skip to Main Content
Mail Icon - Alert - Bitcoin Extortion Spike

ALERT: Spike in bitcoin extortion

CIPHERTRACE GLOBAL ALERT: Spike in Extortion Scams Demanding Bitcoin Payment

Global Alert, August 3, 2018: Online extortion attempts have increased dramatically through July 2018. One flavor, in particular, is not new; it is an adaptation of previous phishing attacks used to perpetrate online extortion. What’s new is the massive scale at which the criminals are able to personalize their communications using data derived from breaches at Yahoo!, Experian, and Facebook. The scammers try to dupe email recipients into believing they have been recorded watching online pornography or involved in other compromising activities. In one example, the extortionist threatens to publicize a split screen video of with one half showing the recipients in the act while the other half displays the video they had been watching at the time. However, the ‘extortionist’ offers to let the victims off the hook if they send payment to a bitcoin address.

It’s part of two larger trends: a growth in sophisticated phishing and online extortion coupled with cryptocurrencies used for illicit purposes. The recent Q2 Crypto AML Report, https://info.ciphertrace.com/crypto-aml-report-q218, published by CipherTrace details a dramatic rise in the use of cryptocurrency in cybercrime and a correlated rise in crypto money laundering. On the phishing scam side, spear phishing attacks rose by 50% over the quarter prior to January 1, 2018, according to Mimecast’s Q4 Email Security Risk Assessment,

According to security researcher Brian Krebs, “recipients said the password was close to ten years old, and that none of the passwords cited in the extortion email they received had been used anytime on their current computers.

It is likely that these improved online extortion campaigns are at least semi-automated”. He went on to say, ”I suspect that as this scam gets refined, even more, perpetrators will begin using more recent and relevant passwords—and perhaps other personal data that can be found online—to convince people that the hacking threat is real”

Spear phishing differs from run-of-the-mill phishing attacks, which are sent to a wide range of people and attempt to trick them into sharing sensitive information such as passwords, usernames, and credit card details for malicious purposes. Spear-phishing attacks, on the other hand, are personalized to their victims often using private information gleaned from data breaches, social media, identity theft, and often posted on public forums like Pastebin. In the case of a recent rash of extortion spear-phishing scams, the emails use real passwords to trick the victims.

In the porn watcher example, the extortionist claims to have infected a porn site with malware that used the victims’ computers to record keystrokes to gain access to the display screen and webcam. The part that makes this spear phishing is the email shows a real password from some point in the past. But the scam gets even more elaborate and brings in bitcoin as the method of payment, saying:

“Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)”

“Over the last week, investigators have reported hundreds of cases of online extortion across Europe and North America. The emails are so intimidating that even innocent victims are paying out of fear,” according to CipherTrace CEO, Dave Jevans—who has been the chairperson of the Anti-Phishing Working Group, www.apwg.org, for more than a decade. “This is a prime example of a new confluence of phishing and cryptocurrencies in cybercrime. At CipherTrace, we are refining advanced blockchain forensics technologies that offer the promise of not only exposing scammers like these but also recovering funds for victims.”

Dave Jevans adds, “These events seem to be rapidly morphing into more sophisticated and more numerous attacks: We know that there are already more advanced attacks where they personalize them and put family member names in, etc.” One of the things people can do to protect themselves from this type of spear phishing is to freeze all credit bureau accounts such as Equifax, Experian, Transunion, Innovis, and NCTUE (owned by Equifax). The APWG Crypto Currency Working Group also recommends consumers can opt out of pre-approved credit offers by calling 1-888-5-OPT-OUT (1-888-567-8688), or visit [www.optoutprescreen.com], and opting out of the of the major data brokers, including recommends opting out of the major data brokers at OptOutPrescreen.com, and opting out of the of the major data brokers, including Lexus Nexis [https://optout.lexisnexis.com/] and Acxiom [www.aboutthedata.com].

Back To Top