Clik here to view.
Key findings
- Barracuda threat researchers have identified evolving tactics being used by cybercriminals in targeted sextortion scams.
- Criminals are now frequently using victims’ addresses and photos of their homes to better personalize sextortion phishing attacks and increase the pressure to pay.
- Extortion demands are increasing from hundreds to thousands of dollars, and criminals are making it easier for victims to pay with quick response (QR) codes.
Understanding the threat
Sextortion scams are a type of extortion where criminals attempt to extort money from victims by threatening to release explicit images or videos unless demands are met. Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim to have compromising content, allegedly from the victim’s computer, and threaten to publicly share it if victims don’t pay up.
Evolving tactics add personalization and pressure
Barracuda research shows that extortion emails make up roughly 3% of the total number of targeted phishing attacks detected annually. Most of these are sextortion attacks. Every incident is a serious crime with potentially devastating impact that can range from monetary loss to significant emotional and mental distress.
Barracuda researchers have identified evolving tactics — including advanced personalization — being used by criminals in these targeted attacks.
Criminals are leveraging the personal data of targeted victims, including full names, telephone numbers, and addresses, to make their sextortion attempts more threatening and convincing. The sextortion emails address the victim by their first and last name, and the opening sentences of the email include the victim’s telephone number, street address, and city.
In many cases, emails start with copy like this: “I know that calling [telephone number] or visiting [street address] would be a better way to have a chat with you in case you don’t cooperate. Don’t even try to escape from this. You have no idea what I’m capable of in [city].”
Examples of sextortion emails
Image may be NSFW.
Clik here to view.
Criminals are using the full names, telephone numbers, and addresses of targeted victims to make their attempts more threatening and convincing.
Image may be NSFW.
Clik here to view.
An image of the recipient’s location, based on either their home or work address, is now being included in sextortion emails.
Image may be NSFW.
Clik here to view.
Some of the latest sextortion emails include a quick response (QR) code to make it easier for the victim to send their bitcoin payment to the criminals.
Image may be NSFW.
Clik here to view.
While most of the copy in the sextortion emails is identical or very similar, there are some variations being used, including in the stand-alone line that appears just below the bitcoin payment information.
Protecting against sextortion scams
Sextortion emails are usually sent to thousands of people at a time as part of larger spam campaigns, so most get caught in spam filters. But attackers also vary and personalize the content of the emails, making them more difficult for spam filters to detect and stop.
Scammers are continually evolving their email fraud techniques, including using social-engineering tactics to bypass traditional email security gateways. Sextortion emails that end up in inboxes typically do so because they originate from high-reputation senders and IPs; hackers use already-compromised Microsoft 365 or Gmail accounts.
Here are several ways to defend against sextortion scams:
AI-based protection — Attackers are continually adapting sextortion emails to bypass email gateways and spam filters, so a good spear-phishing solution that uses AI to detect and protect against these and other email attacks is a must.
Account-takeover protection — Many sextortion attacks originate from compromised accounts; be sure scammers aren’t using your organization as a base camp to launch these attacks. Deploy technology that uses AI to recognize when accounts have been compromised, allowing you to remediate in real time by alerting users and removing malicious emails sent from compromised accounts.
Proactive investigations — Given the nature of sextortion scams, employees might be less willing than usual to report these attacks due to the intentionally embarrassing and sensitive nature of the threats. Conduct regular searches on delivered mail to detect emails related to password changes, security alerts, and other content. Many sextortion emails originate from outside North America or Western Europe. Evaluate where your delivered mail is coming from, review any of suspicious origin, and remediate.
Security-awareness training — Educate users about sextortion fraud, especially if you have a large and diverse user base. Make it part of your security awareness training program. Ensure employees can recognize these attacks, understand their fraudulent nature, and feel comfortable and know how to report them. Use phishing simulation to test the effectiveness of your training.
System maintenance — Keeping browsers and operating systems up-to-date helps prevent exploits from infecting computers. Sextortion emails can infect targets’ devices with malware, and keeping browsers and operating systems up-to-date prevents infection.