With millions of so-called threatening sextortion emails doing the rounds, there’s a good chance you will receive one if you haven’t already. The pattern is the same. You have been compromised sexually—cheating or viewing porn. There are messages or screenshots or video. Pay up or your family and colleagues receive the lot. And here’s the proof it’s real—one of your secret account passwords in black and white.
But it’s never real. The scam is always the same. Your password has been acquired following one of the countless data breaches of recent times. That level of data is available for just a dollar or two on the dark net. It’s a convincer. It makes you sweat. The theory runs that we all have something to hide. A few pay up.
A new warning from Sophos takes this further, plunging new depths. The research team has intercepted a sextortion-style email campaign that claims “I know every dirty little secret about your life,” and then goes much further. “What am I capable of doing?” it asks. “If I want, I could even infect your whole family with the coronavirus.” And the demand? “You need to pay me $4,000.”
This is clearly ridiculous. The infection threat reads like something out of a comic book. The broader sextortion themes just more of the same. In ordinary times such a campaign would laughed away. But we are not living in ordinary times.
The current level of coronavirus malware and scams is spiralling out of control. The research teams at Sophos and its follow cyber houses warn that they have never seen anything like it. And the combination of our thirst for information and the high stakes make us unbelievably susceptible to malicious clicks and links, to falling for discounts and fakes, to being socially engineered onto dangerous ground.
“Cybercriminals are using this nasty tactic to profit from fears surrounding the global pandemic,” Sophos warns, “while making victims believe they have access to all of their information and family members via their computer and digital life.”
It is not known how many potential victims received the coronavirus sextortion email—usually these are sent out in millions, albeit many are trapped by various filters and guards. But some get through, and of those that land some are effective. If this approach didn’t work, cybercriminals would stop peddling it.
There are even “scams including things like testing and testing kits, vaccinations and treatments, charities contributions, investments and impersonations,” the FBI in New York has warned—in a state of panic, individuals may click on that just as a reaction without thinking about what they are doing. So that is how these criminals are relying on fear to infect someone’s computers.”
Such scams are here to stay. As the FBI warned today, March 20, “criminals will likely continue to come up with new methods to exploit COVID-19.” The advice is simple—don’t reply, don’t click any links or open any attachments as they’ll likely be laced with malware, don’t pay any money, don’t send to anyone else.
In the meantime, with millions worrying about their jobs, their health, their friends and families, the true colors of these cybercriminals are there for all to see. None of us need to be in any doubt that the sheer scale of attacks on people under cover of this global tragedy is a shock to the system.