Two Million Extortion Emails Blocked Every Day

Uploaded on 2022-07-20 in NEWS-Cybersecurity News, FREE TO VIEW

The cyber security & compliance experts at Proofpoint say they block one million extortion e-mails every single day, increasing to two million on higher volume times. This figure sometimes has gone over two million on high volume days. Most of the emails claim to have webcam video of the victim engaging in inappropriate sexual activity.

The attacker then threatens to distribute the alleged footage to email contacts unless a ransom is paid.

These typically appear with some variation of a sextortion theme, in which the attacker claims to have a webcam video clip of the sufferer looking at porn and threatens to distribute it to all their email contacts, unless a ransom is paid in crypto currency, usually Bitcoin. Due to the nature of the claims made in the emails, victims are either lured or scared into giving away sensitive information or making a ransom payment.

This sort of threat is not new, but Proofpoint has highlighted how widespread and common they have become.

Easy-to-use DIY phishing kits readily available on the Dark Web make the job even easier for cyber criminals and victim information such as passwords obtained from the Dark Web are sometimes included in the extortion  email to add legitimacy to the threat actor’s claim that they have successfully hacked the machine. However, these passwords are usually obtained from data breaches.

Since  2016, the UK’s National Crime Agency (NCA) has been aware of thousands of victims were falling to sextortion scams in Britain every year.

Crypto currency payments are a key part of these threats, enabling the attacker to remain anonymous and in some cases, crypto currency wallets themselves are targeted in credential phishing attacks. Threat actors typically spoof big names in the industry, such as the crypto currency exchanges Celo and Binance and wallet vendor Trusted. Indeed, phishing for NFT and wallet credentials use similar techniques, say Proofpoint.

Thousands of victims fall victim to sextortion scams around the world each year and Proofpoint makes it clear that the threat remains high.

Proofpoint Proofpoint:    National Crime AgencyNational Crime Agency:   Oodaloop:   

Infosecurity Magazine:   Alltech:    

You Might Also Read: 

Future Phishing Attacks Will Use Generative Machine Learning:
 

« A New Era of Ransomware
Companies Going To War On Social Media »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.