Recently, a new form of phishing scam has been discovered. It uses the recipient’s real password to make the victims mistakenly believe that their online data has been attacked by hackers. It is claimed that the victims have to meet the request of the attackers, otherwise the video regarding victims visiting porn sites would be exposed.
A few weeks ago, Vade Secure released a report, revealing the details of this kind of sextortion scam. Through further understanding, the researcher found that the password issued by the scammer was probably acquired about ten years ago. Unfortunately, many victims are not aware of this.
The company provides the filtering services for such phishing scams. In the past few months, its engine has filtered about 600,000 ransomware messages.
After reviewing these emails, Vade Secure found that 90% of them were written in English, but some parts of the translation were written with bad grammar.
Moreover, in most cases, senders used Hotmail or Outlook address randomly, but this may be automatically generated (as shown above).
Others pointed out that hackers used the data acquired through invading IoT products, routers and other devices, and then used it for this phishing scam.
This form of phishing Initiates actions through the command line of the Linux operating system rather than the webmail client.
The researcher of Vade Secure, Sebastien Gest warned that this kind of scam is getting more and more serious:
“Our heuristic filters can see the latest versions of these sex scams every day. However, hackers seem to be analyzing the utility of the attack and adjusting the message text to prevent it from being detected by email security products.”
It should be noted that many of the 600,000 discovered sexual ransomware messages contain different bitcoin wallet addresses for receiving ransom. Some hackers also use a few asterisks (*) to obscure a specific bitcoin address, or give an E-mail address that provides further payment instructions. Finally, after analyzing some of the bitcoin addresses that existed in sexual ransomware, security companies found that the criminals have received a total of $30,100 in ransom.
Reminder
To prevent this kind of scam, we recommend our users to change their passwords regularly and do not register on unknown websites.
Note: The article is from www.easyaq.com