Hacked…Part Two: With online activities being such a vital part of your interaction with potential and current customers, a major part of your communication methods, and a significant portion of your marketing efforts, the security of your website, social media and email accounts is vital.
Since writing my last article, a majority of my time has been spent helping a few clients recover their social media account, restore their email account from a spammer spoofing their service and a couple websites being hijacked. But Darcy, you specialize in marketing and advertising? That’s correct, I’m not a security specialist, but these security issues go cross over into my lane because the results of these hacks effect your ability to communicate with customers, and hacks can even stop all ability to place ads, be found on search engines and completely remove your social media profiles.
Let’s start with the reason most hackers hack.
These days, hackers are doing what they do to exploit systems for financial gain. Yeah, like most things today, it’s about the money. If it’s not gaining control of your social media account that you have spent hours and hours developing, posting content, building your followers, and then ransoming control of your account back to you, hackers may take control of your social media account to gain access to your advertising account linked to your profile to enable the hacker to place ads to counterfeit products and illicit services. It’s terrible, but I’ve seen it happen where hackers gained access to a Facebook ad account and ran ads that the cleaner ended up being billed for. The hacker received hundreds of dollars’ worth of ads that the cleaner had to pay for.
A recent website hack was the ‘Japanese character hack’. This hack is a remote code execution hack where the hacker exploits a security flaw in the WordPress content management system. The hacker can remotely insert malicious files that overwrite the homepage redirecting search engines to an XML file the hackers created on the compromised website. This hack consumes your monthly allotment of webserver bandwidth (traffic capacity) as search engines are instructed to spider the contents of the CML file. The goal of this hack is to increase the search engine rank for illicit web pages filled with counterfeit products for sale. The hacker earns commissions of the sale of counterfeit goods. This hack can be further complicated by compromising your Google Search Console account where the hacker takes over the account that Google provides you to submit your website content to search engines for indexing and ranking. Suddenly, Google is flooded with hundreds or thousands of links that appear to be coming from your website. Google adds these links to their search results which increases search results for the counterfeit goods sending unsuspecting traffic and customers to buy counterfeit items, thus earning the hacker commissions. It’s a rather complex scam, but the result is your search engine standings are completely destroyed as Google has methods of detecting such scams and will remove your website from search results entirely until you remove malware and malicious files.
Even worse, if you are running Google Ads, Google will stop or pause all ads you may be running. Google’s advertising policy is to stop ads promoting compromised or hacked websites. Google does not want to support or increase the spread of malware with their systems, so if your website becomes compromised, you are usually shut off from Google’s systems until you have repaired or removed threats. If you rely on Google search results and Google ads to find new customers, you will be cut off from new customers coming into your business. This will cost you customers, sales and revenue. Getting your standings and status back can take months, so it’s a significant hindrance to your business.
Hacking is becoming big business. Some countries are engaging in hacking as part of their policies. Some countries employ and deploy hackers to conduct economic warfare against other countries’ economies. Some countries are using hackers as part of their warfare strategies. And then there are countries deploying hackers to raise funds for their regime leaders to pay for lavish lifestyles or pay for military and weapon development. Lastly, many countries turn a blind eye to hacking and scamming activities as it’s a means of bringing in much needed revenue to fund its citizens. And since many hackers are attacking people and businesses outside of the countries in which the hacker lives, governments turn a blind eye to activities as victims of hacks are outside their borders.
I’ve even seen online markets where hackers sell scripts, software, how to instructions, and even files filled with websites, email addresses, email servers and even user names and passwords. For a few bucks a hacker will sell lists of compromised or websites that can be comprised complete with access details so a hacker can log into your website and get away with banking details and other confidential information (like credit card numbers). As if it’s not difficult enough keeping on top of technical details defending your digital assets, now you have to be concerned with your vulnerable digital assets being sold for a few bucks.
Hackers and hacking are a major disruption diverting efforts to defense and recovery, preventing you from administering and promoting your business. It’s very difficult trying to look ahead and work towards progress when you are busy covering your assets and watching your back. It gets expensive recovering from a hack as you usually lose a bunch of work you’ve paid to have had done and then you have to pay again to get back to where you were before you can resume moving ahead again. Unfortunately, it’s a situation that is pretty much a matter of not IF, but WHEN it’s going to happen to you. It’s just part of the price we pay being ‘out there’ in the digital world.
Make regular back ups of your website. Use complex uncommon passwords. Restrict access to administering your digital assets to just very few highly trusted individuals and service providers. Don’t put all your eggs in one digital assets for new customer flows. Make plans for alternate communication methods with customers if one communication channel becomes compromised. Conduct regular scans for malware and malicious files. Set aside a budget for security, recovery, rebuilding or replacing digital assets. Being proactive and prolific is your best defense as it’s unlikely hackers are going to get all your digital assets. Good luck, as it’s a jungle out there!
Darcy Moen opened his first drycleaning shop at the age nineteen. Over the next sixteen years, he built his first 600 square foot plant into a chain of 5 stores, creating and testing his own marketing programs along the way. Darcy is a multi-media marketer, working in digital signage, video, print, direct mail, web, e-mail and is a social media expert certified by Facebook for Pages, Insights and Ad Systems. Please visit www.drycleanersuniversity.com.