SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
MailGuard warns against extortion phishing emails
Mon, 20th Apr 2020
FYI, this story is more than a year old

MailGuard has highlighted dangerous email scams following its interception of a large run of extortion phishing emails that demand a ransom payment in bitcoin.

According to MailGuard, there are several versions of the email scam, however the overall theme is the same and all attempt to blackmail their target.

For instance, the email will tell the victims that sensitive, often deeply personal and embarrassing information has been obtained and unless a ransom payment is made in bitcoin the content will be published.

The emails use various display names, subject titles and sender details. Some utilise compromised accounts and others forge the recipients' email addresses to confuse or trick the target into thinking their account has been hacked, as claimed in the email.

In many cases, the email contains the user's password from compromised accounts, in fact often in the subject line, to demonstrate that the cybercriminals have access to the account.

MailGuard states, “We strongly advise all recipients to delete these emails immediately without responding. Please share this alert with your social media network to help us spread the word around this email scam.

“It is key to remember that these scams are all fake, and cybercriminals do not have any incriminating or personal information to use against you. Rather, they are trying to tap into your fears and paranoia.

"This is a reminder to be careful about how we use our mobile devices and computers, and of the threat of online surveillance. Think carefully about what data is being stored or shared online that might be used against you," the company wrote in a statement.

According to MailGuard, in most cases if you receive an email there is no reason to be concerned. These emails are typically generated in their thousands by online scammers using limited personal details, with the aim of scaring recipients into paying the ransom.

The information in the email is often collected from the internet from previously known data breaches. As such, MailGuard recommends people to not give the perpetrator any money or images, and stop all contact with them.

If a blackmailer is threatening to reveal intimate images online, do not give in to their demands, instead report it to the Office of the eSafety Commissioner.

If the email includes a recognisable password, all accounts that use this password should be changed. Make sure to use a strong password and don't reuse passwords across different accounts. You can also set up 2-factor authentication where available.

To find out where your email may have been included as part of a data breach you can visit Have I Been Pwned.