Skip directly to content

Catch Of The Week: Sextortion Email Scams

on September 20, 2019 - 10:44am
By BECKY RUTHERFORD
Los Alamos

What could be more annoying than an email scam? How about an email scam that accuses you of watching porn, claims to have hijacked your computer, recorded you watching said porn, and states that unless you send them Bitcoins within a certain time, they will send the videos of you to all of your contacts.

Yeah, this is certainly more annoying than your standard email spam. This entire set up is a well-known scam known as the “sextortion” email spam.

These scams have been an ongoing issue for quite some time, with a sharp uptick at the beginning of 2019. Sometimes these emails will contain your old passwords as “proof” that they have compromised your system/accounts.

You can feel safe knowing that they have not, and they scraped the data off the internet from older data breaches that dumped stolen passwords databases on the web. So they may have your password from years ago, but not your current password (And surely you have changed your password since then, right? If not, this is a good reason to do so.)

A new twist on this is the “you are a pedophile” version, which threatens to release the videos of you “watching child porn” to law enforcement if you don’t pay up.

Another twist is the “Check out this picture I took of you last night” scam, which has been popping up on Facebook and Instagram messages, as well as in emails. There are many, many other variations on this theme, but these scams all share the common thread of trying to scare you into paying them.

According to recent reports from the FBI, sextortion type scams have more than doubled, costing victims $83 million in 2018 alone. A report from Trustwave, a cybersecurity company, shows that sextortion spam emails are up 10 percent this year. The problem isn’t going away and will likely get worse, but it is just a scam.  

What should you do if you get a sextortion email?

  • Do not react out of fear. If the email contains a password, do not assume you are compromised.
  • If you or someone you know receives a sextortion email, realize that it is very unlikely you would have been singled out. The entire scenario is made up to try to scare you into sending money.
  • Do not interact with the emails, do not download any attachments or click links, delete them from your inbox and don’t worry about them.

What can you do to be more secure online?

  • You can check your email addresses and passwords to see if they have been breached by visiting this website: https://haveibeenpwned.com. You can register for notifications that your email or password was found in a data breach. If you get a notification or find a password has been breached, immediately change your password. Keep in mind there is always some risk by entering your password into any site. Some services such as Google and password managers will check this for you.
  • Create a complex password that is random, longer than eight characters, and contains numbers, special characters, and mixed-case letters. Or create a complex passphrase with at least fifteen characters.
  • Nobody can create and remember all these complex passwords/passphrases, so use a password manager like LastPass, Dashlane, Keepass, etc. to keep track of them securely.
  • Always be sure your operating systems and internet browsers are up-to-date. If you are running outdated software, you are putting yourself at risk for a cyber-attack.
  • If you are nervous about having an exposed webcam, cover it up with a sticker, or disconnect it when not in use.

Sextortion emails might seem scary, but rest assured they are not a threat to you. Delete the email, don’t worry about it, and get on with your day. 

https://fossbytes.com/email-sextortion-scam-threatens-expose-pedophiles/

https://www.bleepingcomputer.com/news/security/latest-sextortion-email-scheme-sent-by-chaoscc-hacker-group/

https://www.darkreading.com/attacks-breaches/sextortion-email-scams-rise-sharply/d/d-id/1335377

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.


Advertisements