The Internet Crime Complaint Center has warned of extortionschemes connected to recent high-profile data thefts. In theseschemes, fraudsters use the breach news to scare individuals intoclicking a malicious link or paying a ransom.

Ransomware has surfaced as a major online security threat tobusinesses and individuals. While companies and other organizationsare the primary targets, the IC3 said it continues to receivereports from individuals seeing extortion attempts via email.

The recipients are told that compromising images or personalinformation, such as names, phone numbers, addresses, credit cardinformation and other personal details, will be released to therecipient's social media contacts, family and friends if a ransomis not paid. Recipients receive instructions to pay in bitcoinwithin a short timeframe. The ransom amount ranges from about $250to $1,200.

The IC3 offered the following sample excerpts from the extortionemails:

• “Unfortunately your data was leaked in a recent corporate hackand I now have your information. I have also used your user profileto find your social media accounts. Using this I can now messageall of your friends and family members.”
• “If you would like to prevent me from sharing this informationwith your friends and family members (and perhaps even youremployers too) then you need to send the specified bitcoin paymentto the following address.”
• “If you think this amount is too high, consider how expensive adivorce lawyer is. If you are already divorced then I suggest youthink about how this information may impact any ongoing courtproceedings. If you are no longer in a committed relationship thenthink about how this information may affect your social standingamongst family and friends.”
• “We have access to your Facebook page as well. If you wouldlike to prevent me from sharing this dirt with all of your friends,family members and spouse, then you need to send exactly fivebitcoin to the following address.”
• “We have some bad news and good news for you. First, the badnews, we have prepared a letter to be mailed to the followingaddress that details all of your activities including your profileinformation, your login activity and credit card transactions. Nowfor the good news, you can easily stop this letter from beingmailed by sending two bitcoins to the following address.”

The IC3 gave consumers the following tips to avoid becoming avictim:

1. Do not open emails or attachments from unknown individuals.Fraudsters quickly use the news release of a high-profile databreach to initiate an extortion campaign.

2. Monitor bank account statements regularly, as well ascredit reports at least once a year for any fraudulent activity.Those who believe they are scam victims should reach out to theirlocal FBI field office and file a complaint with the IC3 atic3.gov. 3. Do not communicate with the subject. The FBI suspectsmultiple individuals are involved in these extortion campaigns. TheFBI does not condone the payment of extortion demands, as the fundsfacilitate continued criminal activity. 4. Do not store sensitive or embarrassing photos online oron mobile devices. They could end up as a part of the ransomdemand. 5. Use strong passwords and do not use the same passwordfor multiple websites. According to the Los Gatos, Calif.-basedcybersecurity firm SplashData, the most commonly used passwords are“123456” and “password.” 6. Never provide personal information of any kind viaemail. Question any emails requesting personal information. Inaddition, when providing personally identifiable information,credit card information or other sensitive information on awebsite, ensure the transmission is secure by verifying the URLprefix. 7. Set security settings for social media accounts at thehighest protection levels. Even Facebook CEO Mark Zuckerberg'sTwitter and Pinterest accounts faced a compromise, likely becauseof a huge LinkedIn password hack.

Join us at Credit Union Times' Fraud:Don't Let It Happen To Your Credit Union Conference, where youwill find the latest tools and techniques for preventing fraud anddata breaches; strategies for responding in the immediate aftermathand best practices for restoring reputation, financial stabilityand information security. This two-day conference is designed forcredit union executives, boards of directors and those responsiblefor your credit union's cybersecurity policy. Registerto attend and save $150.