‘We Hacked Your Website’ Blackmail Scam

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years and cyber criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance with a blackmail threat. 

According to this message, which is targeted at website owners, the senders have hacked your website and extracted your database. The message threatens to leak or sell the stolen database, destroy your online reputation and de-index your site in search engines unless you send $2000 in Bitcoin within 5 days.

 Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Its A Bluff 
Often the message that we have just hacked your website is just a bluff designed to panic inexperienced website owners into sending money to criminals. The senders have not really hacked your site or stolen your database.

In fact, they distribute large numbers of identical messages to many different websites in the hope that just a few recipients will fall for the ruse and pay up. Even if only a few site owners are taken in by the trick and send money, the scam campaign will turn out profitable for the online criminals who launched it.

These crooks use predefined templates for their scam messages and simply add in the URL of the site being targeted.  The messages are often sent via the targeted website’s contact form.

Of course, if hackers had really taken control of your site as claimed in the messages,  they could easily prove this to you in various ways. For example, they can make visible changes to the site, or send a sample of the customer information they claim to have stolen. Instead, they send a generic email that claims that they have hacked your site but offer not the slightest shred of proof that they have actually done so.

Don’t Respond – Just Delete
If you receive one of these messages, do not respond to it.  Do not send money or information. Just delete the message.
If your site had really been hacked, you would likely receive alerts via your site security scanners, your hosting company, your customers, or Google Search Console. There are also various methods that you can check yourself.

Similar to Fake Blackmail Sextortion Scams
These scammers use a similar tactic to that used by sextortion scammers who distribute emails falsely claiming that they have recorded you visiting a porn site and will send the compromising video to all of your contacts if you don’t send money. As with the hacked site versions, the sextortion emails are just bluffs designed to panic people into sending Bitcoin.

The scam message will say that they have hacked your website and copied your databases by using vulnerabilities within your site. They then tend to say that the database will soon be leaked, or sold to the highest bidder. They then say that you can stop this by paying a fee of £2/3k within 5 days. Once you pay we will stop and not ever bother you again. 

Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene: Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.

BBC:        Hoax-Slayer:      Hacker News

You Might Also Read: 

An 'Infodemic' Of Phishing & Malware:

 


 

 

« Coronavirus Phishing Scams
Businesses Are Lining Up To Deploy AI »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Sophos

Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

Halon

Halon

Halon is a flexible security and operations platform for in-transit email.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Team Burkhart

Team Burkhart

Team Burkhart, a proud member of the Apple Consultant Network, is a leader in managed IT and security services, serving clients across the Midwest and beyond.