Last week, the main website I work on was hacked.
While my system behaved exactly as normal, deep down in the file structure, the hackers had built another website that looked exactly like the Italian Post Office’s Bank.
They then used another unrelated to me system to send an unknown number of emails to people in Italy, telling them they had to log into their bank for some important information, but taking them to their/my page instead of the real bank.
This is what is known as a phishing scam.
The bank realized after a couple of days, and quickly had our site completely taken down. The good parts and the bad. Even the famed Google got in on the act, sending me an email asking me if I was aware that I was pretending to be a bank.
Thankfully, my webhosts are superb and I was back online within a couple of hours. HOWEVER, these ne’er do well Italians will cost me several weeks of work, rebuilding the system to stop any further attacks. Not my idea of nice people.
What is super interesting though is now I have some statistics on the number of people who click through on these scam emails.
When I removed the malicious files, I installed a little tracking code that showed how many people actually tried to come to the address. The results are frighting and show why the hackers do this kind of thing…
In the space of the 5 days since we closed them down, the page has been requested 372 times from unique people. Even though our page now looks nothing like a bank and has nothing to do with banks, we have still had 2 people actually set up accounts on our page using their bank log-in details.
With scams like this happening 24 hours a day around the world, goodness knows how much money individuals and banks are losing.