There are a number of ways through which hackers scam people and take their money off the internet. We have talked about phishing attacks, UPI scams, and more in our previous posts. Today, we’re looking at sextortion, wherein hackers use the threat of exposing images or video recordings of your sexual activities to extort money. This problem is widespread in the country — as per a research by British cybersecurity firm Sophos, India is among the top 10 sextortion mail source countries.
Sextortion has been on the rise over the past several months during the COVID-19 lockdown and nowhere is it more serious than in India. As per data released by PornHub, India has been leading in porn consumption during the coronavirus lockdown. How is this related to sextortion? Well, one of the ways sextortion works is through porn scams.
If you’ve seen the ‘Shut Up and Dance’ episode of Black Mirror, you’ll know what this scam is all about. In a porn scam scenario, a cybercriminal will send you a message or an email of a threatening nature, telling you that your phone or laptop has been injected with malware that allowed the hacker to film you through your phone’s camera or laptop’s webcam. The hacker then blackmails you with this information to extort money. To keep the video a secret, cybercriminals typically ask the victim for money in the form of Bitcoin (since cryptocurrency is almost untraceable) within a specific period of time.
Alert : I just got this sextortion phishing email trying to blackmail me for $2000 Bitcoin. Police & Action Fraud say it’s a really common scam & lots of reports these past few weeks. If you get one, it’s nothing to worry about. Forward it to firstname.lastname@example.org & delete pic.twitter.com/W5ma65phn1
— AtinA (@drummergirl1971) May 15, 2020
The important thing to note here is that such emails are usually a bluff. Unless you have previously clicked on a suspicious malware link that actually allowed the hacker access to your phone’s or laptop’s camera, the email is nothing but an attempt to scare you into sending money to the hacker. Even though such threats are purely fake, people often tend to believe them out of fear. Hackers also dress up the mail to make it look legitimate by including a password that you may have once used. These passwords are easy enough to find on the Dark Web if your email ID has ever been part of an old data breach. The best way to protect yourself will be to frequently change your password to something entirely new.
This type of sextortion scam is quite new but is gaining in popularity among hackers. As this Sophos article explains, it involves an app or website claimed to be a coronavirus tracker that instantly alerts users when they come near an infected person. However, the app seeks lockscreen access and device admin rights to see everything the user does on their phone. With this, they can track the websites they visit and use that information to extort money from their victims. These coronavirus-related sextortion emails are on the rise lately and victims are giving in to the ransom demands that can go as much as $4,000 (approx Rs 3,00,000) in Bitcoins.
Sextortion through dating apps
An old-school method of sextortion is when the blackmailer uses private photos of the victim in order to demand money. This kind of scam is commonly found on online dating platforms and video call services, which have seen a surge in users during the COVID-19 pandemic. It typically begins with two people starting a relationship on a dating app. Soon enough, the scammer will try to move the conversation to an intimate scenario, whether it is through messages or on video call. The scammer will try to convince the victim to send intimate photos or videos, which are then used for blackmailing the victim.
According to a report by the National Commission of Women, 412 cyber-crime complaints against women have been recorded during the lockdown period in India. These complaints include indecent exposure, blackmail, abuse, and so on.
Sextortion through home security cameras
Earlier this year, a new form of sextortion scam emerged wherein scammers tell their victims that they’ve recorded them through their home security cameras. In this scam, the criminal will send an email to the victim claiming to have recordings of the victim in an intimate situation. To make the threat sound credible, the scammer will include a link that takes the victim to a website which shows some generic footage from a home security camera or some surveillance camera in a public area. The footage is supposed to convince and scare the victim into believing that the hacker has their personal video as well.
What should you do if you receive sextortion emails?
Here’s what you need to know if you receive any of the above-mentioned sextortion emails – they are mostly untrue. Cybercriminals who send sextortion emails are usually bluffing that they actually have videos or pictures of the receiver in a compromising situation. They prey on the victim’s fears by making the email look believable using some old password or fake video as proof. Such blackmail emails can be ignored confidently.
That said, if you have ever exchanged intimate photos or exposed yourself on video calling apps like Zoom with a stranger or a person you may have recently met via a dating app, this can lead to a very real kind of sextortion. Free calls on apps like Zoom are not encrypted, which can allow a cybercriminal to enter a chat without your knowledge and record the video.