From Security Weekly Wiki
Jump to navigationJump to search
3,252 bytes added ,  17:16, 11 June 2019
no edit summary
==Expert Commentary: ==
<!-- [[File:WinnSchwartau.jpg|right|250px|thumb|<center>'''[Evolution of Extortion Emails Continues Winn Schwartau]'''is the Founder & Chief Visionary Officer at [extortion-emails/ SAC]<2019/06/11/center>]] its-a-scam-send-bitcoin-or-your-companys-reputation-is->toast/ Tell your family, your friends, and your co-workers that the scammers have rolled out new schemes to steal thousands of dollars from their victims. No, they haven’t been hacked. No, they don’t need to call the cops. They just need to hit delete. There are two scams that I wanted to cover today. These scams were covered in the Sophos Naked Security blog and Graham Cluley's blog. The links are in the show notes. The first is aimed at anyone with an email account. The intended victim receives an email that claims to be from a CIA operative who is working an investigation into child porn. (Hint: this would be the FBI, not CIA) The victim has appeared in this investigation and they are trafficking in child porn! No fear though, if you send the CIA operative $10,000 in bitcoin, they will remove you from the data that has been collected! Why did the scammers pick the CIA for this? No idea, since they aren’t law enforcement. This type of investigation isn’t really their thing. Obviously, the attack could be improved by using the FBI or some other law enforcement agency. The second scam is aimed at web site owners, though I imagine there will be a few people who will panic over a website that they don’t actually have. The email comes in saying that they have decided to charge you roughly $2400 to avoid having your site permanently blacklisted and banned from the internet. FOREVER. How will they do this? The scammer will cause you to receive thousands of “angry complaints from angry people”. They will leave “tens of thousands” of negative reviews on your site. They will get your email account blocked for your entire lifetime due to the spamming they will do. Eventually, your domain will be removed from the internets. They won’t stop there either. You will get thousands of complaints to your mail and messengers. They will settle for nothing less than the “complete destruction of your reputation and loss of clients forever”. Recovery from this will cost you “tens of thousands of dollars”.  To do all this, they will send 30 messages to 13,000,000 sites with offensive messages that link back to your website. They will send 300 messages to 9,000,000 email addresses with intrusive advertisements that promise a free iPhone from your web site. Finally my personal favorite, they will leave aggressive spam on forums, blogs, etc. To be sure you know they are serious, they tell you that they have 35,978,370 sites and 315,900 sites in their database! (Wouldn’t that just be 36,294,270 sites?) It sounds like they are about to end our world. But not really. The fix for these terrible situations is obviously the same. Hit the delete key and move on with the day. As I’ve commented on in the past, this could make a fun write up for company security awareness campaigns. Helpful advice from IT security that could matter to people’s personal lives. Using stories like this in awareness messages can help build your credibility with the business. After all, you are the person who helped them avoid being scammed a couple of months ago. Your colleagues in other departments may have more sympathetic ears as you provide security advice on a project that is being rolled out.


Navigation menu