A Customer Reported Suspicious Pop-ups on Your Website. Has it Been Hacked?
This is one of those calls that makes the hair stand up on your neck. A customer calls your service center distressed because she is seeing suspicious looking pop-ups for credit reports, free loans, or unseemly products when she visits your site. She is concerned that your website has been hacked. You have followed good security practices and your trusted security partner has said that there is no malicious code on your website. What could be causing your customer to see this unusual pop-ups touting free credit scores or credit card offers only when she visits your website?
It may NOT be your website that is infected
Clearly, you should always take any report seriously and first check to make sure that your website isn’t infected with malware or other code of unknown origins. In most cases, if you’re using specialized secure hosting designed for financial institutions and have built your website on a platform with adequate banking security then there is a better than likely chance that your website is not the source of the pop-ups. What is more likely is that your customer’s computer has adware or malware installed that triggers pop-up ads to appear based on specific keywords present on the web pages or URLs that she visits, or similar triggering mechanisms.
What should you tell your customer?
First, it’s important to tell customers that you’ve taken their concern seriously and you’ve performed testing on your website to ensure its integrity. Next, you should have a page on your website that you can direct customers to that addresses this topic and that also provides links to resources that customers can use to keep their computers safe. You should consult with your legal and compliance teams to determine which resources you’d like to direct customers toward, but providing links to computer operating system vendor’s tools is a good practice, such as Microsoft’s Safety & Security Center. If you provide customers with discounts on third-party security software, this is also a good place to provide customers with links to those vendors and discount information.
What if your site has been hacked?
If your website has been hacked, it’s important to take corrective action immediately. While a full response plan is beyond the scope of this blog post, there are some key steps you can and should take immediately:
- Confirm the nature of the hack and begin assessing whether any sensitive data has been breached
- Immediately obtain a full backup of the website for forensic analysis
- If any code has been injected into your website, remove it as quickly as possible
- If you cannot confirm that all injected code has been removed, redirect visitors to a safe disaster recovery fallback website that you know is completely free from any malicious code. You should have this site always online and available for when you need in an emergency.
- Obtain the assistance of your website developers, I.T. professionals, and other resources with the knowledge necessary to assist with the analysis, restoration, and appropriate post-breach actions
The majority of cases that we’re asked to investigate result in a finding that the financial institution’s website has not been compromised, but instead the end user’s computer contains malware or adware that it is triggering the the pop-ups whenever a customer visits certain websites; however, banks and credit unions should have an appropriate action plan in place for responding to these types of customer reports. If you need assistance creating an appropriate response plan, or you want to discuss creating a fallback disaster recovery site, get in touch with us.