Sextortion (porn blackmail) scams distributed over email are becoming increasingly popular. Individuals from all over the world are receiving threatening email messages from people (scammers) that claim they have video recordings made via the individuals’ device camera. The recording purportedly contains video of the recipients watching adult content.
These emails are becoming highly personalized in the attempt to trick the potential victim into paying a large amount of money, usually in Bitcoin. The latest such sextortion scam we detected in the wild used the attention-grabbing “ATTENTION! You are screwed now [email name]” subject line. Here’s a part of it:
Do I have your attention?
You are really screwed now and you better read this… !
Your device was recently infected with a software I developed,
and now you have a problem you need to solve,
because it has gone too far..
You probably noticed your device is acting strangely lately.
That’s because you downloaded a nasty software I created
while you were browsing the Ƿornographic website…
The software automatically:
1) Started your Ƈamera and begun recoding you,
uploading the footage to my server…
2) Recording your device screen
3) Copied all your contact lists from mail program, facebook
and your device chain
4) Started logging what you write
Spam is nothing new but the highly personalized approach in recent sextortion and other scams shows that spam operators are looking for more efficient ways to monetize their attacks. Even though payments are not as likely as in ransomware extortion, the cost of spam is essentially zero and a few payments would still be enough to motivate further spam campaigns. And perhaps that’s what has been happening in the past several months.
Have you received a sextortion email? If yes, you must have wondered how the spammers obtained your email address. Here are four reasons for that sextortion email in your inbox.
Q: Why Do I Receive Spam Blackmail Emails? Why Do Spammers Have My Email Address?
A: Your email was breached.
Several huge data breaches occurred in the span of a couple of years. Let’s take the Yahoo data breach. In 2017, the company finally admitted that its data breaches compromised 3 billion accounts. Other major breaches that affected millions of people from all over the world includeMarriott (500 million customers), LinkedIn (164 million), Adobe (153 million), eBay (145 million), Sony’s PlayStation Network (77 million), and Ashley Madison (31 million), to name a few.
You can check your email address via Troy Hunt’s Have I Been Pwned website. There, you can easily check if your email account has been compromised in a data breach. The website also features detailed information on the largest data breaches which may have exposed your email account as well.
If it turns out that your email has been compromised in a data breach, you should change its password. Use a unique password for each of your accounts, and forget about the dangerous habit of using one password (or a variation of the same password) for all your accounts.
A: Your email was spoofed.
If the spam message appears to have been sent from your email address, it has been spoofed. Such scams usually claim that the recipient’s email was hacked, and that’s why the email appears to be sent from it. However, this is not true and you should not worry about your account being hacked.
The truth is that spam operators have been spoofing email addresses for a long time. In the past, spammers got hold of email lists with the help of computers infected by malware. Nowadays, phishing has evolved to such an extent that spammers can phish carefully chosen victims with messages that look like they came from friends, trustworthy sources, or even their own account.
The tools that enable email spoofing are surprisingly easy to get. All you need is a working SMTP server which is a server that can send email, and the right mailing software, LifeHacker’s author Alan Henry explains.
Furthermore, any mail server can be configured to send from a specific domain, and there are even websites that will let you send emails using any email address for free. It should be noted that these methods leave traces that give spoofing away. That’s why it is important to learn how to read email headers.
Note that showing your email headers depends on the email provider. For Gmail, open the email and click on the three vertical dots next to the reply arrow and select “Show Original” to revise the details.
A: Your email address was harvested.
Did you know that the process of collecting email addresses in large-scale amounts is called email harvesting? Email harvesting can be done via different methods but the purpose is usually the same – to use collected data for spamming or sending bulk emails.
There are special programs that automate the process of email harvesting. In most cases, a spam bot is used for searching email addresses in web pages. These are then added to a database and sold to spammers.
What can you do to avoid email harvesting?
A: You can use the following tactics:
– Email address munging. Simply change the “@” sign into “at” and the “.” into “dot”;
– Turning an email address into an image;
– Using an email contact form;
– Using email address obfuscation through HTML. For example, one can insert hidden elements within the address to make them appear out of order and use cascading style sheets to restore the correct order.
– Prompting users to enter a correct CAPTCHA before divulging the email address;
– Using a CAN-SPAM notice enabling prosecution of spammers under the CAN-SPAM Act of 2003. The website administrator must post a notice that “the site or service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.”;
– Monitoring the mail server. This method can be implemented at the recipient email server. It rejects all email addresses as invalid from any sender specifying more than one invalid recipient address;
– Using a spider trap. This is a part of a website built to combat email harvesting spiders.
NOTE. Since all recent extortion-based scams are relying on purported recordings of the recipient watching adult content, simply cover up your laptop’s camera. This may sound silly but knowing that your camera is covered leaves no place for you to worry, regardless of the scammer’s claims.
A: Your computer was infected.
This option should not be overlooked, especially if you have opened a suspicious email attachment or clicked on an unknown link. Phishing can lead to various outcomes, including the exposure of personal accounts.
The funny thing is that all popular 2019 phishing scams are also deployed via email messages as the main distribution tactic. The recipients are usually sent messages that are disguised as legitimate notifications from a service, program, product or another party concerning a certain type of interaction which is required. Most of the times the scams are related to account activity, fraud transactions or password reset reminders.
All of these may be legitimate reasons for sending out activity messages and as such can easily be confused with the real notifications. In almost all cases similar sounding domain names and security certificates (self-signed, stolen or hacker-issued) will be implemented in the landing pages to confuse the recipients that they are visiting a safe site.
If you have interacted with such a phishing message, your accounts may have been compromised, email accounts included. Your financial details may be at risk, as well. So it may be a good idea to scan your system for spyware or malware.