Few things you should know about sextortion
You are at work in the morning and you notice one message from a stranger in your business email account. You decided to open it after finishing your coffee. After that hot coffee, you feel very much relaxed and you are now ready to open that message from the stranger. The email reads something like this:
I’m going to cut to the chase. I know <one of you real passwords> is your pass word. Moreover, I’m aware about your secret and I have evidence of it. You do not know me personally and no one hired me to look into you.
It’s just your hard luck that I stumbled across your misadventures. Well, I actually setup a malware on the adult videos (adult porn) and you visited this site to experience fun (you know what I mean). When you were busy watching video clips, your internet browser started out operating as a Rdp (Remote desktop) with a keylogger
which provided me access to your display and web camera. After that, my software collected your complete contacts from fb, as well as email.
I then put in much more hours than I probably should’ve exploring into your life and created a two view video. First part shows the recording you were watching and 2nd part shows the recording of your web camera (its you doing nasty things).
Frankly, I am ready to forget all about you and let you get on with your regular life. And my goal is to give you two options that can make it happen. These two option is either to ignore this letter, or perhaps pay me $ 2900. Let us explore above 2 options in more details.
Option 1 is to ignore this mail. Let me tell you what will happen if you take this path. I will, no doubt send out your video recording to your entire contacts including friends and family, co-workers, and many others. It does not save you from the humiliation your family will face when friends and family find out your dirty
videos from me.
Required Amount: $ 2900
Receiving Bitcoin Address: 1N1c9TaYcQb2Xnn5iAfGdRiZoMD925F3JQ
(It is cASe sensitive, so copy and paste it carefully)
Tell no one what you should be utilising the bitcoin for or they may not give it to you. The method to get bitcoin usually takes a day or two so do not delay. I’ve a special pixel in this message, and now I know that you have read through this mail. You now have 48 hours in order to make the payment. If I don’t receive the BitCoin, I will definitely send out your video to your entire contacts including members of your family, coworkers, and many others. You better come up with an excuse for friends and family before they find out. Having said that, if I receive the payment, I will erase the proof and all other proofs immediately. It’s a non-negotiable one time offer, thus don’t waste my time and yours. Your time has started.
Well, if you were really into porn, this would have shattered your life in that very minute you read them. This email validates that the sender really knows your password. He or she also tries to make you believe that you have been monitored for some time now. Finally, the sender asks you to ‘pay’ for the sin you committed, though anonymously through bitcoins. This email becomes more and more authentic when you receive in your business email address.
I was recently dealing with one such email to a customer of our’s and my research on sextortion shed me some light on how the hackers are able to get so real into committing this crime. When I learnt the way it all worked, I wanted to share with everyone I know because I really believe many can potentially fall victims of this scam.
What is sextortion in the digital world?
In today’s world, where everything is digitally connected, we all are aware that we are fighting for privacy more than ever in history. In everything we do online, we leave a digital evidence with or without our knowledge. One of the easy targets for hackers is to use ‘sex’ as a way to blackmail. Sextortion happens in reality when someone takes pictures or videos of you in an inappropriate manner or record your conversations on messaging apps or social media and then blackmails you for sexual favours or to extort money. However, most of the sextortion crimes these days are just scams to extort money.
How are business email users targetted?
Surprisingly, business email users are easy targets for these criminals because no one really wants to leave a negative impression at work. So, if you were wondering how someone would know your email address and/or the passwords, I have saved you some time by doing a little research. There are a couple of ways the criminals get access to your email address and passwords.
- Phishing is a very common method used by criminals to get access to passwords
- Malware is another automated method to get your passwords
- Compromised database of user information on a sale
The last one is something I believe that most of the criminals use these days. I was surprised to even see my business email listed for sale! My email was part of the database stolen from Linkedin in 2012. LeakedSource.com is one such website that sells passwords. There is an alternative website https://leakedsource.ru which you can use to search for your own email address. You will be surprised to see how your passwords are leaked online, not because of your fault, but because of the fault of a service provider in which you once had an account. A quick search of a couple of email addresses led me to understand that they have a large database of leaked passwords which were stolen from many big names including Adobe, Linkedin, Zomato, etc! Now, if someone knows your password, don’t be surprised, just change it 🙂
How do you prevent yourself from being a sextortion victim?
If you ever happen to receive an email or a message like the one above, especially on your business email, DO NOT panic! I would highly recommend that you find someone you can trust to talk about the problem – don’t let yourself be isolated. Secondly, get help from a technical expert who may be able to give you more insights into the hows and the whys.
If you are lucky today, make sure you stay lucky forever. The following tips might help you keep yourself secure online.
- Keep your devices away from malware – invest in a good anti-virus or just move to Apple Eco-System
- Do not use the same password for different websites and apps
- Use email alias, instead of real email address – real email addresses are most often the login username
- If you are a business user, try and avoid cheap hosting services
- Always use 2-factor authentication where possible
- Keep your webcams and phone cams covered – there are malware which can secretly record from your cameras without your intervention
- Use very strong passwords and change them often – you may use services like Apple’s keychain to secure your passwords in vault services
If you have additional information about such scams or if you have any advises to keep ourselves safe online, please let me know in the comments below. Sharing this post with one of your friends might even save their life, you never know!