• How a Web Design Scam Tried to Ensnare Us

    A web design scam is making the rounds and landed in our inbox. Here is how we handled it, and what you should know to protect yourselves.

    An inquiry for a new project came through our website. It seemed harmless enough. It’s not unusual to get requests for our services, and we do our best to respond to them in a professional manner.

    Upon engaging the new lead, we were sent a scope that appeared to be from someone familiar with the web design process.

    The scammer said:

     l have a Auto painting company business and i need an information website to promote my business, so i need you to check out this site but i need something more perfect than this if its possible.

     <website link>

    i need you to get me an estimate based on the site i gave you to check out, the estimate should include hosting and i want the same page as the site i gave you to check out and i have a private project consultant, he has the text content and the logos for the site. Note:

    1. I want the same number of pages with the example site i gave you to check excluding blogs.
    2. I want only English language
    3. I don’t have a domain yet but i want you to purchase a domain name www.al-qayyumauto.biz Or www.al-qayyumautos.me
    4. i will be proving the images, logos and content for the site

    I will be waiting for your email for the estimate”

     What followed was a list of features and directions to use X Theme.

    Sounds great, right? The bad grammar and urgency should have been our first sign of things to come, but who doesn’t want a motivated prospect?

    Red Flag #1

    At Divining Point we use a consultative process to establish a partnership with each client. We take our time to discuss the purpose of a website, the design requirements, and the user experience that will ultimately lead to conversions.

    We are also reluctant to quote exact pricing without ensuring we have a full understanding of a client’s needs. There’s no point in rushing the process if a project isn’t fully assessed.

    In order to gauge the level of seriousness with this prospect, we sent over a very rough ballpark with the following caveat:

    “We need to speak with you further to properly define the scope and learn more about your business. How did you hear about us?”

    The Scammer sent back:

    “Thank you for your email. I haven’t paid the project consultant that have the logos and content for the site so i would be Making the total payment of $XX,XXX and would deduct $X,XXX payment for my website design and the remaining you would help me send it to the project consultant that has the text content and the logo for my website so once he has the $X,XXX he would send the text content and logo needed for my website to you also the funds would be sent to him via Bank deposit into his account,and also a tip of $XXX for the stress.Thank you once again and God bless you!”

     A full upfront payment from which we’re going to cut 50% and pay a third party the other half, plus a tip? We knew something was fishy, but we had yet to discover this was a web design scam.

    Red Flag #2

    Our Founder, Coy West, sent back the following request:

    “Thanks again for sending in the website inquiry to us. Can you send me the
    following information?

    company name
    name
    phone number
    billing address
    business address”

    Almost immediately we received:

    “Thank you for your email .I will send you the details but I would like to know the credit card processor you are usingand your cell phone number.”

    Coy merely said that all invoices and payments are made using QuickBooks, which is pretty standard for many businesses. Our Founder’s cell phone number is already in his email signature.

    They responded:

    “Okay sound Good !

    Name .. David Vend 

    Business name .. Dvend auto 

    Address .. XXXXXXXXXXXXXXXXXXXXXXXXX

    Also the business address is the same thing with the billing address please get back to me before issuing the invoice!”

    They still didn’t send us a phone number.

    Red Flag #3

    As is standard, we researched online and didn’t find a “David Vend” in Columbus, Ohio. Additionally, no company registered as Dvend Auto turned up in online searches.

    We searched the physical address and learned it is listed to a wholesale auto sales company with multiple complaints from the Better Business Bureau. A deeper dive into the company showed that the business had changed names and ownership multiple times. To an unsuspecting small business, it would seem plausible the new website project was simply another rebranding effort.

    At this point, we decided to slow down the process way down. There was no need to rush.

    It Gets Weird

    The next day our Founder received a text at 2:09am on his cell phone.

    “Hello Coy this is david.Please confirm to me if you receive my text”

    Coy was preparing to travel out of town for a funeral. The next morning at 5:05am, he responded that he received the text message. The scammer immediately responded:

    “Great I would like to proceed by making the full payment can you make the invoice so I can pay it?”

    Coy informed him of his travel plans and said he’d get back to him later.

    “Okay I will be waiting for hear from you”

    At 4:32am the next morning, Coy received another text.

    “Good Morning ., I am still waiting for invoice so we can proceed”

    Does this guy ever sleep?

    How This Web Design Scam Works

    Scams come in all shapes and sizes. Everyone by now has received friendly emails from a Nigerian Prince claiming to send money directly to their bank account. Robocalls, phishing, and malware attacks are now a part of everyday life. But a web design scam was new to us.

    We searched for www.al-qayyumauto.biz and www.al-qayyumautos.me and discovered another fine gent who’d encountered the same hoax.

    Had we rushed to process the full upfront payment, we would have been party to credit card fraud, since the scammer most likely uses a stolen credit card. The “private project consultant”, to whom we would have sent 50% of the money (plus a tip!), is most likely the scammer himself.

    By preying on a small business, we speculate that the scammer(s) found a way to have someone else process a stolen credit card and then launder a portion of the money, which is sent directly to them.

    For any company eager to get paid, this web design scam presents a real threat to their business. You’d be on the hook for credit card fraud, money laundering, and all the money when the authorities come to investigate.

    The Weirdness Didn’t Stop

    Upon discovering the scam, Coy sent a text:

    “After a thorough review, we are unable to fulfill your design requests. Best of luck to you.”

    Two hours later:

    “why do you say that?You are the only one i want to handle my website,What is the problem”

    Twenty minutes later:

    “Hello Am waiting for you to reply me”

     Thirty minutes later:

    “i will be making upfront payment .I want you to handle my project please dont say No”

    Many more texts followed for another hour until they finally stopped.

    If It Seems Too Good to Be True, It Probably Is

    This web design scam is probably the first of many more to come. Businesses of all sizes get excited when a prospect appears out of nowhere ready to move forward. Whereas we might recommend keeping a new business deal moving forward, we also urge extreme caution when a prospect comes on too strong and doesn’t demonstrate any apparent due diligence.

    Even if it isn’t a scam, there are problems associated with failing to establish a clearly defined scope and good working relationship with the client. The stability of your company and the success of each project depends on moving at a measured pace that doesn’t introduce risk for you or your client.

    ***

    Need a team with a professional approach? Give us a call. We’re here to help.

  • A Primer for Progressive Web Design

    Progressive Web Design (PWD), or Progressive Enhancement, is a way of designing web pages so that they will work for 100% of users, no matter what browser they are using or in what manner they are interacting with the page. It’s a contentious topic for some people – usually designers. For marketers, it’s an important method for ensuring every possible audience encounters an experience that leads to conversions.

    Progressive Versus Responsive

    Progressive Web Design is not the same thing as Responsive Web Design.

    It is a core fundamental of web development that the design must be elastic and be appealing at all viewport aspect ratios. However, it’s not an either or decision between Progressive and Responsive. Both standards should be used together to ensure an optimal experience for all users.

    Responsive Web Design uses design elements that respond to changes in the size of the viewport – desktop, tablet or mobile phone. This is done by rearranging the components of the page, changing the top nav into a “hamburger menu,” and other techniques. The motto of Responsive Web Design is “mobile-first”, meaning that if a site works on mobile, it will work on desktop but not vice-versa.

    Progressive Web Design takes this same elastic approach toward browser functionality and context. However, the Progressive Web Design workflow is based on the idea of layering. At first pass, a page is designed for the least common denominator, i.e., a small screen with no CSS, no JavaScript and HTML4. Then, the enhanced features are layered on. Consequently, this also enhances the SEO performance of the website since the underlying content is easier to crawl by search engines. 

    Why Is This Important for Designing Websites?

    From the beginning, the Web was designed to be platform-agnostic, which is a fancy way to say that a page will work on any computer and in any browser that implements the HTML standard. Progressive Web Design embraces this goal of accessibility by ensuring that a page is functional in any context.

    Modern web browsers provide powerful styling and scripting abilities for web designers and developers using HTML5, CSS and JavaScript. However, only a certain percentage of users interact with a design with all these features enabled.

    Some common contexts in which a user may be interacting with a site are:

    The Whole Enchilada – Using the latest desktop version of Chrome, Edge or Safari with all features enabled.

    The Smart Phone – Using a touch interface on a modern smartphone with the latest version of a major browser and fully enabled.

    The Old Browser – There are still a sizable number of users who use outdated browsers like Internet Explorer that do not implement the newest features of CSS and JavaScript. This often happens in large corporations or organizations with strict IT policies.

    The Snail – A user is in a rural setting where broadband is not available.

    Reader Mode – There are a number of applications in which a user may read a version of a page that has all CSS and JavaScript stripped away such as when subscribing via RSS, using sites like InstaPaper and Pocket, or reading a page in offline mode.

    Speech Mode – Screen readers for the visually-impaired and voice-interactive devices like Alexa, Google Home, etc.

    What Design Features Are Actually Used?

    Current analysis shows that the following features are available for the percentage of audience shown. This is only a small portion of features listed as an example. A full reference for the use of features can be found at https://CanIUse.com.

    CSS

    • Grid Layout: 91.54%
    • Sticky (prefixed) – Header stays at top: 90.36%
    • Sticky (not-prefixed): 76.74%
    • Shapes: 89.23%
    • Filter Effects: 93.19%
    • Scroll Positioning: 86.73%
    • CSS Calc: 95.83%
    • Rounded Corners: 96.48%

    HTML5

    • Audio: 96.46%
    • Canvas Blend Modes: 92.86%
    • Custom Tags: 86.59%
    • Dialog Element: 72.22%
    • HTML Imports: 72.17%
    • PNG Favicons: 85.07%

    JavaScript

    • Accelerometer: 62.22%
    • Promises: 92.74%
    • Push API: 78.06%
    • ECMAScript6 Classes: 90.83%

    Other

    • WAI-ARIA Accessibility: 94.20%
    • WebP Image Format: 78.13%
    • Ogg Audio Format: 79.79%
    • FLAC Audio Format: 89.97%
    • WebAssembly (wasm): 84.62%
    • Animated PNG: 84.42%
    • theme-color Meta Tag: 36.42%

    Basic Techniques

    Know your user. Site audiences will skew toward more or less feature availability depending on the site’s user base. A site made for techies will likely have The Whole Enchilada, whereas less technical users who tend to live in rural areas will have less functionality.

    Check usage. Each property should be checked for usage. Many firms elect to consider 98% and above as global and ignore those users who don’t have the feature. Although that seems to cover most or all of the bases, it could very well leave out important segments of your customer base.

    CSS overrides. This is a simple technique of writing CSS code that is geared toward all browsers and then adding on code for more sophisticated browsers to the end of the CSS. This method replaces the previously declared code if the browser supports the new feature. Otherwise, it’s ignored.

    CSS feature queries. This is a tool in CSS to check to see if a feature is available and only parse the designated code if it is.

    Fail gracefully. Manage feature failures proactively.

    Write for tests. Design code with functionality to easily test the site in less-advanced contexts.

    Test by touch and by click. Interaction on touchscreens may be very different for the user than by clicking with a mouse. Be sure the page works easily for both contexts.

    Think about content-only. Knowing that your page may be read by a screen-reader or in reader mode, layout the code with the intention of feeding content to these readers in a logical order and omitting elements that do not apply in that context.

    Test without JavaScript. Make sure nothing breaks when JavaScript is turned off. For example, employ post-back methods for when AJAX is not available.

    Need a full-service team to take your business to the next level? Contact us today. We’re here to help.