Net users in Oman hit by cyber extortion scam

Scores of email users in the Sultanate have been the target of cyber blackmail conducted by suspected international online criminals using extortion as a tactic to shake down their victims.

In each of the targeted cases, the recipients were asked to cough up the equivalent of $1,900 in bitcoin, or risk ‘compromising material’, purported to have been surreptitiously videotaped by the fraudsters, being sent out to family members, co-workers, and friends.

A well-known Omani specialist in cybercrimes and disaster management confirmed to the Observer that the targeted victims were not few and far between.  Hassan Ali al Ajmi (pictured), who spent the past 18 years studying and combatting cybercrime, said he was contacted by a number of followers seeking his counsel.

“I received a lot of queries from people reaching out via email, Instagram, Snapchat and through my DMs, asking about the email,” the Muscat-based expert said. “It appears that the fraudsters had employed one of three distinct tactics to make the threat look credible to their victims. One: they included a set of private phone numbers in the mail that may not have been made widely public by the user; Second: they included a rarely used email address that the user may have created, say, for exclusively sending out job applications or to register on a specific website; and Third: they included one or more passwords used previously by the victim.”

Aside from these ‘personalised’ references, the mail was essentially a cut-and-paste of a format long used by scammers to target their victims. The fraudster typically claimed to have placed malware on the user’s computer that activated the latter’s webcam and also collected all of the contacts from their Messenger, Facebook, and email accounts.

In each of the mails, recipients were given 24 hours to make the payment, demanded by the cyber extortionist, into a designated alphanumeric bitcoin account.

Al Ajmi said he strongly cautioned the recipients of the extortion email against giving in to the cyber crooks. As for the bits personalised data used in their mail, he said the scammers were likely to have gotten their hands on that info via a range of possibilities: data breaches reported by major data hosting companies in the past, private information collected by various online marketing agencies via cookies and apps and sold onward to other parties, and so on.

Ajmi, citing his long experience in the field, conceded that some users in Oman have fallen prey to cybercrime in past years, but he warned that the fraudsters, having succeeded once in extorting money from their victims, were unlikely to move on.

“At the end of the day, cybersecurity is one’s responsibility. We should be aware of the risks of, for example, downloading apps and material from suspect sites, accessing dubious websites, and so on. The government, represented by the Ministry of Technology and Communications (MTC) and its cybersecurity agencies, is doing its part in safeguarding our cyberspace from all kinds of criminals and hackers. For our part, we need to constantly update ourselves on the risks and take the necessary precautions,” he added.