X-rated phishing attacks just keep growing

New data from GreatHorn finds hackers increasingly using explicit material to get victims to click on malware

X-rated phishing attacks just keep growing

Hackers are increasingly using adult material in phishing attacks to lure unsuspecting victims into clicking on links to download malware, according to new research.

In a blog post by security researchers at GreatHorn, it was found that between May 2020 and April 2021, the number of such attacks increased by 974%. Researchers said that these attacks reach across a broad spectrum of industries and appear to target based on male-sounding usernames in company email addresses.

Attackers use these X-rated phishing emails as a runup to blackmail. In these attacks, cybercriminals are tracking the identity of victims who click on their sites by using a technique called an email pass-through. The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address. 

"Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage. Individuals who clicked on links to compromising material could be targeted in the second attack to extort the individual," said researchers.

Researchers highlighted two campaigns where this tactic is used.

In the first one, hackers claim to be a woman that wants to meet the victim. Clicking on the link in the email takes the victim to a website with photos, this site is classified as Malicious by Google Safe Browsing. This then directs the victim to a second site, which looks like a dating website.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastDownload now

"It is likely a fake site designed to hook users into providing payment information. User data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing, or committing further frauds," said researchers.

In the second example, a link in the phishing email sends the victim to a website with X-rated images. Victims are asked to confirm a Zip code to find individuals in their area. This website also tries to make victims provide payment information.

"User data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing, or committing further frauds," said researchers.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021