Extortion Scams

Extortion scams occurring online are increasing. In 2013 the Canadian Anti-Fraud Centre (CAFC) received 4,307 reports with 223 of these classified as victims with a total reported dollar loss of $92,174.44.

So far in 2014 the CAFC has received 1936 complaints related to an Extortion pitch. 123 are classified as victims with a total reported dollar loss of $255,222.26.

Many variations of extortion scams have been reported. More often they follow one of the following scenarios;

1. Ransomware – Since February of 2012 the CAFC has been receiving complaints from Canadians who have received pop-up messages on their computer stating, “This IP address was used to visit websites containing pornography, child pornography, zoophile and child abuse. Your computer also contains video files with Pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.” The messages are socially engineered to appear as if coming from either the Canadian Security Intelligence Service (CSIS) or the Royal Canadian Mounted Police and tell the consumer they need to pay $100-$250 via Bitcoin, Ukash or PaySafe Card to unlock their computer.
2. “Sextortion” – victims are lured into an online relationship through social media or pornographic websites. As the relationship builds, victims are encouraged to use the computer’s camera and the “scammer” will coerce the victim to perform a sexual act in front of the camera. The victim is later advised that the event was recorded and unless a sum of money is paid the video will be released through various online websites such as YouTube. The transfer of money is requested through money services businesses such as Western Union, MoneyGram and Ukash. Some consumers have endured many emotional stresses in their lives and being caught in this scenario can be too much to handle. In the last year the CAFC is aware of two suicides in Ontario that are directly related to the Extortion scam.
3. Denial of Service Attacks – the third variation of the extortion scam being reported at the CAFC involves businesses in Canada reporting that their website and internet services are under attack or have been taken down by hackers. These attacks are commonly known as denial of service or distributed denial of service attacks and are carried out by cyber thugs attempting to extort money from Canadian businesses to restore their web services.

How to Protect Yourself

• Beware of pop-up messages or a banner with a ransom request;
• Never click on a pop up that claims your computer has a virus, if you cannot access anything on the computer beyond the pop-up screen your computer is infected.
• Never send money to “unlock” a computer;
• Deny any request to perform an illicit act over the internet.
• Businesses should have a “emergency preparedness” cyber security plan in place
• Businesses should independently verify any attack with their internet service provider or a computer repair professional.