FBI: Extortion scammers more active due to stay-at-home orders

The U.S. Federal Bureau of Investigation (FBI) warned today of an increasing number of online extortion scam reports because a lot more people are being targeted due to the "stay-at-home" orders issued during the COVID-19 pandemic.

"Because large swaths of the population are staying at home and likely using the computer more than usual, scammers may use this opportunity to find new victims and pressure them into sending money," the alert issued by FBI's Internet Crime Complaint Center (IC3) says.

"The scammers are sending e-mails threatening to release sexually explicit photos or personally compromising videos to the individual's contacts if they do not pay. While there are many variations of these online extortion attempts, they often share certain commonalties."

The FBI also reminds that fraudsters are known for adapting their scams to match current trends, with a focus on high impact events, high profile breaches, and other issues that could give them authenticity and make their targets react without second thinking their requests.

Among the various signs that should make you think twice before giving course to the scammers' demands, the agency highlights the following 'red flags:'

• The online extortion attempt comes as an e-mail from an unknown party and, many times, will be written in broken English with grammatical errors.
• The recipient's personal information is noted in the e-mail or letter to add a higher degree of intimidation to the scam. For example, the recipient's user name or password is provided at the beginning of the e-mail or letter.
• The recipient is accused of visiting adult websites, cheating on a spouse, or being involved in other compromising situations.
• The e-mail or letter includes a statement like, "I had a serious spyware and adware infect your computer," or "I have a recorded video of you" as an explanation of how the information was allegedly gathered.
• The e-mail or letter threatens to send a video or other compromising information to family, friends, coworkers, or social network contacts if a ransom is not paid.
• The e-mail or letter provides a short window to pay, typically 48 hours.
• The recipient is instructed to pay the ransom in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions.

"The FBI does not condone the payment of online extortion demands as the funds will facilitate continued criminal activity, including potential organized crime activity and associated violent crimes." the IC3 PSA adds.

Victims of COVID-19 scam attempts should report them via the National Center for Disaster Fraud Hotline at (866) 720-5721 as soon as possible, email their reports to disaster@leo.gov, or reach out to the FBI (visit ic3.gov, tips.fbi.gov, or call 1-800-CALL-FBI).

Email extortion is an ongoing threat

BleepingComputer reported that a large email extortion campaign was making the rounds earlier this month, telling potential victims that their personal computers were hacked, that a video of them was taken using their webcam, and that their passwords were stolen.

The messages sent this month by the scammers closely resemble those sent two years ago when we reported about a similar extortion campaign.

While the fact that the crooks list some of the passwords the recipients have used in the past might be unnerving, the attackers don't know them after hacking the targets' accounts, but rather from leaked password dumps shared online following data breaches.

Extortion scammers have been using all sorts of lures as part of their extortion scam emails including hitman contracts, CIA investigations, bomb threats, threats to install ransomware, and just after the pandemic started, threats to infect the target's family with the SARS-COV-2 virus.

COVID-19 scams and official warnings

Last week, the FBI also warned government agencies and health care orgs of BEC schemes exploiting the COVID-19 pandemic, as well as of an increase in health care fraud and cryptocurrency scam activity targeting consumers.

The Internal Revenue Service (IRS) issued a warning about a surge in coronavirus-related scams over email, social media, and phone calls on April 2, with the crooks attempting to steal personal info using economic impact payments as bait.

The FTC revealed that $12.78 million were lost to Coronavirus-related scams according to consumer complaints received since January 2020.

According to FTC's announcement, consumers have reported 16,778 fraud incidents so far, with approximately 46.3% of fraud complaints also reporting a loss, amounting to a median loss of $570 per incident.

To defend against the increasing number of extortion scam attempts the FBI warned about today you should follow these tips:

• Do not open e-mails or attachments from unknown individuals.
• Monitor your bank account statements regularly, and your credit report at least once a year for any unusual activity.
• Do not communicate with unsolicited e-mail senders.
• Do not store sensitive or embarrassing photos or information online or on your mobile devices.
• Use strong passwords and do not use the same password for multiple websites.
• Never provide personal information of any sort via e-mail. Be aware that many e-mails requesting your personal information appear to be legitimate.
• Ensure security settings for social media accounts are activated and set at the highest level of protection.
• Verify the web address of legitimate websites and manually type the address into your browser.