Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional “video evidence.” A new French-language sextortion campaign is making the rounds, researchers warn. As noted by Sophos researchers in a Monday report, sextortion is one of the oldest tricks in the book, but its popularity has waned in recent years due to effective cybersecurity, law enforcement crackdowns and the rise of ransomware. This new campaign is one signal of what may be a resurgence, they said.
The new French-language attack entails a blind email blast, shown below, with unsubstantiated claims of video evidence and so on. It cites France’s legal penalties for watching illegal pornography, then tells the reader: “If you wish, you may reply to the address below to explain away your actions, so that we can evaluate your explanation and determine if charges should be brought. You have a strict deadline of 72 hours.”
