Global email-based extortion scams are the work of just a small group of fraudsters, new research from Barracuda Networks has revealed.
The security vendor teamed up with Columbia University to analyze over 300,000 extortion emails tracked by the firm over a one-year period. They looked specifically at the Bitcoin addresses used by the scammers in order to discern specific trends.
Read more on extortion: Users Warned of New Sextortion Attack
“We found that indeed the attacks are concentrated within a small number of bitcoin addresses. There are in total around 3000 unique bitcoin addresses in our dataset, of which the top 10 addresses appear in about 30% of emails, and the top 100 addresses appear in about 80% of emails,” explained Columbia master’s student Zixi Wang.
“We conclude that even though extortion is a significant email threat with millions of malicious emails sent to victims every year, it is caused by a relatively small group of perpetrators (fewer than 100 attackers, and probably an even smaller number than that, assuming attackers use multiple bitcoin addresses). We suspect this small groups of attackers use similar best practices and templates.”
To stay under the radar, the fraudsters typically demand an amount between $400 and $5000, with 90% asking for less than $2000.
This “sweet spot” is thought to be chosen because it’s more likely victims will pay without investigating whether the scammer actually has compromising information on them. It’s also a small enough figure not to raise any red flags with the victim’s bank or tax authorities, Wang argued.
Scammers typically claim to have embarrassing photos or video images of the victim, often taken via their PC webcam with non-existent ‘spyware,’ which they threaten to share publicly. They may also threaten to share the victim’s email and chat history.
Wang argued that the fact such a small group of fraudsters appears to be responsible for such a prolific threat is cause for optimism.
“First, we suspect that if law enforcement is able to track down even a small number of these attackers, they can significantly disrupt this threat,” she concluded.
“Second, since extortion attackers seem to be copying each other and following very similar templates, email security vendors should be able to block a large percentage of these attacks with relatively simple detectors.”