Cofense Labs Uncovers Large Scam Targeting Millions

One of the scariest things about online scams is their impact on enormous segments of the population. The victims often deal with reputational damage and expenses associated with recovering from the attack and improving their current computer security practices to reduce the chances of something happening again.

Anyone needing a reminder of the extent of some internet scams needs only consider recent news published by Cofense Labs. This research and development arm is associated with Cofense, a company that provides intelligent phishing solutions.

What Did Researchers Find?

Representatives from Cofense Labs compiled a database of more than 200 million people with compromised online accounts. Further research indicated that those people were targets for a sextortion scam. The scam’s reach got so substantial due partly to a botnet that was available on a for-rent basis, according to the Cofense team.

The researchers started monitoring the botnet after discovering it in June 2019. They confirmed it was not infecting computers with malware to find new data. Instead, the botnet searched for people’s reused credentials that got compromised through past data breaches. If a person’s email was on the botnet’s target list, they will likely receive a sextortion email — or may already have.

What Is Sextortion?

Sextortion occurs when a scammer tries to get a victim to pay a ransom to prevent the scammer from leaking sensitive information. For example, a cybercriminal who focuses on sextortion may claim they have webcam footage of a business leader engaging in sex with their partner. If the victim has a computer with a camera in the room where they typically have intercourse, they’d have no way of confirming whether the criminal has captured footage.

Sextortion can also occur if the perpetrator tries to get someone to perform sexual acts to stop information from becoming public. For example, some criminals attempt to force people to send them naked photos instead of ransom money.

Many experts say sextortion schemes are on the rise, and Cofense’s research confirmed that trend. It has reportedly already found millions of emails impacted by sextortion scams in the first half of 2019 alone.

Some hackers who start with sextortion also branch out into other types of attacks. For example, the same cybercriminals who sent out mass emails about a false bomb threat were linked to sextortion. Those criminals demanded up to $20,000 in Bitcoin payments from their victims.

How Can People Stay Protected?

The criminals behind this massive sextortion campaign recycled old email-password combinations from at least a decade ago, according to Cofense Labs’ cybersecurity professionals. They also said it’s easier for hackers to convey urgency and authenticity with their emails because people often have poor password hygiene and reuse their credentials across multiple sites.

Cofense’s dedicated page associated with the sextortion scam features a search function that people can use to find out if they’re on the target list. These individuals should immediately change their passwords associated with those accounts. The Cofense Labs researchers also do not advise people to pay the ransoms.

Staying safeguarded against this attack and others also requires getting smarter about choosing and using passwords. Using a password manager, for example, is a convenient technique for people who are worried about forgetting their passwords or not making them complex enough. Some password managers generate passwords for the sites people use and frequently change them.

Enabling two-factor authentication (2FA) is another cybersecurity safeguard recommended by Cofense Labs. Many sites with 2FA send temporary access codes to a user’s smartphone. Then, even if a hacker does get the username and password to log into someone’s account, the service would recognize the hacker’s location or device and would then give a message saying the person must also enter a provided code.

Other Recent Instances of Sextortion

Cofense Labs’ recent work illuminates how easily hackers can use different technologies — a bot, in this case — to spread the effects of their dangerous plans. Other recent instances of sextortion show the diversity of tactics hackers sometimes use.

Online gaming is giving sextortion criminals another arena they can prowl to find victims, according to a source who helps the FBI find online predators. In one sting, two dozen people in New Jersey got arrested for allegedly grooming minors for sex through games including Minecraft and Fortnite.

In another instance, hackers targeted French users with malware that recorded their screens as they watched pornography. The researchers did not find evidence that the cybercriminals were threatening users with the captured material. However, they noted the same criminals recently orchestrated a sextortion attempt to blackmail victims.

The cybercriminals also don’t seem to screen for people most likely to be scared by sextortion emails and pay up.

For example, an 86-year-old woman received an email from sextortionists who said they had footage of her watching porn. She started getting the messages soon after signing up for a Panera Bread loyalty program that would give her freebies on her birthday. The woman said she doesn’t use the associated email and password elsewhere.

Instead of feeling threatened by the hackers, the woman laughed about the incident with members of her water aerobics class. She also decided there was no way she’d pay the requested $1,400 worth of Bitcoin.

A Growing Problem in the Cyberthreat Landscape

Cybercriminals typically urge their victims to act quickly to avoid disastrous consequences. Sextortion works on the same principle. And, like other kinds of phishing, it often includes messages with attachments.

Cofense Labs shined a light on how sextortion is becoming more widespread. Internet users need to act now to avoid being future victims. Using strong and unique passwords is essential. Additionally, if users receive email threats, they need to think carefully instead of acting out of panic. Ignoring the email is often the best decision.

Kayla Matthews writes about cybersecurity and technology for publications like Malwarebytes, Security Boulevard, InformationWeek and CloudTweaks. To read more from Kayla, visit her blog: