Ohio Section Journal – The Technical Coordinator – December 2022 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Tom – WB8LCD and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Tom has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the Ohio section will need to use the mailing list link above.  Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).

  • Go to www.arrl.org and click the Login button.
  • Login
  • When logged in successfully, it will say “Hello <Name>” in place of the Login button where <Name> is your name.  Click your Name.  This will take you to the “My Account” page.
  • On the left hand side, under the “Communication” heading (second from the bottom), click Opt In/Out
  • To the right of the “Opt In/Out” heading, click Edit
  • Check the box next to “Division and Section News.”  If it is already checked, you are already receiving the Ohio Section Journal.
  • Click Save
  • There should now be a green check mark next to “Division and Section News.”  You’re all set!

Now without further ado…


Read the full edition at:

THE TECHNICAL COORDINATOR
Jeff Kopcak – TC
k8jtk@arrl.net

Hey gang,

I’ve been the Webmaster for a handful of ham radio sites since about 2005 (excluding my own personal site). Dale’s Tales for December 2022 really hit home. That’s how I became webmaster for most of those sites. Complaining about the accuracy and timeliness (lack-there-of) on posting information to the club’s site. It is the way people interested in the club or a prospective ham radio operator – first interact with the club. If the site hasn’t been updated in years, newsletters aren’t current, hey the autopatch hasn’t worked in 20 years but still detailed on the site, I’m moving on to the next club’s site. Consider it the first impression the club makes on a new or prospective club member. Much like a job interview, first impressions count.

While I’m not here to talk about keeping websites updated – though every club and organization should, I’m here to talk about a related topic: SPAM.

Also referred to as “junk mail” they are unsolicited messages, usually sent in bulk. The name Spam came from a Monty Python skit about the canned product of the same name.

If you’ve ever put an E-mail address out onto the Internet, you know the barrage of spam messages inevitably received. Plain text E-mails are harvested by bots that scour pages on the Internet, looking for: username@somedomain.com. One day, that address will be harvested too. Once collected, they’re used by spammers directly or sold to spammers by data miners. The receiving end sees endless messages about dating sites, vitamins, Black Friday deals and the like. These messages are easy to spot. Most are caught by spam filters. Ones that make it through feel like a personal space violation.

Webmasters, such as myself, use techniques to minimize that harvesting. Those include contact forms and captchas where the user fills out a form with their name, callsign, subject, whom they want to contact, and message. Captchas are those things where you have to click all the images containing a crosswalk, select all images with boats, or type some words. This, along with monitoring interactions with the captcha dialog provides a confidence level the submission is by a real human being (not a bot) before the message can be sent. Another technique is to encode E-mail address in a method not recognizable to a bot. When a user clicks the link, the result returned to a browser is a usable E-mail address. Some Content Management Systems (CMS) handle this automatically or with the assistance of a plugin. QRZ requires a user to be logged in to see E-mail addresses, saying a bot wouldn’t have a QRZ account. I use a substitution method on my personal site making the user complete two relatively simple tasks:

Callsign@a-r-r-l.net (callsign found elsewhere, remove dashes)
SPAM (Hormel Foods)

Another variation uses: K8JTK(@)arrl(dot)net. When a bot harvests the address above, the spam message is sent to a domain that doesn’t exist (a-r-r-l.net). A real ham would know what a callsign looks like. They substitute my callsign for “Callsign” and remove the dashes in the domain name, voilà.

Those techniques are good for keeping E-mail harvesting spam bots at bay on web pages. PDFs, such as club newsletters, are still an issue because there is no easy way to mask E-mail addresses. All this falls apart when humans are paid to bypass techniques put in place to stop the machines from harvesting. Spammers have gotten very creative. Not only harvesting E-mail addresses but techniques used to reel people in.

Most of the ones I receive that make it through look like the message below. Achieving the result of my site linking to crap commercial site legitimizes the commercial site. This leads to additional traffic and improved search result ranking for the commercial site. Search engines take into consideration the legitimacy of a site by how many other sites it considers reputable, are linking to that other site. Don’t fall for these! I have [redacted] parts of the message to not give press to these spammers and scammers.

Subject: jeffreykopcak.com
From: [redacted, company name] 
Date: 8/18/21, 6:43 PM
To: Jeffrey < [redacted, another E-mail address] >

Hi Jeffrey,

I hope you're doing well! I came across your page and noticed you included some information about security resources and password protection:

https://www.jeffreykopcak.com/posts/

I thought you may be interested in a guide our team created on ways to protect your family and home with the internet:

https://www. [redacted, company name commercial site] .com/blog/harnessing-the-internet-to-keep-your-family-and-home-safe

With the rise of smart home technology, tracking devices and general online communication, the need to have access to high-speed internet and increased safety precautions is more important than ever. We wanted to help provide more information on steps families can take to improve their security.

Our guide includes

Tips on Surveillance Systems and Securing Your Internet Connection

Using the Internet to Stay Safe

Alternative Internet Resources

Would you consider adding our resource to your page that I listed above to help spread awareness on online safety?

I look forward to hearing your thoughts when you have a chance to take a look!

Gratefully,

Jess

Jess [redacted, last name]
Communications Coordinator at [redacted, company name]
info @ [redacted, company name] .com

First sign this is a scam, I didn’t ask for or solicit this type of content. Second, the link they refer to on my site is a listing of all postings I’ve made to my site. They don’t reference a specific post meaning they didn’t read anything. Their search terms landed on my “all posts” page. References to “security resources” and “password protection” were likely OSJ articles I wrote. Third, I’ve looked at some of these provided links (on a VPN of course), the information is generic garbage containing basic information and often links to their other garbage posts.

If I’m in a mood, I’ll E-mail them back saying ‘sponsored content is $300K/per link/per year.’ No takers, lol.

This is one of the best I’ve seen:

Subject: [redacted, ham club webmaster's name] and [redacted, ham club president's name], [redacted, ham club name]
From: Stacey [redacted, last name] <s[redacted, last name] @ [redacted, their club] .org>
To: [redacted, E-mail addresses]
Date: Tue, 06 Dec 2022 17:58:48

[redacted, names of ham club officials],

My name is Stacey [redacted, last name] and on behalf of the [redacted, their club name] for Girls, I wanted to let the [redacted, ham club name] know your web page was a big help to our club! This one - [redacted, ham club web page]

For the month of December, our club is exploring the history of innovations in science and technology with a 'famous inventors and inventions' lesson. The girls are currently learning about the history of the radio, including early broadcasting techniques and amateur radio, and how it impacted society. Your web page led us to some great information on amateur radio to incorporate into our lessons, so the girls requested I reach out and let you know :)

As a thank you, I wanted to pass along this reading on the history of the car radio our member Nicole found. It's a fantastic timeline of radio and audio systems throughout the years, covering the early stages for military use and evolving into the radio we know today with the invention of the vacuum tube. The additional reading on historical broadcasting and the golden age of early radio was really neat for the kids to learn about too. This is it... https://www. [redacted, commercial website] .com/articles/the-history-of-the-car-radio/

Nicole was very excited to share it with you! She thought it would make a wonderful addition. Will you let me know if you're able to include it for her? I know Nicole would be delighted to see she could help! (We meet Thursday evening, if you can add it by then!) She's really enjoyed working on this project and is even in the works to get her HAM license! Looking forward to hearing from you!

Wishing you a very Happy Holidays,
Mrs. [redacted, last name]
https:// [redacted, their club] .org

There weren’t the usual red flags. It’s well written. Their club could be completely legitimate. It’s about kids (won’t somebody please think of the children!) and they gave a name to their member, Nicole, to humanize her. They mention ham radio a couple different times meaning they read the site or the person writing this has familiarly with the subject.

(homestarrunner.com)

Red flags: The E-mail address this message was sent to, I’ve never used anywhere. The person harvesting E-mails strung together some text. They did not even grab the E-mail address that I use on that site. One could have surmised the text they saw equated to an E-mail address. As it turns out, they guessed correctly. Second, the ‘commercial website’ is an auto title loan agency and the content of the article is not well detailed. But I could enter to win prizes in their holiday giveaway! I am not spamming the club’s visitors with links to a loan agency. If I saw links like these on another club’s site, I’m not joining. Third, the implication of a deadline or sense of urgency (by Thursday evening). This is the same way people get scammed by those calls where ‘there is a warrant out for your arrest and you must pay $X00 now or the sheriff will arrest you in 10 minutes.’ I ain’t buying it! DELETE!

If I had to guess, assuming their “club” is completely legitimate, in an attempt to raise some cash, they are involved in soliciting traffic for commercial sites. They get paid by the number of sites that post the URL driving traffic to that site and/or increase that site’s’ search ranking. Their campaign deadline was Friday and the reason for the urgency getting links posted by Thursday evening. Did I mention I could enter to win 30+ prizes in their holiday giveaway?

I write about this to bring awareness to the rest of the ham radio webmasters and club officials. These solicitations come across looking legitimate. Do not get taken by or caught up in these scams. If these links have been posted to the club’s site, remove them like yesterday. The club isn’t asking for these solicitations, posting them can’t be beneficial to the organization.

Thanks for reading. Happy New Year! 73… de Jeff – K8JTK