DON’T GET STUNG!
Over the course of the past 8 years managing clients and many years of using the internet before that, I’ve seen my fair share of business scams.
I’m not talking here about your standard “personal” scams like the PayPal, HMRC, Facebook and FedEx phishing scams, which usually aim to steal personal data such as passwords, or defraud credit card details. (And hopefully no one falls for the Lottery or Nigerian prince scams anymore!)
Here we’re talking about scams directed towards your business, or you as a business owner.
It’s not uncommon for us to receive a call from a worried client asking for advice, because they have seen an official-looking email relating to their business’ online presence.
Here’s a look at some common examples, what to do and how to avoid them:
1. “Domain Expiration”
This clever little deception is very common. It makes out like it’s an official Domain name renewal email. The sender in the email header is given as “Domain Service” and the actual email address may vary.
The subject is usually “Final Notice” – scary and urgent to make you think it’s official and time is running out.
People think this is their annual renewal for their domain name, and may either pay it immediately or contact their web developer asking why they’re being charged a high amount for a domain renewal (especially as they may have already paid the REAL renewal to the web host or web designer). So this creates a headache for the client and the legitimate agency.
Look carefully though at the text highlighted in blue – this is nothing to do with your domain name. They are selling an SEO “service” and mention this at the bottom of the email.
But how did they get my information if it’s not legit?
When you register a domain name, you are asked to enter personal contact details so that the legitimate registrar can identify the domain name owner. Depending on how you register the domain, this information might – legally – be made publicly available. These scammers then set up automated email bots which contact the given contact around the time of the domain’s expiry, so that the timing and targeting of their scam has a more legitimate feel to it.
What should I do?
- Completely ignore it!
- Do NOT click “unsubscribe”. Do you really think these scammers are going to play nice and take you off their mailing list? No. When you click “unsubscribe”, it might look like it’s taken you off a list. In fact, you’ve now just told them that this email address is correct and active – and has probably been added to a number of other lists.
Legitimate renewal notifications should come from YOUR web designer or agency. Not a third party.
We always tell our clients: If it’s about your domain name, website, SEO, digital marketing or web hosting, and it’s not from us, it’s probably not legitimate!
2. Blackmail scam
Warning: contains adult themes
This one is more of a personal attack and leverages the prospect of using your own computer against you. The scammer will claim to have infected your computer, turned on your webcam and filmed you partaking in some… “me time”.
The scam is made up of several parts, each trying to add more layers of realism to confuse and intimidate you. They will ask for Bitcoin (cryptocurrency) or credit card payment in return for not releasing the footage. Aside from being a scam, this is a criminal threat.
It seems pretty specific, right? But once you realise they’ve not made any mention of the sites you’ve visited or what specifically they’re claiming you’ve done, you realise it’s just a scattergun approach based on common themes and fears.
Here’s another, more detailed one received a few weeks later from a “hacker” calling themselves “HcK7p” (firstly, you’re not a hacker mate, you’re an idiot):
This one adds another layer to attempt to confuse you, by using a very simple email mask to make it LOOK like the email was sent from your inbox. They also claim that they are now locked in and can see if you change your password.
Note how the scammer doesn’t include ANY personal details to back up his claim. If you really had someone’s address book, you’d drop a few contact names into your threat to show you are real. (and everyone has a friend called “John” and “Sarah” so don’t fall for that either!)
What should I do?
- Don’t panic. This is a shot-in-the dark attempt to hustle you
- Do NOT reply or click any links
- Do NOT send any money or bitcoin!
- Nevertheless, it would be prudent to run a virus scan on your computer and use a suitable firewall
- Change your email passwords and use a secure password
- If you are truly concerned, firstly speak to someone you trust, there is nothing to be scared or embarrassed about.
- You may wish to contact the police if you believe someone is really blackmailing you over intimate photos or videos they may have of you.