Incidents of sextortion grow as cyber crime booms: Beazley Breach Response

Incidents of so-called sextortion, whereby criminals attempt to extort money from users of pornographic websites, are increasingly rapidly, according to Beazley Breach Response (BBR) Services, which said a growing number of commercial clients were targeted by this in the fourth quarter of last year.

Sextortion is a new form of online bribery by cyber criminals who attempt to extort crypto-currency by claiming to have potentially embarrassing evidence of people using adult websites on work computers. They often involve demands for crypto-currency worth hundreds or thousands of dollars.

Usually, an individual will receive an email from someone claiming to have accessed the recipient’s work computer. The sender will claim they have tracked the addresses of pornographic websites the recipient has viewed and to have simultaneously recorded footage of their activity while watching these sites using their webcam.

They threaten to humiliate the recipient by sending all of their email contacts details of their online activity if their demands are not met. The emails often contain a link or zip file they claim directs the recipient to evidence of the internet usage or webcam activity or to a website to pay the crypto-currency ransom. If clicked on, the link may in fact spread malware that can steal information and GandCrab, a common ransomware used by hackers to lock-up the computer until the ransom is paid.

Beazley stresses that there is no sign yet that the targets of sextortion are anything other than hoaxes targeting random individuals, and it often turns out that no data has been compromised. However, a small number of emails sent out to thousands of recipients may indeed hit home. If these individuals did engage in inappropriate behaviour on their work computer, they could be vulnerable to extortion.

In the fourth quarter of 2018, Beazley Breach Response (BBR) Services was notified of these cases by several commercial clients involving demands for crypto-currency worth hundreds or thousands of dollars.

This comes as cyber-attacks on business email accounts continue to rise sharply. In 2018, the total number of email compromises handled by BBR Services increased by 133 percent, and the upward trajectory continues.

Helen Nuttall, international breach response manager at Beazley, said: “BBR Services is seeing sextortion emails being sent to individuals in multiple countries, including the UK, and across different industry sectors, from SME to large business. They are sent in the recipient’s local language, and often include reference to passwords known by the user.

“These emails are convincing as they often appear to come from within the individual’s own email account. This immediately makes the recipient believe that the account has been compromised. Combine this with the fear of potentially humiliating content being distributed to your friends/family/colleagues, it is easy to see why people are lured into paying the bribe.

“Sending spoofed emails is nothing new, but as these scams become more sophisticated, users need to be aware of the tactics. Don’t panic, delete the email, and perform a thorough scan of your computer using a recognised anti-virus solution. If the email comes from your business email domain, alert your IT department, who should take steps to lock down the domain.”

Katherine Keefe, head of BBR Services at Beazley, said: “As with all types of cyber-attacks employers need to treat seriously email compromise in its many forms. The sources of these emails should be scrutinized and organizations need to ensure employees are aware of practical measures to protect their data, such as via phishing training, and of ways to reduce the instances of email compromises escalating into a more serious cyber incident for organizations.”

Get all the latest re/insurance industry news with our daily newsletter -  sign up here.

More of today's news

Swiss Re battered by $3bn of claims but still makes profit

Profits plummet at AXA by 66% as IPO, nat cat cost hits

Alleghany 2018 results reveal fall in net earnings as cat losses hit

FCA wholesale broker report ‘finds some areas of concern’

Swiss Re unveils Internet of Things expert as new COO

New insurtech incubator launches in Hartford, Connecticut

PartnerRe adds former Chubb group chief underwriting officer to board

Download our whitepaper: 'Why Automation & AI Matters For Commercial Lines'