Malicious Email Campaign Threatens Recipients’ Physical Security

This week, a Spiceworks forum user discovered an emerging email campaign in which the sender claims to have an order to kill the recipient, but offers to spare the recipient’s life in exchange for a Bitcoin payment. The sender also warns recipients not to contact law enforcement and claims the kill order will be executed after two days of non-payment. Analysis of the Bitcoin wallet address included in the email reveals that, as of now, no one has paid the sender; however, email users unfamiliar with cyber extortion tactics such as this could easily fall for the scam, especially as the campaign appears to be using compromised email accounts of legitimate organizations.The NJCCIC recommends email users and administrators read the Sophos report, familiarize themselves with this cyber extortion scheme, and spread awareness to prevent others from potentially falling victim. Report any instances of this or other cyber extortion campaigns to your local police department, the FBI, and the NJCCIC.