In the last 24 hours, 2 of my customers have received a spam form submission stating, “We have hacked your Website”
The contact form submission/email has the following with the following text.
Subject: We have hacked your Website
PLEASE FORWARD THiS EMAiL TO SOMEONE íN YOUR COMPANY WHO iS ALLOWED TO MAKE íMPORTANT DECíSíONS!
We have hacked your website https://www.examplewebsite.com and extracted your databases.
How díd this happen?
Our team has found a vulnerabílity within your site that we were able to exploit. After findíng the vulnerabílíty we were able to get your database credentials and extract your entire database and move the ínformatíon to an offshore server.
What does thís mean?
We wíll systematically go through a seríes of steps of totally damaging your reputatíon. Fírst your database will be leaked or sold to the highest bídder whích they wíll use wíth whatever theír íntentíons are. Next if there are e-maíls found they will be e-maíled that theír ínformatíon has been sold or leaked and your site https://www.examplewebsite.com was at fault thusly damaging your reputation and havíng angry customers/associates wíth whatever angry customers/assocíates do. Lastly any links that you have índexed in the search engínes will be de-índexed based off of blackhat techniques that we used in the past to de-index our targets.
How do i stop this?
We are wíllíng to refrain from destroyíng your síte’s reputatíon for a small fee. The current fee ís $3000 in bítcoins (BTC).
Please send the bítcoín to the followíng Bitcoin address (Make sure to copy and paste):
33RFtPRiw4nByez7JVa4yYAr9gsWYGDFVK
Once you have paíd we will automatícally get informed that ít was your payment. Please note that you have to make payment wíthín 5 days after receivíng this e-mail or the database leak, e-maíls dispatched, and de-índex of your site WiLL start!
How do i get Bítcoíns?
You can easily buy bitcoíns via several websites or even offline from a Bítcoín-ATM.
What íf í don’t pay?
if you decide not to pay, we will start the attack at the índicated date and uphold ít untíl you do, there’s no counter measure to thís, you will only end up wastíng more money trying to find a solutíon. We will completely destroy your reputation amongst google and your customers.
Thís ís not a hoax, do not reply to this emaíl, don’t try to reason or negotíate, we wíll not read any replies. Once you have paíd we will stop what we were doíng and you wíll never hear from us again!
Please note that Bítcoin ís anonymous and no one wíll fínd out that you have complíed.
Has my Website been hacked?
Whilst this is alarming and distressing, this is a scam, so delete it immediately, and don’t click any links
The threats listed cannot be carried out by scammers. This is a social engineering fraud whose aim is for you to send them money. Your website has not been hacked.
What can be done to prevent these fraudulent form submissions?
So far, it seems like ReCaptcha V3 prevents these submissions, so my advice would be to add Recaptcha V3 to any website forms.
As always, we advise that WordPress Websites are kept up to date with weekly updates to Core, Themes, and plugins as required.
If you need help with updates or adding ReCaptcha to your website, please get in touch, and we can get your forms protected today!