It seems that fraudsters are so successful with extortion e-mails that they are now aiming at new target groups. Unfortunately, their tactics are becoming more and more efficient; the pressure on the recipients is increased gradually.
As if it wasn’t enough that in 2018 many individuals received extortionary e-mails – similar frauds now strike more and more small and medium-sized enterprises. New, on the other hand, is that a few days after the first threat a second e-mail pops up in the mailbox. Content: the addressee has now been punished for not having paid immediately. And the perpetrators threaten to continue until they receive the ransom money.
The previous scam has always been running off in the same manner. Pressure was exerted on individuals by means of feigning that a built-in camera in their computer had filmed them during sexual activities. To prevent the distribution of this material, the blackmailed must pay in money or the cryptocurrency Bitcoin.
Nowadays, the perpetrators threaten companies to send e-mails in their name to 1,000 customers. Those e-mails allegedly include disturbing, sexually explicit or sometimes racist contents. To substantiate the threat, a sample of such material is included by the blackmailers. They demand the transfer of Bitcoin to a certain account.
After a certain time, the same perpetrators send another message. This time it’s saying that the addressee has been punished for not having paid immediately: the first 1,000 e-mails have allegedly been sent out. The blackmailers claim that the ransom demand has increased due to the “wrongdoing” of the addressee and request more Bitcoin. Failing this, ransom demands would “continue for the next 363 days until we have proof of payment”.
Recommendation Deutsche Telekom
Despite the fact that the threat seems to be personal and real at first glance, these e-mails are bulk spam. Though the technical explanations in the e-mails give the impression to laypersons that the senders know what they are doing – the experts know better. The technical effort described in the e-mails would be absolutely unnecessary to send out those 1,000 e-mails. The professional-sounding background is just intended to make the threat seem more real.
So: Don’t react to that e-mail and put it where it belongs – in the trash bin.