There's a new email scam going around, if you haven't seen it yet it can look quite frightening! But it's nothing to worry about. This variation that I've seen most recently has lots of the letter O's replaced with zeroes to make it look more hacker-y.
They claim that they've stolen the database from your website and are going to sell it unless you send them a bunch of Bitcoin. As I've previously discussed, the major problem with these scams is that it's surprisingly complicated to buy Bitcoin and I'd imagine that very few "normal" people could figure it out in the three days that the scammers give you. My evidence for this is that it's too complicated for the scammers to explain in the email itself.
Needless to say, the best thing to do with these emails is to delete them - please don't respond, you're only encouraging them. Like most scams, it relies on fear and time pressure to stop you from thinking logically and make you follow their instructions.
Among the many quirks of this email is their claim that 0.15 Bitcoin is worth $3,000. At the time of writing, it's more like $20,000! When I receive scams like these, I like to copy/paste the Bitcoin wallet address into a tool like https://www.blockchain.com/explorer to see if anyone has paid them - all Bitcoin transactions are public, after all. I'm happy to report that only a fraction of these wallets have ever received any money, so the scam doesn't seem to work very well.
Your Site Has Been CompromisedYour Site Has Been Hacked
PLEASE FoRWARD THIS EMAIL T0 S0MEoNE IN Y0UR C0MPANY WH0 iS ALLoWED To MAKE IMPORTANT DECISIoNS!
We have hacked y0ur website [your website address] and extracted your databases.
How did this happen?
our team has f0und a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get y0ur database credentials and extract your entire database and m0ve the inf0rmation t0 an offshore server.
What does this mean?
We will systematically g0 through a series 0f steps 0f totally damaging y0ur reputation. First your database will be leaked 0r s0ld t0 the highest bidder which they will use with whatever their intenti0ns are. Next if there are e-mails found they will be e-mailed that their information has been sold 0r leaked and y0ur site [your website address] was at fault thusly damaging your reputati0n and having angry customers/ass0ciates with whatever angry cust0mers/associates d0. Lastly any links that you have indexed in the search engines will be de-indexed based 0ff 0f blackhat techniques that we used in the past to de-index 0ur targets.
How do i st0p this?
We are willing to refrain fr0m destr0ying y0ur site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.15 BTC).
Please send the bitcoin t0 the f0ll0wing Bitcoin address (Copy and paste as it is case sensitive):
[bitcoin address here]
once you have paid we will automatically get informed that it was your payment. Please n0te that y0u have to make payment within 3 days after opening this e-mail or the database leak, e-mails dispatched, and de-index 0f y0ur site WiLL start!
H0w do i get Bitcoins?
Y0u can easily buy bitcoins via several websites 0r even 0ffline fr0m a Bitcoin-ATM.
What if i don’t pay?
if y0u decide not t0 pay, we will start the attack at the indicated date and uph0ld it until y0u d0, there’s n0 c0unter measure t0 this, you will 0nly end up wasting more money trying to find a solution. We will completely destroy y0ur reputation am0ngst go0gle and your cust0mers.
This is n0t a hoax, d0 not reply t0 this email, don’t try t0 reas0n 0r negotiate, we will not read any replies. 0nce you have paid we will stop what we were d0ing and you will never hear from us again!
Please note that Bitcoin is an0nym0us and no one will find 0ut that you have c0mplied. Finally d0n't reply as this email is unmonitored.
What to do
If you receive an email like this, just delete it and get on with your day. For more information about scams see this post from 2018.