A new cybersecurity threat is putting business executives at risk, using physical mail instead of digital attacks. Scammers are mailing fraudulent ransomware letters to executives, falsely claiming they have gained unauthorized access to sensitive company files and demanding payment. The FBI is warning business leaders to stay alert and take action to avoid becoming victims of this scheme.

Corporate Executives Are the Primary Targets

High-ranking executives at companies across the United States are being targeted. Scammers focus on business leaders who often have direct access to company assets and may feel pressured to act quickly to protect confidential information.

Scammers Are Using Physical Mail to Evade Detection

Unlike traditional cyberattacks, these fraudulent letters are being sent through the mail directly to executives. This makes the scam feel more urgent and harder for corporate security teams to intercept. Some letters include a U.S. return address and claim to be from the “BianLian Group”, with some appearing to originate from Boston, Massachusetts (Internet Crime Compliant Center, 2025).

Scammers Use Social Engineering Tactics to Demand Ransom Payments

These letters are labeled “Time Sensitive – Read Immediately” and claim that hackers have breached the company’s network. The letters demand a ransom of $250,000 to $500,000 and include a QR code linking to a Bitcoin wallet for payment. Recipients are threatened with the public release of stolen data if payment is not made within ten days.

However, the FBI has not yet found evidence that these threats are legitimate. There has been no confirmed link between the individuals sending these letters and the real BianLian ransomware group. This is suspected to be a scam designed to manipulate executives into making rushed financial decisions.

What to Do If You Receive One of These Letters

If you or someone in your company receives a ransom letter, take these immediate steps:

• Remain Calm and Verify the Claim – Have your IT security team check for any signs of a data breach.

• Notify Security and Legal Teams Immediately – Inform your company’s security team, legal department, and executive leadership. Keeping quiet only benefits the scammers.

• Do Not Respond to the Scammers – Avoid scanning the QR code, replying to the letter, or sending any payment. Scammers rely on fear-driven, quick decisions.

• Report the Scam to the FBI – The FBI is actively tracking this scam. Reporting the incident can help law enforcement stop similar fraud attempts.

• Educate Leadership and Employees – Ensure that all executives and relevant employees are aware of this scam and know how to respond if they receive a suspicious letter.

Proactive Security Measures to Protect Your Business

This scam preys on fear and urgency, pressuring executives into making impulsive decisions. By sending letters directly to home addresses, scammers bypass corporate security protocols and isolate their targets into paying the ransom resulting in financial loss, reputational harm, and future targeting by scammers.

To prevent falling victim to similar schemes, business leaders must:

• Stay vigilant and verify all threats before taking action.

• Follow established security protocols for handling extortion attempts.

• Ensure IT security measures are up to date and actively monitored.

• Train leadership teams to recognize and respond to social engineering scams.

• Report any suspicious activities to law enforcement promptly.

Take Action Now to Prevent Extortion

Awareness and proper response strategies are the best defenses against mail scam tactics. By staying informed, verifying threats, and reporting suspicious activities, companies can protect their executives and financial assets.

For information on real cybersecurity threats, including confirmed BianLian ransomware attacks, check the latest Joint Cybersecurity Awareness Bulletin. If you believe your company has been targeted, report the incident to the FBI immediately.