Researchers Block Two Million Extortion Emails Daily

  • Security researchers are warning users to be on the lookout for extortion scams after revealing they block millions of such emails each day.

    Proofpoint claimed in a new blog post that it blocks on average a million extortion emails every 24 hours, rising to two million on high volume days.

    These usually come in the form of some kind of sextortion theme – the attacker claims to have a webcam video of the victim watching porn and threatens to distribute it to all of their email contacts unless a ransom is paid in cryptocurrency.

    Such threats are not new, but the data from Proofpoint shows how widespread they have become. Often, victim information such as passwords is included in the email to add legitimacy to the threat actor’s claim that they have hijacked the machine. In reality, they are usually obtained from data breaches.

    As far back as 2016, the UK’s National Crime Agency (NCA) warned that thousands of victims were falling to sextortion scams in the country each year.

    Cryptocurrency payments are a key part of these threats, enabling the attacker to remain anonymous.

    “Proofpoint researchers assess with high confidence the extortion branch of the BEC taxonomy would not be as successful or as profound as it is today without cryptocurrency,” the vendor claimed.

    However, crypto is also being used and abused in a range of other scams, including more traditional invoice-themed business email compromise (BEC), said Proofpoint.

    In some cases, cryptocurrency wallets themselves are targeted in credential phishing attacks. Threat actors typically spoof big names in the industry, such as cryptocurrency exchanges Celo and Binance and wallet vendor Trusted Wallet. Phishing for NFT credentials uses similar techniques, Proofpoint explained.

    Easy-to-use phishing kits readily available on the dark web make the job even easier for would-be cyber-criminals.