The scam, which is believed to have surfaced about a year ago, indiscriminately targets any office worker with a PC connected to the Internet, according to a Reuters news report. It usually starts with a threatening e-mail in which the author claims to be able to attack the victim’s computer through a hole in the company’s network.
The cyber threat typically then demands that unless a small fee is paid – at first no more than $20 or $30 – the bad guys will attack the PC with a file-wiping program or download onto the machine images of child pornography.
“They prey on the nice secretary who wouldn’t do anything wrong. When she gets one of these e-mails she thinks ‘Oh, my goodness what am I going to do?’ So she puts it on her credit card and transfers the funds to the (suspect’s online bank) account and hopes it goes away,” a British detective specializing in cyber-crime told Reuters.
The officer advised against cooperating with the crooks. “If a person pays up, say it’s just 20 euros, then they have identified a soft target. They may come back for more, next time demanding more money.”
Police said the number of cases is tailing off. However, because it so often goes unreported, there is little evidence the crime is actually in decline.
According to Finnish computer security firm, F-Secure, a large Scandinavian university was hit earlier this month. Several university officials received an e-mail from a fraudster who appeared to be based in Estonia, said F-Secure research manager Mikko Hypponen.
There are scores of cases of companies — particularly small and medium-sized firms – receiving extortion threats that demand the victim transfer money to the fraudster’s bank account or the attacks will grow in severity, police said. Fraudsters also send out streams of menacing e-mails with hollow threats of cyber sabotage.
“It’s getting simpler,” said Hypponen. “If you wanted to extort money from a small company you would have had to hack them and convince them you have stolen their information. Here, you don’t have to do anything but send an e-mail around.”