For those who thought this blog post would be about sex, I’ll let you in on a little secret so you don’t feel like you’ve wasted your time reading something you wouldn’t otherwise. It’s not.
Instead, it’s about the email messages that, from time to time, make the rounds and have a similar ability to grab your attention. I’ve seen it happen time and again. An unsuspecting email recipient is blindsided by an email message and immediately wonders:
- Does the sender really have compromising videos of me?
- What will happen if my – boyfriend, girlfriend, husband, wife or significant other – finds out about this?
- How much is it going to cost me to make this go away?
Typically, those who panic the most are those who are the least likely to engage in any compromising behaviors, online or otherwise. The natural response, especially since the sender usually “validates” the email by sharing a known password, is a combination of shock and fear.
And that’s exactly what the hackers aka scam artists are banking on, literally. That the recipients of sextortion emails will pay up or as one example that landed in a Malwarebytes honeypot stated, “live in hell out of shame”.
Usually, the messages start out the same. A semi-casual greeting followed by a brief explanation of who is sending the email. Next, there’s the assertion the sender knows your password and has access to one of your accounts, and that attempts to change the password will be futile. The hacker will still have access to one of your devices.
Then, the hacker gets right to the business at hand. Because of the access to your device, the hacker knows what you’ve been doing online. Usually the email goes something like this:
- I’ve installed malware.
- I know you’ve browsed adult web sites.
- When you were viewing these sites, your device’s camera automatically turned on.
- The video clips are now stored on my/our server.
- I also have access to all of your contacts.
- Within a certain number of hours of you reading this email, the contacts will be provided with proof of your alleged indiscretions.
Then, the email will provide a remedy for the situation. Oh, how handy and thoughtful! That portion of the email usually directs the recipient to transfer a specific amount of Bitcoin – I’ve seen as low as $700 and in excess of $1000 – to have the purported videos destroyed.
It’s been a while since someone I know has received one of these and called me in a panic, and that’s exactly why I wrote this post. We’re due – perhaps maybe even overdue – for another round.
If you (or someone you know) receives a sextortion email, the first order of business should be to NOT push the panic button. Even if the password is one that you have used in the past, it’s likely that the sender (aka hacker aka scammer) has simply found those credentials on the web courtesy of a breach. Hopefully, if that’s the case, you were notified that the breach took place and changed your password immediately.
In addition to staying calm, here are some other ways to deal with sextortion emails. None of them, by the way, require you to pay anything to me (or the sender of the email) via Bitcoin.
- If you were notified of a breach and didn’t change your password, what are you waiting for? You should change your password and, if you don’t have it enabled already and it’s available, you should enable two-factor or multi-factor authentication on your account.
- You can also check your email and password at Have I Been Pwnd to see if your email or password have been compromised.
- If you don’t make a habit of covering your webcam when it’s not in use, use the email as a reminder that you should.
- Similarly, use the email as a reminder to scan your devices…just in case…to make sure that they aren’t infected with malware, especially if this task has been on your to do list for a while.
- Don’t delete the email quite yet because you’ll need the email header and other information to report it to the Federal Bureau of Investigation’s Internet Crime Complaint Center IC3.
