Scammers are now invoking the CIA as a sextortion tactic.
The most recent twist on these scams are emails that pretend to be from the CIA, proclaiming that recipients are involved in the storage and distribution of child pornography.
The scam typically goes on to say you are in danger of being arrested. But if you pony up a tidy sum – $10,000 being one example – all your scandalous data will be removed, according to My Online Security, which posted an advisory on the scam.
Since July, extortion email scams have been on the rise, Lawrence Abrams, creator and owner of BleepingComputer.com, told Fox News.
The scams are constantly evolving and adopting new techniques such as fake “proof of videos,” said Abrams. For example, some claim that they have recorded victims of the scams watching “explicit videos.”
Abrams called the CIA angle “silly,” but it’s part of an ongoing process of trial-and-error by cybercriminals to come up with scams that yield large payouts.
“Sextortion, though less public, scare recipients enough that we receive at least 2-3 emails a week from people asking [about them],” Abrams added.
“The use of phone numbers, passwords, and [the fact that they are] pretending to use your own account to send the email makes them more believable to those who receive them,” he continued.
Money, of course, is driving all of this. When sextortion emails were first distributed, they earned the US dollar equivalent of about $50,000 in cryptocurrency payments, according to Abrams.
Criminals tweak scams to boost success
Sextortion attacks make up around 11 percent of all spear phishing attacks – emails that ostensibly come from a trusted sender – Lior Gavish, senior vice president of Engineering at Barracuda Networks, told Fox News.
“Stolen passwords and email addresses from past data breaches are used to trick victims into believing hackers have access to their email accounts,” Gavish said, echoing Abrams’ sentiments.
Gavish said that attackers will insert passwords into subject lines or spoof their victims’ email addresses to grab attention and add validity to their claims. “To users, these emails appear to come from their own accounts.”
But no matter how much they refine their techniques, criminals often blow their cover with lousy language skills. “A lot of these bad actors have not honed their English-language skills,” Jonathan Tanner, a software engineer at Barracuda Networks, recently told Fox News.
“Better spelling and grammar would increase the effectiveness of the scam, given that English this poor has become associated with email scams in general,” Tanner said.
However, these scams aren’t likely to go away anytime soon. The criminals simply need to send emails to addresses on publicly available lists, Barracuda said.