Sitelock is STILL on my s*** list. Please read the UPDATE to this evolving story at the bottom of the post.
A beloved client forwarded this to me this morning. It’s an email she received from the “security” firm SiteLock, a (former) partner company of popular website hosts HostGator.com and Bluehost.com.
Hell hath no fury like an angry webmaster who hasn’t yet had her coffee.
Notice the wording: One or more of the domains you own has malware on it.
Fairly clear, right? One of her sites is infected with malware…it says so right in black and white. Bad news, but I’ve never been one to hit the panic button before it’s time.
I calmly went to HostGator’s tech support “Live Chat” to ask them about this. I pasted the email into the box so the technical support rep could see what I’m contacting them about. I asked: Is this legitimate? What happens next?
Over the course of the conversation, I learn from the tech dude that SiteLock is their partner company. And I learn, in fact, there’s no evidence of malware. The site MIGHT be infected, he says, but no one really knows for sure. In order to truly find out, my client would need to purchase an expensive malware prevention package from SiteLock, so they can peek inside and see if there’s malware there. If there is, they’ll charge another fee to get rid of it. Those fees, combined, crept into four figures.
I take a deep breath and count to ten: So…the email is a sales pitch, designed to frighten my client into purchasing a product? And the email makes a statement that’s patently untrue? I point it out to him again: One or more of the domains you own has malware on it. Why would they say such a thing if it weren’t true?
Hemming and hawing ensue.
My little dog came to sit next to me and put his head on my knee. You okay? You smell mad. Maybe a walk?
Why am I bothering to tell you this?
Well…aside from being angry about a concerted effort to drum up business by sending good people into a panic about their website? Good people who might not be terribly techie, or who may be busy…..gosh I don’t know….building their business? So instead of helping depressed people, doing reiki healing, selling their art, finishing their book, booking new coaching clients, they have to spend their money and life energy dealing with service provider scams—from the very people they are already paying every month to keep their website running. Infuriating.
In short: Anyone whose website is hosted with the company HostGator.com, or with Bluehost.com, or with ANY of the hosting companies under the conglomerate parent company EIG, is likely to receive one of these emails soon, if you haven’t already. I wanted you all to know what this particular game was, so you can watch for it.
To all my clients: Please feel free to drop me an email or a PM if you receive one of these emails. I can be of help deciphering the scare-mongering.
Edited to add: See the comments below the post for some helpful/scary comments made by others. In August 2018, Endurance Group’s CEO and CFO were fined several million dollars for fraud by the SEC related to company subscriber numbers.
Hosting is a personal decision, but for what it’s worth, I have shifted all of my sites to the hosting companies at the top of my Resources page. I’m trying to make a list of the companies that get great customer reviews, give good value, and don’t have anything to do with all of this filth. If you know of others that fit this description, hit “Contact” in the top menu and let me know so I can get them listed.
If you’d like to avoid giving your hard-earned money to scammers like these, here is a recent list of hosting companies owned by EIG, the parent company of Hostgator, Arvixe, Bluehost, and dozens of others, and here is a list of hosting companies owned by Sitelock’s new masters at ABRY Partners . I would only suggest you avoid those if you don’t want to find yourself in the same boat again.
UPDATE AND SUGGESTIONS:
This mess continues to evolve. Sitelock was acquired earlier this year by a private equity firm called ABRY Partners. That was in April, and as we’ve all seen, the blackmail tactics have continued unabated. I have no proof that Sitelock has access to private data from its former EIG sister companies, but my first instinct is to stay as far away as possible from any of them.
Here are some things you may want to try, if you are A) currently paying for website services from a company connected to the above (including sadly ConstantContact.com), and B) aren’t currently locked out of your site:
- Consider moving. Seriously, do you want to give your money to people like this? See the top of my Resources page for some hosting ideas. Most of them offer to move your website and email for free if they can, making it SUPER easy to escape. You can also save money by taking advantage of signup pricing.
- Immediately change all of your passwords with that company. Go into your account with the company (some, like hosting, may have TWO logins) and change your passwords to something very complicated and VERY different from anything you’ve used elsewhere on the web.
- If you use WordPress, immediately have your tech person change your database password for the website. This involves changing it in a couple of places, so it’s best to have a tech-savvy person do this.
- Change your password to any website admin areas (like WordPress).
- Change your email password as well. Again, make it different from your hosting password(s) and different from anything else you’re using on the web. It’s worth the hassle to avoid being held hostage by scammers and forced to pay them hundreds or thousands to get your site/email/store back.
Take a deep breath. We’ll all get through this together.