NewsLocal News

Actions

New report details major sextortion scheme

Posted: 3:35 PM, Nov 01, 2019
Updated: 2019-11-01 16:36:29-04

As the threat of online scams as a whole continues to grow, so has the use of sextortion emails.

In a typical, sextortion scam, cybercriminals claim to have sensitive photos or videos of the victim and demand money to not release the images on the internet.

In many cases, the claim is a total bluff.

"These emails can really cause a lot of anxiety for some folks, even if they're completely bogus," said Jonathan Arnold, an I.T. Instructor at Milwaukee Area Technical College.

But a new report from Check Point Research details how realistic the emails can be, and how hackers manage to send them out in droves.

The report describes one particular "botnet" that's capable of sending out up to 30-thousand sextortion emails per hour.

Arnold said a botnet is a series of computers infected with malware that links them together.

A hacker typically infects one computer with malware, then watches it spread from one machine to another - usually through email.

"The botnet can be controlled from a central location, usually by some type of cybercriminal," Arnold said.

Arnold said the larger the botnet, the greater the number of sextortion emails, or other fraudulent emails, that can be sent out continuously from the different machines.

The Phorpiex/Trik botnet detailed in the Check Point Research report is made up of "more than 500,000 infected hosts."

"You have a much greater reach with thousands of infected computers doing your bidding," Arnold said.

Arnold recommends looking over the net traffic on your computer, and all recent emails sent from your email account, to be sure your machine hasn't been infected with malware and sucked into a botnet scheme.

To prevent becoming victim to a sextortion email, Arnold said not to freely give out your email address or other personal information - like for online contests. He said that information is commonly stored and susceptible to being obtained by hackers.

For example, hackers in the Phorpiex/Trik botnet sextortion scam used email recipients' passwords to claim they had hacked their machines and obtained sensitive information.

But Arnold said that information was likely obtained through previous data breaches.

Here's an example of a sextortion email sent from a botnet, according to Check Point Research:

From: Save Yourself
Subject: I recorded you – ██████
Hi, I know one of your passwords is: ██████
Your computer was infected with my private malware, your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.
My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.
I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!
After that I removed my malware to not leave any traces and this email(s) was sent from some hacked server.
I can publish the video of you and all your private data on the whole web, social networks, over email of all contacts.
But you can stop me and only I can help you out in this situation.
The only way to stop me, is to pay exactly 800$ in bitcoin (BTC).
It’s a very good offer, compared to all that horrible shit that will happen if I publish everything!
You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.
My bitcoin wallet is: 1Eim8U3kPgkTRNSFKN49jgz9Wv4A1qmcjR
Copy and paste my wallet, it’s (cAsE-sEnSEtiVE)
I give you 3 days time to pay.
As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it’s to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!