How To: What to do when your CU gets Blogjacked
Look, I am no lawyer, and if you get blogjacked, a lawyer is likely to be your sidekick in your blog crime-fighting adventure. I am merely an assistant, a learned advisor, even a friendly guy at the gas station offering you directions.
Consider me Q to your James Bond. Maybe even the Obi Wan to your Luke Skywalker.
So, young Jedi, your credit union blog has been hijacked, spoofed, phished or blogjacked. Whatever the term du jour, the fact is, someone is pretending to be you and it is trashing your brand and putting your members in jeopardy.
What’s first? Well the first thing I would do is to find out who is hosting the offensive site. This can be done a few ways, but the first thing you should look for on the fake site is if it is hosted with Blogger or Wordpress. These should be the easiest to have taken down since these companies have much to lose in a lawsuit. Contact these folks at one of the following:
Ask them to have the offending site taken down – they will likely do it pretty quickly. Also ask them to contact you directly to set up some safeguards to prevent anyone else using their servers in setting up a fake CU site again. This is where having your Google Alerts set up also helps.
But Tony, the site doesn’t look like it is a Blogger or Wordpress site. What do I do now? I am glad that you ask my friend because this is where it gets a little more complicated. So strap on your ponder cap and hang in there.
You are going to do a WhoIs search. And it is what it sounds like. You are going to find out “Who Is” hosting the page that is trashing your credit union reputation. For all things WhoIs I prefer to go to Network Solutions. They are pretty much top of the domain game and have the most current server information on all the pages on the interwebs. So, go here to the NetSol Whois Information Request Page.
Now this information is public. You don’t have to have a fancy account somewhere. You can get this info on any site and yes, anyone can get it on yours. This is another reason I recommend that folks host their websites and blogs off their corporate servers. It is just better that way.
So this is what it looks like and this is what you want to do. I will look up our domain so you can see the goodies. You want to do a search by domain name. This is the website address or URL. Ours is CUHype.com so I put that in (without the www.). I then hit the button and get the next screen.
This screen shows me that the company hosting the site is XanosHosting.com. These are the folks you would call to ask them to take the site down. Let them know that they are hosting a site that is illegally representing themselves as a financial institution. They will be hot to suspend the account if they are in the U.S. or Canada or other friendly type country interested in the sanctity of financial institutions. If the site is hosted in North Korea or China or an independent island nation with little to no laws, it gets close to impossible. One thing you can do is go to ic3 which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). They might be able to help.
So, with your offending site’s hosting info in hand. Give those folks a call and give them the opportunity to do the right thing. Let them know that you are requesting that it be removed immediately. If the site is not dropped within 24 hours, call back and let them know that you will be filing a complaint with ic3 and turning their information over to your attorney.
Another thing to understand is why people set up fake sites. One, the sites could capture login info for the online banking. Some will upload Trojans to the visiting computer to record keystrokes and send them to the evil blogjackers. Another, less damaging but equally irritating are the folks who set up ads on the page. The folks who set these up get a few pennies each time one of these ads is clicked. So, if you visit your fake CU site and there are Google ads all over the place, send a note to Google Adwords here and let them know that they have a Google Adwords account holder who is violating the terms of their agreement by creating a fake banking website using your credit union’s name for the purpose of displaying Google Adwords. State also that you are requesting that their account be suspended and that their information be disclosed to you for further legal action. This would be a good time to bring in your attorney. See, anyone can set up a fake hosting account under an assumed name. But if you want the money, you have got to give up some real information. See, Google gives the person who set the site up a check for their ad clicks. So they have an address and a name and bank account of the criminal. That is good stuff to have.
Now this isn’t all you can do, but this is the most simple and direct approach that will probably solve 90% of the blogjacked sites that you will have to deal with.
I have likely left some stuff out. This is really supposed to be a quick and easy first step in taking these
evildoers down. If you have additional questions, feel free to give us a shout!
Good luck out there, and may the force be with you.
Popularity: 100% [?]
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Many thanks for this post, Tony! Very instructive…