Army CID issues warning on Internet extortion, blackmail

The information given up on social media and dating sites, as well as through data breaches, can be used against you.

In what amounts to solid advice on any day of the year, the Army Criminal Investigation Command, known as CID, is warning those in the Army community to be alert to the possibility of Internet extortion and blackmail, and to report any case where service members, their families or Army civilians are coerced into making payments by threats or other means.

CID noted that people can unwittingly divulge personal information on social media, dating websites and other platforms, and that information can then be used against them.

"In many instances, the situation begins when an unknowing victim is befriended by someone on the Internet, often as part of an online dating or social media site," Daniel Andrews, director of CID's Computer Crime Investigative Unit, said in a release. "The scammer quickly builds a friendship and trust with the victim, and will begin to ask for or discuss information or photos that could be hurtful to one's personal or professional life if revealed. Because the victim does not realize they are being scammed, they see the requests or discussion as a normal part of the developing friendship and are willing to share the information." After that come threats to release the information if payments mare not made.

In addition to that kind of social engineering, personal information also can be taken via hacks. Identity Theft Resource Center, CID said, reports that 591 data breaches have taken place through September this year, with more than 175 million records compromised. The highest profile of those breaches was the hack of Office of Personnel Management databases, in which detailed information on more than 20 million current and former federal employees and contracts was taken, reportedly by Chinese hackers.

However information is obtained, online blackmail and extortion are common. The FBI's Internet Crime Complaint Center’s report for 2014 said that more than $16 million dollars was extorted from victims that year alone. "Following a data breach, these scammers, these criminals, may try to extort money from individuals who have a personal, financial, or medical condition they would not want exposed," Andrews said.

The best defense is to be cautious about giving up information—being wary of spam, phishing emails, and unsolicited promises of identity theft protection or credit repair services, CID said. (The OPM hack, for example, was followed by a phishing scam in which phony emails pretended to be official notifications to the victims.)

But if you find yourself targeted by what you suspect is an extortion attempt, CID recommends these steps:

• If the safety or wellbeing of someone is in imminent danger, contact local law enforcement immediately.

• Do not reply to the email, click on any links, or open any attachments.

• Report the email to the Internet Crime Complaint Center at www.ic3.gov.

• File a complaint with the Federal Trade Commission at www.ftccomplaintassistant.gov.

• Report the email to your email and Internet service provider.

• Move the email to your spam folder.

• If contacted through social media, report the contact to the social media provider

"Extortion is a touchy subject, because it often deals with intimate or very personal information,” Andrews said. “Army personnel, however, need to be upfront and report it, and they should not pay any money if they are being extorted."