Jon DiPietro is Domesticating IT

This post is one in a series that discusses the results of the Online Footprint Survey results.  For a complete index of questions and topics, refer to the Online Footprint Survey Results post.

The results showed that 48% of respondents did not own their own name or a reasonable facsimile.  I had, actually, expected that to be a higher percentage.  Be that as it may, this is something that is important now and going to get very important in the near future.

Here are three reasons why you need to register your :

1. There are several billion people on the planet and not nearly enough domain names to go around.  This is leading to what I labeled the “21st Century Land Grab.”  It means that time is quickly running out and the longer you wait, the less likely it is that you will be able to register anything resembling your name or personal brand.
2. We live in the Age of Content, where more and more, the content you produce will shape others’ first impression and lasting perceptions of you.  Owning your own domain name is the most effective way to centralize and control this first impression.
3. Hosting your blog or personal web page as a subdomain on a third party service (for example, jondipietro.blogger.com) is the Internet equivalent of being a tenant at will.  You don’t own the property, can’t implement your own improvements, and could be kicked out at a moment’s notice.  It’s too precarious a position to hold your online identity.

Continue Reading

Start thinking about a makeover for your online presence in 2010; You 2.0.

Have you Googled yourself lately?  If you haven’t done a Google search on your name in the past 30 days, do it right now (and be sure to put your name in quotation marks).

Go ahead, I’ll wait…

OK, what do the results look like?  Think about these questions:

1. Is your name at the top of the list? Second?
   Is it on the first page at least? Oh snap!
2. How many times does it appear on the first page?
3. Is your personal web site “above the fold?”
   You don’t have a personal web site?  Oh snap! More on that later.
4. Is your blog “above the fold?”
   Oh snap! You don’t have a blog? More on that later.
5. Is your LinkedIn profile “above the fold?”
   You don’t have a LinkedIn profile? Oh snap! More on that later.
6. Is there any negative stuff on the first five pages?

What’s the Point?

Managing your online presence is an important component of personal brand management.  Everyone knows how important online marketing is to companies and your career is no different.  It’s not enough anymore to make yourself visible and differentiate yourself online.  Since 45% of employers use social media sites to screen potential employees, you also need to make sure you keep negative information out of the search stream.

Bottom line: A strong online presence is clearly an advantage and can be a strong differentiator, but before long it will be as standard as handing over a resume before a job interview.  No online profile, no consideration.

[Update]
Sharon Reus (Insight Into Action) commented on this post and has a fantastic analogy. She calls this process “checking your digital reflection.”  That’s a perfect description, because we all know that reflections can be horribly distorted or even overly flattering – and everything in between.  The first order of business is to make sure you have any reflection at all.  If you have no reflection, I suppose that makes you a digital vampire!  Hmm, that would have been a great title.  But if you do have a reflection, it’s important to make sure that it looks well.

What’s Your URL?

I discussed the idea of owning your own name (i.e. www.jondipietro.com) in my blog post “The 21st Century Lang Grab.”  Time is rapidly running out on your ability to grab your own name, but I’m still amazed at how many successful people I meet who don’t own their name even though it’s available.  If your name is not available, you need to get something in place even if it’s just to claim it for the time being.  DO THIS TODAY!

Get Engaged

You don’t need to have your own web site and/or blog in order to have a positive online presence.  Social media sites like LinkedIn, Facebook, Twitter, Networked Blogs, and Ezine Articles are just a few of the great resources to build an online profile that gets you found and (hopefully) reflects well on you.  You can use LinkedIn to post an online resume, and there is absolutely no excuse for not having a thorough profile completed there.  Additionally, asking and answering questions is a good way to both build your online gravitas and expand your professional network.

Control Your Own Destiny

In the end, the best way to seize control of your online identity is to have your own website and/or blog.  Although they can be one in the same, I recommend using your personal web site to create a compelling online resume and having a separate blog that demonstrates your passion whether it’s personal or professional. If you’re a passionate wine maker, blogging about it demonstrates your creativity, writing skills, and even your personality.  It gives potential employers, customers, or business partners a level of comfort and familiarity they could never get through an interview alone.

My friend, Mike Walsh (see Mike’s LinkedIn profile or his @mike_walsh Twitter stream), has a series of really good posts on how he got started and what he learned along the way. If you are reluctant to start a blog, his posts may be the nudge you need to get started:

• Why Should I Blog?
• How Should I Blog?
• Blogging Tips Interview With Brent Ozar [video]

In additional to controlling your online persona, a personal website and blog give you a much greater opportunity to dominate the search results for your name and/or blog topic.  The more high quality content you can create, the more links and comments you’ll generate and the higher your online reputation will get.

“There are 1.5 million graduating college students for 2009 and employers are only hiring 1.3% more of them.  Differentiation through branding is imperative for success.”

Hartford Courant & WSJ (via Dan Schwabel)

This is your life and your career.  You deserve every advantage you can possibly get – and in this economic climate you’ll need it!

If you need help pulling this off, feel free to contact me.

Continue Reading

Phishing is a deceptive tactic used in emails, on bogus web sites, and other communication media that convince people to click on a link that typically brings the user to an impostor web site. These cyber attacks are generally attempting to accomplish one or both of the following:

• Surreptitiously obtain personal account information
• Plant virus and/or worm programs on the machine

Phishing is considered to be a “social engineering” cyber attack because it relies on tricking or deceiving humans into doing something they don’t realize they’re doing (see “The Hacker as a Magician“). This is contrasted by exploits, which rely on shortcomings or defects in computer firmware or software to accomplish their nefarious objectives.

There are two common link manipulation tactics used that are easily recognized if you know what to look for…

Tactic #1: WYSINWYG

“WYSIWYG” is an acronym for What You See Is What You Get and is commonly used to describe software programs that provide an intuitive, graphical user interface that provides an accurate visual representation of the final rendering of some sort of content. In this case, I’m coining a new acronym; What You See Is Not What You Get. This is because the first common misdirection tactic used in Phishing is to display a legitimate URL (uniform resource locator) address that, in fact, points to a completely different address.

In order to understand how this works, here is a very quick and dirty introduction to how links are built in HTML. You’ll notice that there are various links scattered throughout this article that are plain English words that can be clicked.  As an example, the code for creating “Click here to visit my blog” looks something like this:

Click <a href=”http://domesticatingit.com”> here</a> to visit my blog.

When your browser sees this code, it composes a link to the address pointed to in the “href” attribute (in this case, “http://domesticatingit.com”) but only shows you the word “here”. Phishing attacks frequently rely on displaying a link that appears to be a legitimate address but isn’t. Consider the following screen shot:

Example Phising email

This is an example from Microsoft’s web site of a common technique that Phishing attacks use to obtain online banking credentials. The text displayed in the email (#1) displays the legitimate URL for this fictitious bank’s login page. However, hovering over the link in Microsoft Outlook reveals that the actual address (#2) is a completely different address. There are three observations to make in this example:

1. The displayed address and the actual address are different. This is a huge red flag and should make you extremely suspicious.
2. The displayed address is secure (i.e. “https”) URL, and the actual is not. Again, this is a red flag.
3. The actual address is an IP address instead of a domain name. While there are occasionally legitimate reasons for doing this, it is another red flag that makes the link questionable.

In most software programs, hovering over a link will display the actual address either in a status bar or as balloon text below the link. Here’s an example from my Gmail account (using Firefox 3) that illustrates how to see where the link in an email is going to take you. The cursor is hovering over the “Review Legal Agreements” text and the status bar in the lower left hand corner displays the “href” attribute of the link.

Example of email link previewing

If for some reason hovering over the link does not reveal the destination address, you can usually right-click on the link and select “Copy Link Address” and then paste into Notepad in order to check it.

Bottom Line: Look before you leap.

Tactic #2: Sneaky URLs

Another tactic employed in Phishing attacks is to use URLs that, at first glance, appear to be legitimate because they include the real web site’s name somewhere in the URL. A recent Phishing exploit pointed toward Twitter users employed this approach to steal logins by using “twitter.access-logins.com” for the domain. Many people are fooled into believing this is legitimate simply because the word “twitter” appears in the address. It is further legitimized by rendering a near-perfect forgery of the real web site:

Twitter Phishing forgery

The reality, however, is that entering your login credentials on this site causes them to be logged to a hacker’s database that then uses the compromised accounts to send direct messages to other Twitter users.

This deception works because the address used directs a browser to the “twitter” subdomain of the “access-logins” web site. Without diving into a full-blown tutorial on how host names are constructed, suffice to say that you need to read host addresses from right to left in order to understand how they are qualified. The right-most portion of the address is “com”. The next portion of the address, “access-logins” is the actual domain name. The WHOIS registrant for this domain turns out to be:

Registrant:
  Organization   : zhang xiaohu
  Name           : zhang xiaohu
  Address        : changningzhonghuainanlu192hao
  City           : changning
  Province/State : Hunan
  Country        : CN
  Postal Code    : 421500

Bottom Line: Parse that address – make sure the two right-most components are correct (e.g. “twitter.com”).

Feel free to add your hints and suggestions in the comments below.  Also, forward this article to anyone you know who might be vulnerable to these tactics.  You can find more advice on avoiding Phishing scams on Fraud.org.

Continue Reading