“I have some bad news for you.” Or “Dear Prey.” That’s how the sextortion scam email begins. Then, after a couple of paragraphs, which are meant to scare the hapless victim to the point of being a shivering wreck, comes the killer: there is a demand for payment by bitcoin – it’s another one of those bitcoin ransom emails, but of course, usually, in fact nearly always, they are scams. Sextortion scams sent out by random, in the hope of catching a victim with a guilty conscience.
Proofpoint cybersecurity researchers have discovered that cybercriminals are making tens of thousands of dollars through ‘sextortion’ scams.
According to Proofpoint, “these blackmail emails claim to have compromising information about the recipient and threaten to expose a range of observed illicit activities.”
Proofpoint said that attackers “are preying on the fears and insecurities of victims by using stolen passwords and other social engineering tricks to convince recipients that they have compromising images of them and that their reputations are at risk.”
These appear to be the kind of vulnerabilities that Daniel Kahneman talked about in his book “Thinking fast and slow.” The more primeval, fast way of thinking, the instinctive way, can take over, and our more thoughtful logical way of thinking starts to try and justify our more immediate reaction.
See also: Phishing attacks — can AI help people provide a fix? – AI isn’t quite like having a cyber security expert on your shoulder, but it could be the next best thing, Paul Chapman, co-founder of Cybershield, told us.
The logical side of our brain might suggest the email is a scam, but even the more technical literate person who can normally sport a bitcoin ransom email scam a mile off, might lose such sense of rationality when it involves them and they in turn become victims of sextortion.
For the first time, Proofpoint observed a sextortion campaign that also includes a link to ransomware with social engineering designed to extort money from recipients either via ransomware or the standard Bitcoin payment typically associated with sextortion. The campaign included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware.
Proofpoint has this advice: “Individuals receiving sextortion emails should:
- Firstly assume the sender does not actually possess screenshots or video of any compromising activity
- and secondly should not click any links or open attachments to verify the sender’s claims.
In fact, for such sextortion emails to be genuine, the perpetrator would have to work extraordinarily hard. Somehow they have to trick people on agreeing to giving them access to the camera on their computer. In reality, they are likely to focus their efforts on much easier scams.
Related: “Sextortion”: combating the webcam criminals – The evolving crime of “sextortion” should be understood better by the name of a crime everybody knows well: blackmail