Sextortion Email Threat/Scam
The email addresses you by name and knows one of your online passwords – and even may include the last three digits of your phone number.
Assured it has your attention, it then proceeds to claim that malware placed on a porn site you’ve visited will expose you. Unless you pay up.
This sextortion scam reared its ugly head many years ago during several data breaches.
The fraud banks on the chance that one of its potential victims – you, perhaps – has been visiting porn sites or has been cheating on a partner, and so believes the letter’s sender has secret information.
One such email claims that while you were watching a pornographic video, your web browser acted as an RDP (Remote Desktop) and a keylogger provided them access to your display screen and webcam. Right after that, they claim their software gathered all your contacts from your Messenger, Facebook account, and/or email account.
Some emails claim you were recorded as you were viewing pornographic videos, among other things. The email claims that all of your personal contacts — family, friends, co-workers — have been stolen. The blackmailer is giving you 24 hours to make a payment, often several thousand dollars, via Bitcoin.
The email further states that if payment is not made, they will send videos to all of your contacts, including relatives, coworkers, and so forth. The FBI refers to this as a “scare scam.” Most phishing scams try to steal passwords, but this one already has your stolen password – and uses that information to try to reel you in.
The messages are sent to email addresses exposed in previous known data breaches in which the user database (email address and password) was indexed online.
If you receive such an email, it is best to interact with it as little as possible. Do not click on any links in the message or open any attachments, as this could infect your computer with malware.
DO the following:
- Practice good computer “security hygiene,” which means regularly changing passwords and user names, signing up for a password manager, and using two-factor authentication, which usually means responding to a text to your phone in addition to entering your username and password on a site as added proof that it’s really you.
- Since laptops and many desktops are equipped with cameras and microphones, cover the camera lens and add a micblock to the microphone/headphone port on your computer when not in use.
- Report any scams like these to IC3.gov, the FBI’s Internet Crime Complaint Center, or contact your local FBI office (or toll-free at 1-800-CALL-FBI).
Finally, don’t respond to spam at all, period. Don’t pay off extortionists.