Email Security Intelligence - How to Spot A Cyber Extortion Scam

Any time you use the internet, you face numerous risks to your sensitive information. If that information were to be compromised, attackers would likely demand a financial exchange to keep them from causing harm.

Phishing attacks are a common and dangerous threat as new scams are constantly emerging, making it imperative that you’re up to date on the latest methods cyber criminals use, such as extortion scams. Extortion phishing scams are more targeted and are used to gain more information or money by making threats. This article will discuss what extortion phishing scams are, what to do if you’re targeted and how to prevent them.

What Is Cyber Extortion?

Cyber extortion is an attack that involves the process of attackers retrieving your personal or financial data and threatening to cause harm if their ransom demands are not met. Cyber extortion has been on the rise in recent years as more sensitive data is being stored online. The information cyber thieves can compromise is valuable and typically details a user or organization would not want to be exposed or destroyed, so attackers take advantage of your fear.

During an email extortion scam, the scammer will send out extortion emails in bulk that threaten to make embarrassing information public unless the victim pays a sum of money. Payment is made via cryptocurrency, allowing scammers to collect the money anonymously.

Experts advise against paying the demands and warn that if you pay the ransom they are going to come back again. The mentality is assumed that if you pay the ransom once, they are going to come back at some point and try again. Making the decision can be difficult, and there may not always be another option. Because of this, it is crucial that you have security protocols in place that can prevent extortion from happening in the first place.

How to Spot Online Extortion

Unlike traditional extortion, cyber extortion threats are public as information and data can be spread faster than ever before. Compromising photos or information can be distributed to thousands of people in seconds.

Cybercriminals know how to manipulate unknowing victims into doing what they want. Opening an unknown attachment can lead to extortion if it uses a bug to infect your device to track your online activity, or hack into your webcam, allowing compromising images of you to be taken without your knowledge. Sometimes the attacker does not actually have any compromising material on you but can make you believe they do by claiming they have hacked your webcam.

A less direct and threatening or blackmailing email may include a previously used password to convince victims they’ve been hacked and need to pay the ransom. Some common identifiers of extortion scams include:

The Language is Suspicious

Attackers may send an email stating that a relative you never heard of has left you a large sum of money, or that a bank or foreign government is contacting you directly to turn over your long-lost money.

Poor grammar is another red flag as extortionists are often from foreign countries. If the email just does not read right, there is a good chance it is an extortion attempt.

The Email is Unsolicited

An unsolicited email from a bank, company, or unknown individual should raise suspicion. Emails saying that your account has been deactivated or suspended are typically fake. If you get an email like this, check the email address. A legitimate email from a company should have the company’s name with a .com or .org.

You Are Asked to Download Something or Change Your Settings

Be cautious of what kinds of sites you visit and don’t allow any site to download anything or make changes to your settings. This could just be another attempt to hack into your system.

Methods of An Attack

The first steps of cyber extortion begin with an attacker gaining access to the sensitive data found on your computer network or system. Attackers may use vectors such as ad scams, phishing emails, infected websites, and other means. The rise and progression of cyber extortion can be attributed to certain factors, including the use of cryptocurrency as payment that has graduated to where it is today. 

One reason for the increase in attacks is the availability of digital currency. As opposed to physical cash and paper trails, extortionists now benefit from anonymous digital transactions with Bitcoin. Anyone can set up a Bitcoin wallet address without any financial oversight, which means any cyber extortionist can carry out an attack and extract payment.

Cyber extortions can come in multiple forms with the same foal of encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data. These methods of attack include:

• Ransomware: a type of malware that works by infecting your network, encrypting the files, and blocking you out. With ransomware attacks, there is a chance that your files can be completely deleted, and no guarantee that the files will be restored even if you pay the demand.
• Cyber Blackmail: a kind of blackmail that happens after an attacker breaks into your network to retrieve Personally Identifiable Information (PII) of your intellectual data or customers and threatens to publish the data if you refuse to pay a ransom. This attack can cause devastating harm to your organization’s reputation. Attackers may use social engineering tactics to convince you they have your data so before you pay the ransom, you need to be sure that it’s been compromised.
• Distributed denial-of-service attack (DDoS): refers to the use of botnets to flood a website with traffic and overwhelm the server. The use of Ransom DDoS (rDDoS) in cyber extortion is growing in popularity as more businesses drive eCommerce sales and online engagement.
• Sextortion: a cybercrime in which a victim is blackmailed with threats to share images, videos, or information about the victim unless they pay or engage in more sexual acts. Usually, the perpetrator will threaten to share sexual content with the victim’s family, colleagues, and friends, or upload the content to an online platform.

Identifying The Risks

Germany’s federal cybersecurity office recently warned that ransomware, political hacking, and other cybersecurity threats facing the country are “higher than ever.” An annual report found that ongoing criminal activities were responsible for the threat level, as well as attacks in the invasion of Ukraine. 

There has also been an accumulation of minor incidents and hacktivism campaigns in Germany in regards to the war against Ukraine including the cyberattack against the satellite company Viasa. The Viasat attack was intended to degrade the ability of the Ukrainian government and military to communicate, however, it also bricked routers for remote maintenance systems used by German wind turbines, knocking 5,800 of them offline. Viasat said tens of thousands of its terminals were irreparably damaged and needed to be replaced.

The average ransomware payment increased 78% last year to $541,010, thanks in part to the spread of ransomware-as-a-service (RaaS) business models that evade barriers to entry for cyber extortionists. Experts say ransomware attacks are not showing signs of slowing down, so it is important to be aware of risks and methods of prevention.

How to Prevent An Attack

It is unlikely if you receive an extortion phishing scam that the cyber criminal actually has your personal information and they are using bait to try to extort you. You should never reply to the email or do what the email is telling you to do. If you’re still using the password that is being used to extort you, change it immediately. Proactive email security starts at the individual level. All employees should practice basic protocols, such as using strong passwords, blocking spammers, not trusting offers that are too good to be true, and verifying requests even from trusted contacts. That being said, there is more that can be done besides these essential protocols, including: 

• Know your data: knowing how much data a company has allowed them to calculate how vulnerable it is.
• Create file back-ups, data back-ups, and back-up bandwidth capabilities: this helps a company retain information in the event of a cyber extortion attack.
• Train employees to recognize spear phishing: employees must understand the importance of protecting the information they manage to reduce business exposure.
• Limit access by job level: the fewer employees with access to sensitive information, the better.
• Ensure systems have an appropriate firewall and antivirus technology: after the right software is in place, evaluate the security settings on software, browser, and email programs. 
• Have data breach prevention tools, including intrusion detection: ensure employees are monitoring the detection tools, as it is important to prevent a breach and to make a company aware as soon as possible if a breach occurs. 
• Update security software patches quickly and often: maintain security protections on your operating system to keep them effective.
• Include DDoS security capabilities: this allows a company to have the ability to avoid or absorb attacks that overwhelm or degrade your systems.
• Put a plan in place to manage a data breach: If a breach occurs, there should be a clear protocol outlining which employees are part of the incident response team and their roles and responsibilities.

DDoS Cyber Extortion Attack Plagues Businesses

This past April, a new DDoS botnet was discovered, claiming more than 100 DDoS victims per day by inundating their networks with enough fake traffic to take them offline indefinitely. The Fodcha DDoS botnet has grown dramatically in that time, and is now featuring ransom demands injected into packets and adds redundancy, with a report noting that the botnet now uses encryption to communicate with the control server, making it difficult to analyze malware and the potential destruction of its infrastructure by information security specialists.

Fodcha recently attacked 1396 targets at once per day. Confirmed botnet attacks include:

• DDoS attack on a healthcare organization that lasted from June 7 to 8, 2022;
• DDoS attack on the communications infrastructure of an unnamed company in September 2022;
• A 1TB/s DDoS attack against a well-known cloud service provider on September 21, 2022.

These businesses are threatened with being put out of business by their operations being forcibly taken off-line by an attack, and the only way to stop it is to pay a ransom. Dubbed Fodcha, this botnet is renting its firepower to other threat actors who launch DDoS attacks. Rather than having its own weapons, Fodcha rents out its firepower to other threat actors so that it can make money. The updated version uses extortion tactics before a Monero ransom is demanded in order to stop the attacks from going forward. A DDoS packet led Fodcha to request that victims pay 10 XMR (Monero) to the attacker, which is roughly $1,500 based on the amount of XMR requested from victims.

To protect against such attacks, consider an email security system that makes email safe for business by safeguarding it against sophisticated and emerging threats with innovative real-time protection. Combining layers that work together to close critical security gaps in Microsoft 365 and Google Workspace native email protection. These features are required to ensure that crucial business assets remain safe in this dynamic threat environment that has only been heightened due to the upcoming midterm elections, including open-source community input, active email security management, and support, and close critical gaps in built-In Microsoft 365 email protection.

Keep Learning

It’s your responsibility to ensure the safety of your network against threats like cyber extortion. Take the next steps towards securing your network from these attacks by learning other ways tcontinuing to improve your knowledge of these topics.

• Learn about ways to bolster defenses and keep backups.
• Learn about proactive security to identify and prevent threats before they occur.
• Learn about distributed spam attacks and email bombers.
• Learn about best practices you can implement that keep your system secure.