What Website Owners Need to Know About Cyberattacks In 2018

What Website Owners Need to Know About Cyberattacks In 2018



Imagine if one in every 15 websites you visited was secretly taken over by cybercriminals trying to steal your credit card information or other personal data. Now imagine if that website was your website, and you had no idea it was harming your visitors. This is the reality for many website owners, and now more than ever, they need to be on alert for cyber attacks in 2018.

In Q3 2017, alarming cybercrime trends have been discovered that will likely affect websites for months to come. The most worrying trend for website owners: cybercriminals are increasingly using malware, or software that is used for malicious purposes, to take advantage of website visitors. In fact, nearly 15 percent of malware attacks targeted website visitors with the goal of exploiting them for sensitive data, website traffic, and other assets or resources. That’s not all: cybercriminals attempted to compromise more websites in Q3 2017 than in the previous quarter, increasing their attempted attacks by 16 percent.

The frequency of these attacks means that your website – and your visitors – could be impacted at any time. Without proper website security in place, your website is likely to experience a cyber attack and suffer the consequences.

Using data, we’ll reveal how cybercriminals are able to exploit website visitors, what they gain from targeting visitors, and how you can put a stop to it in 2018 and beyond.

How are cybercriminals taking advantage of website visitors?

Stealthy cybercriminals prefer types of malware that can enter a website and cause damage quietly, as cyber attacks are typically more effective when both website owners and visitors are unaware the attack is happening. It’s for this reason that backdoor files were often used to execute visitor attacks in Q3 2017.

Backdoor Files

Backdoor files allow cybercriminals to gain administrative access to a site without the knowledge of the website owner. As the name suggests, you can literally think of it like the backdoor to a house that someone uses to enter and leave without being noticed. More specifically, backdoor files are uniquely encoded files that are difficult to detect. Cybercriminals can encrypt their backdoor files with a decoding key that only they possess, meaning, no one else has access to their malicious file. In Q2 2017, backdoors accounted for 23 percent of malware files. Because malware is becoming increasingly complex and easily hidden, backdoor files pose a large threat to website owners. Once a backdoor file is left on a website, cybercriminals can use it to return to the website at their leisure to cause more damage.

Once malware successfully infects a site, it can be used to deploy visitor attacks.

Visitor Attacks

Visitor attacks are attacks that occur on a website with the goal of exploiting the website’s visitors. These attacks can target sensitive customer data, steal website traffic, or spread malicious content.

In Q3 2017, visitor attacks accounted for 26 percent of malicious files cleaned, which means that if an attack occurs on your website, it’s likely targeting your visitors.

The most frequent visitor attacks in Q3 fell into one of four categories: SEO (search engine optimization) spam, redirects, defacements, and phishing kits. Below is a breakdown of what these attacks are and how they can harm website visitors.

SEO Spam

SEO (search engine optimization) spam takes advantage of the way keywords are used to influence how well a website ranks in search results. For those unfamiliar with SEO, a website has a better chance of ranking for a certain keyword if that keyword is used on the website. By injecting unrelated keywords into a victim’s website, cybercriminals can attempt to force a website to rank for those unrelated keywords instead. SEO spam is a top objective for cybercriminals, as the number of SEO spam files removed from websites increased 10 percent from Q2 to Q3 2017. SEO spam can add keywords directly onto to the pages of the website or inject them into the website’s code. The result: the attacker’s website sees higher traffic and improved rankings in search engine results, while the victim’s website loses traffic due to lower rankings and confused visitors.

SEO spam is classified as a visitor attack because it tricks visitors into viewing irrelevant content on the intended website. For example, if your visitors came to your blog looking for your latest recipe but found a post about prescription drugs instead, they’ll likely leave confused and unsure of whether your website is trustworthy. These irrelevant keywords can also devastate your website’s rankings in search results and draw traffic away from your website by directing your visitors to a different, malicious website.

Phishing Kits

Phishing kits are illegitimate replicas of popular websites like Google, Netflix, or various online banking applications that seek to steal sensitive information. Over 300 different organizations were targeted by 29,000 phishing kits in 2016, allowing cybercriminals to imitate several reputable websites. For example, if a visitor tries to complete a purchase on your site using PayPal but is unknowingly taken to a phishing site that looks like PayPal, that customer has just handed over their payment information to a cybercriminal. If they never receive the order that they paid for and discover that their information was stolen, you’ve not only lost a sale but likely a customer as well.


Website redirect attacks occur when visitors arrive on your site and are instead redirected to a phishing or malware-infected website. These attacks account for 8 percent of malware files. Redirects are often part of an SEO spam attack or a phishing scheme, causing a loss website traffic and a decrease in trust from your visitors.


Defacements change the appearance of your website when a cybercriminal replaces your website’s content with their own. You can think of it like digital graffiti on the homepage of your website. This content often includes an ideological or political message that could be off-putting to your customers. A defacement can render your website unusable, meaning you will lose leads, sales, and traffic. And when your website is restored, you can expect those numbers to stay low as visitors decide whether they still trust your website. Perhaps the most well-known type of malware, defacements accounted for 15 percent of malware files detected in Q3 2017.

Why are these cyber attacks happening?

While cybercriminals continue to increase their efforts and develop new types of malware, website owners largely continue to operate under a false sense of security. 13,000 website owners were surveyed to find out who they believe is responsible for their website security, and the responses were alarming. Of the surveyed website owners, 70 percent either believed their website was protected by their web host, or simply couldn’t answer the question.

It’s a common misconception that hosting providers offer security for each website they host. However, your web host only protects the server your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment.

Another common website security misstep is relying on search engines for malware warnings. Popular search engines do their part to help create a safe internet by looking for websites with malware. To protect visitors, search engines will place a warning on a malware-infected site indicating that the site may be compromised. Search engines might even de-index the website if the infection isn’t resolved in a timely manner, meaning it will be removed from the search results. This process is known as “blacklisting,” and all too often – or perhaps not often enough – this is how website owners discover they have malware. Blacklisting can have a devastating effect on a website, causing a loss of traffic, trust, and revenue. For this reason, search engines err on the side of caution and only flag websites when malware is definitely identified. However, only 21 percent of infected websites are blacklisted, meaning that unflagged websites might still be infected with malware.

Fortunately, there are much more effective ways to secure your website.

Protect your website and your visitors in 2018 and beyond

Now that you’re aware of some of the ways malware can exploit your website and visitors this year, you should reinforce your website’s security. Here are a few simple best practices that can be implemented right away:

  • Use strong, unique passwords on all your website applications to prevent cybercriminals from guessing your password.
  • Update your applications and add-ons as soon as security patches become available and remove anything you’re not using anymore to help prevent vulnerabilities.
  • Maintain offsite backups of all website content so you can restore a clean copy of your website in the event that a cyber attack happens.

While everyday best practices are a great first step to securing your site, to combat threats effectively you’ll need to install a website scanner that looks for and removes known malware every day. You’ll be alerted when malicious or suspicious threats are identified, allowing you to resolve issues immediately and reduce the risk to your site and its visitors.

You’ll also save money by:

  • Not needing to hire an expert to remove malware manually.
  • Preventing costly downtime caused by cyber attacks. Website downtime can cost small businesses as much as $427 per minute.
  • Retaining customers and visitors. Recent data shows that 65% of customers who have had their data compromised refuse to return to the website that was responsible or simply stopped shopping online altogether.

With your website running safely and efficiently, you’ll be able to invest your time and money back into your business.

By taking proactive measures to protect your website, you can stay ahead of busy cybercriminals, cyber attacks and new trends in malware.

Is Social Media a “Pay to Play” in 2018?

Is Social Media a “Pay to Play” in 2018?


Remember MySpace?

It was one of the first social media platforms that revolutionized how people interact online.

In those days and even in the early days of Facebook, people were still trying to get comfortable with online “friendships.”

Some people didn’t join until a significant portion of humanity had already signed up. And even then, they were a bit hesitant.

Now, however, people are acquainted with social media, how it works, and why it’s fun. They trust it and they enjoy it. Therefore, they use it.

And in the days of social media discovery, everyone sort of wondered, “How are these platforms making money?”

Well, now we have the answer.

In a word, advertisements.

The more people that these platforms have access to, the more money they make from businesses wanting to sell those people their products.

And today, 62% of people living in North America have a Facebook account.


Since Facebook sells all of that user data to advertisers, they make a lot of money.

Unfortunately, that also means that growing an organic audience on social media platforms is only becoming more difficult.

Because Facebook, Linkedin, Pinterest, and Instagram want you to pay them money to reach your audience.

They don’t want you to be able to do that for free. At least, not easily.

While social media platforms might look like a simple and fun idea on the outside, the reality is that each one is a business.

Still, though, paying to play is well worth your time.

Not only does a massive portion of the human race use social media, but they use it regularly.

Over 75% of Facebook and Instagram users visit the platform at least once per day.













And that means if you advertise on the platforms, people will see you.

Social media is attracting people like crazy, and it doesn’t seem to be going anywhere anytime soon.

For that reason, many marketers and advertisers are still using the platforms to spread their products and message, despite the “pay-to-play” models.

Just take Facebook, for instance. 93% of social media advertisers use Facebook Ads.



However, even the massive number of marketers and advertisers who use social media to sponsor their businesses struggle to quantitatively measure their effectiveness.
















And that’s a damaging truth.

Not just to your spirit, but to your pocketbook. Maybe if you’re only trying to grow an organic following on social media, then it isn’t as detrimental.

After all, you’ll probably invest less money while trying to grow an organic following.

However, social media platforms are intentionally trying to get you to pay.

So first, I’ll discuss why and how that’s happening on social media platforms and then lay out some strategies to help you get the most bang for your buck on your advertising efforts.

Why social media is “pay-to-play”

It used to be that you could grow a social media following with some creativity and determination.

Now, however, you also need dollar bills.

And the more you have, the better you’ll be able to reach your audience.

That is, of course, on purpose.

Social media sites want you to pay to reach your ideal market. They don’t want you to able to reach it for free, and they definitely don’t want you to be able to go viral without paying for it.

Over the years, that truth is only becoming more prevalent.

As social media platforms establish themselves, they can require businesses pay more to reach their target markets.

And they are doing so. Vehemently.

In fact, on average, brands only reach 6% of their fans without using paid advertisements.

Clearly, that isn’t very promising.

Additionally, average Facebook engagement is on a downhill slope.


In other words, not only is it difficult to reach your ideal audience, but it’s almost impossible to get them to engage.

The answer, of course, is to run paid advertisements.

As Facebook’s stock price has increased, the average organic reach of business pages has decreased.



Why is that?

Because, again, Facebook doesn’t want you to build a following for free. They want you to pay for it.

Just consider this promote button that they constantly encourage businesses to click.



If you have a Facebook page, you know exactly what I’m talking about.

You probably even receive occasional notifications telling you to boost your post for $5 or $10.

That is a great way for Facebook to make money. But it might not be a great way for you to make money.

And that boost button becomes even more tempting when you find out that Facebook won’t even show your post to all of your current followers.

Just consider this post. My page has almost 920,000 followers, but Facebook has only shown the post to about 15,000 people.



Is that just because only some people have been on Facebook at the time of the post?

No. No, it isn’t.

It’s actually because Facebook intentionally restricts how many people a page can reach with their posts organically. They want you to click that boost button, and they want you to do it as often as possible.

The more you do, the more money they make.

That is, of course, only one example of the increasingly expensive social media climate that advertisers find themselves in.

So what can you do to get the most bang for your buck this year?

Specifically, five things. Here’s what they are.

1. Understand your advertising goals

Since every advertisement is going to cost you cold, hard cash, you shouldn’t run one unless you’ve first determined what the goal of the advertisement is.

If you don’t know, then it’s probably best for your bank account to forego paying for an ad.

The process doesn’t need to be complicated, though.

Just start by taking a look at your funnel, from awareness to consideration to transaction.


Then ask yourself where the advertisement falls within that funnel. What is the end goal of the ad?

Traffic? Conversions? Brand awareness?

The goal of your ad should directly impact the copy, image, and message that you send. If you don’t have a direct goal for your advertisement, then you shouldn’t run the ad in the first place.

Especially since an unsuccessful ad will cost you loads of money and time.

Naturally, there are a variety of different goals you can choose from.

This ad, for instance.


Is trying to do something far different than this ad.

One is trying to build brand awareness and strengthen Buffer’s brand image, while the other is trying to actually sell Buffer’s SaaS product.

One is top-of-funnel and the other is bottom-of-funnel.

Sometimes, you’ll want to run ads to a piece of content you created on your website.

Other times, you’ll want to simply sell your product.

Which goal you choose for your advertising campaign will also impact the audience you target.

If you’re trying to build brand awareness, then you might try to target people who’ve never heard of your business.

But if you’re trying to generate conversions, then it’s probably a better idea to run ads to people who already know about you and have indicated that they are interested in buying.

One thing’s for sure, though. If you don’t know what the goal of your advertisement is, then you don’t really have an advertisement at all.

Start with deciding a goal for your advertisement and don’t run the ad before you’ve determined it.

2. Choose the right social media platform

Each social media platform is different.

Some social media platforms are great for B2B advertising while others are great for B2C advertising. Still, some work for both.

Not only that, but each platform also offers different advertising options.

On Facebook, you can target custom and lookalike audiences, which we’ll talk more about it in a bit.

And on LinkedIn, you can target matched audiences.

With Pinterest, you can use Shoppable Pins.

Above all, though, Facebook shines through as the preferred option for marketers and advertisers everywhere.

In fact, 95% of marketers said that Facebook produces the best ROI for their advertisements.









As you can see, Twitter, Instagram, and LinkedIn fall into second, third, and fourth place.

If you’re looking to advertise on social media, then you should at least consider those top four platforms.

Still, one platform will work better for B2B while another works better for B2C. And one will work better for SaaS while another works better for physical products.

How can you decide which platforms to use and which to ignore for the sake of your business and your ROI?

Well, if you’re marketing for a B2B company, then LinkedIn, Twitter, and YouTube should stand at the top of your marketing list.


However, keep in mind that, on LinkedIn, you can’t do a very good job of selling your actual products.

For generating leads, the platform is remarkable. But for generating conversions, not so much.

Twitter is great for quick advertisements that drive leads and conversions. And YouTube is perhaps the best platform for building a meaningful connection with your audience since it’s based in video content.

Here’s a quick overview of each social media platform and their specialities.



In particular, you’ll notice:

Pinterest is great if you have a female audience, Twitter has the largest penetration in the U.S., Facebook is mostly on mobile, Instagram is all about images, Google+ has 300 million active users, and LinkedIn is B2B oriented.

Those unique differences should impact the place you advertise and the advertisements you use.

And each one will cost you money because each social media platform is a business.

So you need to choose the platform that will provide you with the best ROI. That way, you’re not wasting your hard-earned cash on a platform that simply doesn’t work with your business.

3. Target custom and lookalike audiences

Here’s what you don’t want to do.

You don’t want to pay for advertisements, run them for weeks on end, and receive little-to-no attention.

Unfortunately, that’s often what happens when marketers run advertisements without taking the necessary precautions. Or at least, having the necessary knowledge.

Take, for instance, the audience you choose to target.

You can target everyone in the social media world with the right interests. Or, you can target people who are similar to your current successful audiences.

In most cases, the latter option is far more effective.

Fortunately, most social media platforms offer a variation of what Facebook calls custom and lookalike audiences.



LinkedIn calls it matched audiences and Twitter calls it tailored audiences.

But the feature is largely the same across the board.

So what exactly does the feature do?

Well, it allows you to target audiences that are similar to your current successful audiences.

Imagine, for example, that you have an email list that is incredibly successful. Your open rate, click-through rate, and engagement rate are remarkable for your industry.

With customer and lookalike audiences, you can leverage that email list.

The feature allows you to do one of two things.

  • Target your email list or some other predetermined audience.
  • Target an audience that is similar to your email list or other predetermined audience.

The benefits of those features are obvious.

If you have an audience that is already successful, then targeting those same people or people with a similar attitude and demographic is likely to pull results.

In the case of Facebook lookalike audiences, advertisers experience higher-quality and scale than other advertising options.



However, using the feature for one of your social media campaigns will usually require you to install a tracking pixel on your website.

This is what that looks like on Facebook.



ortunately, that’s quite simple and anyone can do it.

Most social media platforms will walk you through the steps to do so, and all you have to do is follow.

Once you’ve installed the pixel, that social media platform will receive data from your website to understand how your ad is performing.

How many people visit your website? How many people convert? Or how many people abandon their shopping cart?

That’s all available information if you install the required pixel.

Then you’ll be able to use custom and lookalike audiences, giving your advertisements the best bang for your marketing buck.

4. Run retargeting ads

Similar to customer and lookalike audiences are retargeting ads.

These allow marketers to show advertisements to people who have taken (or not taken) certain actions on their website.

Again, you only have access to retargeting ads if you install the corresponding social media pixel on your website.

Most social media websites, though, will allow you to run retargeting ads with ease.

Here’s how they work.

Someone visits your site, and the social media pixel tracks their actions. Let’s pretend, for instance, that they put an item in their shopping cart, but leave before buying.

Then, when they go on Facebook, they see an advertisement that targets them with the exact item they added to their cart, maybe offering an additional discount as an incentive.



For obvious reasons, retargeting ads are more successful than their less-targeted counterparts.

But just how successful are retargeting ads?

Well, on average, they receive three times more clicks, and they are four times more likely to convert new customers.

Here’s what a retargeting ad sometimes looks like. The person visits the website and then they see a sidebar ad on Facebook of the exact same item.



The other regard in which retargeting ads help your marketing success is across different devices.

In today’s world, people use multiple devices. They view your website on their laptop and then Facebook on mobile.

As you can see in the chart below, the device percentages are almost evenly split.



With retargeting ads and a social media pixel, the ads don’t depend on cookies, which are device specific. But they often identify the actual user.

That means even though the person visited your website on their laptop and then Facebook on their phone, the pixel sees the person instead of the different devices.

Clearly, that’s a win for your marketing strategy.

Here’s a retargeting ad, for instance, in which J. Crew Factory offers a discount for a user who abandoned their cart.










And another example.










And one more.








Do that and you’re sure to get more bang for your buck out of your advertising dollars.

Retargeting ads are less risky than most other advertisements because they target people that, you know, are already interested in your product.

You just have to give them a little push before they buy.


As time goes on, social media is only going to get more expensive.

Each platform is trying to run a business, which means that they are trying to make money.

You are their customer.

And your customer is their product. Fortunately, the story isn’t all bad.

Social media is remarkable at finding and targeting your audience.

Even though you now have to “pay to play,” as long as you use your dollars wisely, you can use social media to advertise your products and grow your business.

The four things you want to focus on are understanding your advertising goals, choosing the right social media platform, targeting custom and lookalike audiences, and running retargeting ads.

Then, and only then, will you get the best bang for your buck in the expensive social media climate you find yourself in.