The latest version of these horrific porn related Sextortion, blackmail scams has changed slightly and pretends to be a message from a CIA employee who is part of the task force on paedophilia. There are multiple different senders and all the case numbers are different in each example received.
It states you are on the list to be investigated and are about to be arrested on 8th April 2019. However if you pay her $10,000 by bitcoin, before 27th March 2019, she will remove all your details from the database.
Of course this is a total fabrication. And just yet another slightly more inventive version of the Sextortion, blackmail scams we have been seeing for ages. All the attachments to the email just contain different copies of the CIA logo displayed at the bottom of the email
Every email that I have seen or been told about has a different individual bitcoin address. Whereas several emails have come from the same address.
Just ignore it & delete it.
From: Carlyn Blaine <firstname.lastname@example.org>
Date: Sun 17/03/2019 22:27
Subject: Central Intelligence Agency – Case #82956431
Distribution and storage of pornographic electronic materials involving underage children.
My name is Carlyn Blaine and I am a technical collection officer working for Central Intelligence Agency.
It has come to my attention that your personal details including your email address (email@example.com) are listed in case #82956431.
The following details are listed in the document’s attachment:
• Your personal details,
• Home address,
• Work address,
• List of relatives and their contact information.
Case #82956431 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.
The data which could be used to acquire your personal information:
• Your ISP web browsing history,
• DNS queries history and connection logs,
• Deep web .onion browsing and/or connection sharing,
• Online chat-room logs,
• Social media activity log.
The first arrests are scheduled for April 8, 2019.
Why am I contacting you ?
I read the documentation and I know you are a wealthy person who may be concerned about reputation.
I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition.
Transfer exactly $10,000 USD (ten thousand dollars – about 2.5 BTC) through Bitcoin network to this special bitcoin address:
You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files).
Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you.
Please do not contact me. I will contact you and confirm only when I see the valid transfer.
Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency
Some of the other email that I have seen include:
Other Bitcoin addresses in the emails include:
These all come from a range of IP addresses on OVH
|18.104.22.168||mx.wpho.cia-gov-int.tk||Roubaix||Nord-Pas-de-Calais||FR||AS16276 OVH SAS|
What to do when you receive a Blackmail, Sextortion Scam email
If you do receive any email like this, Don’t panic, Do not respond to it, contact the appropriate police /fraud authority in your country, follow the advice on their site to report this crime and then delete the email from your computer.
- In UK use Action Fraud
- If you are in USA then use the FBI IC3 report site.
- In Australia use ScamWatch
- Anywhere in EU see https://www.europol.europa.eu/report-a-crime/report-cybercrime-online for country contacts
- In Switzerland use https://stop-sextortion.ch/en/index.html
- Most other countries worldwide will have a similar method of reporting these sextortion, blackmail, scam attempts.
- You can also report the bitcoin wallet number to the Bitcoin abuse system. This list is used by law enforcement and researchers to monitor transactions and hopefully catch the criminals when they slip up & spend the money or move the money to a bank account etc.
From a very quick domain search it looks like all these domains have had numerous subdomains and then email addresses on the subdomains created and used in this scam, There are probably other variations of these free domains that I haven’t yet found.