A fake ransomware scam is going around that targets website contact forms. It sends an email to the site owner with the subject “Your Site Has Been Hacked.” The body of the email claims the hackers have exploited a vulnerability to gain access to the site’s database and “move the information to an offshore server.” The email threatens to ruin the site owner’s reputation by selling the site’s database, notifying customers that their information has been compromised, and de-indexing the site with search engines using blackhat techniques.
Within the past few weeks, website owners have reported having received this email on various support channels, including WordPress.org, stackoverflow, and reddit. The sites in question have not been defaced, nor do they show any other evidence of tampering.
The Bitcoin Abuse Database has seen a surge of reports regarding this scam in May and June, logged under various Bitcoin addresses. The scammers send the email out indiscriminately, even targeting sites that do not have a database. So far the campaigns have not been very successful at convincing site owners to pay the ransom.
The Bitcoin Abuse Database advises visitors that extortion emails are 100% fake and those who receive them should not pay ransoms.
If you or one of your clients receive an email like this, rest assured that it is a scam that requires no action. If you want to be extra cautious you can change your passwords and use a security plugin to scan your files for changes. Otherwise, simply delete the email.
An example of this scam email is below for reference:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website [website URL] and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site [website URL] was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).
Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!
How do I get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you https://cex.io/ for buying bitcoins.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
Twitter is a very good way to keep in touch with your local community. It enables to you post messages to your followers and keep them informed about what is happening in your town, parish or community council.
These messages are called ‘Tweets‘ and are limited to 280 characters. You can also post pictures or short videos.
To set up a Twitter account, go to https://twitter.com and click the blue button on the right of the screen that says ‘Sign up‘.
On the next screen you will be asked for your name and phone number. You should use the name of your council as the Name. If you don’t want to add your phone number, you can use your email instead. Don’t worry these won’t be displayed publicly.
The next screen ‘Customize your experience‘ has some options that are optional.
Step 3: Create your account – just click the blue ‘Sign up ‘ button at the bottom of this screen to set up your account. You will be sent a verification code, either to your phone or email, depending on which one you used to register in step 2. Enter the verification code and click the ‘Next’ blue button at the top right of the screen.
Note: if you copy and paste the verification code, be careful not to pick up any spaces at the end of the code – if you do, you will get a messages saying the code was incorrect.
On the next screen you will be asked to add a Password.
The following screens will let you pick a profile picture and add a short description. You can click the ‘skip for now’ link you don’t have one and add this later.
The screen asking ‘What are you interested in‘ will show different options you can select. Twitter will show you suggestions of accounts to follow based on your choice here. Again you can click the ‘Skip for now‘ link.
The ‘Suggestions for you to follow‘ screen will show popular accounts that you may wish to follow. If there are any that interest you, just click the ‘Follow‘ button next to the account. Don’t worry, you can add more people/accounts to follow at a later date, or can ‘unfollow’ accounts you have followed. Click the ‘Next‘ button when you are ready to move on.
The next screen allows you to turn on notifications. This will allow Twitter to send you an email or phone notification when certain events happen, such as when someone follows you or comments on you tweets. You have the option to ‘Allow notifications’ or ‘Skip for now‘. Again, you can change these settings at a later date.
Finally you will be directed to your home screen. This has Home at the top and a box that says ‘What’s Happening‘. To write you first tweet, just click in the box. When you are happy with your tween, click the blue ‘Tweet‘ button.
In the next couple of months we’ll go into more detail about how to optimise your account and how to grow your following.
We can’t emphasise enough how important it is to keep your town, parish or community council website safe and secure from hackers. According to Securityweek.com, approximately 18 million websites (that’s 1% of the nearly 2 billion websites online right now) are infected with malware and that the average website is attacked 44 times each day.
1. Use an SSL certificate for your website
An SSL certificate is used to provide a secure connection between the server and the visitor to your website. These are now pretty much mandatory, with Google marking any website that doesn’t have one as ‘unsafe’.
How can you tell if you town, parish or community council website has an SSL certificate?
When you are visiting your site, look at the address bar at the top of the browser. Does the address begin https:// and display a padlock icon just before the address? If it does then you have an SSL certificate installed and working. If your address just begins http:// (without the ‘S’) then you need to get one installed. Just contact your website provider and ask them to install one for you.
2. Use a strong password to log into your website
Make sure that the password you use contains upper and lower case letters, numbers and special characters. It is a good idea to use different passwords for each site you use, as if there is a data breach on one site, the hackers don’t gain access to other sites you use. This is especially important on any sites where you buy things such as Amazon or Ebay, but also for your website, because these are a target for hackers wanting to install malware.
3. Make sure you backup your website
This is imperative as if your site gets hacked you will need a backup copy to restore all your files and information. We have had lots of parish councils who have requested a new website and told us that their existing site got hacked and they lost everything. Just like any computer system – make sure you have backups and that they are stored off-site.
A good hosting company will keep regular backups of your site. It’s worth checking with your provider to see if they do this.
4. Keep you software up to date
Providers of Content Management Systems (CMS) software such as WordPress or Joomla and the makers of the software that adds functionality to your town or parish council website constantly provide updated software with added security enhancements, in much the same way as your computer updates it’s operating system (usually Windows for those on a PC) from time to time.
You should always make sure your website is running the latest versions of all software that will include patches for any vulnerabilities that are discovered. You should also delete old unused software, as this can still act as a backdoor for hackers, even if it is not in use.
5. Don’t use the default usernames and log in page
When your site is first installed, the installation program usually sets up a default user to be the main site administrator. So for example WordPress uses ‘admin’ as the default name and https://[yoursite]/wp-admin or https://[yoursite]/login to get to the login page. If you use these defaults, hackers already have 2 of the 3 pieces of information needed to log in and hack your site – the third being your password.
If you change these settings from the default, hackers would need to guess 3 pieces of information to hack your site – the username, the password and the login page.
If you site is set up in this way, you can ask your website host to make it more secure.
6. Use a firewall and anti-malware software
Just like on your computer, it is vital that you have security software installed to protect your site. There are lots of security systems available depending on what platform your site is running on. You can ask your website host about the options available.
To get a quote for our hosting service – which includes all the features listed above, you can visit: Get a Quote
Decide on what your keywords/phrases should be
Your keywords/phrases should be what you think users would search for when looking for your website online.
Key-phrases work better than single keywords such as just your town or village name as they are more specific. Most people search using a phrase rather than a single word. Using a phrase will make your site stand out against the likes of Rightmove or Trip Advisor, who will often rank more highly for your town or village name as they are large commercial sites.
A good starting point would be the name of your council followed by town council or parish council eg ‘[yourcouncil] parish council’. If there are several town, parish or community councils with the same name, you would probably want to include the name of your county to differentiate from the other ones eg ‘[yourcouncil] town/parish/community council, Staffordshire’.
Optimise your homepage for your keywords
When you are writing the content for your homepage you should include your keywords or phrases. You should always use your key phrase at least once on your homepage.
There are certain places where your keywords are given more weight. These are:
Headings (always format your page using Heading 1, Heading 2 etc, rather than manually setting the sizes of text eg Bold, 14pt), as search engines prioritise the content of your web pages using the headings. If you are using WordPress you can find the heading settings under the Paragraph drop-down menu in the editing buttons along the top of your page.
The first words on the page – search engines such as Google give more weight to the very first words on the page, so it is a good idea to begin your homepage ‘[yourcouncil] is….’ .
Images – when you add images to your site you need to add an ‘alt tag’. This has a number of purposes, for example it will be shown to anyone who has images turned off in their browser or for visually impaired people using your site with screen readers, so it should be a description of the picture. It is also used by search engines, so it is a good idea to also include your keywords. A good alt tag description that works for accessibility and for search engines would be something like ‘[yourcouncil] parish council village fete’.
Optimise each page on your site for your keywords
You can optimise different pages on your site for different keywords – for example if you have a page about your village hall, you can optimise that page with the key phrase ‘[yourcouncil] village hall’.
Keep your content fresh with new posts
Creating compelling and useful content will likely influence your website more than any of the other factors.” Google, 2017
It’s a good idea to add new content to your site as often as you have time. This not only helps with your search engine ranking, you will find that your visitors also like to find new information on the site and it will keep your visitors coming back.
Get incoming links to your site
Make sure your district and county council websites have a link to your site. You should also make sure that your local association for local councils adds a link to you.
If you have social media accounts you should have a link to your website as part of your profile. It’s also a good idea to link back to specific articles your publish. If you publish a post about your village fete, write something about it on your Facebook or Twitter page and include a link that goes back to your website.
If you have a page of links to other local businesses or organisations, you can get in touch with them and ask them to link back to your site.
We are delighted to welcome our 100th customer – Little Gaddesden Parish Council. They are the winner of a free website. We are currently working on the site and will post a link as soon as it’s live.
The parish clerk commented: “Wow, we’ve hit the jackpot, absolutely brilliant our Councillors will be really pleased because they are constantly having to juggle expenditure and cannot always afford what they would like to do. We have an outdoor Gym equipment project that we can go ahead with now, so the good news is you are helping to keep the residents here fit and well!”
We look forward to working with them.
Information to be published annually
The deadline for publishing the following information is 1 July 2019 (for information relating to the tax year 2018/2019).
- All items of expenditure above £100
- End of year accounts
- Annual governance statement
- Internal audit report
- List of Councillor or member responsibilities
- The details of public land and building assets
Information to be published more frequently than annually
- Draft minutes from all formal meetings (i.e. full council or board, committee and sub-committee meetings) not later than one month after the meeting has taken place. These minutes should be signed either at the meeting they were taken or at the next meeting
- Smaller authorities should also publish meeting agendas, which are as full and informative as possible, and associated meeting papers not later than three clear days before the meeting to which they relate is taking place
The data and information must be published on a website which is publicly accessible and free of charge.
Web accessibility means that websites, tools, and technologies are designed and developed so that people with disabilities can use them. More specifically, people can:
- perceive, understand, navigate, and interact with the Web
- contribute to the Web
As a local town, parish or community council, it is especially important that your website does not discriminate against users with disabilities. From 23 September 2020 (for existing websites) or 23 September 2019 (for new websites) there is a legal requirement for all public sector bodies to comply with the accessibility requirement, unless doing so would impose a disproportionate burden. You can read about applying for exemption here: Website accessibility regulations – applying for exemption
Web accessibility encompasses all disabilities that affect access to the Web, including:
Web accessibility also benefits people without disabilities, for example:
- people using mobile phones, smart watches, smart TVs, and other devices with small screens, different input modes, etc.
- older people with changing abilities due to ageing
- people with “temporary disabilities” such as a broken arm or lost glasses
- people with “situational limitations” such as in bright sunlight or in an environment where they cannot listen to audio
- people using a slow Internet connection, or who have limited or expensive bandwidth
We’ll be publishing a series of articles about how to make your website accessible, so watch this space.