Skip to content
Naked Security Naked Security

It’s a SCAM: Send Bitcoin or your company’s reputation is TOAST!

"I will insult people. And everyone will not care that it's not you." But it's social-disaster baloney!

My my, 19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL, you’ve been a busy little Bitcoin blackmail scam wallet, haven’t you?

According to the Bitcoin Abuse Database, since at least late last month, that’s the Bitcoin wallet that somebody’s been telling people to send money to, lest their websites’ reputations get ruined.

Here’s the TL;DR version, as summed up by the first recipient of the blackmail extortion message to report it to the database:

Full-throttle garbage details

And here are the details: The extortion is coming from spoofed email addresses and threatening to rain down locusts and hellfire and halitosis unless the recipient sends the blackmailer 0.3 BTC (US $2,385.37).

If you don’t send the money, the extortionist threatens, they’ll send millions of emails from your domain, leave boatloads of derogatory reviews about your site, and spoof your domain so as to submit foul messages to other people’s contact forms.

It’s a full-service reputation-ruining package aimed at your site and its/your reputation. Here’s the full text of the threat:

Hey. Soon your hosting account and your domain xxx.nl will be blocked forever, and you will receive tens of thousands of negative feedback from angry people.

Here is a list of what you get if you don’t follow my requirements:
+ abuse spamhouse for aggressive web spam tens of thousands of negative
+ reviews about you and your website from angry people for aggressive
+ web and email spam lifetime blocking of your hosting account for
+ aggressive web and email spam lifetime blocking of your domain for
+ aggressive web and email spam Thousands of angry complaints from angry
+ people will come to your mail and messengers for sending you a lot of
+ spam complete destruction of your reputation and loss of clients
+ forever for a full recovery from the damage you need tens of thousands
+ of dollars

Do you want this?

If you do not want the above problems, then before June 1, 2019, you need to send me 0.3 BTC to my Bitcoin wallet: 19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL

How do I do all this to get this result:
1. I will send 30 messages to 13 000 000 sites with contact forms with offensive messages with the address of your site, that is, in this situation, you and the spammer and insult people. And everyone will not care that it is not you.
2. I’ll send 300 messages to 9,000,000 email addresses and very intrusive advertisements for making money and offer a free iPhone with your website address xxx.nl and your contact details. And then send out abusive messages with the address of your site.
3. I will do aggressive spam on blogs, forums and other sites (in my database there are 35 978 370 sites and 315900 sites from which you will definitely get a huge amount of abuse) of your site xxx.nl. After such spam, the spamhouse will turn its attention on you and after several abuses your host will be forced to block your account for life. Your domain registrar will also block your domain permanently.

A twist on sextortion scams

This is basically just a twist on the sextortion scams we’ve been writing and talking about over the past few months.

While sextortion combines sex and extortion, with online crooks claiming to have embarrassing pictures of you that they threaten to send to friends and family, this new scam instead focuses on the reputation of your site. It’s easy to see how individuals or businesses might well take that threat seriously, given how much money is at stake when you’re talking about reputation.

You haven’t been hacked

Just like with sextortion scams, these reputation extortion scams don’t mean you’ve been hacked.

Could an attacker do everything that this one is claiming they’ll do? Yes, but it sounds like an awful amount of work, doesn’t it? Given how many targets this is getting spammed out to – the Bitcoin Abuse Database shows that these are no targeted emails but are instead being received by loads of people, in waves – well, it sounds more like wishful thinking than a carefully plotted attack. If an attacker really could hijack an account, wouldn’t they just do it and then demand ransom?

The threat is a pack of lies. It’s also a sign that digital extortion scammers are trying something new, as they always are. For example, we’ve seen them try to evade blocklists and spam filters by doing things like writing out their emails, taking a screenshot, and pasting it into the message body. Then they’ll stick in a QR code for the Bitcoin address you’re supposed to send funds to. Wouldn’t want to discourage their targets by the inability to cut and paste a gnarly Bitcoin address!

In other, arguably more convincing, attacks, we’ve also seen extortionists claim to have what’s purportedly one of “your” passwords. It’s meant to make their claims to have hijacked your system all the more credible.

They haven’t. What they’ve done is they’ve used a list of breached or most commonly used passwords. Sooner or later they’ll spam somebody who truly did use that password, and that person will possibly panic and send in the money.

Yet another reason not to reuse passwords!

What to do?

Into the trash with it. It’s 100% bunk!

Find out more about the common traits in extortion scams

(Watch directly on YouTube if the video won’t play here.)

1 Comment

I got a “we know xxxx is your password” from one and it was my password on webhost.com (well publicised breach) and I don’t use it anywhere else. So they are not just guessing.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?