Industry News

Email blackmailer threatens to have your website blocked forever

If it wasn’t bad enough extortionists threatening to release sex videos of you, or claiming you were a member of an adultery website, or that your name has been mentioned as part of an investigation into an international child abuse ring, now blackmailers are trying a different technique.

As Bleeping Computer reports, scammers have contacted websites demanding a ransom message be paid or else they will ensure the site will be blacklisted for aggressive spamming activities.

Extortionists have sent an email to websites, demanding that 0.3 Bitcoin (approximately US $2,400) is paid or else the website will suffer potentially catastrophic damage to its reputation.

Part of the email, which has the subject “Abuse and lifetime blocking of the site – My requirements”, reads as follows:

Here is a list of what you get if you don’t follow my requirements:

+ abuse spamhouse for aggressive web spam tens of thousands of negative
+ reviews about you and your website from angry people for aggressive
+ web and email spam lifetime blocking of your hosting account for
+ aggressive web and email spam lifetime blocking of your domain for
+ aggressive web and email spam Thousands of angry complaints from angry
+ people will come to your mail and messengers for sending you a lot of
+ spam complete destruction of your reputation and loss of clients
+ forever for a full recovery from the damage you need tens of thousands
+ of dollars

In the email, the blackmailer claims that he or she will post 30 offensive messages to the contact forms hosted on 13 million websites. In addition they say they will send 300 messages offering a free iPhone to nine million email addresses – with each email containing the victim’s website URL and contact details.

The intention? To get the targeted website domain blacklisted:

“After such spam, the spamhouse will turn its attention on you and after several abuses your host will be forced to block your account for life. Your domain registrar will also block your domain permanently.”

For an individual such a threat would be worrying enough, but the threat would probably give many a small or medium-sized business palpitations too.

The good news, of course, is that just because it’s easy for an extortionist to make a threat it doesn’t mean that they are necessarily going to follow through with it. Scams like these are typically sent to a lot of people in the hope that a small percentage might actually cave in to the demands and pay up.

The truth is, however, that there is no real incentive for the extortionists to follow through with their threats – after all, one thing is certain… if they did succeed in blacklisting your website there is no way you would ever pay them in future.

Chances are that the typical wannabe blackmailer will simply ignore you if you don’t reply, and move on in the hope of finding a website that is more likely to give in to the demands.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • Appart from your thoughts abut if they are really willing to lose the money upon attacking your website, I wonder if this is really doable for a wide variety of people or groups. Not sure about if some sort of automated mechanism exists to do the task, as it would take too long for a group or person to do this.
    Fun fact: I alredy received one of these.

  • What a prat. Or is he/she incompetent? Sadly it's likely to work on some and possibly many people. So let's call them a git instead. Hopefully one can 'push' them away or even better 'clone' them, get rid of the original and then delete the clone.