As National Cyber Security Awareness Month wraps up for yet another year, have you learned anything? More important, have you done anything, at least to improve your security? In case the answer to one or both is no, I thought I’d share the experiences of just a couple of small businesses (one which I worked with personally) that learned about security the hard way.
In the first case, the victim was a small but thriving electronics business based in Nevada. Their problems began when they started getting phone calls from angry suppliers wanting to know why some big bills hadn’t been paid. After some investigating, the business owners figured out that the bills had not been paid because they had never actually placed the orders.
It turned out that hackers had created a clone of the entire business – a clone that included a website, email addresses, letterheads, business cards, and even an 800 number with extensions and voice mail boxes for employees of the real victim company.
The hackers even managed to get the names and addresses of real credit references, and then used those references to obtain credit and place orders amounting to tens of thousands of dollars. When I stepped in to help, I started by contacting domain name registrars around the world to notify them that the domains registered through them were fraudulent. But it didn’t help. The hackers had registered so many domains that were similar to the victim business that as soon as we shut one down, the fraudulent website would re-appear under a different domain.
To this day we have no idea who did it or why they decided to pick on this small business. But it caused the business owner months of stress and distress as he watched his suppliers lose faith in his business, his credit worthiness, and his word. The end result? The damage was too much to overcome, and their business closed a couple of months later.
In another unsettling case, a nine-person business in Southern California had to recently shut its doors for good after a tiny piece of code managed to make its way on to an employee’s computer, and from there, steal the login and password for the company’s bank account.
Within a matter of hours this tiny little piece of code was able to wipe out the business. The Trojan was able to move $1.5 million from their bank account, and from right under the nose of the bank responsible for protecting that money.
No alarms went off at the bank, in spite of massive and unprecedented money transfers to bank accounts in Russia and China. No one at the bank noticed or asked the business owners why such large transfers were being made – transfers much larger than any that were made previously. And chances are, few if any, of the employees had ever heard of a banking Trojan, were aware of the harm they could do, or knew how to detect or prevent them.
Because the business was an escrow company, the money that was looted actually belonged to the company’s clients. And unable to meet its financial obligations, California regulators had no choice but to step in and shut the business down.
I don’t want to spoil your day. But whenever you think about website security, and especially about putting it off until some other day, think about the potential consequences. These businesses probably never thought a compromise would happen to them, let alone that they would lose their business because of it. If you put off securing your website because you don’t think you have the time or resources, think again. At SiteLock, website security is quick and easy. We do the work for you, and are around 24/7 for support.
So friends, the sad truth about lack of awareness is that what you don’t know – can hurt you. Just because National Cyber Security Awareness Month is gone for this year, you don’t have to forget. In fact, we invite you to share this information with your friends, family, and anyone you know who has an online business. And if you know someone whose website has been attacked, SiteLock can help with malware removal too. Be safe!