Unfortunately, email remains one of the most effective methods of attack for cybercriminals. That’s why, as a trusted managed services provider, we want to keep both our clients and the community at large up to date on the latest spam schemes to crop up. Awareness is half the battle in cyber security, and we want to do our part to spread it.
To the point: over the last 6 months, the internet has seen a rash of blackmail spam schemes. The most common of these involve emails suggesting that the sender, a hacker, has hijacked the recipient’s computer and recorded evidence of the recipient viewing pornography. The sender threatens to send that evidence to the recipient’s contact list—unless the recipient sends a Bitcoin payment to a provided address.
So, what should you do if you receive one of these emails? Read on to find out.
First Things First: These Are Fake Blackmail Attempts
While blackmail of this nature (often referred to as ‘sextortion’) does happen, this latest rash of spam is totally fraudulent. The sender has not hacked your account and does not have whatever “evidence” they claim to have. They are simply exploiting a recently found vulnerability (more on this below) to send these messages to large number of email addresses, knowing that the message will strike a chord with some of its recipients.
But They Had My Password, or Used My Email Address!
What makes this scam scary and potentially effective for all recipients, including those who know they have not viewed pornography, is that the scammers employ various social engineering tactics to trick recipients into believing that their computers or email accounts have actually been compromised.
Some users, for instance, have reported that the scammer provided them with a password that they actually had used for that or another account in the past—the logic being that if the hacker can tell you an old password, they must have hacked your account at some point. However, an unfortunate fact of cyber security in 2019 is that there are vast troves of compromised usernames and passwords from countless hacked entities—including Equifax, Yahoo, and others—available for purchase to cybercriminals. So, scammers are able to provide you with a past password—or potentially a current password, if you haven’t changed it in a while—to trick you into thinking they have hacked into your account just by using one of these databases. The moral of the story? It’s highly unlikely that the scammer has accessed your account. But if the password they sent you is a current one, you need to change that password for all the accounts on which you use it immediately, as this is an indication that the password has been compromised.
The other common social engineering technique these scammers are using is email spoofing, which makes it seem like they sent you the email from your own email account. While it’s worth checking with a technology professional to make sure this is the case, more often than not your account has not actually been compromised. The scammer is simply able to make it look like your email address was the one that sent the email.
If This Is Spam, Why Didn’t My Spam Filter Catch It?
And now we come to why these messages have been able to circumvent even business-grade spam filters and make it through to unsuspecting recipients’ inboxes—and hence why they are so widespread.
First of all, even the best spam filters are not 100% foolproof. They work by scanning against a certain set of criteria—usually characteristics of past spam messages or data related to the sender’s address—and flagging emails that meet a certain number of them. This keeps mountains of spam out of users’ inboxes. The problem, of course, is that scammers are constantly changing the way their messages look, and sending from new addresses. So, the latest and “greatest” spam messages sometimes slip through, until spam filter vendors are able to update their criteria to catch the newest trends.
The scammers behind this latest round of fake blackmail spam, though, found an especially effective way to get around spam filters. According to Cyber Security researcher Brian Krebs, they have been exploiting a vulnerability in how domain registrar GoDaddy handles domains. To make a long story short (you can read the full story on Krebs’s website), they have been able to send emails from otherwise reputable domains—meaning that spam filters did not catch them.
GoDaddy says they have taken action to address this issue, but Krebs has reported that scammers have still been exploiting the vulnerability. All this means that while spam filters and GoDaddy will probably eventually catch up and prevent these messages from reaching inboxes, we unfortunately may have to live with them for the time being.
Never Pay the Ransom, Don’t Respond, and Don’t Click
So, what should you do if you receive one of these emails?
First of all, don’t fall for them. Don’t pay the ransom.
Secondly, don’t respond to them. If you do, your email address might be marked as a “likely target” for this and other scams, meaning, at the very least, more headache.
Thirdly, don’t click on any link or attachment that these emails provide. In some cases, scammers have sent attachments to recipients that they claimed were the “evidence” behind their blackmail. These attachments, of course, did not contain any such evidence but instead contained ransomware that would infect the user’s system and potentially other computers on their network.
Finally, if you have any questions about an email like this, reach out to your IT provider. IT professionals can look under the hood of an email, so to speak, to verify that it is fraudulent.
Need an IT Partner to Help Your Team Spot Spam Schemes?
Helping users identify fraudulent emails is one of the many things Affinity does as a full-service, outsourced IT department designed to fuel our clients’ growth. Contact us today to learn how we can transform your technology from a necessary evil to a competitive advantage, keeping you both secure and profitable.