Sextortion scheme changes cryptocurrencies to cover its tracks

(Image credit: Pixabay)

Security researchers from Cofense have discovered that cybercriminals have now begun to modify existing sextortion scams by demanding payment from victims in cryptocurrencies other than Bitcoin.

The threat actors behind sextortion scams typically send an email, in which they tell their potential victims that they have installed malware on their systems and used it to record them looking at adult content online via their webcam. Ransom is usually demanded in Bitcoin with the threat that if it is not paid, the cybercriminals will send the videos or images they've captured to a victim's family and colleagues.

However, since the email addresses used in these scams are often acquired as a result of a data breach, cybercriminals will sometimes include a user's passwords in their initial email to make their threats seem more convincing.

As sextortion scams have become more of a threat, businesses have begun to write detection tools to block these emails which look for key words or Bitcoin addresses in the body of the email. To get around this, cybercriminals switched to attaching PDF documents containing their threats.

Avoiding detection

In the latest wave of sextortion scams, Cofense found that cybercriminals are now using a Litecoin wallet address as opposed to Bitcoin to help avoid detection.

Many Secure Email Gateways (SEGs) now have rules in place to detect Bitcoin addresses in either the body of an email or an attached PDF containing ransom demands, so those behind these attacks have had to change their tactics as well.

According to Cofense, these new sextortion scams use emails which are written in such a way that they contain very few searchable word patterns making them harder for SEGs to detect.

In addition to changing their tactics, cybercriminals have begun to use alternate cryptocurrencies besides Bitcoin to demand ransom payments from victims. However, only a dozen or so cryptocurrencies are easy for victims to obtain from large exchanges. For these sextortion scams to be successful, victims need to be able to easily pay the cybercriminals behind them.

Luckily, avoiding sextortion scams is quite simple. Users can safely ignore these emails because if a cybercriminal really had access to a person's system, they would provide much stronger proof than just showing a user one of their passwords. At the same time, by checking sites such as haveibeenpwned, users can see if their email address has been leaked which would make them more likely to become a target of a sextortion scam.

  • Protect your systems from the latest cyber threats with the best antivirus software
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.