Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the scammers can turn a profit. Bitcoin also isn’t entirely anonymous, but the scammers know that the reward is greater than the risk.
“One of the problems these criminals face is converting ill-gotten cryptocurrency into cash,” the researchers write. “Bitcoin is the oldest of the modern generation of cryptocurrencies. It has the most users, the highest value and the largest number of trading venues and services supporting it. Bitcoin may be more traceable than other, privacy-oriented cryptocurrencies, but it is far easier to buy and sell. That’s why cybercriminals so frequently ask for payment in bitcoin. Cybercriminals also know bitcoin is the best-known cryptocurrency among their intended victims. Interestingly, the GreatHorn Threat Intelligence team found a high correlation between the frequency of cryptocurrency-related phishing attacks and the volume of Google searches related to cryptocurrency.” (A rule of thumb: if a payment method is good for legitimate remittances, then it’s also likely to be useful for transnational criminal transactions.)
GreatHorn offers two examples of sextortion emails that inform the recipient that the scammers have evidence that the victim has been watching adult content, and the scammers request just under $2000 in Bitcoin to keep their information anonymous. GreatHorn notes that in certain cases the scammers do research on their victim to make their attacks more convincing.
“Often in extortion attempts, cybercriminals have already completed some reconnaissance and may have even tracked a users’ behavior,” the researchers write. “Even if they haven’t, and their messages are way off the mark, the shock and fear a recipient feels when opening a so-called ‘sextortion’ email can be enough to elicit the criminals’ intended reaction.”
If you receive a sextortion email, you should assume it’s a scam. Even if you think it might be real, there’s no reason that the scammers would stop extorting you after you pay. New-school security awareness training can enable your employees to avoid falling for social engineering scams.
GreatHorn has the story.