Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Blackmail and Sextortion Attacks Use Panic and Threats to Lure Their Victims

    sextortion

    Preying on a victim’s fear of having “private” browsing details leaked sits at the center of these well-crafted attacks that leverage stolen or harvested passwords to establish credibility.

    Cybercriminals have upped their sextortion game. It started with the LinkedIn data breach where a simple email presenting the users old password in the subject line was enough to establish credibility in the victim’s mind that they need to respond… or face the consequences.

    But the latest data from researchers at security vendor Barracuda highlights some “improvements” in these types of attacks, used to increase the likelihood of success.

    According to the findings, here are some of the ways attackers have stepped up their game:

    • They harvest passwords – instead of using a password from many years ago, cybercriminals are now harvesting passwords using security alerts and password change request emails first, and then hitting the user with the sextortion scam. This dramatically improves their ability to collect.
    • They use high-reputation senders and IPs – attackers now send from compromised Office 365 or Gmail accounts to ensure emails end up in Inboxes and not spam.
    • They avoid virus filters – by not using malicious links or attachments, these emails aren’t flagged and quarantined.
    • They avoid spam filters – the content used in the email is constantly being changed to avoid detection.
    • They use bitcoin for payment – this makes it nearly impossible to track down the sender.

    Also, according to Barracuda, employees are twice as likely to be targeted in a sextortion scam than a business email compromise attack. And, because of the potentially embarrassing nature of the scam, these scams often go unreported.

    Organizations need to educate users through Security Awareness Training to understand the benign nature of these scams and – most importantly – how to spot malicious emails designed to harvest their passwords (which can be used for far more devious purposes than trying to solicit money via blackmail).

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews