Why your website may likely be at risk for a Hack Attack
A look at what modern-day pirates view as valuable resources to mine from your website.

Mar 21, 2018

By Kirby Mack, Director of Digital Media

A cyberattack can target any firm, no matter the size.

Most of the time, a hacker’s main objective is to exploit one of the following valuable resources to make money on:

  • Sought after data that can be sold or used.
  • A squeaky clean reputation.
  • Return traffic and/or a constant client base.
  • It is important to you.

Even worse, if they aren’t holding you hostage they could be attacking your clients. A relationship that took months to nurture may now take years to mend. New clients are hard enough to close and are nearly impossible to get back if they leave.

Stealing Your Client List

If you have a submit form on your website, a hacker sees that as a piggy bank. Every submission you get with real world information is another dollar in the bank. An attacker will gather all of the visitor submissions from your site and use this information in many ways. They may sell it to a third-party advertising agent, steal their identity, or even try to sell if to a competitor of yours. And it’s not just your client’s identity that is at risk. They can use the information collected to set up a mirrored email account. And with a complete list of your clients’ emails, posing as you, they can send out a phishing email, stealing your client’s personal information. Think about it. You worked hard to capture that lead, it’s valuable to you. Why not protect it at all costs?

This Site Is Clean

Day and night, you labored to build your firm and you are proud of the reputation it carries. It’s trusted and reliable and THAT makes you a target. A “clean site” in the eyes of the internet is all it takes for a hacker to desire to gain access to your website. Once they get in they use your resources and hosting to hide their own malicious malware and scripts. Ensuring that their reputation stays intact, they then, in your name, do the following:

  • Host Phishing Pages
    A phishing page is a page built and hosted on your site in an attempt to fool unsuspecting visitors into sharing sensitive information, like passwords, credit cards or Social Security numbers. It may be built to mimic the look of Gmail, Facebook, or even your own home page.
  • Host Spam Pages & Links
    Your website is legit, and because of this search engines assume your content is too. This includes all posts and outbound or inbound links. Hackers love to hide spam on your site, often using it to boost SEO rankings for their own malicious business. Basically, making your site work for them.
  • Spam Emails
    Getting spam emails past spam filters is a difficult endeavor. But almost all spam filters rely on IP blacklists to block everything from known IPs that send spam. An attacker will take advantage of the perfect reputation your IP has acquired and begin sending spam from your web server to bypass the spam filters. Ultimately doing irreversible online damage to your firm and its reputation.

Eventually, one of the above methods will have your site hit by Google for having malicious content. By the time you’re able to identify which files are corrupt, your site is already on the blacklist and automatically removed from all online search engines. (Click to check for free if you are currently on the blacklist.)

Hitching A Ride On Your Traffic

Ever visit a website and before you know it you are automatically redirected to a form asking you to fill out your credit card information to receive your free $500 Wal-Mart Gift Card? This is a very common tactic that hackers use. It’s a simple redirect but highly effective. Most of the times your visitors don’t even have to click on anything to be sent to spam. All the hacker has to do is a set up a timed redirect and visitors are instantly redirected to a malicious URL that gathers their information that the hacker can then use for profit.

But money isn’t always the end game for these attacks. In almost half of the cases we see, the attacker just wants to expose your vulnerabilities for their own ego. They look at it like a game. They just want to see if they can get in and when they do, they want to leave their virtual spray paint all over your online home.

Another diabolical way attacker’s piggy back off your website’s traffic is through the spread of malware. They will install their malware on your website which will then infect the computers of every visitor. That malware will then hold the visitor’s system hostage until they have met the demands of the hacker.

It’s Valuable To You

Your website is important to you. You’ve likely spent a lot of time and money to get your site working flawlessly. Perhaps your website owns a sought-after URL, like RetireHappy.com, and many other firms would like to have it. Maybe your site hosts an online Content Portal or all of your client intake forms. These are things a hacker knows and will use against you by holding your site hostage and demanding some form of payment. Unfortunately, more often than not, after receiving payment, a hacker will still delete all of your files and folders, leaving you not only out of money but without a website.

The Good News

There’s no 100 percent guarantee to never get hacked, but there are ways to safeguard yourself, and your site, from hackers.  Rule No. 1 is BE AWARE of the threat. You wouldn’t leave the front door to your house wide open when you’ve gone on vacation because you’d be asking for trouble.  Like most people you’d lock-up and might have a security system. These precautions wouldn’t prevent a security threat altogether but sure would reduce the risk. Our advice is to take the same amount of care with your website.

How credible is your hosting server? Have you had regular software updates on your site? Do you know when the last hack attempt was on your site? And who, and where it came from?

These questions, and issues, are easy to address by a professional.  They’re also very inexpensive to address BEFORE something happens.  But after the fact is a different story altogether.

So, if you “get” the concept of locking your front door when you leave the house; take the same precautions with your website.  Call a professional to make sure that your site is as safe as it can be, so you can avoid a problem that is difficult or impossible to remedy in the future.

Kirby Mack is Director of Digital Media at Lone Beacon.

[Related: Three Key Cybersecurity Lessons for Financial Advisors]