Symantec Threat Intelligence: The Revival of Email Scams
Almost 300 million extortion scam emails were blocked by Symantec in the first five months of 2019.
To read the full report please visit https://www.symantec.com/blogs/threat-intelligence/email-extortion-scams
An email arrives in your inbox, with one of your old passwords in the Subject line. Your curiosity is piqued, and you click into the message, only to discover that someone has allegedly hacked your webcam and recorded you engaged in some intimate acts, and they are now threatening to send this recording to everyone in your contact list. However, if you send the anonymous blackmailer a few hundred dollars in bitcoins they promise that no one will see the embarrassing footage.
Most of these sextortion-style scams follow largely the same pattern, with variations in the messages such as using attachments or obfuscated characters, etc., applied in an attempt by attackers to evade email protection technologies. For example, some spam filters might work by blocking emails with Bitcoin addresses in the body—hence why attackers may have then turned to using PDF attachments or obfuscated text to try to bypass the spam filter.
The majority of emails also contain
a password or partial phone number previously (or perhaps
still) associated with the email address the email is sent
to. This is included to make it appear the attacker has
access to private information about the recipient—when in
fact they almost certainly obtained it from one of the many
large password dumps of recent years.
As these email extortion scams are typical cyber crime activity, it is not clear exactly who is behind these attacks, but Symantec believes that a minimum of two cyber crime groups are engaged in this kind of activity, though there are potentially also many others. The barriers to entry for criminals are quite low for these scams—they do not necessarily require a huge degree of technical knowledge, and criminals only need a small percentage of them to be successful to make a profit.
These scams are still being actively sent, so consumers should be aware of these scams and the steps they can take to avoid falling victim to them.
• Ensure you have strong email protection technologies in place, such as the products provided by Symantec, that will stop these emails from ever reaching your inbox.
• Do not open emails or attachments, or click on links in emails, that are unsolicited or from unknown sources.
• If you do receive one of these emails, do not panic, do not respond, do not click any links or open any attachments, and do not send money to the attackers. Mark the email as spam and, if you feel it is necessary, alert authorities about the email.
• Ensure all your online accounts are protected with strong, unique passwords, and enable two-factor authentication where possible. If you think your account has been compromised or your password revealed in a password dump, you should change it immediately.
the full report please visit https://www.symantec.com/blogs/threat-intelligence/email-extortion-scams