We received here at Gatefy a new email threat. An attempt of extortion, filtered by our system. In the email, the attacker says that "the gatefy.com domain will be blocked forever and you will receive tens of thousands of negative comments from angry people." How would he do that? In short, the cybercriminal said that he would put our domain in thousands of email spam campaigns and that we would suffer the consequences of that.
The consequences would be, in his words, the "complete destruction of your reputation and the loss of clients forever." In order not to carry out the attack, the cybercriminal demanded the value of more than USD 2,500. He used a Hotmail email address to extort the money. At the end of the message, he still says in a tone of threat and consolation: "Transfer 0.3 BTC to my wallet and sleep peacefully without worrying about your site".
Data from extortion and other cybercrimes, according to the FBI
Extortion is defined, according to the FBI, as “unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure”.
Every year the FBI publishes a document with data on threats and cyber attacks. In the latest report, the Internet Crime Report of 2018, extortion appears as the second type of crime with the highest number of victims, totaling 51,146 complaints. First place refers to non-payment and non-delivery crimes (about 65,000). In third place is personal data breach (about 50,000).
The losses involving extortion crimes in 2018 exceed USD 83 million, points out the report. Despite being a high and considerable amount, extortion is only the eleventh type of crime by victim loss. The top three on the list are Business Email Compromise and Email Account Compromise, called BEC and EAC, (USD 1.2 billion), confidence fraud and romance (USD 362 million) and investment (USD 252 million).
Overall, last year, the FBI reported a total of 351,936 complaints and losses of more than USD 2.7 billion.
Phishing attacks also continue
Speaking of attacks and complaints, phishing attacks haven't stopped and are still a major threat to people and businesses. The Bleeping Computer has reported at least three new types of phishing attacks in recent weeks.
1. Phishing asks Outlook users to manage undelivered messages
One of the identified phishing scams brings undelivered emails as the subject. The message sent to Outlook users states that some emails have not been delivered, and that a link needs to be accessed to define what should be done with each message. The point is that it's a fake website that was created precisely in order to obtain the victims’ credentials. This is a typical phishing scam example.
2. Phishing claims that Office 365 accounts will be excluded
Another case has as email subject the following words "Urgent request". In this phishing scam, Office 365 users receive a message claiming that their account will be canceled, and therefore their emails will be deleted. To avoid the account cancellation, the user must access a malicious link that uses a malicious website to collect the victims' credentials. Another common and real example of phishing.
3. Phishing warns about unusual activity in Office 365
To close the list of three recently reported phishing cases, we have an email scam that also pretends to be from an Office 365 service. According to the message, an alert was triggered because there was "unusual volume of file detection." Of course, the message contains a bad link that redirects the user to a fake Microsoft account login page.
Phishing attacks have increased significantly, according to the Microsoft
Since we’re talking about Office 365, Outlook and phishing, it’s important to remember that Microsoft has released a few more numbers recently. The newest Microsoft Security Intelligence Report points out that the number of phishing attacks increased by 250% in 2018. The company scans more than 470 billion email messages every month for different types of threats.
How to protect my business
Faced with frightening numbers and so varied and sophisticated scams, the question is: and how can I protect myself? Or how can I protect my business?
The tip that serves both business and people is: pay attention. In general, criminals use a sense of urgency in their frauds. The goal is to catch you off guard, having to take an action without thinking straight. So always pay attention to the messages you receive. It means: check names, URLs, email addresses, content and the text spelling and grammar. If necessary, try to confirm the message in another way, such as by directly accessing the website of the company that contacted you.
Another important tip is to adopt protection and awareness tools, especially in the case of companies. A good way to get started is looking for protection and security mechanisms that fight ransomware, virus, phishing, and other advanced threats. As email remains the most commonly used platform by hackers to spread scams, you should know more about email security as well.