Crypto sextortionists have turned to Litecoin and other alternative currencies to evade detection, reveals a recent report by Cofense.
It seems that typical sextortion scams have come a long way from being a run-of-the-mill Bitcoin-demanding plain text extortion scams to sophisticated detection-blocking frauds. According to Cofense, a cybersecurity firm specializing in early detection of phishing scams, fraudsters and hackers are gradually moving from Bitcoin to Litecoin to avoid getting identified and caught.
How? By finding loopholes in the detection rules. Security enterprises prepare Bitcoin-focussed detection rules to identify and block phishing emails. What sextortion perpetrators do is modify the text and place an image that prevents key words from getting detected by Secure Email Gateways (SEGs), the report highlights.
Crypto sextortionists prefer Litecoin over Bitcoin
According to the report, the hackers supposedly install spying malware on victims’ computers without their knowledge, thus gaining access to browser history and webcam. And while until now, scammers demanded Bitcoin ransom in trade for keeping reputation-tarnishing information from getting public, modern-age scammers instead prefer Litecoin over the crypto king.
In an attempt to circumvent SEG bitcoin-detection guidelines, crypto sextortionists are using Litecoin wallet addresses, and gradually moving away from detectable patterns to alternative cryptocurrencies, the report suggests. Moreover, the modified emails contain very few to no identifiable keyword patterns.
The startling report also claims that threat actors can switch their preferred modes of payments almost easily. However, they need to keep in mind that the email recipients must have easy access to alternative currencies as the most popular exchange platforms only cater to a specific number of cryptocurrencies.
As a piece of precautionary advice, Cofense states that even though scammers have become smarter, most of the phishing emails turn out to be inconsequential as scammers fail to include stronger proof. Thus, users can safely ignore these trivial threats and move on.