- Sextortion scams evolve with personalized tactics and increased intimidation.
- Threat actors exploit billing platforms to bypass email security filters.
- Robust email filters and training help counter Sextortion threats effectively.
Sextortion scams are becoming more complex and personal, as they now frequently target people from different sectors with greater precision, creating a sense of immediate threat.
Cofense Phish Defense Center (PDC) recently observed a notable evolution in sextortion scams, which unlike previous versions, which relied mainly on generic scare tactics, now use more sophisticated strategies, often bypassing traditional security measures.
Campaigns now personalize emails, including personal details such as the recipient's home address or phone number directly in the body of the email, to capture the recipient's attention and add a layer of credibility to the scam.
Exploiting fear through technical jargon
These emails usually come from random Gmail accounts, which are harder to track, rather than the typical spoofed addresses seen in previous scams.
In addition to personal information, scammers have intensified their approach by including images of the target's supposed home, workplace, neighborhood or street in attached PDF files.
The email addresses the recipient by name and provides a specific location, followed by threats of a physical visit if the target does not comply. This combination of personal data and digital intimidation is a change from simpler sextortion scams that used to be based solely on fear of compromising online privacy.
The scam emails claim that the target's device has been infected with spyware, often citing “Pegasus” as the malware responsible for the alleged breach. Threat actors use technical jargon to manipulate recipients in the hopes that they have limited knowledge of cybersecurity. The emails claim that the attacker has been monitoring the victim for an extended period, collecting sensitive information and even recording videos of her.
In some cases, the scammer adopts a casual tone and mixes the message with slang or compliments to make it seem like he or she has been closely observing the target's life. The message typically concludes with two options: ignore the email and face public humiliation or pay a ransom in cryptocurrency to ensure the allegedly compromising material is never disclosed.
A recurring part of these scams is the demand for payment in Bitcoin or other cryptocurrencies. Scammers often provide a Bitcoin wallet address, sometimes along with a QR code to facilitate the payment process.
Another notable change in sextortion campaigns is the use of billing services to send phishing emails. These services allow threat actors to send emails that bypass certain security protocols by disguising sender information. Since these billing platforms handle the delivery of the email, their legitimate headers and content often allow the message to avoid detection.
To combat these evolving scams, individuals and organizations must stay informed and vigilant. Educating users about the nature of sextortion scams and the tactics employed by attackers can reduce the likelihood of falling victim.
