June 11, 2019 By David Bisson 1 min read

Malicious actors are threatening to ruin websites’ reputations and get them blacklisted as part of a new extortion scam campaign.

According to Bleeping Computer, this extortion campaign involves fraudsters using websites’ contact forms to reach out to site owners. These emails typically have the subject line “Abuse and lifetime blocking of the site – example.com. My requirements.” The message warns the recipient that the fraudsters will destroy the site’s reputation unless they pay 0.3 bitcoin — currently worth approximately $2,400 — as a ransom.

The fraudsters also say they’ll prey upon the site by sending 30 offensive messages to 13 million sites, sending 300 aggressive advertising messages to another 9 million web locations, and spamming for the site on blogs, forums and other websites. Such actions, the malefactors note in their message, will ultimately prompt users to leave negative reviews and feedback about the site and ultimately get the site blacklisted for distributing spam.

The Evolution of an Extortion Scam Campaign

Back in July 2018, Krebs on Security came across the first iteration of this scam in a series of sextortion emails that used people’s compromised passwords to trick them into paying as much as $1,400 for the supposed preservation of their privacy.

A few months later, Bleeping Computer uncovered a scam campaign that used a fake bomb threat to extort recipients. Around the same time, the firm found a similar operation using the threat of a hit man to prey upon organizations.

Awareness Is Critical to Prevent Cyber Extortion

Security professionals can help their employees avoid extortion scam campaigns by conducting regular awareness training, establishing strict policies and implementing email security solutions to defend against phishing attacks. Companies should complement this investment with regular phishing tests to measure how well this three-pronged strategy works in a simulated phishing attack.

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today