The FBI’s Internet Crime Complaint Center (IC3) has warned the public to be aware of email extortion attempts after an uptick in complaints about scammers contacting targets and claiming to possess personal information, like usernames and passwords, or threatening to leak compromising information about them to friends.
The extortion attempts using the threat of possessing sensitive information or leaking compromising information can be added to the numerous other threats used to bully or trick victims into paying money to scammer and cybercriminals, from bogus tech support to ransomware.
Actual financially-motivated ransomware incidentally has been on the decline of late as criminals have discovered it may be easier and just as rewarding to infect PCs with cryptocurrency mining software.
However, as several local US governments have found, the ransomware threat isn’t over, but is being used in a different way, for example by automatically spreading across a network if the attacker discovers their credential-stealing banking trojan detects it is being removed. Officials in one US town suspected the ransomware was used to destroy evidence that may link them to the banking trojan.
This trend emerged after it was found that the the massive NotPetya outbreak — which the US and UK have accused Russia of creating and closely resembled the original cybercrime Petya ransomware — was merely masquerading as ransomware to hide its intended purpose of destroying computers.
The ransom scammers the FBI have posted an alert about however are more comparable to tech support scammers, but instead of using fake malware infections to convince victims to pay, scammers are using “specific user information to add authenticity” to the extortion threat, which is being sent by email and post.
There are plenty of variations on the threats but IC3 says they all share the common trait that the scammer claims to have personal information about the target and may use it against them unless the victim pays up quickly.
IC3 notes the scammers typically demand payment in Bitcoin within 48 hours. That’s not unlike ransomware attackers’ oft-used 48 hour countdown to indicate the decryption key can no longer be bought by sending the attackers Bitcoin or some other cryptocurrency. Instead of the threat of indefinitely encrypting data, the scammer’s threaten to leak evidence of infidelity or other bad behavior to friends, spouses and co-workers.
Common patterns IC3 seen in complaints are that scammers include the target’s username and password at the beginning of the email or letter. The scammers may accuse the target of cheating on a spouse, visiting porn sites, or claim to have evidence of them being caught in a compromising situation.
IC3 also notes the messages morph as scammers use “high profile data breaches” and recent trends to boost the chance victims believe the claim. A case in point would be the malware-laced ads served to millions of PornHub users from the US, Canada, the UK, and Australia in 2017 and collected information about the porn site’s visitors.
To convince victims, the communications often include phrases like, “I stumbled across your misadventures,” or “I installed malware on the adult video site” to help explain how they acquired the information, according to IC3.
The scammers may also threaten to send a video, presumably of the target in a compromising situation, to friends, co-workers or spread it to their social network contacts.
As per the FBI’s advice on ransomware, victims should not pay extortionists, IC3 said. At one point, during the height of the ransomware threat in 2015, one FBI officer reportedly admitted the bureau told many victims to “just pay the ransom” because it couldn’t help decrypt data on infected machines. A year later the FBI issued a statement to stress that it definitely advised against paying up.
“The FBI does not condone the payment of extortion demands as the funds will facilitate continued criminal activity, including potential organized crime activity and associated violent crimes,” IC3 said in its statement about the ransom scam.
IC3 also offered advice for the public to protect themselves. If you want to ensure scammers cannot possibly back up a claim they’ll leak nude pics, “do not store sensitive or embarrassing photos of yourself online or on your mobile devices.”
Other tips include not opening email attachments from strangers, keeping an eye on your bank account and credit reports, using strong passwords and not re-using them across sites, and never providing personal information of any sort via email.
It also recommends using the highest security settings available on social media accounts, though does not specifically mention using two-factor authentication, and to ensure that when users do provide sensitive information, such as credit card numbers, that the page is HTTPS.