A novel attempt to convince people to open malicious email attachments is spreading online, purporting to offer nude photos of a friend’s girlfriend.
Instead of threatening to distribute stolen private images, this new attempt claims to have already “sextorted” the recipient’s friend, who refused to pay.
It tells them it is now emailing nude photos to every contact of the supposed victim – and to check the attachment.
Researchers said the “new take on sextortion is quite remarkable”.
Recipients who click on the attachment open a Word document with a blurred image that hints at possibly sexual content – and instructions on how to “enable content”.
Doing so downloads a malicious application – an approach Prof Alan Woodward, from the University of Surrey, said was “a classic”.
“The interesting thing about scammers is that they use the same psychology simply repackaged for most new scams,” he said.
Usually, hackers who prey on people using sexual images claim to have gathered them by secretly accessing a webcam or the user’s saved images.
They demand payment, threatening to spread the compromising images to friends and family.
“We have found images of his naked girlfriend and demanded $500 for them,” the email reads.
“Regrettably, he has not paid… you will find these pix attached to this message.”
IBM X-Force Threat Intelligence said: “If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually targeted,”
The attack works by encouraging users to ignore the security warning from Microsoft Office applications and click the “enable content” button.
If a user does click the “enable content” button, a piece of malware known as Racoon is downloaded and attempts to steal large amounts of data from dozens of apps, including web browsers and email clients.
This attack was, the IBM researchers said, similar to an earlier one that asked users to enable permissions to sign a digital document.
Another new version of the same attack claims the recipient is being sued in court and must reply in a limited amount of time.
“I’m afraid scammers and hackers are all ways adapting,” Prof Woodward said.
“Sadly it works. And, when we educate people about this ruse, the scammers and hackers will adapt again.
“I regularly receive emails, for example, with old passwords that have been breached in some data breach… and [they] then go on to say, ‘We have compromising material,’ or sometimes, appealing to a different frailty, they say they have material on a friend.”