Scam watchdog says bulk extortion emails claiming hacked pictures and videos is a ‘fictional threat’
A new bulk extortion email campaign is threatening to reveal sensitive images and videos of Australians, warns the National Anti-Scam Centre.
The watchdog has received hundreds of reports in recent weeks of crooks claiming to have hacked the computers or webcams of regular people.
The National Anti-Scam Centre, which is overseen by the Australian Competition and Consumer Commission (ACCC), has sent an alert to notify the public that there was no evidence the claims made by those behind the emails had access to a victim’s computer or webcam.
“While we should always be vigilant about scams, people need to be especially alert to this emerging trend,” ACCC deputy chair Catriona Lowe said.
Here’s what we know about how this scam works.
It’s extortion and it’s a crime, says ACCC
The way this scam operates, according to the watchdog, was that criminals send emails extorting victims, claiming to have compromising material of them that will be released if they are not paid an amount of cryptocurrency to a specific address.
Personal details including birth dates and addresses are often included in these emails, which the National Anti-Scam Centre has said were to intimidate recipients into sending money.
The personal details in the email were likely discovered through previous public data breaches.
“The fictional threats in these emails combined with the inclusion of people’s personal data are intended to terrify the individual reading it. It’s extortion and it’s a crime,” Ms Lowe said.
Ms Lowe said people receiving these emails should ignore them, and be aware that this could be a large-scale campaign given the number of reports the centre had received about this scam.
“The National Anti-Scam Centre is working with partner organisations, including law enforcement and IDCare, to disrupt this scam and ensure victims have access to support,” she said.
Examples of scam emails received by victims shared by the National Anti-Scam Centre. (Supplied: ACCC)
Scam has ‘exploded’ in the past week
Kathy Sundstrom, national manager of outreach and engagement at IDCare, said sextortion phishing emails were not new.
“We’ve had a steady number of reports since the beginning of the year. However, we noticed an uptick in reports in May, and then, to quote one of our analysts, it ‘exploded’ last week,” she said.
Between January and April of this year, IDCare were receiving about 50 reported cases of this kind of scam a month.
In May, that number increased to about 200 before petering out before this most recent surge.
“So we’ve seen about 1,175 cases reported this year so far, in totality, but in the last week, we had over 160,” Ms Sundstrom said.
In nearly 50 per cent of cases, she said the victims were aged between 18 and 34.
“We’ve also noticed a change in the methodology. Initially, it would be an email including your name and password to scare people into thinking they had, in fact, accessed their devices,” she said.
“Now, they are not only quoting your password, but include details like your name, address, suburb, birth date and phone number in the email to make the threat appear more real.”
Last year, Australians reported about $2.7 billion in losses related to scams, which has led to calls for greater protection for consumers
In September, the federal government proposed new laws that will place increased responsibility on banks and other companies to protect consumers from scams.
Loading…
Ms Sundstrom said the government addressing the issues of scams through legislation would prompt companies to take steps before it was even introduced.
“So when it comes to the scam code, we have seen such an uplift before that was introduced across organisations to improve how they store our information, how they protect us and our online accounts, and how they protect our information,” she said.
The difficulty with legislation, she explained, was it often takes time to be formalised, and in that time criminals often move on to their next activity.
“So they’re always evolving their tactics, and we’re always playing a bit of a game of catch up as we try to introduce measures to block it,” she said.
What should I do if I receive an email like this?
Monash University’s professor of cyber security Nigel Phair said the best course of action when receiving an email out of the blue requesting money or cryptocurrency was to delete it.
“Not pursue it any further, [and] definitely not contact the people that the email has come from,” he said.
The number of public data breaches over the past few years, Professor Phair said, meant there was a likelihood that scams would increase even more over time.
“We’ve had some significant data breaches where the criminals have got a whole lot of information, and then they match that information against things like social media profiles,” he said.
“We need a lot more education. We need a lot of people to think before they act when they receive a spam email, text message, WhatsApp, whatever it might be.”
