New Extortion Email Threatens to Infect Your Family With Coronavirus
- Actors are trying to extort people by threatening them to expose their secrets and to infect their families with Covid-19.
- The crooks are using publicly available breach information, and present an old leaked password to trick the recipient.
- The message combines English and Greek letters to avoid spam filtering while remaining readable.
Actors are exploiting the Covid-19 outbreak as if there’s no tomorrow. There’s so much malicious activity going on right now that even keeping up with it is next to impossible. The latest warning comes from Sophos Security and concerns an extortion message sent by crooks to many thousands of email addresses around the globe. The content threatens the recipient to infect their family with Coronavirus if they don’t pay the absurd amount of $4,000 in Bitcoin.
The actors are following a simple yet effective method of trickery. First, they source publicly available breach data and locate paired email addresses and leaked passwords. Then, they send a “custom” message containing that password and ask the recipient if it rings a bell. It is a social engineering tactic, as the actors are hoping the password will be enough to convince the victim that they have extensive knowledge about the recipient. They claim to know where the targets reside, what they eat, whom they talk to, and every other little thing they do in their lives daily. Of course, none of this is true, but if the victim bites the bait, all that follows is easy.
The crook threatens to reveal the victims' “personal dirty secrets,” and even to infect their families with Coronavirus. The recipients have 24 hours to make the payment, and the actor is urging them to search Google on how to pay with Bitcoin. If the ransom is paid, the actors promise to delete the information they’re holding on the extorted person and never to bother them again. It is another blatant lie as if someone pays the ransom, the actors will return for more, so it’s a vicious cycle.
An interesting thing about this campaign is a bit of text found in the actual message sent by the actors. More specifically, there are Greek characters scrambled in the content, replacing similar-looking English letters. This means anyone can still read and understand what the message conveys, while it also helps pass through text-matching-based threat detection systems, which would typically send these emails straight to the spam folders. It doesn’t always work as expected, but it is a measure to maximize success rates.
Source: Sophos Security
If you happen to receive a message like the above, delete it right away and don’t even bother reading it. Not replying and not sending any money to the actors goes without saying. Finally, if you have any senior members in the family, warn them about the dangers of these emails and educate them on what they should do to protect themselves.