Personal Information is being used in a New Cyber Extortion Scam

August 1, 2018
Cyber Alert

Download a PDF of the alert

Risk Management Question: Personal information about you is knowingly or unwittingly circulated in cyberspace every day. A new cyber extortion scam involves emails claiming to have embarrassing or incriminating information about the recipient and demanding payment. The sender references just enough personal information to make the recipient pause before hitting the delete button. What should you and your firm do if you receive such a threat?

The Issue: The FBI is warning of a scam in which cyber criminals claim to have confidential or embarrassing information about you that will be released unless a ransom (typically Bitcoin) is paid. The latest version adds a new twist by including a reference to a password in the opening sentence that may in fact be an old password that you previously used. Hackers are able to acquire these passwords through online forums, data breaches of social media providers (LinkedIn, Yahoo, etc.) or through internet research. A number of law firms recently reported receiving extortion attempts similar to the one uploaded here (complete with the original misspellings and grammatical errors).

While the email is a crude attempt at extortion, the sender did enough research to guess a password that the recipient used in the past for an account, in this case a child's name. While this adds to the "creepiness" of the attempt, again, it is important to remember that it does not take a lot of research to find the names of our children, parents and other family members on the internet. Social media sites love posting harmless or cute looking pictures as part of a poll to ask questions like the name of your first pet.

Risk Management Solutions:

If you receive a threatening email:

Take precautions to prevent the use of your personal information and passwords:

Additional recommendations:

Always think before you click.