There is a new type of phishing email circulating and bypassing email security solutions. The email attempts to obtain payment from victims who believed they have been watched while performing explicit activities.
In the past week, Proven Data received the following email:
The cybercriminal instills the fear that he has been watching the victim’s activity. Specifically, the attacker makes it look like the victim was being recorded while watching explicit videos. This email can make people feel intimidated if they were indeed performing the activities described in the email.
Email spoofing is the attacker pretending to be someone else by modifying the email headers. Most of the time it can be someone that you may recognize from your address book. At a first glance, these emails may appear to be coming from a trusted source.
It is imperative that users look at email headers to determine the real origins of emails. Attackers can utilize email spoofing techniques to hide their true email address identity. As an intimidation technique, they will mention that they hacked the email address and sent the email from the victim’s account. The “From” and “To” addresses may appear to be similar in a normal user’s eyes. However, after further research of the email headers, we can see that the email address is different.
On the email headers, we can see further details as to the origins of this email. There are two IP addresses; 18.104.22.168 from Russia and 22.214.171.124 from Romania. Russia’s address is where the email originated.
Additionally, on the email headers, we can see the real email address of the sender; [email protected] on the “envelope from” field.
There are no transactions on the bitcoin blockchain explorer made to this wallet. This could mean two possibilities. Either the attacker explicitly created a bitcoin wallet for this victim or the attacker has not received any payments from victims.
Fear and Intimidation
The main tactics used by the attacker on this email are fear and intimidation. The cybercriminal creates a scenario where victims will feel intimidated if they performed the activities described in the email. Then the fear of the video being released to the public entices victims to complete payment. Therefore, payment is a pleasurable solution for people who were performing these activities and have the fear of others knowing.
Cyber Extortion On The Rise
Cyber extortion continues to increase as cybercriminals’ tools and abilities become more sophisticated. We have seen an increase in complexity and techniques making some emails appear to be legitimate. For example, last week, Proven Data received a fake Amazon email confirmation that bypass our Email Security firewall. Since then, we have added additional controls to mitigate similar phishing emails from passing through. We know that their sophistication will continue to increase. Our systems and users are prepared to detect and prevent any phishing attempt from infecting our network.
How to Stay Protected
There are multiple ways to stay protected against this type of phishing attempt. We know that the attacker utilizes fear and intimidation to request payment from the victim. Furthermore, we know that the attacker makes victims believe that their email has been compromised by utilizing email spoofing techniques.
- Email Security –It is essential that businesses implement an email security system that prevents most emails from reaching the end user. There are times, however, where certain emails will bypass the system and reach the user. On those occasions, anti-malware software and user training are critical. Having this layered security strategy will increase data protection and improve security posture.
- Avoid intimidation – It is important to avoid intimidation made by potential cyber attackers. Attackers will find ways to pressure victims to send payment. This can be done through the vishing or phishing techniques. Users should have social engineering awareness training in order to detect malicious intentions.
- Inspect email headers – Inspecting email headers will help in providing additional information as to where the email originated.
It is important not to send money if there is no proof that you have been affected. In ransomware attacks, we know that an attacker can encrypt user files and request for payment. Sometimes, paying