The issue of Internet security — and the danger of compromise to your websites and accounts — may seem distant from marketing, but think of what happened in the 2016 US election and you will realize that a mess in this area can have devastating consequences.
I’ve had my share of problems (though not obviously as severe as Hillary Clinton’s) and have been saved largely by “nothing much to hide” circumstances. After all, as a news media and advertising service, we don’t really work in the shadows with secrets to hide and protect.
Nevertheless, a few weeks ago, as our companies switched servers and before we commenced a serious security hardening process, I noticed a serious problem — my IP address was spewing spam. This was especially disturbing as we had taken special measures to separate our eletter/broadcast service from the company’s regular transactional and business accounts, part of the security prevention system and to enable the newsletters to go out (via third-party SMTP service) with reasonably good sending reputation.
On review, indeed, our consultant discovered one of our sites had been hacked and turned into a spambot. We closed that door.
Then yesterday, Ireceived five identical emails with this wording:
I’m a member of an international hacker group.
As you could probably have guessed, your account (real email address removed) was hacked, I sent message you from it.
Now I have access to you accounts! You still do not believe it? So, this is your password: (partially correct password removed), right?
Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.
We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one…
Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y
I guarantee that after that, we’ll erase all your “data” 😀
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security. We hope this case will teach you to keep secrets.
Take care of yourself.
As I’ve never visited porn sites either deliberately or accidentally? — at least anytime in the last several years — and I don’t keep sensitive financial or personal information on my websites — I’ll ignore the extortion request, other than to broadcast the message here, though it is disturbing that the bad guys had a near-variant of a password I’ve used quite frequently.
Outside of working with a competent consultant (he lives amazingly enough in the scrounge country for Internet security — Nigeria) the biggest change has been to switch my security files from WordFence to the “All in One Security” plugin on our WordPress site. This tool has powerful security hardening features. The biggest risk (so far) is you can make things so secure that you and trusted employees/consultants may have trouble logging in if you aren’t careful. But I think the inconvenience is worthwhile in avoiding serious hacking/failure problems.
Take security seriously, because you don’t want a marketing/business disaster to befall your business.