Imagine receiving an email from someone saying that they have installed malware on your computer and hijacked your webcam to capture videos of you using adult websites. The sextortion email includes a ransom demand to be paid in bitcoin. If you don’t pay up, the scammer claims they will send the video to a number of people on your contact list (which was supposedly harvested via the malware).
It would be easy to disregard the email, except for the fact that the scammer states that they have stolen your password via a keylogger – and to prove it, they include a password that you may be currently using or have used in the past in the body of the email. This adds a certain amount of credibility to the threat.
Do not pay the ransom.
Extortion is commonplace in the world of cybercrime as the growth of cryptocurrency has given criminals a safer and less traceable way of receiving funds from victims.
Cyber sextortion scams, which rely on nothing more than a well-worded email, are becoming increasingly common as attackers look for easy ways to cheat people out of money.
Have you received an email from someone claiming they’ll release a sensitive video of you unless you give in to their demands? Here’s what you should do.
What are online sextortion scams?
Sextortion is all about scammers trying to extort people out of money over the internet. In recent weeks, we’ve seen a rise in the number of these scams – some of which have proven to be very effective. In fact, scammers made more than $50,000 in a single week in July 2018, as noted by Bleeping Computer.
This is a total scam. The sender of the email has no leverage and is employing cheap fear tactics to turn a quick buck. They have not installed anything malicious on your computer, cannot access your contacts, and do not have any incriminating videos of you. It is alarming that they may know your password, but rest assured that they have almost certainly not stolen it with a keylogger. Instead, they have found your account credentials in one of the countless data breaches that have affected major companies such as Adobe, LinkedIn, and Tumblr, among many others. While it is concerning that your login credentials are out in the open for all to see, scammers are most likely simply using publicly available information to add weight to their online blackmail racket.
What should you do if you encounter a sextortion scam?
1. Keep calm and ignore the ransom
Understandably, it can be upsetting to be on the receiving end of cyber blackmail. Don’t panic. Remember, this is nothing more than a scam. The sender of the email has not installed anything on your computer and they do not have any images or videos of you. Keep calm, ignore the threats and do not pay the ransom.
2. Change your password
If the email contains a password that you currently use, immediately change it at any sites where it is currently used. Avoid using the same password for multiple accounts, and enable two factor authentication where possible. Check out our previous blog post for more tips on creating and storing strong passwords.
3. Check if your credentials have been leaked
As noted above, the scammers probably found your credentials in a data breach. You can check if your account has been compromised in a data breach by entering your email address at https://haveibeenpwned.com/. This handy website lists any data breaches that may have involved your email address. Change your password at any sites that have been affected by a breach.
Dealing with sextortion
Webcam blackmail scams use simple extortion tactics to cheat people out of money. If you ever receive one of these emails, simply ignore the ransom demands, change your password and check whether your email address has been involved in a data leak. For the ultimate peace of mind, consider investing in a proven security solution such as Emsisoft Anti-Malware.
Have a fantastic (malware-free) day!