CIA Porn Extortion Scams Now Use Password Protected PDFs

CIA Porn Extortion Scams Now Use Password Protected PDFs

CIA

A new variant of the CIA porn investigation emails are now putting the extortion payment instructions in password protected PDF attachments.

Last month we covered how the CIA exortion scam variant had started to become widely distributed.  These scam emails pretend to be from a CIA technical collection offer who states that your name is part of an investigation into underage pornography. For a fee, though, they would be willing to wipe your information from the case files.

This latest variant is now utilizing password protected PDF attachments and have an email subject of  “[Your email has been verified [Central Intelligence Agency – Case #55662513 – 24-03-2019] Your family counts on your intelligence”. Included in the email is the password for the attached PDF file.

Spam Email
Spam Email

The full text of the spam email is:

Email:

Case #55662513
 
Distribution and storage of pornographic electronic materials involving underage children.
 
My name is Braelynn Mentink and I am a technical collection officer working for Central Intelligence Agency.
 
It has come to my attention that your personal details including your email address (xxx) are listed in case #55662513.
 
The following details are listed in the document’s attachment:
 
• Your personal details,
• Home address,
• Work address,
• List of relatives and their contact information.
 
Case #55662513 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.
 
The data which could be used to acquire your personal information:
 
• Your ISP web browsing history,
• DNS queries history and connection logs,
• Deep web .onion browsing and/or connection sharing,
• Online chat-room logs,
• Social media activity log.
 
The first arrests are scheduled for April 19, 2019.
 
Important! 
Password for PDF file: @pdf-2019
 
Regards,
Braelynn Mentink

If you open the attached PDF, the recipient will be prompted to enter the password from the email.

PDF Password Prompt
PDF Password Prompt

Once the password is entered, the PDF will open and display instructions to send $5,000 USD to the enclosed bitcoin address. Interestingly, the enclosed bitcoin address of bc1qmhrhujr4ncqsep3fttv0n3ntfeatjwxmy48mzp is a newer segwit address rather than the traditional bitcoin addressees we commonly see in these scams.

Payment Instructions
Payment Instructions

It goes without saying that if you receive one of these emails, you should immediately mark it as spam and delete.

It is important to stress that no matter how scary these emails may appear, they are just scams, numerous people have reported receiving them, the CIA is not investigating you, and you should not make any payments to the listed bitcoin addresses.

Just remember, these emails are nothing to worry about.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s