Extortion scams are increasing in frequency and sophistication. The criminal contacts potential victims by email with a threat or claims to have compromising information that will be released to the public if the victim does not pay to keep it quiet. As 'proof' that the criminal has access to this material, the email includes sensitive information that only the victim should know, such as passwords. These attacks are becoming a new form of ransomware.
Attackers harvest stolen email addresses and passwords from past data breaches and use them in threatening email messages to add to the victims’ fears. They will either spoof the victim’s email address pretending to have access to it or claim to have personal or compromising information that they will use against the victim. Each email will contain payment demands with Bitcoin wallet details included inside the message.
Usually, extortion email messages are part of larger spam campaigns and are sent out to thousands at a time. Most of these emails will be caught in spam filters. However, like with many other types of email fraud, scammers are evolving their techniques to bypass email security and land in users’ inboxes. These attacks are becoming personalized and get sent out in smaller numbers to avoid detection. Attackers will use reputable email services like Gmail, vary and personalize the content of each message, and avoid including links or attachments — all in an effort to slip through security.
Extortion makes up about 7% of spear-phishing attacks, the same percentage as business email compromise. Employees are just as likely to be targeted in a blackmail scam as a business email compromise attack.
According to the FBI, the cost of extortion attacks was more than $107 million in 2019. On average, attackers ask for a few hundred or a few thousand dollars, an amount that an individual would likely be able to pay. Due to the large volume of attacks, the small payments add up substantially for attackers.
Extortion scams are under-reported due to the intentionally embarrassing and sensitive nature of the threats. IT teams are often unaware of these attacks because employees don’t report the emails, regardless of whether they pay the ransom.
There are a number of steps you can take to protect your users against extortion:
AI-based protection — Attackers are adapting extortion emails to bypass email gateways and spam filters, so a good spear-phishing solution that protects against extortion is a must. Artificial intelligence-based protection can identify attacks based on what normal communication looks like, including the tone of voice used by individuals. This allows it to recognize the unusual and threatening tone of extortion attacks, in combination with other signals, to flag it as malicious email.
Account-takeover protection — Some extortion attacks originate from compromised accounts. Be sure scammers aren’t using your organization as a launchpad for these attacks. Deploy technology that uses artificial intelligence to recognize when accounts have been compromised and used in fraudulent activities.
Multi-factor authentication — With multi-factor authentication (MFA) apps and hardware-based tokens, hackers will need more than just a password to access your accounts. While non-hardware-based MFA solutions remain susceptible to phishing, they can help limit and curtail an attacker’s access to compromised accounts.
Proactive investigations — Conduct regular searches on delivered mail to detect emails related to extortion. Search for terms like ‘Bitcoin’ to identify potential attacks. Many extortion emails originate from outside North America or Western Europe, so evaluate where your delivered mail is coming from, review any of suspicious origin, and remediate. Deploy technology that will automate threat hunting and remediation to stay ahead of hackers.
Security awareness training — Educate users about extortion fraud. Make it part of your security awareness training program. Ensure your staff can recognize these attacks, understand their fraudulent nature, and feel comfortable reporting them. Use phishing simulation technology to test the effectiveness of your training and evaluate the users most vulnerable to extortion attacks.
How Barracuda Can Help
Barracuda Sentinel is an API-based inbox defense solution that protects against business email compromise, account takeover, spear phishing, and other cyber fraud. It combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution.
Sentinel’s unique API-based architecture lets the AI engine study historical email and learn users’ unique communication patterns. It blocks phishing attacks that harvest credentials and lead to account takeover, and it provides remediation in real time.
Barracuda PhishLine is an email security awareness and phishing simulation solution designed to protect your organization against targeted phishing attacks. PhishLine trains employees to understand the latest social-engineering phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage. PhishLine transforms employees from a potential email security risk to a powerful line of defense against damaging phishing attacks.
Barracuda Forensics and Incident Response automates incident response and provides remediation options to address issues faster and more efficiently. Admins can send alerts to impacted users and quarantine malicious email directly from their inboxes with a couple of clicks. Discovery and threat insights provided by the Forensics and Incident Response platform help to identify anomalies in delivered email, providing more proactive ways to detect email threats.
Have questions or want more information about Extortion? Get in touch right now!