Last month, we reported on a new form of email scam that uses recipients' real passwords as proof that their online data has been hacked. As part of the con, blackmailers demand money from the person being scammed, along with threats of releasing a video of their supposed visitation of a porn website if the listed demands aren't met. However, it was also discovered that the sent passwords were actually over 10 years old in every such case, likely obtained from multiple corporate break-ins that occurred more than a decade ago.
Unfortunately, it seems that many of the people being blackmailed are unaware of the aforementioned facts - as per a new report from security firm Vade Secure, that reveals several interesting details regarding the ongoing sextortion scam.
Vade Secure offers an email filtering service against phishing scams such as this and, as such, has witnessed firsthand around 600,000 sextortion emails blocked by its filter engine in the past couple of months. After observing the emails, 90% of them have been found to be typed in English, while a small percentage have been written in poorly translated French. Apparently, in most cases, the sender addresses are random Hotmail and Outlook addresses, presumably auto-generated. An example of such emails can be observed below:
It has also been noted that hacked IoT products, websites, routers, and more are being used to send these emails. This form of phishing does not require a webmail client; instead, the command line in the Linux operating system used by IoT products is utilized for this purpose.
Sebastien Gest, Tech Evangelist at Vade Secure, warned users that refined versions of this scam are appearing, noting:
"We continue to see—and catch—new versions of these sextortion scam emails each day, thanks to our heuristic filters. The hackers appear to be analyzing the performance of their attack and tweaking the messages in an attempt to avoid detection by email security products like Vade Secure."
It should be noted that a majority of the 600,000 discovered emails included different bitcoin addresses where the ransom was supposed to be paid. However, slight variations were employed in some of them, like a bitcoin address obfuscated with an asterisk, or an email address to contact for receiving further payment instructions.
Unfortunately, after analyzing some of the bitcoin addresses present in the emails, the security firm discovered that a total amounting to $30,100 has been paid as ransom to these addresses to date. An example of such a payment made on July 25 can be observed here.
Keeping in mind that this scam is "ongoing and iterative", it is advised to periodically change your passwords and refrain from signing up at unknown websites.
Source: Vade Secure