Aussies in crosshairs of 'fake-tortion' email scam
SOPHISTICATED email scammers are targeting Australians with pornography and adult dating links which are then followed up with extortion attempts in an aggressive new form of attack.
Internet security firm Forcepoint says it picked up more than 33,500 such emails last week, peaking on August 16 when around 16,000 were intercepted. Australian email addresses were the main target, with France also coming under fire.
Unlike ransomware attacks, which hold users' data to ransom, the scam threatens to steal users' privacy, linking together emails that say "look at this", then "we now what you just looked at", demanding $US320 payment in Bitcoin.
The email informs the user that a virus was installed on a porn website which recorded the victim through their webcam. "Then my software collected all your contacts from messengers, e-mails and social networks," it says.
"If I don't receive my Bitcoins I'll send video with you to all your contacts."
Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.
"Cyber-blackmailing continue to prove as an effective tactic for cybercriminals to cash out on their malicious operations," he said. "In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend."
He said company email addresses were specifically targeted, which would have added additional pressure to potential victims "since it implies that a recipient's work PC was infected and may therefore taint one's professional image".
"It is important for users to verify claims from the internet before acting on them," he said. "Most online attacks today require a user's mistake before actually becoming a threat. This is something that can be mitigated by addressing the weakness of the human point."
But Mr Leonard said the scale of this campaign suggested the scammers were bluffing about having compromising information.
"While no threat can be completely discounted, the compromise of personal information for this many individuals would constitute a significant breach of one or more websites, yet no activity of this nature has been reported or identified in recent weeks," he said.
"Furthermore, if the actors did indeed possess personal details of the recipients, it seems likely they would have included elements [such as name, address or date of birth] in more targeted threat emails in order to increase their credibility. This led us to believe that these are simply fake extortion emails. We ended up calling it 'faketortion'."