[SingCERT] Advisory on E-mail Extortion Scam

Published on Thursday, 03 January 2019 15:46

Background

SingCERT has received a number of reports of e-mail extortion scams asking victims for money in return for not publicly disclosing “private and confidential” information about the victims. These cases bear similarities in modus operandi to reported  cases in an advisory - https://www.facebook.com/56706929407/posts/10158120541014408/ issued by the Singapore Police Force on 31 December 2018.

Modus Operandi

The scammers would attempt to deceive victims into believing that their computing devices or online accounts have been compromised, and that "private and confidential" information belonging to the victims are in their possession. The scammers would then ask the victims to pay a ransom in order to keep their information private, and threaten to publicly disclose such information if victims do not pay the ransom.

To make the extortion scam more realistic, scammers would harvest victims’ credentials such as their e-mails and associated passwords which could have been leaked earlier. These leaked credentials would be stated in the scammers’  e-mails to the victims to substantiate their claims.

Members of the public are advised not to make any payments if they receive such e-mails.

Measure to Secure your Devices and Accounts:
To prevent unauthorised access to your devices and accounts, SingCERT advises the following:

  • Change your password regularly; use a long and random password/passphrase which contain a mixture of uppercase and lowercase letters, numbers and symbols
  • Do not use personally identifiable information (e.g. your name, birthdate, NRIC) in your passwords
  • Do not use the same password across multiple accounts
  • Enable Two-Factor Authentication, whenever it is available
  • Perform anti-virus scans on all your devices
  • Keep your computers and mobile devices’ security up-to-date and protect them with updated anti-virus software
Members of the public requiring any technical assistance with the above measures can contact SingCERT at singcert@csa.gov.sg

If you suspect that you could be a victim of an extortion scam, you can lodge a police report at any Neighbourhood Police Centre/Post or via the police e-Services website at https://eservices.police.gov.sg/content/policehubhome/homepage/police-report.html. If you require urgent Police assistance, please dial ‘999’.

If you wish to provide any information related to such scams, please call the Police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. To seek scam-related advice, you may call the anti-scam helpline at 1800-722-6688 or go to https://www.scamalert.sg

Resources

For more information on good cyber hygiene practices, visit Gosafeonline's Cyber Tips 4 You:
https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/cyber-tips-4-you

For more information on spam and scam emails:
https://www.scamalert.sg
https://www.getsafeonline.org/protecting-yourself/spam-and-scam-email/