Sextortion scams are scary. The scammer contacts the victim, claiming to have gotten access to their computer and captured video footage of their target partaking in some private and decidedly adult activities, as well as the content that was onscreen at the time. The threat: pay up, or I send the footage to all of your contacts.
Lately, however, hackers have added another layer of “proof” to these claims, now referring to victims by name and including pictures of their homes. Let’s walk through what one of these scams looks like and what you should do if one appears in your inbox.
Sextortion scams are more or less a cybercriminal’s semi-targeted efforts, based on the assumption that…
So, someone reaches out to Joe Schmoe claiming that they had hacked into his computer and not only saw what he had spent his time browsing but also had video footage of what he did with that content and was prepared to send it to everyone on his contact list.
Put yourself in Joe’s shoes. If he had done that before, this threat could seem credible. Just imagine how Joe would feel, thinking a message featuring him in a very private situation would be sent to his entire contacts list. His boss, his parents, his friends, coworkers, and—shudder to think—anyone underage whose contact information he had, like a niece or nephew.
Suddenly, paying to prevent the spread of this footage doesn’t seem like such a bad option, does it? It is, but it may not look that way from where Joe’s sitting.
Of course, many people nowadays are aware that scams happen (not nearly enough, but many). To help counter this, scammers will make their message more believable by including private data about you. Historically, this was often a password of theirs that the scammer had farmed from a data breach.
However, scammers have been upping the ante lately, including pictures of their targets’ homes and referencing their addresses in their messaging.
Now, Joe Schmoe has even more reason to believe the message. After all, a picture of his split-level ranch is included, and he does live at 123 Mulberry Boulevard.
Here’s the thing: in every data breach, an attacker can steal various data types. Usernames, passwords, and email addresses are often the first to come to mind, but many businesses collect and store other details, too—like a physical address.
From there, the scammer can simply enter that address into a search bar and find at least a few images of the property. With some relatively simple automation, this scam can be pulled at scale, making it more likely that a target will take the bait.
Unfortunately, sextortion has been getting some attention as of late, as these scams have increasingly targeted minors… in some cases, with fatal outcomes as those targeted don’t see a way out of their situation. There was a 20% increase in sextortion attacks against minors between October 2022 and March 2023 as compared to the same period a year prior.
This is only exacerbated by the fact that these scams can be conducted through many different platforms. Cell phones, gaming consoles, and tablets are connected devices… which can be used to share these threats and are very common among young people.
As a silver lining, the US Department of Justice recently indicted four men from Delaware who allegedly attempted to extort almost $7 million from victims around the world, successfully bringing in $1.9 million via payment applications. Their charges—conspiracy to commit cyberstalking, conspiracy to send interstate threats, conspiracy to engage in money laundering, money laundering, and wire fraud—could bring each of them 20 years in prison should they be found guilty.
The Better Business Bureau provides the following advice to help avoid falling victim to this kind of scam:
The Have I Been Pwned website is a helpful resource for identifying if your email is part of a data breach. If you are targeted, report the scam to the FBI and the BBB.
We can help you keep the former safe. Give us a call at 561-795-2000 to learn more about our services.