The Internet Crime Complaint Center has warned of extortion schemes connected to recent high-profile data thefts. In these schemes, fraudsters use the breach news to scare individuals into clicking a malicious link or paying a ransom.

Ransomware has surfaced as a major online security threat to businesses and individuals. While companies and other organizations are the primary targets, the IC3 said it continues to receive reports from individuals seeing extortion attempts via email.

The recipients are told that compromising images or personal information, such as names, phone numbers, addresses, credit card information and other personal details, will be released to the recipient's social media contacts, family and friends if a ransom is not paid. Recipients receive instructions to pay in bitcoin within a short timeframe. The ransom amount ranges from about $250 to $1,200.

The IC3 offered the following sample excerpts from the extortion emails:

  • “Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”
  • “If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”
  • “If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
  • “We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members and spouse, then you need to send exactly five bitcoin to the following address.”
  • “We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity and credit card transactions. Now for the good news, you can easily stop this letter from being mailed by sending two bitcoins to the following address.”

The IC3 gave consumers the following tips to avoid becoming a victim:

1. Do not open emails or attachments from unknown individuals. Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign.

2. Monitor bank account statements regularly, as well as credit reports at least once a year for any fraudulent activity. Those who believe they are scam victims should reach out to their local FBI field office and file a complaint with the IC3 at ic3.gov. 3. Do not communicate with the subject. The FBI suspects multiple individuals are involved in these extortion campaigns. The FBI does not condone the payment of extortion demands, as the funds facilitate continued criminal activity. 4. Do not store sensitive or embarrassing photos online or on mobile devices. They could end up as a part of the ransom demand. 5. Use strong passwords and do not use the same password for multiple websites. According to the Los Gatos, Calif.-based cybersecurity firm SplashData, the most commonly used passwords are “123456” and “password.” 6. Never provide personal information of any kind via email. Question any emails requesting personal information. In addition, when providing personally identifiable information, credit card information or other sensitive information on a website, ensure the transmission is secure by verifying the URL prefix. 7. Set security settings for social media accounts at the highest protection levels. Even Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts faced a compromise, likely because of a huge LinkedIn password hack.

Join us at Credit Union Times' Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security. This two-day conference is designed for credit union executives, boards of directors and those responsible for your credit union's cybersecurity policy. Register to attend and save $150.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).