Blackmail and sextortion are not uncommon features of email phishing campaigns, but a new terrifying phishing attack implicates you personally with accessing child pornography.
Cyber security firm, KnowBe4, has revealed that this dangerous phishing attack presents itself as an official Central Intelligence Agency (CIA) document, stating that the recipient’s personal details are listed in a global CIA paedophilia investigation.
The email cites ‘proof’ within information allegedly gained from your browsing history, chatroom logs, and social media activity, claiming that an arrest warrant will be issued in due course.
However, the cyber criminal claims (as is customary in a phishing email) that they are one of a small number of people who have access to this proof and has security clearance to remove your details from the database for a bitcoin transfer of $5,000 USD.
Malware that ‘could ruin your life’
This currently circulating phishing campaign is particularly dangerous – not only does the email manufacture a malicious, damaging, and costly extortion attempt, but it also contains links potentially riddled with malware.
The researchers at KnowBe4 claim it’s highly probable that a scenario could occur in which you don’t pay the ransom but click on the link in a panic, compromising and granting access to your device.
With this access, cyber criminals could hypothetically upload and install child pornography onto the victim’s devices or flood their search history with fake searches for illegal content.
In this situation, the cyber criminal has the upper hand and could do one of two things:
- Cease communications with the victim, exploiting their compromised devices and accounts for long-term gain (information, money, etc.); or
- Blackmail the victim by threatening to anonymously alert the police regarding the illegal content installed on their PC by the cyber criminal.
Either scenario is incredibly serious and could ruin both your personal and professional lives. Even the association of yourself with child pornography is potentially career-ending and could result in your arrest.
Regardless, there is a real danger of this phishing attack becoming a fully organised criminal racket, so it is essential that you put procedures in place to protect yourself, your colleagues, and your business.
How to protect yourself against this, and other, phishing attacks
Be phishing-aware – you must familiarise yourself with the methods which phishing attackers use. Knowing what to look for is the first step in combatting malicious phishing attempts.
For example, phishing attempts will often contain an unnecessarily urgent or threatening manner followed by a more-than-convenient solution. The idea is that by creating a sense of panic, the victim is more likely to part with the money or information that the attacker desires.
You must also consider the email’s contents – does it look vague or generic, and does it directly address you? Phishing emails are often conducted as part of a mass low risk-high reward campaign, containing blanket information that could apply to anybody. They also typically address the recipient with a simple Hello (if at all).Don’t just rely on awareness, however – equip yourself with enterprise-grade email security. Phishing is the most common method that criminals use to infiltrate your business and it is roughly estimated that 91% of cyber attacks begin with a phishing attack.
Our email security solution offers protection against email-borne ransomware, round-the-clock threat monitoring, and comes with a flexible set of configurations. Most businesses rely on email as a primary form of communication, so don’t let criminals use this as an entry point into your business.
Combining employee awareness with next-generation cyber security solutions is the ultimate way to combat these threats. To speak to Neuways about phishing and email security, contact us on 01283 753333 or email hello@neuways.com.
