Extortion phishing scams have been on the rise lately, fuelled by multiple data breaches that have leaked mass amounts of personal information. MailGuard intercepted a particularly large run of such a scam on early Wednesday AEST. There are several variations of the email scam, each attempting to blackmail their target.
The theme is the same – telling victims that sensitive, often deeply personal and embarrassing, information has been obtained, and threatening to publish the content unless a ransom payment is made in bitcoin.
Three variations of the scam are described below:
1) Stolen passwords
The first variation involves extortion emails informing recipients that their passwords have been hacked. Cybercriminals place the targets password within the email body or in the subject of the email (as in the screenshot below).
It is likely that the scammers obtained the credentials from a password list that included the recipient’s email address. These lists are often from a compromised service that the original hackers have displayed or sold on the dark web. In most cases, the credentials are outdated, however those that are clinging on to old passwords, could still be fooled. Recipients should change passwords immediately if still in use.
Another tactic in this scam is the reference to a CISCO router vulnerability. Well-known and publicized security holes or exploits are often mentioned in these attacks to boost the credibility of the scam.
Forging of the recipient’s email address to send the email, is another way scammers lend authenticity, by highlighting it within the body of the email as per the below:
"I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account."
2) Embarrassing video footage
A different variation of the extortion phishing scam tells victims that the attackers have installed special software on their devices to record them when they are viewing adult content, as in the example below:
This attack preys on a fear of humiliation and embarrassment.
3) Personal browsing history
A third variation takes a similar approach, informing recipients that a trojan virus has been installed on their system, that has been monitoring the users’ activity for an extended period of time.
Similar to the video footage email, this one threatens to share the browsing history of the target, with all of their contacts.
All variations of these extortion phishing email scams are attempting to blackmail recipients. Scammers inform victims that unless a ransom payment to a bitcoin wallet is received, the (supposedly hacked) confidential data or compromising footage will be published.
Update: Upon examining the bitcoin wallets mentioned in the emails, MailGuard discovered significant amounts of money had indeed been transferred over to the scammers – proof that multiple recipients have, unfortunately, fallen for this extortion phishing scam
Scammers are attempting to blackmail me! Now what?
It is key to remember that these scams are all fake, and cybercriminals do not have any incriminating or personal information to use against you. Rather, they are trying to tap into your fears and paranoia. This is a reminder to be careful about how we use our mobile devices and computers, and of the threat of online surveillance. Think carefully about what data is being stored or shared online that might be used against you.
To be safe, MailGuard suggests using unique passwords for every site you visit, and setting up 2 factor authentication where available.
Defend your inbox
Even the most experienced and savvy email users can have a moment of haste, carelessness or fatigue when their guard is down. Just practising good common sense isn’t enough anymore, because for scammers it’s a numbers game; they know that if they keep sending their scams, sooner or later we will slip up and do something we shouldn’t.
Extortion phishing scams can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to you or someone in your business; take action to protect your inboxes, now.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.