‘We Hacked Your Website’ Blackmail Scam

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years and cyber criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance with a blackmail threat. 

According to this message, which is targeted at website owners, the senders have hacked your website and extracted your database. The message threatens to leak or sell the stolen database, destroy your online reputation and de-index your site in search engines unless you send $2000 in Bitcoin within 5 days.

 Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Its A Bluff 
Often the message that we have just hacked your website is just a bluff designed to panic inexperienced website owners into sending money to criminals. The senders have not really hacked your site or stolen your database.

In fact, they distribute large numbers of identical messages to many different websites in the hope that just a few recipients will fall for the ruse and pay up. Even if only a few site owners are taken in by the trick and send money, the scam campaign will turn out profitable for the online criminals who launched it.

These crooks use predefined templates for their scam messages and simply add in the URL of the site being targeted.  The messages are often sent via the targeted website’s contact form.

Of course, if hackers had really taken control of your site as claimed in the messages,  they could easily prove this to you in various ways. For example, they can make visible changes to the site, or send a sample of the customer information they claim to have stolen. Instead, they send a generic email that claims that they have hacked your site but offer not the slightest shred of proof that they have actually done so.

Don’t Respond – Just Delete
If you receive one of these messages, do not respond to it.  Do not send money or information. Just delete the message.
If your site had really been hacked, you would likely receive alerts via your site security scanners, your hosting company, your customers, or Google Search Console. There are also various methods that you can check yourself.

Similar to Fake Blackmail Sextortion Scams
These scammers use a similar tactic to that used by sextortion scammers who distribute emails falsely claiming that they have recorded you visiting a porn site and will send the compromising video to all of your contacts if you don’t send money. As with the hacked site versions, the sextortion emails are just bluffs designed to panic people into sending Bitcoin.

The scam message will say that they have hacked your website and copied your databases by using vulnerabilities within your site. They then tend to say that the database will soon be leaked, or sold to the highest bidder. They then say that you can stop this by paying a fee of £2/3k within 5 days. Once you pay we will stop and not ever bother you again. 

Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene: Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.

BBC:        Hoax-Slayer:      Hacker News

You Might Also Read: 

An 'Infodemic' Of Phishing & Malware:

 


 

 

« Coronavirus Phishing Scams
Businesses Are Lining Up To Deploy AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

Phone Monitoring Service

Phone Monitoring Service

Phone Monitoring Service provides cyber security services, ethical hacking services, social media hacking services in the USA, Canada, Europe.