Sextortion, the scam that thrives in Latin America
At the end of November 2018, the research laboratory of the cybersecurity firm ESET warned about the increase in spam messages where users were being swindled. The transaction is simple, they threaten to share images or videos taken from the cameras or cell phones of the victims and many of these videos threaten to be sexual, in exchange, cybercriminals ask for bank transfers.
Like one of the chapters in Black Mirror, the operation threatens to reveal videos taken from computer cameras and is a crime that has grown in recent months, especially in France, Spain and Latin America, because it is not only a minor extortion, but it is an operation that has been going on for several months.
In the supposed hacking of the user's account, it is even advisable to change the password immediately; while in the body, the mail notifies that the account has been compromised thanks to the exploitation of a vulnerability in the router by means of malware.
"Supposedly and through these actions, the attacker had managed to obtain sensitive information from the victim, so he asked for a payment not to make public the data that could "compromise" the potential victim, in France we saw a major movement in May, but we see that other markets are attractive for this type of scam," said Ondrej Kuvobic.
What has most alarmed users is that they receive the mail from their own email address so they immediately look for mechanisms to prevent their information from being violated. However, on many occasions, this message is only a spam mail and in reality, the computers were not violated.
"The problem is that many people have believed that their computers or cell phones have been hacked by messages sent by criminals, but most of the time it is only a social engineering strategy that has been very effective in Latin American countries, because many people believe that they can use their information improperly," said Kuvobic.
Faced with this situation, the ESET expert points out that the ideal is to generate authentication mechanisms in email accounts, avoid opening messages that could be apocryphal and keep updates of operating systems and antivirus updates up to date.
In addition, for email services within organizations, it is important to avoid default settings, especially those that allow email relaying, as they are often used by spammers or even malicious code.
"In the case of the campaign we detected in May, we alerted several countries, as this scam managed to raise nearly half a million dollars from victims from different parts of the world," said the expert.
The amount is possible to know because it tracks the addresses of Bitcoin wallets that are given by cybercriminals within the extortion emails they send.
Since the detection of the e-mail, the Bitcoin address located by the analysts recorded 36 movements during almost a month of relatively constant activity, with a total received of 1.29 BTC (just over 4,300 dollars). And in fact, in just one day they managed to raise $1,400.
Source: El Mercurio