Sextortion highlighted in Cofense report

Report reveals weaknesses in secure e-mail gateways and illustrates imperative role of human intelligence in phishing defence.

Johannesburg, 25 Jun 2019
Read time 3min 50sec

“Your device has been compromised with malware. We’ve stolen passwords or other personal data. We’ve been watching you and have Web cam footage from visits to dubious sites. Pay up in Bitcoin or another cryptocurrency and your secret is safe.”

These arresting words appear on page 10 of the recently released Cofense report, Phishing Threat and Malware Review 2019[1], amid a section of the report outlining the top four most common types of e-mail phishing threats. The chances are, though, that if you have an e-mail address, you have already seen a similar version of this in your own mailbox, and it was more than likely personally addressed to you.

Cofense notes that sextortion e-mails often include usernames, passwords and other personal information, which cybercriminals have gleaned from legitimate sites or the Dark Web to make the e-mails look credible[2]. Over 2018 and this year, South Africans were not exempt from the sweeping global trend of "sextortion" by cybercriminals. For most people, it is disconcerting, to say the least, to receive such an e-mail.

Cofense says that sextortion, which is the practice of extorting money or sexual favours from someone by threatening to reveal evidence of their sexual activity, "pushes two buttons, fear and urgency, that cause people to act before they think…[3]". And this makes the practice of sextortion via e-mail one of the top four types of phishing threats getting through to people’s mailboxes. The other three outlined in the report are credential phishing, business e-mail compromise, and bomb threats[4].

Cofense says that although e-mail filtering catches many sextortion phishing e-mails, many are still getting through to people’s mailboxes. Also, cybercriminals are no longer using only text-based e-mails, but other methods too. These include Base64 encoded HTML message content; body text as embedded images rather than plain text, to minimise the risk of content scanning; and the use of an embedded QR code image for the Bitcoin address. Cofense also believes that automation is being used to prepare and deliver such sextortion campaigns[5].

“This just shows how phishing threat actors continue to evolve their campaigns in an increasingly sophisticated and effective manner,” comments Stefan van de Giessen, general manager: cybersecurity at value-added distributor Networks Unlimited Africa, a distribution partner with Cofense in sub-Saharan Africa.

“This latest Cofense report reveals how threat actors have an ever-growing repertoire of tactics and techniques, allowing them to breach the perimeter controls to users’ inboxes and deliver malware into a network system, or extort money from individuals. The report, which featured data from 1 400 customers in 50 countries, found that between October 2018 and March 2019, over 31 000 malicious e-mails were reported by end-users after delivery to the inbox, and of these, 90% were found in environments running one or more secure e-mail gateways (SEGs).”

The 2019 report showed that threat actors are innovating relentlessly, including using public, open-source tools to evade detection, as well as genuine Office 365 accounts to harvest credentials and increase their chances of reaching the victims’ inboxes and deliver malware[6].

Additionally, it revealed that SEGs play a role in phishing defence, but are not infallible. The report shows that SharePoint, OneDrive and ShareFile have been abused by threat actors to enable malware to slip through an SEG’s defences[7].

“As Cofense outlines in this report, human intelligence is vital to phishing defences. It is absolutely critical to educate users through a phishing awareness programme, and this should include a focus on threats that are using the latest tactics, techniques and procedures (TTPs). This allows employers to make employees their best defence against phishing, rather than being the weakest link, even in the alarming face of a sextortion attempt,” concludes Van de Giessen.

To learn more about Cofense’s phishing incident solutions, please visit:




[4] (pages 8 to 11 of report)

[5] Cofense all rights reserved

[6] Cofense all rights reserved

[7] Cofense all rights reserved

To download the Cofense Phishing Threat and Malware Review 2019, please visit:


Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defence solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organisation-wide engagement to active email threats. Our collective defence suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organisations in defence, energy, financial services, healthcare and manufacturing sectors that understand how changing user behaviour will improve security, aid incident response and reduce the risk of compromise. To learn more, visit

Networks Unlimited Africa

Networks Unlimited Africa is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, NETSCOUT ARBOR, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, Wi-Fi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited Africa has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.

Editorial contacts
Vivienne Fouche (+27) 082 602 1635
David Wilson (+27) 011 202 8400