Here at Bitdefender we are keeping an eye on the upcoming Midterm Elections in the USA and are monitoring threat intelligence feeds in search of anomalies in malware, spam or social network activity.
This year’s mid-term elections are less than three weeks away, but hackers have already started capitalizing on unwary voters’ preferences in terms of passwords. Our sensors picked up a spam wave targeting republicans whose passwords have leaked in data breaches. A typical message shown below:
This type of attack is known across the industry as “sextortion” and attempts to trick the victim into thinking that hackers have video proof of them consuming pornographic content. For a fee, which is often payable in Bitcoin – hackers promise not to send the videos out to the victims’ contact list. In order to gain credibility, this campaign includes the user’s real password, which was likely included in a “database dump” up for sale on underground forums. Variations of the same message are sent from a spoofed e-mail address matching the recipient’s to make it look like it originated from the victim’s own “hijacked” account.
Bitdefender advises victims not to heed extortion messages under any circumstance and, if possible, to install a security solution with built-in spam filtering capabilities.