Scammers will do anything to convince you their scam is the real deal, and that can mean telling you they have video footage of you, even when it’s total garbage.
There’s no limit to the things a criminal will do to relieve you of money, and you only have to look at the number of fraudulent messages poking around in various inboxes to see the depth these things go.
Silly get rich quick schemes, survey with prizes, and a whole lot of other things that can lead you down a path of lies and ruin await if you fall for the con of a scammer. Some of these can particularly adult, though, such as the sextortion scam, a style that tries to extort and blackmail victims by the mere suggestion that someone on the other end of the internet has a video of you doing something lewd or inappropriate, and using that to get you to hand over some cash.
It is literally extortion, and is often based on little more than a story that resembles a threat. We’ve seen several this week, one of which was in a different language, and we’re not the only ones.
Security company Avast chimed in recently with news that it had blocked over half a million sextortion attempts in January, with 59,100 focused on Australians. It’s not a new thing, and we’ve seen the same style of sextortion scam going back years, but the numbers appear to be big once again, and that’s bad news if you don’t know what you’re looking.
“Sextortion scams are dangerous and unsettling, and can even have tragic consequences resulting in the suicide of affected users,” said Marek Beno, Malware Analyst at Avast.
What do sextortion scams look like?
This type of scam can look bad, and typically reads poorly, often resembling one giant block of text, but the scammer isn’t concerned by that. Rather, they want you to be afraid, with your fear leading you to do something like pay them for the so-called information they say they have.
They’ve changed a bit over the years, but from what we’ve seen lately, typically the scams start like this:
I’ve got bad news for you. If you visited a pornographic (pornhub) website, I was able to transfer a virus to your computer which gave me full access to your device
Of course, this is simply not true. None of it is true, but the scammer will keep going, and then tell you about a virus they wrote that apparently captured a video of your screen and camera, and that they can then send this to the web, including all of your contacts, and that you can magically stop it if you just send them money. They’ll typically attach a Bitcoin wallet and a number for you to transfer, and then end it with an ultimatum and time limit, advising you have 48 hours to do it or they’ll release the video.
But because this is a scam, there is no video. There is no special driver tracking what you’ve done, and no amazing hacker on the other end of your computer. This is just a criminal employing fear, and hoping you cough up.
Like so many things, this is just a scam, and this one is using the idea of fear to extort you, and get what they want.
“As scary as such emails may sound, we urge people to stay calm if they receive such a message in their inbox and ignore it, as it is just a dirty trick that cybercriminals use to try to get your money,” said Beno.
Are these sorts of scams successful?
There are people that will fall for this sort of scam, just like there are people that will fall for the JB HiFi prize winning scam, or even the Woolies prize winning scam. In fact, anyone can fall for a scam if they’re not paying attention, so it’s possible that people can and still will fall for sextortion scams.
Avast told Pickr that it believes spam emails don’t offer a lot of success, “far less than 0.01%”, but notes that it only takes one person to make it worth a scammer’s time, especially if these are sent out in a large number, which they almost always are.
“If just one person out of the 500,000 users in January paid, the cybercriminal will have made $1,000 or $2,000 just by preparing that email, and clicking the ‘send’ button,” said Beno, noting that “this can be a highly profitable business for the attackers”.