Hacked Passwords Leading to Increase in Sextortion Scams
It seems computer hackers will go to any length to complete their scams and wrestle money out of the hands of their victims. In one of the latest scams to come to light, hackers are finding real passwords and then using them to send emails threatening to expose people for watching porn. The unsuspecting victims receive an email disclosing part of a password associated with the email account that states the sender has set up a camera and filmed the recipient using a legitimate porn website. Unless the victim pays a ransom using Bitcoin, the sender of the email threatens to disclose the video to people closest to the victim.
Sextortion: A New Twist on an Old Plot
Many people receive so many scam emails that they no longer bother to open them. The scammers behind the sextortion scam hope to catch people’s attention by disclosing some or all of their email password immediately. If that works, the email goes on to describe how the hacker installed malware on a porn site while the email recipient was viewing it. However, it does not stop there. The hacker claims to have collected all of the victim’s contacts from Facebook, the Messenger application, and his or her email address as well.
As the email continues, the hacker threatens to send the supposed video of the recipient viewing porn to everyone on the contact lists mentioned above. The only thing the person receiving the email can do to stop this is to pay a ransom within 24 hours. The threatening language continues by informing the reader that the sender of the email knows the message has been read and not to waste time replying to it. In short, the reader should send the money or else.
Hackers Using Old Information
There is an element of truth in the sextortion email people receive in that some recipients have reported that the password is one they have used in the past. However, no one who said this scam had used the exposed passwords in more than 10 years nor have they used them on their current computer. The most likely explanation for the scam is that hackers obtained passwords from a security breach at a well-known website more than a decade ago. They merely added scripts to go with the passwords to make the scam seem more legitimate.
The Ruse is Getting More Sophisticated
Hackers have learned from this attempt at so-called sextortion that they must use more current information and a believable script to get anywhere with their intended victims. They now search for as much personal data as they can find online to convince the email recipient that the threat is real. Some have gone so far as to use illegal password lookup services associated with email addresses. The people behind that data breach have reportedly stolen billions of username and password combinations that they then sell to other scammers.
Yet another modern twist on sextortion is for hackers to email everyone with the information listed on a newly hacked customer database. In addition to demanding large sums of money, some of these scammers are demanding that the victims send nude photographs of themselves and other sexually explicit material. Some are so bold as to demand an in-person meeting where the victim must provide them with sexual favors to avoid having their private information exposed to everyone they know.
How Internet Users Can Protect Themselves from Sextortion
The FBI has received enough of these complaints to create an official document warning people of its dangers. It recommends that anyone who accesses the Internet regularly follow these steps to protect themselves from sextortion scams:
- Make sure the web camera is turned off or covered when not in use
- Never send a compromising image to anyone regardless of who they claim to be
- Do not open email attachments unless the sender is well-known and trusted
To add even greater pathology to this scam, perpetrators are often adults disguising themselves as teenagers. They depend on younger recipients to be more naive about online scams and to fall for their demands without question. Anyone who feels they have been targeted for a sextortion scam via email should forward the email to the FBI as well as contact them immediately.