Cybercriminals are lurking in the dark and carrying out their evil activities behind their computer systems. This time, they have targeted the world of cryptocurrencies once again, stealing more than $300,000 worth of Bitcoin (BTC). The crime was said to be committed using a series of blackmail campaigns, weaponizing emails, and dubbed as the “Sextortion” scam.
This scam is not new though. It started in 2017, but only became popular when the list of victims substantially grew in mid-2018.
According to a study conducted by Digital Shadows, a UK-based digital risk assessment firm that tracked over 792,000 targeted emails, Bitcoin in the range of $300,000 was stolen from over 3,100 unique BTC addresses.
The report further revealed that the stolen money was then deposited in as many as 92 BTC addresses. They suggest that the criminals engaged in “sextortion” and took an amount totaling $540 in BTC from each victim.
The report defined “sextortion,” as follows;
“Spam campaign claiming to have footage of recipient watching pornography. Included threats to release a video publicly.”
The scam takes place after the victim was sent with an email threatening that an explicit video of them was recorded using their webcam. The threat includes the blatant release of the said video; if the victim refuses to send a specific BTC amount to a given address.
The report reveals that the operation stretch to some different locations, or rather IP addresses. According to the report, the highest proportion of the emails disseminated from Vietnam (8.5 percent), Brazil (5.3 percent), and then India (4.7 percent).
Scammers also hire new accomplices to carry the operations on and were paid a whopping $360,000 a year, the report said. More skilled criminals were even paid up to $768,000 a year.
Rafael Amado, a senior strategy and research analyst at Digital Shadows further elaborated that social media sites like LinkedIn were primarily targeted to find the right victim.
“Using it can help identify a potential victim’s job, likely salary and firms they have worked for. They may also disclose details of family members, marital status and their location. If this is supplemented with breach data such as passwords, then it can make an extortion attempt more potent.” he said. /apr