Ouch. I'm very sorry to hear that, crashoveride. It appears like you were indeed scammed. Its just awful that people are using a service like Bitrated as a tool to scam people, where it should serve for the exact opposite purpose.

Just to make it clear - using Bitrated requires using the interface to generate a key pair, and users should only ever pay to the multisig address shown on the website after they created/joined a transaction and accepted the terms. Bitrated doesn't ever send emails (especially not with payment addresses), nor it has any numerical identifier for transaction IDs.

I'm going to add a warning in Bitrated about this, though I'm a bit doubtful that it'll help much - with that scam, the primary interaction users have with "Bitrated" is via the spoofed email, I'm not sure they'll take the time to go over the website and learn how Bitrated should work.

I will also setup DKIM and SPF on our mail servers, to make it harder to spoof emails from our domain for users that have an email client who supports that.

Edit: I also created a post on r/bitcoin to warn users about this.