- Sextortion scams are evolving with personalized tactics and increased intimidation.
- Bad actors exploit billing platforms to bypass email security filters.
- Robust email filters and training help effectively counter sextortion threats.
Sextortion scams are becoming more complex and personal, as they now frequently target individuals from different industries with greater precision, creating a sense of immediate threat.
The Cofense Phish Defense Center (PDC) has recently observed a notable shift in sextortion scams that, unlike previous versions, which relied primarily on generic scare tactics, now employ more sophisticated strategies, often bypassing traditional security measures.
Campaigns now personalize emails, including personal information such as the target’s home address or phone number directly in the body of the email, to capture the recipient’s attention and add a layer of credibility to the scam.
Exploiting fear through technical jargon
These emails usually come from random Gmail accounts, which are harder to trace, rather than the typical spoofed addresses seen in previous scams.
In addition to personal information, fraudsters have stepped up their approach by including images of the target’s supposed home, workplace, neighborhood or street in PDF attachments.
The email addresses the recipient’s name and provides a specific location, followed by threats of physical visitation if the target does not comply. This mix of personal data and digital bullying marks a shift from simpler sextortion scams that previously relied solely on fear of compromised online privacy.
The scam emails claim that the target’s device has been infected with spyware, often citing “Pegasus” as the malware responsible for the alleged breach. Threat actors use technical jargon to manipulate recipients in the hopes that they have a limited understanding of cybersecurity. The emails claim that the attacker has been monitoring the victim for an extended period of time, collecting sensitive information and even recording videos of her.
In some cases, the scammer adopts a casual tone by mixing slang or compliments into the message to give the impression that he or she has closely observed the target’s life. The message usually ends with two choices: ignore the email and face public humiliation or pay a ransom in cryptocurrency to ensure the alleged compromising material is never disclosed.
A recurring element of these scams is the request for payment in Bitcoin or other cryptocurrencies. Fraudsters often provide a Bitcoin wallet address, sometimes accompanied by a QR code to facilitate the payment process.
Another notable change in sextortion campaigns is the use of billing services to send phishing emails. These services allow bad actors to send emails that bypass certain security protocols by hiding sender information. Since these billing platforms manage email delivery, their legitimate headers and content often allow the message to evade detection.
To combat these evolving scams, individuals and organizations must stay informed and vigilant. Educating users about the nature of sextortion scams and the tactics attackers employ can reduce the risk of falling victim to them.
