A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam.
A new #extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site's reputation and get them blacklisted for spam https://t.co/bMgpwyfUkB
— Alexander Anoufriev (@anoufriev) June 10, 2019
Ilia Kolochenko, Founder and CEO at ImmuniWeb:
“Owners of large websites should not really be overly concerned, as such “attacks” will not have any real impact on them. However, smaller websites may truly suffer if cybercriminals execute what they threaten. Many existing blacklists omit any verification of incoming complaints and recklessly blacklist URLs upon receipt of an abuse report. Worse, some people who may get threats or scam messages ostensibly coming from the website owner – will likely emotionally react first and investigate later.
Nonetheless, websites owners should not panic. Proper execution of the threats will inevitably require the attackers to invest their own money into spam mailings and other malicious activities. Most likely such threats will rarely be executed unless attackers have a very specific reason to do so. Moreover, such smear campaigns services have existed for a while already. More sophisticated cyber gangs will even place malware on your website and send the links to all your customers and partners to create irreparable damage to business reputation.
To prevent damage, there are several things to do. First of all, website owners should check their website security and presence on any blacklists – at ImmuniWeb we offer a free website security test for this. Second, check your SSL/TLS encryption and SSL certificate – some blacklists and Google may consider them when evaluating your website reputation and therefore chances to get banned as a “scam”. Last, but not least, immediately notify your hosting provider and domain registrar about such threats and also file a complaint to your local law enforcement agency.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.