Be on the look-out for a new spam / phishing attack that is designed to make you believe your website has been hacked and some “good citizen” is letting you know about it. An example of these e-mails is shown below:
The e-mail will want you to believe your website has been hacked and is sending out bogus e-mails with nasty attachments. However, in reality, the person SENDING the e-mail has been attacked and their e-mail either hijacked or spoofed. The attachment will appear to be a Word, Excel, or PDF file but in reality be an infected file or zip.
Some variations of this attack also include links that appear to be linking back to pages on your website, but upon hovering over the link (don’t click it!) you will see it goes to a compromised/different site.
A few ways to tell that this is a scam:
- The sender usually claims to be a friend or customer, but in the majority of cases this is an address you will not recognize. If it is a person you know, CALL THEM and do not reply.. letting them know over the phone that their e-mail has been compromised or spoofed.
- The e-mail will include a suspect attachment or link(s). The attachment or links will be infected and/or linking to infected websites. You do NOT want to open the attachment or link.. as with all unexpected attachments or links, delete the e-mail.
- Typically the wording on the e-mail will be very brief and will be designed to scare you with words like “hacked” and/or “click this link to check your site right away”. Do not fall for the trap.. visit your own website (not from their link) and confirm it is fine, then safely delete the e-mail. If you have any real concerns about your website or e-mails appearing to come from you, contact us at ESG or your IT provider!