FBI: Extortion e-mail, tech support scam-bags turning up the heat

Credit: Thinkstock

FBI/Internet Crime Complaint Center offer some tools to battle e-mail, tech support fraudsters

Not that summer time has anything to do with it but the FBI’s Internet Crime Complaint Center (IC3) warned that e-mail extortion campaigns and the tedious tech support scams have heated up in recent weeks.

+More on Network World: FBI warning puts car hacking on bigger radar screen+

The IC3 said the recent uptick in email extortion comes from the data breaches at organizations like Ashley Madison, the IRS, Anthem and many others where tons personal information was stolen.

In the extortion e-mail scam, attempted victims are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient's social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins or approximately $250 to $1,200.

+More on Network World: FBI and IRS warn of pervasive, maddening business, consumer scams+

The IC3 offered the following examples of the extortion e-mails:

  • “Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
  • “If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
  • “If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
  • “We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”
  • “We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”

The IC3 said that fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails. The FBI said it does not condone the payment of extortion demands as the funds will facilitate continued criminal activity, including potential organized crime activity and associated violent crimes.

Meanwhile another long-time scam is seeing increased activity. The IC3 said that it is seeing an increase in complaints related to technical support scams, where the subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim.

“Recent complaints indicate some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim's internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations. From January 1, 2016, through April 30, 2016, the IC3 received 3,668 complaints with adjusted losses of $2,268,982,” the agency stated.

The IC3 offered some examples of how this scam is initiated:

  • Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim's computer is sending error messages and numerous viruses were detected. Victims report the subjects have strong foreign accents.
  • Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.
  • Locked screen on a device (Blue Screen of Death): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.
  • Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.

The IC3 said that an increasingly reported variation of the scam occurs when the subject contacts the victim offering a refund for tech support services previously rendered because the company has closed.

“The victim is convinced to allow the subject access to their device and to log onto their online bank account to process the refund. The subject then has control of the victim's device and bank account. With this access, the subject appears to have “mistakenly” refunded too much money to the victim's account, and requests the victim wire the difference back to the subject company.

In reality, the subject transferred funds among the victim's own accounts (checking, savings, retirement, etc.) to make it appear as though funds were deposited. The victim wires their own money back to the company, not finding out until later that the funds came from one of their own accounts. The refunding and wiring process can occur multiple times, which results in the victim losing thousands of dollars, the IC3 stated.

Victims are increasingly reporting subjects are becoming hostile, abusive, and utilizing foul language and threats when being challenged by victims, the IC3 stated. Microsoft, which is often used as a key part of the scammers’ invective said at a congressional hearing last year that an estimated 3.3 million people a year are hit with the scam at an annual cost of $1.5 billion. This translates to a victim nearly every 10 seconds, with an average loss of $454 per consumer.

The IC3 offered advice for fending off these attacks:

  • Recognize the attempt and cease all communication with the subject.
  • Resist the pressure to act quickly. The subjects will urge the victim to fast action in order to protect their device. The subjects create a sense of urgency to produce fear and lure the victim into immediate action.
  • Do not give unknown, unverified persons remote access to devices or accounts. A legitimate software or security company will not directly contact individuals unless the contact is initiated by the customer.
  • Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to the attempt.
  • If a victim receives a pop-up or locked screen, shut down the device immediately. Victims report that shutting down the device and waiting a short time to restart usually removes the pop-up or screen lock.

Check out these other hot stories:

DARPA wants to find the vital limitations of machine learning

Not dead yet: 7 of the oldest federal IT systems still wheezing away

DARPA moves “aircraft-like” spacecraft technology to next phase

DARPA extreme DDOS project transforming network attack mitigation

The Martian author Andy Weir calls for massive new space station to prep humans for Mars trip

911 emergency services ripped by HBO’s John Oliver

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies