What is the Issue?
Cyber criminals are sending Bitcoin ransom emails that are attempting to blackmail users into paying ransoms based on leaked password being exposed. These cyber criminals create false narratives that attempt to blackmail you by claiming they have private and sensitive material.
Why is this noteworthy?
Recipients of these emails may feel coerce into paying the ransom because the password referenced in the email was in fact a password they had previously used in an account online that was tied to their email address. With the increase in big data breaches, billions of email address and passwords are indexed on the dark web.
What is the exposure or risk?
As these type of schemes get more refined, even more perpetrators will begin using more recent passwords and other personal data to convince people that the hacking threat is real. Recipients may give up additional personal information, which could lead to higher ransoms.
What are the recommendations?
SKOUT recommends to never pay the ransom and to never respond to these email. Immediately change your passwords and use two factor authentications wherever possible. Do not open attachments from people you don’t know and flag emails that look like spam.
References:
- https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
- https://www.mirror.co.uk/tech/phishing-scam-known-sextortion-using-12928730.amp
If you have any questions, please contact our Security Operations Center.