Sextortion is the use of sexual exploitation to force someone to do something for you.
Off late, online scammers have been coming up with new innovations to dupe people of their hard-earned money. In the last month itself, a couple of these scammers sent spam emails telling their recipients that they’ve now been caught indulging in adult videos’ and if they don’t pay a specific sum, the videos of their dirty act’ will be aired in public. Although this seems pretty predictable, some of these mails have an interesting twist.
According to their contents, the scammers also have access to the victim’s password which they claim to have stolen by remotely placing malware on the victim’s device.
As bizarre as it sounds, some people have been gullible enough to fall for these scams, and right now, almost 150 people have sent $250,000 Bitcoin in the fear of getting their private Web browsing and camming habits exposed.
The most interesting part of the story is the fact that all the claims of the hackers stealing passwords and accessing webcams appear to complete lies. The perpetrators of this hack have simply gathered passwords from previous security breaches and used them tactically for this project.
But even then, they’ve managed to dupe enough people. According to the latest estimates, they’ve ended up making more than 30 bitcoin in less than four weeks. This news is also confirmed by a cyber-security professional who is closely tracking the attacks.
When interviewed, he went on to claim that these hackers have made thrice the money Wannacry made during their ransomware attack (2017).
Two Variants Of The Spam Emails
According to SecGuru, a Netherlands based security research professional, there are two different versions of this spam mail. The first one doesn’t feature a stolen password and asks for something around $200 and $700.
The second variant, however, comes with a password and tries to extort $1900 and $8000. The second variant seems to be even more, well-planned as the emails were sent from real versions of MS Outlook and Hotmail. This, in turn, makes it even more difficult to block the mails. According to most cyber-security professionals, these hackers have been using more than one bitcoin wallet to receive funds. This has further helped them in evading practically anyone who tried to investigate them.
One of the mail:
Hi, victim.I write yоu becаusе I put а mаlware оn the wеb раge with porn whiсh yоu hаve visitеd.My virus grаbbed all your рersonal infо аnd turnеd on yоur сamеrа which сaрtured the рroсеss оf your onаnism. Just aftеr that the soft savеd yоur соntaсt list.I will dеlеte thе сompromising video and infо if you pаy me 999 USD in bitcoin. This is address fоr рaymеnt : 1K2jNTLdbHEwaALQWKMeGoKLWD67Cb6q8BI give yоu 30 hоurs aftеr you ореn my mеssаge for making the trаnsactiоn.As sоon аs yоu reаd the mеssаgе I’ll see it right awаy.It is nоt necessary tо tell mе thаt you hаve sеnt money to me. This address is соnneсtеd tо yоu, my systеm will dеlete еverything automаtically aftеr trаnsfer соnfirmаtiоn.If yоu nееd 48 h just reрly оn this letter with +.Yоu сan visit thе pоlicе stаtion but nobоdy cаn hеlp yоu.If you try to dеceive mе , I’ll sеe it right аway !I dont live in yоur соuntry. So they саn nоt track my lосаtiоn evеn for 9 months.Goodbyе. Dоnt fоrget аbоut thе shame and tо ignore, Yоur life can be ruined.
You can check the connected bitcoin addresses here (313 BTC addresses collected so far)
Reasons Why This Hack Was Successful
As per the reports of Secguru, there are three main reasons why this hack turned out to be successful.
The first one is pretty simple- since people usually watch adult videos on their PC; they can be easily convinced when a hacker claims to know their details.
Second, it is also quite feasible to remotely gain access to a random person’s webcam.
Since this has happened before, it sounds even more convincing. Third, as these scammers have gained access to the victim’s old passwords that they initially used or are currently using, it is easier to manipulate these people into convincing that their computers have now been taken over.
(Read about another successful scam here)
The Curious Case Of Accessing Passwords
Due to the intensity and the relevance of this hack, a leading online publication reached out to three victims who received a similar scam mail within the last 72 hours.
In almost every case, the recipients mentioned that the password used in the opening sentence of the email was a password that was previously used for an online account that was initially associated with their email. (This is why you should not use one password twice – Read our article about how to stay safe on camming sites)
Likewise, all the recipients further mentioned that the passwords in question were more than ten years old and that none of the passwords referenced in the sextortion email had been recently used by them on their existing devices.
It is therefore only likely that this scam email is semi-automated. Our guess is that the perpetrator came up with some sort of script that directly draws the usernames and passwords from a particular data breach at a leading website that happened almost 10 years back.
It is also assumed that almost every victim who got their security details breached as a part of the hack is getting the same email over the last couple of days.
Once this scam starts getting even more refined, the perpetrators will start using the recent and relevant passwords along with additional personal details that are easily available online. This will further convince people that this threat about the hack is indeed real.
(How they can steal your password targeted)
If you look up online, you’ll find hundreds of shady password lookup services that indexes millions of usernames and passwords that have been stolen from the biggest data hacks till data. Therefore, an efficient scammer will simply go by these records and start emailing the users of a recently hacked website. In fact, tech and customer support scammers might start moving with this method.
What To Do When You’re a Victim Of Sextortion Scams?
Even small, semi-automated sextortion scams like this is a serious crime that can have dire consequences on the victims. So if somebody threatens to share your personal and sensitive material if they aren’t provided with money or sexual favors, file a case against them immediately.
As per the reports of the FBI, in several sextortion cases, the perpetrator happens to be an adult merely pretending to be a teenager. Also, if you receive a scam mail, you end up being one among the several victims who are targeted by the same individual. In case you think you’re a victim of some sextortion, contact the FBI office immediately at- 1-800-CALL-FBI).
How To Avoid Sextortion?
According to the reports of the FBI, there are certain things that you can follow in order to avoid being a victim.
First, you should never send your compromising photographs to anyone. It doesn’t matter if the person is your friend, boyfriend, or relative.
For maximum security, avoid sending these photographs in the first place.
Second, don’t open any attachments from individuals that you don’t personally know. In general cases too, you should be wary of opening attachments from unknown people.
Finally, turn off or cover your webcams when you’re not actually’ using them.
These small preventive measures can go a long way in protecting your security and helping you evade data breaches.