Category Archives: Latest news

SPAM and phishing emails

Since the advent of ChatGPT we have notice a huge increase in the quantity of SPAM and Phishing emails and also notice their increased ability to evade SPAM filters.

We have copied some examples of recent messages we have received below – it is a 4 page pdf file, so make sure to scroll down to see all the examples.

Two new Parish Council Websites

We are delighted to announce the launch of 2 new websites.

Challock Parish Council in Kent

The parish council wanted a new website to reflect the village activities, such as the churches, and some of the lovely photographs from the flower festival.

Di Sandy, the clerk commented:

“The website is very good and very easy to follow. Getting there with familiarisation.”

Visit Challock Parish Council website

Bagnall Parish Council in Staffordshire

The parish council wanted a new site that could be easily updated without reliance on third parties. They asked for the menu to be structured to their specifications and for the Council Members section to have images, biographies and responsibilities.

Denise Cooper the clerk commented:

“I am very pleased with the web design, it looks very good and I should be able to update / maintain it myself as I am fairly familiar with WordPress. Thank you very much.”

Visit Bagnall Parish Council website

It was a pleasure working with both councils and we are delighted with the new websites.

The Little Book of Big Scams

The last few years have seen an explosion in online fraud as increasing amounts of our lives and financial transactions move online. Find out about the most common types of fraud and how to prevent them. The Little Book of Big Scams is a useful resource that you will want to read and share with your parishioners and is produced by the Metropolitan Police. Read it here – it it isn’t displaying properly on your screen, you can click the ‘The-Little-Book-of-Big-Scams-5th-Edition‘ link to view a full-sized version. You can also use the ‘Download’ link below the PDF to save a copy to share on your own website.

New parish council website – Hemingford Abbots, Cambridgeshire

We are delighted to announce the launch of a new website.

Hemingford Abbots in Cambridgeshire needed a new site that was compliant with the new WCAG 2.1 AA standards required of town, parish and community councils.

We designed them a new compliant website and transferred their content to the new site.

The new website is fully compliant with all current regulations including WCAG AA Accessibility regulations, GDPR and the Transparency Code.

We are delighted with the finished website – and it has been a pleasure working with the council to create the new site. The site includes an image slider that showcases their stunning pictures from around the village and also has an enhanced menu that works very well for large sites with lots of content.

You can view the site here:


Email safety tips

Many people fall victim to traps by criminals sent in emails. More recently, these criminals have used the pandemic as a cover story to con large amounts of money or personal data from unsuspecting victims by phishing. Here are some simple things to be aware of

Definition: Phishing. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

  • Your bank will not discuss your private financial situation by email. If you receive any correspondence that claims to come from your bank, telephone your branch to verify it and discuss the matter over the telephone instead.
  • Don’t open attachments or click on links from anyone you do not know. If you do click on them, this could result in malware being downloaded to your device.
  • Look for spelling and grammatical errors. These messages often come from abroad.
  • Look at the email address of the sender. If it doesn’t look like it’s from the company they represent, don’t respond.

Finally, when you see a suspicious email, delete it. Put it in the bin where it belongs!

Operation London Bridge – are you ready?

What is Operation London Bridge?

Operation London Bridge is the code name given to the plan for what will happen in the days after the death of Queen Elizabeth II. The plan was originally set up in the 1960s.

How will it affect Town and Parish Council websites?

Local council websites will be expected to go into mourning mode. This means that a single respectful page will need to be added as the main entry point of the website. The page will have a black background and a picture of the Queen, along with her dates of birth and death.

How will it be announced?

The news will ripple out quietly and secretly to begin with. The words “London Bridge is down” will be used to make the announcement. The next step will involve informing the Commonwealth Governments. Finally, the world’s press will be made aware with a newsflash to the Press Association and other global media outlets.

What can you do to prepare?

How you can add a new black home page to your website very much depends on the technology your website uses. You will need to contact your website design company to ask them how this can be set up.

How can Town and Parish Council Websites help?

We have prepared some custom software that will enable you to easily comply. You will be able to enable or disable the black screen as and when you need it. The cost of adding this to our customer websites is £80. Unfortunately we are not able to add it to websites that are not run by us.

Meeting WCAG 1.2 AA Accessibility Standards

5 common accessibility problems with town, parish or community council websites

1. Can you magnify your website by 200% without needing to scroll sideways to view the content

How can you check?

If you are working on a PC, you can hold down your Ctrl and press the + key on your keyboard repeatedly. Each time you press the + key, the magnification will increase. Depending on the software you are using, you will probably see the magnification level in the top bar of your web browser – usually just to the right of where your web address appears (the part where is says https://…. You will see the percentage increase each time you press the + key.

If your website is correctly programmed you will be able to reach 200% and the content will still be clearly readable. You may find that some elements of your site will reflow so that perhaps the sidebar content will now appear underneath the main page content, but that is fine.

Why does it matter?

Visually impaired visitors may need to magnify the text in your website. Visually impaired visitors can have a range of disabilities and some may be temporary such as someone who doesn’t have their reading glasses.

2. Can you use the Tab key to navigate through your website?

How can you tell?

Begin by clicking in the top address bar of your website. This is where the web address is (beginning https://….). Repeatedly press the Tab key and see if the cursor moves through the content of your site. Make sure that the menus (tabs) are all fully displayed while you are doing this and that you can get through all the content on the page without the cursor getting stuck anywhere.

Why does it matter?

Visitors with motor disabilities many not be able to use a mouse. This group includes visitors with arthritis for example.

3. Does your website have flashing elements that auto-play

How can you tell if it is a problem?

It is important that anything that auto-plays on your website can be paused. So for example if you have an image slideshow at the top of your homepage it should only show for a short period or there should be the option to pause it. This can either be by controls (a pause button) or by a convention of hovering over it to pause it.

Why does it matter

Visitors with cognitive disabilities can find flashing or changing content difficult to understand and distracting. This group includes visitors who have disabilities such as dyslexia or are prone to seizures such as epilepsy.

4. Does your site use non-descriptive links?

How can you tell?

Look though your site for links such as ‘cllick here’ or ‘minutes’. It is important that the link clearly describes what is being linked to and that the same link text is not used to go to different destinations. Is it clear what is being linked to if the link is read without the contect of the surrounding text?

Why does it matter?

Visually impaired visitors using screenreaders will often just scan the links in the page to work out how to reach the content they are looking for. If they find a series of links saying ‘Minutes’ (for example) they will not be able to establish which set of minutes it is linking to. Instead rename your links ‘Minutes 20 May 2021’, for example.

5. Are any forms your site uses accessible?

Do your forms have labels that clearly identify what should go in each field. This will enable visually impaired visitors using screenreaders to identify all the fields. You should not use ‘honeypots’ as these can also trap visually impaired visitors.

Another issue is with forms that time-out after a certain time period. This can create a problem for visitors with motor-impairments who can find it difficult to fill in all the fields and need extra time.

Covid restrictions for town and parish councils

When will local councils be able to resume normal business?

This year has been a huge strain on so many lives.

It has been difficult too, to carry out the work of the parish or town council. One of the mainstays of council work is to hold meetings where issues are debated, and decisions are made. An important part of this is the ability of your parishoners to attend and comment on any of the issues.

This has not been easy. Zoom has usually been the application of choice to carry out remote meetings, but it can be far from ideal. There can be problems with setting up the meetings, people being unable to connect or even for the meeting host to connect and start the meeting.

Until recently Zoom allowed unlimited time for multi-user meetings, but that has now ended. In order to hold meetings longer than 40 minutes, you must buy a premium subscription.

So I’m sure everyone is asking, when will councils be able to resume having town or parish council meetings in public spaces such as the village hall.

A slight easing of lockdown that came into force just over 2 weeks ago. You are now able to get haircuts, go shopping and meet limited numbers of friends outside. However, you are still not allowed to meet with others outside your household indoors.

England: covid restrictions

17 May – Up to 6 can meet indoors

The next step will occur on 17th of May. From then on, people can meet in groups of up to 30 outside, and up to 6 people can meet indoors.

This may mean that smaller parish councils can resume their parish council meetings. However, that will still not be enough for larger councils or ones where a lot of your parishoners will wish to attend.

21 June – relaxation of all covid restrictions

21 June will be when the final stage of lockdown release happens. After that date it is hoped that all legal limits on social contact will be removed. That will mean that parish council meetings will be able to resume in their full format.

Scotland: covid restrictions

26 April – up to 6 people can meet outdoors.

17 May – people should be allowed to meet up indoors – initially in groups of up to 4 people from no more than 2 households.

7 June – council meetings will be able to resume.

Wales: covid restrictions

3 May – indoor activities for up to 15 adults.

17 May – up to 30 people can meet indoors.

How to keep your Zoom meetings safe from hackers

Zoom’s privacy and security issues have been in the headlines for a number of weeks now, causing concern for lots of users. But many people have no option but to use the software after it has been selected by the company they work for.

If you find that you have to use Zoom, there are steps you can take to ensure your experience is as safe as possible.

Zoom has already taken some steps to address concerns that have been raised in recent weeks, and the company says that it will continue to make improvements to the video conferencing software. But even when this happens, there is a lot you can do to lock things down.

Protect your account

A Zoom account is just another account, and in setting yours up, you should apply the basics of account protection. Use a strong and unique password, and protect your account with two-factor authentication, as this makes your account harder to hack and means it is better protected, even if your account data leaks.

There’s at least one more Zoom-specific catch: After you register, in addition to your login and password you get a Personal Meeting ID (PMI) – avoid making it public. As Zoom offers an option to create public meetings with your Personal Meeting ID, it’s quite easy for that ID to be leaked. If you do, anyone who knows your PMI can join any meeting you host, so look to share this information prudently.

If possible use your council e-mail to register with Zoom

A weird glitch in Zoom (which at the time of this writing wasn’t yet fixed) causes the service to consider e-mails of the same domain — unless it’s a really common domain such as or — as belonging to one company, and it then shares their contact details with each member of that group. For example, users who registered Zoom accounts using e-mails ending with, which is a public e-mail service in Kazakhstan experienced this. It may happen again with e-mail addresses belonging to smaller public e-mail providers.

So, to register with Zoom, use your council e-mail.

Don’t fall for fake Zoom apps

The number of malicious files incorporating the names of popular video conference services (Webex, GoToMeeting, Zoom, and others) in their filenames has roughly tripled in comparison with the numbers he found month by month over the previous year. That most likely means malefactors are ramping up their abuse based on the popularity of Zoom and other apps of its kind, trying to disguise malware as video conference clients.

Don’t fall for it! Use Zoom’s official website — — to download Zoom safely for Mac and PC, and go to the App Store or Google Play for your mobile devices.

Don’t use social media to share conference links

Sometimes you want to host public events, and in many places online events are the only option available these days, which means Zoom is attracting more and more people. Even if your event is truly open to everyone, you should avoid sharing the link on social media.

If you knew anything about Zoom before reading this post, you’ve probably heard about so-called Zoombombing. This is a term to describe trolls disrupting Zoom meetings with offensive content.

Where do the trolls get information about upcoming events? That’s right, they find them on social media. So, avoid publicly posting links to Zoom meetings. If for some reason you still want to, make sure you don’t enable the Use Personal Meeting ID option.

Protect every meeting with a password

Setting up a password for your meeting remains the best means of ensuring that only the people you want in your meeting can attend it. Recently Zoom turned password protection on by default — a good move. That said, don’t confuse the meeting password with your Zoom account password. And like meeting links, meeting passwords should never appear on social media or other public channels, or your efforts to protect your call from trolls will be in vain.

Enable Waiting Room

Another setting that gives you more control over the meeting, Waiting Room — recently enabled by default — makes participants wait in a “waiting room” until the host approves each one. That gives you the ability to control who joins your meeting, even if someone who wasn’t supposed to participate somehow got the password for it. It also lets you kick an unwanted person out of the meeting — and into the waiting room. We recommend leaving this box ticked.

Pay attention to screen-sharing features

Every normal videoconference app offers screen-sharing — the ability of one participant to show their screen to the others — and Zoom is no exception. Some settings that are worth keeping an eye on:

  • Limiting screen-sharing ability to the host or extending it to everyone on the call. If you don’t need other people to show their screens, you know which option to choose
  • Letting multiple participants share screens simultaneously. If you can’t immediately see why your meetings would need this capability, you’ll probably never need it; just keep it in mind in case you ever need to enable it.

Stick with the Web client if possible

The various Zoom client apps have demonstrated a variety of flaws. Some versions let hackers access the device’s camera and microphone; others let websites add users to calls without their consent. Zoom was quick to fix the aforementioned problems, as well as other, similar ones, and it stopped sharing user data with Facebook and LinkedIn. However, given the absence of a proper security assessment, Zoom apps are likely to remain vulnerable, and they may still employ shady practices such as data sharing with third parties.

For this reason, we recommend using Zoom’s Web interface instead of installing the app on your device, if possible. The Web version sits in a sandbox in the browser and doesn’t have the permissions an installed app has, limiting the amount of harm it can potentially cause.

In some cases, however, even if you want to use the Web interface, you may find that Zoom has gone ahead and downloaded the installer, and there’s just no other option to connect to the meeting but to install the client. In that case, you can at least limit the number of devices on which Zoom is installed to just one. Let it be your secondary smartphone or, say, a spare laptop. Choose a device with next to no personal information. We know that sounds somewhat paranoid, but it’s better to be safe than sorry.


Fake Ransomware Bitcoin Scam Claims “Your Site Has Been Hacked”

A fake ransomware scam is going around that targets website contact forms. It sends an email to the site owner with the subject “Your Site Has Been Hacked.” The body of the email claims the hackers have exploited a vulnerability to gain access to the site’s database and “move the information to an offshore server.” The email threatens to ruin the site owner’s reputation by selling the site’s database, notifying customers that their information has been compromised, and de-indexing the site with search engines using blackhat techniques.

Within the past few weeks, website owners have reported having received this email on various support channels, including, stackoverflow, and reddit. The sites in question have not been defaced, nor do they show any other evidence of tampering.

The Bitcoin Abuse Database has seen a surge of reports regarding this scam in May and June, logged under various Bitcoin addresses. The scammers send the email out indiscriminately, even targeting sites that do not have a database. So far the campaigns have not been very successful at convincing site owners to pay the ransom.

The Bitcoin Abuse Database advises visitors that extortion emails are 100% fake and those who receive them should not pay ransoms.

If you or one of your clients receive an email like this, rest assured that it is a scam that requires no action. If you want to be extra cautious you can change your passwords and use a security plugin to scan your files for changes. Otherwise, simply delete the email.

An example of this scam email is below for reference:


We have hacked your website [website URL] and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site [website URL] was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):


Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you for buying bitcoins.

What if I don’t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.