One of the downsides to owning your own website or domain is that you have to register, mostly using personal information, in a public directory of sorts. Anyone can look up a URL or site and immediately see the owner, as well as their related contact information. It’s not a big deal until marketers and scammers start soliciting you.
How many times have you seen an email from someone unknown that claims to be able to fix your blog or website’s SEO problems? Probably often. If you have a WordPress-powered site, you’ll see similar comments there.
What you may not know is that a lot of these communications are not from legitimate parties. They’re not coming from a marketing or professional team, but someone hoping to gain access to a site through social engineering. It’s a rather basic form of hacking that involves the collection of personal information, identifiers, and account data.
If you’re not careful, you could end up giving away sensitive information willingly, effectively opening the door to hackers and unscrupulous individuals. That’s why it’s important to recognize and understand some of the more common scams so you can better protect yourself and your website.
1. Extortion Scams
Recently, fraudsters have begun targeting various website owners with an extortion campaign. They threaten to blacklist a website or domain for noncompliance. The threat is quite simple. You must pay the contact — usually in cryptocurrency like bitcoin — or they will destroy your site’s reputation.
Fraudsters claim they will do this through mass manipulation. Not only will they attack the website in question, but they will also publish a swath of offensive messages on other domains, send hundreds of emails out to advertisers, and bash the site and owner across the web. The idea is that this will spark outrage on a large scale, encouraging the community to post negative reviews and feedback.
Most threats are nothing more than a bluff. Even if they are true, you should never pay a ransom as you will never recover the money and there’s no guarantee the attackers won’t carry out their plan anyway. As for dealing with a swath of negative attention and feedback, it helps to document these kinds of communications, turn them over to the appropriate authorities and speak openly about the attacks — if and when they do happen.
2. SEO Marketing Scams
Everyone that owns a domain has come across this type of scam at some point. The fraudster claims they are from a renowned SEO and content marketing agency and promises to boost site exposure and improve search result rankings. What makes this scam difficult to pick out sometimes is that there are legitimate content marketing teams soliciting website owners.
The scam happens when these so-called firms accept money and run. They may also request administrative access to a site and then use it for nefarious means or steal it outright.
The best way to avoid this scam is just to ignore any and all cold emails about content marketing and SEO improvements. If you’re considering these types of services, you’re going to spend time researching potential companies on your own anyway. If an email lands in your inbox that sparks your interest, look up the agency in question before agreeing to any contracts or payments.
You can spot a scammer easily if you know what to look for. Online fraudsters tend to use the same tactics to force your hand or spur you into action.
3. Web Design Scams
This particular scam targets web developers and designers specifically. Being the owner of a website, it’s likely you have design experience — or you may be targeted simply because your information is available.
The fraudster poses as a potential client, requesting web design and development services. It starts with the scammer striking up an agreement and then making a large payout to you or your company. To maximize impact, they claim to have “made a mistake” paying more than needed. They then convince you to agree to pass on the extra money to a third party, which is usually another “supposed” agency like a consultant or fellow designer.
You now have a large sum of money, paid out to you or your company. You have also forwarded a lot to a fake agency or partner.
The scammer then uses a stolen card or fraudulent information to make the original payment. When it’s eventually disputed by the real cardholder or canceled, you are then responsible for the money transferred to the third party.
The best course of action is to break contact with any parties you believe to be involved in a scam. If money has already exchanged hands, get in touch with an agency that handles these kinds of issues. Those are:
- Federal Trade Commission Complaint Assistant
- FBI Internet Crime Complaint Center (IC3)
- The Secret Service
4. Yelp or Third-Party Social Scams
It may not seem like it initially, but third-party social scams can be extremely damaging under the right conditions. This particular scam involves someone writing either a negative review or comment on a business page. Yelp is the obvious target platform for most scammers, who have taken to attacking a swath of businesses, including restaurant owners and retailers.
Like extortion scams, fraudsters will contact website owners and promise to remove negative reviews and comments, but only after they’re paid. Refusing to pay may lead to several outcomes. Scammers will post more comments and reviews using fake accounts, spamming the page or platform. Alternatively, they might target a website using DDoS or distributed denial of service type attacks.
Again, never comply with a fraudster or scammer’s demands. There is no guarantee they will react positively after being paid. In fact, there’s a precedent for doing the exact opposite after an extortion, blackmail or ransom fee is transferred into their possession.
Protecting Your Website
If you do your due diligence and research or reference potential parties before agreeing to any contacts or exchanging funds, you should be fairly safe.
Look at all cold emails and unknown correspondence with a grain of salt. If you cannot find any trace of a supposed agency online or their website looks hastily put together, it’s probably a good idea to steer clear.