Monday, February 8, 2021

Bitcoin Review Bomb Ransom - A New Take on an Old Scam

If your restaurant receives an email threatening to "bomb" your reviews with negative reviews unless you pay a ransom, whatever you do, do not pay it.

I was very saddened to learn that a local restaurant is being attacked by "review bombs" because they failed to pay a ransom in bitcoin. What's absolutely heartbreaking is that while small businesses and restaurants across the country are already struggling, scammers are doing this nationwide.

The scam has mostly been making its rounds through spam emails claiming to have compromising photos and videos of the recipient, typically with an old password from a data breach. More recently, the scammers have also started targeting businesses by threatening to send spam email spoofing their business domain with the intention of destroying their credibility.

Now, scammers are review-bombing businesses if they fail to comply with their demands for payment.

A website which tracks abuse of bitcoin addresses shows that within the past month, over 5,000 abuse reports have been filed. These reports are most likely only by tech-savvy users who understand bitcoin, and probably a small fraction of the actual scope of the problem.

The review bombs themselves are rather telling - and show that multiple businesses are being targeted by foreign accounts for non-payment.

Here is a screenshot of just a few of the negative reviews. All are left by what are most likely brand new Google accounts, all in lower-case.  Probably random generated from name lists.


Going a bit deeper and looking at one of the reviewer accounts, we can see that Pizza & Pretzel Creations is one of nine businesses targeted in this round of the scam.



We can also see looking at the reviews that the other businesses, specifically restaurants, being targeted also received similar emails, but with different bitcoin addresses.


Unfortunately, because the scammers are using different bitcoin addresses, this makes it extremely difficult to track where the ransom would actually be going. Even if the ransom were paid, thanks to the availability of Bitcoin tumblers, it is near impossible to actually trace the funds. Because there is so little risk of the scammers actually getting caught, they freely continue to send out these ransom demands, and will continue to do so until Google addresses the issue.

So what can be done? For one thing, Google should immediately flag suspicious reviews which travel hundreds of miles in only a few seconds. Looking at the map above, these accounts are reviewing multiple restaurants which are nowhere near each other. That should be an immediate flag that something isn't right. Additionally, these are most likely brand new Google accounts created for the sole purpose of bad reviews as part of this scam. Until Google begins addressing this problem, affected businesses will need to take on the time-consuming task of reporting every fake review to Google.

Of course, the most important thing which can be done is restaurants should absolutely DO NOT PAY the ransom, ever. If no restaurants pay, then the Google review bombs won't be profitable, and the scammers will slither away looking for someone else to prey on.

Ken Buckler is a Cyber Security professional and lifelong resident of Washington County, MD. The opinions expressed in this article are his own, and do not reflect those of his employer or clients.

No comments:

Post a Comment

Looking at X's Grok for Potential Cyber Threat Intelligence and Guidance

I'm playing around with X's Grok from a cybersecurity perspective, and I'm very impressed so far. Because Grok has real-time acc...