In recent years, we have been contacted by numerous clients regarding ‘sextortion’ scams. Sextortion scams are a type of phishing attack whereby people are coerced to pay a Bitcoin ransom because they have been threatened with sharing the video of themselves visiting adult websites. These scams are made to appear even more credible because they provide seemingly plausible technical details about how this was achieved. The phish can sometimes also include the individual’s password.
Phishing scams are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have visited adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom – a typical modus operandi. If you have been contacted by a phisher, remember do not fall into their emotional trap and you can always contact us immediately.
What to do?
• As with other phishes, our advice is not to engage with the phisher, to delete the email and report it to Action Fraud: www.actionfraud.police.uk/report-phishing
• Do not be tempted to pay the Bitcoin ransom, doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer
• Do not worry if the phish includes your password; in all likelihood this has been obtained from historic external or third party breaches of personal data. You can check if your email address or account has been compromised and get future notifications by visiting: www.haveibeenpwned.com
• If the phish includes a password you still use then change it immediately. Advice on how to create suitable passwords and enable other factors of authentication is available from Cyber Aware: www.cyberaware.gov.uk/passwords
• If you have been a victim of a sextortion scam and have paid the Bitcoin ransom, then report it to your local police force by calling 101
• If you need emotional support, this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: www.victimsupport.org.uk
For further information, visit www.tenintel.com/cyber-security, where you can find out how we support clients with data protection and digital forensics support.
Email us at email@example.com and follow us on LinkedIn and Twitter @TenIntelligence for all updates.