Photo: Unsplash
Email cyberattacks claiming to know people’s sexual proclivities continued to attack Canadians and people in other counties through 2019, a new report says.
So-called “sextortion” is done via malware on computers that potentially allow outside actors to activate cameras and microphones, said a Nov. 7 Proofpoint report.
Proofpoint threat intelligence analyst Chris Dawson said sextortion preys on the fears and insecurities of recipients, often using stolen passwords and other social engineering tricks to convince recipients that their reputations are actually at risk.
In one such email campaign in September, users were sent an attachment (usually a PDF) requesting payment by Bitcoin to avoid video and other supposedly captured evidence of potentially embarrassing online activity being sent to the recipient’s email and social media contact list.
A message might appear from someone claiming to know about a person’s daily life and internet activities. It will also claim partial knowledge of a password.
It goes on to say the malware has collected contacts from email, Messenger, Facebook.
“I created a double screen video,” an example of the scam said. “The first part shows the video you were watching (you have nice taste), and the second part shows the recording of your camera (it is you).”
It then threatens humiliation and ruining of relationships if the user does not pay $1,000. The email says the information will be deleted on payment.
Examples of subject lines in the emails, Proofpoint said, are:
- Can publish everything;
- Dirty video of you;
- I know everything;
- I recorded you;
- Pervert;
- Recorded you;
- Save yourself;
- Seen everything;
- Video of you;
- You better pay me;
- You got recorded;
- You pervert;
- Your chance; and
- Your privacy.
“This malware module contains a dictionary containing pornography-related keywords used to monitor open window titles,” the report said. “If a window matches the text, it will begin to record audio and video on the infected machine. Once recorded, the video is saved with a ‘.avi’ extension and is sent to the command and control server, and then (presumably) used for extortion purposes.”
Such malware frequently uses what are called remote-access Trojans – or RATs; the use of RATs has increased dramatically in many sectors in 2019.
Many rely on social engineering, the human factor, “ the instincts of curiosity and trust that lead well-intentioned people to click, download, install, open and send money or data,” Proofpoint said.
The company’s Human Factor Report 2019 said the best protections against attacks for companies facing such issues include finding out who is most at risk for attacks, education, robust email protections and ensuring systems are secure.
“Individuals receiving sextortion emails should assume the sender does not actually possess screenshots or video of any compromising activity and not click any links or open attachments to verify the sender’s claims,” Dawson said.
“Additionally,” Dawson said, “we recommend that users maintain updated antivirus, keep systems patched, and, if working on a corporate network, implement layered defences at the email gateway and network edge to avoid infection with malware such as PsiXBot or spambots that can contribute to this problem.”
