A group calling itself the Lizard Squad is sending SEO Agencies and Digital Marketing Agencies threatening emails, which sound very much like blackmail. The emails, being sent to SEO and Digital marketing agencies’ public email addresses, claim that a negative SEO campaign has been started against their website and their clients’ sites. If a certain amount of Bitcoin is not sent, they will continue the negative SEO campaign, as well as DDoS attacks on the agency website and their client websites.
Here’s an example of one of the emails sent to an SEO agency:
From: LZ SEC
Subject: DDoS + Negative SEO Attack
PLEASE FORWARD THIS MESSAGE TO SOMEONE WITH AUTHORITY WITHIN YOUR AGENCY
We are the Lizard Squad and we have chosen your SEO agency and clients for our next DDoS and Negative SEO attack. You can view some of our “work” by doing a google search for our name.
We have started a negative SEO link building campaign (100000 spammy blog comment + bot links) against your site and will continue on to phase 2 of the attack unless our simple demands are met. You can stop the attack today and we will never harass you again if you send 0.75 BTC (bitcoin) to the following 34 character bitcoin wallet address:
If you fail to comply within 48 hours of when you initially open this email (this email is tracking enabled), we will begin phase 2 of the attack. This entails us indexing every dirty link we sent to your site and every future link we send to your site. We will also target your client’s sites, and one by one we will flood them with hundreds of thousands of dirty links, submit each sites PBN directly to google, and DDoS their servers in a scheduled manner until they get deindexed. If you have still not complied at this point we will proceed to do exactly what we did to your client’s websites to yours plus setup a never ending negative SEO link building campaign.
You can easily purchase bitcoin by using a trusted service like LocalBitcoins (do a google search), or ask around through your network. You’re a smart internet marketer, figure it out. If you went with the easy Localbitcoins route, the bitcoin will show up in your online LocalBitcoins wallet. From there, transfer the bitcoin to the unique bitcoin wallet address above ^. Once this is done, we will be notified, stop the attack, and you will never be bothered by us again. If you purchased your bitcoin from a friend tell them to send the amount to the same address above. We suggest you act quickly before your trust and reputation is destroyed among your clients and google, we will make it our mission to have you hated. There’s no counter measure to this attack and you will only waste your money trying to find a solution.
This is not a hoax, do not reply to this email account, it will be deleted and we will not read any replies. The only email you will receive from us is when your payment is confirmed and that will be sent from a different email account. Please note that bitcoin is anonymous and no one will know you complied.
Tick tock ~
Servers killed: Sony, Xbox, Microsoft, Facebook,
all of North Korea
If you receive such an email like this, of course I don’t recommend actually paying the ransom or blackmail fee via bitcoin. The amount suggested in this particular email is 0.75 bitcoin, which looks to be about $863.99 US dollars on the current market.
This particular email doesn’t specify one particular website (the agency’s domain name or URL), so it could just be someone claiming that they are associated with Lizard Squad. A check Google search showed me that Cloudflare wrote a post about this group claiming to be Lizard Squad and sending out similar emails, back a year ago. This is the first time, though, that I’m aware of that they have send these emails to SEO agencies and Digital Marketing firms, claiming to attack their site and their clients’ websites.
Personally, I say, “bring it on”, I’d be happy to take care of a negative SEO attack, as I’ve done so many times in the past. If you’ve received such an email, or if you’re the target of a negative SEO campaign, let me know and I’d be happy to help. There are a few things, in the meantime, that you can do:
— Review Your Links. You should already be doing this, but it does serve as a reminder that you should be monitoring the links to your website on a regular basis. I prefer Majestic.com, as I am one of their US Brand Ambassadors. But, there are others such as ahrefs, Kerboo, Link Research Tools, and Moz’s Open Site Explorer.
— Monitor Your Links. There are several services available that will monitor your links, and Majestic, Kerboo, Link Research Tools, ahrefs, all have those. They’ll send you an email daily, typically. You can also use Google’s Search Console to see the links, as well.
— Deal with the Negative SEO. In the unlikely event that you do get a negative SEO attack performed on your website, disavow those links on a regular basis as they come up. I’m also available to help, as well, with the negative SEO attack, or can refer you to someone who has that experience.
In the unlikely event that you get one of these emails and then get a DDoS attack on your site or on your clients’ websites, then you might also consider making sure the site is on Cloudflare and if it’s a WordPress site, I recommend WordFence, as well.
As for this email and these individuals in particular, we’ll just have to wait and see what happens. If you’d like to offer any assistance in tracking these individuals down and closing down their bitcoin account, get in touch with me.