This week’s scam is a little different from the usual, although it has some of the flavours of our old favourite the sextortion scam. In fact this could be called a “bombtortion” or a “explodortion” scam as it centres around a bomb threat.
This threat-mail is a sign that the fraudsters are spreading their wings into territory new. They have sucked the life out of sextortion, so what is next on their “scare the email recipient to death” agenda? Bomb threats, that’s what.
A number of similar threats have been doing the rounds for a few months. The tweet below from a police department in the U.S., warns local businesses about a similar scam.
Our scam this week shows this threat has not gone away – if anything, it’s escalated – here is what it looks like.
The Pipe Bomb Scam Email
The spoof email uses emotional triggers to try and fool the recipient into paying a ransom. The trigger is the threat that several bombs, targeted at children, will be detonated unless the recipient pays $10,000 in bitcoin.
The email gives a crypto-wallet address to transfer the bitcoin into. The email also warns the recipient that the fraudster has control of the company servers; the threat being that the fraudster will be able to see any forwarding of the email or other communications.
The victim is given only a few hours to pay-up or take the risk of killing children; a hard pill to swallow. Do you really want to be the person who called the scammers bluff and it then turned out to be true!
This line of thinking, is, of course, what the fraudsters rely on.
You may be thinking, who would fall for this, it is clearly a fraudulent email? Well, in 2018, many organisations, including schools and the company that created “Call of Duty”, Infinity Ward, evacuated their buildings when they received a similar email. Even if they did not pay the ransom, they had to deal with a fair amount of disruption.
Emails like this show that cybercriminals will stop at nothing to extract your hard-earned cash.
UK Government offers advice on what to do if you receive a bomb threat. This is their advice for email-borne threats:
- do not reply to, forward or delete the message
- note the sender’s email address or username/user ID for social media applications
- preserve all web log files for your organisation to help the police investigation (as a guide, 7 days prior to the threat message and 48 hours after)
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The Pipe Bomb Threat Scam
An email which is threatening to explode a bomb within a school and/or on public transport is being sent out by fraudsters. This email is unlikely to be real. However, if you are concerned about a suspicious email containing a bomb threat, check out the advice from the UK Government on how to deal with bomb threats:
Don’t forget to share this with your colleagues and friends and help them stay safe.