Report: New Sextortion Operation Swiped Over $300K in Bitcoin

According to a recent report published by the cybercrime investigation firm Digital Shadows, cybercriminals have managed to steal $332,000 in Bitcoin from an “sextortion” scam where supposedly exposing emails were sent to blackmail the victims. This email-based blackmailing scam was first reported in 2017 and witnessed scaled-up activity online over the passing year.

The scam first came into the public radar broadly in July 2018 when Emin Gun Sirer, professor of computer science at Cornell University tweeted about it with the screenshot that read the email sent by the scammers.

“Here’s a new form of crypto blackmail. A friend received this out of the blue. Presumably, it’s getting sent to everyone on the have been pwnd list. Be careful out there, never pay, never negotiate.”

The UK-based digital risk assessment firm Digital Shadows has tracked 792,000 emails targeting victims as part of its analysis and found out that criminals have managed to receive the sum of $332,000 from more than 3,100 unique Bitcoin addresses. The report further revealed that as many as 92 Bitcoin addresses received funds from those 3,100 unique BTC addresses. After analyzing the Bitcoin wallets from where the funds sent, the firm also came to know that the average transaction was worth $540.

According to the report, the cybercriminals have followed the same pattern throughout the scams. Targeted victims of these scams were first sent an email with a video footage of them viewing adult content online which was recorded via their webcams, threatening that it would be publicized on the internet if the certain amount of Bitcoin were not paid into a specific crypto address.

The report also revealed that the scammers were hiring new accomplices to assist them with the ongoing criminal operations. They were offered around $360,000 per annum; experienced associates with skills like network management, penetration testing, and programming expertise could expect to earn up to $768,000 a year. The targeted victims were usually individuals with high net worth and higher salaries than average.

The report highlights that there are different groups of criminals with different level of sophistication and expertise using the same techniques to hunt victims across the globe. Many of the emails were written way too poorly that they failed to get past a mail server or spam filter. Some emails, on the other hand, were well curated and sent from purposely created addresses.

Analysis of 792,000 emails also reveals that the scam was operated from the number of locations. Information from the senders’ IP addresses shows that the emails were sent from servers based across at least five different continents. IP addresses of the senders also unveil that the highest number of emails sent were from Vietnam (8.5 percent), followed by Brazil (5.3 percent), and India (4.7 percent). The possibility that the email servers were being manipulated by cybercriminals can also not be ignored.

Sharing Is Caring: