New Sextortion Campaign Uses Alternative Cryptocurrencies Instead of Bitcoins
- This latest sextortion version is using a Litecoin wallet address instead of bitcoin to evade detection.
- Researchers noted that scammers have shifted from identifiable patterns to alternative cryptocurrencies in order to avoid Secure Email Gateways (SEG) bitcoin-detection rules.
Researchers from Cofense have observed a new version of the sextortion scam campaign that uses alternative cryptocurrencies in order to bypass email protection.
Previous evasion techniques
- Early sextortion scams started with a plain text extortion email. However, scammers began replacing the text with an image in order to prevent key words from being identified by Secure Email Gateways (SEGs).
- Similarly, initial sextortion emails included bitcoin in plain text string which could be easily copied. Therefore, scammers removed text and images and switched to attaching PDF documents.
- Later, the scammers began encrypting PDF attachments and included the password in the email body to prevent any further SEG detection rules.
More details about this new campaign
Researchers noted that this latest sextortion version is using a Litecoin wallet address instead of bitcoin to evade detection.
- Scammers have shifted from identifiable patterns to alternative cryptocurrencies in order to avoid Secure Email Gateways (SEG) bitcoin-detection rules.
- The current sextortion emails also contain very few searchable word patterns.
“As this latest twist shows, threat actors can switch to the next crypto currency and attempt to iterate through all the scam’s previous versions. While there are thousands of crypto currencies, only a dozen or so are easily attainable from large exchanges. For the scam to work, the recipient needs an easy way to acquire the requested payment method,” researchers noted.
- Researchers recommend users ignore any emails that are from anonymous sources.
- Organizations are also advised to educate their users on how to identify phishing emails and how to know if their email addresses have been already compromised.