New Extortion Phishing Scam Circulating

powersolution, through its membership with the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), has received information related to a new phishing/email threat.

Example of the email crafted by the threat actor
Example of the email crafted by the threat actor

powersolution, along with the NJCCIC, recommends users who receive this and similar extortion threats ignore the email as they have not proven to be a credible threat.

Never click on any links contained within these emails as they may expose your computer and organization to greater risk.

 

Similar to past and present email based scams, this newly released threat is using techniques similar to extortion emails we have seen over the past several years. Threat actors are claiming to have accessed the user’s accounts, passwords, browsing history, and other sensitive information and downloaded a copy of their contacts. Currently, these emails are being sent from email addresses with a domain of ‘covidpapers[.]org’ and contain a link that purportedly provides the user with a report of a sample of the data they collected. This link, if clicked, may lead to a malicious website or the download of malicious software. The email continues to threaten the user with exposure of the data if they are not paid $525 in bitcoin within 34 hours.

The claims in the email are completely baseless and are being used to extort money from their victims. The threat actors have not accessed any accounts nor have any information of the individual that has received the email, other than their email address.