Cyber Sextortion Scams Get Personal with ‘We Know Where You Live’ Tactics

Cyber attackers are using victims’ names, addresses, and even photos of their homes to personalise sextortion attacks and increase the pressure to pay, according to new research published by Barracuda, a leading cybersecurity platform providing complete protection against complex threats.

Barracuda’s latest Threat Spotlight reveals a sharp rise in sextortion demands. Previously, emails typically requested payments in the range of a few hundred dollars, maxing out around USD $500. Recent attacks, however, have seen demands escalate significantly, with amounts now reaching up to USD $2,000. To expedite payments, attackers are incorporating QR codes, making it easier and quicker for victims to comply with their demands.

Sextortion Cases Are Rising Exponentially

Sextortion scams are a type of extortion where criminals attempt to extort money from victims by threatening to release explicit images or videos unless demands are met. Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim to have compromising content, allegedly from the victim’s computer, and threaten to publicly share it if victims do not pay up.

Barracuda’s findings show that the latest sextortion emails see criminals addressing the victim by their first and last name, with the opening sentences of the email including the victim’s telephone number, street address, and city. The research also highlights how Google Maps images are being included in the emails, showing the victim’s home or work address.

According to Barracuda, extortion emails make up roughly 3% of targeted phishing attacks detected annually—with most of these being sextortion attacks. Every incident is a serious crime with potentially devastating impact that can range from monetary loss to significant emotional and mental distress.

“Sextortion emails are usually sent to thousands of people at a time, as part of larger spam campaigns, but their individual impact can be devastating in terms of monetary loss and personal distress, said Kyle Blanker, Manager, Software Engineering, at Barracuda. “To avoid being caught by security tools and filters and increase the chances of success, attackers vary and personalise their messages to appear convincing and terrify the victim into paying.”

Barracuda recommends keeping mailboxes and employees protected from sextortion spam by investing in Artificial Intelligence-based email protection, including account-takeover protection, coupled with proactive investigation and security-awareness training. Organisations should make it easy for employees to report highly sensitive and potentially embarrassing attacks and keep browsers and operating systems up-to-date helps prevent sextortion emails from infecting targets’ devices with malware.

Read the blog: https://blog.barracuda.com/2024/11/12/threat-spotlight-personalize-sextortion-scams.