What is Sextortion?

What is Sextortion?

Sextortion is a way of criminally extorting money from a victim or forcing the victim to carry out an act unwillingly. More often than not, the attacker threatens to publicly release embarrassing, personal images or video footage of the victim. Pornographic blackmail is commonly the angle used in sextortion. The compromising videos or images ‘may’ be that of the victim through means of a hijacked webcam using malware, or it may be fake imagery such as in sextortion scams.

Sextortion scams and attacks often start with a simple email. These scams are growing in popularity with attackers and are also becoming a new form of ransomware. Sextortion scams are delivered by way of email either targeted (spear phishing) or by mass mailing scraped addresses (spam). The scam is to convince the victim that images or video footage has been captured and to collect money through crypto currency such as Bitcoin.

Sextortion is trending…

Blackmailing victims through carefully crafted spam emails and detailing their alleged sexual activity (via webcam or other) is not a new trend. With the growing accessibility of email lists and user password credential data available on the Dark Web, it has become simple for attackers to launch and refresh daily campaigns. When you think about the time it takes to collect the data and prepare these campaigns, they more than pay for themselves!

Symantec recently estimated that the 5,000 most-seen Bitcoin addresses received a total of about $106,240 in May. If we take that number as the average amount to make in a 30-day period for these kinds of scams, that’s just over $1.2 million in a year!

In a recent attack, the attacker used stolen personal data and passwords to gain access to victim’s email and personal contacts. The attacker sends an email to the victim flaunting the stolen password to get their attention. They then claim to have installed malware on the victim’s computer that can be used to send the sexually explicit images to all their contacts unless the victim pays a ransom.

Sextortion remained widespread in Q3, with the appearance of malware that could potentially provide actual evidence of adult activity for threat actors instead of strictly relying on social engineering and related scams.

Does is affect business users?

Sextortion is typically aimed at consumers but spear-phishing has been used to target corporate email users and again is growing in popularity with attackers. Spambrella are seeing more and more phishing attack emails with sextortion themed content. We have to also remember that these types of emails are less likely to be reported by employees so IT departments will be less likely to highlight them as a growing concern or issue.