The New Trick to Bypass Your Spam Filter
Quick Answer
Sextortion spammers are evading basic spam filters with two specific tricks reported by Bleeping Computer. (1) Foreign-language message bodies that don't trigger keyword rules tuned for English ("sex," "webcam," "bitcoin"). (2) Splitting the bitcoin payment address across two parts of the email so simple regex matches fail to detect it. Together they push messages past consumer-grade filters and into inboxes where the threat ("pay or we expose you") relies on shock value to coerce payment. The claims are bluffs: no malware on your machine, no recordings, no leverage. Don't pay, don't reply, mark as spam. For organizations: enterprise-grade spam filtering with content rules that look for ransom patterns regardless of language and obfuscation, plus malicious attachment blocking, allow and block lists, custom rules, and Smart Quarantine, keeps these messages out of inboxes entirely.
Most spam is annoying, but harmless. Unless of course it’s the basis of a sextortion scam. If you’re not familiar, sextortion is a form of sexual exploitation that employs non-physical forms of coercion to extort money or sexual favors from the victim. For instance, if someone threatens that they can blame you for child pornography and will do so unless you pay them a ransom, that’s a form of sextortion.
Just the threat of such a divulgence could get some unsuspecting victims to pay up. That’s why spammers try so hard to get sextortion spam in your inbox. Fortunately, most spam filters are pretty good and run-of-the-mill spam is not likely to get through, especially if it’s a sextortion email. Unfortunately, scammers never stop evolving and have just come up with a new trick to bypass most spam filters with a sextortion email.
According to Bleeping Computer, “To bypass these filters, attackers have started to utilize new tactics such as sending sextortion emails in foreign languages and splitting bitcoin addresses into two parts.” Spam filters know to look for the telltale signs of spam like the word “sex” or a bitcoin address in an email. “Adding these two tactics make it more difficult for the recipient to understand what they are receiving.” And more difficult for spam filters to filter it out. Pretty clever.
So, what should you do if you receive one of these sextortion spam emails? For starters, don’t pay it! According to the article, “The scammers did not hack your computer, install malware that records you while on adult sites, and you should not send any payments to the enclosed bitcoin address.”
Of course, the best case scenario is to keep “clever” spam like that out of your inbox in the first place. That’s not always possible with an off-the-shelf consumer-grade spam filter. To be able to block sophisticated spam like this requires true enterprise-grade spam filtering like that available from DuoCircle.
Cloud-based spam filtering from Duocircle includes malicious attachment blocking, whitelisting/blacklisting, custom filtering rules and Smart Quarantine. In short, everything you need to stay safe from whatever the spammers come up with next.
Try spam filtering from DuoCircle. There are no per user fees, no per message fees, no message overage fees and it comes with a 30 day money-back guarantee. Stay safe with DuoCircle.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.