New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

social engineering doxing victimsAccording to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.

Victims of this new type of sextortion scam are socially engineered by cybercriminals posing on dating and adult sites, slowly collecting personal information about their victim. Once enough personal detail has been gathered, those details are published on a relatively public forum and the victim is instructed to pay a fee in bitcoin to have the detail removed.

While this is a bit of a long-term play, it appears like it can be far more effective than the original sextortion scams we covered where all that was needed was an old password obtained years ago in a massive data breach to scare victims into paying an extorted fee.

This kind of scam demonstrates the lengths the bad guys will go to (and the patience they have) to see their scam through to the end. Whether the scam is sextortion doxing or sending a malicious attachment disguised as a fake invoice, cybercriminals will look to use social engineering tactics to accomplish a few things:

  1. Create the urgency or comfortability needed for the scam
  2. Establish credibility
  3. Engage the victim to create some form of emotional connection
  4. Get them to perform a needed action

In this case, the action was to give up personal information, but with social engineering-based scams, it can just as easily be to commit fraud by issuing a wire transfer to a bogus vendor.

Employees while at work and home need to be cognizant of the use of social engineering as a key tactic in any good scam. By leveraging Security Awareness Training, organizations can educate employees on how these tactics work, how to spot them, and to avoid falling for their crafty lure.

Hopefully, none of your employees are engaged in such activities, but do keep in mind, the extortion “payment” can just as easily be “give me your credentials” as it can be “pay me in bitcoin”.

Get Your CEO Fraud Prevention Manual

CEO-Fraud-PagesCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Get Your Manual

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews