Website owners often receive a flurry of emails that at first glance, appear to be from marketers. These emails take on many different forms, and even though some of them might look legit, they’re not coming from a marketing team at all.
Instead, they’ve been sent by malicious actors who are hoping to gain access to a site through social engineering. Because website or domain owners are required to register their web properties in a public directory, usually using personal information, anyone can look up a URL or a site and immediately see the owner, as well as their related contact information.
If you’re not being careful, you may already be giving away sensitive information, and unwittingly providing hackers and other shady individuals with an open door into your site.
Keep reading for a few of the top scams you should be looking out for.
1. Extortion scams
Most recently, fraudsters have taken to blackmail and extortion as methods of choice. Hackers will obtain personal information from website owners and threaten to blacklist a website or domain for noncompliance. In this situation, the reputation of your site is used as leverage in exchange for money—usually a cryptocurrency such as Bitcoin.
Although this scheme sounds intimidating, most threats are nothing more than a bluff. Even in the rare cases that they aren’t, you should never pay a ransom as you won’t be able to recover the money and there’s no guarantee the attackers won’t carry out their plan anyway. If negative attention and feedback do occur, it’s best to document this communication, turn it over to the appropriate authorities, and speak openly about the attacks if and when they do occur.
2. SEO marketing scams
Another popular scam among fraudsters is one in which they disguise themselves as an SEO or marketing agency, promising to boost site traffic and improve search result rankings. This scam can be harder to spot as there are indeed many legitimate content marketing teams who solicit site and domain owners regularly.
However, in this case, the malicious actor disguised as a legitimate SEO professional will keep the ruse up until an unsuspecting victim pays for a particular service, at which point they often disappear without a trace. In other cases, the bad actor will keep the ruse up long enough to request and gain administrative access to a domain and either sell it outright or use it for other nefarious means.
The best way to avoid this type of scam is to simply ignore all, cold emails about content marketing and SEO improvements. Regardless, it’s always wise to conduct thorough research when considering a content marketing agency. If an enticing email lands in your inbox, research the name and credentials of the business before responding, and definitely before agreeing to any contracts or payments. Online scammers are easy to spot if you know what to look for: tactics that force your hand or spur you into action.
3. Yelp or third-party social scams
Under the right conditions, third-party social scams can end up being some of the most damaging types of fraudulent activities. This is particularly true when the scam involves writing a negative review or comment on a business page. The obvious target for this type of scam is Yelp, as scammers today will attack any type of business, including restaurants and retailers.
It’s important to never comply with a fraudster or scammer’s demands. There is no guarantee they will react positively after being paid. In fact, many scammers do the exact opposite after an extortion, blackmail, or ransom fee is paid as they thrive on weakness and will often continue their attacks.
Mark Randall, Country Manager ANZ, WP Engine