SEXTORTION

The email scam that utilizes stolen passwords

WHAT IS SEXTORTION?

Sextortion emails are a type of cyber scam where a hacker or scammer claims to have compromising information about the recipient, such as nude photos or videos, and threatens to release the information unless the recipient pays a ransom. The scammer usually asks for payment in a cryptocurrency such as Bitcoin, although they may also demand payment via other methods such as wire transfers or gift cards. Sextortion emails can be sent as part of a larger phishing campaign that is designed to trick victims into giving up sensitive information. In some cases, the scammer may also attempt to install malware on the victim's computer or device in order to gain access to additional information.

98% of payments in Bitcoin

Bitcoin is the currency of choice for cybercriminals and has been used in approximately 98% of all ransomware payments.

(source: Coveware)

$247k Average Demand

Based on the analysis of more than 700 attacks in 2021, experts estimated that the ransom demand averaged was $247,000.

(source: HelpNet Security)

10% of Spear-Phishing
Emails are Sextortion

Sextortion accounts for 1 in 10 spear-phishing emails, according to a report in Computer Weekly.

(source: Computer Weekly)


WHAT DOES SEXTORTION LOOK LIKE?

The fundamental elements involved in Sextortion email scams have been around for a number of years, aside from a more recent development - the inclusion stolen of a password used by the recipient in the subject line. This is designed to get the recipient’s attention.

Example of sextortion email requesting payment in bitcoin

The Threat

Scammers claim to have captured a photo or a video of the recipient accessing pornographic content and possibly engaged in masturbation.

Stolen Password

In an attempt to lend weight to the claim, the attacker will leverage a password used by the recipient, obtained in a previous data leak.

Payment Request

The ransom is asked for in cryptocurrency, usually Bitcoin. Amounts asked for vary, but are typically small enough to that the recipient may be tempted to pay for this to go away.

HOW DOES MESH PROTECT
AGAINST SEXTORTION?

Mesh applies over 250 unique filters to every single email it processes, protecting against the full spectrum of email attacks. Combining machine learning, predictive threat intelligence and advanced content analysis, Mesh identifies indicators of compromise, fraud, impersonation, phishing, malicious content, spam, and unsolicited marketing emails, keeping organizations and their people safe.

Dynamic Content Scanning

Next Generation Spam Filtering - text and images in the message body are dynamically scanned for indicators of spam and nefarious intent, including evasive techniques such as the use of Cyrillic characters, empty white space, and the packing of email with excess content.

Contextual Banners

Informed employees are safer employees. Banners can be applied to emails warning of danger or advising caution, empowering employees to safely navigate their inbox. Banners are customizable.

Predictive Threat Intelligence

Knowing what regular email traffic looks like makes it easier to recognize anomalistic email. Mesh utilizes a combination of Passive DNS Sensors, Deep-Relationship Analysis, Neural Networks and other information sources to detect abnormalities.

The detection accuracy is excellent & for the price point, it's a no-brainer.

Mesh has significantly reduced the amount of email-related tickets we receive. The ability to manage everything centrally from partner level makes our job so much easier - we can make changes for all clients in one go. Onboarding was quick and painless, both our engineers and end-users took to it straight away.”

Get the full case-study ⟶

Chris Pottrell
CEO @ Nebula IT


Ready to get started?

Make your customers safer and
your MSP more efficient.

MSP Success Stories

Discover how your MSP peers have made their MSPs more efficient and profitable, while delivering better email security to their customers.

View Success Stories →

Mesh is not for everyone

We’re developing the only email security platform built exclusively for MSPs, but nobody is perfect and Mesh is not for every team.

Learn Why →