Online extortionists are now threatening email victims with COVID-19 infection if they don’t pay thousands of dollars, marking yet another evolution in their scam tactics.
Sophos reported the sextortion scam, which follows a similar pattern to others of this type. The attackers divulge previously breached information on the victim, in this case one of their passwords, to lend credence to their claims that they have “every dirty little secret about your life.”
“Tο sταrt with, I κηοw all of yοur passwords. I αm awαre of your whereαbοuτs, what yοu eaτ, wιth whοm you tαlk, every liττle τhing yοu do in α day,” the email continues.
However, instead of directly threatening to release a compromising webcam video of the victim watching adult content, the scammers take another tack in this attack.
“What αm Ι cαpable οf dοιηg? Ιf I wαηt, I cοuld eνen infect yοur whοle fαmily with τhe CοronαVirus, reνeαl all of yοur secrets. There αre cοunτless τhiηgs I cαn dο,” they write.
Interestingly, they have used Greek characters in place of similar-looking English letters such as A, N, O, T and V to disguise the words from the text-matching techniques used by email security filters.
The use of COVID-19 in this attack is just one of many examples of cyber-criminals using widespread anxiety over the pandemic to further their own agendas.
Most common are phishing attempts designed to trick users into clicking on a malicious link or opening a malware-laden attachment with the promise of finding out more info on the virus.
Recipients of this latest sextortion scam are required to pay $4000 in Bitcoin within 24 hours.
“Ι wιll iηfect eνery member οf your family with τhe CοronαVιrus. No matter how smart yοu αre, belieνe me, ιf Ι waητ to αffect, Ι caη,” the note concludes. “Ι will also gο αheαd aηd reνeαl yοur secreτs. Ι will comρletely ruiη yοur lιfe.”