Phishing attempts and scams by cybercriminals are becoming increasingly aggressive. The latest trend in Europe seems to be extortion on the net: scammers threaten to share private videos and photos if you don't pay them in Bitcoin.
Extortion and Phishing: a large-scale campaign underway
Thanks to the careful analysis of Bitdefender Antispam Lab, we know that large-scale extortion campaigns are underway. These, which exploit phishing attempts, materialize in spam emails particularly widespread in Europe. In Romania there are over 4000.000 email scams, but there are also cases in Italy and the Netherlands. The messages appear to come from a variety of IP addresses spread across Asia, Africa, the Americas and Europe. These are spread through spam botnets, and it is very likely that they are all attributable to the same group of hackers.
The peculiarity of this campaign is that the emails seem to be extremely aggressive and aimed at extorting money. The criminals, in fact, specify that they have private credentials and files, even intimate ones, and explain how they obtained this information. The threat is to expose sensitive data and content to friends and family. In particular, we talk about intimate videos and adult sites.
Intimidation and extortion via email
The texts of the emails, of which we report an example below, are characterized by putting the victim in the corner. The hackers indeed reaffirms his position of dominance, emphasizing that he is able to observe the user's moves. It must be said that this is actually a bluff, as the cybercriminal is not really able to monitor the webcam and microphone of the infected device.
The emails are written in the language of the country of reference and the required payment amounts are different, depending on where the recipients are. Here are some of the required figures:
- Italy - 950 Euros
- Netherlands - 1350 Euro
- Brazil - $ 309
- France - $ 650
- Romania - 1250 Dollars
- United States - 1500 Dollars
The information is mainly disseminated on the darkweb
Data breaches and leaks are the order of the day when it comes to the internet. The data collected, which can range from email addresses to passwords, passing through credit card details, is mostly transferred to the dark web. In fact, it is precisely here that cybercriminals can acquire this information and exploit it for extensive and fraudulent purposes. Some data is used for identity theft, while others are useful for identifying potential victims of scams, extortion and phishing.
We can therefore say that, in the digital age,extortion has turned into a highly profitable business for cybercriminals.
The 5 tips to avoid falling victim to phishing and extortion
Below Bitdefender's tips for not being fooled by extortion attempts:
- Stay calm and analyze the situation: Even if the email includes your password, it was likely collected from previous data breaches and leaks. If the cybercriminal reports that the system is already infected with malicious software and spyware, why would he need the user to personally transfer the ransom amount? He could easily collect all account passwords and start withdrawing from financial accounts.
- Check and update passwords regularly of their accounts.
- Never respond to threatening messages asking cybercriminals to provide you with a different payment method; instead report them to the local authorities.
- Install a security solution locally on your devices such as Bitdefender Digital Identity Protection, the service dedicated to online privacy that helps you take control of your digital life to minimize the risks associated with data breaches and leaks. Bitdefender Digital Identity Protection continuously monitors the web for any data relating to the information provided in the registration process (e-mail address and telephone number).
- Enable two or more factor authentication.
If you use a PayPal account, we recommend this article, which will provide you with the tools to defend your account from phishing attempts.