I have written in the past about Scam email practices, specifically those who note that they can optimize your website for first page ranking on Google, etc. As I’ve noted, in most every case the email promising to help your website with SEO isn’t professional, doesn’t provide a phone number, nor do they have a website, … which are clear indicators of a scam!
Today I received a email from a company, with a website, which had signed me up for their email list (without my permission). This company noted that they had visited my website and noted that I wasn’t using any “proactive controls to protect itself against Hacker Threats & virus infections”. The purpose of the email was to get me to purchase their software.
Their actual email follows:
Dear Business Owner
Greetings from Hackers Locked , USA ! I discovered that your website is not using any proactive controls to protect itself against Hacker Threats & virus infections . Did you know that you may also be loosing on sales due to this ? Well you deserve better sales and profits and I would like to help you with that. Hackers Locked Trustmark cost’s 399 USD but I would offer that to you for 99 USD !! Please feel free to take advantage of our special offer and get protected today !
Regards
Sam- Chief Security Architect
Hackers Locked INC
(url removed to avoid linking to a scam website)
I went to the website, and it looked legitimate, so I replied to the email and noted that since my website is XHTML, and my Blog is secure, in what way was my website not secure, especially considering that hacker threats and viruses (actually Trojans, a virus affects an operating system not a website database) need an unsecured database for access?
The reply I received from “Sam” was:
“I will be honest with you , the mail was an attempt to capture attention of some of the website owners that were shortlisted from our research . So in a way its just creating awareness , ofcourse I am happy if we grow our network of clients too. However its not my motivation specially when I offer my product at a throw away price of 99 USD 🙂 Trust me on that one.” Sam went on to reference how websites can distribute malware and get blacklisted in all major browsers, and how most virus infections take advantage of security problems in your website. He concluded with the idea that their software allows one to do an ethical hack to see where vulnerabilities lie.
Ok, trust you, no, I don’t think so. What Sam wrote had little to do with what I noted … shortlisted from our research (really?), and when a company starts off with a fraudulent claim that “I discovered that your website is not using any proactive controls to protect itself”, I find the email amusing at best.
The reality is, everyone loves to use fear tactics to get you to purchase something. The idea of ethical hacking to look for vulnerabilities of a website on a network is a good one, but as I had noted to Sam, a virus affecting one’s personal computer would not infiltrate to a network, well unless one used their own “personal” hosting server with direct access to their personal computer. We live in an age where most people use good Virus Scan and Trojan removal software, and most hosting servers are extremely secure. Assuming you do have a decent virus scan software, guess what, it will include test options to check for port vulnerabilities on your personal computer, email vulnerabilities if you use Outlook instead of Web Mail, and it will include a check for browser vulnerabilities, the ability to hide personal data, etc.
The long and short is security for one’s personal computer is handled by good virus scan software. Security for your hosting server is provided for by the hosting server company. And security for your XHTML website is not needed since it can’t be hacked (there is no database). For those who use a CMS website such as Joomla and WordPress, there are frequent updates which are provided to improve the security of the application. As for other CMS applications, such as the many shopping carts and other blogging applications, sure, some of these may get malware by way of a SQL Injection. The important thing is to do some research before you install any CMS application to see if there have been security problems. Next, be sure to read up on what is needed to secure it properly. Typically this involves deleting the install file, creating a good password for the database and administrative area, securing the configuration files by changing file permissions, and removing personal data about the CMS application and version used where possible. But again. these concerns have nothing to do with what the email noted.
In summation, it is important to have a secure computer, hosting network, and website, but before you pay for something, be sure that the application is legitimate (and needed), and not one seeking to prey on your fears of what could happen.