A new “sextortion” campaign has been detected making the rounds in North America and Europe.

Discovered early last month, the spam emails that were detected by ESET’s research laboratory have been trying to dupe unwitting victims by referring to old passwords that have been part of old data breaches.

Alexis Dorais-Joncas, lead of ESET’s research and development team in Montreal said that this type of scam campaign is not altogether new, since it repurposes old scams. The first time that scammers made waves with these tactics was in 2018 with a campaign that included the victim’s password in the subject line. Since these scams keep popping up, it is important for Canadians to be on the lookout for these types of emails.

The new scam borrows, or rather builds upon, the previous versions. The scammers start with an alarming message right off the bat to get the victim’s attention, usually by including one of the victim’s old passwords that was probably stolen as part of a previous data breach. Moving on, the fraudsters claim that the victim’s device was infected by some form of malware when visiting a porn website, and that allowed them to obtain both the victim’s password and access to their device. The scammers then purport to have made a video of the victim and the alleged “not safe for work” content.

Once the cybercriminals have scared their potential victims enough, they demand a sum to be paid within 24 hours or the embarrassing video will be released. They usually want the payment to be made in bitcoin.

After analyzing some of the cases stemming from this new sextortion scam campaign, ESET researchers found that it probably started sometime around the 8th or 9th of April.
To help Canadians avoid these attacks, ESET has complied the following tips for detecting and avoiding sextortion scams:

-Utilize Google
By simply googling the word scam in quotes, along with a phrase used in the suspect email you can easily investigate if people have received similar (fake) emails.

Contact your computer security vendor
-There is a very good chance that their tech support may know about it already, and that the company is preparing to block the next wave of such attacks if not blocking them already. And if they are not aware of this variant, they will certainly want to know so that they may protect their customer.

-Contact your email provider
Whether it is Gmail, Outlook, your company’s IT department, or some other entity, it’s not good to allow scams (one of many forms of spam) in their customers’ Inboxes. So, let them know, which will assist them to tweak their spam filters.

For more tips about online safety, please visit: www.welivesecurity.com