What Would Be the Point of Blackmailing a Blog by Threatening to Disclose Already Public Content?
We have hacked your website https://ooba.co.uk and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site https://ooba.co.uk was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index Our targets.
How do i stop this?
We are willing to refrain from destroying your site's reputation for a small fee. The current fee is $4000 in bitcoins (0.034 BTC).
Send the bitcoin to the following Bitcoin address (Make sure to copy and paste):
bc1qmvacxxnptvja2y8r5py6j3lnnd6f9gn2d2j3y3
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 4 days after receiving this e-mail or the database leak, e-mails dispatched, and de-index of your site WiLL start!
How do i get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.
What if i don't pay?
We will start the attack at the indicated date and uphold it until you do, there's no counter measure to this, you will Only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don't try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
Author information
Name: Jerri McClusky
E-mail: [email protected]
IP address: 70.166.167.60
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36
This email is a scam, specifically a type of extortion attempt. The key to understanding why someone would send such an email, even if the "threat" of disclosing public content seems nonsensical, lies in a few common scam tactics:
Reliance on Fear and Intimidation
The primary goal of this scam is to instill fear and panic. The attackers are counting on the victim being less technologically savvy, or simply so overwhelmed by the threats that they don't critically analyze the claims. The email is designed to sound urgent and authoritative, making it seem like a legitimate threat from a skilled hacker.
Exploiting Lack of Technical Knowledge
Many people, especially those who run small businesses or blogs, may not have a deep understanding of cybersecurity. The scammer uses technical-sounding jargon like "database credentials," "offshore server," "blackhat techniques," and "de-indexed" to create an impression of expertise and make the threats seem more credible. The victim might not know what a "database" truly contains or how search engine indexing works, making them more susceptible to believing the claims.
General, Non-Specific Threats
While the email mentions "disclosing already public content," it also includes other, more generic threats that are commonly used in ransomware or extortion attempts:
- Leaking or selling databases: Even if the database primarily contains public information, the threat of it being "leaked or sold to the highest bidder" can be terrifying, implying sensitive or private data might be exposed.
- Emailing customers about a breach: This directly targets the business's reputation and customer trust, which is a significant concern for any business owner.
- De-indexing from search engines: For a blog, search engine visibility is crucial. The threat of being "de-indexed" can mean a significant loss of traffic and revenue.
The scammer doesn't need to have actually compromised the site or obtained sensitive data. The perception of a breach is often enough to make someone pay.
"Spray and Pray" Tactic
Scammers often send out these types of emails to a large number of targets, hoping that a small percentage will fall for it. It's a numbers game. They don't need to successfully extort every recipient; even a few payments can be profitable.
Pressure and Urgency
The email creates a sense of urgency by setting a 4-day deadline and stating there are "no counter measures." This pressure is designed to prevent the victim from seeking advice, verifying the claims, or thinking clearly.
The "Public Content" Angle
Regarding the specific mention of "already public content," it's likely a poorly crafted detail in a template scam email. The scammer might not have actually investigated the website and is just using a generic threat. They are hoping the overall fear and the other, more serious-sounding threats (like emailing customers and de-indexing) will overshadow this inconsistency.
In essence, the point of such a blackmail attempt is to trick individuals into paying money through fear and intimidation, regardless of the actual validity of the threats. It preys on a lack of cybersecurity knowledge and the natural desire to protect one's business and reputation.
This is a textbook ransom scam, and your instinct is absolutely correct - it makes no sense to blackmail someone over already public content. Let's break this down methodically so you can understand the motives, implications, and best course of action.
What's Really Going On Here?
1. It's a mass-produced scam. This message is likely part of a bulk campaign sent to thousands of website owners and bloggers. The sender did not actually hack your website. They are playing on fear, uncertainty, and technical ambiguity.
2. The content is generic. They claim to have "downloaded your database," "found emails," and can "de-index your links." These are scare tactics, with no proof.
If they had anything, they'd show a sample - a password, a user record, a filename - but they haven't, because they don't.
3. The "public content" bit is the giveaway. Threatening to "expose" public content is logically nonsensical. If it's already visible, how can exposing it damage you?
4. The "blackhat de-indexing" threat is toothless. It is extremely difficult to maliciously de-index a legitimate site from Google. That would require:
- Access to your Google Search Console (unlikely)
- A huge negative SEO campaign (costly, traceable, and increasingly ineffective)
- Exploiting link disavowal systems (which Google mostly ignores from outsiders)
5. The price is set low-ish for fear-based conversion. At ~$4000 (BTC equivalent), this scam is designed to look "cheaper than legal help," which is part of the trap.
What You Should Do
1. Do Not Pay. Ever.
Paying only encourages further targeting, and there is zero guarantee they will stop. It funds criminal activity and confirms you're vulnerable.
2. Check for Real Intrusions
- Review your server logs and file system for unauthorized access (e.g., using
last, auth.log, or web server access logs).
- Change all passwords (FTP, database, admin panel).
- Ensure your CMS (e.g., WordPress), plugins, and themes are updated.
- Scan for malware with tools like Wordfence or Sucuri (if on WordPress).
3. Report the Email
Forward it to:
4. Ignore Future Threats from This Address
They will often follow up with more threats. Disregard unless new verifiable evidence appears (which it won't).
Why They Do This Despite the Logical Flaw
- Panic is profitable. The majority of website owners don't understand security well enough to know this is bogus.
- Volume strategy. Even if 0.1% pay, the scammers make thousands of dollars per week.
- SEO reputation fear. Most site owners care deeply about their Google rankings - so "de-indexing" sounds devastating even if they can't actually do it.
Final Thought
You don't negotiate with shadows. This scam relies on illusion. Shine the light of logic and it vanishes. Focus instead on securing your systems and publishing confidently - let no anonymous coward steal your peace.
If you'd like help with a security audit or want to test your site for real vulnerabilities, I can walk you through that too.