‘We Hacked Your Website’ Blackmail Scam

Uploaded on 2020-05-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years and cyber criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance with a blackmail threat. 

According to this message, which is targeted at website owners, the senders have hacked your website and extracted your database. The message threatens to leak or sell the stolen database, destroy your online reputation and de-index your site in search engines unless you send $2000 in Bitcoin within 5 days.

 Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Its A Bluff 
Often the message that we have just hacked your website is just a bluff designed to panic inexperienced website owners into sending money to criminals. The senders have not really hacked your site or stolen your database.

In fact, they distribute large numbers of identical messages to many different websites in the hope that just a few recipients will fall for the ruse and pay up. Even if only a few site owners are taken in by the trick and send money, the scam campaign will turn out profitable for the online criminals who launched it.

These crooks use predefined templates for their scam messages and simply add in the URL of the site being targeted.  The messages are often sent via the targeted website’s contact form.

Of course, if hackers had really taken control of your site as claimed in the messages,  they could easily prove this to you in various ways. For example, they can make visible changes to the site, or send a sample of the customer information they claim to have stolen. Instead, they send a generic email that claims that they have hacked your site but offer not the slightest shred of proof that they have actually done so.

Don’t Respond – Just Delete
If you receive one of these messages, do not respond to it.  Do not send money or information. Just delete the message.
If your site had really been hacked, you would likely receive alerts via your site security scanners, your hosting company, your customers, or Google Search Console. There are also various methods that you can check yourself.

Similar to Fake Blackmail Sextortion Scams
These scammers use a similar tactic to that used by sextortion scammers who distribute emails falsely claiming that they have recorded you visiting a porn site and will send the compromising video to all of your contacts if you don’t send money. As with the hacked site versions, the sextortion emails are just bluffs designed to panic people into sending Bitcoin.

The scam message will say that they have hacked your website and copied your databases by using vulnerabilities within your site. They then tend to say that the database will soon be leaked, or sold to the highest bidder. They then say that you can stop this by paying a fee of £2/3k within 5 days. Once you pay we will stop and not ever bother you again. 

Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene: Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.

BBC:        Hoax-Slayer:      Hacker News

You Might Also Read: 

An 'Infodemic' Of Phishing & Malware:

 


 

 

« Coronavirus Phishing Scams
Businesses Are Lining Up To Deploy AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.