I received this email titled – Site Has Been Hacked. It’s obviously some sort of an extortion scam trying to get e-commerce store owners to pay or face the consequences of the actions described in the email.
I know my site has not been hacked, nor has my database been extracted as they claim. Unfortunately for many online store owner, this would be a very frustrating email to receive. Paying the ransom only gives this scammers more funds to be able to further expand their scams, and better their resources to target more victims.
Unfortunately anytime you have an online store or e-commerce store, you are a target of scammers trying to defraud you. From the failed payout and chargeback phishing scams, to the fake advertisers. Not just is it difficult to compete with others sellers, but you are constantly having to evade scammers and others trying to cause harm.
Here is this “Site Has Been Hacked” extortion email I received
The email came from : [email protected].
Site Has Been Hacked
Your Databases Has Been ExtractedYour Site Has Been Hacked
PLEASE F0RWARD THIS EMAIL To SoMEoNE IN YoUR C0MPANY WHo iS ALL0WED To MAKE IMPORTANT DECISIoNS!
We have hacked y0ur website (site name removed) and extracted y0ur databases.
How did this happen?
our team has found a vulnerability within y0ur site that we were able t0 exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and m0ve the inf0rmati0n t0 an offsh0re server.
What does this mean?
We will systematically g0 through a series of steps of t0tally damaging your reputati0n. First your database will be leaked 0r s0ld to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails f0und they will be e-mailed that their inf0rmation has been s0ld 0r leaked and your site (site name removed) was at fault thusly damaging y0ur reputati0n and having angry customers/associates with whatever angry cust0mers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off 0f blackhat techniques that we used in the past to de-index our targets.
How d0 i st0p this?
We are willing to refrain fr0m destr0ying your site’s reputation f0r a small fee. The current fee is $3000 in bitcoins (0.15 BTC).
Please send the bitcoin t0 the following Bitcoin address (Copy and paste as it is case sensitive):
32fT55HRpoXKyz3ZZqncLWtgKXTKBJXyd9
once you have paid we will automatically get informed that it was your payment. Please n0te that y0u have to make payment within 3 days after opening this e-mail 0r the database leak, e-mails dispatched, and de-index 0f your site WiLL start!
How do i get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.
What if i don’t pay?
if y0u decide n0t t0 pay, we will start the attack at the indicated date and uphold it until y0u do, there’s n0 c0unter measure to this, y0u will only end up wasting more money trying t0 find a s0lution. We will c0mpletely destr0y y0ur reputati0n am0ngst go0gle and y0ur customers.
This is n0t a hoax, d0 n0t reply to this email, don’t try t0 reas0n 0r neg0tiate, we will not read any replies. 0nce you have paid we will stop what we were doing and y0u will never hear from us again!
Please note that Bitcoin is anonym0us and n0 0ne will find out that you have c0mplied. Finally d0n’t reply as this email is unmonitored.
I assume the use of 0 instead of the o is to bypass email junk detectors, but this email was in my junk mailbox.
What to do if you receive a extortion email?
Sure, you can report this to the police or even other law enforcement agencies, but I doubt there is much they can do. Online scams have become more prevalent over the years, as it becomes easier to extract and scrape information from public websites.
E-commerce store owners seem to be the target of these type of emails as normally they are small businesses with limited or no development team. So you just don’t know if it’s true or not. On top of that, because certain requirements from search engines and other advertising partners, the contact information of an e-store has to publish their email address and phone number(s). This gives these scammers access to easily contact you with their extortion, phishing and other scams.
How to protect yourself and your online business
It’s difficult to protect yourself. The best way is to stay on top of commons scams and practices that are being implemented by the scammers, and NEVER click on a link that comes in your email.
If you received a similar “Site Has Been Hacked” extortion email, leave a comment with the content in the comments below.