Re: Superfoods ordering, Brian Clement, and Try Vegan Week
As I stated in an email sent to you just this morning, I have investigated this with both my webhost and my security consultant, and am in the process of thoroughly scanning my website to determine whether my security has been compromised in any manner. Unfortunately, browser and security software are known to give false positives for the presence of malware and malcode. My security consultant and I also both have high levels of security on our web browsers and computers, and have been unable to duplicate any warning messages for my webpages.
That doesn't mean that I am taking the warnings you received lightly... this is a great opportunity to more thoroughly research the security of my website, and I am both conducting a thorough review of my webpages to ensure that they are secure and am already pleasantly surprised to discover just how secure things are.
I will go into this in more detail below, but for those who are simply wondering if my site is insecure, I have not yet found any evidence that it is, I am thoroughly investigating this matter, I am using the most secure systems that are available online, and I have not received any complaints before now.
In the interim, for folks who are suspicious of online financial transactions with my or any website, my products may be ordered over the phone or through email and paid for with cash or check -- the method I recommend, as it further avoids credit card processing fees.
I will certainly keep everyone updated as I discover more.
The conversation in more depth:
The previous poster received a warning message that phishing code (designed to trick visitors into inputting data onto false websites) had been detected when they visited my website. There are any number of reasons why their software may have received a false positive for my website. I have not, to date, been able to replicate any such warnings using my own high-security software or that of my security consultant.
The code I use on my webpages is extraordinarily simple code, and there simply isn't any evidence other than this one message that it has been hijacked in any manner. I am running more complex diagnostics from third parties to ensure that this is the case.
Google reports demonstrates that no malware which could infect a person's computer has been associated with my webpages in the last 90 days (http://www.google.com/safebrowsing/diagnostic?site=rawmatrix.net).
All of my financial transactions are run through Paypal, which utilizes the highest levels of security on the web. The only information that is captured directly on my webpage is the email address of someone requesting to be added to my newsletter.
Were there a third-party who had hacked the security of my webserver hosted professionally by BlueHost.com, alternate code inserted into my website could redirect a customer to a fake Paypal site, which might then attempt to install malware on the customer's computer to extract financial information, or attempt to get the customer to input their credit card or other financial information. That is a serious potential problem. It would not, however, be able to mimic my online store without a real investment of time on the part of the hacker, and I can further assure everyone that I successfully receive monies from customers all the time through Paypal transactions on my websites. I have never heard from a customer who made an order and paid me online whose money I did not receive -- which is an indication that everyone is being properly directed to the official Paypal site.
This situation certainly calls to attention the need for everyone to ensure that their computers and web activity are well secured with the use of anti-virus, anti-spyware, and anti-malware software, and that online financial transactions should only be conducted through highly encrypted software such as the Paypal transaction system. Security should be a concern, and folks using reputable software on their computers and conducting transactions through reputable systems are doing so in a secure manner.
Having a Paypal account and using it for one's finanical transactions online may be one of the safest mediums, because you are never entering your financial information anywhere but on Paypal. A phishing scheme trying to get me to re-input my financial data to a fake Paypal will instantly trigger my suspicion, as Paypal already has that information and has no reason to request it a second time, and there isn't any way that someone who successfully stole my Paypal login information could determine what my already-input financial information was. I, myself, have been locked out of my own Paypal account many times for not being able to properly respond to the very many security protocols Paypal uses; as long as a user is paying attention when conducting online transactions, Paypal is using the highest levels of security available on the web.
Thank you for bringing this to my attention. I will certainly notify you as soon as I have results from the security scan of my webpages.
The Raw Matrix
Raw Events, Foods, and Inspiration
--- In RawPortland@yahoogroups.com, "sunnymilanna" <sunnymilanna@...> wrote:
> Did you receive my email re: your website? Were you able to take care of it? I have a very strong firewall and lots of software in my computer to stop scammers, hijackers, spyware, etc, so that is how I found out that someone has hijacked your website (a phishing warning window came up on your website)for the purpose of taking all of your buyers' personal financial information for the purposes of identity theft:
> "Scary! When I went to your website a warning window came up saying that your
> website is a phishing website...! I can't imagine that YOU, Brion, would be
> doing this, but, scammers DO hijack websites and then steal the personal
> info from people who sign up and/or buy stuff from that website. Do you have
> all the firewalls and spyware and virus programs installed in your website?
> I was going to order from your website but now I am scared to."