Newsletter Vol. 8, 2007

How did you go with last month's 3 Question Website Health Check? In this edition of Contact Point news we will have a very quick look at the concept of social hacking, as well as giving you two examples of our clients using internet technology to great advantage.

In this issue:
  1. Case Study: Purchase one item without charge after making a donation
  2. Social Hacking - are you vulnerable?
  3. Presentation on Electronic Marketing by Heather Maloney on Fri 21/09.
  4. Case Study: Personalised service online

Best wishes,
Heather Maloney

Purchase one item without charge after making a donation

Neil Thomas Ministries, a Christian organisation based in Tullamarine that is deeply involved in a wide range of charitable ventures throughout many countries and regions including Africa, India, and the South Pacific, has recently engaged Contact Point to re-develop their website to:

  • give it an up to date look and feel
  • dramatically improve the shopping cart functionality, and
  • improve access to the online audio and video live streaming as well as archived productions.

One of the key pieces of functionality added to the website is the ability for those who donate to NTM to receive one item of their choice, without charge, from the online store. The implementation of this feature was an excellent technology challenge for us, requiring consideration of numerous scenarios on the part of the end user. It also serves as an added incentive for visitors to contribute to the work of NTM. You can see the new website, and perhaps even make a donation at: www.ntm.org.au

Quotable Quote: "Those are my principles. If you don't like them I have others." ~ Groucho Marx

Social Hacking - are you vulnerable?

Wikipedia describes social hacking (aka social engineering) as "a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim".

An online article about a raft of successful hacking events into AOL in 2003 explains it very clearly with the statement "While many of these hacks utilize programming bugs, most hackers are finding it far easier and quicker to get access or information simply by calling the company on the phone."

The following 4 tips will help you to be less vulnerable:

  • It should be unnecessary for any organisation providing you with technology services to ask for your password or any other security information over the phone, unless you have a code that was specifically set up for this purpose.

    If they do, ask them for their full name and telephone number at the organisation, and then call the organisation back (via their advertised phone number) and ask to speak to the person who previously called you.

    If you do get onto that person via this means, then ask to speak with their manager, and verify with them that you need to in fact provide the details that have been requested.

  • Just because someone rings you and has access to information about your account with an organisation does not mean that they are from the organisation. They could have obtained that information unlawfully; either from the organisation, from your computer or even from your rubbish bin.

    If someone rings you (rather than you ringing them) you should always get their full name and ring them back, via the advertised phone number for the organisation.

  • This does not just apply to organisations calling you at home about your personal accounts; businesses are just as vulnerable, perhaps more so as there is usually more at stake.

    • You need to educate your staff to ensure that they are very sure that the person calling, whether over the phone or in person, is who they say they are before divulging any company information or giving them access to your premises or equipment. Again, calling back, checking with your manager, and checking with the caller's manager are all useful tactics.

  • The piece of information that the caller is after may sound harmless on its own, but it may be the last piece needed by them to undertake fraudulent activity e.g. they may already have your username and password but need the address that you're connecting to when you use it.

There is much more that can be written about this topic and the psychological tricks used by a social hacker, but considering the above four tips will help you stay protected.

I'd love to hear about your social hacking story! To get the ball rolling... my husband had a phone call recently from a Tier 1 Telco demanding that he provide his phone pin before they would talk to him. Remember... they called him. He refused to give over his pin and they refused to talk to him until he did; how could he be sure they were in fact from that company? In this case, this wasn't so much social hacking (though it certainly could have been) as poor business practices on the part of the company calling him.

Presentation on Electronic Marketing by Heather Maloney

I'm very pleased to have the opportunity to present on electronic marketing at the Corporate Chicks Breakfast which is being held on Friday 21st September at Bureaux, Level 1, 530 Lonsdale Street, Melbourne at 7.30 am - 8.45 am. For full details of the event, the invitation is available here: Breakfast Invite September

Of course, I would love to catch up with you at the event. I'm sure that men, are able to attend also!

Case Study: Personalised service online

Ever wondered where you can purchase personalised stationery that doesn't cost you a fortune? One of our clients, Note Couture, allows you to do just that through a fully automated online service. You get to choose the design of your stationery item (or supply your business logo), the type of stationery item (e.g. note cards, invitations, to do lists, recipe cards... to name just a few) and quantity, and then place your order. You can even send your order directly to a friend - gift wrapped with a card.

Note Couture has a great following of happy customers, and their newly updated website makes it very easy to search through the hundreds of designs for a topic that fits your party, event or personality, view all the latest designs, and quickly view the illustrations by hovering over the thumbnail.

Note Couture are very happy with their new online administration system which makes maintaining their huge range of illustrations much quicker and simpler than their previous system.

Current IT news is added regularly to our Publications page. We focus on items that we believe are of interest to SMEs in Australia.

Contact Point - Helping busines