‘We Hacked Your Website’ Blackmail Scam

Uploaded on 2020-05-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years and cyber criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance with a blackmail threat. 

According to this message, which is targeted at website owners, the senders have hacked your website and extracted your database. The message threatens to leak or sell the stolen database, destroy your online reputation and de-index your site in search engines unless you send $2000 in Bitcoin within 5 days.

 Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Its A Bluff 
Often the message that we have just hacked your website is just a bluff designed to panic inexperienced website owners into sending money to criminals. The senders have not really hacked your site or stolen your database.

In fact, they distribute large numbers of identical messages to many different websites in the hope that just a few recipients will fall for the ruse and pay up. Even if only a few site owners are taken in by the trick and send money, the scam campaign will turn out profitable for the online criminals who launched it.

These crooks use predefined templates for their scam messages and simply add in the URL of the site being targeted.  The messages are often sent via the targeted website’s contact form.

Of course, if hackers had really taken control of your site as claimed in the messages,  they could easily prove this to you in various ways. For example, they can make visible changes to the site, or send a sample of the customer information they claim to have stolen. Instead, they send a generic email that claims that they have hacked your site but offer not the slightest shred of proof that they have actually done so.

Don’t Respond – Just Delete
If you receive one of these messages, do not respond to it.  Do not send money or information. Just delete the message.
If your site had really been hacked, you would likely receive alerts via your site security scanners, your hosting company, your customers, or Google Search Console. There are also various methods that you can check yourself.

Similar to Fake Blackmail Sextortion Scams
These scammers use a similar tactic to that used by sextortion scammers who distribute emails falsely claiming that they have recorded you visiting a porn site and will send the compromising video to all of your contacts if you don’t send money. As with the hacked site versions, the sextortion emails are just bluffs designed to panic people into sending Bitcoin.

The scam message will say that they have hacked your website and copied your databases by using vulnerabilities within your site. They then tend to say that the database will soon be leaked, or sold to the highest bidder. They then say that you can stop this by paying a fee of £2/3k within 5 days. Once you pay we will stop and not ever bother you again. 

Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene: Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.

BBC:        Hoax-Slayer:      Hacker News

You Might Also Read: 

An 'Infodemic' Of Phishing & Malware:

 


 

 

« Coronavirus Phishing Scams
Businesses Are Lining Up To Deploy AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.