A new form of online blackmail by cyber criminals who attempt to extort crypto-currency by claiming to have potentially embarrassing evidence of people using adult websites on work computers is adding to the tide of cyber-related incidents hitting businesses.
So-called ‘sextortion’ involves an email from someone claiming to have accessed the recipient’s work computer. The sender says they have tracked the addresses of pornographic websites the recipient has viewed and to have simultaneously recorded footage of their activity while watching these sites using their webcam.
They threaten to humiliate the recipient by sending all of their email contacts details of their online activity if their demands are not met. The emails often contain a link or zip file they claim directs the recipient to evidence of the internet usage or webcam activity or to a website to pay the crypto-currency ransom. If clicked on, the link may in fact spread malware that can steal information and GandCrab, a common ransomware used by hackers to lock-up the computer until the ransom is paid.
There is no sign yet that the targets of sextortion are anything other than hoaxes targeting random individuals, and it often turns out that no data has been compromised. However, a small number of emails sent out to thousands of recipients may indeed hit home. If these individuals did engage in inappropriate behaviour on their work computer, they could be vulnerable to extortion.
In the fourth quarter of 2018, Beazley Breach Response (BBR) Services was notified of these cases by several commercial clients involving demands for crypto-currency worth hundreds or thousands of dollars.
This comes as cyber-attacks on business email accounts continue to rise sharply. In 2018, the total number of email compromises handled by BBR Services increased by 133%, and the upward trajectory continues.
To increase the authenticity of the demand, in some cases, the email will include an old or current password linked to the recipient’s email address. Such information is often obtained via the dark web where user credentials that have been compromised in earlier data breaches are dumped and sold by cyber criminals.
Helen Nuttall, international breach response manager at Beazley said:
“BBR Services is seeing sextortion emails being sent to individuals in multiple countries, including the UK, and across different industry sectors, from SME to large business. They are sent in the recipient’s local language, and often include reference to passwords known by the user. These emails are convincing as they often appear to come from within the individual’s own email account. This immediately makes the recipient believe that the account has been compromised. Combine this with the fear of potentially humiliating content being distributed to your friends/family/colleagues, it is easy to see why people are lured into paying the bribe.
“Sending spoofed emails is nothing new, but as these scams become more sophisticated, users need to be aware of the tactics. Don’t panic, delete the email, and perform a thorough scan of your computer using a recognised anti-virus solution. If the email comes from your business email domain, alert your IT department, who should take steps to lock down the domain.”
Katherine Keefe, head of BBR Services at Beazley, said: “As with all types of cyber-attacks employers need to treat seriously email compromise in its many forms. The sources of these emails should be scrutinized and organizations need to ensure employees are aware of practical measures to protect their data, such as via phishing training, and of ways to reduce the instances of email compromises escalating into a more serious cyber incident for organizations.”
Compromises can be expensive and costly in terms of an organization’s reputation, however they are also preventable. See https://www.beazley.com/news/2019/beazley_breach_insights_february_2019.html for advice on how to deal with an email compromise and to read the latest BBR Insight.