Home »
Extortion scams on the rise
Extortion scams occurring online are increasing.
In 2013 the Canadian Anti-Fraud Centre (CAFC) received 4,307 reports with 223 of these classified as victims with a total reported dollar loss of $92,174.44.
In 2014, the CAFC received 1,936 complaints related to an extortion pitch. Among them, 123 were classified as victims with a total reported dollar loss of $255,222.26.
Since February of 2012 the CAFC has been receiving complaints from Canadians who have received pop-up messages on their computer stating, “This IP address was used to visit websites containing pornography, child pornography, zoophile and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.”
The messages are socially engineered to appear as if coming from either the Canadian Security Intelligence Service (CSIS) or the RCMP and tell the consumer they need to pay $100-$250 via Bitcoin, Ukash or PaySafe Card to unlock their computer.
Ransomeware – CryptoLocker
Since Oct. 1 (2015) the CAFC has received five complaints regarding a new variation of Ransomware using CryptoLocker malware. Ransomware is malware that restricts access to infected computers and requires victims to pay a ransom in order to regain full access.
The malicious software is being spread through email attachments. Once opened, CryptoLocker installs itself to the home or business computer and encrypt a variety of file types such as images, documents and spreadsheets. The malware searches for files to encrypt on all drives and in all folders.
Once the malicious software is installed on the computer, a pop up appears claiming the files are blocked and that the data will be lost unless the private key is obtained from the scammers. In order to obtain the private key, a ransom payment in the amount of $300 is demanded to be paid by Bitcoin, UKash, Green Dot or other digital payment systems.
The user is given approximately 72 hours before the private key is destroyed and the files are lost forever.
Once the malware has encrypted files on a victim’s computer there is no way to decrypt them without the private key and by paying the ransom there is no guarantee that the files will be decrypted.
Warning sign(s) – How to protect yourself
– Never send money to “unlock” a computer.
– Businesses should have an “emergency preparedness” cyber security plan in place.
– Businesses should independently verify any attack with their Internet service provider or a computer repair professional.
– Never click on a pop up that claims your computer has a virus, if you cannot access anything on the computer beyond the pop-up screen your computer is infected.
– Avoid opening email and email attachments from unknown sources, especially .zip files.
– Ensure your anti-virus software is active and up to date and regularly schedule scans to search and remove already existing malware.
– Keep your operating system and software up-to-date.
– Make regular backups of important files.
– Be vigilant against clicking on links within emails.
Sextortion
Victims are lured into an online relationship through social media or pornographic websites. As the relationship builds, victims are encouraged to use the computer’s camera and the “scammer” will coerce the victim to perform a sexual act in front of the camera. The victim is later advised that the event was recorded and unless a sum of money is paid the video will be released through various online websites such as YouTube. The transfer of money is requested through money services businesses such as Western Union, MoneyGram and Ukash. Some consumers have endured many emotional stresses in their lives and being caught in this scenario can be too much to handle. In the last year the CAFC is aware of two suicides in Ontario that are directly related to the Extortion scam.
Warning sign(s) – How to protect yourself
Deny any request to perform an illicit act over the Internet.
Denial of Service (DOS) Attacks
The third variation of the extortion scam being reported at the CAFC involves businesses in Canada reporting that their website and Internet services are under attack or have been taken down by hackers. These attacks are commonly known as denial of service or distributed denial of service attacks and are carried out by cyber thugs attempting to extort money from Canadian businesses to restore their web services.
Hitman
The Canadian Anti-Fraud Centre continues to receive complaints on the hitman scam and is advising the public to ignore these e-mails, which use death threats to frighten and scam consumers.
These e-mails claim that “you have been betrayed by someone” and that they have been hired to “kill you.” The e-mails go on to say that at a cost (usually double what the hitman was paid), the scammer will cancel the contract and provide the name of the individual who hired him.
The Canadian Anti-Fraud Centre recommends anyone receiving these e-mails not to respond. In addition to scamming the victims financially, these fraudsters also hope to acquire personal information so that they can steal your identity.
The Canadian Anti-Fraud Centre has many copies of these emails on file. Should you receive such a solicitation, do not respond to it and delete it.
Example: ‘How are you doing today? I was paid to assassinate you, but I felt it will be right for me to inform you and hear from you, before carrying out my operations. I honestly tell you that this contract was given to me by a close business friend of yours, with effect to your reading this e-mail, note that you are not safe. I will appreciate if you to act very fast to this mail or else I will be forced to carry out my operation. I have all your informations with me now, as am talking to you. If you feel contacting a security firm or the police will make you safe, I want to also inform you that it will not stop me, it will rather make me to carry out my operations very fast, so stay cool and contact me for negotiations. Note that I sent this email after keeping an eye on you for over 10 days, so you can see what I meant by telling you that a security firm can’t save you. Just waiting to hear from you, so I know if I can change my mind under the grounds of negotiation, and I think, after negotiation I will be ready to inform you about who sent me. I am a member of a well trained group in the Middle East, we take part in suicide bombing and special killings, For top government officials. Note that I am all around you, so make sure you don’t do anything more than contacting me, if not you will regret it. I await your comment on this.’
Bomb threat
Consumers should be alerted to an email that is being sent out by a supposed assassin that has planted a bomb. The sender demands a large sum of money in return for not carrying out the mission.
Should you receive such a solicitation, do not respond to it and delete it.
Example
‘This is the only way I could reach you people, no matter who you are, make sure this gets to your manager. If not you have yourself to blame, my group was paid to plant an un-activated bomb in your building (hotel lodge) till a certain date it will be activated which is best known to our employer. I know what am about to do is a betrayal to my group, I can disconnect the bomb and take it away, but this will between us alone, I need the sum of $500,000; $250,000 will be paid to an account I will provide for you and the balance will be paid after the disconnection, if you agree with me get back to me, if no, don’t even think of contacting me. Finally do not involve the cops/police on this, because if you do, none of your apology will be accepted to me (remember, I took risk for sending you this information), if we have a deal, you know what to do.’
e-KNOW
