Do not panic if you receive an email threatening to cause you and others physical harm. Sent by cybercriminals, it is part of an extortion phishing scam that is currently infiltrating inboxes worldwide.
MailGuard understands these emails began circulating on the 12th of December and were reported by multiple news agencies within the United States. While the format and basic features of these emails are very similar to extortion phishing scams we have seen before, these emails undertake a much more serious tone, threatening physical assault. Two different variations of the email scam are being sent.
The first variant of this email scam uses several subjects, such as:
Don't try to be a hero
Dont play with me
Rescue service will complicate the situation
Think about how they can help you
Appearing in plain-text format, the body of the email advises the recipient that a explosive device has been placed in their building. Unless payment is made via bitcoin, the bomb will be detonated at close of business. Here is a screenshot of the email:
Adopting a similar format, the second variant of this email scam utilises a different threat to blackmail recipients. In the message body, the recipient is advised that someone has paid the sender of the email to "splash acid in their face" or "empty sourness in your visage." The body of the message goes on to advise that this can be avoided if the recipient makes a payment in Bitcoin to a provided wallet address. If payment is made, the sender will not assault the recipient and will provide information on who has contacted them for their "services". Here is a screenshot of the email:
MailGuard detected that the emails come from a large number of senders, likely a large collection of compromised accounts. The display names used in these emails are random full names.
The Register reported that though it looks to be highly unlikely that any explosives have been planted as mentioned in the email, the messages have nonetheless caused widespread disruption because a few affected firms have token precautionary actions such as evacuations or lockdowns
Scammers are attempting to blackmail me! Now what?
It is key to remember that these scams are all fake, and cybercriminals are likely to be supplying you with false information and/or threats. By tapping into your fears and paranoia, they are tricking you into supplying them with Bitcoin currency.
MailGuard urges the public to not panic and refrain from making any payments. Recipients should report suspicious activities that could threaten public safety.
Defend your inbox
Even the most experienced and savvy email users can have a moment of haste, carelessness or fatigue when their guard is down. Just practising good common sense isn’t enough anymore, because for scammers it’s a numbers game; they know that if they keep sending their scams, sooner or later we will slip up and do something we shouldn’t.
Extortion phishing scams can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to you or someone in your business; take action to protect your inboxes, now.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.