A global email-based extortion scam is the work of a small group of scammers, according to new research from Barracuda Networks.
The security vendor worked with Columbia University to analyze over 300,000 extortion emails they tracked over the course of a year. They specifically looked at Bitcoin addresses used by scammers to identify certain trends.
Read more about extortion: Users warn of new sextortion attack
“In fact, we found that the attacks were concentrated on a small number of bitcoin addresses. In total, there are about 3000 unique bitcoin addresses in our dataset, of which the top 10 addresses are email addresses. It appears in about 30% and the top 100 addresses appear in about 80% of emails,” explained Zixi Wang, a master’s student at Columbia University.
“We conclude that although extortion is a significant email threat with millions of malicious emails sent to victims each year, it is perpetrated by a relatively small group of perpetrators. (less than 100 attackers, probably even fewer assuming attackers use multiple bitcoin addresses.) This small group of attackers followed similar best practices and templates. It is probable that you are using
To keep a low profile, scammers typically ask for amounts between $400 and $5000, with 90% asking for less than $2000.
It is believed that this “sweet spot” was chosen because victims are likely to pay the fee without researching whether the scammers actually have the information they are compromising. It’s also small enough that it doesn’t set red flags for victims’ banks and tax authorities, Wang argued.
Scammers typically claim to have embarrassing photos or video images of their victims taken via a PC’s webcam using non-existent “spyware” and threaten to share them publicly. They may also threaten to share the victim’s email or chat history.
Wang argued that the fact that such a small group of fraudsters appears to be responsible for such a large threat is cause for optimism.
“First, we believe that if law enforcement can track down even a small number of attackers, they could greatly stop this threat,” she concluded.
“Second, extortion attackers seem to copy each other and follow very similar templates, so email security vendors should be able to block the majority of these attacks with relatively simple detectors. .”
