Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Threat_ Research: Watch out for sextortion email scams
#1
Bug 
Quote:
[Image: sextortion.jpg]

In January, Avast protected users from sextortion campaigns which could have resulted in over 500,000 incidents worldwide

Sextortion is an emerging online scam that takes advantage of people’s fear that their most intimate moments will be exposed to the public. They usually come in the form of emails, which are not only dangerous and unsettling but can have serious real-world consequences.

Tragically, sextortion email scams have even led victims to suicide, including a case involving five separate men in the UK and one in the United States. These are just a few of these types of cases.

In January, Avast protected users from various sextortion campaigns which could have resulted in more than 500,000 incidents worldwide. Most of these attacks targeted English-speaking users in the United Kingdom and the United States, though we detected campaigns in other languages as well.

What is sextortion?

Sextortion starts with an email. Sextortion emails mislead victims into thinking the attacker owns a recording of their screen and camera and that recording contains images or videos of the potential victim in sexually explicit situations. The attackers use this claim of a recording to blackmail the victim into paying the attacker. The attacker threatens to send the recording to the victim’s contacts, friends, and family if they don’t comply. In reality, the attacker doesn't actually own any recordings and just uses social engineering techniques to try to scare and shame the potential victim into paying.

How does sextortion work?

Sextortion relies on people’s willingness to pay money in order to keep damaging secrets quiet. In a potential victim’s view, this kind of attack is a sudden threat to his or her reputation. A potential victim can think of the consequences in the Jeffrey Toobin case, for example, and see the risk of private moments being exposed to the public. The attackers prey on this fear and apply other social engineering techniques — such as limiting the time period for paying — to create an illusion that the user’s machine is hacked. They might also provide a list of activities that an attacker will take to harm the victim.

Below is one example of a sextortion email. The attacker first claims to have knowledge of the potential victim visiting adult websites — an immediate attempt to make the potential victim feel guilt or shame. The attacker claims to have complete control of the potential victim’s system and to have used that control to take or falsely create a sexually explicit video of the potential victim, asserting their control in the situation. The attacker then says that as part of that control, they can send this compromising video to the potential victim’s contacts. Finally, the attacker makes the extortion pitch, telling the potential victim they can “make it go away” by paying $1,350 in Bitcoin. The attacker adds the social engineering tactic of time pressure, saying the potential victim only has 48 hours to pay the money.

An important thing to note is that there’s no way to be sure that the attacker’s claims are true. In fact, very often the attackers behind these threats are bluffing and there is no actual video.

This is a generic example of sextortion emails. But attackers commonly prepare spam campaigns with regard to current trends and events.

We’ve tracked a variety of different sextortion campaigns in the last two months, but two types stood out as the most common. One is a series of campaigns abusing the ubiquity of Zoom during lockdowns. The other is a series of campaigns that falsely claim to have installed a Trojan on the potential victim’s system.

Zoom campaigns

The most prevalent campaign we observed took advantage of increased use of Zoom during the Covid-19 pandemic. In particular, we saw an uptick during the 2020 holiday season. Attackers claim that they’ve taken advantage of critical vulnerabilities in the Zoom application, allowing them access to a user’s device and camera. But, to be clear, we haven’t found any actual vulnerabilities in Zoom — the attackers are lying.  

Attackers use social engineering techniques and mention Jeffrey Toobin’s scandal to get victims to pay up. The rest of the email is a typical extortion email, where attackers use phrases such as “the recorded sexual act”, “access to sensitive information”,  and “terrible reputation damage” and offer up payment as a way out. 

A distinctive feature of this type of campaign is that emails look like they are sent from the user's email address to themselves. This is another social engineering technique, aiming to make it look like the attacker really does have control of their system. In reality, the “from” address has been tampered with and closer analysis reveals the real address of the sender.

Trojan campaigns

The second prevalent campaign utilizes the threat of Trojan malware. The potential victim receives an email in which the attackers claim a Trojan was installed on their machine a few months previous. The attackers also claim that this “Trojan” recorded all of the potential victim’s actions with a microphone and webcam and exfiltrated all data from the devices, including chats, social media, and contacts. They then use a common extortion scenario: attackers demand a ransom in cryptocurrencies. In the end, attackers include a note about the fake “timer” that started when the email was received, in order to set a ransom deadline.

Just like Zoom campaigns, these threats are all fake. There are no undetectable Trojans, nothing is recorded and attackers do not have your data. The timer included in the email is another social engineering technique used to pressure victims into paying.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>