The Adult Blackmail Scam, and How to Protect Yourself
UK internet users have been targeted by cyber criminals threatening to expose them unless they pay a ransom. Guess what, they were blackmailed by the hackers claiming proof that the particular user viewed online pornography. This “sextortion” emails came to the attention of Action Fraud, the UK’s national crime reporting centre, earlier this month.
A flurry of new victims were targeted with the emails over the weekend, which claim that the victim has been recorded watching pornography on their own webcams.
The subject of the email contains the victims’ own password to make them look authentic.
The ransom demands ranges from about £750 to around £2,000 in online currency Bitcoin – sums that people may be panicked into handing over.
Action Fraud has contacted several victims who have confirmed that the passwords are genuine and recent.
The organisation said security details were probably gleaned through data breaches on popular websites going back a number of years, then sold to fraudsters on the dark web.
Action Fraud first alerted people to the scam emails on July 13 when it received more than 110 reports from people who received them.
After running some email addresses through Have I Been Pwned?, a site that allows people to check if their security has been compromised, Action Fraud found that almost all of the accounts were at risk.
The emails typically read: “Let’s get straight to the point. Isn’t $*&£%£$ your password? You don’t know me personally and no one paid me to examine you. I placed malware on adult video clips (porn) and you viewed this hacked website to have the pleasure (you know what I mean).”
They go on to say that the hacker gained control of the display screen and webcam, recording the victim and the content allegedly viewed.
The fraudsters also claim to have gained access to every contact on the victim’s Messenger, Facebook and email accounts and threaten to send the information to them.
It demands a ransom ranging from $1,000-$2,900 (£762-£2,212) in Bitcoin within a deadline and gives details of how to buy and transfer the money to a secret account.
Victims are warned not to contact the police, with the added threat: “It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.”
Detective Constable Mark Agnew of Kent Police’s cybercrime unit, which has received reports from worried victims, said: “The people responsible for these scams email large numbers of people at a time, including those who do not visit pornographic websites.
“It is therefore doubtful they have the evidence they claim they have.
“It is understandable that some people will be concerned about receiving this type of email, but paying only highlights that you are vulnerable and can be targeted again.
“The internet is an incredible resource but comes with its own set of unique dangers that we all need to be aware of.
“By following just a few simple measures we can protect ourselves from those who misuse technology in order to benefit from the misery of others.”
How to protect yourself from the blackmail scam
These blackmail scam emails are a great example of why a layered defence strategy is so handy. We’ve already covered why using a password manager can help you safely manage your passwords, some of which will inform you if a password you use has been compromised. But what else can you do?
If one of these blackmail scam emails land in your junk box (or even inbox), there are a few things you can do. Take these steps to protect yourself:
Ignore and delete the emails — do not pay the ransom. If you fail to pay, no video or images will be sent to your contacts; after all, the video doesn’t exist.
Scan your Mac for malware and ransomware with Intego VirusBarrier. If you prefer free Mac antivirus, we recommend that you download and install VirusBarrier Scanner from the Mac App Store. (For details on the difference between our paid antivirus and our free antivirus, see: Why Your Antivirus Needs Real-Time Scanning.)
Update your account passwords online, particularly if it was mentioned in the email message since it was most likely stolen as part of a broader data breach in the past and the password is no longer secure. Take note that it’s imperative for you to be wary of which websites you create an account with since the password could be stolen. Only create accounts with trusted sources.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.