Personal data breaches have made email blackmail scams increasingly targeted, warns Kaspersky.
Attackers are incorporating personal details like full names and phone numbers in scam emails to appear credible and induce panic among victims. Scammers may pose as hackers with compromising data, law enforcement agencies issuing fake summons, or even hired assassins demanding ransoms. These threats often leverage techniques to evade email filters and other security solutions, underscoring the need for heightened vigilance.
In the most common variant, scammers impersonate hackers who claim to have infiltrated the victim's devices. They allege to have access to cameras, microphones, browsing history, and sensitive files, often threatening to release explicit content captured via webcam or screen recordings supposedly taken whilst the victim was watching adult content. Demands typically involve hundreds of US dollars in cryptocurrency, with promises to delete the data upon payment. These emails may include detailed narratives of the supposed breach, including explanations of malware types and advice on better security – ironically, tips that align with genuine best practices.
Another scam twist involves fraudsters posing as hired hitmen. In this scheme, the sender claims a contract has been placed on the victim's life but offers to spare them if they outbid the original payer. The email includes a cryptocurrency wallet for the ransom, framing the scammer as a "merciful" intermediary. This variant relies on fear rather than embarrassment, promising the victim’s life in exchange for payment.
Another prevalent tactic sees scammers masquerading as law enforcement agencies, such as Europol. Victims receive emails with attached PDF or DOC files containing fake summonses accusing them of serious crimes like child exploitation, exhibitionism, or human trafficking. These documents cite fabricated articles of legal codes, feature forged signatures and seals, and urge immediate contact via a provided email to "resolve" the matter. Upon response, the "authorities" demand paying fines to avoid prosecution, often leading to cryptocurrency transfers.
“To slip past protective solutions, scammers employ various evasion tactics. These include embedding the main threat in attachments to avoid body text scanning, mixing letters from different alphabets (e.g., replacing Latin letters with similar Cyrillic ones), adding diacritical marks via HTML codes, varying fonts in HTML markup, inserting random symbols or punctuation between words, and hiding text in invisible HTML tables. Such "noise" makes detection by security solutions more difficult, as each email variant appears unique while remaining readable to humans. For example, cryptocurrency wallet addresses might be obscured with HTML entities to evade filters without hindering the victim's ability to copy them,” comments Anna Lazaricheva, Senior Spam Analyst at Kaspersky.
To avoid falling victim to scams, Kaspersky recommends the following steps:
- Verify the sender: Always check the email's From field and compare it to the return email address in the Reply-To field or mentioned in the text of the message. Discrepancies often indicate fraud.
- Ignore attachments and links: Do not open unsolicited files as they may contain malware. Do not click suspicious links as they may lead to phishing or scam sites.
- Spot evasion signs: Look for unusual text formatting, mixed letters from different alphabets, or random symbols – these are red flags for spam.
- Know the procedures: Legitimate law enforcement organisations are unlikely to send summons via email or demand cryptocurrency payments; they use official channels.
- Fact-check claims: Search for mentioned agencies, laws, or organisations online – if they don't exist or the details don't match, it's a scam.
- Report and Secure: Forward suspicious emails to authorities like your local cybercrime unit and update your device's security software immediately.
- Use protection solutions with anti-phishing capabilities, such as Kaspersky Premium for individuals and Kaspersky Security for Mail Server for organisations, to decrease the chance of infection through a phishing email.
