Blackmail and Internet Scams: How to Tell and What to Do
Several members have emailed us recently with illegitimate bills, phishing scams, and even a letter of extortion. We realize that many in our community are not always sure how to tell if something is real and many don’t know the best way to respond to a threat.
In this article we highlight three ways people can try to scam you or your business (extortion, fake bills, and phishing) and what to do if you run into this situation.
Extortion schemes — which try to guilt people into paying off someone claiming to have compromising information — are nothing new but technology has only made it easier for scam artists to pull off due to the abundance of personal information on the internet and the ease of digital communication.
A few members just received the following letter:
My name is Natasha Nixon. I’m PR manager. I was hired by your competitor to write a negative press release about your restaurant using awful photos of the food containing hair and insects allegedly bought in your restaurant! I know this is not true because I visited your restaurant and I’m delighted!
Press release will be published on 500 major news and media portals such as FOX, NBC, CBS, ABC, ASK, Digital Journal, Travel Weekly, The Times and so on. This press release will destroy the reputation of your restaurant!
I don’t want to hurt your restaurant reputation therefore I offer you to have a deal. I’ll refuse to fulfill this order if you compensate me the amount that I’ll lose in case of failure to fulfill order.
If you agree I’ll provide you contact information of the person who ordered to destroy the reputation of your restaurant and I’ll testify against him if necessary so you can report him to the police! I would like to see his face when he will know about it 🙂
If you don’t agree I’ll be forced to fulfill the order because I need to pay bills. You have 2 days to make a decision. If you will not reply I’ll regard it as refusal!
Let me know if you have any questions.
While terrifying at first, it is a classic example of blackmail. It is likely the same email was sent to dozens of restaurants, waiting to see who might respond.
What to do:
It’s best not to respond directly. The best route is to report the incident to the FTC at https://www.ftc.gov/
You can also alert media outlets, and give them a copy of the email.
Finally, we also ask you to alert us at the GGRA so that we may send a notice to our members warning everyone of the scam.
Illegitimate bills will often be disguised as services that your business could have used. For the restaurant industry, these often include name trademarks and search engine listings.
What to do:
A good rule of thumb is if it feels fishy, it probably is. Do a web search for the company that sent you the bill. You will often find other businesses have received the exact same letter and made a post or comment about it. One of our members searched for the billing address for a bill he received and unsurprisingly discovered it was a home address.
If you are unable to determine the legitimacy on your own, call or email the GGRA and we will investigate.
Please note: the Tourism Assessment Form many of our members have asked about is a legitimate form from the California Office of Tourism. More information can be found here.
Phishing is where hackers fool you into giving out your passwords or sensitive information by using tricks such as mentioning a real password you have used before, providing you with accurate information about yourself or your business, or contacting you disguised as someone in your contacts.
If successful, this information can be used to make scams appear more legitimate or to better convince you of the inevitable success of a blackmail attempt.
As for the inclusion of a real password, after years of database breaches from major sites and services like Yahoo, eBay, Sony PlayStation and dozens of other companies, varying amounts of people’s data are floating around the internet, often for sale on the black market. That data is now being melded into traditional phishing scams. The same goes for information about yourself such as where you do your banking, the names of past or present employees, and even personal information. While you may be alarmed that some of this information is publicly available, it is even more important to realize that hackers only have a piece of what they need to pull a full scam on you.
For those who haven’t changed their passwords in years, the ruse could appear more realistic, and the hustle itself may become fine-tuned as the perpetrators weave in fresher bits of stolen user data.
What to do:
Updating your passwords frequently is a good security practice. So is adding two-factor authentication to verify your identity beyond the password, by use of unique codes generated by text, authenticator apps or special USB keys plugged into the computer. If you have a lot of passwords to wrangle, keep track of them in a secure password-manager program.
You can report phishing incidents on the F.B.I.’s Internet Crime Complaint Center site.