Archive for July 2011

Mobile PPC Ads   Leave a comment

For about the past three years, mobile marketing has been on the verge of breaking out and changing the way we interact with our target audiences.

That time has come. There are some strong signals that show 2011 should be the year that mobile finally “arrives” and makes a major impact on your marketing strategy. According to a recent Search Marketing Now Webinar on mobile trends:
• 49% of smartphone owners have purchased from their phones in the last 6 months.
• Mobile commerce is expected to reach $119 billion in sales by 2015.
• In 2009, 78% of marketers that experiment with mobile said their goals were met; 9% state that expectations were exceeded.

If you’re ready to go mobile with your business, one of the fastest ways to get started is through Google AdWords. And if you’re already running a PPC campaign using AdWords, the entry into mobile should be seamless.

You might be shocked to hear that you may already be targeting mobile devices in your AdWords account. When  creating an AdWords campaign, the default setting is to target all devices— this includes laptop and desktop computers, and all mobile devices.

Suggest segregating standard search campaigns from mobile campaigns. Their performance will differ greatly and the strategies employed to optimize both devices (computers and smartphones) will be unique to each. You can target specific types of mobile devices such as Android or the iPhone, as well as specific carriers such as AT&T, Sprint or Verizon. However, not  found a great amount of variation between AT&T users and Nextel users (except that the iPhone is on AT&T and now Verizon). When getting started, deciding which carrier to target is low on the list of priorities.

Once you’ve created your mobile-only campaign in AdWords, it’s time to start engaging with users on smartphones. There are a couple ways to set up mobile PPC ads:
• Send users to your mobile-optimized website. PPC ads can send mobile searchers to your mobile optimized website.
• Mobile users can call you directly from their Google search. Instead of sending users to your website, your PPC ad  displays a clickable phone number and users call you directly from their phone.

At the left are two examples of mobile PPC ads. One ad is focused on click-to-call — the only clickable element is the phone number. In the second image, the headline of the mobile ad is the clickable element, sending users to the website.

Choose the ad option that best suits your business objectives. If your website is not optimized for mobile devices, focus on generating calls. Also, if your lead close rate tends to be higher via phone, you may want to focus on click-to-call.

To set up the click-to-call option in Adwords, enter the ad extensions tab of your mobile targeted campaign and choose to create a new Phone Extension.

You also have the option to choose “call metrics.” Call metrics allows you to measure phone calls generated by PPC ads. Google assigns a custom Google Voice number for each campaign— calls to this number are rerouted to your business phone number. The metrics provided with call metrics include:
• Total Calls: The number of calls to the custom phone number that was displayed with your ad on computer and mobile
devices with full Internet browsers. For about the past three years, mobile marketing has been on the verge of breaking
out and changing the way we interact with our target audiences. mastering search.

• Received Calls: The number of calls to the custom phone number that were answered.

• Missed Calls: The number of calls to the custom phone number that were not answered.

• Average Call Duration: The average duration per call received; in hours, minutes and seconds.

• Total Call Duration: The sum of the duration of all received calls.

To see these statistics in your AdWords campaign, you must activate the call metrics feature. These metrics can help gauge user interaction with your PPC ads on mobile devices, but you will need internal tracking mechanisms to measure the ROI of these calls.I suggest assigning a unique phone number to your click-to-call ads to measure leads and sales.

For calls initiated with a call-click on a high-end mobile device, the standard click charges will apply. As you can see, mixing mobile advertising into your PPC campaign within AdWords isn’t a laborious process. However, pay close
attention in order to set up your campaigns properly. If you send users directly to your mobile-optimized website, you should be able to gauge ROI similarly to your other PPC efforts. However, in order to determine the success and ROI of phone calls generated by your PPC ads, you need to have some sort of tracking in place. Now is the time to take action
and get your mobile campaign running.

Facebook Scams   Leave a comment

Facebook frauds- the “Facebook dislike button”, the “stalker tracker” and “watch this video” tricks,  none are new.

Resisting the urge to click can be difficult, and scammers know it. they prey on a combination of users’ curiosity and trust, and on their own ability to disguise scams as legitimate online promos. Fortunately, you have some clues to watch for.

One ploy of Facebook scammers use is to encourage people to click a compelling URL. But instead of seeing the promised site, the deceived person inadvertently spams friends with links to the same URL. Some messages are so persuasive that victims may provide personal information such as credit card or phone numbers, which the scammer can then exploit to run up unauthorized charges.

A successful scam’s key element is its ability to exploit the victim’s trust. Many scams pose as links in posts from people you know. These schemes are coming from people in our network.

If a friend posts a link to what appears to be a video on your wall with the comment, “Is this you? ANOOP!”, you’ll probably click it. But it may be a scam or a link to a malicious site posted by a crook using a hijacked Facebook account.

When you click on a link watch for these red flags: It doesn’t take you to the page promised; or it takes much longer to load than you’d expect. a delayed load may mean that you’re being bounced between proxy servers to hide a hacker’s
location, instead of being sent directly to the destination.

Also watch out for pages that unexpectedly ask you to enter your Facebook login information. Once scammers manage to
gain access to your account details, they can use it to spam your friends. If that happens, or if you suspect foul play of any kind, change your password immediately.

Even shortened uRLs may pose risks, since users can’t tell by looking at a shortened Web address whether it’s authentic.
So if someone posts a shortened link to your wall or by using a Facebook message or Chat, proceed with caution.

Ultimately, most scams are designed to generate revenue for the scammers through pay-per- BUGS & FIXES click schemes or through access to in – formation that can lead to unauthorized charges on credit cards or phone bills.

If you find that you’ve been scammed, first delete the offending app then delete any posts that the app has made in your name, alert your friends to what happened, and change your Facebook account password.

Tying down all privacy settings and restricting what apps can do with your information or your Facebook page. To modify these settings, login to Facebook and click Account in the top right; then select Edit your settings under ‘Apps and websites’ at the bottom left, and click  Edit Settings next to ‘Info accessible through your friends’.

Some more tips:

Very app authors. Click the author’s name and follow it to the app’s home page. Look for anything that seems odd or unprofessional. Run a google search on both the app name and the author.

Check other user’s experience. A simple search can yield results indicating what’s legit and what may not be.

Don’t give out personal information. (including your Facebook login name and password) to anybody, unless you’re certain of the recipient’s legitimacy and the distribution channel’s security.

Be aware that your security on social networks depends in part on the security-mindedness of the other people
who belong to your network.

Posted July 24, 2011 by Anoop George Joseph in Internet

Tagged with , ,

Linkedin link up   2 comments

Linkedin take a closer look,  if you have any dealings in the corporate world- whether you are a CEO, salesperson, HR manager or anything in between. Linkedin is a useful tool to make your business relationships more meaningful, and profitable. Before you dismiss the idea of using Linkedin because you know it as a “bland” social media site, realize that currently there 90 million Linkedin users worldwide. Unlike other social media sites like Facebook where many people use the site for entertainment, all Linkedin users are business minded. That means the connections you develop on LinkedIn are more likely to positively impact you or your company in some way.
Therefore, if you want better or more professional business relationships, LinkedIn is the place to be. Even if you
have a business profile on Facebook and Twitter, LinkedIn makes a perfect addition to your personal or business
branding efforts.

The key to making LinkedIn work for you and your company is to use the site regularly. That means posting something, either an update or a question/answer, every seven days at a minimum. Why? Because the more you use any social media site, the higher your “Google Juice” will be – in other words, Google’s algorithm will notice your regularity and you’ll
get a higher ranking with Google than you would otherwise. Additionally, the more you interact and post on LinkedIn, the more prominent you’ll become within your network – your name recognition will grow.

Fortunately, staying active in LinkedIn and a regular user is simple when you understand how LinkedIn can benefit you professionally. Use the following ideas and suggestions to make the most of your LinkedIn account.

It’s as easy to set up your profile in LinkedIn as it is in Facebook. Make sure your profile is well written and that it highlights what you currently do, what you have done, your strengths, your talents and your education. Remember that
people will access your profile for many different reasons (recruitment, background information, professional contacts, etc.), so be thorough and always make your profile public. Since your LinkedIn profile is essentially a mini resume, keep it updated, tasteful and accurate. Additionally, you have an opportunity to display recommendations for you. As a point of etiquette, when you ask someone to write a recommendation, you must reciprocate.

By posting status updates that contain valuable content, you show your network that you are a team player and that you care about other people’s success. Remember that status updates are not the place to advertise your company’s products or services, nor is it a conversation group. A better idea is to share a best practice, announce a seminar/event you’ve
been to or are going to, or give a quick tip. If you can’t think of anything to post, it’s perfectly acceptable to post a  meaningful or motivational quote. The key is to post something interesting and relevant to your network. And always remember that what you post stays on the Internet forever. So if you wouldn’t want your comment on the front page of the newspaper, don’t post it on LinkedIn.

LinkedIn is a great place to get an inside glimpse of people. For example, you can look up potential clients or vendors on
LinkedIn and see what kind of books they read, where they went to school, what their main interests are (based on the groups they belong to) and so much more. Now you’ll have more to talk about when you meet the potential client, potential vendor, or potential networking friend. Think of LinkedIn as a gateway to have a professional relationship with someone much quicker. In fact, some estimates show that by using LinkedIn to research the people you plan to interact with, you can have a six-month head start on the relationship.

There’s an amazing amount of real-time information available on LinkedIn. By being a member of various groups that interest you, you can see what people are thinking on a certain topic by the questions they’re posting and the responses they’re getting. You can then use the information you discover in your own company. Whether you’re looking for new clients, new vendors, or even a new job, with LinkedIn you can search the companies you want to work with and see who in your network has connections there. You can then ask that person – your connection – for an introduction to a  decision maker who can help you. Even if you find that no one in your network has connections with a particular  company, perhaps someone in one of your groups works there. That’s why it’s important to belong to every group that interests you. Continually build your LinkedIn relationships and make those key connections before you actually need them.

Even though 82 percent of people use some kind of social media regularly, social media itself – including LinkedIn – is
much like the Wild West. It’s not tame yet, and best practices are still being formed. With that said, if you’ve spent much of your time on other social media sites and feel they aren’t working for building professional relationships, then it’s time to give LinkedIn a try.

The key to making LinkedIn work is to work it regularly. Commit to spending at least 30 minutes per day on it, posting your ideas in updates, asking and answering questions, participating in groups and reaching out to potential connections.

Posted July 22, 2011 by Anoop George Joseph in Uncategorized

Tagged with ,

Go Mobile   Leave a comment

Mobile is considered more than a messaging device. In fact. the mobile is a unique medium with its own characteristics and a set of consumer response patterns unlike any other.

Each and every time the mobile campaign has proved themselves with better results than traditional online in just about any metrics. Marketers are beginning to see how mobile can turn established marketing practices on their head and become the lead into marketing programs. Use mobile to close the loop and drive people to buy by innovating executions and recognizing  that the mobile is in its own platform and not an extension to email or online.

Engage specialist mobile marketing firms that not only understand the technology but also understand the application. There are more than a handful of brilliant minds that ‘just get’ mobile marketing and can show you how to do some amazing things.

There is an integration between email and mobile.  Consider,  of smartphone users, over 60% read their emails on their phone as either the primary or secondary source and for personal addresses this is even higher. So now, when looking at email campaigns, you must consider the reader being on a mobile device and  not ignore the ability to leverage the mobile, any embedded links in email must link to mobile web. Yet another reason to go web is the inability in an email to link to an app in a device independent fashion. Sure, you can launch an app from an email, but you first need to know their handset before you send the email. So use email to launch a device-independent mobile website properly rendered and designed for high impact against device.

Consumers are 10 times more likely to answer simple questions on a mobile website to get access to content. Prompt for email, name or even their mobile and you will find an amazing level of willingness to enter simple data.

Using customized links in messages that already contain consumers’ email addresses, or mobile numbers in case of an SMS-based link., you can prompt for remaining data and continue to build your customers’ profiles. Integrate with CRM (customer relationship management) containing POS (point of sale) and loyalty data and you can begin to develop content contextual to the consumer.

Use location based-services and any of the available reverse location look-up platforms and you can analyze down to the street and suburb of  the consumer engaging with the campaign. The only way to gather location details is to change the keyword for different locations. This is not ideal and is a costly exercise. A click through to a well-crafted mobile website, however could potentially measurement down to the nearest 50 meters or so. Imagine the power of being able to place your outdoor advertising in the region where 80 percent of your consumers engage.

Think about all the data analytics and fact based insight available in being able to extract greater profile data, including location of engagement, not just their home address. A consumer has just received a retailer’s offer and clicks through the link. The link may already contain their email, which is passed to their website, which immediately prompts for mobile number and permission to locate them. Coupons, vouchers and offers can be made based on their existing behavioural patterns extracted from their CRM or based on their location. So, if the consumer is 50 meters of the retailer’s store a super special offer is made if they come in the store within an hour.

One of the problems is that the store locators are not integrated with the messaging . A consumer has gone to the effort to find your location and the site does nothing to engage beyond displaying the details. Every store locator should provide an option to enter mobile number and have the store details and opening hours sent as a text message. Better still is send an MMS and include a special time sensitive voucher.

The final ingredient in proximity detection in mobiles. NFC (near field communications) is a hot topic among vendors and analysts, the ability to use mobile with NFC for ‘tap and go’  type payments, ticketing, voucher redemption and a range of other loyalty and venue-based initiatives.

Increase Sales Conversions   Leave a comment

Increase sales conversions by retargeting  abandoned websites. Online shoppers very often abandon their shopping carts for some reason maybe, they think they can get the product cheaper elsewhere.

Whatever the reason, you no longer need to sit back and let prospective buyers drift away or wander to the competitor’s website.  You may be able to track them down and close the sale through behavior retargeting, also referred to as behavioral remarketing or simply retargeting.

If say, a potential customer visits your site, tosses a few items into the shopping cart and walks out the virtual door before completing the transaction, you may be able to woo them back. Sites that use Google Adwords or a retargeting vendor record a snippet of computer code to identify each visitor. The next time that person visits a participating site where you advertise, your banner ad will show up. Run ads that will educate shoppers about an almost expired special offer or remind them that your company has an excellent track record with fraud prevention and you may see that once abandoned shopping cart at your checkout.

The idea behind retargeting is that once you have succeeded in attracting visitors to your site, they have already shown an interest in your products and are likely to be more receptive to your call for action, whatever it may be-purchasing a product, subscribing to a service, registering for a newsletter or downloading a white paper. Chances are good that you ma have invested considerable resources to attract visitors to your site and are looking at a conversion rate in the single digits. Retargeting gives you additional opportunities to convert those lost prospects in a relatively cost effective manner.

As you might guess, the average  online shopper may not appreciate commercialized cyberstalking  and its associated advertisements, so be careful. Consider testing the ad on a few loyal customers.

Retargeting may also be better suited for business-to-business customers who are more inclined to view the tool as a genuine effort to address their needs than to violate their privacy. B2B customers are more likely to return to your site to check out products and servces they previously overlooked.

E-banking Fraud   Leave a comment

E-banking fraud has increased dramatically, as money migrates into the virtual world, the crime follows. Lets look at a typical case  study.

A money transfer provider (The Victim) had been suffering a mysterious finance fraud. Random individuals claimed and successfully cashed money transfers at local and foreign departments of the Victim; while their sender records in the Victim’s central database were fine, there was nobody who actually supplied or dispatched those money.

Thus, the Victim was experiencing immediate financial losses at the rate of dozens to hundreds of fake money transfers per day, each transfer sized $3000 to $30000.

The Victim called for help as soon as they exhausted private measures, such as verifying the possibility of insider activity and attempting to recognize the fake transfers to block them. At the investigation start, the attack was still in progress.

The Victim;s Infrastructure

The Victim’s Infrastructure
The Victim’s dataflow as well as organizational topology was starlike. There was the central management entity, which also hosted the global payment information database and the website. The workstations in subsidiary offices relied upon the
centralized database to cash the money transfers in and out. A money transfer request reimbursed by a sender’s cash would be accepted by the operator at one subsidiary office, to be stored in the centralized database, to be cashed-out at another subsidiary office only to the claimant whose ID corresponded to the data which was provided by the sender. The
payments data was stored and retrieved to and from the global database by operators via a commercial thin-client e-banking application.

The network communication channel between subsidiary offices and the central server was properly secured:  authorization was required, the client’s IP address was verified, and the traffic was strongly encrypted.

Attack Scenario

The scenario has been reconstructed from raw data only such as network and server activity logs, malware grabbed from compromised computers, website backups and other data. Many assumptions had to me made due to the scarceness of evidence, and thus, every assertion within the scenario is somewhat of probabilistic nature (but no less than 80-90% probability).

It all started with a mass malware infection. A small Trojan was broadcasted by means of a standard driveby attack or mass-mailing, to form a common botnet. One of the features of the Trojan was to detect the prsence of e-banking systems on the compromised host.

At some point, the Victim’s compromised hosts were noticed by the botmaster as specifically promising (Payment transfer systems attract cyber fraudsters like honey, because such systems have the major obstacle to low-risk cyber-robbery solved by design: that is, such systems allow easy and quick cashing out for unscreened individuals.) (i.e. by correlating the presence of professional e-banking software with the compromised computer’s WHOIS data). A number
of single payments were faked for the purpose of testing, which proved safe. Within the next few months, a targeted attack on the Victim was planned and executed.

The attackers’ main objective was to compromise as many Victim’s subsidiaries as possible, to perform a rapid distributed attack, to cash out as much money as possible before the Victim can undertake any defensive measures. How did they achieve this goal? The answer is that the Victim’s central website was infected with malware. Because payment operators
used to visit their personal accounts at the central website on the daily basis, the malware was planted on almost every operator’s computer in a matter of days. And the malware of the attackers’ choice was Zeus.

In order to infect the website, the attackers scanned it for vulnerabilities. They succeeded to find a script which allowed to upload custom files to the publicly accessible directory of the web server. A common web shell script was uploaded into that directory, which provided a custom control panel to the server when called from a browser. The server control panel functionality was then used to inject malicious Iframes into the website’s HTML templates.

Upon execution, the malicious Iframe instructed a visitor’s browser to download an exploit from a random one-time website. The particular exploit version was chosen automatically by a malicious script, depending on the visitor’s browser version information. The exploit then triggered remote code execution in the browser to download and execute a sample of the latest generation Zeus malware.

One of the most powerful capabilities of the Zeus enhanced with extra plugins is to provide support for custom remote desktop connection without kicking off the current user or messing with her input. This very feature was utilized by the attackers to get remote desktop access to the operator’s computer while she was at work, to run the e-banking application on top of the operator’s already authorized session (a technique known as session riding or session hijacking), and thus,
to create fake money transfer records via the e-banking  application, signed with the operator’s digital signature and time-stamped with her normal working hours. The money transfer record contained ID information of a particular money mule. The central database server eagerly accepted the payment due record, since it was properly authorized and originated from a white-listed IP address.

In the meanwhile, a money mule approached a different subsidiary of the Victim (possibly even in other country) to claim the fake money transfer. The operator first checked the claimant’s ID against the centralized database. If a valid money transfer was found designated to this person, she paid the amount of cash stated in the database record to the claimant. The claimant then disappeared.

As the Victim’s central management entity became aware of the unfolding attack, they tried to distinguish and block the faked money transfers. Note that it is nearly impossible to tell a faked database record from a genuine one, as long as the stored record is complete with all the required information, authorization, and valid network connection logs. Luckily, in the described case, some of the faked transfers might be fingerprinted due to the flaw in the attackers’ strategy, who used to send the same money mules to grab similarly (and considerably) sized pieces of cash from various cashout departments of the Victim.

After a number of fake transfers were blocked, the attackers stopped their action almost immediately to avoid being caught red-handed, and started to cover up traces. After all, they still had the core control: the website file upload vulnerability, which might allow them to repeat the same attack after some time. Luckily for the Victim, the vulnerability was revealed during the investigation process.

Investigation

The input to the investigation process was no more that the fact of mysterious fake money transfers. Nobody had any idea of how exactly were the money transfers faked. Luckily, the Victim have already performed the homework to explore the possibility of an insider attack, which proved false. So we could conclude from the very beginning, that fake money transfers were initiated by an external attacker. But how exactly?
• Was the central server compromised, to fake transaction records in the database, or to allow unauthorized connections from alien clients?
• Or, were the client computers compromised, to steal operator’s credentials for a remote attack, or even to perform the attack directly from the compromised computer on behalf of the operator?

In order to prioritize the choice of further expertise to save the precious time, it is important to properly estimate the probability of each possible scenario. Later, as expertise unfolds, the new information helps to re-evaluate the initial estimation, which allows to delay or to drop the unnecessary pieces of expertise.

In this case, obviously, the server compromise scenario is less probable, because organizations tend to underestimate client-side security of ordinary workstations (even those used for e-banking), by the side of the security of central servers. Note that the attacker will always target the weakest link, and we must follow his logic while performing the expertise.

A quick analysis of the central server network logs showed that the fake transactions were initiated by a considerable number of subsidiary offices workstations, recognized by their IP addresses. So the first step was to perform a forensic expertise of the compromised workstations. Again, after estimating the probability of various possible findings, we may
find it surplus to perform a full forensic analysis of compromised computers. In this case, we started from looking for bodies or traces of malicious software, since it would be the most probable finding, and in case that it proved false, then only we proceeded to deeper analysis.

In this case, a deeper analysis turned low-priority, as soon as we’ve found that every compromised computer was infected with malware. Noteworthy, that every infected computer had an antivirus product installed, or in some cases, a few antivirus products. This new information was not enough to understand the attack, of course, but it was enough to define and prioritize the next steps, guided by the new questions:

• How were the clients infected with malware? Was it a targeted attack, or a web exploit, or a net worm, or a malicious Flash drive or a CD, planted on operators?
• How, if somehow, was the malware used to fake the money transfers? Was it a credentials stealth, or a session stealth, or anything else?

Two expertise  processes have been considered equally necessary at this step: first, to perform the malware analysis, and second, to analyze the workstations networking logs. The workstations were based on standard editions of Microsoft Windows, so no internal logging was available, and in some cases, even proxy/router logs were unavailable or limited. In
such cases, if the evidence is scarce, it is important to inter-correlate the tiniest pieces of information to understand the major pattern.

After performing malware analysis and network logs analysis, we learned the following:

• Every compromised computer was infected with the same version of Zeus Trojan.

• Every compromised computer have visited the same malicious website at some point before the attack, and have downloaded suspicious executable modules from them.
• The malicious websites were visited immediately after the browser homepage was visited (that is, the Victim’s corporate website).
• Immediately after a client was compromised, it started to generate all kinds of suspicious traffic to malicious servers, compromised legitimate websites, and no-name VPS hosts.
• In some cases, network log records revealed a highly intensive, extended outgoing traffic accompanied by low incoming traffic – a pattern suggesting a remote desktop connection such as VNC or RDP.

• During the attack, in some cases, a text file was downloaded and saved to the compromised computer, containing details of payments to be faked (money mules IDs, amounts of money to fake, etc.)

It turned out that the Victim’s corporate website was  compromised to host malware, which allowed to infect many clients at once. However, the malware analysis output didn’t shed any light to the technical details of faking the money transactions, because the Zeus Trojan is such a universal malware that would allow to implement many different attack scenarios.

The most promising and mysterious finding were the text files, containing details of the faked transactions. Basically, given that the operators were already screened by the Victim’s own security service, thisfinding suggested only two opportunities: either the text files were parsed automatically by malware installed on the compromised computer to perform automated e-banking system transactions, or there was anotherperson logged in to the same compromised computer, who extracted the payment information from the textfiles, to fake transfers by hands.

Luckily, a very tiny detail hidden in one of the network logs allowed us to resolve the last question immediately, which saved a lot of time on the expertise. That is,  we’ve noticed that, a favicon.ico file was requested from the malicious web server immediately before the malicious text file request. This nuance testified that the malicious text file was requested by someone sitting at the browser, rather than it was downloaded by malware via a direct HTTP request. So, we were able
to assume a high probability of the suggestion, that at least in number of cases the transactions were faked manually, by means of a remote desktop connection to compromised clients.

Unanswered Questions

• How did the attackers manage to compromise the corporate website, to plant an exploit on it? Did they break into the server, or did the find a hole in web scripts, or maybe stole the admin’s FTP password?

Stealing web server administrator’s password via a malware is an easy task, so we had to verify this high-probability scenario by means of auditing the administrator’s computer. The administrator’s computer showed no traces of malware, neither alive or deleted. So we performed the web scripts auditing, after considering them the most probable target for a
server compromise. As the result, we’ve located a vulnerable script in the web site, subject to custom file upload, along with the uploaded malicious scripts which allowed to inject malware into website pages.
• Which scenarios of creating fake transactions would the e-banking application support? Because we had not enough evidence to assume the RDP connection was the only technology behind faking e-banking operation, we had to assume other scenarios to provide an effective advisory.

Auditing of the e-banking application revealed a vulnerability, which allowed to hijack an authorized session remotely, by stealing the session token. So, in some cases the attacker might perform fake transactions from his own computer, channeling the connection via malicious proxy installed on a legitimate Victim’s workstation to bypass the e-banking server IP address verification. Apart from that vulnerability, we’ve found that the e-banking application allowed easy stealing of the user’s key files – again, the attacker might use them to impersonate a legitimate operator remotely.

Note the dual link between the probability evaluation and the expertise: every piece of expertise provides new information, which allows to refine the vision, to plan the further expertise.

Posted July 10, 2011 by Anoop George Joseph in Internet

Tagged with ,

Facebook Marketing   Leave a comment

Millions of shoppers are constantly telling Facebook about themselves, what interests them, where they live, what they buy and who their friends are. That is a lot of invaluable consumer information. Facebook has regularly been introducing innovations that enable retailers and other marketers to use that detailed information to precisely target the consumers they wish to reach.

Retail  businesses that in outdoor gear and apparel now point ads at consumers who mention mountain bikes and similar terms in their personal interests sections of their Facebook profiles, as well as those who prefer certain brands.

Facebook members willingness to share detailed information about themselves, information that Facebook , in its drive to monetize its huge traffic, is making available to marketers in many ways.

Because Facebook’s innovations have come so rapidly over the past year, retailers and consumer goods manufacturers are only beginning to test them. Thousands of retailers have experimented with selling directly on Facebook. That friend-to-friend exchange occurs when a consumer clicks that he Likes a retailer or a product— whether that click occurs on
Facebook or on the retailer’s site. That information shows up on the consumer’s news feed, in effect a Facebook member’s home page, which shows posts from his friends and his own updates. The average Facebook member has 130 friends,
which means many other consumers will see every Like and comment a Facebook user makes.

The power of Facebook isn’t just about what happens on Facebook.com. With the launch of Facebook’s Open Graph, designed to facilitate the sharing of information between Facebook and other web sites through publicly available links known as application programming interfaces, or APIs.

Open Graph includes a number of social plug-ins, which are single lines of code a retailer can add to its site to incorporate Facebook features  like its Like button. When a consumer clicks the Like button on a retail site, or interacts with any other Facebook plug-in, that information is recorded by the retailer and also on Facebook where his friends can see that action
mentioned in their news feeds. Clicking the Like button on a news article, blog or retail web site. Each of those interactions tells Facebook—and e-retailers that host those features—something about that consumer.

 The e-retailer added the Like button to its product pages last August, three months after the site’s launch, and the page displays how many Facebook users have Liked the product. When a consumer clicks the button, that information is shared on Facebook.

But because clicks on the Like button are broadcast to the clicker’s Facebook friends, they did expose many new shoppers to the retailer along with an endorsement from someone they know. Most people have friends who have similar interests, so when they see that their friend likes a particular product it has a real impact.

Another plug-in, Facebook’s Comments Box, allows comments on an e-retail or other web site to appear both on the site and on the Facebook pages of the friends of the consumer who made the comment. A consumer has to be signed on to Facebook for their comments to be transmitted to Facebook. Since half of Facebook users visit the social network every
day, and an individual remains signed on unless she unclicks a box that keeps her signed on, millions of consumers are signed on to Facebook as they move around the web.  It’s great because when someone uses either the Like button or comments, they aren’t only endorsing the product.

Moreover, Facebook designed the feature so that a Facebook member sees her Facebook friends’ comments most prominently. That means that if a consumer named Colleen comments on a retailer’s web site, when Colleen’s friends
visit that site Colleen’s comment would appear higher than other shopper’s comments.

Marketers aren’t limited to inserting Facebook’s plug-ins into their site. For instance, Amazon.com Inc. last July began leveraging the information that consumers provide on Facebook into its own site to make shopping on Amazon even more personal.  The Amazon Facebook page also includes movie, book and music titles that are popular among the consumer’s friends, as well as suggestions based on his Facebook profile.   The Amazon Facebook page  illustrates the potential power of Facebook marketing.  There will also be many opportunities to market to consumers on Facebook itself, especially as the social network introduces a wider variety of advertising options.

Retailers can buy featured ads, which enable a retailer to place an ad on the right side of a consumer’s Facebook News Feed page, just under “Upcoming Events,” in the one advertising spot on that page. Merchants can also buy less expensive, self-service “Marketplace” ads that appear on one of four slots on the right side of profi le pages under “People You May Know.”

 ose Marketplace ads can be highly eff ective, says one consumer electronics accessories retailer who declined to be named. This retailer uses Facebook profi le data to show ads to a very targeted audience—the employees of a big rival. At a cost of only about $25 a month, the retailer is using those Marketplace ads to convince its competitor that its advertising budget is far larger than it actually is.

 us, when the retailer works with the social commerce technology company 8thBridge Inc. (formerly known as Alvenda) to host an Urban Decay sale on Facebook that is only open to consumers who follow HauteLook, the retailer can target women in a specific age range who Like specifi c cosmetic or beauty brands.  The retailer also targets consumers who Like its competitors, such as Gilt Groupe Inc.

That’s the idea behind Sponsored Stories. The off ering, which launched in January, is a targeted ad service that puts company logos alongside content from consumer comments that relate to the company.  The consumer’s friends then see that ad as they move around Facebook.

Consumers can click on the ads to visit advertisers’ Facebook pages. A consumer must have had a direct interaction with the brand through a Facebook channel, such as clicking that he Liked a post, in order for his information to be picked up as a Sponsored Story. A Facebook user that casually mentions a company or product in a post will not be mentioned in a Sponsored Story.

Using the ads to generate consumers Liking its brand has worked for 1-800-Flowers.com Inc., which runs both Marketplace and Sponsored Stories campaigns. During a three-week span in which it ran Marketplace ads and
Sponsored Stories that highlighted a consumer’s friend who Liked 1-800-Flowers, the retailer more the click-through rate of its normal Facebook ads. Facebook’s ability to leverage a consumer’s network of connections is one reason marketers like McDonald’s are turning to the social network to promote new products and—in the case of the fast food giant—even hire staff . Indeed, for online retailers, it’s hard to imagine another vehicle that will provide them with as much detailed information about so many shoppers.

Posted July 9, 2011 by Anoop George Joseph in Uncategorized

%d bloggers like this: