More than 200 million email accounts have been compromised and are being targeted by a sextortion campaign, according to cybersecurity researchers.
Cofense has today published a database containing millions of compromised emails in which the victims were being threatened with the exposure of sexually compromising materials.
If the victim doesn’t pay ransom in cryptocurrency, hackers would threaten to share private photos and videos with the victim’s friends and family. How would the victim be sure that the hackers aren’t bluffing? Well, they’d share one of the victim’s passwords in the email.
Cofense says that poor password hygiene, reusing the same password across multiple sites and not changing passwords often enough are some of the reasons how hackers could get their hands on the victim’s credentials. The researchers claim these threats could lead to lost wages and a decrease in productivity.
These emails were being distributed using a botnet for rent, and according to the researchers, the hackers amassed more than $1.5 million in crypto.
“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” said Aaron Higbee, Cofense Co-Founder and CTO.
“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource centre so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom.”