Extortion Campaigns Rampant Throughout the State
The NJCCIC has observed a noticeable increase in incident reports submitted by individuals throughout New Jersey who were targeted with emails meant to extort them out of thousands of dollars. Extortion scams have been around for years; however, recent techniques serve to convince victims of their legitimacy. In initial reports, perpetrators sent emails to victims claiming they compromised the user’s computer and used their webcam to record them visiting adult content websites. The perpetrator then demands that a large ransom payment in the form of bitcoin be sent within a set timeframe or they will release the video to their contacts. To convince victims of the email’s validity, the perpetrators include one of the victim’s legitimate passwords. These passwords were likely taken from previous breaches in which this information was exposed and not as a result of compromising the recipient’s device. Shortly after the emergence of this campaign, additional extortion scams began targeting users with phishing emails that included the user’s partial phone number or that appeared to come from the recipient’s own email account. Both of these campaigns also claimed to have compromised the recipient’s device or email account and demand a ransom payment be made in bitcoin. It is important to note that the perpetrators of these scams have not actually compromised users’ accounts or devices, but are believed to be leveraging past data breaches or employing spoofing to make their threats appear credible. The NJCCIC recommends users educate themselves and others on this and similar scams to prevent future victimization. Additionally, organizations are advised to implement Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) to help detect and prevent email spoofing. Cyber incidents may be reported to the NJCCIC via our incident reporting page and to the FBI’s Internet Crime Complaint Center (IC3) via their website.