Extortion Emails: An Old Threat with a New Twist


Thought Leadership

Extortion Emails: An Old Threat with a New Twist

Dena Bauckman

Most email attacks contain tell-tale red flags that make them relatively easy to spot, but they also make email attacks with an ounce of authenticity seem easy to believe and trust. Here is a recent example: People have received emails claiming that hackers took over the recipient’s webcam and recorded compromising footage. The email then demands a payment delivered in Bitcoin. At first, this sounds like a typical (and transparent) email attack, but users are compelled to take it seriously because the message also contains their actual email password and phone number.
The message opens by saying “I’m aware that <password formerly used by recipient here> is your password.” or "It seems that, <phone number used by recipient>, is your phone number." In all cases, the password listed was old and out of use. However, crucially, the password and phone number were real and accurate, too. Must be legit, right?
Cybercriminals likely mined these passwords and phone numbers from stolen data sets. The phone number and outdated passwords suggest that hackers have personal information and unauthorized access, giving credence to the ransom demand and leads a disproportionate number of victims to pay the Bitcoin.
The video is not real, and the hackers have no actual leverage. But thanks to readily available information and savvy social manipulation, emails that would normally seem like obvious and innocuous attacks seem like legitimate threats instead.

Understanding Today’s Threat Landscape

In this instance, hackers used old email passwords and phone numbers, but they could have incorporated all kinds of personal information that is easily harvested online. This underscores one of the most alarming trends in cybersecurity right now — the ease of delivering sophisticated and targeted email threats.
Our previous example shows how simple tweaks in messaging can make an email attack far more effective. Similar tweaks are being made on the technical front. These extortion emails were able to evade most email filters by relying on automated randomization — each one contained different language, ransom amounts and other details. Since they did not follow a predictable pattern, it was harder for some advanced threat protection solutions to identify the email threat.
This technique is relatively basic but still highly effective. If hackers want to upgrade, however, advanced tools are just as easily available.
In 2017, a group of hackers breached the National Security Administration and put the stolen hacking tools and methods online for free download. By effectively releasing powerful cyber weapons to the general public, those tools were then used to create the WannaCry ransomware attack which affected 230,000 computers in 150 countries.
Leveraging old email passwords or phone numbers is just one way that hackers are attacking email inboxes. While users may have existing protections in place, they may be inadequate for today’s ever-evolving threats.

Keeping Extortion Out of the Inbox

Here are a few strategies to safeguard against extortion and other advanced email threats.
  • Take Precautionary Measures – If hackers don't have leverage, their attacks are a lot weaker. Best practices for any user with a webcam is to have a cover on the webcam when it is not in use. 
  • Commit to Training – As email attacks evolve, so should the understanding of your users. Consistent training enables your employees to become assets, not vulnerabilities, to your cybersecurity strategy. 
  • Adopt Advanced Filtering – Email filters that rely on static threat definitions won’t defend against most new and advanced threats. Advanced filtering relies on regularly updated definitions while utilizing machine learning to spot patterns in emerging threats. Attacks can’t trick users if they never arrive in the inbox in the first place. 
ZixProtect includes multi-layer filtering that examines emails from all angles. The filter that caught the aforementioned extortion emails were in place 20 days before they first arrived and also caught this attack's variants. It’s unrealistic to expect busy users to spot every inbox threat, especially when they’re so subtle and sophisticated. ZixProtect steps in to eliminate the mistakes before they happen and alleviate the anxiety they cause IT and security teams everywhere.