1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

eCommerce Security - Easy $1k/week! (NEWBIE friendly)

Discussion in 'Making Money' started by Copax, Mar 22, 2016.

  1. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    Hi folks,

    I've lurked here for quite some time now in the background, posting very sparingly and certainly not very often. Having said that I have learned a hell of a lot on Internet Marketing and making money online in general over the years, and this is due to the content shared by other users. Whilst the method I'm about to share isn't anything unique or unheard of, especially for the more experienced users, it'll certainly provide the newcomers with a way to make QUICK start-up cash, IF you take action that is; it certainly got me started!

    What you'll need:

    -
    Domain name (preferably a .com or country specific extension to lookprofessional)
    -
    Hosting(If you are strapped for cash, HostGator run plenty of special promotions.)
    -
    Photoshop CS5 (Optional)
    -
    Website Security Scanning Application(Acunetix, Nikto, Netsparker, etc).

    What we'll be doing:

    The general concept of this method is to alert businesses owners to security risks on their website, preferably eCommerce based, and sell them a solution to the problem. Why eCommerce businesses owners? Well, the vast majority will of invested a significant sum of money into either the inventory or setup of the website itself, they will not want to see it go to waste or have their business effected by a security risk.

    You'll be assuming the role of a professional IT Security Consultant that was innocently browsing the prospects website when your super advanced security software alerted you to a serious problem within the website, as a good citizen you will notify the business owner of the potentially serious threat and offer them a solution, only with a twist or two! :D

    Getting started...

    1) First you're going to need at the very least a hosting account with a premium domain, it looks more professional and works best for this method. Hostgator provide regular discounts, trials and offers.For this example I'm going to purchase a domain called CopaxSecuritySolutions.com(it doesn't exist) and create a corresponding Email, in this case, [email protected].

    OPTIONAL: Personally I created myself a professional looking landing page by purchasing a simple, but clean looking HTML template from a well known marketplace and modifying it to my needs, it adds to the overall credibility. For you lazy folks; simply create yourself a new LinkedIn profile complete with profile pic, description, certifications, awards and previous roles. Once complete, redirect your domain to your LinkedIn profile.



    2) Next, if you don't already possess one you're going to need to download a Website Security Scanning Application. Now there's a fair few available, some are free.. some are ridiculously expensive; having said that the vast majority are available as torrent downloads.I'm going to use Acunetix, it's a great application that provides in-depth scanning and report features, it's also real simple to use.



    3) You're now ready to start looking for prospects, business owners with money to spend!Now there's a fair few ways of doing this, personally I searched for store directories in specific niches and went through the websites one-by-one.There's thousands of these directories, certainly no shortages there. Here's some ideas on what to search for via Google, however I would suggest using your imagination. If you need help locating eCommerce websites to contact, this isn't for you.

    "fishing store directory"
    "pet store directory"
    "car parts directory "



    4)Once you have found a number of prospects, open up your Acunetix (or your security application of choice)and begin scanning your first website. NOTE: The majority of scans can take a significant time to complete. I know Acunetix has a quick-scan feature but even this took quite some time, my workaround for this was scanning for around 2 minutes per website and canceling it when a number of threats emerged, if there is any SERIOUS or HIGH RISK vulnerabilities detected, it's usually within this time-frame. If no threats are discovered, simply move on.



    5) Found some high-threat or serious security risks? Excellent, we're now going to take steps to highlight just how dangerous these threats are to the business owner. Open up Photoshop, if you don't own Photoshop, there's a number of free online applications available such as Pixlr (Google it). Whilst you have your scanner open, press the "Print Screen" button on your keyboard, now simply Paste this into Photoshop. Now we're going to do the same again, only this time for the prospects website, take a screenshot of their homepage.

    You should now have an image of your scanner (with the security threats), and a separate image of your prospects homepage. This next stage largely depends on your design and Photoshop skills in general. We're going to create a pop-up looking graphic with the security threat information nicely displayed in the middle, for example purposes I have included what I used below (I've removed the URL for this example).

    My Security Pop-up Example

    To achieve this I Cut the results section out of the security scanner image and simply pasted it on-top of the homepage layer. I also added a red background and additional text to make the "pop-up" look authentic. The idea is to highlight just how serious the threats could potentially be, ensure you are creative with your designs. Once complete, save your image as a JPG.



    6) The final stage is to contact the business owner alerting them of the threats we found. Ensure you contact them from your Email you created earlier for the purpose of this method and ATTACH the image we just created. Below is the actual Email I used at one stage, please use it as a template, add your own twist and change things-up.

    *** EMAIL TEMPLATE ***

    Hi there,

    I have been trying to browse your store however my security software keeps popping up and warning me of serious security vulnerabilities on your website. Are you aware of this? I've attached a screenshot of the notification I'm receiving.

    I actually work within the IT sector and have noted that some of the threats detected can end up in hackers and malicious entities accessing your website and stealing your financial data, among other things. Potentially there may be many more issues found with further investigation.

    It's worth mentioning that the software that's reporting these issues is by 'Acunetix' (a security industry leader) I use for my day job.

    If you are unsure on how to approach this problem, please feel free to get back in-touch and I will certainly do my best to assist you.

    Kind regards,
    [YOUR NAME]
    [YOUR WEBSITE URL]



    7) Obviously you will get prospects that don't reply or have "people" that will apparently sort any problems with their website out for them; simply move on. What you decide to charge is entirely up to you, my rates started at $250 for simple fixes and worked their way up as I had outsourcing fees to contend with.



    I'm not a security professional, how do I provide a solution?

    Whilst I can't speak for other security applications, Acunetix provides a solution under each threat that is found.This solution could quite easily be forwarded to a freelancer or someone with the technical knowledge required to assist you. In some cases I had absolutely no idea what I was talking about, I simply copied and pasted what a freelance professional had informed me and forwarded it to my client, charged a handsome sum of money and had the issue fixed - I was simply the middleman. The VAST majority of threats are due to missing SSL certificates on forms, poor coding or in some cases, simply false flags.


    Final Note

    I hope this wall of text helps some of you folks out who may be struggling earning money online, it's great for startup capitalor investing into other ventures.Yes, it's an older method with a twist, and YES it works, I can assure you of that - it just takes a little effort and your own ideas.

    Good luck!
     
    • Thanks Thanks x 23
    Last edited: Mar 22, 2016
  2. naathanz

    naathanz Newbie

    Joined:
    Mar 22, 2016
    Messages:
    5
    Likes Received:
    1
    This was a great wall of text. Read it all! :p

    Have some new ideas in mind due to this! Thanks :)
     
    • Thanks Thanks x 1
  3. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    4,314
    Likes Received:
    985
    The method like this is being done via cold calling home it come such a harassment method in the uk it know on top on radar of top dog series for crooks.

    also you can not send email to a company hassing them in this way it illegal
    and un professional

    earning money on lies is not in my eyes real internet marketing
    my opionion sorry.

    Well written but keep me out, i got morals
     
    • Thanks Thanks x 1
  4. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    You are simply alerting them to actual vulnerabilities on their website. At worst, you are exaggerating an existing issue. If you were contacting website owners and pretending to of discovered threats (that don't exist) then I could understand your opinion, as it stands, I don't.
     
    • Thanks Thanks x 1
  5. bigbrothers

    bigbrothers Regular Member

    Joined:
    Jul 15, 2014
    Messages:
    382
    Likes Received:
    80
    Gender:
    Male
    Occupation:
    Seo Company
    Awesome, looks like a great one. Wondering to know which will be the best Website Security Scanning Application on your experience.
     
  6. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    I personally used Acunetix.
     
    • Thanks Thanks x 1
  7. Boriss

    Boriss Supreme Member

    Joined:
    Nov 7, 2009
    Messages:
    1,427
    Likes Received:
    562
    Location:
    Inside a Monitor
    Best thing is to do it all manually, not with software.
     
  8. mazak85

    mazak85 Regular Member

    Joined:
    Oct 10, 2014
    Messages:
    344
    Likes Received:
    120
    1. learn english

    2. it's blackhatworld.com so gtfo if you don't like methods like this one

     
    • Thanks Thanks x 6
  9. shufflemedia

    shufflemedia Newbie

    Joined:
    Mar 11, 2016
    Messages:
    1
    Likes Received:
    0
    Hi, thanks for the method. How much do you usually charge? And do you adjust the price on how many issues there are with the website?
     
  10. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    I look to charge at the very minimum $250. Each case is slightly different (depending on type and number of vulnerabilities), there's a lot of room for maneuver in terms of pricing. In most cases as the owner has already invested a fair sum of money into the website alone, paying for a potential security risk solution is a no-brainer.
     
  11. Wonka9

    Wonka9 BANNED BANNED

    Joined:
    Mar 21, 2016
    Messages:
    23
    Likes Received:
    2
    Very good information good guy for sharing.
     
  12. siffy1

    siffy1 Registered Member

    Joined:
    May 27, 2012
    Messages:
    90
    Likes Received:
    10
    How many emails would u send a day and what would your conversion rate be?
     
  13. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    I was sending roughly between 60 - 100 Emails throughout the course of a day whilst doing this (not all at once). I'd usually wait at-least 48 hours to allow people time to respond, and whilst you will get responses, they won't all be quality leads. For a single "campaign" or a day sending out Emails I'd get between 4-8 leads who were interested in pursuing a solution with me for my minimum charge ($250.00).

    For those of you with the confidence, been able to converse with prospects/leads on the phone will jump your conversion rates up significantly.
     
  14. cdmxtbhk1

    cdmxtbhk1 Newbie

    Joined:
    Oct 2, 2015
    Messages:
    14
    Likes Received:
    3
    ..well. Its seem like artice from CPAHEro?
     
  15. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    The post you are referring to aims to get users to ask for a tip for alerting website owners to vulnerabilities on their website. As I said previously, this is an old method that has a few different alternatives and twists to use.
     
  16. Nullium

    Nullium Newbie

    Joined:
    Oct 12, 2015
    Messages:
    30
    Likes Received:
    14
    Location:
    Oklahoma, USA
    Excellent post Copax, I appreciate the quality!

    In the last section of your post, can you elaborate more on this step? I have my own twists in mind. Do you get paid from the client first before reaching out to the professional? I know it's unique for each persons' twists, but how do you accept payments for your 'security service'? Thanks!
     
  17. okazaki

    okazaki Jr. VIP Jr. VIP

    Joined:
    Apr 16, 2015
    Messages:
    804
    Likes Received:
    341
    Home Page:
    Thanks dude for sharing this method
     
    • Thanks Thanks x 1
  18. Copax

    Copax Registered Member

    Joined:
    Jan 30, 2013
    Messages:
    62
    Likes Received:
    44
    Gender:
    Male
    Location:
    United Kingdom
    Thanks Nullium, glad it could be of some help.

    To elaborate on the section you quoted, once I have a lead who is interested in pursuing my services I run a FULL scan on their website (not just two minutes), this usually uncovers many more vulnerabilities. Acunetix in-particular allows you to save the report as a .PDF and implement your own branding. Once I have a good understanding of what is wrong with the website I reach out to the freelancer and request a quote for a solution, my "fee" is then added to this quote and forwarded to the client (along with the .PDF report with ALL vulnerabilities included).

    For payment, I invoice individuals directly from PayPal detailing exactly what they are paying for.
     
    • Thanks Thanks x 2
  19. sikandar

    sikandar Senior Member

    Joined:
    Mar 15, 2008
    Messages:
    1,149
    Likes Received:
    1,036
    Good method OP. Are you also a reseller of Acunetix?
     
  20. gabiend

    gabiend Newbie

    Joined:
    Sep 22, 2015
    Messages:
    41
    Likes Received:
    12
    He wrote about it being available as a torrent download. I think he wouldn't be allowed to say that as a reseller.