This post may contain affiliate links. If a product or service is purchased using a link(s) in the post below a small commission may be earned.
Image created using ImageFX by Google
Any info cited for this post was found via a general online search.
I was weeding through my sites contact from messages the other night and came across a very familar looking scam. It was of course the Bitcoin extotion scam.
This scam has been around for years and I’ve shared about it in posts and videos. Yet this one had a bit of a new twist. Or at least it was new to me. The scammers are now targeting websites.
The Bitcoin Sextortion Email is back again.
The message
As I said I was weeding through my contact form messages. Since I use Clean Talk it approves or denies message for me. So at times I go and check my messages. Most of them are spam but I like to give them a quick overview just to make sure.
This particual message was most cetainly spam but it did catch my attenion.
Here’s the full message text:
Mar 24, 2024 08:39:05
Helaine Pickering
hacked@lifewithpal.com
172.98.80.160
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1264.71
Page URL: https://lifewithpal.com/contact-pal/
Bitcoin scam attempt
Referrer: https://lifewithpal.com/contact-pal/
Message: Helaine Pickering
elementor_pro_forms_send_form
Privacy questions
on
https://lifewithpal.com/contact-pal/
We have hacked your website https://lifewithpal.com and extracted your databases. How did this happen? Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server. What does this mean? We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site https://lifewithpal.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index Our targets. How do i stop this? We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.044 BTC). Send the bitcoin to the following Bitcoin address (Make sure to copy and paste): 3GNLedSoZxz2JLXnzrbiZPzEnXDLY1TncL Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this e-mail or the database leak, e-mails dispatched, and de-index of your site WiLL start! How do i get Bitcoins? You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. What if i don’t pay? We will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will Only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers. This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied.
Here’s a screenshot of the message.
that “Hacker” sure does like to type
I was surprised at how long this message was. It remined me of the sextorition messages that were going around a few years go. It seems they want to “ruin” my reputation and my websites good name. Which I get how this could scare someone but the way they go about it in the email is long winded.
It’s like a novel for something that can be shared in a few short sentences. Another thing I noticed was that they claim to have copied my sites database.
Here’s the thing if you are hosting your site on a reputualbe or well known hosting provider they have security on their servers as well as othe measures. So that was laughable.
Secondly who’s going to go after a blog with a picture of a cat? Come on you’d think they would “attack” larger sites that have major retail sales.
I just found a rather laughable line in the email. On the point of leaking what I assume is an email list. The “hacker” states the following:
An odd threat from the “hacker”.
Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site https://lifewithpal.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do.
You can tell that they weren’t even trying when they wrote this threat.
The bitcoin request
Apparently I have 5 days to pay a $3000 in Bitcoin to get my data back.
I would like to point out that again it’s funny that they offered an FAQ about how to obtain Bitcoin in the email threat to.
How do i get Bitcoins? You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.
An FAQ on how ot obtain Bitcoin
What I’ve learned so far
Thanks to Clean Talk I can see the IP address that the email was sent from. Granted the email might be routed through the IP but I have oen none the less.
I found out that 172.98.80.160 is based out of Candan.
Here’s some info from AbuseIPDB I also found out a bit more from Cleantalk
I also fond some info about the scam fover on ChainAbuse.
What kind of scam is this?
This would be a typcial ransomware scam. Basically the scmmar threatens you or in this case your website in order for you to pay up for your database or files.
I know this is a scam and I won’t be paying out at all.
if this scam lands in your inbox mark it as spam and block the sender.
Measures you can have in place
You should have a good spam filter for your contact forms. You should also have a security plugin. These may vary by the software you use but if you are using WordPress(.org) you can check out the post below for suggestions.
Some of Pal’s favorite WordPress products
I also suggest you invest in using CleanTalk. It’s a great deal.
Let’s get the word out and share this with other website owners.
