Beware of SETC (Self-Employed Tax Credit) Emails!

Beware of SETC (Self-Employed Tax Credit) Emails!

All Posts, Email Tips, Security

We all get those solicitation emails for business funding and loan opportunities. This one in particular I had seen a few times and this time I decided to research it because “SETC” sounded familiar. SETC stands for Self-Employed Tax Credit and the email got my attention being well written, rather short, key bullet points, and to be honest it seemed pretty legit. TLDR: It’s misleading and you may want to just treat it like spam and delete the email.

Google Search - self employed tax credit

Check out some of what I read from the email we received:

Here’s what makes the SETC Rebate so appealing: IT’S NOT A LOAN! You won’t have to worry about repayment or restrictions on how the funds are used. It’s a cash rebate directly paid to you.
To check if ______ ________ is eligible, simply CLICK HERE to visit our website and complete a quick 1-minute online form. Don’t miss out on this incredible opportunity!

If you work for yourself as a self-employed individual in any of the categories listed below, you meet the requirements and could receive up to $32,220 through the SETC tax credit:

  • Sole Proprietors
  • 1099 Contractors
  • Freelancers
  • Single-member LLCs
  • Gig Workers
  • Other self-employed professionals

We’re a small agency here at Design Theory and from humble beginnings where we wore all the hats and did just about all of the necessary paperwork. Claiming or filing an SETC did NOT sound familiar to me, and believe you me, we were always looking for ways to decrease our tax burdens. A quick Google search and I was immediately seeing an excerpt from the IRS website dispelling this “opportunity” and speaking to it in the form of how I received it (email or social media).

SETC - Already Applied for Your SETC Tax Rebate

 

From the IRS

Promoters and social media are marketing something they describe as the “Self Employment Tax Credit” as a way for self-employed people and gig workers to get big payments for the COVID-19 pandemic period. Similar to misleading marketing around the Employee Retention Credit, there is inaccurate information suggesting many people qualify for the tax credit and payments of up to $32,000 when they actually do not.

In reality, the underlying credit being referred to in social media isn’t called the “Self Employment Tax Credit,” it’s a much more limited and technical credit called Credits for Sick Leave and Family Leave. Many people simply do not qualify for this credit, and the IRS is closely reviewing claims coming in under this provision so people filing claims do so at their own risk.

“This is another misleading social media claim that’s fooling well-meaning taxpayers into thinking they’re due a big payday,” said IRS Commissioner Danny Werfel. “People shouldn’t be misled by outlandish claims they see on social media. Before paying someone to file these claims, taxpayers should consult with a trusted tax professional to see if they meet the very limited eligibility scenarios.

Click here to read the full article on the IRS Government website.

If you happen to receive an email like this from the same vendor or another, make sure to do your research before responding or sharing your personal or business information. It’s 2024 and chances are you’re not the only one to receive an offer or some exclusive business opportunity, and whether you check on Reddit or your local Chamber of Commerce, validate the legitamacy of a company or organization before you share your sensitive information.

Our Approach to SSL Certificates For All Our Client Websites

Our Approach to SSL Certificates For All Our Client Websites

All Posts, Domains, Security, SEO, Web Development, WordPress

As the internet continues to evolve, website security has become a crucial aspect of ensuring a safe and trustworthy online experience. One of the most significant developments in this regard is the use of Secure Sockets Layer (SSL) Certificates. In this article, we’ll explore the reasons why it’s essential for websites to have an SSL certificate and why Google requires it.

What does it mean?

First, let’s define an SSL certificate. SSL is a standard security protocol that establishes an encrypted link between a web server and a browser. This link ensures that all data transferred between the server and the browser remains private and secure. SSL certificates are digital certificates that are issued by trusted third-party providers, known as Certificate Authorities (CAs). These certificates verify the authenticity of a website and encrypt all data transmitted between the website and the user’s browser.

https secure connection graphic

Now, let’s get into why SSL certificates are crucial for websites

  1. Data Protection One of the most significant benefits of SSL certificates is data protection. Without SSL, all data transferred between a user’s browser and a website is transmitted in plain text. This means that anyone who intercepts the data can read and use it for malicious purposes. SSL encrypts all data, making it unreadable to anyone who intercepts it.
  2. Authentication SSL certificates also provide authentication. They verify the identity of the website, ensuring that users are communicating with the website they intended to. This helps prevent phishing scams, where attackers create fake websites to steal user information.
  3. Improved SEO In 2014, Google announced that HTTPS (the secure version of HTTP, which uses SSL) would be a ranking signal in its search algorithm. Websites with SSL certificates are given a higher ranking than those without. This means that having an SSL certificate can improve a website’s visibility on search engines, which can lead to increased traffic.
  4. Trust SSL certificates also create trust between websites and their users. Seeing the padlock icon in the browser bar and the “https” in the URL reassures users that their data is secure and that they can trust the website they’re visiting.

So let’s talk about why Google requires SSL certificates. In 2018, Google started marking all HTTP sites as “Not Secure” in the Chrome browser. This was part of Google’s plan to make the web a more secure place. Google wants to encourage all website owners to adopt HTTPS by making it a standard for all websites.

Google has also stated that websites without SSL certificates may be penalized in search rankings. As we mentioned earlier, SSL certificates are a ranking signal in Google’s algorithm. Websites without SSL certificates are seen as less trustworthy, and their rankings may be lowered as a result.

Our agency, Design Theory, has been informing our clients about a campaign we’re performing to have all of our client websites configured with an SSL Certificate. Great news if you’re already a client of ours, and if you’re not but want to get your SSL Certificate installed on your website, give us a call or email and we’d be happy to help you!

To wrap things up, SSL certificates are crucial for website security, data protection, authentication, SEO, and trust. Google requires SSL certificates to make the web a safer place and to encourage website owners to adopt HTTPS. If you’re a website owner, it’s essential to obtain an SSL certificate to ensure your website’s security and to maintain your search rankings.

My WordPress Site Just Got Hacked

All Posts, Security, Web Design, Web Development, WordPress

Probably a phrase that no one in the community ever wants to utter. I bet you’ll probably stop reading this post temporarily just to take a look at your website to ensure that it is still up and in-tact. Some of you may even clear your cache and refresh to be double sure. Does this type of thing happen often, yes! Does this happen to anyone or just you? If you’ve been hacked before it sure feels like it was just you out of the millions of active websites on the interwebs. You can’t feel too bad about it, it was probably bound to happen if you have never thought to make the necessary steps to keep your website secure.

So what do you do now that your staring at some ugly graphics and text that reconfirms the obvious that your website has been hacked? Check out this list of options below:

Contact Your Hosting Company

Inform them that your website has been compromised so that they may be able to take steps to isolate the problem to a specific server or files before it spills over into your neighbors yard. Most websites operate on shared servers. This means on any given server there could be multiple websites of all types sharing space. Kind of like the electrical box outside your house.

Protect Your Own Computer

Once you’ve learned that your website has in fact been hacked, trying to navigate around it may not be wise as files may be compromised. Clicking on links or images may unload spyware or malware to your local computer that may wreak havoc on your home/work network and systems.

Pull Up A Backup of Your Database or Website

This of course is considering you set a plan for backups to your website on some type of regular basis. We use a plugin called WordPress Database Backup from Austin Matzko, however that plugin hasn’t been updated in a while. So I’d suggest BackWPup by Inpsyde. There’s a host of options including backing up to your Dropbox account. You can also perform your own backups by heading over to the Tools section, then clicking on the Export option and saving that to your local computer. Now if you do have a backup, you’ll be using the same plugin for backing up (in some cases) and choosing the import feature, or using the native import feature through the Tools section in your WordPress dashboard.

Get A Fresh Copy of WordPress

Go to WordPress.org and get yourself a fresh copy of whatever current version is out at the moment. There are a few files however that you’re not going to want to alter as they will consist of vital data pertaining to your website.

  • wp-config.php (contains your database, host, password, and more)
  • wp-content (FOLDER) (this is where your themes and plugins are stored)

There are a few files that you should delete regardless if your site is new, hacked, or not:

  • wp-admin/install.php
  • wp-admin/install-helper.php
  • wp-admin/import.php
  • readme.html
  • wp-admin/upgrade.php
  • wp-admin/upgrade-functions.php

If you’re not sure, make a copy while your in your FTP to your server side and rename the parent folders to :whatevername.old” or “whateverfile.php.old”. This way when you upload new files you won’t overwrite the preserved ones and you’ll still have fresh files loaded where compromised ones may have been.

Change Your Database Password

This same password is listed in your WP-CONFIG.php file so you’ll need to go through your host control panel to edit your MySQL database to edit this. Once updated to something WAY more secure and different, edit the password in your wp-config.php file and re-upload that to your server. I shouldn’t stress that this shouldn’t be the same password as your Dashboard user login.

Speaking of users, be sure that you are NOT using the default “admin” account to login to your site. If so please create a new login with a better username like your nickname plus favorite 5 digit number, add in some spaces and a few capital letters while you’re at it. Brute force attacks on WordPress sites are common and over 90% of the time they are trying under the “admin” username.

Be sure you’re using the most udpated version of PHP. Could be 5.2 or 5.4. Check with your hosting company as well as your theme to be sure you’re where you need to be.

Login to WordPress and Check Around

See if there are any new users accounts (especially administrator ones) that you know shouldn’t be there. Update the passwords on the remaining ones you know are authorized. See if there are any new pages, posts, media files, etc that you know you didn’t load. Remove them too. If you did preserve some files or folders, you may have to reload your theme(s) and plugins. Not a big deal since you’ll easily be able to see them from your preserved files/folders.

Keep Up To Date

Be sure to keep in-step with security updates from WordPress. If you ever see a 3.x.x update, chances are is a vulnerability update and it will be an update to patch  something that someone from Automattic or the WordPress community has discovered. Also check in on your plugins and themes to see if they have updates. Most theme houses like Themeforest or WooThemes will contact you via email whenever there are updates pushed by the submitting developers. If not, take some steps to stay up to date on your own. Beware of some free themes you find on the net too. There usually is no accountability or liability should that theme go un-updated for months or years yet still be available as free. Or worse yet, repackaged and loaded on other sites as a free theme yet its now loaded with malware.

Install Preventative Security Plugins

While there are a host of plugins you can choose from, some free, some premium; GET SOME! I’m more of a fan of premium plugins from respectable developers versus free ones because truly, you get what you pay for. The level of responsibility from premium developers to ones just starting out is quite noticeable and to be respected. So what should you use? Here are some suggestions:

Better WP Security

WordFence Security (we also talked about this here)

BulletProof Security

XCloner – Backup and Restore

Have you had a site get hacked? Have more ways to prevent a site from getting hacked? Share in the comments below!

 

Some useful links and further tips:

Hardening WordPress