2 min read

Sextortion scam with a twist lures friends into opening malicious attachments

Alina BÎZGĂ

March 23, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Sextortion scam with a twist lures friends into opening malicious attachments

In a peculiar take on the traditional sextortion scam, bad actors have started threatening to distribute stolen nude pics of your friend”s girlfriend.


The novel campaign targets the friends of an already “sextorted” victim who did not agree to the “terms” and refused to pay, according to new research by IBM”s X-Force team.


Threat actors deliver a message claiming they are now sending the private images to every person in the contact list of your friend, including you. To see them, you”re told to check the attachment.


If you”re curious to see who was targeted, and open the attachment, you”ll see a Microsoft Office document containing a blurred image. The contents are viewable only if you click on the Enable Content button. That”s when the malicious payload is downloaded on your device. The malware delivered is known as Raccoon, an info stealer detected by security researchers in underground forums about a year ago.


This malicious tool is distributed as malware-as-a-service to any hacker willing to invest $75 per week or $200 per month to target login credentials, credit card information, cryptocurrency wallets and browser information.
The delivery method is not limited to phishing campaigns though. Security researchers state that unpatched browsers and operating systems also pose a risk of infection, as exploit kits may be embedded on different websites.


Sextortion scams are a popular way for criminals to capitalize on the fear of having any indecent photos exposed online, to your family, friends or coworkers. The scammer will always make sure that, even if you”re positive no such material exists, your system is infected in some way and sexual explicit images were snapped using your webcam.


A word to the wise – ignore any such message that pops up in your Inbox. Definitely don”t click on the malicious attachment and do not enable any Macros in the document. Better safe than sorry! Simply delete the message. It”s always a good idea to have a security solution in place to ward off malware, spyware and phishing attempts.

Be Safe!

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo
Alina BÎZGĂ

August 09, 2022

2 min read
What is medical identity theft and how to protect against it What is medical identity theft and how to protect against it
Alina BÎZGĂ

July 27, 2022

2 min read
SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach
Alina BÎZGĂ

July 26, 2022

1 min read