Sextortion Email Poses as CIA, FBI

A common tactic in any scam is to confuse, scare, and disorient the victim so they’re more inclined to do whatever the scammer wants. Scammers often pose as legitimate authorities declaring that their victim is in deep trouble with the law - but can get out of it for a fee. The scammer banks on the victim’s fear of imprisonment and desire to protect their reputations in order to coerce compliance.

One of the more bizarre versions of this scam is the CIA porn extortion scam. The scammer, posing as an agent of the CIA, contacts the victim (typically via email, though browser pop-up windows or webpage redirects are also used) and claims that the CIA has found evidence of child pornography on the victim’s computer. These messages often include additional information to appear more authentic, such as the “agent’s” name, job title, a phony case number, and legal and/or technical jargon associated with the supposed investigation.

After presenting their “case,” the scammer will then offer to expunge the “incriminating evidence” from the case logs in exchange for a payment - usually via Bitcoin or wire transfer in amounts ranging from hundreds to thousands of dollars. These offers often come with a time limit to further scare the victim into action.

The latest strain of this scam has been employing password-protected PDF attachments which include instructions for payment. In attempts to appear more authentic, the PDFs will contain agency emblems and formatting that may match official government correspondence. The password to open the document is included in the body of the email. As always, Nodal does NOT recommend opening attachments from unverified sources; this could expose your system to further attacks by bad actors and malignant software.

If you receive an email purporting to be from the CIA, stay calm and think things through; panic and rash actions are exactly what the scammers are hoping for. Bear in mind:

  • The CIA or any other government agency is extremely unlikely to be investigating your day-to-day online behavior.

  • If you were under investigation, the agency would not contact you via personal email.

  • A legitimate agent requesting a legal payment would not require the use of Bitcoin or wire transfer services.

  • A corrupt agent undermining an investigation for profit would not give their name and job title.

  • Official government correspondence would not contain multiple spelling and grammatical errors.

Nodal’s recommendation on receiving this sort of email is to mark it as spam and delete it. Spreading the word to family, friends, and co-workers (perhaps by directing them to this blog post!) can raise awareness and help contain these scams.

For more information on this type of scam, including the contents of the most recent emails and PDF attachments, check out BleepingComputer’s coverage on the topic here. If you have any questions about online security and best practices, feel free to reach out to Nodal!