Sextortion scams operated by cyber criminals have been trending in the past few months. And as there are indicators that these extortion schemes have been successful, the criminals behind these sextortion scams will likely continue similar operations.
While recently trending, sextortion scams are nothing new. They have been coming in different forms of phishing messages for a long time already. These messages try to scare victims into paying money to stop the extorter from doing something – typically revealing very sensitive information or pictures.
Sextortion scams aim to establish fear
One form of messaging uses “bad online behavior” themes that relate to adult behavior online – such as visiting porn websites. This is commonly referred to as “sextortion” scam. The main purpose of the message is to establish fear in the victim that someone has been monitoring their online activities that many find “humiliating” or “embarrassing”.
The extorter often wants the victim to believe that the attacker has captured video and photos of the victim engaged in a sexual act that they likely would not want anybody to know about. The scammer then blackmails the victim by threatening to expose the photos and video publicly through social media or by sending them directly to the victim’s friends, family or coworkers. To stop that from happening, the victim has to pay money.
In the past months, these sextortion scams have been delivered via email spam. These messages typically have alarming subject lines about personal data, e.g. “Your personal data has been leaked due to suspected harmful activities.”
The graph below shows the activity of email spam campaigns delivering sextortion scams starting from January 2023, including the most used subject lines.
Figure 1 The most used subject lines
No other way than pay – according to the sextortion scam
A typical extortion scam will first try to establish the thought that the message and the threat are real. In these sextortion scams we have seen that the scammers often try to be seen as professional hackers or system administrators. They typically use technical terms such as “operating system”, “spyware”, “driver-based”, “Cobalt Strike Beacon”, etc. trying to intimidate the victim.
Below is an example of an email message claiming to be coming from a professional hacker, who successfully installed a Trojan on the victim’s machine, and then captured their online activities.
Another example claims that the victim has been infected with a “Remote Administration Tool”.
In these sextortion scams, the scammers carefully provided steps on how to pay them using Bitcoin. The scammers pressure the victim to act within a period of time – 2 days in the examples above. Scammers use this tactic to get their victims to pay fast – before they have time to think things through or get any help.
The scammers also use mental torture on the victim, suggesting thoughts of humiliation and embarrassment if the victim will not comply. An example phrase would be “damage and hell it can bring into your life.” Such phrases are used to make the victim feel downhearted and make them think that there is no other way but to pay.
Typical payment the scammer asked in this extortion is about 500-700 USD, which may sound very “reasonable” or “affordable” to pay for normal home user.
How to deal with sextortion scams
One may think that as scams are so common these days, no one would fall for them anymore. However, upon investigating the cryptocurrency wallets used in these scams, it appears that cybercriminals have received some payments. This may explain why sextortion scams continue to operate, and it also tells us that spam email messages still work in tricking consumers. And if it is effective for gaining money, cybercriminals will continue to use it.
It is very natural to get scared when you receive a message informing that your personal information has been leaked, or that your computer has been hacked with a “computer virus” and all your activity has been monitored. And it is definitely scary when the message claims to come from a “professional hacker” who was able to capture photos and videos. But don’t panic. Stay calm when you receive such messages, as most of these claims are just not true. Be aware that cybercriminals often exploit emotions – particularly fear. Establishing fear and panic with carefully crafted messages is often enough for cybercriminals to manipulate victims into doing what the scammers want – especially paying money.
What to do if you are threatened with sextortion?
In general, when you get a message that causes you fear and panic, here’s what you should do.
- Wait until you are calm enough to think things through and make based decisions, so you won’t act under panic.
- Get help and advice from someone – especially when you are under immense stress. It’s important to not feel left alone.
- Report the incident to your local police. Extortion is a serious crime, and many countries have laws in place for such cases.
- The attackers will only benefit if you pay them. Don’t do that. Paying only encourages them to continue their operations, and most likely they are just bluffing.
And when it comes to preventing such issues, as best practice, keep your antivirus updated. Avoid visiting shady websites for free software installers and software cracks. Attackers use such websites to get you to install a trojan without you knowing it. If you don’t visit such websites, it’s unlikely that your device gets infected with trojans that scammers claim to have used on you. And finally, use an identity protection product as it reliably informs you about possible data breaches or leaks that include your personal data.