Two Million Extortion Emails Blocked Every Day
The cyber security & compliance experts at Proofpoint say they block one million extortion e-mails every single day, increasing to two million on higher volume times. This figure sometimes has gone over two million on high volume days. Most of the emails claim to have webcam video of the victim engaging in inappropriate sexual activity.
The attacker then threatens to distribute the alleged footage to email contacts unless a ransom is paid.
These typically appear with some variation of a sextortion theme, in which the attacker claims to have a webcam video clip of the sufferer looking at porn and threatens to distribute it to all their email contacts, unless a ransom is paid in crypto currency, usually Bitcoin. Due to the nature of the claims made in the emails, victims are either lured or scared into giving away sensitive information or making a ransom payment.
This sort of threat is not new, but Proofpoint has highlighted how widespread and common they have become.
Easy-to-use DIY phishing kits readily available on the Dark Web make the job even easier for cyber criminals and victim information such as passwords obtained from the Dark Web are sometimes included in the extortion email to add legitimacy to the threat actor’s claim that they have successfully hacked the machine. However, these passwords are usually obtained from data breaches.
Since 2016, the UK’s National Crime Agency (NCA) has been aware of thousands of victims were falling to sextortion scams in Britain every year.
Crypto currency payments are a key part of these threats, enabling the attacker to remain anonymous and in some cases, crypto currency wallets themselves are targeted in credential phishing attacks. Threat actors typically spoof big names in the industry, such as the crypto currency exchanges Celo and Binance and wallet vendor Trusted. Indeed, phishing for NFT and wallet credentials use similar techniques, say Proofpoint.
Thousands of victims fall victim to sextortion scams around the world each year and Proofpoint makes it clear that the threat remains high.
Proofpoint: Proofpoint: National Crime Agency: National Crime Agency: Oodaloop:
Infosecurity Magazine: Alltech:
You Might Also Read:
Future Phishing Attacks Will Use Generative Machine Learning: