As greater portions of our lives – including our personal lives – have moved online, there has been a corresponding rise in sextortion and spam sextortion emails. These can be tremendously damaging, leading to humiliation, significant sums blackmailed from the victim, and in some cases suicide.
Even the most chaste of us can be embroiled in these scams, and they can be absolutely devastating, so it’s important for people to understand what sextortion and spam sextortion emails are, as well as what they can do to stay safe.
WHAT IS SEXTORTION & SPAM SEXTORTION?
There are many different types of sextortion, with the common factors being that there is some kind of sexual angle, combined with an attempt to extort the victim out of sexual acts, explicit pictures, and videos, or payments in either money or cryptocurrencies.
Sextortion can happen in the real world, such as when an official demands sexual favors in exchange for a service. However, this article will mainly focus on the digital aspects of the crime. Online sextortion can be divided into two major categories:
- Instances where the attacker has access to sexual information or explicit images of the victim.
- Attempts where the attacker does not have this information but instead is able to construct an elaborate story that convinces victims that they do have images or videos of them. This is the most common type in mass-spammed emails, however, victims may be individually targeted over email as well.
HOW DOES A SEXTORTION ATTACK START?
In the first type of sextortion, attackers begin by first acquiring the sexual information, images or videos that they will use to extort their victim. The most common methods include:
- Hacking the individual’s social media or messaging apps, their email, or their online storage accounts, such as iCloud.
- Finding or stealing their poorly secured devices and accessing the images.
- Getting them from a disgruntled ex-lover (alternatively, the ex-lover may be the person conducting the sextortion scam).
- Impersonating an attractive person (often by stealing someone else’s pictures, or by using the videos of webcam models), and convincing the target to send sexual pictures or record explicit videos.
- Infecting a computer or device with spyware, and making the recordings while the target is intimately engaged (although in the vast majority of these attacks the recordings don’t exist – it’s simply a ruse to scare the victim).
Once the attackers have something to use as leverage, they contact their target and demand whatever it is they want, whether it’s money, sex or more explicit images.
WHAT IF THE ATTACKER DOESN’T HAVE ANY PICTURES OR SEXUALLY EXPLICIT INFORMATION?
If the attacker doesn’t have anything sexual that they can blackmail their target with, all they have to do is provide a convincing scenario that manipulates the person into thinking that they do. In one of the most common techniques, the attacker contacts the target and it progresses roughly along the following lines:
I’ve been watching you. You visited a porn site that hosted my malware, and now it’s on your computer. Since then, whenever you’ve watched porn, my software has been secretly recording you. I have split screen videos of you in a compromising sexual position, alongside the dirty things you were watching.
I will send the videos to all of your email and social media contacts. Your friends, your family, your colleagues. Everyone. Your life will be ruined. If you want to prevent this, all you have to do is pay me. Your move.
You are most likely to run into this attack as a spam sextortion campaign that has been sent out to thousands or millions of potential victims. However, it’s also possible for an attacker to tailor the message to you, using information they may have already discovered about you to make it seem more convincing.
WHAT SHOULD YOU DO IF YOU’RE THE VICTIM OF A SEXTORTION ATTACK?
Your first move should be to determine whether it’s a legitimate threat or not. If the attacker refuses to show you whatever information or pictures they have, it’s most likely that they don’t have anything and are just trying to scare you into handing over whatever it is that they want.
Another major clue is to look at the way it’s written. A lot of spam has the same kind of clunky text filled with grammatical errors.
Many sextortion attempts may appear to be legitimate, especially if they include specific information about you. However, this doesn’t necessarily mean that the threat is real, because so much personal information is easily available online – in some cases, even sensitive things, such as passwords.
While some of the more sophisticated attempts can be scary, you can be almost certain that anything along the lines of “I installed malware on your computer and recorded your camera while you were watching porn”, is almost certainly fake. If this is the case, simply report it as spam and forget about it.
Note that this scenario is not actually impossible. Indeed, this is how attackers have infiltrated banks and other organizations to learn their ins and outs and then proceed to pursue financial gain. However, this scenario is exceedingly unlikely because (a) it is a well-known mass fraud technique that has been coming into millions of mail boxes over the past year, (b) very few real scenarios like this have ever been discovered, and (c) it would take someone too much time to be monitoring lots of people and waiting for them to do something worth of extortion…. Even if they could manage to get those people’s systems hacked well enough to allow such surveillance.
If someone does actually have sexual pictures, videos or explicit information about you, then it’s best to contact the police and have them investigate the matter. While the situation can certainly be humiliating, caving in to the attacker’s demands can often make things far worse.
In many cases, it isn’t too difficult to find out the source of the threat, so there’s a reasonable chance that the authorities can completely put a stop to it for you.
HOW TO PREVENT SEXTORTION AND SPAM SEXTORTION EMAIL ATTACKS
There are two main ways to prevent sextortion attacks. The first is to never mix your sex life and technology. That means that explicit pics to your lover aren’t a good idea, no matter how much you trust them now. It also means that you should avoid pornography websites.
But let’s be realists, abstinence hasn’t worked in many other areas, and many people aren’t going to abstain in this situation either. If you are going to combine sex and technology, do it with extreme care. Send pictures over a secure app like Signal, and only visit more reputable pornographic websites, ideally with a scriptblocker on your web browser. Cover your computers’ cameras when they are not in use.
The second technique is to follow good security practices. A good start is to use a reliable filter for your email, such as LuxSci’s HIPAA-compliant email filtering. This should keep the majority of spam sextortion messages from ever making their way into your inbox. You can’t fall for a scam you never see.
Other measures you should take include:
- Adopting strong and unique passwords for each of your accounts.
- Using two factor authentication.
- Avoiding the dodgier parts of the internet.
- Running an adblocker and scriptblocker.
- Updating all of your software as soon as possible.
- Learning about phishing and how to spot it.
- Running antivirus on your computer.
- Do not click on links in emails or open attachments emailed to you unless you are expecting them.
While you can never be one hundred percent secure online, if you adopt the above practices and always exercise a little bit of paranoia in your online habits, you should be much more secure against the devastating effects of sextortion and spam sextortion emails.