Sextortion is seeing an uptick after a lull at the beginning of the year.
The basic template of the blackmail scheme hasn’t changed. It goes something like this: Your account has been hacked and we have video proof of you watching sexual content on porn sites. Now we demand immediate payment in Bitcoin or we will release the video to the public.
The extortionists often claim that they’ve installed a “special program” on a porn site and tracked the victim accessing sexual content. They might also claim that they have gotten access to the victim’s desktop and web camera.
They also have various ways to keep the pressure on unwitting victims. In one scheme highlighted by Malwarebytes, the extortionist gives the victim two days to make a payment in the Bitcoin equivalent of $1,000. The bad guy claims to be monitoring the victim, resorting to ruses such as saying they are using Facebook Pixel – code that collects user interactions from websites for advertising purposes – to monitor the victim.
Extortionists are able to convince victims that they have the goods on them by flaunting a victim’s breached credentials – such as usernames, passwords, and addresses – that have been gleaned from the Dark Web then bolstering this with training in the dark art of extortion via DIY extortion guides, according to a report from Digital Shadows, a U.K.-based cybersecurity company.
It’s all about the money
There was a surge in Internet extortion in 2018. The FBI’s Internet Crime Complaint Center (IC3) received 51,146 extortion-related complaints with adjusted losses of over $83 million, representing a 242 percent increase in extortion-related complaints over 2017, according to the FBI’s 2018 Internet Crime Report.
Between July 2018 and February 2019, Digital Shadows had analyzed a sample of sextortion emails in which 89,000 addresses received over 790,000 sextortion attempts.
The Digital Shadows report also finds that fledgling extortionists are enticed by the promise of high salaries, especially if they are able to land high-income targets, such as doctors, lawyers, or company executives. That kind of personal financial information can be found, for example, by searching LinkedIn profiles.
Some criminal groups are promising salaries averaging the equivalent of $360,000 per year "to accomplices who can help them target high-worth individuals," Digital Shadows said.
One campaign highlighted by Malwarebytes (involving criminals using sextortion among other activities) collected approximately US$16,100. A broader campaign -- which covers various kinds of criminal activity including extortion -- brought in 21.6847451 in Bitcoin or a little over $220,000 at current exchange rates.
“Sextortion scams are rooted in social engineering ploys that con artists and criminals of all kinds have devised over time. From the messaging to handling payments, this is a well-articulated business that will most likely keep gaining traction as it has shown to be highly profitable,” William Tsing of Malwarebytes, told Fox News.