Sextortion scams are scary. The scammer contacts the victim, claiming to have gotten access to their computer and captured video footage of their target partaking in some private and decidedly adult activities, as well as the content that was onscreen at the time. The threat: pay up, or I send the footage to all of your contacts.
Lately, however, hackers have added another layer of “proof” to these claims, now referring to victims by name and including pictures of their homes. Let’s walk through what one of these scams looks like and what you should do if one appears in your inbox.
How Sextortion Scams Work
Sextortion scams are more or less a cybercriminal’s semi-targeted efforts, based on the assumption that…
- Most people access sexually explicit materials and content on the Internet, and
- Most people want to keep how they utilize these materials extremely private.
So, someone reaches out to Joe Schmoe claiming that they had hacked into his computer and not only saw what he had spent his time browsing but also had video footage of what he did with that content and was prepared to send it to everyone on his contact list.
Put yourself in Joe’s shoes. If he had done that before, this threat could seem credible. Just imagine how Joe would feel, thinking a message featuring him in a very private situation would be sent to his entire contacts list. His boss, his parents, his friends, coworkers, and—shudder to think—anyone underage whose contact information he had, like a niece or nephew.
Suddenly, paying to prevent the spread of this footage doesn’t seem like such a bad option, does it? It is, but it may not look that way from where Joe’s sitting.
Sextortion Often Comes with “Proof”
Of course, many people nowadays are aware that scams happen (not nearly enough, but many). To help counter this, scammers will make their message more believable by including private data about you. Historically, this was often a password of theirs that the scammer had farmed from a data breach.
However, scammers have been upping the ante lately, including pictures of their targets’ homes and referencing their addresses in their messaging.
Now, Joe Schmoe has even more reason to believe the message. After all, a picture of his split-level ranch is included, and he does live at 123 Mulberry Boulevard.
Of Course, an Address is Just Another Form of Private Data
Here’s the thing: in every data breach, an attacker can steal various data types. Usernames, passwords, and email addresses are often the first to come to mind, but many businesses collect and store other details, too—like a physical address.
From there, the scammer can simply enter that address into a search bar and find at least a few images of the property. With some relatively simple automation, this scam can be pulled at scale, making it more likely that a target will take the bait.
Sextortion is a Considerable Threat… Especially to Young People
Unfortunately, sextortion has been getting some attention as of late, as these scams have increasingly targeted minors… in some cases, with fatal outcomes as those targeted don’t see a way out of their situation. There was a 20% increase in sextortion attacks against minors between October 2022 and March 2023 as compared to the same period a year prior.
This is only exacerbated by the fact that these scams can be conducted through many different platforms. Cell phones, gaming consoles, and tablets are connected devices… which can be used to share these threats and are very common among young people.
As a silver lining, the US Department of Justice recently indicted four men from Delaware who allegedly attempted to extort almost $7 million from victims around the world, successfully bringing in $1.9 million via payment applications. Their charges—conspiracy to commit cyberstalking, conspiracy to send interstate threats, conspiracy to engage in money laundering, money laundering, and wire fraud—could bring each of them 20 years in prison should they be found guilty.
How to Avoid or Deal with a Sextortion Scam
The Better Business Bureau provides the following advice to help avoid falling victim to this kind of scam:
- When speaking to someone online, search their name to see if it’s reported to have been used in a prior scam or if it’s the name of a famous person. Read our tips on romance scams to learn more about safe online dating.
- Never send compromising images of yourself to anyone, no matter who they are—or who they say they are.
- Seek out legal counsel if you fall victim to one of these scams.
- Search the web or BBB Scam Tracker for one or two sentences from the email to confirm it is actually spam.
- No matter what the email threatens, do not respond and delete the email.
- Do not open attachments or click links in emails from people you do not know. Doing so leaves you vulnerable to identity theft and malware.
- Never send money or buy a gift card, or do anything to comply with the demands in the email.
- Do a security check on your computer and install security software.
- Enable two-factor authentication on your important accounts.
- Change passwords often, and consider getting a password manager to ensure your passwords are strong and unique.
- Cover your webcam when not in use to give you peace of mind.
- Check to see if your email was compromised in a security breach and change passwords as necessary.
The Have I Been Pwned website is a helpful resource for identifying if your email is part of a data breach. If you are targeted, report the scam to the FBI and the BBB.
Security is Critical in the Business and the Home
We can help you keep the former safe. Give us a call at 610-854-1060 to learn more about our services.