A new form of scam called sextortion is gaining momentum on the web and, unfortunately, it also concerns bitcoin.
According to a press release of the insurance company Beazley Breach Response, sextortion has seen a recent explosion, which is worrying because it obviously touches a very private area.
The sextortion scam works as following, a person is contacted, via email or social media, by a mysterious group of people who claim to have tracked the victim’s visits to various pornographic or embarrassing sites, to have recorded the visits and made videos showing the activities of the person while visiting these sites.
The sender threatens to humiliate the person by sending the list of sites and the video to the victim’s email addresses. The email contains a zip file that the extortioner claims contain private information and videos.
However, if one clicks on the file, it downloads malware that steals data or, even worse, a virus such as GandCrab, which will block all the files on your computer and demand a ransom. In order not to be traceable, this type of ransom will have to be paid in bitcoin.
In reality, the object of the blackmail, i.e. the recordings of visits to pornographic sites, are nothing more than a bluff aimed at hitting common weaknesses. Fortunately, there are relatively few victims of deception, but fraudsters rely on large numbers to continue their scam.
Unfortunately, the scam can also involve owners or employees of companies, including their activities and, in the fourth quarter of 2018, Beazley Breach was informed of several cases for a bitcoin value of several thousand dollars.
According to the company, hacker attacks of this type against companies grew by 133%.
According to Katherine Keefe, head of BBR at Beazley, she said:
“As with all types of cyber-attacks employers need to treat seriously email compromise in its many forms. The sources of these emails should be scrutinized and organizations need to ensure employees are aware of practical measures to protect their data, such as via phishing training, and of ways to reduce the instances of email compromises escalating into a more serious cyber incident for organization”.