Sextortion plot uses public breach data to trick victims into thinking they were hacked

A pair of new research reports are providing details on an ongoing “sextortion” scam in which malicious actors use publicly available lists of breached email addresses and passwords to contact victims and then blackmail them with false claims that they were caught viewing pornographic materials.

Researchers have identified at least two distinct campaigns involving these scam emails, which all include “From:” headers featuring a variation on the name Aaron Smith. Collectively, the operation has already amassed extortion payments of at least 23.3653711 bitcoins, according to Cisco Systems’ Talos Security Intelligence & Research Group, whose technical leader Jaeson Schultz authored one of the two blog post reports. Using Oct. 31 conversion rates, that’s worth roughly $147,000.

Read full article on SC Magazine’s Website