A new online scam in which employees are targeted for blackmail after visiting a Website about the upcoming Summer Olympics in Greece has infotech professionals scrambling to warn their staffs and protect Internet users in their offices, according to the February issue of CSO magazine, a publication for IT security officers.
Writing anonymously, a chief security officer for a North American company spins a tale of woe in which at least 15 employees received emails inviting them to visit the Website. While they were at the site, which employees reported loaded slowly but did provide information about Greece and the Olympics, files containing child pornography surreptitiously were downloaded to their local hard drives. Two days later, the employees received a second email demanding a $50 payment by credit card. If the payment was not made, the email stated, their employers would be notified that not only had the employees been surfing porn sites at work, but they also were downloading kiddie porn. The email told the employees how to find the evidence on their computers, and sure enough, when they examined the directory, they found what one employee called "the most disgusting pictures."
"That's when I learned about the paranoid users," the anonymous CSO author wrote. "Some knew it was a scam, but some were truly afraid of losing their job. A few confessed to visiting porn sites on their computer at home and thought this was related. Three employees responded to the threat by divulging credit card numbers and now have problems with charges on their card."
The security staff at the author's company made copies of the evidence, traced the offending file transfers and email to an IP address in Bulgaria, and forwarded everything to the Federal Bureau of Investigation. Although it was a harrowing experience for the employees involved, it wasn't the first time - nor will it be the last, probably - that the company was targeted for extortion. The anonymous author said online scams crop up at his workplace about 10 times a year.
For the complete CSO article, click here.
