We frequently have people contacting us looking for help after they have been contacted by the web security company SiteLock, through that we often hear bit and pieces of the misleading and outright false claims they frequently make. Recently we have been sent complete sets of communications between them and the people they were trying to take advantage of. There are a number of things we have noticed in those that seem worth touching on, but we will first start with something related to something we discussed in another blog post a month ago.
This comes from an email conversation with a SiteLock “website security consultant”, which is really just a commissioned sales person. You can probably guess from that how misleading the title is from what the person really does that what they are telling people also isn’t truthful.
Here is a claim that the sales person made:
You have been very blessed if you site has not been hacked for 6 months as a typical website faces 44 attacks a day. With out the proper security any and all of those attacks can effect your site.
When we discussed that stat last month we noted that what would relevant would be how many successful attacks there are, not how many attempts there were. As we also noted then, SiteLock’s president actually claimed they were able to determine what were successful attacks:
As our research shows, cybercriminals are now able to successfully breach a site with fewer, more targeted attacks.
If they truly know that (it seems like they probably didn’t, but were claiming otherwise to make a reduction in claimed average attacks sound scary) why wouldn’t they let people know how many successful attacks there are seeing as those are what what actually matter? An obvious answer would be that successful attacks are incredibly rare. It isn’t like the average website is being hacked once a year, much less multiple times a day as the sales person’s claim implies is possible.
In the rest of the email no evidence was provided that the $99 a month service they wanted this person to purchase would do anything to protect the website from being hacked and they even promoted that the service includes unlimited cleanups, which wouldn’t be needed if the service actually protected the website since it shouldn’t be needed to be repeatedly cleaned up if the services actually secured the website. Based on their marketing material it seems that SiteLock believes that a security service shouldn’t actually be able to secure website against being hacked, which in way makes sense since simply doing the basics is what will actually provide real security.