Advice tidbit #22.5 -- It’s very helpful to test all the links you add to documents – best if you actually go there and copy and paste from the address bar in your browser. If you think you don’t have time, consider the time you’ll have to spend making corrections.

This is the kind of scam that is often attempted with yellow-pages ads. Business owners see those all the time. You'll get an official-looking invoice in the mail. Somewhere in a relatively obscured spot it DOES say it is a solicitation and NOT a bill, but you do have to be alert and aware.

fake domain renewal invoiceEnlarge the photo at left (right-click then select VIEW IMAGE) and you'll see how official this stuff can look. Fortunately, the organization in this example knew enough to ask their tech person what the heck this "bill" was. It probably goes without saying that this "company" is easy to pin down as a fake, especially after a quick internet search.

Knowing who your suppliers are is always helpful. No matter the size of your congregation, make sure that someone knows where your domain name is registered, when you expect to receive billing, and from whom. Many domain registrar companies these days offer an automatic renewal option. I recommend using this kind of service when it is available to you. Forgetting or neglecting to renew a domain name usually results in losing that domain. It happened to my own church after the first volunteer who was in charge of the site neglected to renew. The organization had to settle for a less-than-obvious new domain name, re-do all printed materials that had the lost domain on it, and deal with a variety of other annoying side-effects. Protect your domain names!

Peace,

Gretchen
Technology Coordinator
MidAmerica Region UUA

Gretchen2011-by-AaronYes, I intended to "yell" in the title. I'd like to pass along a link to a UU Interconnections article that talks about how to prevent having your congregation's phone system hacked (or your e-mail account or ...)

http://uua.org/interconnections/interconnections/199690.shtml This happened to a congregation in our District!

At times I think it's not a matter of whether you will get hacked, it's only a matter of when. As my partner says, "there are two kinds of sailors: those who have been seasick and those who will be." When one of the CMwD sites was hacked in 2011, it prompted us to a review of all our site passwords. We changed every single one of them to more complex combinations of letters, numbers and symbols. This is something we can't stress enough. With so many of us "living online" via our e-mail accounts, websites, blogs, and mobile devices, setting up and keeping track of strong passwords is a talent we're all going to need sooner or later.

While I was speaking with some colleagues the other day, I head someone say, "well, if you've been hacked, that means you're important." I hope that was tongue-in cheek because the reality is hackers don't need a reason or a big target. They will do things like create robots that scour the web for a particular vulnerability they can exploit, and if your site has it, you're going to get it. It's like con artists preying on the needs and concerns of the elderly: find a weak spot and attack that. So, thinking you're immune because you have a small church website isn't going to keep you safe and sane.

Another password horror story: I know of a business who bought a used computer from a competitor who was having an auction. Not only did they leave accounting info on the machine, their password was, you guessed it, "password." Cute but obviously ineffective. The business wiped that hard drive prior to using it so the sensitive data went no farther than that.

In the immortal (at least on TV) words of Sheldon Cooper, "1234 is not a password!!!!" [Ed. note: and 6789 is not a pin number! LOL]

While attending workshops on web Content Management Systems this week, among the things I saw emphasized again and again was something called "content strategy." It brought me back to what Laura Massey of the West Plains (MO) UU Fellowship had said about content: "You need to carefully consider the content of the Web site. It’s content, not fancy graphics or special effects, that really makes a successful site."

So what does that mean? A panel of workshop presenters had these thoughts:

Always keep the GOAL in mind. First, look at what you're trying to accomplish, then develop your strategy. What's the difference between a plan and strategy? A plan takes place in a closed system. In other words, event A, then B then C occur, with no allowance for additional factors. Strategy allows for a dynamic system -- one that responds to changes in users' needs or new situations. EXAMPLE: When social networking (like Facebook and Twitter) arrived on the scene, there had to be a way to integrate those into the strategy. Content was now appearing in multiple venues and often needed to be in different forms.

Remember the skill sets needed to accomplish a task like a website: communications, marketing, tech. Strategists should be deciding strategy. Tech should be deciding systems. But make sure everyone is "on the team." Collaboration trumps workflow.

A fundamental problem with managing content is that it gets over-complicated. People can get tangled up in a circular process of approval and rewriting. Too many people on the task tends to clog up the process. An effective strategy is to make content approval a PRIORITY.

When something needs to be done, the answer is not to throw people on it. Strategy: have smarter people and ask the right questions.

Plan USEFUL CONTENT for your site. Pay attention to what's on it. Review periodically. Keep it updated! Is there outdated information? Is contact information - people, e-mails, phones - up to date? EXAMPLE: An organization I belong to just made a decision to review their entire site when a new Board started its term - an experienced member volunteered to read everything on it and do the research to make sure the entire Board had an overview of what was on their site so they could make decisions on replacing stale content. Often a group decides to create a website but then treats it like a phone book ad - something that's static (at least for a year) and doesn't include anything timely.

Determine ways to MEASURE IMPACT. What are the "metrics" we're out to achieve? Is it more traffic to the website, more visitors to the congregation, more people joining? How will you measure this?

CHANGE things gradually. Renovate "one room of the building" at a time. On a technical level, if you are updating an existing site, roll the new Content Management System out to one section of a site - and make style changes to the rest for a consistent look. EXAMPLE: I recall that when the UUA made major changes to their site(s), they did experience a period of confusion as old links no longer worked and people had not gotten used to the new organization of some of the information. Tech: pay attention to re-directing all the links within the site.

What's the USER EXPERIENCE? Determine who are the stakeholders. How will they be engaged in the website? Pay attention to the people using the system, but do this on a regular basis. EXAMPLE: a user says they can't find something on your site. "Make a big button link on the front page" isn't an effective solution, especially when the next comment comes in and the next button gets created. Have people review the site navigation periodically, or collect the comments over time and look through the lens of overall user experience. What do people use the site for and how do they approach it? What REALLY needs to be on the front page?

I think what it comes down to is keeping your eye on your communications goal and having sufficient oversight to deal with a website as a whole entity. Get out of "panic" mode ("oh no this needs to go on the website right now") and instead pay attention to the channels of information for effective upflow to the site. Then review and adjust.

The UUA's "One and One" newsletter came through the other day with One Useful Tool: the UUA page on practices for Facebook. Social Media and Safer Communications

One of the things I find most frustrating about Facebook is not their frequent format changes but the apparent inability of its search engine to find pages or groups that you know are there. My first recommendation is to ask the people I'm searching for to send me a direct link. Beyond that, I've had better success just using Google to search for the name plus the word "Facebook."

One of the things I like most about Facebook is that I can find just about anyone. Having said that, however, I had a conversation last Sunday with two people at church who were steadfast in their refusal to even get involved with the social networking venues. One who had worked in hospital records for years, had a great sensitivity for other people's private information. The other had definite qualms about having their own personal information where anyone could view it. That got me to thinking about the relative "security" of private information. Anytime you maintain an online presence of any kind, it is wise to keep in mind just who might find your information whether you believe it is well "hidden" or not. As an example, I searched for an e-mail address one day and discovered it was listed on an event roster page that was obviously not meant for the general public.

On another occasion, I received a message from someone in California who was puzzled to have received junk mail with their name on it, but in conjunction with an organization I belong to. My e-mail address is "out there" on the organization website, so they contacted me. I finally tracked down the source -- an online exhibitor list from an event seven years past. I believe the original listing was in error to begin with.

Old stuff is out there! Someone else contacted me about "erasing" their name from a professor "rating" website ... in some cases all you can do is contact the listing agency to see if your name can be removed.

Search for your name or e-mail address once in a while and see what you come up with. It could be interesting!

In my other life as a web designer/builder, one of the things I often tell clients is: "practice, practice, practice." Sometimes they ignore this first rule and become frustrated when the website won't magically do what they want it to.

What I generally do is set up a website that has all its design elements in place, sort of a "set it and forget it" mode. Then the person in charge of what the website actually says ("content") can log in to the "front end" of their site with a streamlined interface and make changes to text and photos. The most successful spend a little time at it to begin with so they can learn what works and what doesn't. Then they go in and add content regularly. That's standard practice when learning a new skill, like driving for example. Many licensing procedures require a certain number of hours on the road in various driving conditions. "Seat time," or time spent actually sitting in the driver's seat using the skills, is crucial to success.

I had to laugh the other day when I heard someone say they wanted a website "now" that was going to be easy for folks to update, but didn't want to take any time to learn new skills. Sure, there are shortcuts - having a tutor lead you through step-by-step is often the fastest way to get up to speed, but it still depends on seat time. If you want success, if you want a website that has informative and timely content, you do need to take the time to get out there and drive it.

Having spoken recently to West Plains UUs about their nice new website, I asked what went into the process, and got this terrific response from Laura Massey. I think she has it exactly right, especially her comments on the role of focus in communicating effectively. -- Gretchen

UU Fellowship of West PlainsHello Gretchen,

Lois forwarded to me your comments about our new Web site—thanks for the compliment! It’s gratifying to know people are looking at it and like what they see.

I can’t adequately cover in an email everything that goes into a project like this, but I think any group needs to start with 4 considerations:

  1. You need people with the right skills. You may need to hire help, but if you get good people, the end product will be worth the expense.
  2. You need to spend a lot of time thinking and preparing. I spent a lot more time thinking about the site than I did designing or writing.
  3. You need to carefully consider the content of the Web site. It’s content, not fancy graphics or special effects, that really makes a successful site.
  4. You need to decide how you will maintain the site. Our site was built with WordPress, so I can edit the text as needed.

When I volunteered to take on this project, I knew I needed people with 3 distinct skills: graphic design, technical expertise, and professional writing. I have a master’s degree in professional writing, so I appointed myself the writer. We contracted with a local provider for the technical knowledge to get the site up and running; he sub-contracted with a graphic designer who helped me design the site.

Keep in mind that graphic designers and writers approach a project from different perspectives. Writers tend to focus on text; graphic designers like to make it look pretty. The key is to integrate these skills so that the graphics actively complement the message, and this requires close collaboration between the writer and the designer. On our Web site, I provided the overall concept and the designer made it look good. I did the layout (the way the words appear on the page, decisions about typography, etc.) And I made sure every picture relates to the text. For example, the header picture of the Ozarks ties in with our tag line “A home for liberal religion in the southern Missouri Ozarks.”

A crucial part of any Web site design project is a careful analysis of audience, purpose, and objectives, because without that, the site will lack focus. In fact, one of the biggest mistakes in Web site design is a failure to spend enough time on this step of the process. Inadequate analysis of audience and purpose virtually guarantees that the site will fail to communicate effectively.

Since we’re such a small group (usually about 15 people attend services), I decided to devote one of our services to analyzing our target audience, our purpose, and our objectives. I asked members to answer the question “How can people benefit by visiting our site?” This led to a really great discussion of who we are, who we wanted to reach, what we want people to know about us, and why we want them to know this. At the end of the meeting, we came up with a statement of our audience, purpose, and objectives. I used this statement to make sure our new site stayed focused on the message our members wanted to convey.

I also spent many hours looking at other UU congregations’ Web sites. This sparked some ideas to use on our site, and it also pointed out things to avoid. For example, on many sites it wasn’t clear where the congregation was located. Springfield, Missouri? Springfield, Illinois? Springfield, Oregon??? If our header said only “UU Fellowship of West Plains” people might wonder where we are. Lois’ tag line “. . . in the southern Missouri Ozarks” solves this problem very elegantly, I think.

Although I managed this project, I did not create this Web site myself. Rather, it is very much the product of all our members’ ideas, comments, and contributions. I just synthesized all the different parts into one product and made it “our” site.

Regards,

Laura Massey
UU Fellowship of West Plains, MO
http://www.uuwestplainsmo.org

1. Messages not going to list

Did you receive a message like this one?

Your mail to 'Presidents-chat' with the subject Re: [Presidents-chat] "Topic"
Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list
Either the message will get posted to the list, or you will receive notification of the moderator's decision. If you would like to cancel this posting, please visit the following URL: .../mailman/confirm/presidents-chat_cmwd-uua.org

We likely have you subscribed to the list with an address like "president@yourchurch-dot-org." If you were sending responses from that account, all would be well. Unfortunately (and this is becoming an increasing practice) this probably forwards to your personal email. So when you respond from your personal email ("you@youremail-dot-com"), the list doesn't recognize that address. So... when that happens I generally flag your personal address to allow messages to go through to the list. If you get another non-member message, watch to see whether your message gets to the list -- I am online at least each morning, so I can manually approve messages. -- Gretchen, CMwD Communications

2. Why am I not unsubscribed? My congregation elected a new (president, etc) months ago!

CMwD used to maintain a complete District Directory. The time and expense devoted to this project, and the inherent frustration in trying to keep changing data accurate, along with the fact that the UUA maintained much the same information, led us to a decision to populate our e-mail announcement and chat lists from the UUA's data instead.

The one issue present in this system, is that it depends on congregations updating their leadership information with the UUA. So while we do respond to individual requests to subscribe or unsubscribe someone, it helps all of us if your congregational administrator or other designated person contacts the UUA whenever there are changes in leadership in your congregation. The UUA's Data Services team is terrific at responding to questions and helping you get started or figure out specifics of their system.

This page of our website has ways to help you help us stay up-to-date: https://www.midamericauua.net/about-us/congregational-leadership-update

Explore the first two if you have any questions, otherwise the appropriate person from your congregation can click the big pink button to go directly to myuua.org and log in to update your congregation's information.

3. What are these lists anyway and why am I on them?

CMwD utilizes two types of list. One is for announcements only, and you cannot respond to the list. If the UUA lists you in a leadership position, CMwD puts you on the appropriate list. The other type is our "chat" list, set up for discussions among people with similar leadership positions, say presidents or administrators. You may choose to opt out of a chat list. There are several ways. One is to respond with the word "unsubscribe" in the subject line. The other good way is to use the yellow button on our website's main page to request a change. If you have any questions, don't hesitate to contact us directly!

4. Tech stuff: what program is used for these lists?

The chat lists are set up on a very popular program called Mailman, the same one the UUA uses. It's not very fancy but at least you don't get bombarded with advertisements like the "free" Google or Yahoo groups.

The announcement lists are part of a newsletter program that is part of our website structure. It has the advantage of allowing us to place people in multiple roles on multiple lists.

"Spoofed" or "faked" e-mail messages are hitting many CMwD lists and people lately. The most recent looks like it's from our CMwD Board President Rev. Brian Covell.

It's a spoof/hoax. Delete delete delete and ignore. http://en.wikipedia.org/wiki/E-mail_spoofing

spoof-spam-maskEventually we all may see these, they're so common lately. It's the e-mail from a friend that says they're stranded and in need of money. Or perhaps there is only an e-mail link and you're pretty darn sure your friend wouldn't send you a link without some kind of note. DON'T reply, as the reply-to often is not even the presumed sender's actual address.

These are common e-mail "spoofs." A "spoof" is defined as an email that LOOKS Like it came from one address, when it really didn't. Google has a good explanation that includes advice on how to keep your e-mail account secure, and what to look for to see whether your account has been compromised or just spoofed: http://mail.google.com/support/bin/answer.py?answer=50200.

If you're ever in doubt about something coming from a CMwD colleague, please feel free to contact us and we can help look into the matter. -- Gretchen

You've heard that you shouldn't open attachments unless you know who they're from. Or click on links in e-mails without first checking the "tooltip" (the little message that appears when you hover your mouse over the link).

But when you're a member of an e-mail list that is using the program called "Mailman," there is sometimes an “attachment” that looks like “ATT00242.txt (349B)”. When you try to open it, you can't. That's because this is the way some e-mail systems handle the e-mail list footer, that is, the part that says:

________________

Your website mailing list
your-mailing-list[at}yourwebsite[dot]org
http://yourwebsite[dot].org/mailman/listinfo/yourmailinglist_yourwebsite.org

You can safely ignore any “attachment” that looks like that.

"Mailman" an ad-free program CMwD and many others use to host their mailing lists rather than using a group system that sends advertisements to its group members. It is part of a website hosting package and not all website hosts supply this program. If you have any more questions about this type of list, contact your web hosting provider.

A trend I'm noticing more lately is inappropriate entries showing up on congregations' Facebook pages. Some are junk ads, some are evangelistic "graffiti" on Walls and Discussion Groups. Simple moral of story for Facebook admins is: watch your page or group and delete any entries that are unrelated to the purpose of your page/group.

You can set it so that no one can post but admins. When you click "Edit Page" under the main photo on the top left, it opens up a list that includes places you can restrict who can post links or wall posts.

As a website designer/administrator, my bias, especially for non-profit organizations, is to have a dedicated website that contains no ads or comments. I realize the attraction of networking via systems like Facebook, however, and just remind you to stay vigilant. Especially since the only good filters available are your own eyes and the access settings.

*****************************************

#1 handy tip for living in an electronic age: pay attention

*****************************************

What to do with all those e-mails that come in looking like they're about something important -- like your bank account or e-mail account? These days we're all busy and I know it's difficult to take the time to check on things first. But it pays to pay attention! Ask yourself some questions, like "Is it real? How do I know?"

1. If it's not your bank, that's obvious. Delete!

2. Otherwise, is there an address and phone number?

2. If there is, can you check them out by doing an internet search? Do they match what you know?

3. If those are real, are the links in the e-mail real? Hover over one with your mouse and see if the tooltip message that pops up matches the text in the e-mail. For example, if it says "yourbank.com," does the web address that pops up say something more like "yourbank.someplace-else.com"?

4. Call your bank or service provider. Odds are that they either know about it or will appreciate knowing there is a scam circulating with their name on it. Sometimes giving them a heads-up them will help them alert others.

5. If it's a deal, and it's too good (or too weird) to believe, it probably is. Delete!

6. Read all the words!

Here's the FBI's electronic scam blog: http://www.fbi.gov/cyberinvest/escams.htm

Peace,

gretchen-sig2

Just when you thought it was safe to go out on the web...

This week I almost got taken in by one of those scams. They keep thinking up new stuff! This one looked relatively legit. Starts out like this:

Dear Sir/Madam...I'm sorry to disturb you so abrupt. We are a domain name registration service company in Asia, On 26th May. we received a formal application submitted by Mr. John Wang who wanted to use the keyword "*****" to register the Internet Brand and with suffix such as .cn /.com.cn /.net.cn/.hk/.asia/ domain names.

After our initial examination, we found that these domain names to be applied for registration are same as your domain name and trademark. We aren't sure whether you have any relation with him. Because these domain names would produce possible dispute, now we have hold down his registration, but if we do not get your company's an reply in the next 5 working days, we will approve his application...

There was a first name, an address in China and an e-mail address and website that looked "real." Just to be on the safe side I did a search for the website and discovered a) that domain name had expired, and b) several references to this scam and similar ones.

Since I manage several websites, my e-mail address is "out there" so perhaps this scam won't be as likely to hit you unless you're a webweaver. But...

I'm glad I followed my own advice and looked before I clicked. In addition, I researched the unknowns.

More words of wisdom: don't panic. If you get some kind of e-mail that pushes your panic button, that may be your first clue that it's spam, scam or just plain junk. Delete! Delete! Delete!

Peace,

gretchen-sig2

Greetings, friends!
gretchen-da2010Recently a message was posted to one of our e-mail lists. The subject line was simply a name, and the e-mail contained only a link. This is a common form of malware -- something intended to get into your computer. We've seen a few of these lately, and that reminded us to pass along our recommendations for practicing safe computing, or "look before you click."

1. Don't ever EVER open an attachment or click on a link if it doesn't look "right." Pay attention. For example, the ones we've seen recently look like it came from someone on the list (it did) but you likely don't know the name in the subject line, you aren't expecting a link to be sent to you, there is no other message, and the link is something odd and that you never heard of. (Extra tech tip: generally you can "hover over" a link and a "tooltip" will appear showing you whether the link actually even matches the text you can read.)

2. When in doubt, call the person who sent it. If they didn't knowingly send it, it could be their computer has been infected with a program that sent out similar messages to everyone in their address book. Sometimes these will show up in their "Sent" box.

3. If it is YOUR account that has been hacked, most email providers recommend that first and foremost, you change your password immediately. Make sure it is a "strong" password -- that is, it doesn't contain any recognizable words, your name, address or pet's name, has a combination of numbers and upper and lower case letters (some systems will also accept other characters such as & or $). There may be additional steps you will need to take to make sure your account is again secure.

4. Recommend that they have their computer checked and, most importantly: keep your own computer safe. Get a good, well-known anti-virus and anti-spyware program like AVG, ESET NOD 32, Kaspersky, Norton or McAfee. Most are around $40 a year. Keep your subscription up to date. If you don't know how to do this or aren't sure, spend the money to have someone you trust do it for you. That's cheap insurance. You'd pay a lot more if you end up having to pay someone to reconstruct whatever you may have left on your computer after a malware program infected it. (Extra tech tip: ad-ware and malware often cleverly disguise themselves as free or "cheap" anti-virus programs. Watch out!)

5. Keep your computer's programs, especially the operating system, updated and patched. Again, have your trusted "computer person" help if you need to.

6. If your computer contains important data, even if it's only your addresses, BACKUP, BACKUP, BACKUP.

7. If you get the e-mail that says "Worst Virus Ever" just delete it. This is a hoax that has gone around the internet for years. Please resist the impulse to panic and tell all your friends. Most hoax e-mails try to push our panic buttons. Check snopes.com before forwarding, follow steps 1 through 5 above, then take a deep breath!

8. The UUA adds, be alert and aware of phishing scams like the example below: "A phishing scam is circulating that tries to get you to enter your login information. If you get an email like the one shown below, enter no data... [just] delete it.

"The UUA helpdesk will NEVER ask you to enter confidential information through an email. No reputable business will do so either. Always delete those emails."

“The Helpdesk Program that periodically checks the size of your e-mail
space is sending you this information. The program runs weekly to ensure
your inbox does not grow too large, thus preventing you from receiving or
sending new e-mail. As this message is being sent, you have 18 megabytes
(MB) or more stored in your inbox. To help us reset your space in our
database, please enter your current user name (_________________)
password (_______________)”

On the positive side, here's a good idea: First UU Church of Columbus Ohio is holding a computer tune-up day with a team of computer specialists offering to scan computers for viruses, install anti-virus software and needed updates and patches. Could that work in your congregation?

You may have other thoughts or questions about computing safety. Please feel free to contact me.

Peace,
gretchen-sig2
Gretchen Ohmann
Communications Coordinator

­