Election Security

Bitdefender Detects Attempt to Spam-Trick Political Figures in Sextortion Scam

Here at Bitdefender we are keeping an eye on the upcoming Midterm Elections in the USA and are monitoring threat intelligence feeds in search of anomalies in malware, spam or social network activity.

This year’s mid-term elections are less than three weeks away, but hackers have already started capitalizing on unwary voters’ preferences in terms of passwords. Our sensors picked up a spam wave targeting republicans whose passwords have leaked in data breaches. A typical message shown below:

This type of attack is known across the industry as “sextortion” and attempts to trick the victim into thinking that hackers have video proof of them consuming pornographic content. For a fee, which is often payable in Bitcoin – hackers promise not to send the videos out to the victims’ contact list. In order to gain credibility, this campaign includes the user’s real password, which was likely included in a “database dump” up for sale on underground forums. Variations of the same message are sent from a spoofed e-mail address matching the recipient’s to make it look like it originated from the victim’s own “hijacked” account.

Bitdefender advises victims not to heed extortion messages under any circumstance and, if possible, to install a security solution with built-in spam filtering capabilities.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.