It’s bad enough to get a bunch of calls from irate suppliers wondering why you haven’t paid bills that are months overdue. But it’s even worse if you have no idea what they’re talking about. That’s how one small business owner found out what it was like to have his entire business hacked and cloned by people he never met and never caught.
The Calls Were Coming From Inside the Business
It all started with those phone calls, one after another. Irate electronic components suppliers who had sent tens of thousands of dollars worth of products to a company pretending to be his – and never got paid. When the suppliers showed him the evidence, he could understand why they might not have believed him. The hackers had cloned his entire business. They started with his website, creating a perfect replica and hosting it on a domain almost identical to his.
But the con didn’t stop there. The hackers created email addresses that matched the identities of the company’s key executives. They created an 800 number with an automated answering system that included extensions and voicemail boxes in the names of executives. The hackers also created fictitious letterheads and business cards, and even provided the suppliers with legitimate credit references – companies the real company had actually done business with.
Once their fake business was complete, the hackers started placing orders for tens of thousands of dollars worth of electronic components. When the bills went unpaid and the invoices and reminders went unanswered, the suppliers went looking for the customer. But by then, the fake company had disappeared and left the real company to deal with the firestorm.
Cleaning Up the Fallout
When I got the call, the attack was still going on. The hackers had registered at least a dozen domains around the world that were similar to the real company. We had to work with domain registrars, from Canada to Switzerland, and try to persuade them to take down the fraudulent domains. Some cooperated but many others ignored our pleas. And any time we did manage to shut down a domain, another one would pop right back up. Eventually the hackers moved on. The owner of the business never got over the shock.
To this day he can’t figure out why the hackers would pick on his small business, and why they would go to such lengths to so perfectly clone it. Within months of the attack the business closed. The owner admitted that the attack wasn’t the only reason, just the last straw. What bothered him the most was the reality that it could happen to any business at any time. There was no way to stop it, no one to report it to, and no one to investigate it. Not only was he a victim, so were all the businesses who never got paid for all the products they shipped to the imposters. And if the attackers were so organized and determined, chances are right now they’re doing exactly the same thing to someone else.
If you ever fall victim to this or a similar crime, you can report it to the Internet Crime Complaint Center, or IC3. This is a partnership between the FBI and the National White Collar Crime Center. Even if they are unable to investigate your case, reporting it will help them gather and share more intelligence on these crimes.
Contact SiteLock today to learn why website security is an essential piece of the cybersecurity puzzle.