Online sextortion is on the rise
Published 3:00 am Friday, December 14, 2018
By Greg Price
“I have very bad news for you. On 12/01/2018, I got into your systems and took over your computer. Your email address is user@email.com and your password is 12345. You are a BIG pervert. I made screenshots and videos of the adult sites where you have fun. As evidence, I made a PowerPoint presentation of my proof. Visit http://dont_ever_click_on_this.com.”
I hope you’ve never received a message like this. However, if you have, I suspect the message could be terrifying.
Sextortion email messages have wandered throughout the internet for years. The scam is a very effective social engineering technique. The scam provokes fear, anxiety and a quick call to action. You’ve been hacked and the bad guys have watched all of your personal activities from a distance. And in exchange for cash, they will not reveal to your friends and colleagues that you are a fan of adult content.
Traditionally, the most common versions of these messages were ridiculous. The messages were littered with incorrect grammar, misspellings and were obviously generic – Dear User. As with most technology, improvements were made. The messages began to be directed to a specific name and referenced a request for bitcoin payment.
Yet, despite the improvements, even the updated versions experienced a low level of success. However, that which is currently arriving to an inbox near you is a completely different challenge.
The messages that I’ve reviewed are addressed explicitly to the owner of the email account – which creates believability. A specific date of the successful attack is provided – the viewer’s fear increases a bit. And then definitive context is offered: your real email address and the password to that account.
The proof of the hack is presented and fear escalates immediately.
The demand isn’t for the seemingly ubiquitous, yet not-well-understood bitcoin: rather, a link to more proof is presented. “Click here and download this video. The video will show all of your poor behavior and I will send to your friends. Don’t contact anyone, just review the video and pay me a small amount of cash via PayPal, etc.”
This is a terrifying narrative.
However, the details of the scam are scarier. How did they get your email address and actual password? How did they gain access to your machine? What in the world is on that video?
Click or no click, that is the question.
Don’t Click! Don’t Click! Don’t Click!
Even if you’re browsing every source of internet porn available, don’t click on any links in a sextortion scam. In fact, you may have already clicked on too many links already, but that shouldn’t encourage you to click on the link in the email threat.
So, to construct this scam, the bad guys use databases of stolen credentials. The databases exist in many forums, in scores of locations on the internet. They build lists of stolen email addresses and passwords. Or they collect the information from the user via a phishing campaign. However they access the information, they are aware that users are poor at changing passwords; therefore, it’s likely that a password that was stolen last year will continue to be “real.”
And that link to a video of all your poor behavior, that’s a link to malware. The versions of the scam that I’ve reviewed, the malware was stored in Google docs. The malware will install to your local device. Once installed, the malware will attempt to steal your local account information, web history and create a listener to steal your passwords to financial and shopping websites.
So, don’t be scared of the sextortion scams. Take a breath, read through the message and relax. Perhaps you should use your favorite search engine and search for keywords from the scam message. I’m confident that you will find similar, frightened users. Then delete the message.
Password hygiene is important. Change your passwords frequently, and, review reliable news sources. If you read a data breach story, and you believe your data may exist in the breach, change your password for that service as well.
Perhaps you should reconsider those internet browsing habits as well…