Global information security organization ESET has identified an international case of fraud threatening victims to pay via email. According to the information provided by ESET Security Specialist Ondrej Kubovic, “Cyber attackers, approximately 0.43-0.45 Bitcoin; in other words, he demands a sum of $2,000.”
“The victim is asked to pay within 48 hours of opening the email,” Kubovic said. Otherwise, the cybercriminal threatens to send the images to all people whose contact information is on the device he seized the video in question.”
Such cases of fraud are defined as “sextortion”. In previous waves of sextortion scams detected by ESET, these emails were mostly in English. However, in the latest wave of attacks, local versions focus on new targets, including Australia, USA, UK, Germany, France, Spain, Czech Republic, Russia and Turkey.
They don’t actually have such a video
According to ESET’s findings, the attackers do not actually have such a video of the victim. Similar email scams are not new and have been happening for years. ESET protects its users from similar threats thanks to its antispam technology. Sextortion can also occur when the attacker obtains real photos of the victim or a candid conversation that took place over a fake account.
It looks like it came from your own mail address
What sets the current scam apart from its predecessors is the use of social engineering to target users who watch porn content on their devices. Emails are sent to everyone and users who watch porn content are expected to respond to this scam. Some of the earlier versions even made the phishing email appear to have come from the “victim’s own email address,” bolstering the attacker’s claims that he had hacked the device.
In an older version of this scam, the attacker claimed to know the victim’s password and shared the password in the email body as proof. In this case, the attacker probably obtained this data from some of the major data leaks that contained billions of actual logins. If the user actually used the password sent to him, he may decide to pay in haste.
They are trying to turn a sensitive issue into a benefit.
Fraud is effective because pornography is a sensitive subject. Most users secretly visit pages with such content. Naturally, it will be very comfortable for family, close friends or colleagues to be aware of these visits.
Don’t be hasty
ESET Security Specialist Ondrej Kubovic said, “If you find such an email in your mailbox, avoid rushing. First of all, do not respond to scams, do not download add-ons, do not click on embedded links and never send money to attackers. If the attacker lists your real password, I suggest you change your password and enable two factor authentication on the specified platform. Indeed, in many cases, attackers actually test the login, at least using the compromised account to spread their message. Also, protect your device with reliable security software that can detect malware and other problems such as webcam hacking. ESET security software protects users against such leaks with its ‘Webcam Protection’ feature.
You can access the two-part Eset article on the subject from the links below:
Article Part 1
Article Part 2