cyber sextortion

Cyber Sextortion: an age-old scam with a digital twist

As much as we hope technology has produced a net positive for society, we are all too aware of myriad indicators disabusing us of that assumption. After all, we are human and as such we can fall prey to ingrained instinctive reactions. Sadly, lurking in the shadows are opportunistic and often sick cyber criminal elements waiting to exploit our weaknesses and fears.

A rather humiliating and horrifying way sociopath-like individuals are breaching societal trust on the Internet is through cyber sextortion. This lowly scam preys on fears that someone has recorded them changing while the desktop camera was on or perhaps while watching porn online (tapping into a deeper fear of being watched). Whilst it is a touchy subject, Interfor has been consulted by some victims of this scheme, so the team felt it should go over what the scam looks like and how to protect yourself against this threat.

What is Sextortion?

This cruel form of extortion is about as pernicious and sadly du jour a scam as one can imagine presently. Scammers find passwords (usually old ones) that were likely released in countless recent headline-dominating data breaches. Scammers email unsuspecting victims stating that their laptop, desktop, or tablet cameras have been hacked and the scammers have footage of the victim watching porn or engaging in other potentially embarrassing behavior.

This threat is so horrifying as it taps into deep personal vulnerabilities; shame, sex, and public humiliation. The hackers then proceed to demand Bitcoins (between $1,000–2,000) be sent within 24 hours to an online account or they will release the footage on the Internet or share it with the target’s contacts, which they purport to have. Receiving an email like this can be truly frightening, but the reality is that they are usually automated; many victims are not targeted specifically by name.

We recently saw this happen first hand with a client in the energy sector, after scammers targeted a prominent executive. After consultation with Interfor we guided the sextortion target on what to do (and not do), sparing financial losses and potential embarrassment. Below are steps to take if you happen to receive a mysterious email in your inbox with a threatening subject line.

How to protect yourself from Sextortion scams

One telltale sign of this generic scam is the lack of specific information. Generally, the only personal information the email contains is your email address and the password, which is an indicator that this data was purchased on the dark web and sent via an email blast into the void in hopes of reeling in some frightened fish. These emails include a list of menacing instructions and warnings intended to incite panic and knee-jerk reactions. In Interfor’s recent case, another hint of a scattershot approach was the ransom demanded was conspicuously small considering the high profile of the client and presumed deep pockets if the target was actually known to the criminal.

We cannot state often enough the importance of regularly changing your passwords. That small act alone can mitigate significant amounts of grief. First, never pay the ransom (especially in Bitcoin) and do not respond to the scammer’s email. You’ll need to change all your passwords ASAP and see if other passwords have been compromised. In general, guidelines on keeping your data safe are to avoid opening attachments from strangers and to remain on the lookout for spoofed emails as they’re becoming more regular (several clients in the past two weeks have avoided falling victim to these schemes simply through greater vigilance).

Importantly, you are not a teenager with poor judgement anymore, so please do not send compromising pics of yourself to anyone. We trust this advice is not news. Emulate Mark Zuckerberg and put a piece of tape over your computer’s camera. The founder of Facebook probably knows something that you do not. In general, we are all guilty of being too casual with our passwords and information, such as using the same password for every login portal. Ultimately, this type of scam is the blow-back from massive data breaches which we thought could never cause us direct harm.

Sextortion is an old form of extortion with a digital twist. It preys on insecurities in the worst possible way. Public shaming by what could be our deepest hidden behaviors is not a pleasant feeling for anyone but sextortion help is available. Please save the tips above and protect yourself. If the need arises for a professional look into a matter of extortion, remember Interfor’s team is always available.

If you enjoyed this article please sign up to receive the Interfor Dispatch right to your inbox here.