Fraudsters are posing as CIA investigators gone rogue in emails to marks, offering to take bribes to drop bogus investigations into the recipients and claims of online pedophilia, according to Kaspersky.
The security shop says the scammers are spraying out spam messages in which they pretend to be Uncle Sam's agents conducting a probe into online pedophilia rings, as part of a "large international operation set to arrest more than 2000 individuals in 27 countries."
The scare-tactic email claims each recipient has been caught up in the sweep, with investigators having collected the mark's home and work addresses, contact information, and relatives' details. Additionally, the scammers claim to have recorded each recipient's ISP and browsing history, Tor browsing activity, chat logs, and social media activity.
After rattling off the list of details supposedly collected, we get to the pitch. The bogus CIA g-men propose a $10,000 Bitcoin payout to get the whole matter settled.
"I read the documentation and I know you are a wealthy person who may be concerned about reputation," the message reads. "I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case."
Sextortion on the internet: Our man refuses to lie down and take itREAD MORE
Obviously, there is no such investigation, and the sender is a scammer with no CIA connection.
In this case, the crooks would only need to convince ten people out of the mass of recipients to pay up in order to reap a six-figure windfall. Think of it as a sort of reverse spear-phishing operation.
"Such messages are sent to thousands or even millions of people in the hope that just a handful will swallow the bait," noted Kaspersky senior anti-spam analyst Tatyana Scherbakova earlier on Friday.
"Given the size of the ransom, if even a few victims pay up, it will have been worth the cybercriminals’ time and effort."
Folks who receive this message should keep in mind that the CIA and its agents (even the corrupt ones) would not make any such demand over unsolicited email, and the message should be deleted without a second thought.
Scamming aside, the unsettling implication in all of this is that some of the people who would be inclined to pay this extortion demand would be people that had in fact been viewing child abuse images. In that case, it is scammers looking to get money from rapists, and nobody comes out looking good. ®