The Internet Crime Complaint Center (IC3) has recently received an increase in reports about extortion attempts received via e-mail and postal mail and using specific user information to add authenticity. While there are many variations in these extortion attempts, they often share certain commonalties.
Extortion attempts vary widely, but there are a few common indicators of the scam. The following list of commonalities is not exhaustive, but intended as examples of red flags. It is import to remember these extortion scams change to take advantage of current events such as high profile breaches or new trends involving the Internet to add authenticity.
• The extortion attempt comes as an e-mail or letter from an unknown party.
• The recipient’s personal information is noted in the e-mail or letter to add a higher degree of intimidation to the scam. For example, a recipient’s user name or password is provided at the beginning of the e-mail or letter.
• The recipient is accused of visiting adult websites, cheating on a spouse, or being involved in other compromising situations.
• The e-mail or letter includes a statement like, “I stumbled across your misadventures,” or “I installed malware on the adult video site” as an explanation of how the information was supposedly gathered.
• The e-mail or letter threatens to send a video or other compromising information to family, friends, coworkers, or social network contacts if the ransom is not paid.
• The e-mail or letter provides a short window to pay, typically 48 hours.
• The recipient is instructed to pay the ransom in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions.
TIPS TO PROTECT YOURSELF:
• Do not open e-mail or attachments from unknown individuals.
• Monitor your bank account statements regularly, as well as your credit report at least once a year for any fraudulent activity.
• Do not communicate with unsolicited email senders.
• Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
• Use strong passwords and do not use the same password for multiple websites.
• Never provide personal information of any sort via e-mail. Be aware that many e-mails requesting your personal information appear to be legitimate.
• Ensure security settings for social media accounts are turned on and set at the highest level of protection.
• When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.
The FBI does not condone the payment of extortion demands as the funds will facilitate continued criminal activity, including potential organized crime activity and associated violent crimes.
If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at www.ic3.gov. Please provide any relevant information in your complaint, including the extortion e-mail with header information and Bitcoin address if available.