Cyber blackmail artists are shaking down office workers, threatening to delete computer files or install pornographic images on their work PCs unless they pay a ransom, police and security experts said.
The extortion scam, which is believed to have surfaced one year ago, indiscriminately targets anyone on the corporate ladder with a PC connected to the Internet.
It usually starts with a threatening e-mail in which the author claims to have the power to take over a worker’s computer through an exploit in the corporate network, experts said.
The e-mail typically contains a demand that unless a small fee is paid -- at first no more than $20 or $30 -- they will attack the PC with a file-wiping programme or download onto the machine images of child pornography.
“They prey on the nice secretary who wouldn’t do anything wrong. When she gets one of these e-mails she thinks 'Oh, my goodness what am I going to do?’ So she puts it on her credit card and transfers the funds to the (suspect’s online bank) account and hopes it goes away,” a British detective specialising in cyber-crime told Reuters.
The officer advised against cooperating with the fraudsters. “If a person pays up, say it’s just 20 euros, then they have identified a soft target. They may come back for more, next time demanding more money.”
Hard crime to crack
In the annals of cyber-crime, investigators acknowledge the racket is one of the most difficult to crack. Because the ransom is small, people tend to pay up and keep quiet.
Police said the number of cases is tailing off but because it so often goes unreported, there is little evidence the crime is actually in decline.
According to Finnish computer security firm, F-Secure, a large Scandinavian university was hit earlier this month.
Several university officials received an e-mail from a fraudster who appeared to be based in Estonia, said F-Secure research manager Mikko Hypponen.
The e-mail said several security vulnerabilities had been detected on the university’s network and that unless the e-mail recipient transferred 20 euros ($25) to the author’s online bank account, he would release a series of viruses capable of deleting a host of computer files.
Hypponen said he advised the university to take the necessary precautions, alert police and not pay. “A lot of these cases are simply bluffing. But I’m sure there are both bluffs and actual cases,” said Hypponen.
Police say crime gangs have turned cyber extortion into a tidy business of late.
A preferred tool is the crude, but effective denial-of-service attack on a company’s network, capable of crippling it with an overwhelming flood of data.
There are scores of cases of companies -- particularly small and medium-sized firms -- receiving extortion threats that demand the victim transfer money to the fraudster’s bank account or the attacks will grow in severity, police said.
Fraudsters also send out streams of menacing e-mails with hollow threats of cyber sabotage. The scam works even if only a handful of the countless recipients follow through and pay up.
“It’s getting simpler,” said Hypponen. “If you wanted to extort money from a small company you would have had to hack them and convince them you have stolen their information. Here, you don’t have to do anything but send an e-mail around.”