This new extortion scam threatens to hurt your reputation and steal your data

(Image credit: Evannovostro / Shutterstock)

Cybersecurity researchers and the media are warning website owners and administrators not to fall for the latest high-profile scam campaign which threatens to leak a website's sensitive data, blacklisted for spam, and damage its reputation.

BleepingComputer has reported that a new phishing email is making the rounds, targeting website owners and administrators around the world.

In the email, the sender claims to have “hacked” the recipient’s website, and stolen the sensitive content found there. To avoid that data being leaked (or sold) online, the attacker demands a payment of $2,500 to a Bitcoin wallet.

Paying the demand

Essentially, recipients are being threatened with a non-existent ransomware attack that has supposedly targeted their system already. 

The attacker also threatens to send messages to the business' partners, suppliers, and clients, and to have all of the website's links that are ranked in search engines "de-indexed", which the e-mail claims is possible “based on the blackhat techniques we [have] used in the past to de-index our targets”. 

The sender also threatens they’ll get the business “on every blacklist in the country”. Though this threat is vague, it's designed to instil fear. And, naturally, the email lists two bitcoin addresses which victims are directed to make payments to. 

One of the addresses hasn't sent or received any bitcoin since it was established, but the other did receive one payment of $2,500, suggesting that someone either has fallen for the scam, or the scammers themselves are trying to drum up business. 

These emails, known as phishing attempts, can be frightening to read, especially for less tech-savvy business owners, but they are, essentially, bluffs. That's why it’s important for users to question every received email, and not take anything they see at face value. 

Instead of rushing to make payments, recipients would be better off marking the email as spam and deleting it, as well as marking the bitcoin address on the Bitcoin Abuse Database. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.