Fraudsters targeting work email accounts to steal money, Barracuda study reveals

Fraudsters are leveraging multiple Bitcoin wallets to extort money, targeting work email accounts, warns cybersecurity firm Barracuda.

| Updated on: Jul 17 2023, 20:59 IST
Beware! Your Gmail email can be hacked with just one click!
Email fraudsters
1/6 In this hack, attackers use emails to send malware to your devices. This malware is known as ‘Vidar’, which looks like a simple text file, and is being used to steal people’s sensitive information. (REUTERS)
image caption
2/6 According to Trustwave senior security researcher Diana Lopera, hackers send an email containing a single attachment named ‘request.doc’. The hackers are using file formats to disguise the malware that generally do not raise suspicion, such as ISO and Microsoft Compiled HTML Help files, which are basically help documents for Microsoft. (REUTERS)
Email fraudsters
3/6 Once you click on the file, it attaches onto your computer and it is able to steal your data from various browsers and applications. The primary motive of these attacks is to steal your financial login credentials as well as login credentials of your social media applications. (REUTERS)
Email fraudsters
4/6 Although the malware is very malicious, it is relatively easy to avoid and there are various ways to avoid it. You should have anti-virus and anti-malware software installed on your device at all times. (Pixabay)
Email fraudsters
5/6 The best possible way to evade such Gmail email hacks is not to open mails and attachments from strangers. If the source is recognizable, then it is recommended to double check and scan the attachment for any possible malware or virus. (REUTERS)
image caption
6/6 Nowadays, Gmail automatically scans your attachments and notifies you in-case of detected malware. However, you should still be careful and immediately secure your computer and inform your bank in-case of any suspicious activities or transactions. (REUTERS)
Email fraudsters
icon View all Images
Email fraudsters exploiting Bitcoin wallets in growing extortion schemes, reveals Barracuda study. (Pexels)

In a recent report, cybersecurity firm Barracuda has shed light on a concerning trend in which email fraudsters use multiple Bitcoin wallets to extort money from their victims. These scammers employ tactics that involve threatening to expose embarrassing or illicit material, targeting numerous work email accounts simultaneously, and demand moderate payments of around $1,000 USD in Bitcoin. By utilizing this approach, attackers can remain undetected and avoid raising alarm among potential victims, security teams, and payment systems.

Insights from Columbia University Research

Barracuda's findings are based on an analysis conducted by a team of researchers at Columbia University, who examined 300,000 emails flagged as blackmail scams over the course of 12 months. The primary objective was to gain insight into the financial infrastructure employed by extortion email perpetrators.

Extortion attacks typically involve threats to expose compromising personal information, such as explicit photos, videos, or details of illicit online activities, with the intention of coercing victims into making payments, often in cryptocurrency like Bitcoin. The research findings have been outlined in a comprehensive report called the Barracuda Threat Spotlight.

extortion attacks
Amount of money asked for in extortion attacks. (Barracuda)
image caption
Amount of money asked for in extortion attacks. (Barracuda)

Concentrated wallet usage and attack patterns

The detection data provided valuable insights into the attack model. Notably, the analysis revealed that the attackers were utilizing a staggering 3,000 unique Bitcoin wallet addresses. However, it was observed that only 100 wallets were responsible for 80% of the extortion emails. This highlights the fact that a relatively small number of attackers were behind the majority of these malicious campaigns.

Furthermore, the researchers discovered that 97% of sender accounts associated with extortion emails sent fewer than 10 attack emails each. Additionally, 90% of the attacks demanded payments of less than $2,000 USD in Bitcoin.

Associate Professor of Electrical Engineering at Columbia University, Asaf Cidon, stated, "Our analysis suggests that extortion scams are implemented by a relatively small number of perpetrators, each firing off multiple small-scale attacks with moderate extortion demands. These relatively modest sums make it likelier the targets will cooperate with the extortion, and the relatively small number of emails per sender make it easier for attackers to evade detection by traditional security technologies and anti-fraud measures at payment providers and avoid arousing the attention of law enforcement and the media – which would alert potential victims to the scam."

Importance of addressing extortion attacks

Nishant Taneja, Senior Director of Product Marketing for Email Protection at Barracuda, stressed the importance of taking extortion attacks seriously, particularly when they target individuals through their work email accounts. Taneja highlighted the need for security teams to investigate how attackers gained access to the account details and whether they were compromised or stolen at some point. Such scenarios have significant security implications for both the targeted individual and the company they work for. The embarrassment and distress caused by these attacks often increase the likelihood of victims succumbing to the extortion demands.

To safeguard employees and organizations from extortion scams, security teams should consider investing in AI-powered email security solutions capable of detecting and blocking such malicious emails before they reach their intended recipients. Additionally, companies should prioritize employee training and implement security policies that discourage staff from using work email accounts to access third-party sites or store sensitive personal information on work devices.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 17 Jul, 20:59 IST