Scammers use text-based images, QR codes, and other tricks to evade spam filters, says email security provider Vade Secure.
Sextortion scams are a favorite tactic of many cybercriminals. In this particular type of attack, the scammer claims to possess photos or video recordings of the recipient watching pornography and potentially engaging in certain sex acts. Unless the unsuspecting victim pays the requested bitcoin ransom, the attacker vows to share this recording with people in the person’s contact list. Normally, such emails would contain enough trigger words to be blocked by spam filters. But scammers are finding unique ways to get through security, as detailed in a blog post published Thursday by Vade Secure.
SEE: 10 ways to minimize fileless malware infections (free PDF) (TechRepublic)
For 2019, the FBI reported 43,101 reports of digital extortion in the US alone, leading to losses of more than $100 million. How many of those are sextortion scams is not recorded, but this particular type of scam has advanced from low-tech campaigns to more sophisticated and targeted attacks, according to Vade Secure.
In the past, most of these sextortion emails were sent in high numbers with links to Bitcoin sites, specific URLs, and other details that raised a red flag with security filters. But since these emails were frequently blocked by the filters, scammers were forced to devise more creative ways to reach user inboxes.
Using text-based images
In this type of email, cybercriminals use images filled with text rather than straight text. Since email filters only scan for straight text, scammers can still use certain keywords by including them in the images. They can also send the same message hundreds of times. If the message starts to get caught by security filters, the scammers simply distort the image slightly to obscure the threat.
The reliance on text-based images points out the need for image detection on the part of security filters and scanners. Machine Learning algorithms can analyze text, but Deep Learning algorithms with computer vision can scan images as well.
Hiding URLs and QR codes in attachments
The bitcoin URLs used by scammers to grab the ransom can easily be detected by security filters. That’s why many sextortion emails have switched to using QR codes, which many filters can’t detect. In this case, the URLs and QR codes are hidden in PDF file attachments that are seemingly harmless. These types of scams also use attachments to deploy malware that can take control of a computer, including a webcam, potentially capturing any activity that can be used to blackmail the recipient.