A new phishing sextortion campaign has switched from the standard ransom demands for Bitcoin (BTC) to alternative coins in an attempt to bypass email protections.
On Tuesday, phishing simulation provider Cofense said the new technique has been successful in circumventing security layers implemented by email providers and their Secure Email Gateways (SEGs).
Sextortion campaigns often follow a common pattern.
A fraudulent email is first sent to a victim that claims an attacker has infected their PC with malware and this has been used to spy on the victim, collecting information relating to their alleged browsing habits on the way.
TechRepublic: How to quickly deploy a honeypot with Kali Linux
These emails will claim to have recorded browsing histories including visits to adult websites and webcam footage showing the victim, potentially in compromising situations.
While many of them can simply be ignored as standard spam, some messages may appear to be authentic due to the inclusion of data such as passwords that have been used to secure online accounts.
There are massive data dumps online now, full of our stolen information. You only need to check your email address against these dumps to understand the full extent of the problem -- Have I Been Pwned being a useful tool for these scans -- and no matter how careful you may be of your own personal security, you've likely been caught in a company breach or two.
As this information has been leaked, some fraudsters will collect and correlate credentials linked to an email account, throw them into the phishing email to create an aura of validity, and hope that ensuing panic will pressure victims enough into paying a ransom, on pain of having webcam footage and browser histories leaked to their nearest and dearest.
Typically, these ransom demands -- in the same way as ransomware -- are made in Bitcoin.
Vendors have wised up to these forms of scams and detection rules are being put in place to block these messages. Not to be deterred, email text is now swapped out wth images -- the exception being Bitcoin wallet plaintext addresses for easy copying -- and in some cases, .PDF attachments may contain threat messages.
Emails that contain a Bitcoin wallet address are now often barred by SEGs, and so to bypass these rules, fraudsters are now turning to Litecoin (LTC).
"Previous iterations showed a gradual shift away from identifiable patterns and to alternative cryptocurrencies, in an attempt to foil SEG bitcoin-detection rules," Cofense says. "The current emails appear to be crafted to contain very few searchable word patterns."
LTC is a fair substitute to BTC, as would be Ethereum (ETH) and Bitcoin Cash (BCH). While there are countless altcoins out there, alternatives still need to be accessible enough by an average individual to ensure the scam is successful.
This isn't the only new phishing technique the company has recently watched come into existence. In September, Cofense said that percentage-based URL encoding is now also being utilized to trick email gateways by hiding malicious payloads in encoded URL data.
Previous and related coverage
- Threesome app exposes user data, locations from London to the White House
- Your business hit by a data breach? Expect a bill of $3.92 million
- DK-Lok data breach exposes global enterprise client data, internal emails
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0