A very-large extortion phishing scam began hitting inboxes early Wednesday AEST. There are several variations of the email scam, each attempting to blackmail their target.
The theme is the same – telling victims that sensitive, often deeply personal and embarrassing, information has been obtained, and threatening to publish the content unless a ransom payment is made in bitcoin.
Three variations of the scam are described below:
1) Stolen passwords
The first variation involves extortion emails informing recipients that their passwords have been hacked. Cybercriminals place the targets password within the email body or in the subject of the email
It is likely that the scammers obtained the credentials from a password list that included the recipient’s email address. These lists are often from a compromised service that the original hackers have displayed or sold on the dark web. In most cases, the credentials are outdated, however those that are clinging on to old passwords, could still be fooled. Recipients should change passwords immediately if still in use.
Another tactic in this scam is the reference to a CISCO router vulnerability. Well-known and publicized security holes or exploits are often mentioned in these attacks to boost the credibility of the scam.
Forging of the recipient’s email address to send the email, is another way scammers lend authenticity, by highlighting it within the body of the email as per the below:
“I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.”
2) Embarrassing video footage
A different variation of the extortion phishing scam tells victims that the attackers have installed special software on their devices to record them when they are viewing adult content, as in Screenshot 2 attached above.
This attack preys on a fear of humiliation and embarrassment.
3) Personal browsing history
A third variation takes a similar approach, informing recipients that a trojan virus has been installed on their system, that has been monitoring the users’ activity for an extended period of time.
All variations of these extortion phishing email scams are attempting to blackmail recipients. Scammers inform victims that unless a ransom payment to a bitcoin wallet is received, the (supposedly hacked) confidential data or compromising footage will be published.
Scammers are attempting to blackmail me! Now what?
It is key to remember that these scams are all fake, and cybercriminals do not have any incriminating or personal information to use against you. Rather, they are trying to tap into your fears and paranoia.
This is a reminder to be careful about how we use our mobile devices and computers, and of the threat of online surveillance. Think carefully about what data is being stored or shared online that might be used against you.
To be safe, MailGuard suggests using unique passwords for every site you visit, and setting up 2 factor authentication where available.