• A study done by Symantec shows a hike in extortion emails over the past nine months. According to the study, they have blocked over 300M malicious emails, most of which were sextortion messages.
The researchers at Symantec analyzed data from the 5,000 most-seen Bitcoin addresses in May and found that 63 of those wallets received 12.8 bitcoins through 243 transactions in a month. The scammers, according to Symantec have earned an average of nearly $106,240 in May alone, making the scam hugely popular. “During this time one bitcoin was worth approximately US$8,300, so the scammers received about US$106,240 in total in a month. So at an average, these scammers are earning well over US$1.2 million a year ($1,292,586),” the study stated.
“The sextortion scam is gaining popularity and it’s a typical case where someone hacks into your webcam, records intimate acts and threatens to send the recordings to everyone in your contact list unless you pay them several hundred dollars in Bitcoins,” said Talha Obaid, an Expert on Email security at Symantec.
According to him, Symantec’s Email Security products managed to block nearly 300 Million of such emails from January to May 2019. “We also blocked about 30 percent of such emails in February alone, when we saw a hike in them,” he informed while adding that apart from the mentioned sextortion emails, many attackers also sent emails claiming to have a recording of the user visiting an adult website. While in some cases the attackers pretended to be a member of law enforcement who found child pornography on the user’s device.
Obaid explained that the attackers used a variation in the messages by using PDF, jpeg and png images of Bitcoin addresses in attachments to evade email security. The emails, according to him, contained a password or partial phone number associated with them. “The emails were sent to make it seem like the attackers have access to the email.”
Obaid recommends using strong passwords and email protection technologies to protect oneself from such threats and extortionists. “I would also advise not opening email attachments from unknown sources,” he said, before giving us a list of five tips on how to stay safe:
Obaid’s tips on securing your email password:
- Never use the same password for every website
This is mostly common sense, however, most people hardly ever follow it. It is very important to use unique passwords for all your different online accounts so if someone gains access into one of your email accounts they will not be able to access your other accounts through sheer hit and trial.
- Enable 2FA wherever it’s available
Most of the responsible online services provide 2FA, read as two-factor authentication. The first factor is the password, off course. The second authentication factor is mostly your phone number, and a message is promptly sent to your phone which the user has to key in once the password is validated in the previous screen. This makes it really hard for an adversary to take control of your account.
- Use different email ids for different purposes
Your emails ids should be separate, have one for personal use for friends and family, another one could be for signing into online accounts and the third one just for professional use. So, if an adversary gains access to your personal email id they will not be able to access your professional emails.
- Do not click on links from unknown sources
If you don’t know who the sender is no matter how tempting it is, do not click on any links provided in the email, unless you know its something you have signed up for and it’s from an authenticated source.
- Delete unsolicited emails and attachment, do not open them
The rule is simple if you do not know who it is coming from do not open it. If you have not signed up for anything and you have an email wanting to sell you something or it says you have won an award, do not open the email or attachments in such emails as the attachment could be a carrier for malware.