Cryptocurrencies and Email Extortion Trends

Cryptocurrencies and Email ExtortionResearchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the scammers can turn a profit. Bitcoin also isn’t entirely anonymous, but the scammers know that the reward is greater than the risk.

“One of the problems these criminals face is converting ill-gotten cryptocurrency into cash,” the researchers write. “Bitcoin is the oldest of the modern generation of cryptocurrencies. It has the most users, the highest value and the largest number of trading venues and services supporting it. Bitcoin may be more traceable than other, privacy-oriented cryptocurrencies, but it is far easier to buy and sell. That’s why cybercriminals so frequently ask for payment in bitcoin. Cybercriminals also know bitcoin is the best-known cryptocurrency among their intended victims. Interestingly, the GreatHorn Threat Intelligence team found a high correlation between the frequency of cryptocurrency-related phishing attacks and the volume of Google searches related to cryptocurrency.” (A rule of thumb: if a payment method is good for legitimate remittances, then it’s also likely to be useful for transnational criminal transactions.)

GreatHorn offers two examples of sextortion emails that inform the recipient that the scammers have evidence that the victim has been watching adult content, and the scammers request just under $2000 in Bitcoin to keep their information anonymous. GreatHorn notes that in certain cases the scammers do research on their victim to make their attacks more convincing.

“Often in extortion attempts, cybercriminals have already completed some reconnaissance and may have even tracked a users’ behavior,” the researchers write. “Even if they haven’t, and their messages are way off the mark, the shock and fear a recipient feels when opening a so-called ‘sextortion’ email can be enough to elicit the criminals’ intended reaction.”

If you receive a sextortion email, you should assume it’s a scam. Even if you think it might be real, there’s no reason that the scammers would stop extorting you after you pay. New-school security awareness training can enable your employees to avoid falling for social engineering scams.

GreatHorn has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews