‘We Hacked Your Website’ Blackmail Scam

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years and cyber criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance with a blackmail threat. 

According to this message, which is targeted at website owners, the senders have hacked your website and extracted your database. The message threatens to leak or sell the stolen database, destroy your online reputation and de-index your site in search engines unless you send $2000 in Bitcoin within 5 days.

 Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Its A Bluff 
Often the message that we have just hacked your website is just a bluff designed to panic inexperienced website owners into sending money to criminals. The senders have not really hacked your site or stolen your database.

In fact, they distribute large numbers of identical messages to many different websites in the hope that just a few recipients will fall for the ruse and pay up. Even if only a few site owners are taken in by the trick and send money, the scam campaign will turn out profitable for the online criminals who launched it.

These crooks use predefined templates for their scam messages and simply add in the URL of the site being targeted.  The messages are often sent via the targeted website’s contact form.

Of course, if hackers had really taken control of your site as claimed in the messages,  they could easily prove this to you in various ways. For example, they can make visible changes to the site, or send a sample of the customer information they claim to have stolen. Instead, they send a generic email that claims that they have hacked your site but offer not the slightest shred of proof that they have actually done so.

Don’t Respond – Just Delete
If you receive one of these messages, do not respond to it.  Do not send money or information. Just delete the message.
If your site had really been hacked, you would likely receive alerts via your site security scanners, your hosting company, your customers, or Google Search Console. There are also various methods that you can check yourself.

Similar to Fake Blackmail Sextortion Scams
These scammers use a similar tactic to that used by sextortion scammers who distribute emails falsely claiming that they have recorded you visiting a porn site and will send the compromising video to all of your contacts if you don’t send money. As with the hacked site versions, the sextortion emails are just bluffs designed to panic people into sending Bitcoin.

The scam message will say that they have hacked your website and copied your databases by using vulnerabilities within your site. They then tend to say that the database will soon be leaked, or sold to the highest bidder. They then say that you can stop this by paying a fee of £2/3k within 5 days. Once you pay we will stop and not ever bother you again. 

Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene: Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.

BBC:        Hoax-Slayer:      Hacker News

You Might Also Read: 

An 'Infodemic' Of Phishing & Malware:

 


 

 

« Coronavirus Phishing Scams
Businesses Are Lining Up To Deploy AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.