Spam and phishing emails are a constant plague in our inboxes, but more recently, sextortion campaigns have also appeared on the radar.
This particular brand of fraud attempts to capitalize on how some of us view adult content -- a personal and private matter, and one of which we would not necessarily want contacts such as friends or family to know about, or to become acquainted with our viewing preferences.
Often, these emails will claim that someone has been watching you through your webcam at the same time you are watching pornography or live cams and they not only know what you have been watching and when, but have also obtained the contact information of friends, family, and co-workers.
Emails may also include a password from an online account, stolen through a data breach and published online in data dumps, to appear more authentic.
See also:France asks Apple to relax iPhone security for coronavirus tracking app development
Cybercriminals will then demand a payment from victims in cryptocurrency such as Bitcoin (BTC) or Ethereum (ETH) to stop footage of the victim apparently watching pornography from being leaked.
Given the adult nature of these threats, some recipients of sextortion emails do fall for this tactic and pay up. But where does the cryptocurrency go?
Researchers from SophosLabs, together with analysts from CipherTrace, decided to find out.
On Wednesday, the companies published an investigative report on a large sextortion campaign that was active from September 2019 to February 2020.
Millions of sextortion spam emails were sent during this timeframe. Victims were asked to pay up to $800 in BTC into wallet addresses owned by the fraudsters, amassing the cybercriminals roughly $500,000 -- 50.98 BTC -- during the scam's lifetime.
The scheme employed botnets made up of compromised PCs worldwide to send out spam. The majority of the emails were sent in English, but some were also sent in Italian, German, French, and Chinese.
The sextortion campaign appears to be a cut above most as the fraudsters used obfuscation techniques to bypass spam filters, including white garbage text blocks, random strings, and adding words in Cyrillic script to confuse scanners.
An example of the sextortion message is below:
The research teams analyzed the wallet addresses associated with the campaign which pulled in an estimated $3,1000 a day in proceeds. Wallets that received deposits were cycled every 15 days or so.
In total, 328 addresses were tracked, 12 of which were connected to online cryptocurrency exchanges and online wallet services -- many of which already considered "high-risk" as they do not impose Know Your Customer (KYC) requirements, making them useful in money laundering.
Cryptocurrency exchanges including Binance, LocalBitcoins, and Coinpayments were also "unknowing participants" in cryptocurrency washes, in which funds are moved around to clean up dirty trails, according to the researchers.
Other transactions were connected to private, non-hosted wallets. In total, 316 transactions made up to three 'hops' from one original transaction address, ending up in places including the Dark Web Hydra Market and credit card dump marketplace FeShop. Funds were also sent to other corners of the underground criminal economy including mixers for conversion to other cryptocurrencies, cash, and services.
One wallet used in the sextortion scheme was also connected to a BTC transaction linked to the 2019 Binance hack.
"There were 13 addresses among the 328 passed to CipherTrace that did not have traceable outbound transactions," the report says. "But for the remainder, whoever was behind the wallets did not let their cryptocurrency spoils sit for long. Based on the date of the first input (when the first extortion payment transaction occurred) and of the last output (when the last of the value of the wallet's Bitcoin was drained), [there is] an average "lifespan" of approximately 32.28 days."
Tracking the funds from the sextortion campaign in the real world is a difficult prospect, not only due to the anonymization factors of wallets but also due to the use of IP masking and VPNs.
CNET:Senator asks Google and Apple CEOs to be personally liable for COVID-19 tracking project privacy
Out of all 328 addresses, CipherTrace was able to track the IP data of 20 addresses, but each of these was either connected to VPNs or Tor exit nodes. The majority of the deposits ended up in global cryptocurrency exchanges and the use of these solutions can bypass geographical restrictions, giving the teams little to work with when it comes to honing in on the true locations of threat actors.
"Given that some of the transfers were used to obtain stolen credit card data or other criminal services -- probably including more botnet services for sending spam -- the payouts from the sextortion campaigns are funding yet another round of scams and fraud," the researchers said.
TechRepublic:Security teams want new tools but lack the budget to experiment
Earlier this month, cybercriminals stole over $25 million in cryptocurrency belonging to Lendf.me. It is believed that a combination of security flaws and blockchain features were strung together in an attack that allowed the threat actors to repeatedly make withdrawals.
Three days after the assault, the cyberattackers returned all of the funds following the leak of an IP address during the attack and direct negotiation with the cryptocurrency exchange.
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
- Bitcoin Exchanges And The Cryptocurrency World Was Just Rocked - JD Supra - July 11th, 2020
- New York Court Approves Investigation Into $10 Billion Cryptocurrency Created By A Presidential Candidate - Forbes - July 11th, 2020
- Huobi Global Provides Insight on What Is Driving the Institutional Interest in Cryptocurrency Investment - PRNewswire - July 11th, 2020
- What Challenges Affect the Cost of Running a Cryptocurrency Exchange - Cointelegraph - July 11th, 2020
- Cryptocurrency And Blockchain Technology Market size Reap Excessive Revenues size COVID-19 2022 - Kentucky Journal 24 - July 11th, 2020
- Fast Pace of Cryptocurrency Adoption in Latin America May be due to Dramatic Rise in Smartphone Users, Bitso Executive Reveals - Crowdfund Insider - July 11th, 2020
- NetCents teams up with crypto fintech company to utilize US$1.4 billion credit facility - Proactive Investors USA & Canada - July 11th, 2020
- Explainer: What is 'LBCOIN,' the new Lithuanian state-backed cryptocurrency? - Euronews - July 9th, 2020
- Cryptocurrency News Update: XRP and ADA on fire, BTC lags behind - FXStreet - July 9th, 2020
- Kaspersky Fraud Prevention helps Indacoin halt fraudulent operations with cryptocurrency - CRN.in - July 9th, 2020
- Cardano Becomes 6th Largest Cryptocurrency As Charles Hoskinson Pushes for Unity in Emerging Blockchain Industry - The Daily Hodl - July 9th, 2020
- There are now 13173 BTC millionaires around the world - Nairametrics - July 9th, 2020
- Cryptocurrency as an alternative during times of inflation - ITProPortal - July 8th, 2020
- The lawfulness of cryptocurrency mining in Bulgaria - Lexology - July 8th, 2020
- Cryptocurrency-Focused Docuseries Airs to Millions of Viewers via the Discovery Science Channel - Bitcoin News - July 8th, 2020
- Cryptocurrency Market News: Twitter users can send Bitcoin and crypto to each other thanks to a new service - FXStreet - July 8th, 2020
- What are Cryptocurrency Signals and their role in trading - TechGenyz - July 8th, 2020
- Cryptocurrency Market Update: Cardano to the moon as Bitcoin, Ethereum and Ripple stall - FXStreet - July 8th, 2020
- Latest News On The Cryptocurrency Market | Intel, CoinBase, BitGo, and Binance - Owned - July 8th, 2020
- New Token Listing Alert: Levolution's LEVL Token is Officially Live on Changelly - PRNewswire - July 8th, 2020
- The Profitability of Cryptocurrency Bitcoin Now and in the Future - Chiang Rai Times - July 8th, 2020
- Cryptocurrency Cardano increased by 15% - The Times Hub - July 8th, 2020
- Cryptocurrency Cardano grew by 10% - The Times Hub - July 8th, 2020
- Cryptocurrency trading vs. forex: The similarities and differences - AZ Big Media - June 25th, 2020
- Financial Inclusion, Cryptocurrency and the Developing World - Cointelegraph - June 25th, 2020
- Phishing and cryptocurrency scams squashed as one million emails are reported to new anti-scam hotline - ZDNet - June 25th, 2020
- 83% of BTCs addresses are smiling to the Bank - Nairametrics - June 25th, 2020
- Protesters Around The World Are Putting Their Hopes Into Cryptocurrency - Forbes - June 25th, 2020
- The Benefits of Cryptocurrency Trading Crypto Benzinga - Benzinga - June 25th, 2020
- Miners Are Sending Bitcoins to Exchanges Again and That May Be Bearish - CoinDesk - CoinDesk - June 25th, 2020
- Akon City: $6 Billion Cryptocurrency City Set to Begin Construction | News - Bitcoin News - June 25th, 2020
- UNICEF Cryptocurrency Fund announces its largest investment of startups in developing and emerging economies - UNICEF - June 25th, 2020
- NetCents Technology paves the way for mainstream cryptocurrency adoption by offering daily settlements to merchants - Proactive Investors USA &... - June 25th, 2020
- Cryptocurrency Market Share Analysis and Research Report by 2025 - CueReport - June 25th, 2020
- From Ethereum to Stellar, to Solana: Cryptocurrency Kin Confirms Blockchain Migration - CoinDesk - June 25th, 2020
- Jim Rogers Discusses Bitcoin as Money and Why Governments Will Stop Crypto | News - Bitcoin News - June 25th, 2020
- Latest News On The Cryptocurrency Market | Bitmain, NVIDIA, Xilinx, Intel, Advanced Micro Devices, Ripple, Bitfury, Ethereum Foundation, CoinBase,... - June 25th, 2020
- EY Launches First-Of-Its-Kind Cryptocurrency Reporting App - PRNewswire - June 25th, 2020
- Cryptocurrency: Redefining the Future of Finance - Visual Capitalist - June 16th, 2020
- A Cryptocurrency User Paid $2.6M In Transaction Fee To Send $136 Twice - Benzinga - June 16th, 2020
- Cryptocurrency Regulations in times of COVID-19: A boon or bane to India? - Lexology - June 16th, 2020
- Are CryptoCurrencies The Future Of Finance? - Digital Information World - June 16th, 2020
- Nevermind Coinbase Big Brother Is Already Watching Your Coins - Cointelegraph - June 16th, 2020
- Fireblocks integrates with Chainalysis to set a new compliance and security standard for financial institutions and cryptocurrency businesses -... - June 16th, 2020
- Creating A Crypto-Exchange - The Types & The Steps - YourStory - June 16th, 2020
- Cryptocurrency Market News: Bitcoin and the rest of cryptos following the global stock market - FXStreet - June 16th, 2020
- Latest Update 2020: Cryptocurrency Market by COVID19 Impact Analysis And Top Manufacturers: ZEB IT Service, Coinsecure, Coinbase, Bitstamp, Litecoin,... - June 16th, 2020
- Latest News On The Cryptocurrency Market | Intel, CoinBase, BitGo, and Binance - WorldsTrend - June 16th, 2020
- Justice Gets 15 Guilty Pleas for International Crime Ring that Laundered Money Through Cryptocurrency Exchanges - Nextgov - June 13th, 2020
- Why Bitcoin Suddenly Dropped 6% on Thursday - CoinDesk - CoinDesk - June 13th, 2020
- Cryptocurrency Mining Hardware Market Growth Trends, Key Players, Competitive Strategies and Forecasts to 2026 - Jewish Life News - June 13th, 2020
- Cryptocurrency Market News: Bitcoin drops to $9,100, the rest of the market follows suit - FXStreet - June 13th, 2020
- Due to COVID-19 Cryptocurrency Market Groundwork 2020: Provides an In-Depth Analysis on the Future Growth Prospects and Global Market Trends Forecast... - June 13th, 2020
- Binance Launches Quarterly BTC/USD Futures With Up To 125x Leverage - Benzinga - June 13th, 2020
- CashTelex Is Driving Mainstream Crypto Adoption Through Its Brand New Physical Asset-Backed Cryptocurrency CTLX - Yahoo Finance - June 13th, 2020
- Chainalysis Partners with A&D Forensics, Expanding Access to its Cryptocurrency Investigative Tools in Africa - bitcoinke.io - June 13th, 2020
- Cryptocurrency Can Become a Medicine to Treat the Challenges Caused by Covid-19 - Coin Idol - June 13th, 2020
- Global Cryptocurrency Mining Market Expected to Reach Highest CAGR by 2025 Top Players: Advanced Micro Devices, Inc, Russian Miner Coin, Halong... - June 13th, 2020
- The emerging world of cryptocurrency - Global Banking And Finance Review - June 13th, 2020
- Someone paid $2.6 million in fees to move $134 worth of crypto and oops - Mashable - June 11th, 2020
- 80% of US and European Institutional Investors Find Cryptocurrency Appealing: Survey - Bitcoin News - June 11th, 2020
- Zilliqa, the fast-rising cryptocurrency that has gained more than 845% since March - Nairametrics - June 11th, 2020
- Cryptocurrency misappropriation, hacking, theft and fraud on target for banner year - JD Supra - June 11th, 2020
- Cryptocurrency Quotes and Forecasts: Last Updates on Cryptocurrencies - FinSMEs - June 11th, 2020
- Europol busts $17 million illegal Netflix site that used cryptocurrency - Decrypt - June 11th, 2020
- Watch | What is crypto-jacking? - The Hindu - June 11th, 2020
- Cryptocurrency and Capital Gains: The Sources of Vermont Candidates' Wealth - Seven Days - June 11th, 2020
- Cryptocurrency Market 2020 | Scope of Current and Future Industry 2026 - Surfacing Magazine - June 11th, 2020
- Meet ZCash, the cryptocurrency that protects your privacy better than Bitcoin - Nairametrics - June 11th, 2020
- Riot Blockchain Continues Optimization of Mining Operations - AiThority - June 11th, 2020
- GPU as a Service Market to Witness Remarkable Gains From Cryptocurrency Mining Applications 2025 - 3rd Watch News - June 11th, 2020
- Cryptocurrency Market Update: IOTA rockets to the moon Bitcoin, Ripple and Ethereum in consolidation - FXStreet - June 11th, 2020
- The Bull & The Bear: Dispelling, Confirming Myths and Truths About Crypto - Money and Markets - June 11th, 2020
- Trio of Analysts Bullish on Ethereum (ETH) As Cryptocurrency Shows Robust Fundamentals - The Daily Hodl - June 11th, 2020
- Cryptocurrency Market Update: Bitcoin needs to settle above $10,600 to avoid the sell-off - FXStreet - June 11th, 2020
- Regulating cryptocurrency exchanges - The Indian Express - June 2nd, 2020
- Russia Sort Of Dropped The Hammer On Bitcoin, Crypto - Forbes - June 2nd, 2020
- Cryptocurrency This Week: Indian Crypto Exchanges Witness Surge In New Users, Bitcoin Sees $1000 Spike & More - Inc42 Media - June 2nd, 2020
- SEC Wins Terminating Sanctions Against Cryptocurrency Creator - Law Street Media - June 2nd, 2020
- Bitcoin hodl waves indicate 60% of the cryptocurrency is being hoarded analysts suggest a bull run could be - Business Insider India - June 2nd, 2020