Most of us have had fake emails that appear to come from a Bank, PayPal or eBay asking for our credit card or login details. The scams work if someone clicks on a link, goes to a fake website owned by the scammers and hands over the information they need. These fake sites, once quite crude and clearly fraudulent, are becoming much more sophisticated. They not only look like the real thing but their URLs are very similar to the true ones that they are imitating.
To help them escape detection, these fake sites have tended to be hosted on a server owned by the criminals, and are sometimes only visible at certain times to coincide with the sending of the fake emails. But now they have thought up a better way: they use your website. Instead of hosting the fake sites themselves, the scammers are hacking into perfectly innocent sites and using them to gather the information they need. This way they can steal credit card or bank details, forwarding the information to themselves, without the owners of the sites even being aware it is happening – until it is too late.
Once a site is identified as having been corrupted in this way the hosting company usually has no option but to remove it. This is bad enough, but at the same time, Google will remove the suspicious URLs from their search results and show a warning page to users who visit the affected address until they are confident that the threat has been removed. Meanwhile the hackers, at negligible risk to themselves, simply move on to other prey, leaving their victim with a site to reconstruct and incalculable damage to their business.
You can minimise the risk of suffering this sort of attack by ensuring that your site is regularly upgraded to the most recent version of the software that was used to build it. As sites get older, the risk of them being corrupted increases, unless they are properly maintained. This is because over time, hackers are able to find weaknesses in the software that is used to build the websites. At the same time, developers continuously work to close these loopholes, and offer security fixes in software upgrades.
You can minimise the risk of suffering this sort of attack by ensuring that your site is regularly upgraded to the most recent version of the software that was used to build it. We strongly recommend that you consider having your website reviewed and upgraded if necessary.
