Rest assured: sexual extortion is usually a bluff
“Your money or the images go online!” That sentence sounds like many internet users’ worst nightmare, and it conceals a very serious crime. Sexual extortion or sextortion is a lucrative method that requires little effort from an extortionist. It comes down to someone claiming to have intimate images of you in their possession. That someone threatens to make them public if you don’t come up with the money. If such images of you even actually exist, it’s best to file a police report. However, you can usually be quite sure that the blackmailer is bluffing. In that case, it is not sextortion, but a sextortion scam. Let’s explain the mechanisms behind it and what to do when you encounter it.
What is a sextortion scam?
When you’re the victim of a sextortion scam, you’ll receive a message in which an extortionist claims to have hacked into your computer. As a result of that break-in, he allegedly managed to take pictures or recordings while you were watching pornography online. To convince you completely, the message should include an account name or a password that you use (or have used). If you want to avoid spreading that information, you have to pay money to the scammer. Bitcoins are often requested.
Through several channels
Sextortion scams usually happen via an email from a scammer, but the email is sometimes sent to you using your own email address. An email that seems to come from you: it’s a bit of a shock. No need to panic. It is in fact quite easy to ‘spoof’ an email address. This is a technique where the original sender address is replaced by something else. In addition to sextortion scams via email, they also appear in the form of messages on WordPress sites or blogs nowadays. Despite the simple set-up, fraudsters make hundreds of thousands of euros every year with sextortion scams. Because variants regularly appear, the messages are sometimes difficult to intercept by security systems. They are sent via malware, a so-called botnet. As the name suggests, this is a network of bots that operate independently. An infected computer will be part of a botnet and connect to control servers without the user’s knowledge. According to the information from those servers, it will start sending ‘sextortion scam’ emails. Check Point, a company that makes hardware and software products for IT security, recently conducted an investigation into sextortion scams. They found that infected systems can send up to 30,000 emails per hour. Each campaign has a capacity of 27 million recipients. So it’s not inconceivable that you could receive this kind of email yourself one day.
Don’t panic: the scammer is bluffing
Because the blackmailer mentions your account name and/or password, the danger seems real. Yet, this is just a bluff. Your data usually comes from a list circulating on the internet after a data breach. Also, in the case of posts on your WordPress site or blog, the account data has most likely been obtained via data leakage.
What you need to do…
A good anti-malware system on your computer will prevent you from becoming a sender of ‘sextortion scam’ emails. What if you find a message like that in your inbox and use the password mentioned? Change it immediately and enable multi-step verification on the account. This is possible on almost all online services today. In any case, do not respond to ‘sextortion scam’ emails. It is best to just delete them and/or mark them as spam.
Want expert advice? Netcure is crazy about cybersecurity!
We are contacted by cybercrime victims on a weekly basis and follow hacking trends closely. With good security, you can make life difficult for cybercriminals.