Extortion email scams have been on the rise, fuelled by multiple data breaches that have leaked mass amounts of personal information. MailGuard intercepted an extortion email scam in the morning of 4th of Jan 2020 (AEST).
The email infiltrated inboxes using the subject ‘I have clips of you watching adult videos’. Originating from a SendGrid compromised email address, the plain-text email purports to be from a hacker who allegedly found a vulnerability in the recipient's router. The ‘hacker’ claims to have taken advantage of the vulnerability to record the recipient when he/she was watching adult material online.
The email threatens the recipient to release this recording to all of the recipients’ contacts, unless the hacker receives ‘1300 $ in Bit-Coin’ within 72 hours. A Bitcoin address is then provided in 2 parts.
Here’s a screenshot of the email:
It is key to remember that this scam is fake, and cybercriminals do not have any incriminating or personal information to use against you. Rather, they are trying to tap into your fears and paranoia and trick you into paying the ransom money.
Here are a couple of techniques that cybercriminals behind this scam have employed to do this:
- The usage of a subject line like ‘I have clips of you watching adult videos’ serves to evoke alarm and panic among recipients who then may be too distracted to verify the credibility of the email.
- The inclusion of the 72-hour deadline evokes urgency and motivates recipients to act immediately.
This is a reminder to be careful about how we use our mobile devices and computers, and of the threat of online surveillance. Think carefully about what data is being stored or shared online that might be used against you.
To be safe, MailGuard suggests using unique passwords for every site you visit, and setting up 2 factor authentication where available.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
Cybercriminals use email scams to infiltrate organisations. All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.