What are Extortion Attacks?
Extortion attacks are essentially blackmail by cyber means. Typically, the attacker in these scenarios claims to possess highly sensitive or embarrassing information regarding the victim that would compromise their public image.
These incidents target work email addresses and use the loss of their livelihood as the bargaining chip to solicit ransom payments from the victim in an effort to prevent their exposure. Payments for extortion attacks are almost exclusively conducted via cryptocurrency, in an attempt by the attacker to collect the funds anonymously.
How Does Extortion Typically Work?
Attackers identify a victim and threaten to leak embarrassing information unless a ransom is paid. In many cases, the attackers don't actually have the embarrassing data they claim to possess. They rely on the embarrassment of the accusations, which often allege inappropriate behavior captured on the victim’s computer as proof of the compromise, to prevent the employee from reporting the incident to security.
This means that although these incidents are almost always faked, people do pay the ransoms. While the individual ransom payments may be fairly small, when the cryptocurrency payments for these high-volume email campaigns are aggregated the results are not insubstantial. It is important to note that although these extortion attacks tend to garner publicity whenever they pop up, rarely do these incidents actually reflect a real compromise of company data.
Why Do Extortion Attacks Bypass Traditional Email Security?
Extortion attacks use social engineering to intimidate victims. Since these emails don’t rely on traditional red flags like malicious attachments and URLs, legacy email security won’t identify them as suspicious. They’re often entirely text-based and sent from seemingly innocuous email addresses.
How Can Modern Email Security Detect Extortion?
Extortion attacks usually contain manufactured urgency and suspicious requests. Advanced email security that uses natural language processing and behavioral baselining to understand an email’s context, tone, and content can flag an extortion attempt as suspicious.