nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Miscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims

Worse – extortionists will reveal you had a MySpace page, too

By Iain Thomson, 1 Jun 2016

The FBI has issued an unusual warning about a new breed of scammers looking to get rich off the back of recent high-profile data breaches.

According to the agency's Internet Crime Complaint Center (IC3), a large volume of emails are being reported where the sender claims to have used data from recent breaches at LinkedIn, Tumblr, and Myspace to access the recipient's email, social media, and other accounts.

The sender then threatens to spill the beans on all the recipient's dirty little secrets unless Bitcoin are sent to them. Typically this ranges from between $250 and $1,200 of the online currency, with a very short deadline for payment.

"We have some bad news and good news for you," reads one email.

"First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address."

Other emails threaten the recipient with divorce proceedings, social shame, or informing their friends and family of embarrassing snippets via Facebook. With each new high-profile data breach, more of these emails get spammed out, the FBI warns.

In actual fact, the chances of there being any repercussions are vanishingly small. Given the volume of emails, and the amount of work it would take to manually go through a target's email account to find blackmail material, it's almost certain that there would be no repercussions for non-payment.

"If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at www.ic3.gov," the agency stated.

"Please include the keyword 'Extortion E-mail Scheme' in your complaint, and provide any relevant information in your complaint, including the extortion e-mail with header information and Bitcoin address if available." ®

The Register - Independent news and views for the tech community. Part of Situation Publishing