Threat Insights
Rating Criteria
The Covid-19 pandemic shifted work habits, moving many from office commutes to remote work. Despite the easing of lockdown measures, many still embrace remote work. Unfortunately, the lack of security awareness among corporate employees has created a vulnerability that cybercriminals exploit. This article unveils the threat of sextortion emails—a common scam used by cybercriminals. Here is an example:
Unmasking Manipulative Sextortion Email Scams
Sextortion email scams coerce recipients into paying cybercriminals through intimidating and urgent language. Its content usually includes the following:
The sender claims hackers gained control of the recipient's computer or device.
The sender pretends to have the recipient's personal information, including social media accounts, passwords, and contacts.
Alleging the recipient's webcam has been hacked for compromising videos or explicit online activities.
Urging payment in Bitcoin within a set time, with the threat of sharing videos on social media or with contacts.
False compassion and promising to delete the videos once they receive the ransom and may offer advice to help the recipient avoid such situations in the future.
When receiving such emails, it is crucial for the recipient to remain calm and objective, recognizing it as a scam. The cybercriminals never accessed the recipient accounts or recorded any videos. This is a deceitful phishing ploy to extort money. They create fear and embarrassment, so recipients would not want to disclose it to others, having no other choice but to comply.
This type of extortion email is often a mass-mailing campaign not targeted at any specific individual. If the cybercriminal truly possessed such compromising videos or confidential data, wouldn't it be more convincing to attach these contents for a quicker ransom? Lacking this information about the recipient, they resort to manipulative language, expecting that some will pay out of fear to protect their reputation.
Some cybercriminals may include some personal information to heighten persuasion. However, cybercriminals can get personal data in diverse ways. If you shared these details before and were not cautious or signed up on a website where data got compromised, there are companies selling lists of these personal data.
Analyzing Sextortion Emails Scam Example
Let us discuss this sextortion email scam, detected by the Cellopoint email security solution. The sender, claiming to be a hacker, falsely affirms the recipient's internet carelessness caused the recipient to accidentally install Trojan horse malware. The cybercriminal even claims to have control over the recipients' camera and browsing history, threatening to share compromising content with family, friends, and even with explicit websites. Emphasizing the Trojan is undetectable and cannot be deleted by antivirus software, pressuring recipients to believe the only option is to pay the ransom.
Time constraints prevent the recipient from having enough time to think through, and security suggestions, like changing passwords and adding multi-factor authentication, contribute to the manipulation in making recipients believe it even more.
Besides the typical sextortion indicators, other suspicious aspects include:
1. Use legitimate email address to attempt to confuse the recipient. The sender seems to be from a well-known enterprise (moonwu@mail.hiwin.com.tw), but in fact, if you look at the source code of the email, you can find that the Received from information is not actually from the well-known enterprise (as shown in the image below).
2. In the email, the sender claimed that he had gained control of the recipient's device and possessed indecent videos of the recipient yet failed to provide any evidence.
3. According to statistics from Cellopoint email security solution, this email was sent to many recipients.
Strengthening Email Security: Key Enhancements
The Anti-spam module within Cellopoint's inbound multi-layered email threat protection is designed to identify such email scams. It utilizes IP detection, sender IP reputation, and various mechanisms for a thorough assessment. In this instance, the email originated from an unknown IP address, prompting the Anti-spam module to label it as malicious. Following a comprehensive evaluation, the system labelled the email as high-risk and promptly blocked it.
Cellopoint's email security solution latest update introduces — Email Analysis, a feature that evaluates each email's characteristics, enhancing the detection of emerging malicious emails. Administrators can efficiently review insights and develop precise strategies to further bolster email defense.
Cellopoint scanned the email in this article and identified the following characteristics:
TF_CID_SPAM_FCD:This email and other emails with similar characteristics frequently change source domains in a suspicious attempt to evade detection.
TF_CID_SPAM_SNR:The SPF (Sender Policy Framework) record is missing.
TF_CID_SPAM_AFC:Cloud AI analysis revealed that this email contains scam content.
TF_CID_SPAM_USA:This email was sent from an email address that is not recognized or recorded in the recipient's email system.
TF_CID_SPAM_USD:This email was sent from a domain that is not recognized or recorded in the recipient's email system.
Based on the information provided, you can see that a sextortion fraud email may exhibit these characteristics mentioned above. System administrators can use these characteristics to create effective customized policies. If future emails with similar characteristics are detected, they can be promptly quarantined or deleted, preventing them from reaching the recipient's inbox. Cellopoint's email security solution's Email Analysis feature significantly enhances the accuracy and efficiency of detecting and blocking malicious emails.
Email Security is Everyone's Responsibility
In conclusion, email security awareness is vital for individuals and organizational safety. Organizations can strengthen security by adopting a reliable email security solution, selecting trusted providers, and educating employees on the latest email threats through security awareness training and social engineering simulations. On a personal level, exercise caution with online services, avoid sharing sensitive information, and be wary of registering on suspicious websites. Vigilance against malicious emails is key—remain skeptical, refrain from opening unfamiliar attachments, check email authenticity, and be aware and diligent.