In a new sextortion scam, cyber-criminals are posing as corrupt officials of the CIA and demanding $10,000 from their targets whose names they claim to have found in an investigation into online pedophiles, according to Kaspersky Lab.
Victims reportedly receive an email authored by what appears to be a corrupt CIA agent involved in “a large international operation set to arrest over 2,000 people suspected of pedophilia, in over 27 countries.”
The scope of the information the department reportedly has includes the victim’s name, phone number, and email, along with the person’s home and work addresses. The scammer also claims that the CIA has information about relatives, which was reportedly obtained from a range of sources, including ISP, online chats and social networks, researchers said.
The note alleges that the victim’s contact details and those of their relatives are being held as part of the operation identified as case #45361978 (relating to possession and distribution of child pornography, or so it seems).
The fake agent offers to remove all files relating to the victim in return for a payment of $10,000 in cryptocurrency, but time is of the essence, as the letter also notes that arrests will begin in two weeks’ time. As a result, the sextortion payment needs to be received in nine days of receiving the letter.
“Compared with regular sextortion spam, the ‘CIA’ message is well-written, with grammatically correct, stylistically restrained language in a quite official-sounding tone. The scammers also took care of the layout: The message text is nicely formatted and easy to read, and the effect is amplified by the CIA emblem staring out from the screen,” researchers wrote.
“However, just because the message looks more imposing doesn’t make it more true. Don’t be offended, but the CIA is unlikely to give a hoot about you. The scammers most likely found your email address in a database leaked online, or even just came across it by chance.”
Kaspersky recommends trashy any messages immediately. “Our number one tip is don’t panic,” the researchers said. Beyond that, they advised that victims do not reply to the email and never consider paying a ransom to scammers.