As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails.
Last week we reported how cybercriminals are using photographs of targets’ homes in order to scare them into paying money. Now they’re throwing in the name of targets’ partners, telling the receiver that their partner is cheating on them.
The general outline of the scammy email looks like this:
“Hi (target’s name],
[Partner’s name] is cheating on you. Here is proof.
As a company engaged in cyber security we’ve found information related to [partner’s name] that might interest you.
We made a full backup of [his/her] disk. (We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. For more details visit our website.”
For some people, the links in the mail lead to a site where you can “buy the data” for around $2500 in Bitcoin. Others report they were sent to a site that presented them with a login screen.
But where did the scammers get the partner’s name from?
Based on speculation among Reddit users, BleepingComputer contacted a wedding planning site called The Knot, which was listed as a possible source, but received no reply. Looking at our data, we can confirm that 3,677 users of The Knot have had their login credentials compromised at some point in time, but not all at once, so The Knot is not necessarily the source of the data.
There are many other ways that scammers can dig through or combine breached data to find out who your partner is and compose such a personalized email, or they could spend a small amount of time on social media to find out relatively quickly.
Regardless of where the scammers got the information, please don’t let this type of email ruin your relationship or even one minute of your day. Send the emails straight to the trash.
How to react to your partner “is cheating on you” emails
First and foremost, never reply to emails of this kind. That tells the sender that someone is reading the emails sent to that address, and will lead to them trying other ways to defraud you.
If the email includes a password, make sure you are not using it any more on any account. If you are, change it as soon as possible.
If you are having trouble remembering all your passwords, have a look at a password manager.
Don’t let yourself get rushed into doing something. Scammers rely on time pressure that leads to people making quick decisions.
Do not open unsolicited attachments. Especially when the sender address is suspicious, or even appears to be your own.
Check your digital footprint
If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.