Ukraine's state-owned telecommunications company Ukrtelecom experienced a disruption in internet service on Monday after a "powerful" cyberattack, according to Ukrainian government officials and company representatives. Reuters reports: The incident is the latest hacking attack against Ukrainian internet services since Russian military forces invaded in late February. "Today, the enemy launched a powerful cyberattack against Ukrtelecom's IT-infrastructure," said Yurii Shchyhol, chairman of the State Service of Special Communication and Information Protection of Ukraine. "The attack was repelled. And now Ukrtelecom has an ability to begin restoring its services to the clients." "Currently, the attack is repulsed, the provision of services is gradually resumed," said Ukrtelecom spokesperson Mikhail Shuranov.

NetBlocks, which monitors internet service disruptions, posted on Twitter earlier on Monday that it saw "connectivity collapsing" with an "ongoing and intensifying nation-scale disruption." A similar incident took place earlier this month with Triolan, a smaller Ukrainian telecom company, Forbes previously reported. That company suffered a hack that reset some internal systems, resulting in some local subscribers losing access.

A "powerful" cyberattack has hit Ukraine's biggest fixed line telecommunications company, Ukrtelecom. Described as the most severe cyberattack since the start of the Russian invasion in February, it has sent the company's services across the country down. From a report: Victor Zhora, deputy head of the State Service for Special Communications and Information Protection, confirmed to Forbes that the government was investigating the attack. He said it's not yet known whether Ukrtelecom -- a telephone, internet and mobile provider -- has been hit by a distributed denial of service (DDoS) attack or a deeper, more sophisticated intrusion. The attack has only been acknowledged by Ukrtelecom in responses to customer comments on Facebook. In one, it responded by saying that services were down as a result of a "powerful cyber attack of the enemy." When Forbes messaged Ukrtelecom over Facebook, an automated response was provided, reading, "Currently, there are difficulties in using the internet service from Ukrtelecom. Our specialists are doing everything possible to resolve this issue as soon as possible. Due to the abnormal load and problems with internal systems, the operators of the contact center and Facebook can not process customer requests." NetBlocks, which tracks internet downtimes across the world, found Ukrtelecom had been dealing with a disrupted service since this morning, "collapsing to 13% of pre-war levels."

Microsoft's new security chief Charlie Bell issued a call to arms to build protection from hackers and criminals in the emerging metaverse from the start of the new technology. From a report: "There's going to be a lot of innovation and there will be a lot of struggling to figure out what has to be done," Bell said in an interview. "But I think because of the speed, there will be fast innovation on the security side."

The metaverse -- a concept that promises to let users live, work and play within interconnected virtual worlds -- will present some unique and more serious security challenges for technology and cybersecurity companies. As an example, hackers may be able to make avatars that look like a user's trusted contacts, a twist on the traditional email phishing scheme that will be hard for users to resist, he said. The nature of the metaverse, which offers the possibility of less centralized control of content and users, also is a challenge for those trying to protect customers.

"Picture what phishing could look like in the metaverse -- it won't be a fake e-mail from your bank," wrote Bell, Microsoft's executive vice president, security, compliance, identity, and management, in a blog posted Monday on Microsoft's web site. "It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room."

A new essay from The Baffler suggests burnout is "a personal malady that indexes a broken labor system," rather than a trendy term that "resonates with affluent professionals who fetishize overwork."

And then the essay turns to Jonathan Malesic's new book The End of Burnout: He casts a critical eye on burnout discourse, in which the term is used loosely and self-flatteringly. Journalistic treatments of burnout — such as Anne Helen Petersen's widely read 2019 essay — tend to emphasize the heroic exertions of the burned-out worker, who presses on and gets her work done, no matter what. Such accounts have significantly raised burnout's prestige, Malesic argues, by aligning the disorder with "the American ideal of constant work." But they give, at best, a partial view of what burnout is. The psychologist Christina Maslach, a foundational figure in burnout research — the Maslach Burnout Inventory is the standard burnout assessment — sees burnout as having three components: exhaustion; cynicism or depersonalization (detectable in doctors, for example, who see their patients as "problems" to be solved, rather than people to be treated); and a sense of ineffectiveness or futility.... Accounts of the desperate worker as labor-hero ignore the important fact that burnout impairs your ability to do your job. A "precise diagnostic checklist" for burnout, Malesic writes, would curtail loose claims of fashionable exhaustion, while helping people who suffer from burnout seek medical treatment.

Malesic, however, is interested in more than tracing burnout's clinical history. A scholar of religion, he diagnoses burnout as an ailment of the soul. It arises, he contends, from a gap between our ideals about work and our reality of work. Americans have powerful fantasies about what work can provide: happiness, esteem, identity, community. The reality is much shoddier. Across many sectors of the economy, labor conditions have only worsened since the 1970s. As our economy grows steadily more unequal and unforgiving, many of us have doubled down on our fantasies, hoping that in ceaseless toil, we will find whatever it is we are looking for, become whoever we yearn to become. This, Malesic says, is a false promise.... [The book] is an attack on the cruel idea that work confers dignity and therefore that people who don't work — the old, the disabled — lack value. On the contrary, dignity is intrinsic to all human beings, and in designing a work regime rigged for the profit of the few and the exhaustion of the many, we have failed to honor one another's humanity.... William Morris, in his famous essay "Useful Work Versus Useless Toil," dreamed of a political transformation in which all work would be made pleasurable. Malesic thinks, instead, that work should not be the center of our lives at all....

Burnout is an indicator that something has gone wrong in the way we organize our work. But as a concept it remains lodged in an old paradigm — a work ethic that was already dubious in America's industrial period, and now, in a period of extreme inequality and increasing precarity across once-stable professions, is even harder to credit.... The top 1 percent of the income distribution is composed largely of executives, financiers, consultants, lawyers, and specialist doctors who report extremely long work hours, sometimes more than seventy a week....

But the strange work ethic the rich have devised seems highly relevant for our understanding of burnout as a cultural phenomenon, especially as it spreads beyond its traditional victims — doctors, nurses, teachers, social workers, anti-poverty lawyers — and courses through the ranks of knowledge workers more generally."

"Wannabe innovation hubs from coast to coast have been slavering over the prospect that the work-from-home revolution triggered by the COVID pandemic would finally break the stranglehold that California and Silicon Valley have had on high-tech jobs," writes a business columnist for the Los Angeles Times.

"Here's the latest picture on this expectation: Not happening." That's the conclusion of some new studies, most recently by Mark Muro and Yang You of the Brookings Institution. They found that although the pandemic brought about some changes in the trend toward the concentration of tech jobs in a handful of metropolitan areas, the largest established hubs as a group "slightly increased their share" of national high-tech employment from 2019 through 2020. (Emphasis theirs....) "[T]he big tech superstar cities aren't going anywhere," Muro told me. "There's a suggestion that we're on the brink of an entirely different geography. I don't think recent history or the nature of the technologies point in that direction.... "

"The California metropolises really do retain their irreplaceable depth and strength," Muro says. "That's not to say there won't be some movement. Early in the period we saw some exiting, especially from the Bay Area, but it turned out that much of it was within California, rather than to Kansas." This shouldn't be too surprising. The value of concentrated ecosystems in nurturing innovation has been documented for decades....

The pandemic-driven shift to remote work does seem to have opened entrepreneurs' eyes at least to the potential for doing away with centralized workforces. In a recent survey of tech startup founders, the share of respondents saying they would prefer to start a firm with an entirely remote workforce from Day One rose to 42.1% in 2021 from only 6% in 2020. Among physical locations where the founders said prefer to launch their businesses, however, San Francisco still dominated, at 28.4%, with New York a distant second....

Unlike service industries such as leisure and tourism, most tech industries experienced barely a hiccup in their long-term growth trends during the pandemic.
The column also questions when, "if ever," work-from-home jobs will become a significant share of the workforce. "Full-scale work-from-home only applies to about 6% of workers, UC Berkeley economist Enrico Moretti says. That's triple the 2% level of the pre-pandemic era, but still an exception to the rule."

Apple is paying six-figure "special retention grants" to a handful of hardware and software engineers. Protocol reports: The bonuses, anonymous sources told Bloomberg, are worth between $100,000 and more than $200,000 in restricted stock units that vest over several years, providing another incentive for engineers to stay at Apple... The bonuses show the level of insecurity that some of the top-paying companies in the industry feel in this tight market for tech talent. (Even Google employees are feeling unhappy with their compensation....) Apple and other tech giants are throwing more and more money at employees to retain them.

In the last few months, Alphabet has adopted a new cash bonus plan that allows employee bonuses "of nearly any size for nearly any reason," The Wall Street Journal reported last month, and Amazon has raised its cash-pay cap from $160,000 to $350,000, according to The New York Times.
Bloomberg points out Apple "has suffered some attrition in its chip design group," as Facebook's parent Meta Platforms "has stepped up recruiting of engineers — aiming to put them to work on the so-called metaverse," and the payouts also went to Apple employees working on virtual and augmented reality headsets. Inflation also has put pressure on employers to boost compensation. And Apple is preparing for a return to the office — a source of tension for some employees. By May, the company will require engineers and other corporate staff to work out of the office at least three days a week.
So the bonuses "are designed to keep the employees from leaving by vesting over several years," Bloomberg concludes, "and they could become more valuable over time if Apple's stock price continues to rise.

"The shares are up more than 40% over the past 12 months..."

The U.S. placed internet-security provider AO Kaspersky Lab on a list of companies deemed a threat to national security, for the first time adding a Russian entity to a list dominated by Chinese telecommunications firms. Bloomberg reports: The Federal Communications Commission on Friday also added China Telecom (Americas) Corp, and China Mobile International USA Inc. to the list. Once a company is on the list, federal subsidies can't be used to purchase its equipment or services. The action is part of the FCC's efforts to "strengthen America's communications networks against national security threats," Jessica Rosenworcel, the agency's chairwoman, said in a news release.

Kaspersky is a well known provider of anti-virus software, and has conducted investigations into a range of nation-state hacking incidents. It calls itself the world's largest privately-owned cybersecurity company on its website. It says it protects over 400 million users and 240,000 companies. [...] For Friday's update of the list, the FCC said it relied on findings by the Department of Homeland Security and an executive branch interagency body called the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.

If Netflix follows through with its test to charge an additional fee to users sharing passwords, it could rake in $1.6 billion in global revenue annually, according to a new Wall Street analysis. Variety reports: Last week, Netflix said it was launching a test in three Latin America countries (Chile, Costa Rica and Peru) to address password sharing. Customers will be able to add up to two Extra Member accounts for about $2-$3/month each, on top of their regular monthly fee. According to estimates by Cowen & Co. analysts, if Netflix rolls the program out globally it could add an incremental $1.6 billion in global revenue annually, or about 4% upside to the firm's 2023 revenue projection of $38.8 billion. The firm's estimate assumes that about half of non-paying Netflix password-sharing households will become paying members; further, the model predicts that of those, about half will opt to sign up for their own separate paid account.

An anonymous reader quotes a report from TechCrunch: Police in the United Kingdom have arrested seven people over suspected connections to the Lapsus$ hacking group, which has in recent weeks targeted tech giants including Samsung, Nvidia, Microsoft and Okta. In a statement given to TechCrunch, Detective Inspector Michael O'Sullivan from the City of London Police said: "The City of London Police has been conducting an investigation with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

News of the arrests comes just hours after a Bloomberg report revealed a teenager based in Oxford, U.K. is suspected of being the mastermind of the now-prolific Lapsus$ hacking group. Four researchers investigating the gang's recent hacks said they believed the 16-year-old, who uses the online moniker "White" or "Breachbase," was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was leaked online by rival hackers. TechCrunch has seen a copy of the the suspected hacker's leaked personal information, which we are not sharing -- but it matches Bloomberg's reporting. City of London Police, which primarily focuses on financial crimes, did not say if the 16-year-old was among those arrested.

At least one member of Lapsus$ was also apparently involved with a recent data breach at Electronic Arts, according to [security reporter Brian Krebs], and another is suspected to be a teenager residing in Brazil. The latter is said to be so capable of hacking that researchers first believed that the activity they were witnessing was automated. Researchers' ability to track the suspected Lapsus$ members may be because the group, which now has more than 45,000 subscribers to its Telegram channel where it frequently recruits insiders and leaks victims' data, does little to cover its tracks. In a blog post this week, Microsoft said the group uses brazen tactics to gain initial access to a target organization, which has included publicly recruiting company insiders. As reported by Bloomberg this week, the group has even gone as far as to join the Zoom calls of companies they've breached and taunted employees trying to clean up their hack.

An anonymous reader quotes a report from Gizmodo: A hacker group claims to have stolen and leaked a trove of Nestle's data. The company says that can't possibly be true. Why? Because the data was actually leaked by Nestle itself several weeks ago. In emails to Gizmodo, a Nestle spokesperson disavowed allegations from the hacktivist collective Anonymous, which claimed this week to have stolen and leaked a 10 gigabyte tranche from the global food and beverage conglomerate. Anonymous said it was punishing Nestle for its reticence to withdraw from Russia, as a host of other major companies have done. The data, which Anonymous said included internal emails, passwords, and information on Nestle's customers, was posted to the web on Tuesday.

But, according to Nestle, Anonymous is full of it. A spokesperson told Gizmodo, "This recent claim of a cyber-attack against Nestle and subsequent data leak has no foundation." The spokesperson explained that the trove of data floating around the web was, in fact, the product of a mistake the company made earlier this year: "It relates to a case from February, when some randomized and predominantly publicly available test data of a B2B nature was made accessible unintentionally online for a short period of time." [...] In a follow-up email, the same company spokesperson explained that the data, some of which was already public and some of which was not, had been accidentally published to the open internet for multiple weeks. According to the spokesperson: "Some predominantly publicly-available data (e.g., company names and company addresses and some business email addresses) was erroneously made available on the web for a limited period of time (a few weeks). It was detected by our security team at the time and the appropriate review was carried out. The data was prepared for a B2B test website to perform some functionality checks." Nestle on Wednesday said it planned to partly scale back its operations in Russia, continuing to provide "essential food, such as infant food and medical/hospital nutrition."

Google's Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. From a report: The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques," the Google team wrote on Thursday. "It is possible that other North Korean government-backed attackers have access to the same exploit kit." Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit.

An anonymous reader quotes a report from Bloomberg: Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft and Nvidia, have traced the attacks to a 16-year-old living at his mother's house near Oxford, England. Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind.

The teen is suspected by the researchers of being behind some of the major hacks carried out by Lapsus$, but they haven't been able to conclusively tie him to every hack Lapsus$ has claimed. The cyber researchers have used forensic evidence from the hacks as well as publicly available information to tie the teen to the hacking group. Bloomberg News isn't naming the alleged hacker, who goes by the online alias "White" and "breachbase," who is a minor and hasn't been publicly accused by law enforcement of any wrongdoing. Another member of Lapsus$ is suspected to be a teenager residing in Brazil, according to the investigators. One person investigating the group said security researchers have identified seven unique accounts associated with the hacking group, indicating that there are likely others involved in the group's operations. The teen is so skilled at hacking — and so fast-- that researchers initially thought the activity they were observing was automated, another person involved in the research said. [...]

The teenage hacker in England has had his personal information, including his address and information about his parents, posted online by rival hackers. At an address listed in the leaked materials as the teen's home near Oxford, a woman who identified herself as the boy's mother talked with a Bloomberg reporter for about 10 minutes through a doorbell intercom system. The home is a modest terraced house on a quiet side street about five miles from Oxford University. The woman said she was unaware of the allegations against her son or the leaked materials. She said she was disturbed that videos and pictures of her home and the teen's father's home were included. The mother said the teenager lives at that address and had been harassed by others, but many of the other leaked details couldn't be confirmed. She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police.

Microsoft announced on Wednesday that it will expand its cybersecurity skilling initiative to 23 additional countries. The campaign, which began last year in the U.S., is part of the company's push to help solve the cybersecurity industry's growing talent problem, while also helping diversify the industry. From a report: Like many industries within tech, cybersecurity is facing both a workforce shortage and a widening skills gap among workers. According to Kate Behncken, vice president and lead of Microsoft Philanthropies, by 2025 there will be 3.5 million cybersecurity jobs open globally. Microsoft originally launched the skilling campaign in the U.S. last fall, partnering with 135 community colleges to skill and recruit workers into the cybersecurity industry. By expanding skilling and training to 23 countries, Microsoft aims to get ahead of the demand. The countries, which include Australia, Brazil, Canada and India, were chosen due to their "elevated cyberthreat risk."

Firefox is finally gaining proper AV1 support. Neowin reports: According to an update made to a post on Bugzilla, the Mozilla Foundation is finally ready to add hardware acceleration for the AV1 video format. Developers plan to implement improved AV1 support in the upcoming release of Firefox 100, scheduled to arrive on May 3, 2022. Hardware acceleration for AV1 video brings several noticeable benefits to customers. The standard developed by Alliance for Open Media and initially released in March 2018 offers better video compression than H.264 (about 50%) and VP9 (about 20%). Shifting AV1 video processing from software to hardware improves efficiency and reduces energy consumption, resulting in better battery life on tablets and laptops. Google and Microsoft announced hardware-accelerated AV1 video in Chrome and Edge in late 2020. Mozilla, on the other hand, did not rush to introduce improved AV1 support in Firefox. While it is easy to dunk on Firefox, there is a reason why developers took their time. Hardware-accelerated AV1 video is not something you can add to any computer with Windows 10, and it requires a PC with the most recent and powerful hardware.

An anonymous reader shares a report: A digital extortion gang with a murky background and unconventional methods -- one researcher called them "laughably bad" at times -- has claimed responsibility for a string of compromises against some of the world's largest technology companies. The group, known as Lapsus$, said in a series of public posts on the messaging app Telegram this week that it had accessed Okta, the San Francisco-based identity-management firm that provides authentication tools for an array of business clients. Okta said Tuesday that attackers may have viewed data from approximately 2.5% of its customers after breaching the laptop of an engineer at a third-party vendor.

Lapsus$ previously claimed to breach organizations including Nvidia, Samsung Electronics, and the gaming company Ubisoft Entertainment. The group said it also accessed data from Microsoft, saying it had gathered source code from the company's Bing search engine, Bing Maps and the Cortana digital assistant. Microsoft said attackers gained "limited access" to its systems, and that attackers had compromised a single account to gather data. In recent years, most hacking groups have used malware to encrypt a victim's files, then demanded payment to unlock them, so-called ransomware. Sometimes the groups steal sensitive data and threaten to make it public unless they are paid. Lapsus$ functions as a "large-scale social engineering and extortion campaign," though it does not deploy ransomware, Microsoft said. The group uses phone-based tactics to target personal email accounts at victim organizations and pays individual employees or business partners of an organization for illicit access, according to Microsoft. Lapsus$ also is known for hijacking individual accounts at cryptocurrency exchanges to drain user holdings.

Authentication services provider Okta is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment. From a report: A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement. "We will provide updates as more information becomes available," he added. The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was "ONLY on Okta customers." TechCrunch adds: Okta chief executive Todd McKinnon confirmed the breach in a tweet thread overnight on March 22: "In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors. The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January."

apoc.famine shares a report from Ars Technica: Hundreds of thousands of sites use the OAuth protocol to let visitors login using their existing accounts with companies like Google, Facebook, or Apple. Instead of having to create an account on the new site, visitors can use an account that they already have -- and the magic of OAuth does the rest. The Browser-in-the-Browser (BitB) technique capitalizes on this scheme. Instead of opening a genuine second browser window that's connected to the site facilitating the login or payment, BitB uses a series of HTML and cascading style sheets (CSS) tricks to convincingly spoof the second window. The URL that appears there can show a valid address, complete with a padlock and HTTPS prefix. The layout and behavior of the window appear identical to the real thing.

While the method is convincing, it has a few weaknesses that should give savvy visitors a foolproof way to detect that something is amiss. Genuine OAuth or payment windows are in fact separate browser instances that are distinct from the primary page. That means a user can resize them and move them anywhere on the monitor, including outside the primary window. BitB windows, by contrast, aren't a separate browser instance at all. Instead, they're images rendered by custom HTML and CSS and contained in the primary window. That means the fake pages can't be resized, fully maximized or dragged outside the primary window. All users should protect their accounts with two-factor authentication. One other thing more experienced users can do is right click on the popup page and choose "inspect." If the window is a BitB spawn, its URL will be hardcoded into the HTML.

Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data. BleepingComputer reports: Unlike many extortion groups we read about today, Lapsus$ does not deploy ransomware on their victim's devices. Instead, they target the source code repositories for large companies, steal their proprietary data, and then attempt to ransom that data back to the company for millions of dollars. While it is not known if the extortion group has successfully ransomed stolen data, Lapsus has gained notoriety over the past months for their confirmed attacks against NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre. Unfortunately, Lapsus$ has a good track record, with their claims of attacks on other companies later confirmed to be true.

While the leaking of source code makes it easier to find vulnerabilities in a company's software, Microsoft has previously stated that leaked source code does not create an elevation of risk. Microsoft says that their threat model assumes that threat actors already understand how their software works, whether through reverse engineering or previous source code leaks. "At Microsoft, we have an inner source approach -- the use of open source software development best practices and an open source-like culture -- to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code," explained Microsoft in a blog post about the SolarWinds attackers gaining access to their source code. "So viewing source code isn't tied to elevation of risk." However, source code repositories also commonly contain access tokens, credentials, API keys, and even code signing certificates.

President Biden on Monday urged American companies to put up their cyber-defenses, citing "evolving intelligence that the Russian Government is exploring options for potential cyberattacks" against the U.S. From a report: "The Federal Government can't defend against this threat alone," Biden said in a lengthy statement released by the White House. He called on the private sector, as "critical infrastructure owners and operators," to "accelerate efforts to lock their digital doors." [...] "I urge our private sector partners to harden your cyber defenses immediately," Biden said in the statement. In the lead-up to the invasion of Ukraine, the White House repeatedly publicized its intelligence about Moscow's plans in an effort to deter them.

schwit1 shares a report: About 10 years ago, when Erik Arbuthnot first started hearing about phony-kidnapping hustles, his fellow agents at the FBI scoffed at the cases. "Don't worry about those," they told Arbuthnot. "Those are fake. We handle the real ones." Now the cases have become so widespread that the bureau has a name for them: virtual kidnappings. "It's a telephone extortion scheme," says Arbuthnot, who heads up virtual-kidnapping investigations for the FBI out of Los Angeles. Because many of the crimes go unreported, the bureau doesn't have a precise number on how widespread the scam is. But over the past few years, thousands of families like the Mendelsteins have experienced the same bizarre nightmare: a phone call, a screaming child, a demand for ransom money, and a kidnapping that -- after painful minutes, hours, or even days -- is revealed to be fake. There's the pastor in Memphis who, like Mendelstein, was told his daughter had been kidnapped. The man in Miami who thought his wife and baby daughter were being held for ransom. The guy in Missouri who got conned into thinking his elderly mother had been taken. Overall, the FBI reports, internet scams nearly doubled in 2020 -- and extortion cases like virtual kidnapping have rung up the third-most victims, right behind phishing schemes and phony sales calls.