Hostage Scams

Information website on Anti Fraud Center


Extortion scams refer to any person who unlawfully obtains money, property or services from a person, entity or institution through coercion. Scammers come up with new reasons why you urgently need to pay them money.

Hostage Scam

The Canadian Anti-Fraud Centre (CAFC) is receiving reports from Canadian companies who are being scammed. The companies receive emails followed up with phone communication from suspects misrepresenting themselves/impersonating legitimate organizations, such as “National Defence” or the “Minister of Public Safety”. The communication is an attempt to obtain ransom for employees through hostage-taking scams or proprietary information. While the ransom demand is real, the actual hostage-taking is fake.

The emails are using generic domains, such as They are well-constructed to appear to come from the Canadian Government or a person/company that may be known to the recipient. The suspects are targeting various levels within the company and often try to reach key executives to further the ransom demand.

Warning signs – How to protect yourself

  • Beware of incoming calls from an area code outside of Canada.
  • Beware of phone calls or emails not coming from the alleged hostage.
  • Suspects will prevent targeted individuals from calling or locating the alleged hostage.
  • Suspects have requested ransom money primarily via wire transfer service.
  • Beware of ransom demands for employees held hostage abroad.
  • Contact local police immediately!


Victims receive a pop-up message on their computer stating something similar to “this IP address was used to visit websites containing pornography, child pornography, zoophile and child abuse. Your computer also contains video files with pornographic content, elements of violence and spam messages with terrorist motives.”

The messages are engineered to appear as if coming from the Royal Canadian Mounted Police (RCMP) and tell consumers to pay to unlock their computer.

Warning signs – How to protect yourself

  • Beware of pop-up messages or a banner with a ransom request.
  • Be wary of free downloads and website access, such as music, games, movies and adult sites. They may install harmful programs without you knowing.
  • Make regular back-ups of important files and keep your operating system and software up to date.

Ransomware – WannaCry


Victims are lured into an online relationship through social media or pornographic websites. As the relationship builds, victims are encouraged to use the computer’s camera and the scammer will coerce the victim to perform a sexual act on camera. The victim is later advised that the event was recorded and to pay a fee or the video will be released.

Warning signs – How to protect yourself

  • Deny any requests to perform an illicit act over the internet.
  • Disable your webcam or any other camera connected to the internet when you are not using it. Hackers are able to obtain remote access and record.
  • Carefully consider who you are sharing explicit videos and photographs with.


Terrorist Threat Scam

The Canadian Anti-Fraud Centre is receiving reports of an email extortion campaign with links to terrorism. This scam email campaign is similar to other previously identified ‘hitman’ type scams. The CAFC is advising the public to ignore these emails which use death threats to frighten and scam consumers.

Commonly, these e-mails scam campaigns will claim that “you have been betrayed by someone” and that they have been hired to “kill you”. The e-mails go on to say that fees are required to be paid to “spare your life”.

Warning sign(s) – How to protect yourself

  • Do not respond to any unsolicited emails
  • If you have questions or concerns please contact your local police

iTunes scam

iTunes gift cards are vastly used by consumers to purchase music and movies. The CAFC has seen an increase in complaints where fraudsters request payment through the purchase of iTunes gift cards.

In 2016 alone, the CAFC has received 46 complaints involving the use of iTunes gift cards as payment with losses totaling $85,041. The most common approach reported has fraudsters impersonating the real Canada Revenue Agency (CRA).

Consumers receive a call or text message claiming that they owe “back taxes” as the result of an audit. The payment must be made immediately to avoid a fine. However, the recipient is told that the outstanding warrant that can be avoided if the payment is made promptly. In many cases, individuals are told they will be deported if the taxes are not paid right away. Consumers are instructed to purchase and activate iTunes gift cards and provide the codes back to the fraudsters.

Warning sign(s) – How to protect yourself

  • If you are asked to pay for any service or product with an iTunes gift card, don’t do it, it’s a scam.
  • Ask yourself why the CRA would be asking for payment through an iTunes gift card over the phone or text message when they already have you on file as a taxpayer.
  • Contact the CRA to confirm that you in fact owe back taxes, or are entitled to a refund, before providing any personal or banking information.
  • More information about fraud scams involving the CRA.

Ransomware – CryptoLocker

Ransomware is malware that restricts access to infected computers and requires victims to pay a ransom in order to regain full access.

The malicious software is being spread through email attachments. Once opened, CryptoLocker installs itself to the home or business computer and encrypt a variety of file types such as images, documents and spreadsheets. The malware searches for files to encrypt on all drives and in all folders.

Once the malicious software is installed on the computer, a pop up appears claiming the files are blocked and that the data will be lost unless the private key is obtained from the scammers. In order to obtain the private key, a ransom payment in the amount of $300.00 is demanded to be paid by Bitcoin, UKash, Green Dot or other digital payment systems.

The user is given approximately 72 hours before the private key is destroyed and the files are lost forever.

Once the malware has encrypted files on a victim’s computer there is no way to decrypt them without the private key and by paying the ransom there is no guarantee that the files will be decrypted.

Warning sign(s) – How to protect yourself

  • Never send money to “unlock” a computer.
  • Businesses should have a “emergency preparedness” cyber security plan in place.
  • Businesses should independently verify any attack with their internet service provider or a computer repair professional.
  • Never click on a pop up that claims your computer has a virus, if you cannot access anything on the computer beyond the pop-up screen your computer is infected.
  • Avoid opening email and email attachments from unknown sources, especially .zip files.
  • Ensure your anti-virus software is active and up to date and regularly schedule scans to search and remove already existing malware.
  • Keep your operating system and software up to date.
  • Make regular backups of important files.
  • Be vigilant against clicking on links within emails.

Denial of Service (DOS) Attacks

Another variation of the extortion scam being reported at the CAFC involves businesses in Canada reporting that their website and internet services are under attack or have been taken down by hackers. These attacks are commonly known as denial of service or distributed denial of service attacks and are carried out by cyber thugs attempting to extort money from Canadian businesses to restore their web services.

Show Buttons
Hide Buttons