Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Threat Spotlight: Barracuda Study Finds 1 In 10 Spear Phishing Emails Are Sextortion.

by The Gurus
February 28, 2019
in Software
Threat Spotlight: Barracuda Study Finds 1 In 10 Spear Phishing Emails Are Sextortion.
Share on FacebookShare on Twitter

Sextortion scams have increased in frequency and scope since we first highlighted this type of attack in our October Threat Spotlight. Previously, sextortion scams were used as part of large-scale spam campaigns, but now many of these attacks are getting more sophisticated and bypassing email gateways.

We analyzed spear phishing attacks targeted at Barracuda customers and found that 1 in 10 were blackmail or sextortion attacks. In fact, employees are more likely to receive a sextortion scam than an employee impersonation or business email compromise attack.

In this Threat Spotlight, we’ll take a closer look at this research and what we uncovered about the tactics used most frequently in sextortion scams and who is most likely to be targeted by this type of blackmail threat.

Highlighted Threat:

Sextortion Scam – Attackers use passwords stolen in past data breaches to trick users into paying Bitcoin to avoid having a compromising video, which attacker claim to have recorded on the victim’s computer, shared with all their contacts.

The Details:

The basic approach of sextortion scams remains the same. Attackers are harvesting email addresses and passwords and using them in the threatening email to add to the victim’s fears. Often, attackers will spoof their victim’s email address and pretend to have access to it to make the attack even more convincing. Payment demands usually ask for Bitcoin, and Bitcoin wallet details are included in the message.

Most sextortion scams are sent as part of larger spam campaigns to thousands of people at a time, so most get caught in spam filters. But, like with many other types of email fraud, scammers are evolving their techniques using social engineering tactics to bypass traditional email security gateways.

Many sextortion emails end up in users’ inboxes because they originate from high-reputation senders and IPs. In fact, hackers will use already compromised Office 365 or Gmail accounts in their campaigns. Emails from these legitimate, high-reputation-score accounts will pass through gateways and land in their victims’ mailboxes.

These emails don’t usually contain any malicious links or attachments that traditional gateways will look for. Attackers have also started to vary and personalize the content of the emails, making it difficult for spam filters don’t stop them.

Sextortion scams are also under-reported due to the intentionally embarrassing or sensitive nature of the threats. As a result, IT teams are often unaware of these attacks because employees either choose to pay a ransom or are simply too embarrassed to report the email.
Most common sextortion subject lines

In our study of sextortion and blackmail attacks, we looked at the 30 most common subject lines, which represent over 60 percent of all the sextortion emails we analyzed. We noticed patterns in the subject lines used by attackers. The two most common subject lines are security alerts and requests to change passwords. Attackers will often include either the victim’s email address or their password in the subject line to get them to open and read the email.

Here are some examples of security alert subject lines we saw in our research:

[email protected] was under attack change you access data
Your account has been hacked you need to unlock
Your account is being used by another person

Here are some examples of password change subject lines we saw:

Change your password [password] immediately your account has been hacked
Hackers know your password [password] password much be changed now

We found that almost every subject line on a sextortion email will contain some form of security warning, with more than a third requesting a password change.

Other common subject lines that we saw include references to a customer service ticket number or incident report.

Occasionally, attackers are more straightforward with the subject line, using threats like:

You are my victim
Better listen to me
You don’t have much time
You can avoid problems
This is my last warning [email protected]

Industries most likely to be targeted by sextortion

In our research, we found education was the industry targeted most frequently by sextortion and blackmail, making up 55 percent of attacks. A full 14 percent of attacks targeted government employees, and 11 percent went after business services organizations.

The overwhelming focus on education is a calculated move by attackers. Educational organizations usually have a lot of users, with a very diverse and young user base that is less informed about security awareness and may be less aware of where to seek help and advice. Students and young people are also more likely to be scared into wiring the money, given the nature of the threat.

4 ways to protect against sextortion scams

1. Spear phishing protection — Because attackers are adapting sextortion emails to bypass email gateways and spam filters, a good spear phishing solution that protects against blackmail and sextortion is a must. For example, Barracuda Sentinel has built-in components designed to detect these types of attacks.

2. Account takeover protection — Many sextortion attacks originate from compromised accounts, so make sure scammers aren’t using your organization as a base camp to launch these attacks. Deploy technology that uses artificial intelligence to recognize when accounts have been compromised. Barracuda Sentinel allows you to remediate in real time by alerting users and removing malicious emails sent from compromised accounts.

3. Proactive investigations — Given the nature of sextortion scams, employees might be less willing than usual to report these attacks, so you should conduct regular searches on delivered mail to detect emails related to password changes and other content we discussed above. Many of sextortion emails originate from outside North America or Western Europe. Evaluate where your delivered mail is coming from, review any that are of suspicious origin, and remediate.

Barracuda Forensics and Incident Response will help with searches, provide interactive report on geographic origin of delivered email, and help you automatically remove any malicious messages that you find inside your users mail boxes.

4. Security awareness training — Educate users about sextortion fraud, especially if you have a large and diverse user base, like education sector. Make it part of your security awareness training program. Ensure your staff can recognize these attacks, understand their fraudulent nature, and feel comfortable reporting them. We also recommend using phishing simulation, such as Barracuda PhishLine to test effectiveness of your training and evaluate users who are most vulnerable to extortion attacks.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Retailers See 10 Billion Attacks From Bots, Akamai Reveals.

Next Post

Radiflow Incorporates Dynamic Vulnerability Assessment Scoring Into Its Industrial Threat Detection Solution.

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information