State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Old Extortion Tactics Resurface in New Campaign

NJCCIC Alert

Original Release Date: 4/17/2020

Summary

An old extortion email scam, first seen in early Summer 2018, has resurfaced in a new widespread campaign. In addition to receiving several incident reports from the public detailing these extortion emails, the NJCCIC’s own email security solution blocked hundreds of these extortion emails attempting to be delivered to NJ state employees. The sender of the emails claims that they have acquired the recipient’s password by means of a malware-laden adult content website. They purport to have gained access to the target’s device and used the device’s webcam to record a compromising video, further threatening to disseminate it to all of the recipient’s contacts if a bitcoin payment is not made, typically in the sum of $1,900-$2,000. The password detailed in the subject line and body of the email is a legitimate past or current password, which was likely found through publicly-available information from past data breaches and is only an attempt to invoke credibility; the recipient’s device was not compromised. These emails appear to be part of a large scale campaign as identified by various open source reporting. Of the emails attempting to deliver to NJ state employee inboxes, senders were outlook[.]com email addresses and the subject lines were in a “username : password” format. As many New Jersey citizens continue to follow Governor Phil Murphy’s stay-at-home order, threat actors are taking advantage of vulnerable users that may lack proper device and email security. The rate at which this extortion scam is proliferating suggests that these scams are successful and worth the time and resources to distribute them. The NJCCIC has not found any indication that these threats are credible, and users are advised to ignore and delete these emails.

Recommendations

  • Enabling multi-factor authentication for all accounts that offer it, particularly for financial and email accounts.
  • Check the site https://haveibeenpwned.com to determine if your password has been revealed in a data breach and change passwords immediately for those accounts.
  • Exercise caution with emails received from unknown senders, refraining from clicking links, opening attachments, or providing personal or financial information.
  • Use an anti-virus/anti-malware software on all devices.
  • Ensure all hardware and software are up to date.
  • Educate others, particularly those more vulnerable to these scare tactics, on this and similar scams to prevent future victimization.

The NJCCIC encourages users who discover signs of malicious cyber activity to report to the NJCCIC via the Cybersecurity Incident Reporting form at https://cyber.nj.gov/report

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.