We recently observed a new variation of the creepy Bitcoin Sextortion Email Scam. Like those scams, the attacker sends emails claiming to have access to the recipient's computer files and webcam, and threatens to send embarrassing video to all the recipient's contacts unless a ransom is paid. However, there is one thing different: the scammer demands to be paid through Monero instead of Bitcoin.
Just when we think we've seen it all, we block a clever but dangerous phishing technique like this one. We call this "Phishception" because, like the layered storyline of the movie "Inception", here the phish is found nested within another phishing email.
Why does the Gift Card Scam slip through most anti-phishing software solutions?
Because most anti-phishing software only analyzes attachments or scans for suspicious links in an email. Gift Card Scam emails are dangerous because they do not have attachments or even links to click — they simply look like emails from someone important in an organization asking for help, but are actually from a cybercriminal.
In 2018 email fraud reached epic proportions both in terms of the sheer volume of fraud attempts and the staggering dollar amounts that businesses large and small are facing. Dealing with email fraud is a daily reality for email security professionals across all business verticals. The challenge, unique to email fraud as opposed to hacking and malware attempts is that every email user in an organization is a potential entry point for a successful phishing attack.
Topics: email fraud