Sextortion hackers are using new tactics to scam internet users into paying ransoms, claiming to have indecent images of their friend’s girlfriend.
The hackers say they will send the images to everyone in the supposed victim’s contact list unless they pay.
Clicking on an attachment will open a Word document containing a blurred image that looks like it might be sexual in nature with instructions on how to “enable content”, encouraging the target to ignore the security warnings from Microsoft Office applications.
By enabling the content the recipient will unknowingly download a malicious application, known as Racoon. Once downloaded, the application attempts to steal large amounts of data from a number of apps, including web browsers and email clients. IBM X-Force researchers claim the attack is similar to a previous attack that asked users to enable permissions to sign a digital document.
Tricking people into downloading malware is a classic method employed by hackers, according to Prof Alan Woodward, from the University of Surrey.
“The interesting thing about scammers is that they use the same psychology simply repackaged for most new scams,” he said.
Typically in a sextortion scam, hackers will claim to have sexual images of the target that they have stolen or gathered via the person’s webcam.
“We have found images of his naked girlfriend and demanded $500 for them,” the email reads. “Regrettably, he has not paid… you will find these pix attached to this message.”
- Microsoft Works with Global Team to Disrupt Zombie Bot Network
- AI Market to See Five-Fold Increase Globally by 2025
- MSPs to Vote on DNA and Fingerprint Data Storage Law
Another similar scam email claims that the recipient is being sued in court and has a limited amount of time to reply, thereby pressuring them to click on the attachment.
“I’m afraid scammers and hackers are always adapting,” Woodward said. “Sadly it works. And, when we educate people about this ruse, the scammers and hackers will adapt again.
“I regularly receive emails, for example, with old passwords that have been accessed in some data breach… and [they] then go on to say, ‘We have compromising material,’ or sometimes, appealing to a different frailty, they say they have material on a friend.”
The IBM researchers said that people are more likely to to click on the download if they do not identify as the victim. “They may act much more careless, especially those curious to find out who was actually targeted,” the team said.