The Reputation Racket: Fake reviews, digital extortion, and the business model that turns your good name into someone else’s revenue stream
For years, we treated fake online reviews the way most people treat termites — as an annoyance, vaguely destructive, but ultimately someone else’s problem. That assessment is no longer operative. What was once the province of petty fraud between competing businesses has matured into something more structured and, frankly, more impressive in its ruthlessness: a scalable business model, complete with identifiable actors, repeatable architecture, and predictable cash flows. As a lawyer who represents businesses on the receiving end of these schemes, I see the phenomenon from a vantage point that rarely enters public debate — from the offices of companies that have already been harmed and are searching, often desperately, for legal tools that actually work.
The Architecture of Extortion
The word “blackmail”, applied to review platforms, tends to be dismissed as rhetorical overreach. I would argue it is a precise description of how certain services operate.
The pattern is remarkably consistent. A platform creates a profile for a business without its knowledge or consent. It then permits anonymous users to post comments with no verification of identity, no confirmation that the commenter has ever set foot in the establishment, no check of any kind. Next comes the sales pitch: paid subscription packages that — and only that — allow the profiled business to respond to posts, flag content for moderation, or request removal of material that may be defamatory. A company that declines to pay is left defenseless against content that can cause direct, measurable harm.
This is not an accidental gap in the platform’s design. It is the design
The phenomenon is not parochial. In September of 2025, the Times reported on organized groups operating out of Bangladesh and Pakistan that were contacting small-business owners via WhatsApp, threatening to unleash dozens of one-star reviews and demanding payments of between a hundred and two hundred and fifty dollars to make the problem disappear. FRANCE 24 documented an analogous scheme targeting small firms in France and Spain — this time leveraging Google Maps as the instrument of pressure. El País confirmed the scale on the Iberian Peninsula — from dentists in Mallorca to car dealerships in Alicante. The organization Fake Review Watch has logged more than a hundred and fifty such cases worldwide. We are no longer talking about isolated incidents. We are looking at an emerging branch of digital crime with its own infrastructure and economies of scale.
From a legal standpoint, the model in which a platform creates a profile without consent, permits unverified content, and then monetizes access to defensive tools invites classification as an unfair-competition violation — and, in extreme cases, as a form of coercion. This is not academic conjecture. Germany’s Federal Court of Justice, in a ruling dated February 20, 2018 (case VI ZR 30/17), examined Jameda, a physician-rating portal that offered paid premium packages favoring subscribers in search results. The court held that a platform which profits by privileging paying users forfeits its status as a neutral information intermediary. It is a precedent that should unsettle any platform built on the same logic, regardless of the jurisdiction in which it operates.
The Regulator Hits the Middlemen — but Misses the Architects
A question I hear frequently from clients is whether Poland’s Office of Competition and Consumer Protection — the UOKiK, the country’s equivalent of the F.T.C. — can do anything meaningful in this space. The answer is yes, with a significant caveat about the scope of what has been done so far.
The UOKiK has already issued a series of decisions imposing fines on entities trafficking in fake reviews: Opinie.pro (forty thousand złoty), SN Marketing (thirty thousand), SeoSem24 (upward of fifty thousand, currently under appeal). In 2024, the office issued more than seven hundred and fifty decisions and levied fines totalling over nine hundred and thirty-seven million złoty. Its declared policy of zero tolerance for fabricated reviews is not merely aspirational; it is being enforced.
The legal foundations are solid. Purchasing reviews — whether positive or negative — violates the Unfair Commercial Practices Directive (U.C.P.D., 2005/29/EC), whose Annex I explicitly prohibits “falsely representing oneself as a consumer”. The 2019 Omnibus Directive (2019/2161/EU) tightened the screws further: it is now unlawful not only to publish fake reviews but to commission their creation, to selectively display only favorable ones, and to falsely claim that reviews have been verified.
The international trajectory makes plain where regulation is heading. The F.T.C., since October 21, 2024, has enforced a rule (16 C.F.R. Part 465) imposing civil penalties of up to $51,744 per violation — covering, explicitly, fake reviews generated by artificial intelligence and reviews posted by company employees posing as independent consumers (as of January 17, 2025, the inflation-adjusted penalty stands at $53,088). Britain’s Competition and Markets Authority, following the expiration of the transitional period under the Digital Markets, Competition and Consumers Act, has been conducting active audits of review platforms since July of 2025, with the power to levy fines of up to ten per cent of global turnover. Italy, in Law No. 90 of June 28, 2024, introduced a new criminal offense — cyber extortion (Article 629, paragraph 3, of the Penal Code) — punishable by six to twelve years’ imprisonment and fines ranging from five thousand to ten thousand euros.
The gap, then, is not in substantive law. It is in enforcement — and, more precisely, in the fact that regulators have so far concentrated their firepower on the lowest rung of the supply chain: the firms that sell fake reviews. The increasingly urgent question is whether the platforms themselves — the ones whose entire business model rests on unverified content — will ever face equivalent scrutiny. On that front, there is a long way to go.
What the Omnibus Directive Does — and What It Quietly Doesn’t
The Omnibus Directive is frequently invoked as the comprehensive answer to the fake-review problem. That characterization is more hopeful than accurate, and it deserves correction. Omnibus requires businesses that display consumer reviews to disclose whether and how they ensure the authenticity of published opinions. It mandates “reasonable and proportionate steps” — deliberately declining to prescribe a single technical method and leaving firms free to choose among verified-purchase models (the approach used by Amazon, Allegro, and Trusted Shops, where a review is possible only after a confirmed transaction), pre-moderation, post-moderation with flagging mechanisms, or compliance with ISO 20488, the international standard for the credibility and traceability of online reviews. One requirement, however, is absolute: if a business does not verify reviews, it must say so clearly. Silence on the matter is itself a violation.
Here is the caveat that rarely surfaces in public discussion. The Omnibus Directive applies exclusively to B2C relationships — a consumer’s opinion of a product or service that he or she has purchased. Reviews of employers on platforms like GoWork do not fit this definition. The commenting employee is not a “consumer” within the meaning of the directive, and the employer being rated is not “selling a service” to that employee. This is a significant regulatory blind spot, and it means that platforms of this kind slip entirely outside the Omnibus verification obligations.
That does not mean they operate in a legal vacuum. Since February 17, 2024, the Digital Services Act (Regulation 2022/2065/EU) has been fully in force. The D.S.A. classifies platforms that allow users to publish content as “hosting-service providers” and requires them to implement notice-and-action mechanisms: accepting reports of illegal content and responding “in a timely, diligent, non-arbitrary, and objective manner”. Violations carry penalties of up to six per cent of annual global turnover. This is a tool that applies to platforms like GoWork directly — regardless of whether the Omnibus Directive reaches them.
Fake reviews and legal protection for businesses
What Can a Business Actually Do?
The law offers tools. The difficulty is that none of them are self-executing— platforms do not volunteer to protect the entities whose profiles they exploit.
First: the notice-and-action mechanism under the D.S.A. A business that identifies content on a platform bearing the hallmarks of illegality — a fabricated review, defamation, material infringing on personal rights — has the right to file a formal report. The platform is obligated to process it in a timely and non-arbitrary fashion. A failure to respond, or a response that amounts to pantomime, opens the door to a complaint before the supervisory authority or a civil lawsuit.
Second: personal-rights protections under Polish civil law (Articles 23 and 24 of the Civil Code) and criminal provisions on defamation (Article 212 of the Criminal Code) and insult (Article 216). These instruments predated the D.S.A. and the Omnibus Directive, and they remain fully operative. Their effectiveness, however, depends on the ability to identify the author of the content — which, on anonymous platforms, can be difficult, though not impossible.
Third: the Unfair Competition Act — in situations where it can be demonstrated that fake reviews are part of an organized campaign by a competitor. Fourth: a formal complaint to the UOKiK — particularly where the conduct is systemic and recurring rather than a one-off incident.
Where the Real Problem Lives
The paradox of the current situation is that legal instruments are not in short supply. We have the Omnibus Directive, the D.S.A., personal-rights protections, criminal statutes, competition law. The problem lies elsewhere: in the fact that platforms which have built a business model on monetizing other people’s reputations have learned to thread the needle between regulatory regimes — too little “consumer-facing” for Omnibus, too ambiguously “illegal” for the D.S.A. to compel immediate action, too opaque for law enforcement, which would need to trace financial flows across jurisdictions.
The European Commission recognizes the gap. In 2025, it conducted consultations on the Digital Fairness Act, intended to close existing loopholes and bring dark patterns deployed by platforms within the regulatory perimeter. Until that legislation takes effect, however, businesses must know and actively deploy the tools that already exist.
Above all, they must understand that passivity — not responding to fake reviews, not paying platforms for access to defensive tools, not reporting infringing content — is not a neutral act. It is a decision to let someone else determine the value of their reputation.
Robert Nogacki – licensed legal counsel (radca prawny, WA-9026), Founder of Kancelaria Prawna Skarbiec.
There are lawyers who practice law. And there are those who deal with problems for which the law has no ready answer. For over twenty years, Kancelaria Skarbiec has worked at the intersection of tax law, corporate structures, and the deeply human reluctance to give the state more than the state is owed. We advise entrepreneurs from over a dozen countries – from those on the Forbes list to those whose bank account was just seized by the tax authority and who do not know what to do tomorrow morning.
One of the most frequently cited experts on tax law in Polish media – he writes for Rzeczpospolita, Dziennik Gazeta Prawna, and Parkiet not because it looks good on a résumé, but because certain things cannot be explained in a court filing and someone needs to say them out loud. Author of AI Decoding Satoshi Nakamoto: Artificial Intelligence on the Trail of Bitcoin’s Creator. Co-author of the award-winning book Bezpieczeństwo współczesnej firmy (Security of a Modern Company).
Kancelaria Skarbiec holds top positions in the tax law firm rankings of Dziennik Gazeta Prawna. Four-time winner of the European Medal, recipient of the title International Tax Planning Law Firm of the Year in Poland.
He specializes in tax disputes with fiscal authorities, international tax planning, crypto-asset regulation, and asset protection. Since 2006, he has led the WGI case – one of the longest-running criminal proceedings in the history of the Polish financial market – because there are things you do not leave half-done, even if they take two decades. He believes the law is too serious to be treated only seriously – and that the best legal advice is the kind that ensures the client never has to stand before a court.
