Scammers know all the tricks to catch potential victims in their data-stealing traps. Hidden malware, fake advertising, or bogus phishing apps are all part of a cybercriminal’s technological arsenal. But there is one aspect that scammers frequently target: the human mind.
Tricking a victim into clicking on a malicious link takes some skill, but mentally manipulating them into action is fraud on a completely different level. The covert techniques aren’t anything new, but lately, it has become more prevalent. Tap or click here for reasons you’re getting so much email spam.
Mainly targeting professionals with male-sounding names, a new email campaign is spreading NSFW content to work inboxes. In the hopes of shocking victims into doing something irrational, cybercriminals manipulate office workers to install malware. Keep reading for all the shady details.
Here’s the backstory
X-rated material, frequently used in sextortion attacks, is not the preferred method of criminals. Corporate email networks usually root out any content that contravenes the organization’s policies, so it never reaches the intended recipient.
But a new trend has been discovered by the GreatHorn Threat Intelligence Team, where the use of not-safe-for-work content in email scams increased by nearly 1,000% over the past year. The main goal? Shocking the receiver into making hasty decisions.
Having an X-rated email pop up in your corporate inbox can have dire consequences, as well as a potential meeting with Human Resources. Acting fast to get rid of it, cybercriminals hope that you will click on one of the many malicious links.
Known as “dynamite phishing,” the purpose is to shock you into making the questionable email disappear quickly.
“It doesn’t always involve explicit material, but the goal is to put the user off balance, frightened — any excited emotional state — to decrease the brain’s ability to make rational decisions,” explains GreatHorn in a blog post.
What happens when clicked?
Spam emails should never be opened, and links should never be click on. In the case of this campaign, just opening the mail is enough to trigger a malicious response. Linked to infected URLs, the spam mails can:
- Automatically download malware onto your computer.
- Redirect the user to other spam websites like fake dating sites, where your financial data can be stolen.
- Install trackers to keep tabs on your browsing habits for later extortion.
Here’s an example of one of these malicious emails:
The installed trackers cause the most damage, as victims are blackmailed for clicking a link to X-rated material. After tracking the victim’s identity, cybercriminals will set up a second attack using proof they clicked the X-rated link for blackmail.
“User data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing or committing further frauds,” GreatHorn explains.
What you can do about it
Spam email clogs up the entire chain of communication, especially on a company’s network. A massive percentage of daily emails sent are spam, which creates a global problem. Unfortunately, nobody is immune to spam, but there are ways to minimize the impact.
- Avoid opening spam emails. This will alert the sender that the account is active and could lead to a phishing attack.
- Never click on links or open attachments from unsolicited emails.
- Make sure that your antivirus software is up to date with the latest version. Tap or click here for Kim’s choice of antivirus protection.
- If you do receive a suspicious email, mark it as spam and delete it immediately.