Sextortion is an emerging online scam in which an attacker attempts to extort money or get victims to do something against their will by threatening to release embarrassing, personal images or their most intimate moments to their contacts, friends, and family.

In reality, the attacker doesn’t actually own any recordings and just uses social engineering techniques to try to scare and shame the potential victim into paying.

They usually come in the form of emails, which are not only dangerous and unsettling but can have serious real-world consequences. Tragically, Sextortion email scams have even led victims to suicide, including a case involving five separate men in the UK and one in the United States. These are just a few of these types of cases.

Overall, extortion by email is growing significantly, according to the FBI’s Internet Crime Complaint Center (IC3). Last year, these complaints rose 242% to 51,146 reported crimes, with total losses of $83 million.

“The majority of extortion complaints received in 2018 were part of a sextortion campaign in which victims received an email threatening to send a pornographic video of them or other compromising information to family, friends, coworkers or social network contacts if a ransom was not paid,” according to the FBI

An Infographic based on a Brookings study reported that most adult victims of sextortion are female. However, it also defined sextortion as using personal information to force victims to engage in sexual activity and does not appear to include extortion for money.

READ
Russian Hackers Target WhatsApp Accounts in New Spear-Phishing Campaign

Methods Of Sextortion

Sextortion can happen through a variety of methods, but here are a few general scenarios:

Phishing

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

Social Media

Many sextortion scams start with seemingly harmless encounters over social media or dating sites. Eventually, the perpetrator will coerce the victim into sending explicit images, getting naked on camera, or performing sexual acts while on camera. The resulting images and videos can then be held to ransom.

Hacked Accounts

If you’ve ever sent explicit images or videos via social media or a chat app, or have them stored on one of those platforms, someone could get their hands on them by hacking into your account. They could also use your account to share the images with friends, family members, and colleagues if you don’t comply with demands.

Hacked Webcams

Some of the most creepy cases of sextortion involve malware being downloaded onto the victim’s device. Once there, it can allow a hacker to take control of cameras and microphones, and install keyloggers. This means someone could monitor your every move (in the vicinity of your computer). And through keyloggers, they can discover the credentials for all of your accounts. This might sound far-fetched, but it happens more often than you might think.

READ
U.S. Sanctions North Korean IT Networks Funding Weapons Programs

Recognizing Sextortion Scams

A sextortion email often begins with a subject line like “your password is…” followed by one of your passwords that the attacker has gained from a data breach. The email will then claim to have the ability to remotely control your computer or distribute sexually explicit or personal images to your friends and contacts. Finally, the email will demand some type of action such as making a payment (often in Bitcoin) or clicking on a link.

Common characteristics of sextortion emails:

  • Misspelled or poorly written text
  • Evidence of a threat such as revealing a secret password, some data about one of your accounts or the name of a friend or associate
  • A claim to have installed malware such as a Remote Access Trojan (RAT) that can take control over your computer or email account

How to Protect Yourself From Sextortion

Do not pay the ramsom! Most sextortion attacks are scams in which the attacker cannot carry out their threat. Attackers are counting on you to act out of fear. Instead, immediately change the password of your email account and any other accounts that you think may have been compromised.

Next, you should take the following basic measures to stay protected:

  1. Do not pay the demanded ransomware.
  2. Periodically check if your email addresses have been involved in a data breach using a site such as haveibeenpwned.com.
  3. Create complex passwords that are different for each of your accounts to make it more difficult for hackers to guess your passwords based on your email address. A password manager can make this easier to manage.
  4. Make sure all your emails and data are backed up. An email protection solution like Barracuda Essentials can automate this.
  5. Turn off your webcam or install a camera cover on your computer to ensure the camera is not enabled without your knowledge and permission.
READ
FTC Orders GoDaddy to Strengthen Security Measures After Multiple Breaches

If you receive an email and it worries you, you can report it to the FBI’s IC3.