According to reports, there has been at least one incident in which the attacker appeared to legitimately compromise a system. The victim received an extortion email similar to the above, except containing a current password and requesting a Bitcoin payment of $2,000 within 24 hours. After the 24 hours had lapsed, the attacker sent the victim a second message containing a transcript of a phone conversation the victim had with a third party occurring after the extortion email was received.
It is critical to use a unique password, along with two-step verification/multi-factor authentication whenever possible, for each website login credential and to change passwords on regular intervals due to the increased likelihood that current and recycled passwords will eventually be compromised in a data breach.
The United States Secret Service advises against paying any requested demand in an extortion attempt.
If anyone has any information related to this alert, the GIOC can be contacted at GIOC@usss.dhs.gov.