Fraud watchdog says mass extortion emails containing allegedly hacked images and videos are a 'fictitious threat'

A new mass extortion email campaign threatens to expose sensitive images and videos of Australians, the National Anti-Scam Center warns.

The regulator has received hundreds of reports in recent weeks about scammers claiming to have hacked ordinary people's computers or webcams.

The National Anti-Scam Centre, which is overseen by the Australian Competition and Consumer Commission (ACCC), has sent out an alert to inform the public that there is no evidence that those behind the emails had access to the emails a victim's computer or webcam.

Here's what we know about how this scam works.

It's extortion and a crime, says ACCC

The way this scam works, according to the regulator, is that criminals send emails blackmailing their victims, claiming to have compromising material from them, which will be released if they do not receive an amount of cryptocurrency is paid out to a specific address.

These emails often contain personal information such as dates of birth and addresses that are intended to intimidate recipients into sending money, according to the National Anti-Scam Center.

The personal information in the email was likely discovered through previous data breaches.

“The fictitious threats in these emails, combined with the provision of people's personal information, are intended to frighten the reader. It is extortion and it is a crime,” Ms Lowe said.

Ms Lowe said people receiving these emails should ignore them and be aware that it could be a large-scale campaign given the number of reports the center has received about this scam.

“The National Anti-Scam Center is working with partner organizations, including law enforcement and IDCare, to stop this scam and ensure victims have access to support,” she said.

The scam has “exploded” over the past week.

Kathy Sundstrom, national public relations and engagement manager at IDCare, said sextortion phishing emails are nothing new.

“We have had a consistent number of reports since the beginning of the year. However, in May we saw a spike in reports, which then, to quote one of our analysts, 'exploded' last week,” she said.

Between January and April this year, IDCare received approximately 50 reported cases of this type of fraud each month.

In May, that number rose to around 200 before declining before this latest spike.

In almost 50 percent of the cases, the victims were between 18 and 34 years old.

“We also noticed a change in methodology. Initially it was an email with your name and password to scare people and make them believe they had actually accessed their devices,” she said.

“Now they not only give your password, but also include details such as your name, address, suburb, date of birth and phone number in the email to make the threat seem more realistic.”

Last year, Australians reported about $2.7 billion in losses due to fraud, prompting calls for more protection for consumers

In September, the federal government proposed new laws that would place greater responsibility on banks and other companies in protecting consumers from fraud.

Load…

Ms Sundstrom said the government tackling the problem of fraud through legislation would encourage companies to take measures before they are even introduced.

“When it comes to the fraud code, we have seen such a surge before it was rolled out across all organizations to improve the way they store our information, the way they protect us and our online accounts, and the way they protect our Protect information,” she said.

The difficulty with legislation, she explained, is that it often takes time to be formalized and during that time criminals often move on to their next activity.

“So they're constantly evolving their tactics and we're always kind of playing catch-up as we try to put measures in place to prevent this from happening,” she said.

What should I do if I receive such an email?

Nigel Phair, professor of cybersecurity at Monash University, said the best course of action if you receive an email out of the blue asking for money or cryptocurrency is to delete it.

“Don’t pursue it any further, [and] Under no circumstances should you contact the people who sent the email,” he said.

The number of public data breaches in recent years, Professor Phair said, meant there was a likelihood that scams would only increase over time.

“We've had some major data breaches where the criminals have obtained a whole lot of information and then matched that information with things like social media profiles,” he said.

“We need a lot more education. We need a lot of people to think before they act when they receive a spam email, SMS, WhatsApp or whatever.”