Sextortion emails have been around for about two years now and it’s surprising that they still trickle in every day. We’ve seen many iterations of sextortion spam, as well as versions which change the context to that of tax evasion and even bomb threats!

There is research that indicates sextortion spammers are no longer finding much profit. Since their methods have remained fairly static while content filters continue to improve, sextortion rarely lands in inboxes.

To bypass spam filters these spammers started emailing just an image containing the extortion message. However, one issue they ran into was that bitcoin wallet addresses are very precise, coupled with the fact that you can’t copy/paste text from an image. To solve this they changed the spam to have an image as well as the bitcoin wallet address in plain text. Of course, filters can see weird messages that contain just an image with a bitcoin wallet address…

To maintain the evasiveness of just image emails, the iteration we are now seeing utilizes a QR code in place of the bitcoin wallet address.

Most of the sextortion we see come from freemail sources, as well as particular hosting providers. Hopefully, either the source cracks down on it in the near future, or it finally becomes no longer profitable to spammers.