Area 1, a cyber security firm specializing in phishing attacks, estimates hackers make an average of $593.56 in bitcoin for each payout extorted from internet users in sextortion porn email phishing attacks. The firm estimates the current total cost of the fraud at nearly $1 million.
How Does the Scam Work?
Here is what the scam looks like:
- Users receive an email with the subject line: [your name] – [one of your passwords]
- The email body states malware activated the user’s webcam while they watched porn. It then threatens to release a video to their Facebook and email contacts
- The author demands a Bitcoin extortion payment, and threatens to release the video in 24 hours if no payment is received
The scam’s success is due to the panic users feel when they see their password in the email’s subject line. This adds an aura of legitimacy to the threat, and is difficult to ignore in a moment of fear. However, cyber security experts are reassuring people that there is a simpler (and more benign) explanation for fraudsters’ knowledge.
Proofpoint Senior Vice Present Ryan Kalember states that email recipients should start by checking the Have I Been Pwned website to check if their personal information has been compromised.
“If it shows up there, you’re probably fine—this campaign seems highly automated, with just enough tweaking to get through most spam filters and email gateways,” he said. “[But], if the password doesn’t show up there, that’s more worrisome, and you should definitely investigate whether you’ve recently clicked on a phishing link for the account where you used that password, or have your computer compromised with credential-stealing malware.”
Sextortion Scams to Become More Prevalent, Sophisticated
Currently, the majority of the passwords in these emails can be traced back to a massive 2012 LinkedIn data breach that comprised as many as 100 million users’ credentials. For now, that has proven to be a bit of a break on the scam’s success, since some users see the outdated password and sense the threat is a bluff.
However, the success of the scam so far means fraudsters will most likely refine – and then ramp up – their future efforts.
Cyber security experts at Krebs on Security predict thieves will increasingly use more recent login credentials to increase the plausibility of their blackmail emails.
“I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real,” the website said. “That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.”