Cofense Email Security

Cofense Labs Shares Research on Massive Sextortion Campaign

Are you one in two hundred (or so) million?  

Today, CofenseTM announced the launch of Cofense Labs. Our experts are sharing the details of some deep research into the inner workings of a large-scale sextortion campaign that to date has over 200m recipients in its sights – and you might be one of them.  

What’s Sextortion? 

You may be lucky enough to have not encountered the threatening narrative of a sextortion email. If so, the threat actor’s M.O. is typically this: 

Send an email in which they claim to have installed malware on your system and have a record of your browsing history to some websites of an adult nature, and also footage from your webcam. If you don’t pay the stated ransom in bitcoin, they will release the footage to your family, friends, and co-workers. To add credibility to their threats, they include passwords hoovered up from data breaches of old that they have found littering the web.  

Show me the money! 

Find Out If Your Business Is at Risk 

During the research into this campaign, Cofense Labs identified over 200m recipients on the target list. Over 7.8m sextortion emails have been analysed and bitcoin payments have been tracked. In this single campaign, over 17,000 bitcoin wallets were identified, with 1,265 payments being made across 321 of them, with one payment = one victim. At the time of analysis, these payments were worth over $1.8m.   

We have made it possible for you to check whether your email address, or email domain, is on the list. Just visit to perform the lookup and download an infographic and educational guide regarding sextortion campaigns and how to defend against them. 

Why Cofense Labs? 

Knowing is everything, and to be able to effectively defend against the fast-evolving phishing threat landscape, you’ve got to have a deep understanding of it. Cofense Labs allows us to share the results and the output of the pioneering research that our R&D team undertakes to provide this knowledge. By sharing what we know, we can hopefully enable organizations of all sizes to collaborate and protect their most precious assets against the latest phishing threats. 

If you’re at Black Hat in Las Vegas this week, come and see us at Booth 938 in the Shoreline Business Hall. You can meet members of the Cofense Labs team, and see whether your email address or domain is on the target list. 


Reports of sextortion and other ransom scams to the Cofense Phishing Defense CenterTM are increasing. Condition users to be resilient to evolving phishing attacks with Cofense PhishMeTM and remove the blind spot with Cofense ReporterTM. 

Quickly turn userreported emails into actionable intelligence with Cofense TriageTM. Reduce exposure time by rapidly quarantining threats with Cofense VisionTM. 

Attackers do their research. Every SaaS platform you use is an opportunity for attackers to exploit it. Understand what SaaS applications are configured for your domains – do YOUR research with Cofense CloudSeekerTM. 

Thanks to our unique perspective, no one knows more about REAL phishing threats than Cofense. To understand them better, read the 2019 Phishing Threat & Malware Review. 


All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.  

Share This Article


We use our own and third-party cookies to enhance your experience. Read more about our cookie policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.