Scammers get creative with Christmas sextortion attack 

Sextortion message - Featured image

“I know what you were doing the past couple of days,” read an email sent as part of a sextortion scam. 

It was the second time the extortionists had contacted the victim claiming spyware had been installed on his computer and that hackers were in possession of potentially embarrassing content. 

They demanded a relatively small ransom in Bitcoin and provided vague evidence of their leverage, including what they said was the victim’s porn site password.

The first threatening email was sent last week followed by another one just before Christmas. The victim contacted Naked Security and offered his case for analysis. 

The examination revealed the use of innovative techniques on the part of the hackers and a slightly different approach to sextortion.

Source – https://nakedsecurity.sophos.com/

For starters, both messages were inlined in an image. Cybersecurity experts at Naked Security suspect that this was done in order to avoid text-scanning spam filters which would likely discard an email that includes keywords such as “Bitcoin”, “porn”, and “webcam”. 

However, this prevents the target from copying the Bitcoin address and depositing cash, so the scammers used a QR code embedded in the image that bypasses the need for any textual content. In addition, the message is written in letters randomly laced with accents not used in the English language to avoid detection from an AI-based optical character recognition (OCR). 

Source: https://nakedsecurity.sophos.com/

The initial ransom was $1767 while the second one was slightly lower at $1500. The Bitcoin address was also different. Meanwhile, the messages were designed to give the impression that the person being targeted is being monitored. 

“I have been observing you. [By the way] nice car you have got there,” the message read. 

However, Naked Security experts concluded the case is most probably a scam and advised the victim to delete the emails and “move on.”