The Federal Bureau of Investigation (FBI) has released a new security alert warning of a new extortion email campaign. The alert was released after its Internet Crime Complaint Center (IC3) started receiving multiple reports from individuals who had been threatened with the exposure of their sensitive information.
Hackers are quick to respond to large-scale data breaches and use the fear surrounding the attacks to trick individuals into paying ransoms, clicking on links to malicious websites, or opening infected email attachments. In recent weeks, the Internet has been awash with news reports of major data breaches that have hit networking sites and a number of widely-used Internet platforms.
Massive data breaches affected LinkedIn, MySpace, and Tumblr, and while the stolen data are old, hundreds of millions of individuals have been impacted.
These cyberattacks took place in 2012 and 2013, although the data stolen in the attacks have just been listed for sale online. These major data breaches had gone unnoticed until recently.
Due to the volume of logins that were exposed in these attacks and the popularity of the sites, many individuals may be worried that their login credentials may have been obtained by hackers. Hackers are taking advantage of this fear and are sending out huge volumes of spam emails advising people that their sensitive data have been obtained.
In the emails, individuals are advised that their name, address, telephone number, credit card details, and other highly sensitive data are being held and that they will be shared to friends and family if a ransom is not paid. The hackers warn their victims that access to social media accounts has been obtained and that the attackers have details of all of the victim’s social media contacts.
The hackers are also threatening to email and mail out details of credit card transactions and internet activity to friends, family, and employers, suggesting that the payment to stop this from happening will be much lower than the cost of a divorce, and low in comparison to the affect it will have on relationships with friends and on social standing.
To bring and end to the distribution of these data, victims are required to pay the attackers anywhere from 2 to 5 Bitcoin – Between $250 and $1,200. A Bitcoin address is sent in the email which the victims must use. This ensures the transaction remains anonymous.
After reviewing the extortion email schemes, the FBI has concluded that the attacks are the work of multiple people. The FBI has advised against paying the ransoms as this will only ensure that this criminal activity continues. Paying a ransom is no guarantee that further demands will not be received.
Any individual receiving an email that they believe to be an extortion email scheme should get in touch with their local FBI office and send a copy of the email with the subject “extortion E-mail scheme,” along with details of the Bitcoin address where payment has been asked to be sent.
Extortion email schemes are often shared randomly in spam email; however, responding to an email will alert the hacker that the email account is active and is being checked. The best course of action is to ignore the email, to log into social media accounts and change all passwords, and to carefully review bank accounts and credit card statements. The FBI also warns individuals to ensure social media accounts are set up with the highest level of privacy settings and to be very careful about sharing any sensitive data online.