The Attacks Of ‘Express Sextortion’ With Micropayments Through WhatsApp Will Increase.
Surely, you have ever received an email like this on more than one occasion. However, they are victims of a crime known as sextortion.
The most worrying thing about these types of emails is that many of them have your name and your real password of the email account to which they are writing to you in their subject.
The bad news is that these hackers could access or have accessed all your communications by email. The less bad news is that, in general, these types of emails are sent to thousands of email accounts, obtained in illegal databases that have been purchased on the ” dark web “.
In other words, cybercriminals do not have any video or photo of the victim. They simply send it to thousands of people, knowing that many will be deceived and will pay to get rid of the problem quickly.
“ If you receive an email of this style, you have to quickly do three actions: the first thing is to change the password of the email account. The second thing is to modify all the access codes to social networks and other email accounts, especially if the same ones were being used as in the attacked email. Last but not least, is to notify the Police that they have been a victim of this blackmail, even if we have not been deceived ”, advises Herve Lambert, Global Consumer Operations Manager at Panda Security
It is important to remember that it is a very serious mistake to have the same passwords for everything. There are cybersecurity platforms, such as Panda Dome that help you manage your users and passwords in a simple and intuitive way, without having to remember complex mnemonic rules ”, adds Herve Lambert.
In general, these emails are written with significant grammatical errors, since they have been quickly translated with an online application. There is also nonsense such as ” the virus that I have developed will automatically delete this email from your inbox when you have paid the ransom .” Something like that is simply impossible.
However, in a small percentage of cases, extortionists do have images of their victims. Without going any further, a few days ago possible blackmail for “sextortion” suffered by Jeff Bezos, the billionaire executive director of Amazon, was made public.
The curious thing about the case is that behind this alleged blackmail there was not an organized group of hackers, but a media outlet. Specifically, Bezos accused the New York tabloid ” National Enquirer” of having blackmailed him by publishing some photos of him with a famous television presenter unless he paid a large sum of money.
Sextortion Will Increase In The Coming Years
However, you don’t have to be the richest person in the world to be a victim of such blackmail. ‘Sextortion’ attacks have increased dramatically in 2018 and at Panda Security we estimate that this type of blackmail will continue to grow this year and next year, mainly through attacks targeting mobile phone users.
Since 2017 in Spain we have been connecting more to the Internet through smartphones than from personal computers. If we add to this that mobile experiences are simpler and more intuitive than from a computer, we can argue that ‘ sextortion ‘ is becoming an ideal attack to blackmail mobile phone users.
In fact, hackers add QR codes and links to payment methods in their emails, so simple that with just two clicks their victims can pay the price of blackmail.
As the payments required by cybercriminals are not excessively high, ranging between 400 and 2,000 US dollars, there are many users who prefer to take on this type of extortion, which could be defined as “micro-payments”.
The Next Step: Sextortion By Whatsapp
Although there have still been few cases, the next ” Trojan horse ” for cybercriminals will be instant messaging apps such as WhatsApp or Facebook Messenger .
The existence of ‘ group links ‘ in WhatsApp makes it much easier for cybercriminals to contact people directly or to create their own databases of phone numbers of users of this type of chats.
If we add to this the possibility of sending messages to distribution lists to send the same message to many people at the same time, we can affirm that hackers will increasingly use this platform to carry out thousands of attacks with which to steal few amounts of money hundreds or even thousands of people.
How To Tell If These Attacks Are Real Or Random
The fact that most of these emails are false does not mean that there are cases in which criminals do have images or videos with which to carry out real blackmail.
Generally, if attackers have seized sensitive blackmail material, the first thing they will do is send it to their victim saying they are going to send it. In case of receiving this type of image, it is vital to go to the Police immediately, without paying attention to the conditions that the attackers are posing.
However, as we said, most of these messages are sent to databases and, for the most part, they are messages that should not be heeded. Of course, you have to report to their senders immediately.