Or not. This message is often received via website contact forms with inadequate captcha implementations, and is of course mass-mailed using python scripts. The contents is often along the lines of :

"Made Up Name <hacker @ someforgedaddress.com>

We are a group of highly qualified ethical hackers who scan tens of thousands of sites every day for critical vulnerabilities and patch them for a small fee.

On your site somewebsite.com - we have discovered 5 critical vulnerabilities, each of which can give attackers full access to your site, databases and the server as a whole.

Pay $3000 (0.15 BTC) by visiting this site where you will be able to copy our bitcoin (btc) address or scan the QR code with your device {Some bitcoin address} And after payment within 12 hours we will fix all the vulnerabilities on your site and you can sleep peacefully without worrying about the safety of your site and server.

If we are hired by well-known corporations, then we charge from $50000 for our services, so you are lucky that we offer you the same service for $3000 (0.15 BTC)"

You may well have some vulnerabilities, or you may not, they certainly didn't check anything, but it should be a reminder to everyone that your Joomla or Wedpress website is only as secure as the modules and plugins you have, and that's the catch 22 really, once you have a paid module or plugin then its yet another weak link in the chain, and if you don't keep paying your annual subscription, you no longer get updates, and unlike proper companies who will issue security patches for free, most Joomla/Wordpress module/plugin vendors won't unless you keep paying over and over again.

For this reason alone it is highly recommended that you stay away from 'paid' modules or plugins if at all possible. For many things there are open source, or free to use versions available that do pretty much the same thing and these you can update for free. If you must have a feature that's not available any other way, then cost it into your future hosting, it can amount to a considerable amount over the lifetime of your website? Maybe even more than having your own feature written specifically for you, that you then own the rights to? think about it.

If you are worried that you may have an issue, and that someone may have hacked your site, then you're welcome to raise a ticket at the HelpDesk (https://support.gen.net.uk) and one of our experts take a look and give some advice free of charge (for UK based businesses).