Mail Spoofing
Crypto Trends & NewsGuide & Tutorials

“You have a pending payment”: the new sextortion scam that comes to you from your own email address

Cybercriminals use the ‘mail spoofing’ technique to spoof the private domain email address to deceive victims.
—————————————————————————————————————————–

Mail Spoofing Alert- Unraveling the New Sextortion Scam from Your Email Address

The Internet User Security Office (OSI) has detected a sextortion campaign that uses the mail spoofing technique. Cybercriminals spoof the email address of a sender’s private domain to trick victims into believing that they have managed to install a Trojan on their devices.

Through extortion, victims are encouraged to pay money to a Bitcoin wallet account in exchange for the scammers not publishing intimate or private information.

Throughout the email, the scammer explains to the victim that, after having purchased credentials from an alleged hacker, he has obtained their data to access the devices and infect them with spy software with which he has collected information and recorded intimate videos.

After explaining the situation, he demands that a payment be made in Bitcoin to a wallet account within 48 hours under the threat of publishing the content; however, the urgency prevents the user from analyzing the situation; therefore, this causes that payment to be made as soon as possible.

The body of the email also includes the instructions and data necessary to transfer the requested money, in addition to warning what actions you should not take, such as calling the Police or requesting help. On the other hand, the cybercriminal assures the victim that if she makes the payment, she will not expose the private content and will remove the spyware.

Have you fallen into the trap? Follow these steps:

  • If you have received the email, delete it from your inbox and mark it as spam.
  • If you have paid the cybercriminal, you must collect all the evidence to contact the State Security Forces and Bodies (FCSE) and file a complaint.
  • Block all possible communication with the cybercriminal.
  • Go to ‘egosurfing‘ to check if any intimate information or videos are exposed.

    Leave a Reply

    Your email address will not be published. Required fields are marked *