Attackers are using X-rated material — or the promise of it — to get people to open emails. This “hot” new form of phishing increased by 974% between May 2020 and April 2021, according to new data from GreatHorn.
It would be difficult to mistake these emails for promotions from your favorite department store. But if you clicked on one, even by accident, you could find yourself in a heap of trouble.
Take the emails that link to hungrygrizzly.com, which seems to be a dating site. The motive here is to deceive visitors into giving up payment information.
But your data could also be transmitted to cybercriminals, who will use to withdraw money from your account, or even to blackmail you. For example, someone could be identified as a porno enthusiast to their spouse or employer.
In blackmail cases, attackers track the identity of a victim who clicks on their site by conducting an email pass-through -- a technique that enables legitimate email senders to auto-populate an unsubscribe field with a user email address.
The email address is automatically passed on to the linked site when the victim has clicked.
Another email, using a domain name starting with the letter “f,” offers to bring you to a site with salacious photos. But the pictures may not even be there. But once you click, you will be recorded as phish bait.
The site supposedly will let you search for individuals in your area once you “confirm zip code.”
In general, such emails are designed to throw people off balance, and create an emotional reaction that gets them to click through and take a compromising action.
According to GreatHorn, appear to target male-sounding usernames in company email addresses. And they reach across a broad spectrum of industries.
Some emails, in a tactic called “Dynamite Phishing,” use shocking headers and subject lines. The goal is to “put the user off balance, frightened – any excited emotional state – to decrease the brain’s ability to make rational decisions,” GreatHorn states.