Threat Response: Ongoing sextortion campaign

13-12-2018

Over the last weeks, we have received more reports of a large-scale sextortion campaign. This campaign has been ongoing for a couple of months. This attempted blackmail causes confusion, because in some cases the email seems to have been sent by the receiver.

Description

This email contains the message that the sender is in possession of compromising images and/or videos of the receiver. The sender wants to receive an amount of bitcoins. If this amount is not transferred, the sender will release these images. The sender says that changing passwords will not help, he will not lose his access.

Multiple variants of this message exist. In some cases a password of the receiver is mentioned. This password comes from an old credential leak. These variants are meant to invoke a sense of credibility.

Risk

The risk of this message is low. The sender does not actually have compromising imagery of the receiver. The variant where the sender is the same as the receiver however, points to the fact that the DNS settings of the concerning domain name are insecure. This allows everyone to send email as if it was sent from the concerning domain. Without these settings, receiving mailservers cannot check if this email is legitimate, and will accept it.

Mitigation

  • Throw away the email. Do not transfer any bitcoins.
  • Check the DNS settings of your domain. This specifically concerns the SPF records. You can use e.g. https://emailsecuritygrader.com. Enter your domain name, and take note of the results for “SPF Server Test.” If no SPF records are found, make sure they are set.

If you need additional information you can call us by phone or send us an email.

Phone number: 030-3031244 (during business hours)
E-mail: soc@northwave.nl

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.