Google Business Profile Scams Are On The Rise, Here’s How To Spot Them

, ,

Google Business Profiles are an incredibly powerful tool for helping customers discover your business. Unfortunately, they also make it possible for those with more malicious intentions to find you, as the rising number of Google Business Profile robocall scams shows.

Hiya, a company that tracks phone fraud and scams, recently published data showing that scams targeting those with Google Business Profile listings (and other Google-related phone scams) have been on the rise over the past year. 

Through July, Hiya documented more than 17,000 reports of Google Business Profile scams. That breaks down to more than 2,000 scams being reported each month. 

How To Spot The Scam

The easiest way to know if you’ve been targeted by a scam like this is simply having received a robocall claiming to be from Google or a Google partner. Google does not use robocalls to verify or otherwise contact businesses.

While the company found more than 100 variations of the scam, it shared two of the most common voice recordings people have been receiving from scammers claiming to be “Google partners”:

“Business owners, your Google Business Profile has not been registered with Google. Please press 1 to be transferred to a business listing specialist to assist you in registering your Google Business Profile, or press 2 to be placed on the do not call list.”

“Hello. We’re calling from Online Listing Group because your Google Business listing needs attention. If your listing is not showing up properly, customers will not be able to contact you or find your location. If you are the business owner, press 1 now to verify or update your business. Press 9 to opt out.”

To avoid the risk of being taken advantage of by scammers, Google and Tulsa Marketing Online both recommend only working with marketing agencies that have a long-established track record of using approved strategies to boost your presence on the search engine.

/0 Comments

Google Removes 40 BILLION Spam Pages Every Day

, , , ,

It can be easy to take for granted how little spam shows up in the dozens of Google searches we make every day.

While we are almost always able to find what we need through the search engine without an abundance of malicious, copied, or just plain spammy websites, the search engine says it has been ramping up spam detection behind the scenes to fight the seemingly endless hordes of illicit or otherwise problematic sites from filling up its search results.

In fact, Google’s webspam report for 2020 says the search engine detected more than 40 billion pages of spam every day last year. This reflects a 60% increase from the year before.

How Google Search is Fighting Spam

It is possible there was a distinct increase in spammy sites last year, potentially due to disruptions and other changes brought about by the Covid pandemic. According to the search engine though, the bulk of this increase is the result of increased spam prevention efforts with the help of AI.

Artificial intelligence and machine learning have helped the company keep with new spam methods and are credited with allowing the search engine to reduce auto-generated or scraped content “by more than 80% compared to a couple of years ago.”

This AI-based approach also frees up Google’s manual action spam team to focus on more advanced forms of spam, such as hacked sites which were “still rampant in 2020.”

To show you how this approach works and helps filter out the bulk of webspam before it even gets added to Google’s indexes, the company shared a simple graphic:

COVID Spam and Misinformation

As with everyone, Google faced unprecedented situations in the past year as it responded to the COVID-19 pandemic. This included devoting “significant effort in extending protection to the billions of searches” related to the virus.

One part of this effort was instituting a “more about this result” feature which added additional context about sites before clicking through to one of their pages. This intends to help users avoid bad actors that popped up, especially during the early stages of the pandemic.

Additionally, the search engine says it worked to remove misinformation that could be dangerous during the course of the pandemic.

What This Means For You

Assuming you are a reputable professional in your industry, Google’s increased efforts to fight spam should only be a source of comfort. There have been fewer reports of sites being incorrectly targeted by these spam prevention methods in recent years, while the overall level of deceptive, spammy, or harmful sites in the search results has plummeted. 

All in all, this means a better experience for both users trying to find information and products, as well as brands fighting to reach new customers online.

/0 Comments

WordPress Sites to Lose Facebook and Instagram Embeds October 24th

, , , , ,

On October 24, Facebook and Instagram plan to roll out a major change which has the potential to break content across millions of sites using WordPress.

On that date, the companies will remove functionality which allows sites to embed content from the social networks. 

The change does not only mean that publishers will no longer be able to embed this content on their websites. The change is retroactive, meaning that all content ever embedded on your site could potentially become inaccessible or broken. 

There is one exception – though it will likely be impractical for many out there. 

The change is removing support for unauthenticated Facebook and Instagram embeds, meaning that those with a developer account and a registered Facebook account will still be able to link content between their app and Facebook or Instagram. 

The Technical Changes

To get into the nitty-gritty – Facebook is deprecating the current oEmbed endpoints for embeddable Facebook content on October 24, 2020. oEmbed is a popular open format means of embedding content from one site to another. 

The Facebook integration of oEmbed endpoints has allowed pages to quickly and easily embed HTML or basic content from pages, posts, and videos on their own site or app. Unfortunately, that aspect of the Facebook API is being removed. 

In response, WordPress has also said it will be removing Facebook and Instagram as supported oEmbed sources.

What You Can Do

As expected, developers began work on ways to fix content or prevent losing access as soon as the announcement was made. 

So far, there are two major options for those wanting to keep support for embedded Facebook and Instagram content on their websites:

oEmbed Plus – Developer Ayesh Karunaratne has created an expanded version of the existing system for embedding content from Instagram and Facebook which provides a workaround. 

Even using the plugin, you will have to register for a Facebook developer account and “create an app”. However, you don’t have to actually develop an app, just register one with the site. 

You can see the guide for the plugin here for an idea what the process entails.

Smash Balloon Plugins – Developer Smash Balloon has provided a potentially easier option by updating their previous plugins to provide continued support – no developer account or app required. This is possible because Smash Balloon is effectively using its own API key to provide authentication for embedded content to users. 

/0 Comments

Google Reveals The 5 Things Every Website Should Do

, , , , ,

In the latest episode of Google’s “Search for Beginners” series, the company focused on 5 things everyone should consider for their website.

While it is relatively straight and to the point, the video shares insight into the process of ranking your site on Google and ensuring smooth performance for users across a wide range of devices and platforms.

Specifically, Google’s video recommends:

  1. Check if your site is indexed: Perform a search on Google for “site:[yourwebsite.com]” to ensure your site is being properly indexed and included in search results. If your site isn’t showing up, it means there is an error keeping your site from being crawled or indexed.
  2. Provide high quality content: Content is essential for informing users AND search engines about your site. Following the official webmaster guidelines and best practice documents will help your site rank better and improve overall traffic.
  3. Maximize performance across all devices: Most searches are now occurring on mobile devices, so it is important that your site loads quickly on all devices. You can check to ensure your site is mobile friendly using Google’s online tool here.
  4. Secure your website: Upgrading from HTTP to HTTPS helps protect your users information and limit the chance of bad actors manipulating your site.
  5. Hire an SEO professional: With the increasingly competitive search results and fast-changing results pages, Google recommends hiring an outside professional to assist you.

The video actually implies that hiring an SEO professional is so important they will be devoting significantly more time to it in the future. Here’s what the presenter had to say:

“Are you looking for someone to work on [your website] on your behalf? Hiring a search engine optimizer, or “SEO,” might be an option. SEOs are professionals who can help improve the visibility and ranking of your website. We’ll talk more about hiring an SEO in future episodes.”

/0 Comments

Google Chrome Will Begin Blocking Mixed Content In December

, , ,

Google has announced that it will begin blocking web pages with mixed content in its Chrome web browser starting December of this year. Considering that Chrome is used by more than half of all internet users, this could be a major issue that you may not even know is lurking on your site.

What is Mixed Content?

Mixed content refers to when secure webpages using the HTTPS security protocol include scripts, styles, images, or other content that is delivered through the less secure HTTP protocol.

Even linking to sites still using HTTP can be seen as delivering mixed content on your site.

As Google explains:

“Mixed content degrades the security and user experience of your HTTPS site …Using these resources, an attacker can often take complete control over the page, not just the compromised resource.”

How Google Chrome Will Handle Mixed Content

When the next update for Chrome is released in December, Google will begin doing one of two things when it encounters sites with mixed content:

  1. If an HTTPS version of that resource exists, Google will automatically upgrade that content to the newer secure version.
  2. When no such resource exists, Google will soft block the page. This will include a warning about the security risks of mixed content and an option to access the page despite the risk.

The warning screen may not deter all of your potential customers, but it can disrupt a significant chunk of your traffic, leads, and sales.

Beginning in January of 2020, Google will start taking an even stronger stance by removing the unblock option and completely blocking webpages with insecure content.

How To Check Your Site for Mixed Content

Depending on the size of your site and what platform it is built on, there are a number of free and paid options for scanning your site for mixed content.

JitBit SSL Checker

JitBit SSL Checker is a free online tool that can review up to 400 pages of your site for mixed content.

WordPress Tools

If your site is built on WordPress, you can use the Really Simple SSL Plugin to migrate your content to SSL while also checking for and fixing mixed content.

For those who have already migrated their site to SSL, there is also the SSL Insecure Content Fixer WordPress Plugin. This can scan your site for insecure resources while providing suggestions for fixing these problems.

Tools for Large Sites

Websites with a large number of pages will likely have to use paid tools to check their site. One option is Screaming Frog, which can crawl massive sites and provide insights to a wide variety of issues. One drawback, however, is that while it can pinpoint potential problems on your site, it can not directly assist you in fixing them.

/0 Comments

Google Celebrates Cybersecurity Awareness Month With New Ways To Control Your Data

, ,

Google is kicking off October – which just so happens to be Cybersecurity Awareness Month – by announcing three new ways for users to hide or delete their personal activity data when using Google products like Maps, YouTube, and Google Assistant. 

Incognito Mode For Maps

Incognito mode has been allowing people to browse the web while preventing data from being saved to their Google account or computer since 2008. Earlier this year, the company expanded the feature to YouTube, and soon it will be coming to Maps.

Once it is live, you’ll be able to quickly toggle incognito mode on and off by selecting it in the menu that appears when choosing accounts.

 

 

While the feature is coming to Android within the month, the company could only say it would be coming to iOS “soon”. 

Auto-Delete YouTube History

Google is also introducing a way for users to automatically delete their YouTube activity after a set amount of time. Specifically, you can select to keep data for 3 months, 18 months, or until you manually clear your history. 

A similar feature was introduced earlier this year for users’ location history and web activity and is expected to launch for YouTube this month. 

Managing Google Assistant Data

The search engine has introduced a way for people to control their Google Assistant activity using simple voice commands. 

For example, users could ask the Assistant to clear their history for the last week by saying “Hey Google, delete everything I said to you last week.”

 

This will be available to all Google Assistant users next week.

/0 Comments

GoDaddy is slowing and breaking sites with injected tracking code

, , , ,

GoDaddy is one of the most popular hosting providers for small businesses, but it appears the hosting service may also be making changes to sites on its platform which could significantly slow or break sites entirely.

The service is injecting a piece of JavaScript code as part of its Real User Metrics (RUM) technology, which allows the service to track and measure the performance of websites. However, none of this information is provided to the sites on GoDaddy’s service in the form of analytics but is instead used solely by the company to improve systems and server configurations.

With this in mind, it is hard to see any benefit to continue allowing GoDaddy to install code for RUM on your site.

All US GoDaddy customers agree to opt-in to using RUM as part of the terms of service and the company does little to inform you of how it uses the technology. In a help document, the company also concedes it may have a negative impact on websites:

“Most customers won’t experience issues when opted-in to RUM, but the javascript used may cause issues including slower site performance, or a broken/inoperable website.

If you’re using Google’s AMP, you have pages ending with multiple ending tags, or your site performance is slower, you may want to opt-out of RUM.”

Considering how important site speed is to both search engines and actual consumers, it is highly likely RUM could be costing you traffic AND conversions.

Thankfully it is easy to opt-out of the RUM service if GoDaddy is your hosting provider. Just follow these steps:

  • Access your cPanel hosting account by going logging in to your cPanel and clicking on your hosting account.
  • Click the three-dot menu button, and then click “Help us.”
  • Click “Opt out.”

Once this is done, the code will be immediately removed from your site.

/0 Comments

Google Chrome gives its final warning about switching to HTTPS

, , , ,

Google has given webmasters their final warning to convert their sites to HTTPS or be branded as “Not Secure” with a prominent message in the browser bar of all Chrome and all Chrome-based browsers after October of this year.

Why is Google doing this?

Google has been urging webmasters to switch their sites to the more secure HTTPS security protocol for years, using increasingly drastic measures. Currently, Google is denoting sites that are secure using a green icon in the browser bar. Since so many sites have now adopted the protocol, Google is taking this a step further with a prominent red warning for sites that are not secure.

What does this mean for you?

Internet users don’t give up their information easily. They have to trust that you won’t let their data be breached or misuse their information. If they see that your site is specifically “Not Secure”, they simply aren’t going to trust you with anything.

That could mean increasing bounce-rates for your website, fewer e-commerce sales, fewer newsletter sign-ups, or fewer internet-driven leads for your business.

Two-Stage Roll Out

Rather than “switching on” the security warnings all at once, Google will be rolling out the change in two steps.

First, Chrome will remove the green icon signifying safe websites from browser bars. In its place, they will temporarily leave the small lock icon in its place.

Then, beginning in October, Google will introduce the official red icon identifying sites that are “Not Secure.”

This latest warning from Google gives webmasters plenty of time to make the switch, but I advise taking action sooner rather than later. You can get started right now with Google’s HTTPS set-up guides here.

/0 Comments

Check if Facebook shared your info with Cambridge Analytica

, ,

Days before Facebook CEO Mark Zuckerberg is set to testify to Congress about the social network’s role in allowing Cambridge Analytica to exploit user data, Facebook is working to make it easy to see if your information was shared with the scandal-plagued analytics firm.

Facebook has published a new section within its help center called “How can I tell if my info was shared with Cambridge Analytica.” You can also quickly find the page by simply searching “Cambridge or Cambridge Analytica” in the Facebook search bar.

If you’re logged into your Facebook account, this page will automatically inform you whether your data was potentially breached by the “This is your digital life” app.

Since information has come to light about how Cambridge Analytica has been potentially misusing user data, the company’s relationship with Facebook has come under scrutiny. In response, the social network has taken several steps to attempt to re-win the public’s trust – such as launching this latest page. It has also introduced a data abuse bounty program that allows users to report app developers that may be misusing data.

Questions will likely remain long after Mark Zuckerberg’s testimony tomorrow, but at least you can now personally check to see whether your personal account details are safe or have been exploited.

/0 Comments

Google Adds New Security Warnings On Pages With Forms Or Search Boxes

, , ,

Do you have a search box or form on your website? Are you still using HTTP for your site? If so, you may want to begin the process of switching to HTTPS sooner rather than later.

Google says it is preparing to launch new efforts within their Chrome browser to encourage webmasters to migrate to HTTPS, the newer, more secure security certificate for websites. Beginning I October, the browser will begin showing warning messages to visitors on pages with search boxes or forms.

As Google says, “[in] October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

You can preview what the warning will look like in the gif below:

 

The warnings are just the latest effort by Google to encourage the adoption of HTTPS. Just recently, Chrome warned webmasters that pages with logins are now required to use HTTPS.

The end goal for Google is to mark any web page using HTTP as insecure, but it could be a lengthy process.

/0 Comments