had the names of the president and treasurer correct.

Here’s the message text:

From: NAME <president@stc-rochester.org>
To: treasurer@stc-rochester.org
Cc:
Date: Mon, 11 Jul 2016 08:51:58 -0600

Subject: TRANSFER REQUEST

TREASURER NAME, I'll need you to process a transfer of 1,900USD to a vendor. Let me know if you are available so i can send you the beneficiary details immediately.

Kind Regards.
PRESIDENT NAME
Sent from my iPhone

As a security professional, I’ve seen this type of attack across many industries, but attackers are now targeting small businesses and non-profit organizations.

What Should I do to Keep Safe?

The best defense against this type of attack is having sufficient financial controls/processes in place so that someone cannot inadvertently respond and send any funds. (Note that the funds will not be recoverable.) If you don’t have processes in place to ensure that requests for funds are reviewed before being released, you need to put those processes in place now.

If you do fall victim to an attack, you should notify your local law enforcement and your financial institution. Change your email and banking passwords immediately.

If you receive an unexpected email with an attachment, verify with the sender before opening the attachment. Your antivirus program (and you need one, even if you’re using a Mac) may not detect the attachment as malicious, so you’ll need to scan your computer.

Resources

Ben Woelk, CISSP
Information Security Office Program Manager
Rochester Institute of Technology
Senior Member, Society for Technical Communication
Author of Shockproofing Your Use of Social Media: Staying Safe Online, available on Amazon Kindle.
Ben.woelk@gmail.com
@benwoelk

Customizing Your Chapter Email Addresses

Everyone wants to have a custom email address that fits their personality. That’s fine until your new chapter leader’s email is FuzzyBunnySnuggler25@email.biz, and it doesn’t look entirely professional on your chapter mailings. There are a few options out there to make your community email addresses look professional, and branded to suit your community. The first is using Gmail, and the second is using Email Forwarders in your website’s cPanel.

Gmail

The first option is to create email accounts dedicated to the job roles of your chapter: president, VP, treasurer, secretary, programs, webmaster, etc. These emails would not be tied to a user, but to the job role. So when one volunteer steps down and the new volunteer fills their place, they have the history of past communications stored in the account. Contacts will be there, as will prior community planning conversations.

Create an Admin Gmail Account

In order to do this, first set up an Admin gmail account. I recommend using your community nickname@gmail.com, for example stcmuc@gmail.com for STC-MadeUpCommunity. All of the subsequent accounts you are going to create will use this account as the rescue account, if the password is lost. The recovery email account for the Admin account should be your soon-to-be-created President or Webmaster account.

This Admin account is key. Use it to create a Google Drive and share it with all the leadership role email accounts you are about to create. Then you can store all your community documents on the Admin’s Google Drive, and your documents won’t get lost between changes in command.

Create Role Gmail Accounts

After you create your Admin account, create role accounts for each of your chapter roles. I recommend using a consistent format that brands all of the email addresses together. Create an email naming pattern, such as community.role@gmail.com. For example, muc.president@gmail, or muc.treasurer@gmail. When you create the accounts, make the fallback email the Admin account for all of these. Also, I recommend leaving off the cell phone validation since next year the person with the cell phone may not be the role assigned to the email.

Email Forwarders in cPanel

So now you have all these Gmail accounts. The name on the account is branded to match your community nickname, so there is continuity between accounts. What if you want to personalize the email addresses even more by changing the email domain? That can be easily done using the email forwarders built into cPanel.

cPanel is the website toolbox associated with your chapter’s domain. You can manage your website FTP setting, view the file structure of your website, back up your site, and view error logs, among other tasks, in your cPanel. If your chapter is hosted by STC’s hosting solution, you’ll be given cPanel credentials when STC begins hosting. If you’ve lost these credentials, contact webmaster@stc.org to retrieve them, along with the website for the STC cPanel host.

Note: SIGs are hosted differently by STC and do not have access to cPanel. However you can contact webmaster@stc.org to create email forwarders for your SIG.

One of the easiest to use tools in cPanel is the email forwarder. When you create an email forwarder, it creates what looks like an email address branded with your domain. That forwarder is not an actual account; no email will be stored within it. Instead, when email is sent to that address, it will be seamlessly forwarded on to any other addresses you specify.

cPanel, showing the email forwarder
Your cPanel layout may appear differently based on the theme selected.

Once you open the Forwarders app, you’ll see a list of existing forwarders. If there are none, click Add Forwarder. In the new screen, enter the address to forward. Specify how you want the forwarder to appear, and what real account to forward to, such as the Gmail accounts I described earlier. In my example, I’m using the CAC website, so the domain is cac-stc.org. On your site, it will be whatever your domain is.

Adding an Email Forwarder
This is how it looks, but with your domain at the top.

Each forwarder can be tied to one email address when you create the forwarder. However, you can add the same forwarder multiple times, and each time specify a different email address. This is handy when multiple people are sharing a job role, such as competition managers or if the president wants to be copied on all event registration emails. Just repeat the process above, entering the same Address to Forward. Then put a different Forward to Email Address value in each time.

Conclusion

Brand your chapter by completing the following tasks, as described above.

  1. Create similarly-branded role accounts in a free email service like Gmail.
    1. Create an Admin account first. Link all further accounts to that Admin account.
    2. Store all the passwords for all the accounts in an encrypted password tool, like LastPass or KeePass.
    3. If you used Gmail, take advantage of their cloud storage, and move your community’s files to the Google Drive owned by your Admin account.
    4. By using role accounts, records of prior communications and contacts are maintained year to year, regardless of the person using the account.
  2. If you want further email customization, sign into cPanel and create custom email forwarders that point to either your new Gmail accounts, or to the email addresses your leaders prefer to use. You do not need to use Gmail accounts for this feature to work.

If your chapter or SIG has found other solutions similar to the ones presented above, please respond in the comments and open a dialogue. These are best practices based on my experiences, but that doesn’t mean they are best practices for everyone.

Add Social Media Icons to Your Website

A popular method of connecting your site to social media is to use social icons. Social icons are icons for various social media sites, such as Facebook, LinkedIn, and Twitter. When a visitor to your site clicks an icon, it links them to the appropriate social media site, highlighting your individual page there.

Some WordPress themes have social icons built in, but not all do. So if you’d like to add them to your website, you can follow these steps. In this example, I will assume you are using WordPress to host your site. However, the code is HTML and can be added to any site. Simply ignore the WordPress-specific steps if you are not using WordPress.

Obtain Icons

Your first step is to obtain social icons. You can do this by looking on the CAC website and right-clicking our social icons so you can save them to your machine. Save each one locally.

Upload Social Icons to Your Website

  1. Go to your WordPress Dashboard.
  2. Click Media > Add New.
  3. Drop the social media icon graphic files in the box, or use the dialogue window to select them.

Create the Icons on Your Website

  1. Go to your WordPress Dashboard.
  2. Click Appearance > Widgets
  3. From the Available Widgets area on the the left, drag a “Text” widget to the appropriate widget area on the right. There are different widget areas, depending on your website. The CAC put theirs in the Primary Widget Area, but other areas may be more appropriate for you, depending on your website layout.
  4. Click the expansion arrow on the text widget that you just placed in a widget area on the right.
  5. Enter a title, such as “Connect with Us”.
  6. In the Content field, you enter HTML. In the sample text below, you will see the file paths for the icon files as they are stored on the CAC website. You will have to change the path and file names to match the files you uploaded.

Sample HTML

Note: You will probably have to customize the red text to match your specific site information.

<a href="https://twitter.com/STCCAC"  target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-twitter-24.png" alt="@STCCAC on twitter"></a>&nbsp;&nbsp;

<a href="https://www.facebook.com/stccac"  target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-facebook-24.png" alt="STC-CAC on Facebook"></a>&nbsp;&nbsp;

<a href="https://www.linkedin.com/groups/2926" target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-linkedin-24.png" alt="STC LinkedIn group"></a>&nbsp;
 
<a href="http://www.stc.org/" target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-stc-24.png" alt="STC HQ"></a>&nbsp; 

<a href="http://notebook.stc.org/tag/communities/"  target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-notebook-24.png" alt="STC Notebook"></a>&nbsp;

<a href="http://summit.stc.org/"  target="_blank"><img src="http://www.cac-stc.org/wp-content/uploads/icon-stc-summit-24.gif" alt="STC Summit"></a>

Save the text after you enter it. Afterwards the social icons should be visible on your site.