[Heads-Up] Warn Your Employees. This Is the Year That Sextortion Spear Phishing Is Skyrocketing…
Intrepid cyber-investigative reporter Brian Krebs noticed that a story published on his blog July 12 about a new sextortion-based spear phishing scheme—which uses a real password used by each recipient—had become his most-read piece since his site launched in 2009.
He commented: “And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).
But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale.
And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.”
Krebs is right, this is only the start and most of these passwords were old. Cyber criminals test scams like companies test marketing campaigns and if the response rate is high enough in the beta, they go full-scale.
The Problem: 50% of Casually Dating Men Watch Porn Weekly
The Institute for Family Studies recently confirmed what everyone more or less already knew, but since last year there are hard numbers. Men are more likely than women to view pornography, and this is particularly true of viewing porn regularly on a daily or weekly basis.
A whopping 50% of casually dating men watch porn weekly, and this percentage only drops to 40% when they are seriously dating, and 20% for engaged or married.
Unfortunately, looking at this from a “criminal marketing perspective” the total addressable extortion market is massive.
Cyber gangs will start using fresh hacks, with recent and real passwords, highly likely combined with other personal data that was sourced from the dark web and appended to the record using big data technology. This method is also going to be used by the tech support scam artists in a variety of ways.
It’s almost a matter of: “What took you so long?”, I have been warning you here for a while that this was imminent.
Phishing Continues to Be on the Rise in 2018
The Anti-Phishing Working Group (APWG) most recent report (link to PDF in blog) covers the phishing trends found in Q1 of 2018.
The highlights of the report included:
- Over 11,000 phishing domains were created in Q1
- The total number of phishing sites increased 46% over Q4 2017
- The use of SSL certificates on phishing sites continues to increase to lull visitors into a false sense of security and site legitimacy.
All three of these trends add up to one thing – the bad guys are rapidly becoming more sophisticated. The higher the threat levels they can establish through targeted spear phishing attacks which leverage very private information, the more successful the campaign.
I suggest you send the following to your employees. You’re welcome to copy, paste, and/or edit. You might want to coordinate with HR on this one.
Sextortion is a serious internet crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.
According to the FBI, here are some things you can do to avoid becoming a victim:
- Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
- Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
- Turn off [and/or cover] any web cameras when you are not using them.
If you receive an email that claims they have video of you viewing pornography, do not answer, delete the scam email and do not pay any amount in any form.
The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).