Staggering Growth in Extortion Scam Emails poses Increased Risk to Cyber Ecosystem

• The surge in extortion scam emails indicates the variations employed by threat actors.
• Sextortion-style scams are popular among scammers.

The year 2020 is just three months away and the cyber threat landscape is observing a staggering growth in extortion email scams. Almost 300 million such emails have been blocked in the first five months of 2019 and it is believed that these types of scams are likely to go upward in the coming months.

Variations of extortion scam emails

The surge in extortion scam emails indicates the variations employed by threat actors. These are:

• English language: Plaintext, no URL in body
• Bomb threat theme
• Using PNG and JPEG images: Email has a PNG or JPEG attachment, which contains the Bitcoin wallet address
• Using PDF attachment: Coin wallet address present in the PDF
• Use of SegWit Bitcoin address

Scammers’ favorite

A popular of all these are sextortion-style scams. Usually, these scams follow largely the same pattern, with variations in the messages. The email includes attachments or obfuscated characters in order to evade email protection technologies.

Basically, these scam emails claim to have recorded recipients while they were viewing adult sites and threaten to leak the videos unless a ransom is paid.

The other big exception is bomb scare emails, where the sender claims to have planted a bomb in the building where the recipient resides. It further goes on to say that the bomb will be triggered if the requested money is not paid.

How successful are these scams?

Symantec estimates that cybercriminals have made just over $1.2 million through these kinds of scams in a year. In a majority of scams, the transactions were made in the form of Bitcoins.

Other motives

While monetary benefit is the primary purpose of such scams, at times, they can be leveraged to spread malware.

In 2018, threat actors relied on the Necurs botnet to launch two different sextortion scam campaigns. Likewise, a scam was reportedly used to spread the now-apparently-retired GandCrab ransomware.