What is Sextortion Spam? How to Deal with Threatening Webcam Blackmail
Sextortion is an onlinefraud scam in which spammers attempt to extort people for money. The scam emails include threats to reveal webcam photos of the victims’ watching porn online. The emails often include personal information – like a legitimate password – belonging to the victim which has been stolen from previous data breaches. Although the email informs the victim that their computer has been hacked with malware – it has not. Sextortion scam emails that contain a real a password or username seem scary making these scam emails easy money.
Cyber security researchers at Sophos, analyzed millions of sextortion emails sent between the beginning of September 2019 through the end of January 2020. These sextortion scams generated nearly $473,000 in income for cybercriminals. This type of scam usually accounts for about 4.23 percent of all spam monitored by Sophos. The money-making schemes are low-tech but lucrative. The spam email campaigns are sent from global botnets on compromised personal computers. Computers in in Vietnam send the most.
Sextortion is a form of blackmail where someone threatens to share compromising images or videos of you unless you pay them to stop. Generally, the scammer threatens to send images of you watching pornography to all of your email contacts. Supposedly the images and videos were taken from your own webcam after your computer was infected with malware.
A few days ago, my friend received a sextortion email. He called me and I could hear the fear in his voice. He had received a threatening email and it wanted him to pay money in Bitcoin. He instantly defended by saying he never watched any porn and had no idea how to use Bitcoin.
I helped calm his fears (I think) by telling him what the email said without him forwarding it to me. It was a typical sextortion spam email. The demand for payment was a hefty $2,000 USD payable in Bitcoin. As with most scams, it has poor grammar, is written in a creepy front. The email is sent from what may look like a genuine Microsoft email address, but it is not. The email contains a Bitcoin wallet address to send the payment to.
The email (below) threatened to expose his pornography watching habits to the world.
He continued to receive more of these same scam emails, one each day, from various email address – all of them Outlook or Hotmail email addresses. All of them using difference Bitcoin wallets to receive the extortion payment.
If you are receiving sextortion scam emails, you are not alone. Anyone receiving an email like this would be afraid. If you thought your webcam had been hacked – watching pornography or not – there is a possibility that an embarrassing photo of you may be in the hands of hackers. And of course, no one wants compromising photos of themselves emailed out to family, friends, co-workers, and everyone lease on their contact list.
Fortunately, in this type of scam, the hacker is not especially skilled, and your compute is not infected with malware. This is a cheap scare tactic scam. However, the scammer does have a legitimate password or username – either old or current – and you should address that problem straight away. They also have your email address. It’s possible other hackers do too. One of the biggest dangers here is that this email address receives phishing email in the future that tricks you into resetting a password or clicking on a link that compromises a more valuable online account – like a bank account.
You’ve Been Threatened – Now What?
- Change ALL of your passwords right away! Try a password app to help you
- Change the password for the email account the spammers is using to reach you
- Change any account’s password if it uses the password sent in the sextortion email
- Use a password generator to create strong passwords
Use a password keeper to store them in a secure location. The way you can use a unique password for every account. You wot have to worry about remembering each one. Hackers won’t be able to get at them either
Often people use the same password for shopping sites and their bank account or credit card. If the shopping website is compromised, that can lead to a losing money from your online banking. Use a unique, hard-to guess password of reach online account.
How Do You Deal with Sextortion?
If you receive a sextortion email you should ignore the contents of the email. Of course, the threats are unnerving, but they are highly likely to be fake.
- Don’t panic. The threats are not real
- Do not respond to the email and never click on any links in the email
- Don’t send any money. The email probably has instructions on how to send payment using Bitcoin or some other cryptocurrency
- Do not open any attachments
- Mark the emails as spam to train your spam filter
- Report the emails to your ISP so they can filter them as well
- Report the emails to the Federal Trade Commissions (FTC) as fraud
Never send compromising images or videos yourself to anyone, whether you know the other person or not.
What Should A Victim of Sextortion Emails Do?
Sextortion spam emails are the work of low-skill online scammers. They use email addresses and other data bought on the dark web. The victim’s computer was never infected with malware and their webcam is not compromised. However, since many people use the same password on multiple online accounts, they are vulnerable to such scams. Sextortion spam emails often send a piece of personally identifiable information – like a familiar password, username, or phone number – to help convince and frighten the recipient into thinking this is a credible threat.
The usernames, emails, passwords and phone numbers are from older website data breaches. It’s information that can be bought en masse on the dark web.