Extortion phishing email spoofs CIA; demands Bitcoin payment

Posted by Akankasha Dewan on 19 March 2019 16:59:22 AEDT

Extortion phishing scams have been on the rise lately, often preying on a mix of humiliation and embarrassment to trick recipients. MailGuard intercepted a particularly large run of such a scam around midday (AEDT) on Sunday, the 17th of March.

Purporting to be from a ‘technical officer’ working in the Central Intelligence Agency (CIA), the email actually comes from one of a large number of new domains set up for the purpose of running the scam.

The body of the email contains a long message advising the recipient that their personal details (including their home and work address) are currently on file under a case regarding the "Distribution and storage of pornographic electronic materials involving underage children."

The email advises the recipient that the case is part of a large international operation to arrest individuals suspected of paedophilia. It claims that the data used to acquire their personal information for the case includes recipients’ web browsing history, chat-room logs and social media activity logs, among others. It adds the first arrests regarding the case are scheduled for April 8, 2019.

The message then details why the particular recipient is being contacted and also provides a way to avoid any prosecution. For a payment of $10,000 USD made via Bitcoin, the sender promises to remove the recipient’s details from the case.

Here are a few screenshots of the email:

CIA scam - first

CIA scam 2 - second


Cybercriminals behind this attack have used several techniques to boost the legitimacy of the email scam. Not only have they included CIA’s logo in the email signature but have also taken care to craft a grammatically sound and well-formatted email.

Scammers are attempting to blackmail me! Now what?

It is key to remember that these scams are all fake, and cybercriminals are likely to be supplying you with false information and/or threats. By tapping into your fears and paranoia, they are tricking you into supplying them with Bitcoin currency.

MailGuard urges the public to not panic and refrain from making any payments. Recipients should report suspicious activities that could threaten public safety.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all