[Scam of The Week] New 'US State Police' Phishing Extortion Scam Includes Contact Numbers


Our friend Larry Abrams at Bleeping computer warned: "A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if you send them $2,000 in Bitcoins. Pretending to be from a state police detective is a new twist, but what really stands out is that they also include a contact phone number that can be used to call the scammer.

We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient's computer and taped them doing things while on adult sites. Since then, we have seen further extortion scams that pretend to be the CIAbomb threats, threats to ruin a website's reputation, and even from hitmen asking you to pay them to call off a hit.

In this new campaign, extortionists are pretending to be state police detectives for different states in the U.S.A. where they state that the email recipient has been involved in child pornography. As they retiring, they are offering to delete the evidence if the recipient sends them $2,000 in bitcoin.

Users have reported receiving these phishing emails from "states" such as California, Georgia, Florida, Minnesota, New York, and Tennessee.  Below is an example of this scam pretending to be from the Tennessee State Police that was shared with BleepingComputer by Reddit user Talory09.

Do not ignore this important warning!

I work in Tennessee State Police. Bureau of Criminal Investigation, detective branch Crime Prevention with child abuse. The Tennessee State Police Mission is to serve, protect, and defend the people while preserving the rights and dignity of all. A priority in our mission is to prevent crime and enforce the law. The Tennessee State Police had a responsibility to protect people and property, to prevent and detect crime and other violations of law, pursue criminal investigations, and arrest criminals.

You Uploaded video child-porno to websites with IP address, Chattanooga, and share to Peer-to-peer (P2P) networks.

This file sharing among child pornography users. These networks permit closed groups to trade images. May be Your device has suspicious programs. Viruses that do illegal activity. But this device is yours, IP address registered as yours and its not possible to prove that you didnt this.

Why I write? I retire in next month and want to earn some money for self.

My next steps.

I sending the materials to The Tennessee Crime Laboratory. You receive invites to our office in Chattanooga. You Pay money Criminal Defense Lawyers or Law Firm. Federal laws addressing child pornography are: 18 U.S.C. 2251 Sexual exploitation of children. (Any individual who violates, or attempts or conspires to violate, this section shall be fined under this title and imprisoned not less than 15 years nor more than 30 years.) Or maybe you want to give me money and these materials be lost. I want to earn some money for self. And give you freedom.

Pay me to Bitcoin wallet. This is anonymous money I want 2000$.

Send transfer to my wallet. 17isAHrP2cZSY8vpJrTs8g4MHc1FDXvAMu

My temporary phone to contact +14318006744.

After receiving payments, I delete All materials.

If You don't pay me, I sending materials to The Tennessee Crime Laboratory.

Includes a contact phone number

What makes this extortion scam so unusual is that it also includes a phone number that can be used to contact the scammer. 

The included number of +14318006744 is the same in all of the emails associated with this particular extortion campaign that have been shared with BleepingComputer. When they called the number, they were greeted by a female voice stating that they were not available, to leave a message, and that they would call you back when they are open. You can listen to the greeting below: https://soundcloud.com/user-258390226/extortion-scam-number

Phishing Attack Correctly matches recipients with their State

Three of recipients of this scam have told BleepingComputer that the state mentioned in the email matches their state of residence. The attackers are probably using a data breach dump that contains both email addresses and home addresses so that they can match up the right state in the email. This is just another tactic to make the emails more convincing, and get people trapped with this  "fake-tortion". Based on language analysis this scam probably originates from Ukraine or Russia.

I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:

"There is a new, sophisticated email scam you need to watch out for. Bad guys claim to be "state police" and then follow up with fake pornography extortion threats. 


If this type of scam email makes it through the spam filters into your inbox, do not click on any links, do not reply, and delete the message (or click on the Phish Alert button). Please follow procedure to report these types of criminal emails.  Remember: Think Before You Click." It is more important than ever these days."

If you are a KnowBe4 customer, inoculate your users against this. In your console, go to Go to: Phishing->Email Templates->System Templates->Controversial->Title is "I just want to help you be more cautious." You will see a ready-made, 4-star rated template.  You can get a campaign out to all users in less than 2 minutes.

Let's stay safe out there.

Warm regards,
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.


What is your actual social engineering attack surface? 

We have something super cool for everyone, customers and non-customers both, and there is no cost.

Many of the emails addresses and identities of your organization are exposed on the Internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization.

Our NEW Email Exposure Check Pro goes even further to identify the at-risk users in your organization by crawling business social media information and scouring hundreds of breach databases. This is done in two stages:

First Stage: Does deep web searches to find any publicly available organizational data. This will show you what your organizational structure looks like to an attacker, which they can use to craft targeted spear phishing attacks.

Second Stage: Finds any users that have had their account information exposed in any of several hundred breaches, using Have I Been Pwned. These users are particularly at-risk because an attacker knows more about that user, up to and including their actual passwords!

Your EEC Pro Reports: We will email you back a summary report PDF of the number of exposed emails, identities and risk levels found. You will also get a link to the full detailed report of actual users found, including breach name and if a password was exposed.

This is so important that even if you already ran your one-time no-charge legacy EEC, you are eligible to try the new Pro version. Run your complimentary one-time Email Exposure Check Pro here. Results come back in a few minutes:

Get Your Free Report

PS: Don't like to click on redirected buttons? Copy/Paste this in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews