Email fraudsters are attempting to extort money from potential victims by threatening to release embarrassing or illicit material, targeting more than 10 work email accounts at a time, and making moderate payment demands — around $1,000 in Bitcoin, a report said on Thursday.
According to cloud-enabled security solutions provider Barracuda Network, such tactics could help attackers to stay under the radar and avoid alerting potential victims, security teams and payment systems.
Researchers analysed 3,00,000 emails detected as blackmailing scams over a period of 12 months at Columbia University to understand the financial infrastructure attackers use for extortion emails.
“Extortion attacks need to be taken seriously by security teams, especially when they are targeting people through their work email accounts,” said Nishant Taneja, Senior Director, Product Marketing, Email Protection at Barracuda.
According to the report, attackers were using 3,000 unique Bitcoin wallet addresses out of which 100 wallets appeared in 80 per cent of the extortion emails, which highlights that a relatively small number of attackers were responsible for most of the extortion emails.
The researchers also found that 97 per cent of extortion mail sender accounts sent out fewer than 10 attack emails each, and 90 per cent of the attacks demanded payments of less than $2,000 in Bitcoin.
“How did the attacker get hold of the account details, for example – were they exposed or stolen at some point? Or does it mean that the recipient has used their work account and device for inappropriate activity such as visiting questionable websites? Both scenarios have security implications for the company – and for the target. This can be embarrassing and distressing and can potentially make it more likely a victim will pay,” said Taneja.
2023071338636