EXECUTIVE SUMMARY:

This week, two stories arise in which cybercriminals are making unsubstantiated claims of having information in order to pull off extortion schemes with victims who might be afraid to take any chances.

In one of those situations, Joseph Cox from Motherboard reports that hackers claimed to possess compromising videos of victims, and were able to make half a million dollars in ransom money. Victims fell for the bluff because the scammers had sent them an email containing one of their passwords as an “intimidation tactic.” The reality is that those passwords were likely snagged from previous public data breaches like LinkedIn and Anti-Public Combo List.

Cox writes, “Sometimes scammers just need to say they hacked you to pull in the cash.”

British drugstore chain Superdrug has found itself in a similar predicament, though reportedly has not paid. Tuesday it warned customers to change their account passwords after a cyber-extortion attempt, Reuters reports.

A hacker contacted the company, claiming to have the personal information of 20,000 Superdrug customers and asked for a ransom of two Bitcoin (worth about $13,300). However, it appears that the hacker was inflating the number of customer records in his possession.

In reality, Superdrug said that it only had evidence to suggest that 386 customers were affected. Nonetheless, the company warned that names, addresses, dates of birth, phone numbers, and point balances may have been compromised. Customers who tried changing their passwords have also reported running into system issues online.

According to Reuters, “Superdrug’s independent security advisors confirmed there were no signs of a hack of its systems and also confirmed that the 386 accounts shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to the retailer.”

Get the full story at Reuters.