Related Articles

Back to Latest Articles

Scam Emails Demanding Bitcoin Ransom

BWF Hosting
Scam Emails Demanding Bitcoin Ransom

There are a new bunch of Scam Emails doing the rounds allegedly from an ‘International Hacker Group’.  Due to how these emails are worded and the content of these emails we wanted to draw our client’s attention to these as they are a little more scary than most and are asking for a ransom to be paid in 48 hours otherwise your personal information will be released.

These emails claim they have private information belonging to the recipient such as webcam footage, lists of adult sites allegedly visited, banking details as well as other personal information that would generally only be known to you.  They say they will release this information in 48 hours to all your email contacts if a ransom is not paid.  The hackers then go on to list a password that they say is yours.  In many cases this password is a password the users have actually used and the hackers will have gotten these from recent hacks of well known websites that have been widely publicised.  It’s the password being pasted in that is causing the most concern from these emails as it is a genuine password (although maybe an old one)

What have Big Wet Fish Seen?
A few days ago we saw a similar blog post to this and a quick google search has determined this is a worldwide issue at the moment. We have so far had three reports of our clients receiving such emails.  One email we have just been alerted to is asking for $800 to be sent to this Bitcoin Wallet “1CMQMKmvT4hz2k2ijyxVxN7fHS62K7uQ7z’ and if you google this you can see many reports of this being used for this scam.  This email originated from a GoDaddy server in the USA and we have already logged an abuse report with them.

Example showing this is a worldwide scam:  Bitcoin Abuse Database

What is your advice?
Do not send any money.  This is a scam and is well publicised on the internet.  Ignore the email!  The email is given authenticity by the fact it lists a password that may be valid so is rather scary but it’s been widely suggested these passwords have come from recent hacks of well known retail websites and the fraudsters are using these to ‘scare’ people into paying the ransom.  In fact if you read the above link one reporter says the passwords are coming from a 2015 hack and another reports it is Iranian fraudsters although we have no evidence either way.

Should I contact the Police?
You can but as it’s an international scam it’s unlikely the local Police will be able to help you specifically as there appears to be thousands of these being sent globally but they will be able to log this and it will likely become a statistic.  Action Fraud in the UK may be able to offer better advice.  Or you can just do your own research, confirm it is a worldwide scam and just delete the email.

Why has my Spam Filter not filtered this email?
We partner with Spam Experts ( and although this is a great product no spam filtering software should ever be considered to be 100% effective.  In all cases where our clients have Spam Experts enabled we have ‘trained’ the software so it will become better at filtering out these scam emails in the future.

What can I do to protect myself?
Do not respond to these emails and report them if you feel you need to (see above).  Do not open any attachments on any email unknown to you.  Have a personal policy whereby you have strong passwords and change these regularly.  Always use 2 factor authentication when possible whereby you have a second level password provided by the likes of the Google Authenticator app on your phone.  This means even if your password is compromised the hacker cannot access your account unless they physically have your phone.

Any Questions?
Do not hesitate to reach out to our team if you have any questions about this new scam and do not be alarmed if you get this email.  It may sound scary but it is really just a scam email that can be ignored. However you should NOW change passwords if you do not have a regular password update policy and try never to use the same password for eCommerce websites / email etc.

Related Articles


Supercharge Your Magento Install

Magento is a powerful package and it is becoming more widely used for eCommerce websites. It is also a very resource intensive application and servers need to be tuned and...

Posted on by bwf

Help! My server drive is nearly full

This morning I came on shift and my colleague told me that a client was on live chat telling us that his VPS Server had gone down and all websites were showing an error.  It turns...

Posted on by BWF Hosting