Ongoing Sextortion Email Scams

Subject: Immediate Attention Required: Ongoing Sextortion Email Scams

Overview

This advisory is issued to inform citizens and organizations about an ongoing sextortion email scam. This scam involves cybercriminals sending threatening emails that claim to have access to the recipient’s devices and personal data. The emails demand a ransom in Bitcoin to prevent the release of purported compromising information.

The Main Points of a Sextortion Email. Learn what to look for

This a breakdown of the content in a sextortion scam:

1. Claim of Device Compromise:
   • The sender claims to have gained access to the recipient’s devices a few months ago.
   • They state they have installed a Trojan virus or Malware, which has allegedly given them access to all controllers on the devices.
2. Threats and Blackmail:
   • The sender claims to have uploaded data, photos, browsing history, and other personal information to their servers.
   • They threaten to reveal this data, including compromising personal videos and photos, if the recipient does not comply with their demands.
   • The sender demands a monetary amount in Bitcoin to prevent the release of this information.
3. Consequences:
   • The sender warns that if the demand is not met, they will publish all data and compromising material online.
4. Instructions:
   • The email includes a Bitcoin address for payment.
   • The sender gives the recipient a deadline to comply.
   • The email advises against contacting police or security services, threatening to publish the data if this happens.

Truncated details of the Scam

• Email Content: The scam email typically claims the sender has installed a Trojan virus on the recipient’s devices, providing them with access to personal data, photos, browsing history, and even compromising videos.
• Ransom Demand: The email demands a payment of mostly USD in Bitcoin to a specified address within 48 hours, threatening to publish the data online if the ransom is not paid.
• Psychological Tactics: The email attempts to create fear and urgency, advising recipients not to contact law enforcement and implying severe reputational damage if the ransom is not paid.

Advisory Actions

1. Do Not Respond to the Email:
   • Do not engage with the sender or pay the ransom. Paying does not guarantee the safety of your data and encourages further criminal activity.
   • There is no proof that the scammer has access to your files.
   • Do not download or/and open any attachments sent by the attacker as ‘proof’ as it might contain malware.
2. Report the Incident:
   • Immediately report the email to your local law enforcement agency.
   • Forward the email to your organization’s IT department or cybersecurity team.
3. Verify Device Security:
   • Run a comprehensive antivirus scan on all your devices.
   • Ensure all software, including antivirus programs, are up to date.
   • Change passwords for all important accounts using a secure method, such as a password manager.
4. Awareness and Training:
   • Be aware that such emails are common scams and share this information with colleagues, friends, and family.
   • Educate your organization on recognizing phishing and extortion emails.
5. Enhance Security Measures:
   • Implement two-factor authentication (2FA) on all critical accounts.
   • Regularly back up important data to secure, offline storage.
   • Enable firewalls and intrusion detection/prevention systems (IDS/IPS) to protect against malware.
6. Monitor Accounts:
   • Keep an eye on your financial accounts for any unauthorized transactions.
   • Review account activity and be alert for any signs of compromise.

Always Stay vigilant and secure.

National Cybersecurity Coordination Center

This advisory aims to educate and equip the public with necessary steps to protect themselves against sextortion attacks.