Cybercriminals Are Stealing Pics of Tummy Tucks and Nose Jobs to Extort Plastic Surgery Patients, FBI Warns

The FBI is warning the public that cybercriminals are targeting plastic surgery offices and patients to harvest sensitive information, including photos, for extortion.

Extortionists are spoofing phone numbers and email addresses in phishing campaigns designed to infect plastic surgery offices with malware, the bureau says in a public service announcement.

“Once successful, cybercriminals harvest electronically protected health information (ePHI), which includes sensitive information and photographs,” according to the PSA.

In phase 2 of the operation, cybercriminals harvest public information from victims’ social media accounts, then apply social engineering techniques to enhance the harvested ePHI data of plastic surgery patients.

They then use the enhanced data as leverage for extortion in Phase 3 and may use it for other fraud schemes, according to the notice.

“Cybercriminals contact plastic surgeons and their patients via social media accounts, emails, text messages, or messaging apps, and ask for payment to prevent sharing of their ePHI,” reads the warning.

The crooks pressure victims by sharing the sensitive data with the victim’s friends, family or colleagues, and by creating websites with the data. If an extortion payment is made, the attackers promise victims they will remove and stop sharing their sensitive data.

If you believe you could be targeted by this campaign, you should review the profile settings in your social media accounts to bolster privacy, limit what can be posted by others on your profile, enable two-factor authentication to login, and consider making your account private.

“Secure accounts (e-mail, social media, financial, bill pay) by creating unique and complex passwords for login [and] consider using a password manager to help you remember them,” the FBI adds.

Bitdefender Password Manager is a multi-platform service that helps you store and organize all your online passwords. It uses the strongest cryptographic algorithms to protect your information and makes logging in a breeze with the help of a single master password.

Bitdefender recommends deploying a dedicated security solution on personal devices to defend against all cyber threats in today's digital landscape.