Perhaps you've been targeted. Perhaps you've gotten that anonymous email describing how your computer has been hacked and how the attacker has complete access to your computer, including the internet browser and webcam. The scammer claims to have recorded visits to porn sites and has video recordings of you "using" porn site. Unless you pay, the scammer will send those incriminating and embarrassing video recordings your friends and family, because of course they have access to your contact list. The scammer accepts Bitcoin, thank you, because it's hard to trace, and the sum is typically around $1500 - low enough that many people will pay it without hesitation.
For some perspective, it's estimated that over 14 billion records have been breached since 2013. This treasure trove of personal information, now easily available to sextortion scammers, allows for levels of personalization which help make sextortion threats seem incredibly authentic. And frankly. sextortion is a scary: Someone has access to your webcam and has been watching everything you've been doing...
In the vast majority of cases, the sextrotion threat is empty, but the level of personalization and detail in the threat has reached an entirely new level. If the scammer brings up information like email like phone numbers, addresses, old passwords, Social Security Numbers, or a portion of a personal contact list, the fear and plausibility generated is enough to prompt many people to pay the ransom and not risk any personal or professional embarrassment.
Sextortion scams are typically executed on mass scales. Thousands, sometimes millions of people are targeted. The success rates tend to vary based on the amount of personal information available from the previously stolen/breached records used. As an example, a sextortion scammer would have a goldmine of information from the Ashley Madison breach in 2015, which saw over 300 GB of very personal data stolen, including users' real names, banking data, credit card transactions and even secret sexual fantasies. Not only was it a massive list of individuals who were actively seeking to secretly engage in infidelity, but the intimacy of the information makes the scam seem that more personal.
3 Tips to Help Spot a Sextortion Scam
Most sextortion scams are toothless threats. Here are three indicators that you've nothing to worry about:
- While the scam email will likely contain some type(s) of personal information, there are no details of the site(s) which were allegedly visited.
- The scammer does not include any actual example of the embarrassing “evidence” they claim to possess (if they had it, they most assuredly would use it to close the deal, and probably charge a much heftier premium).
- Urgent requests for payment are usually an indicator the scam was executed on a large scale, increasing the chances of an investigations being launched, so they want to close up shop and disappear as quickly as possible.
11 Ways to Protect Yourself
For all the fear and anxiety caused by a sextortion scam, they are relatively unsophisticated. We've compiled a list of things you can do to protect yourself.
- Copy a string of text out of the scam email and paste it into Google and do a quick search. The results might show you if others have encountered the same scam.
- Never send compromising pictures/video of yourself to anyone. There is always a chance it could be intercepted, become a casualty of a hack to your device or the recipient’s, and sometimes relationships can just go bad, leaving someone you are no longer friendly with or trusting of, who has the ability to compromise you on the most intimate level.
- Do not respond to the email at all, if fact, promptly delete it.
- Never open unsolicited attachments or click links in emails from people you don’t know. Opening an attachment could download malware exposing you to various cyber attacks, and clicking on a link could send you to a malicious site designed to deliver malware or trick you into supplying your personal access credentials.
- Always have current and updated antivirus/anti-malware software active on your computer system or mobile device.
- Use strong passwords (at least 10 characters, the more the better), a mixture of both uppercase and lowercase letters, a mixture of letters and numbers, and at least one special character (e.g., ! @ & $ % # ?) and change them often. You may want to consider getting a password manager to make it easier to use/remember strong and unique passwords.
- Enable two-factor or multifactor authentication whenever possible on your personal accounts.
- Never send money (or gift cards, or Bitcoins, or wire transfers, or currency in any form) to the scammer.
- Consider disconnecting your webcam when not in use, or covering the lens with an opaque cover. Band-aids for small cuts neatly cover the lens of the camera on laptop computers without leaving residue or interfering with opening or closing the device. Better safe than sorry.
- Beware surfing “free” pornography sites, especially from links received in unsolicited emails. Some are designed to deliver malware and/or track your sessions, potentially giving an attacker real information to use against you for blackmail.
- Check if your email has been compromised in a prior data breach. You can click here [https://haveibeenpwned.com/] for a popular site where you can check.
If you think you are the victim of a sextortion scam, you can report it on the BBB Scam Tracker at https://www.bbb.org/scamtracker/us/.
If you think the situation is serious and you need professional help, feel free to contact GDF. We've had experience mitigating many kinds of personal cyber attacks, and we have a process which is effective and discrete.