Extortion Scam Claims Victim’s Email Account is Hacked

A new extortion campaign is targeting users with scam emails that appear to come from the recipient’s own email account. Similar to recent extortion schemes that included the victim’s password or partial phone number, these spoofed messages claim that the recipient’s email account has been compromised and that threat actors have installed malware onto their device. Emails associated with this campaign display the subject line “[Email address] + 48 hours to pay,” and the body of the message states that the perpetrator has recorded the victim visiting adult content websites and gained access to their social media accounts and messages. An extortion payment is then demanded or the actor will release the video and other personal information to the victim’s contacts. It is important to note that the perpetrators of this scam are simply spoofing recipients’ email addresses and have not actually compromised their accounts. The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization. Additionally, organizations are advised to implement Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) to help detect and prevent email spoofing. Cyber incidents may be reported to the NJCCIC via our incident reporting page and to the FBI’s Internet Crime Complaint Center (IC3) via their website. 

AlertNJCCICCampaign, scam, email