Extortion phishing email campaigns have been on the increase of late, often hoping to take advantage of a mix of humiliation and embarrassment to deceive recipients. A recent sextortion spam campaign that netted hundreds of thousands of dollars is just another example of this. Thexyz spam filters recently intercepted a particularly large run of such a scam around midday on Sunday, the 24th of March.

Proclaiming to be from a ‘technical collection officer’ working in the Central Intelligence Agency (CIA), the spoof email actually comes from one of a large number of new domains set up for the purpose of running the scam.

The body of the email contains a long message advising the recipient that their personal details (including their home and work address) are currently on file under a case regarding the “Distribution and storage of pornographic electronic materials involving underage children.”

The email advises the recipient that the case is part of a large international operation to arrest individuals suspected of pedophilia. It claims that the data used to acquire their personal information for the case includes recipients’ web browsing history, chat-room logs and social media activity logs, among others. It adds the first arrests regarding the case are scheduled for April 8th 2019.

The message then details why the particular recipient is being contacted and also provides a way to avoid any prosecution. For a payment of $10,000 USD made via Bitcoin, the sender promises to remove the recipient’s details from the case. We checked the Bitcoin address (3DGPwYTMHU7M6wYJh58M2CRizZQtXVv8CZ) for an evidence of payments made, and at the time of writing this post fortunately nobody has made any payments as the wallet balance is empty without any transactions listed.

Here is a screenshots of the email:

CIA spoof email

The perpetrators have taken care to craft a grammatically sound and well-formatted email

CIA Extortion email

An example of the CIA extortion phishing scam

The criminals behind this spoof have used several techniques to boost the legitimacy of the email scam. Not only have they included CIA’s logo in the email signature but have also taken care to craft a grammatically correct and well-formatted email that looks like it could well be from a law enforcement or a foreign intelligence agency.

If in doubt, do nothing

It is important to remember that these scams are all fake, and cybercriminals are likely to be supplying you with false information or threats. By tapping into your fears and paranoia, they are tricking you into supplying them with Bitcoin.

Thexyz urges the public to not panic and refrain from making any payments. Recipients should report suspicious activities that could threaten public safety.

Take a proactive approach to email security

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff via their email address.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we’re all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organization has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add Thexyz cloud-based email and spam filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at Thexyz today about your company’s cybersecurity needs.