Email extortion scams are once again being used by cybercriminals according to new research from Symantec which managed to block almost 300m of these malicious emails during the first five months of 2019.
The scam begins when users receive an email with one of their old passwords in the Subject line. This helps pique their interest, so they click on the message only to discover that someone has allegedly hacked their webcam and recorded them in some intimate acts. The attackers then threaten to send this recording to everyone on their contact list unless they send a few hundred dollars in bitcoins.
Many people found themselves in this exact situation over the last year as Symantec witnessed a revival and evolution in email extortion scams. These sorts of scams have been around for years but the scenario outlined above (often referred to as a “sextortion” scam) is one of the main types of extortion scams the firm started seeing more frequently since the middle of 2018.
Between January 1 and May 29, 2019, just under 289m of these types of emails were blocked by Symantec. Just over 85m of these emails (almost 30 percent) were blocked during a 17-day period in February when there was a big spike in these types of scams.
Email extortion scams
In addition to sextortion email scams, Symantec also saw several different variations of extortion scam emails including ones with plaintext written in English, some with a bomb threat theme, some that used PNG or JPEG images which contained a Bitcoin wallet address, some with a PDF attachment with the coin wallet address present in the PDF and some that used SegWit Bitcoin addresses.
The researchers believe that the attackers used variations in the messages such as using attachments or obfuscated characters in an attempt to evade email security technologies. For example, some spam filters might work by blocking emails with Bitcoin addresses in the body which is why attackers may have turned to using PDF attachments or obfuscated text to try to bypass the spam filter.
Many of the emails also contained a password or partial phone number associated with the email address the email was sent to. This information was included to make it appear as if the attacker had access to private information about the recipient when in reality they likely obtained these details from one of the many large password dumps of recent years.
In a majority of these scam emails, the attacker claims to have a recording of a user visiting an adult website but in some cases the attacker would pretend to be a member of law enforcement who found child pornography on a user’s device. The big exception to this is the bomb scare emails where the sender claims to have planted a bomb in your building that will be triggered if the requested amount of money is not paid.
Symantec believes that a minimum of two cyber crime groups are behind the recent rise in email extortion scams which do not require a huge degree of technical knowledge to pull off. The firm recommends using strong email protection technologies, not opening emails or attachments from unknown sources and ensuring that your accounts are protected with strong passwords to avoid falling victim to these scams.