Why would a hacker have hacked my website?

Why Would a Hacker Hack My Website?

The question of why a hacker would target your website is something many people wonder about. The belief that hackers only target large websites or ones where there is money to be gained is outdated.

Hackers use websites to set up fake online banking pages where inexperienced computer users may unknowingly enter their personal information.

This fake website operates in the background, without you having any idea. For example, if you have a website called www.ik-brei-graag.nl, the hackers might create a folder or just a few files so that you get: www.ik-brei-graag.nl/nep-bank.html or worse: www.ik-brei-graag.nl/ing/inloggen.php.

Who Falls for This?

You might wonder, who falls for this kind of deception? Well, you might be underestimating the knowledge that hackers possess. They know how to make that fake bank page appear on your server’s Google search results. So when someone Googles ING or Rabobank, they end up on the hackers’ part of your website, where the bank’s website has been copied so convincingly that it’s nearly impossible to tell the difference between the genuine bank site and the fake one. (See example image below)

Hackers can also send emails from your website with messages like: “Your bank account has been compromised, click here to secure it now!” And yes, some people do click on the link to “prevent” their supposedly hacked account from being misused.

The purpose of these fake bank sites is not to be selective but to send mass emails through your expensive hosting package using your domain. They hope that 1 in 1000 people will actually fall for the scam and enter their details.

To clarify, a legitimate bank will never ask for your PIN code, and they will never handle important matters via email. Most banking matters require written communication.

Can You Spot the Difference?

If you still think you can easily distinguish between a real and a fake bank page, take a look at the example below. Do you see the differences? I made 3 changes to the right variant. Would you have noticed them if I hadn’t mentioned that there are differences? Did you spot them?

1. The lion image is reversed. Fake emails or websites often have logos that are different or out of proportion.
2. It says “Zoutzak” instead of “Zakelijk”.
3. Under the login, there is a different text: “Net echt he?” (which means “Looks real, right?”)

Illustration of the Reality

Imagine that a criminal hacker enters your home or store through the backdoor and tells every visitor that he is an employee of the bank and they can withdraw money from him.

However, when they try to make a transaction, he informs them that the transaction failed and blames their bank card or information. While they are distracted, he uses their information to withdraw money for himself.

That’s a brief explanation of how internet criminals operate. The worst part is that he was in your home or store (your hobby website or webshop), and the victims turn to you with the problem that their money was stolen. The criminal often remains out of reach.

In short: whether you’re from a local knitting club or a website selling electronics, hackers won’t be selective.

These hackers use scripts to test website inputs, and when they find one, they set up their fake bank on your web address.

How Can You Secure Your Website?

To ensure your website’s security, follow these steps:

1. Set most files’ permissions to read-only (CHMOD 775/755 or even 444 for Htaccess/wp-config.php).
2. Don’t display CMS version and type numbers on the website or in the source code.
3. Use long and varied passwords.
4. Install a good WordPress security plugin.
5. Be cautious when using plugins made by third parties.
6. Regularly back up your website.
7. Sign up for Google Webmaster Tools and perform regular checks.
8. Perhaps the best tip: have an experienced programmer secure your WordPress website.

Don’t

take risks, let a professional secure your WordPress website!