An extortion threat is serious business. Report it

In 2024, the threat of fraud victimization and online extortion has changed dramatically through the criminal use of computers, cryptocurrency exchanges, the arrival of artificial intelligence, and data breaches.

Previously, extortion targets were limited to “deep pocket” targets; people or organization from whom large sums could be demanded. Criminals are now able to attempt extortion on practically anyone. This is what I received!

The first message was received on Sept. 14 as an email to my primary email account. It was a rather nondescript message from a person I do not know using a Gmail address; my name was the subject. I receive messages like this regularly, often in response to columns I write for this and other newspapers.

The only content in the email was a PDF attachment and my cellphone number; no text, no signature. While I constantly advise others not to open attachments or click on links arriving from unknown or suspicious senders, I opened the attachment. (Please note that I use multiple levels of security on my devices.)

The message I received in the PDF was an extortion threat. It noted, very politely and with compliments, that I was “doing embarrassing things” while watching videos and that he/she had evidence collected through malware on my devices. The threat: unless I paid $1,950 in cryptocurrency, the compromising material would be sent to everyone on my contact list. (Note: For the criminal, cryptocurrency is the ideal way to transfer funds anonymously.)

The message also included a Google Maps photo of my street, my street address, Bitcoin routing information, and a QR icon for making payment. I received this message four times from different Gmail addresses. Overall, pretty convincing for some, but in my case, generally worth moving to the trash folder. As an AARP Fraud Watch volunteer coordinator, I saw a great “teachable moment.” If this can happen to me, it can happen to anyone.

So, what should I do? Trash the messages, respond to them, comply with the demands, or something else? The choice for me was simple and followed two paths: alert others, which I am clearly doing, and report the incident.

I filed a number of incident reports, some of which I know would not rate a response and others that would react and possibly take action. Here are the steps taken and recommended to anyone facing a similar situation:

(Write a detailed description of what took place regarding the threat prior to taking the following steps.)

1. File a crime report with local law enforcement. This is attempted extortion, a crime.

2. Go online to the Federal Trade Commission website, ftc.gov, and complete an incident report.

3. Contact your state consumer fraud authority and file a complaint:

Massachusetts: Attorney General’s Office consumer resources, (617) 727-8400; mass.gov/ago/consumer-resources.

New York: Consumer protection, (800) 697-1220; dos.ny.gov/consumer-protection.

Vermont: Consumer Assistance Program, (800) 649-2424; uvm.edu/consumer.

4. File a criminal complaint with the FBI, IC3.gov.

5. File a complaint with company that hosts the email service for the address sending the threat (Google, Xfinity, FairPoint, Yahoo, Spectrum).

So, what allows all of this to happen? The driving power begins with a device such as a computer, tablet, or smartphone that can access the internet.

The information may be fed to the device by artificial intelligence that can collect existing data on virtually everything, and in some cases create fake data. But even lacking high tech support, the necessary data lives in the public domain.

In this situation, all the criminal needed to have was my name and address; with varying degrees of effort, the remaining data can be collected and used.

Regardless of how accurate the details of an extortion threat may be, take the threat seriously, report the crime and tell others. Your actions may be enough to save others from losses and victimization.

Questions/Comments? Email [email protected]