Extortion emails a go-go

Graham Cluley

Extortion emails a go-go

Extortion emails a go-go

Recent months seem to have seen a rise in extortion emails, designed to scare users into handing over their money.

Last month, the folks at the My Online Security website warned of a sextortion email campaign that pretended to be from the CIA.

Fake cia extortion email

The email claimed that your name, and personal details (including home, work and relatives’ details), had cropped up as part of an investigation into an international child abuse ring.

According to the email, the CIA knew that you had distributed and stored child abuse material, along with 2,000 others.

But never fear! Because a CIA operative working on the case has sent you this email, saying that he knows you’re good for a few quid and that for the knock down price of just $10,000 in Bitcoin he’ll remove our details!

Obviously delete the scary emails as they are nonsense: don’t respond to them, don’t pay. And ask yourself is it really likely someone from the CIA would contact you like this? (And would it be the CIA investigating such a case anyway? Somehow I don’t think so…)

But if that scheme didn’t fool you, maybe another one will.

Bleeping Computer warned of another extortion email earlier this month.

Here’s how the email began:

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We Hacked network.
We Caught Communications.
We Backuped DATA And DOCUMENTS.
We send this mail to you in YOUR account.

After analyzing documents. We found Illegal activity – HIDING TAXES.

That we want?

I want two (2) Bitcoin
To wallet Bitcoin.
1Dz7DbQmE7SNm3C5mb9syPcctgZECcCEbL

That we do if you don’t pay bitcoin?

We send these Documents and roofs to your Tax Department.

You may like the idea that someone else is backing up your data for you (saves you a job, right?), but it’s not so good to hear that they have snooped through your files, and determined that your company has been cheating the taxman.

The email goes on to demand that two bitcoins are paid (currently about $10,000). If you aren’t prepared to pay? The alleged hackers say they will send the incriminating information they uncovered to the authorities, lock computers, DDoS your network, and install the WannaCry ransomware for good measure. And they’ll increase the ransom demand every day!

Ouch.

It’s enough to give you the jeebies… but again, it’s utter nonsense. They haven’t hacked your computers, they’re just trying it on.

The good news is that I expect most firms wouldn’t be scared into coughing up that kind of cash, and if they took the threat seriously at all would go straight to the police instead.

It’s easy for anybody with an internet account to send you an email claiming that they have done something, or found out some incriminating information about you. It’s even trivial (because of the way the internet works) for the extortionist to forge their email address so it might appear as if it comes from a law enforcement agency or even your own email account.

Don’t believe everything you read.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Extortion emails a go-go”

  1. Our company is having a speight of sextortion emails at the moment where the extortionists claim they have caught the user doing naughty things on their web cam while visiting porn sites. Funny thing is, we block adult sites and no one has web cams on desktops, despite this we still have users checking in with me to check. The other element to this is that the bad guys are spoofing the recipients company email address so to our mail proxy the sender is the same as the recipient, it's only when you look at the headers that you can see it was sent by another address completely which is why it gets through SPF, so the next question we get asked is, if a business contact gets this type of email supposedly from our user, doesn't this make us look bad because even if the recipient is savvy enough to know this is a ridiculous spam email, they could think that our email system has been compromised. All I can say is that this is a common occurrence today and that if you do get contacts asking then assure them there has been no breach of our system, what I usually find is their business email has been found in a breach file processed by Troy Hunt's HaveIBeenPwned service.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES