Cartel Extortion Text & Call Campaigns

Extortion text sent this week

A user got an unwelcome call and set of extortion texts yesterday that I had never seen anything of it’s kind before. The above text is part of a chain, which I will upload here (beware, images of violence/death follow) to show just how shocking and scary these can be. I just want to let the rest of the community know about this vector of attack and to be ready in case they get the same thing happening to their user bases.

This user not only had texts and images of threats come through, but, the user also stated that the incident started with a phone call that they did not answer. While the actor did not attempt to leave a message or call back, they then switched over to the messaging. The cell phone number used was a legit one, but, had been passed around, as cell numbers do. Tracking it down further would take a warrant it seems, but, a bit of digging on my part gave the user a sense of relief that this was just a rando looking tor a payday, albeit, one by threatening the lives of family and friends.

In this specific case, the hook was that the actor was claiming that the target had been harassing sex workers and wasting their time? The language is poor, but this seems to be the gist. While the actor went all in, and had done OSINT on the user’s name (probably linked via phone or social media connections) they failed to really profile the user’s family enough to know who was already deceased and who was not, etc. Though, this was still enough to get a worried reaction from the user, and escalation to me to investigate.

The coup de gras…

The images then sent, were the moment of fight or flight really. I have reverse engined the images and they come from the Congo. These images are of the gangland type slayings there, and man, when you reverse search images like these, you really get a sense of just how fucked up the internet is. The analogous images out there are ALL OVER and you can access them easily. No wonder why our children are so desensitized to things huh?

After contacting the user and having them block the number, I then took a look at the net for other like campaigns, and variations have been ongoing for over a year. The worst of them seems to be when the actor has enough intel to involve the “kidnapping” scheme. In this one, they claim to have kidnapped the targets child or children, which I am sure sends the target into a higher panic.

The FBI has put out some guidance on these but, I wanted to post the gist right here for you…

To avoid becoming a victim of this extortion scheme, look for the following possible indicators:

  • Calls are usually made from an outside area code.
  • May involve multiple phone calls.
  • Calls do not come from the kidnapped victim’s phone.
  • Callers go to great lengths to keep you on the phone.
  • Callers prevent you from calling or locating the “kidnapped” victim.
  • Ransom money is only accepted via wire transfer service.

If you receive a phone call from someone who demands payment of a ransom for a kidnapped victim, the following should be considered:

  • Stay calm.
  • Try to slow the situation down.
  • Avoid sharing information about you or your family during the call.
  • Request to speak to the victim directly. Ask, “How do I know my loved one is ok?”
  • Request the kidnapped victim call back from his/her cell phone
  • Listen carefully to the voice of the kidnapped victim if they speak, and ask questions only they would know.
  • If they don’t let you speak to the victim, ask them to describe the victim or describe the vehicle they drive, if applicable.
  • While staying on the line with alleged kidnappers, try to call the alleged kidnap victim from another phone.
  • Attempt to text or contact the victim via social media.
  • Attempt to physically locate the victim.
  • To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to get things moving.
  • Don’t directly challenge or argue with the caller. Keep your voice low and steady.

The above is a reaction to a Salt Lake City incident, but, it works for all of these kinds of attacks. If you get wind of one of these, you can connect with your local FBI office to report it.

Heads on a swivel, people.


