The lost revenue to individuals and companies responding to and falling prey to these phishing messages is enormous. We in the web field lose considerable amounts of time that we could be working on websites answering queries about such matters. It is obviously part of the job – or as they say in the business world: the cost of doing business.
We at CharlesWorks want our website clients to be assured they are safe whenever possible. So whenever we can we want to mitigate the risk of phishing scams.
What you can do to Mitigate these Messages
Emails. The text in the sample phishing message below may show up as an email from yourself. This is usually quite disconcerting to most internet users. It invokes a feeling that the The scammers use the fact that this upsets most people to impress upon the user the legitimacy of the threat. In most cases the threat is simply a threat – nothing has been hacked. However, no one can absolutely guarantee that there is no legitimate hack of the website or emails. Your hosting provider can look to see if there is any evidence pointing to an actual hack. You should contact them to make sure. When such emails are received, the best course of action is to report them as phishing messages if your service provides an avenue to do so. If not, then report them to your email hosting company to find out how to best handle them. Aside from that, simply deleting them is the proper course of action.
Website Forms. Sometimes the text in the sample phishing message below shows after being entered in a form from your website instead of directly to you in an email. In such a case, you should NEVER report a message from the form on your own website as spam or phishing. If you report any of your website’s messages as spam, you run the risk of not getting the legitimate website messages your potential customers are sending. Instead, you should have a good reCAPTCHA or other spam catching software installed to deal with form spammers.
I am including the entire text of what appears to be a common phishing message below. The identifying information is *’d out (replaced with * characters) to maintain the privacy of the individual and/or company this was sent to. Note that most phishing messages have some common threads: create a sense of urgency and instill fear in the recipient. Always read through the content and most of the time you will realize what they are saying most likely couldn’t have applied to you – hence it is actually a generic message sent to thousands at the same time in the hopes of scaring someone (anyone) into doing the scammer’s bidding.
Sample of an Actual Very Common Phishing Message
Sent: Friday, June 5, 2020 8:13 PM
Subject: Your website ************.***, databases and emails has been hacked.
FORWARD THIS EMAIL TO THE PERSON WITHIN YOUR COMPANY WHO MAKES THE IMPORTANT DECISIONS
You may have noticed that we are using your company’s server to send this message, we have hacked into your https://***.************.*** site and extracted all of your databases and backed up all of your mailboxes.
How did this happen?
Our team found several vulnerabilities within your website and company computers that we were able to exploit. After finding them, we were able to obtain their database credentials and extract their complete data from their computers, from their site and copies of all emails in all their mailboxes with optimismplus.com domain and finally we moved the information to a foreign server.
What does this mean?
We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your https://***.************.*** site was at fault for leaking the information and damaging the reputation of all your customers and providers. Lastly, any links you have indexed in search engines will be de-indexed based on the blackhat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country.
How do I stop this?
We are willing to forget about destroying the reputation of your site and company for a small fee. The current fee is $2,500 USD in Bitcoins.
Send the amount in Bitcoin to the following address:
Once you have made your payment, we will automatically be informed of it. At the precise moment that you have read this message, you have a period of 72 hours to make the payment, or I guarantee that the reputation of your company will be completely destroyed. The proof that we have access and all your data is that this message has been sent using your company’s servers.
How do I get Bitcoins?
You can easily buy bitcoins through various websites.
What happens if I don’t pay?
If you decide not to pay, we will launch the attack after 72 hours and keep it until you do, there is no countermeasure to this, you will just end up wasting more money trying to find a solution. We will completely destroy your reputation with your customers, your suppliers, your partners, on google and the entire country.
This is not a hoax, do not try to reason or negotiate, we will not read any answers. Once you’ve paid, we’ll stop what we were doing, we’ll destroy all data taken from your site, your databases, your mailboxes, and you’ll never hear from us again.
Keep in mind that the payment with Bitcoin is anonymous and no one will know that you have complied. The time is running.
Most of these types of scams are apparent to those of us who work in these fields. However, as the scammers progress they get better and better at tricking people into clicking on things and ultimately getting them to infect their own devices! The golden rule is to not click on anything in emails unless you are absolutely certain about who they are from, etc.
In closing, I always want folks to know that they should be feel comfortable contacting the people who handle their email about email issues – and the people who handle their website about possible issues with their website. Our CharlesWorks clients are always welcome to call 603-924-9867 or email us at Support@CharlesWorks.com about anything web or email related. It’s why we are here: for you!