If there’s one thing that Covid-19 proved, it’s that there’s no end to how low threat actors will go to turn a profit. Unemployment fraud spiked, medical research facilities were hacked, phony vaccination cards were sold on the dark web, the list is virtually limitless and the perpetrators utterly shameless.
Among the scams that exploded in popularity this year is email sextortion. Chances are good that you’ve seen one of these scams lurking in your spam folder. The gist is that someone allegedly placed malware on your computer and captured footage of you watching porn.
The footage, according to the hacker, will be deleted if you send along a tidy sum of money to a bitcoin account. If the ransom isn’t paid, the scammer threatens to send the video to employees, friends, co-workers, relatives, etc.
It is, almost 100% of the time, complete b.s. but it continues to thrive.
Why it works:
The scam has a powerful ally on its side: Shame and embarrassment. Watching internet porn isn’t really the sort of thing most of us chat about freely. That said at least 35% of internet downloads are related to pornography, and 40 million people admit to regularly visiting sex-related websites online.
Online adult portal Pornhub.com reported that 5,824,699,200 hours of its content had been watched in 2019, and this was before a roughly 18 month Covid-inflicted stretch that kept people indoors, isolated, and with few options for dating. This amounts to a great many potential targets online who would most likely panic at the thought of their preferences and proclivities being made public, especially to their spouses or partners.
The relatively low price point (in comparison to some of the big ticket figures demanded by ransomware gangs) means that many would rather pay to have the problem go away, even if they assume that it’s most likely a hoax. Anyone who actually pays is extremely unlikely to announce to others, “Hey, I just shelled out $5000 so you couldn’t see what my porn history looks like,” so it is difficult to know how many people are affected.
In the third episode of What the Hack with Adam Levin, we spoke with Jake, a journalist who found himself targeted by one of these scams. Check out the episode here, and if you like what you hear, please subscribe and tell your friends.
Email sextortion scam threat level:
Outside of some psychological distress, it really amounts to a mass email with nothing to back it up.
All a scammer really needs is a functioning email server and a bitcoin address. Bulk email lists are easy to come by (especially those that have already been compromised), bitcoin is easy to receive anonymously, and the price of a ransom is low enough that it’s unlikely to be a priority for the authorities.
How to Defend Against It:
Be skeptical of incoming emails, even if they include details such as passwords or your location; many are a matter of public record. Keep a level head. Scammers prey on a sense of panic from their targets. If you receive an email, report it to the FTC so they can keep better track of how often the scam is circulating. Finally, regardless of what you’re doing on your device, consider covering up your webcam when you’re not using it.