INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
The attack works by tempting users with a blurred image and asking them to
"enable content"
A novel attempt to convince people to open malicious email attachments is spreading online, purporting to
offer nude photos of a friend's girlfriend.Instead of threatening to distribute stolen private images, this new attempt claims to have
already "sextorted" the recipient's friend, who refused to pay.It tells them it is now emailing nude photos to every contact of the
supposed victim - and to check the attachment.Researchers said the "new take on sextortion is quite remarkable".Recipients who click on the
attachment open a Word document with a blurred image that hints at possibly sexual content - and instructions on how to "enable
content".Doing so downloads a malicious application - an approach Prof Alan Woodward, from the University of Surrey, said was "a
classic"."The interesting thing about scammers is that they use the same psychology simply repackaged for most new scams," he said.Usually,
hackers who prey on people using sexual images claim to have gathered them by secretly accessing a webcam or the user's saved images
They demand payment, threatening to spread the compromising images to friends and family."We have found images of his naked girlfriend and
demanded $500 for them," the email reads."Regrettably, he has not paid you will find these pix attached to this message."Media playback is
unsupported on your deviceMedia captionOnline blackmail victim Clare says others should always seek helpIBM X-Force Threat Intelligence
said: "If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually
targeted,"The attack works by encouraging users to ignore the security warning from Microsoft Office applications and click the "enable
content" button.If a user does click the "enable content" button, a piece of malware known as Racoon is downloaded and attempts to steal
large amounts of data from dozens of apps, including web browsers and email clients.This attack was, the IBM researchers said, similar to an
earlier one that asked users to enable permissions to sign a digital document.Another new version of the same attack claims the recipient is
being sued in court and must reply in a limited amount of time
"I'm afraid scammers and hackers are all ways adapting," Prof Woodward said
And, when we educate people about this ruse, the scammers and hackers will adapt again."I regularly receive emails, for example, with old
passwords that have been breached in some data breach and [they] then go on to say, 'We have compromising material,' or sometimes, appealing
to a different frailty, they say they have material on a friend."
