The Pirates of Internet Reviews: Don't Fall for the "Safety Scanner" Extortion Scam

For any business owner, online reputation is one of the most valuable assets they have. At HarrisburgShopping.com, that’s especially true because we serve more than 500,000 Central Pennsylvania residents and coordinate volunteer delivery for homebound, elderly, and disabled neighbors.

We’ve recently run into a growing problem: fake “website safety” and “trust” services that label legitimate businesses like ours as “unsafe” or “scam,” then demand money to “fix” the rating. This post explains how that scheme works, why we refuse to participate, and how local businesses can protect themselves.

What is the Website Safety Rating Scam?

The scheme usually begins when a third‑party “security scanner” or “trust platform” flags a legitimate business website as a “scam,” “suspicious,” or “very unsafe.” Shortly after the rating appears, the business receives a polished, official‑looking email offering to repair its reputation—for a fee. This is a form of review extortion, and it is becoming increasingly common.

Although these sites present themselves as independent authorities on web safety, the reality is often much simpler. Many are run by individuals using automated scripts that scan for new domain registrations and automatically assign low “trust” scores, labeling sites as “dangerous” or “suspicious” with no real investigation behind it.

In fact, some of these “review” systems are so unreliable that they have even flagged major, well‑known websites as scams—underscoring how little credibility their ratings truly have.

This is perhaps the best explanation I have ever seen of the website security review scam (This one even listed Google.com as a scam).

Some of the other "security scan" websites doing this to people are:

• Gridinsoft: A well-known Russian company, easily found on Yandex.ru, that, after 14 years, mysteriously claimed their "offices" were now located in Ukraine following the 2022 invasion, (And yes, they did all of the donation drives as well to their own Russian bank accounts).

• MyWOT (Web of Trust): Originally a Finnish project, it has faced multiple very public privacy scandals when it was proven in a Finnish Court of Law MyWOT uses the site "exclusively" for harvesting and selling it's user's data and admitted it does not actually provide any type of website security at all.

• Scam-Detector.com: While they claim to operate out of Puerto Rico, technical traces point to web hosting in Morocco—hardly the transparent behavior you’d expect from a "trust" site.

• ScamDoc.com: They present a French face to the public (Their location on Google maps points to a water tank in Paris), yet their web hosting and owners reside in Algeria. They also operate Signal-Arnaques.com and Scamwatcher.com.

• ScamAdviser.com: The "KING" of the scam website reviews, it has thousands of negative reviews on TrustPilot that expose ScamAdviser for wanting money to change their fake security reviews. They list their location as a hardware store in Amsterdam, Netherlands, and yet, the hardware store on their own website stated they had no connection to these people. See here -> TRUSTPILOT REVIEW FOR SCAMADVISER  (TrustPilot itself has a warning about this website and it's malicious phishing tactics)

The Irony: These websites represent the very scam they warn people to be being wary of. This is called a "false flag" attack. It's the new "Nigerian Prince" email scam pretty much.

The Anatomy of the Extortion Attempt

The False Positive: Your site is flagged by an automated "trust algorithm" with no specific evidence of wrongdoing.

The "Review Fee": You are told that to "verify" your business, you must pay a "manual review fee." These fees typically range from $2,500 to $5,000 USD.

The Identity Harvest: They demand copies of your Driver’s License, Passport, and confidential business incorporation papers.

The Threat: If you don't pay, they imply your reputation will suffer. One recent attempt we faced from an overseas entity explicitly stated: "You can pay us and save yourself the trouble, or you can suffer the consequences."

Don't Be Fooled by the "5-Star" Illusion

When you look up these "safety scanners" on independent review platforms like Trustpilot, you might see two very different stories.

First, you will find the truth: hundreds of one-star reviews from real business owners reporting the exact same extortion tactics. But look closer at the positive ratings. You will often see hundreds of suspicious 5-star reviews from far-away locations, often written in broken English like "This site good very" or "Best service." These are "Review Farms." The scammers use bots and paid accounts to flood their own profiles with fake feedback. This creates a "veneer of legitimacy" designed to trick a worried webmaster into thinking the platform is a real authority. If a "security site" has to buy its own reputation, it has no business grading yours.

Why You Should NEVER Pay a "Review Fee"

It is tempting to pay the money just to make the "Warning: Unsafe" badge go away. However, giving in to these internet pirates is dangerous:

It’s a Bottomless Pit: Once you pay, you are marked as a "payer." They may flag you again in six months for a new "security audit."

Identity Theft Risk: Sending copies of your Passport or ID to unverified "rating sites" is a massive security risk. These documents can be used for corporate identity theft.

Non-Existent Support: Many of these sites list support emails that simply bounce back as "unknown inbox." There is no real person behind the "review process"—only a script designed to take your money.

SEO Checklist: What to Do If Your Site is Flagged as a Scam

If your business is being targeted by a reputation extortion scheme, follow these steps:

Do Not Engage: Do not reply to high-pressure emails. Engaging often leads to more aggressive threats.

Document the Evidence: Take screenshots of the false rating and save the extortion emails (including headers).

Run a Real Security Scan: Use legitimate, industry-standard tools like Google Search Console, Sucuri, or VirusTotal. If these trusted sources say your site is clean, the "safety scanner" is a sham.

Report to Authorities: File a report with the FTC (Federal Trade Commission) and the IC3 (Internet Crime Complaint Center).

Public Transparency: Follow our lead—write a blog post! Warning your customers about these "pirates" builds trust and shows that you are proactive about security.

Final Thoughts: Protecting the Harrisburg Business Community

At HarrisburgShopping.com, we refuse to let digital pirates interfere with our mission to serve the Pennsylvania community. We will not be intimidated by "review fees" or "reputation threats," and you shouldn't be either.

The best defense against online extortion is a community that is informed and refuses to walk the plank.