chat
expand_more

Bitcoin Requested in New Extortion Scam

Recently, there has been a rise in scam emails demanding recipients to pay a ransom with bitcoin, or else the personal information attackers have gathered about the recipient will be released to the public. The means by which attackers have obtained this information...
October 14, 2020

Recently, there has been a rise in scam emails demanding recipients to pay a ransom with bitcoin, or else the personal information attackers have gathered about the recipient will be released to the public. The means by which attackers have obtained this information has evolved, as has the amount of BTC that is requested.

One thing that remains the same, however, is the goal of these scams: utilize high-pressure intimidation tactics to extort victims into paying attackers to remain silent about the information they do not have.
In this attack, attackers extort recipients for a bitcoin transfer in exchange for not revealing personal information that they claim to have stolen in a hack.

Summary of Attack Target

  • Platform: Office 365
  • Email Security Bypassed: Office 365
  • Victims: Employees
  • Payload: Text
  • Technique: Extortion

Overview of the Bitcoin Extortion Attack

This attack features an email that seemingly originates from a brand that services electrical contracts, but is actually a spoofed domain. The attacker begins by claiming they are a private investigator, that they are a part of an agency that compromises accounts, and they have discovered a plot to blackmail the recipient. However, they are not specific on what this plot is.

The email continues, claiming that they have negotiated a price with the agency they are working with and decided to give the recipient a discount, to be paid in bitcoin, in exchange for deleting the evidence that could damage the recipient's reputation and career. If the recipient chooses to ignore the warning, the attackers threaten to release the information.

The payload of this attack is provided in the body of the email. The instructions are provided for the recipient to send BTC to a specific wallet address. In the event the recipients are unclear on how to send funds to the wallet, they are instructed to "google" how to do it. If the recipients should fall victim to this BTC scam, they are will incur a financial loss of $2,500.

Why the Bitcoin Extortion Scam is Successful

The letter uses extortive tactics to demand action from the recipient, who is coerced into paying $2,500 to the attacker through a bitcoin wallet within two days. By ensuring that any and all information the attackers have obtained will be deleted, it provides a strong incentive for victims to pay attackers the ransom.

In addition, the sender is impersonating a brand ’trumbo.biz’, however, the email authentication fails, indicating the sender is spoofing the domain. By appearing to originate from a company domain, the recipient is given the impression the domain has been “hacked” so that when victims receive the attackers' message, they are more likely to believe the attackers' claims.

Abnormal stopped this email due to the unusual sender, spoofed email address, and the financial request. By understanding the intent of this email, we can understand that this is an extortion scheme that may be trying to steal information or money.

To learn more about how to protect your employees from extortion, see a demo of the Abnormal platform today.

Bitcoin Requested in New Extortion Scam

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Customers AI
Learn from Abnormal customers about the challenges of AI-enhanced attacks and discover why they trust AI-driven security solutions to stay ahead of these evolving threats.
Read More
B AI Mbx Prompts
Discover how to unlock the full potential of the AI Security Mailbox with custom prompts designed to enhance your generative AI output.
Read More
B Protecting Microsoft Accounts Blog
Microsoft, with its vast user base, is a prime target for cybercriminals. Discover the top 5 attack strategies used to compromise its users and systems.
Read More
B Convergence S3 Announcement Blog
Join us for Season 3 of The Convergence of AI + Cybersecurity as we explore deepfakes, the evolving role of the SOC, and the intricacies of AI-native security.
Read More
B AISM Augmenting Customer Facing Product with AI Blog
Learn how Abnormal Security leverages large language models (LLMs) to enhance security awareness and automate SOC teams’ workflows with AI Security Mailbox.
Read More
B Education Targeted Attacks Blog
Cyberattacks on schools have surged, exposing 650K+ records in the last 60 days. As the school year begins, phishing is a key threat to students, teachers, and staff.
Read More