‘You have been hacked’: SingCert warns of extortion e-mails, received 33 reports in August
Sign up now: Get ST's newsletters delivered to your inbox
SingCert said it has observed multiple variants of extortion e-mails, some of which were sent in languages other than English.
PHOTO ILLUSTRATION: KELVIN CHNG
SINGAPORE – There were 33 reports in August of extortion e-mails sent to people in Singapore, the Republic’s lead cyber security agency said.
The e-mails ask for money, in the form of cryptocurrency, under the threat of circulating potentially embarrassing private videos of victims recorded via their malware-infected devices.
The Singapore Cyber Emergency Response Team (SingCert), a unit of the Cyber Security Agency of Singapore, issued an advisory on Aug 28 warning the public of these extortion e-mails.
SingCert said that it has observed multiple variants of the e-mails.
The Straits Times understands that the extortion e-mails were in English and Malay, and no monetary losses were incurred by the victims.
Those who receive such an extortion e-mail should recognise it is a likely scam and are advised to ignore the threat, SingCert said.
“The claims made in these e-mails are baseless, and the perpetrators have no real compromising information or videos of you. The e-mail is part of an indiscriminate extortion campaign and does not specifically target you,” it added.
“Understand that these baseless claims are designed to intimidate and extort money from you. Do not reply to the e-mail and do not make any payment. Engaging with the perpetrators or yielding to the extortion will encourage them to continue their cyber criminal activities.”
The extortion e-mails often claim that malware has been installed on the recipients’ devices, including computers and smartphones, to record private videos.
Some e-mails also claim that the perpetrator has compromised the recipients’ e-mail accounts and has access to their e-mails and contact lists.
The perpetrators demand a cryptocurrency payment and threaten to send the videos to the recipients’ contacts if payment is not made within a stipulated time.
In some cases, the extortion e-mails appear to be sent from the recipients’ own e-mail address, making the ruse more believable.
In fact, the scammers are using a technique known as e-mail spoofing to manipulate the sender’s address so that it looks as if the e-mail had been sent from a legitimate source.
The e-mails ask for money in the form of cryptocurrency under the threat of circulating potentially embarrassing private videos of victims.
SCREENGRAB: CYBER SECURITY AGENCY OF SINGAPORE
SingCert also pointed out that the extortion e-mails typically contain identical messages sent out en masse using automated tools.
While such e-mails typically end up in the spam or junk folder, some of them may evade e-mail filters.
SingCert advises the public to secure their accounts by putting in place measures such as having a complex passphrase and enabling multi-factor authentication.
Those who receive such extortion e-mails can report them to SingCert ( www.csa.gov.sg/cyber-aid
Correction note: This article has been edited for clarity.
