Sextortion attacks are becoming more common globally and increasingly personalized
Sextortion attacks are becoming more common and increasingly sophisticated, according to a new study by network cybersecurity firm Barracuda Networks.
For those who don’t know, sextortion attacks involve a threat actor attempting to blackmail a victim by threatening to post a sexual or illicit video or other content found on the victim’s computer or other device , unless he pays him money or meets other requirements.
These are typically carried out through phishing, using credentials stolen and exfiltrated in other data breaches.
Although sextortion attacks are not new, research conducted by Barracuda suggests that they are evolving to be increasingly personalized to the victim, while demanding more money.
In an attempt to make the email more convincing, bad actors will fill their emails with personal details from other incidents or found elsewhere, such as full names, phone numbers, dates of birth, addresses, etc.
Barracuda said an example of an attempted sextortion scam email might look like the following:
“I know that this call [telephone number] or visiting [street address] would be a better way to chat with you in case you are not cooperating. Don’t even try to escape it. You have no idea what I’m capable of [city].”
Additionally, threat actors attach images to make the attack more personal, such as a picture of their home or workplace. These are often Google Maps StreetView images from the victim’s address.
The copy for these emails also becomes more unique. Barracuda said that while the copy is usually identical or has very few differences, recent observations show that threat actors are changing the language used.
For example, the line often located just above the Google Maps image has several variations, including “See you there?” », “Can you notice anything here? and “Is this the right place to meet?” »
Additionally, the line below the crypto payment information also varies, with examples shared by Barracuda including “Let me tell you, these are peanuts for your peace”, “Let me tell you, these are peanuts for your peace of mind” and “Once you have paid. , you will sleep like a baby. I keep my word. »
Threat perpetrators also demand more money in their sextortion scams. While Barracuda had previously seen payouts of just a few hundred dollars, capped at $500, recent incidents have resulted in requests for payments as high as $2,000.
Scammers are at least trying to make this money easy to pay, with some now using QR codes for quick bitcoin payments.
One of the main dangers of these scams is the victim’s refusal to report them due to their sensitive nature. As a result, emails sent in the workplace may spread to a number of people before being retrieved.
Workplaces should train their staff in security awareness and actively and regularly monitor their systems to identify scams and other threats.
Keeping accounts secure and preventing compromise is also a priority, as they are often the main entry point for attackers.