Email Blackmail Alert - "Pay Up or We’ll Infect Your Family"

The NYPD is on alert over a twisted coronavirus blackmail scheme by cybercriminals looking to defraud the pubic off of people’s anxiety.  The alert is over an insane COVID-19 blackmail scheme where vulnerable people are targeted by email from scammers who threaten to infect their families with the coronavirus if they refuse to pay the fraudsters money or cryptocurrency.

According to a sensitive law enforcement document reviewed by The Daily Beast—headlined ‘Scams and Fraud Campaigns Exploiting COVID 19 Likely to Continue,’ and dated April 20—“the pandemic has created an environment ripe for fraudulent activity with threat actors leveraging fears of the virus to perpetrate a variety of malicious and criminal exploitation.”The confidential NYPD briefing document goes on to state that “threat actors around the world have flooded the internet with COVID-19 themed phishing scams in attempts to capitalize on fears of the virus for financial gain.”

“The blackmail scam has been less successful because... it is a little more far-fetched but it’s playing on people’s fears,” Miller added. “The bad guys buy the names and passwords in bulk from the dark web, so if you send out 300,000 of these emails you only need a few people to fall for it to make a nice profit for very little investment.”

The COVID-19 scam that has concerned police is based on a “porn-extortion” fraud from 2019. In that scam, which law enforcement sources say was very successful, potential victims were sent an email with their username and password. The sender would write, “now that I have your attention I need to tell you I have access to all your accounts and your passwords, as well as the kind of material you’ve been looking at.”

“The email goes on to imply that the target has been caught looking at all kinds of porn sites and other disgusting material and that the writer of the email has been able to access the users WebCam and record video from the camera as well as screen and now has split screen recordings of the material,” the NYPD official told The Daily Beast.

As it turns out, it’s all a bluff!  Fraudsters never have access to the victim’s WebCam, iPad or computer but why the scam is such a success is the victim has no way of knowing for sure they have not been compromised, and the fact the conman has their email and password gives the scammer credibility in the mind of the victim.

The COVID-19 fraud the NYPD now has on its radar is a new twist on the “porn-extortion” scam and the intelligence document states, “based on the researched dataset, this type of fraud has had limited success.” It’s unclear how the criminals would be able to carry out their callous threats.

"The reason to talk about it is so that people will recognize it if they get one of these," Miller said referring to emails from scam artists. "They also need to know this person has not hacked their computer, hasn’t had access to all their information, and that the fraud depends on people believing that those claims are true”

Scammers typically gain a person’s email and password from websites that have been hacked such as the Capital One data breach and where user credentials from the site were posted on the Internet. Criminals, legitimate security researchers, and others can access those password dumps on hacking forums, illicit dark web markets, or file-sharing sites.

As far as this COVID-19 blackmail scam goes, the simple advice for anyone who is targeted. “The only correct thing to do is delete it. There’s no value in interacting with the sender. You should delete it and reset your passwords.

Top 10 Coronavirus Scams

Be on the lookout for and be wary of potential COVID-19 scams and abuses. Any information, complaints, or concerns can be reported to a public regulatory agency.  Its hard to determine which one but here are few FTC, FBI, Dept of Justice, US Attorney's Office, Homeland Security.  Not sure how all of these agencies or coalitions work together but someone they get the bad guys.  

Top 10 most common scams and frauds include: 

• Economic Impact Payment (Stimulus Check):  Scammers pretend to be government officials offering false economic impact payments (stimulus checks) in order to obtain personal identifying information including social security and bank account numbers.

• Diagnosis Testing Scams: Scammers offer fake COVID-19 testing kits, particularly door-to-door.

• Treatment/Cure Scams: Scammers offer fake or unproven treatment regimens that are particularly dangerous because they have the potential to do more harm than good.

• Charity Scams: Virtually every time there is a disaster or emergency, scammers set up fake charities to solicit donations that they then spend on themselves.

• Overinflated prices: The Coalition will use every tool available to hold sellers accountable who unlawfully use the COVID-19 pandemic to unreasonably inflate prices.

• Investment Scams: Scammers make false claims about tests, cures and other matters related to COVID-19 in order to entice victims to make investment decisions based on those false claims that allow the scammer to steal money and assets from Delawareans.

• Email Scams: Scammers send victims emails related to COVID-19 that appear to be from the victims’ banks, health care providers, the World Health Organization, the Centers for Disease Control and Prevention (CDC), and others for the purpose of obtaining the victims’ personal identifying information and exploiting it for the scammers’ own benefit.

• App Scams: Scammers are creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.

• Insurance, Workers’ Compensation and Medicaid Fraud: Businesses and government agencies are not immune to scams. They should also be vigilant to ensure scammers do not take advantage of their businesses or customers during this pandemic.

• Scams specifically targeted at seniors: Seniors are more vulnerable than ever to common scams like the Grandparent Scam and Government Imposter Scams.  Consumers receiving a call or any contact claiming that loved ones are in danger or hurt, that they owe money and failure to pay will result in their arrest or other harm, or that their benefits are in jeopardy, do not act. Contact your loved ones or the purported agency using known, trusted contact information not sourced from the suspicious communication.

FBI Has Stopped Hundreds of Online Scams

The bureau has reviewed more than 3,600 complaints related to COVID-19 ploys that tout fake vaccines, cures and charity drives, among other things.

For example, the cooperative effort has been disrupted:

• An illicit website pretending to solicit and collect donations to the American Red Cross for COVID-19 relief efforts. 

• Fraudulent websites that spoofed government programs and organizations tricked American citizens into entering personally identifiable information, including banking details. 

• Websites of legitimate companies and services that were used to facilitate the distribution or control of malicious software.

Multiple federal agencies have worked to analyze the complaints, investigate ongoing fraud, phishing, or malware schemes, and assemble vetted referrals. Agencies have sent hundreds of these referrals to the private-sector companies managing or hosting the domains. Many of those companies, in turn, have taken down the domains after concluding that they violated their abuse policies and terms of service, without requiring legal process. Domain registrars and registries have advised the department that they have established teams to review their domains for COVID-19 related fraud and malicious activity. Cybersecurity researchers have also made important contributions by developing sophisticated tools to identify malicious domains and refer them for mitigation. Law enforcement is actively reviewing leads, including those referred by private firms, to verify unlawful activity and quickly pursue methods for disruption.

As a further example, shortly after the IRS notified the public of web links to apply for the COVID-19 related stimulus payments, the FBI identified a number of look-alike IRS stimulus payment domains. These look-alike domains are often indicative of future phishing schemes and in order to minimize the potential fraudulent use of the these domains, the FBI alerted numerous domain registries and registrars to the existence of these look-alike URLs.

“The department will continue to collaborate with our law enforcement and private sector partners to combat online COVID-19 related crime,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “We commend the responsible internet companies that are taking swift action to prevent their resources from being used to exploit this pandemic.”

The Justice Department is also working to provide COVID-19 related training and technical assistance in other countries through the International Computer Hacking and Intellectual Property (ICHIP) program. In one Justice Department-supported action, a state prosecutor in Brazil took down a fake site purporting to belong to a leading Brazilian brewery. The website publicized the distribution of free sanitizer, but in fact was infecting the computer systems of numerous Brazilian consumers with malware. The ICHIP-mentored prosecutor further requested that the site’s U.S.-based registrar suspend it and preserve any account and transactional data linked to the site. The investigation is ongoing, and the ICHIP continues to mentor the prosecutor remotely on this case and on best practices for engaging with U.S. registrars and providers. Similar activities are planned in other regions with ICHIP attorneys. Learn more about the Criminal Division’s ICHIP Program, jointly administered by the Criminal Division’s Office of Overseas Prosecutorial Development, Assistance and Training and the Computer Crime and Intellectual Property Section, here.

Numerous Justice Department components are working to combat COVID-19 related crime nationwide. For a list of department efforts, visit https://www.justice.gov/coronavirus/news.