Australians are being hit with a new online scam that appears to be coming from their own email account, with more than 300 reports from the public just this week.
The Australian Cyber Security Centre put out an alert this week about the widespread scam, a new form of the common “sextortion” tactic.
The scam involves individuals receiving an email that appears to come from their own email account which threatens to reveal intimate photos of them unless they pay a fee, often in cryptocurrency.
“This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cybercriminal threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly,” the alert said
“The scam uses ‘spoofing’ to make the email look like it’s come from your own email address. Email spoofing occurs when email addresses are manipulated to come from a different source but display a legitimate address.
“This is a technique commonly used by cybercriminals to make their scam seem real.”
The Australian Cyber Security Centre, Office of the eSafety Commissioner and Scamwatch have received more than 300 reports from the public of the scam in this week alone.
The alert includes a number of tips and warnings for Australians.
It says that you should never give in to the demands of the scam email, and report it straight away to the Office of the eSafety Commissioner.
You should never give the scammer any money or images, and should cease contact immediately.
You should also immediately change the passwords for all of your online accounts, including your email address, and call 000 if you are fearful for your physical safety.
It’s likely that if a password was obtained and used as part of the scam it was because it was included in a previous breach, and the eSafety Commissioner advised Australians to check if they have been caught up in any using the haveibeenpwned.com platform.
It’s a new form of the common sextortion scam. A global version of the tactic emerged last year, where victims were told that camera in their device had been hacked and footage of them watching pornography or other compromising websites had been obtained, and this would be released if a ransom wasn't paid.
These scam emails often also included the current or former password of the account to add legitimacy.
Earlier this year, the eSafety Commissioner found that most victims of financial sextortion are men, after being threatened to leak sexually explicit images unless they pay a fee.
Its study found that nearly a third of all image-based abuse being reported involve the sextortion technique.
Another report earlier this year found that Australian businesses are also more likely to be vulnerable to email scams than their international counterparts, with phishing attacks on the rise.