A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.
The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.
Here’s a closer look at the threat and how to prevent such ruses in the future.
What Happened in the Sextortion Case?
The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.
In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.
Are These Schemes Successful?
The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.
What Did the Sextortion Email Say?
The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “email@example.com 48 hours to pay,”
In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.
Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.
“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”
The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.
For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.
What Can Users Do?
While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.
Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:
- SPF. A sender policy framework (SPF) verifies that an email that claims to come from a domain is associated with an authorized IP address. An SPF can detect faked sender email addresses in spam filters. Hackers are less likely to target such domains for phishing attacks.
- DKIM. DomainKeys Identified Email (DKIM) lets an email receiver verify that an email coming from a domain was authorized by that domain. Senders need to attach a digital signature to each outgoing message that’s linked to a domain name. The recipient’s system can compare that signature to a published key.
- DMARC. Layered on top of SPF and DKIM is domain-based message authentication, reporting and conformance protocol (DMARC). Established in 2011, DMARC allows email senders to publish policies about unauthorized email. Also, email receivers can provide reporting to those senders. Both are designed to build a domain reputation and credibility about Domain-issued emails.
Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.
Mike Bowe | Published on December 14, 2018