INSUBCONTINENT EXCLUSIVE:
Security researchers from Cofense have discovered that cybercriminals have now begun to modify existing sextortion scams by demanding
payment from victims in cryptocurrencies other than Bitcoin.The threat actors behind sextortion scams typically send an email, in which they
tell their potential victims that they have installed malware on their systems and used it to record them looking at adult content online
Ransom is usually demanded in Bitcoin with the threat that if it is not paid, the cybercriminals will send the videos or images they've
captured to a victim's family and colleagues.However, since the email addresses used in these scams are often acquired as a result of a
data breach, cybercriminals will sometimes include a user's passwords in their initial email to make their threats seem more convincing.As
sextortion scams have become more of a threat, businesses have begun to write detection tools to block these emails which look for key words
or Bitcoin addresses in the body of the email
To get around this, cybercriminals switched to attaching PDF documents containing their threats.In the latest wave of sextortion scams,
Cofense found that cybercriminals are now using a Litecoin wallet address as opposed to Bitcoin to help avoid detection.Many Secure Email
Gateways (SEGs) now have rules in place to detect Bitcoin addresses in either the body of an email or an attached PDF containing ransom
demands, so those behind these attacks have had to change their tactics as well.According to Cofense, these new sextortion scams use emails
which are written in such a way that they contain very few searchable word patterns making them harder for SEGs to detect.In addition to
changing their tactics, cybercriminals have begun to use alternate cryptocurrencies besides Bitcoin to demand ransom payments from victims
However, only a dozen or so cryptocurrencies are easy for victims to obtain from large exchanges
For these sextortion scams to be successful, victims need to be able to easily pay the cybercriminals behind them.Luckily, avoiding
sextortion scams is quite simple
Users can safely ignore these emails because if a cybercriminal really had access to a person's system, they would provide much stronger
proof than just showing a user one of their passwords
At the same time, by checking sites such as haveibeenpwned, users can see if their email address has been leaked which would make them more
likely to become a target of a sextortion scam.Protect your systems from the latest cyber threats with the best antivirus software
