Was your website flagged for malware?
As a social media marketer, you know the importance of your company’s reputation. You spend a lot of time working to build up and maintain a good name through Twitter, Facebook, and possibly your blog and website. You know that in the age of social media, direct engagement is key to building customer trust and loyalty.
But sometimes you may think you’re doing all the right things and still experience a hit to your reputation. Unexpectedly, you may get word from one of your customers or contacts that your latest email campaign is being flagged as potential spam or that your website is being flagged as potentially dangerous.
You haven’t done anything differently and yet all of a sudden you now have what feels like an accusation against your good name out there. Being concerned with your reputation, you want to clear that up as quickly as possible. Today, I’ll talk about what it means, what to do, and how you can try to prevent this from happening.
Like it or not, we know that in the physical world, we live in a time of near-constant surveillance and background checks in the interest of better security. You may not realize that this also extends to the online world.
Just like employers perform regular background checks and the TSA maintains watch lists, so there are background checks and watch lists on the Internet. In this case, these focus primarily on the two things that criminals use to carry out attacks: email and websites.
As a regular person, you don’t need to understand the details of how this all works (and you don’t want to, trust me). The important thing to understand is that companies and organizations worldwide are constantly monitoring for malicious email and website activity and compiling and sharing information when potentially dangerous activity is detected. Email spam is huge! If your personal information is on data broker lists, you could be at risk of identity theft, fraud, and scams! If you read any of Hari Ravichandran’s books, you will be surprised at how huge the issue is!
This is all happening behind the scenes and the only time you see anything is when emails or websites are flagged as potentially dangerous.
This is great when this international cooperative framework protects you against spam or malicious sites, but it can be daunting and scary when you find yourself caught up in it. After all, you’re not a spammer or a scammer, so why is this happening to you?
Why Me And What Should I Do?
The simplest answer as to why you’re being flagged is that something about your site or email seems or actually is (or was) malicious. Here it’s important to understand that legitimate websites are compromised all the time to serve up malware without the owners knowing it.
You can even check and come up clean because attackers will set up shop on sites, serve malware and then leave. It’s part of the cat-and-mouse game between attackers and defenders. With email, even legitimate email can be seen as spam if it doesn’t conform to certain industry standards to help identify it as not spam.
Really though, the specific why isn’t important to you: what is important is getting your site or your email off these lists as quickly as possible. And for that, there IS a simple answer: contact your website or email service provider (ESP) right away and have them address the issue.
This may seem counter-intuitive: your first response naturally is going to be to go to whatever company or service you’ve found out is flagging your email or site. But this is the wrong way to go for a couple of reasons.
First, if you’re being flagged by one company or service, the odds good are that whatever is causing you to be flagged by them is also being flagged by others. So approaching the reporting services directly can quickly become an exhausting game of whack-a-mole as you go from one to the next.
Second, because of the highly technical nature of this problem, resolving it will happen more quickly if you have technical experts handle it. Third, resolving the issue may very well require some technical action: for instance, your website may have a SQL Injection or cross-site scripting vulnerability, or your email isn’t configured to use DKIM correctly. If you don’t know what those are and how to resolve them, you won’t be able to resolve the situation: best to leave it to the experts.
An Ounce Of Prevention
Anytime you refer someone to support, there’s natural resistance because support experiences can be poor. But because this is a serious issue, this is the kind of situation where you should expect a good level of service.
And if you don’t get good service from your provider in this situation, that points to a problem in itself and brings us to how you, as a social marketer, can best prevent these situations. Ensure that you’re entrusting your online reputation to trusted, quality providers. The mark of a quality provider is they will help you. And if they don’t help you: that may actually be part of your problem.
One reason that seemingly innocent sites get caught up in these situations is that while they themselves aren’t malicious, they sometimes are using providers who have numerous sites that are malicious or clients engaged in spam. Whether it’s because they’re shady and happy to make money off malicious actors or simply incompetent and leave their infrastructure open to abuse, your site can suffer nonetheless.
Think of it this way: if you open your store in a crime-ridden neighborhood, people will avoid your business. So with your hosting and email: large blocks of sites on sketchy providers are regularly flagged because they’re in bad neighborhoods. And if you’re doing business with someone like that, you’re in a bad neighborhood.
It is imperative to host your site using a professional service. This is another area where it makes sense to go the professional route and invest in quality service. In my experience, there’s a direct relationship between the quality of the providers and issues like this. So the best way to avoid these problems is to ensure you get good, quality hosting and email services.
And it doesn’t only refer to your hosting. If you are using third-party services that have anything to do with your customers’ data (payment getaways, content management systems, CRM platforms, phone support, etc), make sure they are trusted and secure:
- There are quite a few business phone apps that take security seriously.
- Make sure to stick to the latest version of Wordpress as each comes with updated anti-hacking methods. Some of Wordpress alternatives are pretty secure as well. Removing malware from WordPress can be quite an undertaking.
- There are also shopping cart software options that help you keep your payment process secure.
You may pay more in money, but you’ll save more in terms of your reputation. And as a social media marketer concerned with reputation, you know that keeping a good reputation really is priceless.