‘Phantom extortion scams’ leverage different social engineering techniques to target victims

• These scams, which were initially used against consumers, have now moved up the chain to target the enterprise world.
• Companies must remain vigilant and well-equipped in spotting these types of scams.

Cybercrime involving the use of different social engineering techniques has evolved over the years. And, one such scam is called ‘Phanton Incident Extortion.’

These scams, which were initially used against consumers, have now moved up the chain to target the enterprise world. The success of this scam depends on three components which include:

• Engineered legitimacy - Collecting relevant data to make the email look real and not just contrived.
• Social pressure - This usually involves deadlines and threats to damage the brand reputation if the extortion payment is not made.
• Asymmetrical financial offer - This is another key component of a well designed phantom incident which depends on the first two factors.

Observed scams

Threat involving exposure of employees’ PII - In early November, a new type of Phantom incident email began circulating. The scam involved scammers sending emails to senior executives of a company using multiple email variants. The email threatened the recipients to release employees’ data that was breached from their organization.

To create a sense of urgency, a small sample of employee PII - collected from the pool of data set available on the dark web forum - is attached to the email. This PII typically matches current or former employees of the company and normally includes social security numbers, so that it looks legitimate.

Threat involving exposure of customers’ data - This scam is similar to the previous one, just that the targeted organization is almost always B2C companies like Uber or online retailers.

Here, the attackers create a relatively large group of fake accounts on the targeted website. These accounts are created over a period of time and have unique emails, names, and passwords. The scammers aggregate the details of the manufactured user data and claim it has been breached. This raises major alarms and the targeted company is made to believe that its data has been breached.

DDoS extortion threat - During the summer of 2019, a threat actor group known as Cozy Bear was found threatening companies with crippling DDoS attacks. Usually, in order to create a sense of panic, this type of threat is followed by an actual small DDoS attack to demonstrate attackers’ ability.

Sextortion scam email - This original phantom incident has been around for a few years. These types of scam attempts involve threatening recipients of disclosing their inappropriate videos which were secretly captured while the victim had visited adult sites. The scammers claim to reveal the videos, which actually they do not possess, to friends and relatives if a ransom amount is not paid.

Bottom line

Companies must remain vigilant and well-equipped in spotting these scams. When in doubt, victims should always approach law enforcement agencies or their privacy counsel for assistance.