Security researchers warn users that they block millions of extortion scam emails each day.
On average one million extortion emails are blocked every 24 hours, according to Proofpoint. On high volume days two million emails are blocked.
They usually come in the form of sextortion, whereby the attacker claims to have a webcam video of the victim watching porn and threatens to send it to all the user’s email contacts unless a ransom is paid, usually in cryptocurrency.
Sensitive data, such as passwords, is included in the email to add legitimacy to the threat actor’s claim that they have hijacked the machine. In reality, this information is often obtained from data breaches.
Cryptocurrency payments are integral to these threats as they enable the attackers to remain anonymous. Crypto is also being used in a range of other scams, including business email compromise (BEC) targets, according to Proofpoint.
Other times, cryptocurrency wallets are being targeted by hackers in credential phishing attacks. The threat actors typically spoof big names. Phishing for NFT credentials uses a similar technique too.
Phishing kits are readily available on the dark web, making the job even easier for potential cyber-criminals.