The Vilest Phishing Method, Sextortion, Often Snares Victims Using Fake Security Alerts

Photo: GettyIt’s embarrassing, so few employees tend to report it, but a type of phishing attack known as sextortion is becoming increasingly common at workplaces, according to one security company’s recent analysis. To get the attention of users, many of these threatening messages are initially disguised as legitimate security warnings.These type of scams are carried out by criminals who claim to have stolen compromising material from their intended victim’s device and usually involve a threat to release it unless they pay up. Sometimes they claim to have seized control of a victim’s webcam, or imply that they’ve infiltrated their accounts and discovered some batch of salacious material. More often than not, the claims are bogus. The FBI’s definition of sextortion also extends to attackers who demand sexual images or favors instead of money. (Bitcoin, of course, continues to be the favorite form of payment for this specific category of lowlife.) But regardless of whether they’re bogus or not, few users want to report such threats up the chain, because, well, people do in fact do things in front of computers that they’d prefer not to discuss with their bosses or their company’s IT department. (Yes, we mean sex stuff.) Either way, the fear of being publicly humiliated is certainly real—and one of life’s great motivators. Attackers understand that many potential victims will ultimately decide not to gamble with the possibility of being exposed and having their family, neighbors, and coworkers see something that cannot be unseen. Instead, they’ll just quickly cough up some cash.It’s vile, but also pretty lucrative apparently. So it’s unlikely this type of scam is going away anytime soon. New research from the security firm Barracuda offers some insight into various techniques used by sextortionists to trick and pressure their victims into compliance. In an analysis of
Read More