Weekly Threat Report - 18th October 2019
Sextortion scam targeting millions
A large sextortion campaign is potentially targeting more than 27 million victims using a network of infected devices, otherwise known as a botnet.
Sextortion scams are a type of phishing attack which coerce people to pay a cryptocurrency ransom because they have been threatened with the potential sharing of damaging content – in this case, compromising photographs of the recipient.
The botnet is said to be reaching its victims at a potential rate of 30,000 emails per hour. The emails include personal details such as passwords in an effort to convince victims that the threat is real. In reality, these details have been gathered from existing data breaches.
The attackers threaten to release compromising photographs of the victims unless they pay $800 (£628) in the cryptocurrency Bitcoin.
Sextortion attacks are a particularly devious way of playing with people’s emotions and the NCSC has produced comprehensive advice on how to protect yourself against this form of scam.
Major carding forum suffers data breach
More than 26 million debit and credit cards have been stolen for a second time from a marketplace dealing with stolen card data.
It is reported that the card details had initially been stolen from high street retailers over the past four years, including 8 million stolen in 2019.
Criminals can potentially use the data to create fake magnetic-strip cards with which to buy items in-store. Although the roll-out of chip and PIN cards is intended to put an end to this practice, there are still enough retailers and cardholders using the older-style cards to make carding forums, where stolen details can be bought, a going concern.
The NCSC has produced guidance about the threat of phishing following data breaches.
Those affected by data breaches and the theft of card details should be vigilant against any suspicious activity on their bank accounts and credit cards and contact their bank with any concerns.