New research by Symantec has found that email extortion scams are on the rise, led by an increase in “sextortion” and bomb-related threats.
From the start of 2019 to the end of May, Symantec blocked almost 300 million of these scams and found that 30% of these emails occurred during a 17-day period around Valentine’s Day.
Sextortion is one of the main types of extortion scams Symantec has started seeing more frequently since about mid-2018. In most of the scam emails, an attacker claims to have a recording of you visiting an adult website, though in some cases the attacker pretends to be a member of law enforcement who has found child pornography on your device.
Threatening to send recordings to everyone in your contact list, the anonymous blackmailer asks for a few hundred dollars in bitcoins to stop them releasing the embarrassing footage.
“This is a situation many people found themselves in over the last year, as we witnessed a revival and evolution in email extortion scams, which are exactly what they sound like: scam emails that attempt to extort cash from victims. These sorts of scams have been around for many years, but the scenario outlined above – often referred to as a “sextortion” scam – is one of the main types of extortion scams we have started seeing more frequently again since about mid-2018,” said Symantec.
“When we look at the number of these kinds of scams that have been blocked by Symantec since the start of this year, we can see the trend is going upwards, with a spike visible during a two-week period in February especially notable.”
Symantec has also seen a spike in emails where the sender claims to have planted a bomb in your building that will be triggered if the requested amount of money is not paid.
When it comes to the success of extortion scams, Symantec examined the 5,000 most-seen Bitcoin addresses in May, finding that 63 of those wallets received bitcoins in 243 transactions. In total, the wallets received 12.8 bitcoins in that period – at the end of May one bitcoin was worth approximately $8,300, meaning these wallets received a total of approximately $106,240. “If we take that as an average amount to make in a 30-day period for these kinds of scams, it means they are making just over $1.2 million in a year ($1,292,586). For the amount of effort and skill that is required to carry out these scams, it represents a pretty good return on investment,” said Symantec.
Symantec has outlined a number of best practices to follow to help the public avoid the pitfalls of these types of scams:
– Ensure you have strong email protection technologies in place, such as the products provided by Symantec, that will stop these emails from ever reaching your inbox.
– Do not open emails or attachments, or click on links in emails, that are unsolicited or from unknown sources.
– If you do receive one of these emails, do not panic, do not respond, do not click any links or open any attachments, and do not send money to the attackers. Mark the email as spam and, if you feel it is necessary, alert authorities about the email.
– Ensure all your online accounts are protected with strong, unique passwords, and enable two-factor authentication where possible. If you think your account has been compromised or your password revealed in a password dump, you should change it immediately.
Read the latest edition of PCR’s monthly magazine below: