According to a new report published by the Symantec Anti-Virus Security Response Team, cybercriminals have made an estimated $1.2 million in Bitcoin (BTC), through sextortion scams in the past year.
The report also indicated that Symantec software blocked some 300 million extortion scam emails in the first five months of 2019. The report found a number of commonalities between the many extortion attempts that they documented over the past year.
Bitcoin Sextortion Scams
These scams took a variety of different forms but were most often centered around sexual shame and shame of watching pornography.
Millions of unsuspecting victims received an email with one of their old passwords in the subject line, which would undoubtedly catch their attention.
Source: Symantec
The email would tell the victim that their webcam was hacked and that they were recorded in embarrassing intimate acts. The scammers would then threaten to send the video to everyone in the victim’s contact list if a bitcoin ransom was not paid in a specified amount of time.
The scammers usually asked for a few hundred dollars. In some rare cases, the extortion attempts were more extreme, and some even involved bomb threats. In the bomb scare emails:
“The sender claims to have planted a bomb in your building that will be triggered if the requested amount of money is not paid.”
According to the report these scams are profitable ones, as an analysis of 5,000 bitcoin addresses revealed 63 received a total of 243 transactions. In these transavtions, the scammers reportedly netted a total of 12.8 bitcoin in May alone, at a time in which the cryptocurrency was trading at around $8,300.
The report adds:
If we take that as an average amount to make in a 30-day period for these kinds of scams, it means they are making just over US$1.2 million in a year ($1,292,586). For the amount of effort and skill that is required to carry out these scams, it represents a pretty good return on investment.
The mentioned wallets were already emptied by the time that they were examined at the end of May.
It doesn’t seem that these scams are targeted, considering that even 86-year-old women are getting emails with sextortion threats, as reported this week. It is most likely that these are just mass emails sent out to lists that have either been hacked or purchased.
Symantec is not exactly sure who is behind the crimes, but believe that these scams are being constructed by cybercrime groups, and probably not individual scammers. However, they did note that the barrier to entry for these crimes are very low, requiring very little technical know-how or startup cash.
Best Practices
The report concludes with a few “best practices” suggestions that include not opening attachments or clicking on links in emails from unknown senders. It also suggests securing all of your accounts with strong and unique passwords, as well as enabling two-factor authentication whenever possible.
Changing passwords on a fairly regular basis another good idea, as is covering your webcam when it is not in use, just for that extra peace of mind.