An Email From A Web Security Expert

I received an email today via the contact form on our e-commerce website. It said that the website was accessible at /wp-admin/. The message read:

You probably would have known, how important is to secure your website from an unauthorized intrusion? …

Fortunately, I did a quick rundown of your website and noticed that it can be possibly compromised very easily with little efforts by a hacker…

Kindly let me know, if you would like to tighten your website security. I look forward to hearing from you.

I decided to take a look at the website of this security expert. It was nicely laid out, but with a problem with the English as you can see with the sentence “WordPress is so elegant unless you protect it.”

I can’t think what word to replace ‘elegant’ with. Maybe ‘vulnerable’, but then what is the ‘so’ doing in the sentence?

OK, jokes aside, the part that made me sit up were these testimonials.

Nice photos. They look unconvincing. I took a screen grab of the photo of the woman and put her into Google Image Search. Ah, she is Jennifer Tress, an author mentioned in an article in Marie Claire and elsewhere. Good old Google Image search.

The man was almost too easy – Google tells me he is Iain Banks, the famous Scottish author who died in 2013.

So the testimonials are fake.

Let’s see where this leads. If I fell for this pitch I would no doubt have to give my sign-in credentials to this firm of web security credentials. And then what?

About Iain Banks – I had to check the date of his death. Was it really 2013? We were living in Edinburgh until the end of last year, so there was more in the news about his death than if, say, we were living in London. Still, I would have guessed it was last year that he died. 2015 at most. Four years already? Unbelievable.


  1. Mara Eastern says:

    Poor Iain Banks. This kind of email is ludicrous. It’s not even amusing anymore. My email address must have been grabbed by some nasty spam bot because I’m getting a lot of marketing mail these days. It’s not even in proper Czech – it reads as though a first grader wrote it.

    Liked by 1 person

  2. KokkieH says:

    Good on you for putting on your sleuthing hat and seeing this for what it is. Sadly, social engineering like this remains the most effective form of hacking – why try to brute-force a password if you can get a website owner who doesn’t know better to just give it to you?


    1. Absolutely. And don’t get me started on digital voting and the dangers to which that exposes us.

      Liked by 1 person

      1. For every lock, there’s a “pick” and Online “security” is a plum ripe for the picking.


  3. Good work Sherlock. Keep the good work going.


  4. “made me stress free” and “… realise the awareness of hackers” it’s phrasing like that which should be setting off alarm bells as being sent by someone for whom English is not their mother tongue 😉
    And besides, more often than not, it’s a(nother) matter of “Don’t call us. I’ll let you know when or if I need you” (and don’t hold your breath; )


    1. I wouldn’t judge a security expert solely on the standard of his or her English, but I will judge him or her or the business on the degree of care taken to make sure that the English on the website is at least passably correct.

      When I think about it, this site was designed to be directed to English speakers – which makes me think that it was specifically set up and designed to catch the unwary.


      1. I would say it’s a fairly good bet that some sort of translation program was used to write the text here; and, well for me at least, the more often someone says “trust me!” the less likely it’ll be to happen 😉


        1. Yes, that may well be so. Or a friend who claimed to know English well.

          Liked by 1 person

  5. nicklewis says:

    I get these things too, not come across Ken before though but many people by the name of “Steve”. It is a worry though as there are many people around who could get in to trouble and it does put people off email marketing. It must be hard now to run genuine email campaigns because most people just hit delete. I often do.


    1. Good point about people who run genuine campaigns.

      Liked by 1 person

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.