Sextortion Scam Spoofed from Hacked Email Accounts

NuMSP SupportSecurityLeave a Comment

Have you heard of this malware attack targeting small business email? Hackers compromise an organization’s email domain (i.e., “”), steal users’ data and use it for blackmail.

The sextortion twist? A scammer claims to have an incriminating video captured while the user visited a porn website. The scammer blackmails the victim by threatening to send the video to all the victim’s email contacts unless a ransom is paid in cryptocurrency.

This recently observed attack differs from past forays. Now, spammers send the threat in an email message appearing to originate from the victim’s business email subdomain.

Below, we show how to protect your business from these attacks.

The Previous Sextortion Scam

Previously, similar hacks mined user passwords stolen from a porn site data breach. With this info, scammers notified the victim of their intent to bare compromising data about visits to the porn site unless a ransom was paid. The threat included an email subject title with the victim’s email address and a demand for payment. For example, “ – 48 Hours to Pay.”

The email claims to originate from a global hacker group who had infiltrated all the porn site’s accounts. Included was a password from the compromised account. The email also asserted that the hacker group had infected all the victim’s devices with viruses and had hacked into the victim’s email messages and social media accounts.

Unless the ransom was paid, the hacker would forward evidence of porn visits to every contact found on the victim’s devices. Needless to say, many victims paid the hacker’s demand.

If Your Business Receives a Similar Email, Don’t Panic!

It’s a scam; the email can be disregarded and deleted. For peace of mind, do anti-virus (AV) scans on all business devices to check for the presence of any malware. Scams like these are often the result of a hacked porn domain.

But your organization doesn’t have to be a victim. Do the following to safeguard your business Internet domain and prevent spoofing porn site email.

Establish Domain Name System (DNS) Records

Likely, your business’ DNS server has subdomains. For example, “” has a home page, perhaps a product page, an “about us” page, etc. One of these subdomains is for emails.

Validate email traffic with DNS records. Below are three of the most widely used email authentication protocols. Zero1zero recommends utilizing DMARC with either SPF or DKIM.

  • Sender Policy Framework (SPF)
    This method allows recipients to verify senders of incoming emails. When an SPF record is created, designated mail servers are authorized to send emails originating from your domain name.
  • DomainKeys Identified Mail (DKIM)
    Another application layer that identifies email spoofing, it uses two encryption keys (public and private). By matching the keys, emails are verified.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)
    This method must be used in conjunction with either SPF or DKIM. It instructs the receiver on what to do if a message originating from your domain is not duly authenticated.

All these protocols need specific DNS records created for your organization’s email subdomain.

Don’t be exploited by hackers looking to “shakedown” your business. Trust Zero1zero, a premier managed service provider, to assess your organization’s vulnerabilities and establish cybersecurity precautions to protect the integrity of your business networks.

Start A Conversation

Leave a Reply

Your email address will not be published.