Offensive Security

Bomb Threat – A new wave of blackmail mails is in circulation!

Bomb Threat – A new wave of blackmail mails is in circulation!

Already in the past we had to report about blackmail mails that are currently in circulation. A new and very current campaign is a blackmail email that claims that without the ransom money a bomb will explode.

Bomb threat – This is what the message looks like

Criminals try again and again to reach different persons or companies with blackmail emails in order to get the ransom money. In the current campaign, primarily companies are addressed, since the content is about attacking a commercial building with a bomb. 20000€ should be transferred within 80 hours, so that the bomb will not explode.

As with almost all email blackmailing, Bitcoin is demanded as a means of payment. By this crypto-currency it is possible for the criminals to remain unrecognized, without the need to use a bank account with an associated name.

On a well-known web page which informs about current fraud scams we can find the blackmail mail, which we show in the following:

blackmailmail
3 days time is given to the victims to transfer the money. This kind of time pressure is common for blackmail mails.

This blackmail mail shows many familiar patterns, which we have already had to report in the past. A good example is the scam in which victims are called by an alleged Microsoft employee. A common feature between the fraud scam described here and the call fraud scam is that in both cases time pressure is applied.

In general pressure is a component that occurs in almost every blackmail mail, so that the victims do not have much time to think logically about the written content.

Handling of such blackmail mails

If you or other employees in your company have received this mail or a comparable blackmail mail, you should not simply delete it. The police advises you not to comply with the demands under any circumstances! Instead, all evidence, e.g. emails, should be stored on a USB stick and handed in at the next police station with a report against unknown persons.

The threats of the criminals are not without consequences, so the police tries to catch the criminals as soon as possible. The more evidence can be collected from different companies, the more likely it is to find a mistake the criminal has made in a case.

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.