The Federal Bureau of Investigation issued an alert late Wednesday night warning about attempts to extort victims of recent data breaches.
When hackers steal data from private companies or government agencies, they often advertise it for sale on various Dark Net websites. Criminals then purchase the information and threaten affected users, forcing them to essentially pay a new form of hush money if they don't want their leaked, sensitive information broadcast to the world.
"The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient's social media contacts, family, and friends if a ransom is not paid," the FBI said in its alert.
“If you think this amount is too high, consider how expensive a divorce lawyer is.”
The FBI said that its Internet Crime Complaint Center had received many reports about the extortion emails, with the requested payments ranging from 2 to 5 bitcoins, or $250 to $1,200 at current exchange rates. Criminals typically ask for payment in bitcoins, the bureau said, because the cryptocurrency "provides a high degree of anonymity to the transactions."
The FBI provided examples of extortion emails ranging from relatively tame missives—like a hacker glibly noting that they could contact the victim's friends—to more ominous suggestions about how failing to pay up would wreak havoc on the victim's personal life.“If you think this amount is too high, consider how expensive a divorce lawyer is,” one extortionist wrote to their victim. “If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”
Unsurprisingly, federal agents believe that “multiple individuals are involved in these extortion campaigns” because the emails do not follow a consistent format.
In its alert, the FBI reiterated its longstanding warnings against opening suspicious attachments and storing "sensitive or embarrassing photos" online or on a mobile device. It also warned victims not to pay the extortion fee, as doing so would “facilitate continued criminal activity.”