The United States Secret Service has recently observed an increase in extortion email scams. These are not necessarily new methods of the scam but a marked uptick in previously seen extortion schemes. Typically, an email is sent to the victim containing a password the recipient previously used along with a threat of releasing additional damaging or embarrassing information if the victim does not make a specified extortion payment via Bitcoin. The inclusion of the password serves to intimidate and convince the victim that the sender has access to additional compromising information. However, compromised email and password credentials are widely available for purchase in bulk from the dark web at nominal prices, and the attacker of ten does not possess the information they are claiming. In some instances, the password given in the email did not match one the recipient had previously used.
According to reports, there has been at least one incident in which the attacker appeared to legitimately compromise a system. The victim received an extortion email similar to the above, except containing a current password and requesting a Bitcoin payment of $2,000 within 24 hours. After the 24 hours had lapsed, the attacker sent the victim a second message containing a transcript of a phone conversation the victim had with a third party occurring after the extortion email was received.
It is critical to use a unique password, along with two-step verification/multi-factor authentication whenever possible, for each website login credential and to change passwords on regular intervals due to the increased likelihood that current and recycled passwords will eventually be compromised in a data breach.
The United States Secret Service advises against paying any requested demand in an extortion attempt.
If anyone has any information related to this alert, the GIOC can be contacted at GIOC@usss.dhs.gov.