Sextortion scams are anything but sexy. These attacks are when a scammer contacts a victim claiming to have captured photo or video footage of their target partaking in some adult debauchery—including on-screen content. They threaten to release the footage to their contacts unless they pay.
Ordinarily, it’s easy enough to ignore these types of attacks, but more recent threats have included the victim’s names and pictures of their homes. Let’s look at what these types of attacks might look like so you can properly address them should they find their way into your inbox.
Sextortion scams operate based on the following assumptions:
Basically, a hacker will reach out to the target claiming that they have caught the target engaging in adult activities while browsing sexually explicit content. The hacker then demands that the victim pay up. If they don’t, then the target’s contact list gets to see what they do in their personal time.
This type of activity targets a very primal human fear—the fear of being ostracized by their tribe—and if the victim has engaged in that behavior, then the threat could seem credible.
The implications are scary; we’re not denying that. The entire situation could make things extremely awkward and embarrassing for the victim, and it could drive a wedge between them and their loved ones. Just imagine what would happen if their boss, their parents, their friends, their coworkers, or anyone underage on their contact list were to see something of that nature.
Suddenly, paying up to nip that potential issue in the bud is a perfectly reasonable solution… even if it’s not.
People are generally more aware of scams these days, but they still don’t really know how to respond effectively.
To counter this fact, scammers have gone to great lengths to make their threats more believable. One way they have done this is through the use of private data. This might include a password that a hacker farmed from a data breach, but lately, they have been using far more sinister methods.
These days, scammers might include pictures of their targets’ homes and make direct references to their addresses in the messaging—and when you receive something like that, it takes the believability of the message to a whole new level.
It’s important to not lose sight of the truth here, though: an address is no different from a password in the context of this scam.
Attackers steal all types of data in data breaches, including usernames, email addresses, and so on. An address is just another one of these variables. It’s easy enough for a scammer to steal an address and type it into a search bar to discover a couple images of the property, perhaps on real estate websites or listings.
Yet despite the ease of this task, people still take the bait, simply because an address and place of residence is such a deeply personal thing.
Sextortion scams have been getting much attention lately, unfortunately due to scams targeting minors.
In some of these situations, these scams have led to fatalities, as the targets did not see a solution to their situations. There was a reported 20% increase in sextortion scams against minors from October 2022 to March 2023 compared to the previous year. It’s likely that the threat surface for these attacks is one cause of this increase.
Considering the various platforms used by minors—cell phones, gaming consoles, tablets, and other connected devices—it should come as no surprise that young people are often the targets of these attacks.
The US Department of Justice is fighting back, though, and in one case has indicted four men from Delaware responsible for allegedly attempting to extort nearly $7 million from their victims around the world. They successfully brought in about $1.9 million through payment applications, enough to ruin more than a few lives in the process. Their charges could potentially land them in prison for 20 years if they’re found guilty.
All of this might have you wondering, though… how do you avoid and deal with a sextortion scam?
The Better Business Bureau provides the following advice to help avoid falling victim to this kind of scam:
The Have I Been Pwned website is a helpful resource for identifying if your email is part of a data breach. If you are targeted, report the scam to the FBI and the BBB.
Remember, security is vital both in business and in your home life. If you feel your business could use a security boost, call us at 301-740-9955 to learn more.
Comments