Email sextortion scams are the fastest-growing phishing threat, judging by a study released on Thursday by Barracuda.
Employees are twice as likely to be targeted by sextortion emails than
BEC attacks, the study reports.
Sextortion threats now make up 11% of all spear phishing attacks, and BECs constitute 6%. Overall, 83% are brand impersonation attacks.
In the
sextortion scams, the bad actors typically use harvested email addresses to reach people and threaten them the release of compromising videos that they claim to have accessed on the victims’
computers.
Few people report these scams out of embarrassment. However, the attackers have no such videos.
Most of these emails are sent as part of larger spam campaigns, so few get
through spam filters, but the fraud artists “are continually evolving their email-fraud techniques, including using social-engineering tactics to bypass traditional email-security
gateways,” Barracuda notes.
These include social engineering tactics that help them bypass traditional email security gateways, the company says. In addition, some personalize the
messages, making it easer to get through. Few contain malware.
The subject lines do not usually mention sex videos, however — the top ones are “Security Alert”
(54%), “Change Password” and Other (12%).
But some take on a threatening tone, such as:
- You are my victim
- Better listen to me
- You don’t have much time
- You can avoid problems
This is my lastwarning name@emailaddress.com.
The education field is most likely to be targeted
by sextortion emails — it receives 54% of the attacks — followed by government (14%) and the business services sector (11%).
“The overwhelming focus on education is a
calculated move by attackers,” the study states.
It continues: “Educational organizations usually have a lot of users, some with a very diverse and young user base that may
be less informed about security awareness and that may be less aware of where to seek help and advice.”
The study ads that, “Given their lack of training and experience with the
nature of these types of threats, students and young people can be more likely to fall victim in these attack scenarios.”
To fight such attacks, Barracuda recommends AI-based protection
and security-awareness training.