Cyber security solutions provider Symantec said it has blocked over 300 million malicious emails, most of which were sextortion messages, in the last nine months.
The researchers at Symantec analyzed data from the 5,000 most-seen Bitcoin addresses in May and found that 63 of those wallets received 12.8 bitcoins through 243 transactions in a month. The scammers, according to Symantec, earned an average of nearly $106,240 in May alone.
“During this time one bitcoin was worth approximately US$8,300, so the scammers received about $106,240 in total in a month. So at an average, these scammers are earning well over $1.2 million a year ($1,292,586),” the Symantec study stated.
The sextortion scam is gaining popularity and it’s a typical case where someone hacks into your webcam, records intimate acts and threatens to send the recordings to everyone in your contact list unless you pay them dollars in Bitcoins, said Talha Obaid, an expert on Email security at Symantec.
Symantec’s Email Security products managed to block nearly 300 million of such emails from January to May 2019. Symantec blocked about 30 percent of such emails in February alone.
Apart from sextortion emails, attackers also sent emails claiming to have a recording of the user visiting an adult website.
The attackers used a variation in the messages by using PDF, jpeg and png images of Bitcoin addresses in attachments to evade email security. The emails contained a password or partial phone number associated with them. The emails were sent to make it seem like the attackers have access to the email.
Never use the same password for every website
It is very important to use unique passwords for all your different online accounts so if someone gains access into one of your email accounts they will not be able to access your other accounts through sheer hit and trial.
Enable 2FA wherever it’s available
Most of the responsible online services provide 2FA, read as two-factor authentication. The first factor is the password, off course. The second authentication factor is mostly your phone number, and a message is promptly sent to your phone which the user has to key in once the password is validated in the previous screen. This makes it really hard for an adversary to take control of your account.
Use different email ids for different purposes
Your emails ids should be separate, have one for personal use for friends and family, another one could be for signing into online accounts and the third one just for professional use. So, if an adversary gains access to your personal email id they will not be able to access your professional emails.
Do not click on links from unknown sources
If you don’t know who the sender is no matter how tempting it is, do not click on any links provided in the email, unless you know its something you have signed up for and it’s from an authenticated source.
Delete unsolicited emails and attachment, do not open them
The rule is simple if you do not know who it is coming from do not open it. If you have not signed up for anything and you have an email wanting to sell you something or it says you have won an award, do not open the email or attachments in such emails as the attachment could be a carrier for malware.