A new version of sextortion Phishing scams is using alternative cryptocurrency wallet adresses other than Bitcoin(BTC)trade in an attempt to bypass email protections i.e. Secure Email Gateways (SEGs), according to a new report.
On Tuesday, Cofense, a leading provider of human-driven phishing defense solutions, revealed that a new malicious technique has been successfully deployed, which helps scammers to bypass security layers implemented by email providers and their Secure Email Gateways (SEGs).
Describing the common pattern followed by typical sextortion scam, Cofense said that a fraudulent email is first sent to the victim consisting of malware which installed automatically upon clicking on a link. Once installed in the recipient’s computer, the malware is used to spy on the victim.
The malware is capable of recording the browsing history of victims, including of course visits to adult websites, and it can also access webcam footage showing the victim. Ransom is then demanded by the scammers, usually in cryptocurrency like Bitcoin by threatening them to publicize the compromised information collected by the scammer.
The scammers use plain text extortion email to threaten the victim and demand the crypto payment. Several email securities filters have been implemented by enterprises to block these kind of emails. The Bitcoin addresses are usually in a string of plain text to which the recipients of a sextortion email could make a payment.
However, the scammers replace the plain text with images that avoid keywords being caught by Secure Email Gateways. Security programs usually looked for Bitcoin addresses in the form of plain text and images to block these emails, which force the scammers to switch from Bitcoin to alternative digital currency.
Cofense further explain that these fraudsters have found a new way to avoid detection. They have reportedly started using Litecoin (LTC)trade addresses to bypass SEG detection rules. Previously, the scammers started to identified the patterns and keywords and gradually crafted the extortion emails according to that. In addition to that, they have also switched to alternate cryptocurrencies which made it hard for enterprises to identify the sextortion emails.
Cofense notes:
“[T]hreat actors can switch to the next crypto currency and attempt to iterate through all the scam’s previous versions. While there are thousands of crypto currencies, only a dozen or so are easily attainable from large exchanges. For the scam to work, the recipient needs an easy way to acquire the requested payment method.”
Sextortion scams have been around for years but the intensity of these type of crimes has been increased after the arrival of cryptocurrencies. Avoiding these emails is simple. “Your users can safely ignore the emails—if threat actors actually had such access and data, they would include a stronger proof,” Cofense said.
