The Internet Crime Compliant Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient’s social media contacts, family and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree anonymity to the transactions. The recipients are typically given a short deadline with a ransom amount ranging from 2 to 5 bitcoins.
The following are a few examples of extortion e-mails:
“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I also have used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorces then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need so send exactly 5 bitcoins to the following address.”
“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”
Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails.
If you believe you have been a victim of this scam, you should reach out to the appropriate authorities such as your local FBI field office, and file a complaint with the IC3 at www.ic3.gov. Make sure you include the keyword “Extortion E-mail Scheme” in your complaint, and provide any relevant information in your complaint, including the extortion e-mail with header information and Bitcoin address if available.
How you can protect yourself:
- Do not open e-mail or attachments from unknown individuals
- Check your bank statements on a regular basis, and your credit report at least once a year for any fraudulent activity.
- Do not communicate with the sender.
- Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
- Use strong passwords and do not use the same password for multiple website.
- Never provide personal information of any sort via e-mail. Be aware that many e-mails requesting your personal information appear to be legitimate.
- Ensure that the security settings for your social media accounts are turned on and set at the highest levels of protection.
- When you provide personal, credit card or any other sensitive information to a website, make sure the session is secure by verifying the URL prefix includes https, or the stateus bar displays a “lock” icon.