Scammers are still posing as CIA employees and telling victims that they’re about to be arrested for their involvement in an international pedophile ring, according to the Register. The scammers offer to erase the recipient from the case in exchange for $10,000 in Bitcoin.
The emails are sent from an address ending in Mali’s top-level domain (.ml), probably in an attempt to spoof “.mil,” although “.mil” would still be inaccurate for a CIA email address. Dot mil is used by the US Department of Defense, and the CIA is not a Defense agency.
Researchers at Kaspersky who observed the emails note that while most people would dismiss these emails immediately, the scammers send out so many emails that some recipients will inevitably fall for them.
“Such messages are sent to thousands or even millions of people in the hope that just a handful will swallow the bait,” said Kaspersky senior anti-spam analyst Tatyana Scherbakova. “Given the size of the ransom, if even a few victims pay up, it will have been worth the cybercriminals’ time and effort.”
The Register says that recipients of these messages “should keep in mind that the CIA and its agents (even the corrupt ones) would not make any such demand over unsolicited email, and the message should be deleted without a second thought.”
Employees need to be taught that such outlandish claims in emails should immediately tip them off to a phishing attempt. New-school security awareness training can help your employees stay calm in the face of attackers’ attempts to frighten them.
The Register has the story: https://www.theregister.co.uk/2019/06/10/kaspersky_cia_sextortion/