Security Awareness Training Blog

    New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

    social engineering doxing victimsAccording to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.

    Victims of this new type of sextortion scam are socially engineered by cybercriminals posing on dating and adult sites, slowly collecting personal information about their victim. Once enough personal detail has been gathered, those details are published on a relatively public forum and the victim is instructed to pay a fee in bitcoin to have the detail removed.

    While this is a bit of a long-term play, it appears like it can be far more effective than the original sextortion scams we covered where all that was needed was an old password obtained years ago in a massive data breach to scare victims into paying an extorted fee.

    This kind of scam demonstrates the lengths the bad guys will go to (and the patience they have) to see their scam through to the end. Whether the scam is sextortion doxing or sending a malicious attachment disguised as a fake invoice, cybercriminals will look to use social engineering tactics to accomplish a few things:

    1. Create the urgency or comfortability needed for the scam
    2. Establish credibility
    3. Engage the victim to create some form of emotional connection
    4. Get them to perform a needed action

    In this case, the action was to give up personal information, but with social engineering-based scams, it can just as easily be to commit fraud by issuing a wire transfer to a bogus vendor.

    Employees while at work and home need to be cognizant of the use of social engineering as a key tactic in any good scam. By leveraging Security Awareness Training, organizations can educate employees on how these tactics work, how to spot them, and to avoid falling for their crafty lure.

    Hopefully, none of your employees are engaged in such activities, but do keep in mind, the extortion “payment” can just as easily be “give me your credentials” as it can be “pay me in bitcoin”.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Social Engineering, Security Awareness Training, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews