iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Sextortion attacks are becoming increasingly common and are growing in sophistication, according to new research by network cyber security firm Barracuda Networks.
For those unaware, sextortion attacks involve a threat actor attempting to blackmail a victim by threatening to post sexual or illicit video or other content of them found on the victim’s computer or other device, unless they pay them money or meet other demands.
These are usually conducted through phishing, using stolen credentials exfiltrated in other data breaches.
While sextortion attacks are not new, research by Barracuda suggests that they are evolving to be increasingly personalised to the victim, as well as demanding more money.
In an attempt to make the email more convincing, threat actors will litter their emails with personal details secured from other incidents or that have been found elsewhere, such as full names, phone numbers, birth dates, addresses, etc.
Barracuda said an example of an attempted sextortion scam email may appear like the following:
“I know that calling [telephone number] or visiting [street address] would be a better way to have a chat with you in case you don’t cooperate. Don’t even try to escape from this. You have no idea what I’m capable of in [city].”
Additionally, the threat actors attach images to make the attack more personal, such as an image of their house or place of work. These are often Google Maps StreetView images that have been sourced using the address of the victim.
Copy for these emails is also getting more unique. Barracuda said that while the copy is generally identical, or has very few differences, recent observations show that threat actors are changing the language used.
For example, the line often located just above the Google Maps image has several variations, including “See you here?”, “Can you notice something here?”, and “Is this the right place to meet?”
Additionally, the line below the crypto payment information also varies, with examples shared by Barracuda including “Let me tell ya, it’s peanuts for your peace”, “Let me tell ya, it’s peanuts for your tranquility”, and “Once you pay up, you’ll sleep like a baby. I keep my word.”
Threat actors are also asking for more money in their sextortion scams. While Barracuda had previously observed payments of just a few hundred dollars, capping at $500, recent incidents have seen payment requests as high as $2,000.
The scammers are at least attempting to make that money easy to pay, with some now leveraging QR codes for quick bitcoin payments.
One of the main dangers of these scams is the victim’s unwillingness to report them due to their sensitive nature. As a result, emails sent to workplaces may spread to a number of people before being picked up.
Workplaces should train their staff in security awareness and actively monitor their systems regularly to identify scams and other threats.
Ensuring that accounts are secure and preventing compromisation is also a priority, as they are often the main point of entry for attackers.
Be the first to hear the latest developments in the cyber industry.
