I know the issues involved in securing servers –externally and internally, so I have some small measure of sympathy on that front for companies that get walloped.
The watch phrase is ‘prevention is better than the cure’ – no doubt about that. But sometimes I really give up on people, especially when you are trying to help.
I registered on a website some time back, the business is (being specifically vague) a ‘brokerage’. I had reason to land back on their site to check on something. The information part of their site is through registration only and when I landed on the registration page:
It was the Chrome browser that threw the warning up and, as a matter of interest it did not appear in Firefox.
The warning was because the registration page had a link to a site that hosted malware, which I found very curious. Anyway, that aside, I thought that it wasn’t particularly inviting and certainly projected the completely wrong image for a professional company. I peeked at their source code and there was indeed a link to the aforementioned website. I suggest that the site (or page) may have been compromised and the link injected.
Anyway, being the reincarnation of the Good Samaritan (well, Average Samaritan at best) I emailed the company on the only email I could find an ‘info’ email address and explained that this was occurring and perhaps they would have a chat with their developers to have it reified – I even gave them the line to delete.
Nothing, not a pixel did get back from the company. I went about my business and forgot about them.
Then, out of the blue, I get a newsletter email from one of the directors of the company giving information on something or other. I checked their site again and the red screen warning still appeared. The email urged registered users to login to the site to get further information. In some cases this would result in the warning screen and I thought would be fatal to the email marketing exercise.
In Average Samaritan mode again, I email the director, directly this time and reiterated the information sent to their ‘info’ account which a) must not be checked, b) is full of spam, c) both).
And true to form, nothing from him either.
Curiously I checked the site a week or so after sending the second email and guess what- it’s fixed and the malicious line of code is gone.
One of the pillars of that business is trust. For the business to succeed and thrive, their clients have be 100% confident in that business and their staff. Having a crocked website flies in the face of that.
I would just like to say what you struggled to and found it so difficult to iterate: Thanks!