Recently the Internet Crime Complaint Center (IC3) at the FBI has issued warnings of increased email-based extortion attempts related to recently publicized data threats. These cybercriminals are using emails from previous data breaches like those at the IRS, Anthem, and even Ashley Madison. These breaches led to an enormous amount of personal information being stolen and placed in the hands of some pretty terrible people.
Like in this example, where weak network security at a bank in Los Angeles led to a hacking group, calling themselves “TheDarkOverlord”, attempted to extort money from the bank and multiple healthcare organizations.
These emails inform the recipient that their personal information, including names, credit cards, phone numbers, addresses, and other personal data, will be released to friends, family, or to all of their social media contacts, depending on what private information was gained. The email recipients are only given a short amount of time to decide if they are going to comply or not. The extortionists are asking for the ransom to be paid in bitcoin, further making these criminals almost untraceable.
IC3 has released a couple examples of extortion emails to give the public an idea of what to look out for:
- “If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
- “If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced, then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship, then think about how this information may affect your social standing amongst family and friends.”
- “We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse then you need to send exactly 5 bitcoins to the following address.”
*Now I know 5 bitcoins doesn’t initially sound like a lot, but at the current conversion rate, 5 bitcoins are equal to about $3,016.60…
- “We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, you can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”
*Like above, 2 bitcoins are equal to $1,206.64
The FBI is advising recipients of these emails not to pay the ransom, as it further “facilitates continued criminal activity.” The FBI also believes, based on the different email variations, that there are multiple different organizations/individuals taking on the role of extortionist in this scheme, so there could be more variations of these types of emails to come in the future.
In essence the whole point of this post is to let you know about these recent occurrences, as data breaches are happening more frequently, and are apparently the fuel for this type of scam, and remind you of a couple things to keep you safe. Even if these seem redundant they are always worth repeating. Never provide personal information via email, and do not open emails or attachments from unknown senders, and if you do receive an email resembling the examples above, do not respond to the sender.
If you’re an IT Freedom client, and you think your work-related information has been compromised PLEASE contact the helpdesk.
If you’re not a client, and would like to see how we can help make your network safer and protect your data, give us a call, we would love to help!