Sextortion scams are evolving with personal tactics and increased intimidation. Threat actors exploit billing platforms to bypass email security filters. Robust email filters and training help counter sextortion threats effectively.
Sextortion scams are becoming more complex and personal as the scams now often target individuals across different sectors with greater precision, creating a sense of immediate threat.
The Cofense Phish Defense Center (PDC) has recently observed a notable evolution in sextortion scams, which, unlike previous versions that relied primarily on generic scare tactics, now use more sophisticated strategies that often bypass traditional security measures.
The campaigns now personalize emails, including personal details such as the target’s home address or phone number directly in the body of the email, to grab the recipient’s attention and add a layer of credibility to the scam.
Exploiting fear through technical jargon
These emails generally originate from random Gmail accounts, which are harder to trace, rather than the typical impersonated addresses seen in previous scams.
In addition to personal information, scammers have escalated their approach by including images of the target’s supposed home, workplace, neighborhood or street in attached PDF files.
The email addresses the recipient by name and specifies a specific location, followed by threats of a physical visit if the target does not comply. This mix of personal details and digital intimidation is a shift from the simpler sextortion scams that used to rely solely on the fear of compromised online privacy.
Scam emails claim that the target’s device has been infected with spyware, and often cite “Pegasus” as the malware responsible for the alleged breach. Threat actors use technical jargon to manipulate recipients into the hope that they have a limited understanding of cybersecurity. The emails claim that the attacker has been monitoring the victim for a long period of time, collecting sensitive information and even recording videos of them.
In some cases, the scammer adopts a casual tone, mixing the message with slang or compliments to make it appear as if they have been closely observing the target’s life. The message typically concludes with two choices: ignore the email and face public humiliation, or pay a cryptocurrency ransom to ensure the allegedly compromising material is never released.
A recurring part of these scams is the demand for payment in Bitcoin or other cryptocurrencies. Scammers often provide a Bitcoin wallet address, sometimes along with a QR code to facilitate the payment process.
Another notable shift in sextortion campaigns is the use of billing services to deliver phishing emails. These services allow threat actors to send emails that bypass certain security protocols by obscuring the sender’s information. Since these billing platforms handle the email’s delivery, their legitimate headers and content often allow the message to avoid detection.
To combat these evolving scams, individuals and organizations must remain informed and vigilant. Educating users about the nature of sextortion scams and the tactics used by attackers can reduce the likelihood of becoming victims.
You also like
