Fifty Shades of Sex Blackmail

[Man]

How criminals make money from other people's intimate lives.

The word sextortion, formed from the words sex and extortion, originally meant blackmail using compromising photos and videos that the attacker received either by hacking the victim's device or voluntarily from the victim. Although this form of crime still exists, today there are much more frequent situations in which the blackmailer does not have any juicy documents. Some types of sextortion "work" even on those people who know for sure that there physically cannot be any compromising evidence involving them. Let's look at all the modern types of sextortion and ways to counteract it.

"Your wife is cheating on you"​

A new type of extortion, instead of shame, puts pressure on jealousy. One of the spouses receives an e-mail stating that a certain “security company” has gained access (read: hacked) to all the data on the personal devices of the other spouse, and this data contains detailed evidence of adultery. To obtain more detailed information and an archive with downloaded data, they are asked to follow the link. Of course, in reality, the attackers have no data other than the names and e-mail addresses of both spouses, and the link only allows you to part with your money.

"I caught you on video"​

The classic form of sextortion is when the victim receives a letter in which the author claims to have hacked the victim's computer or smartphone and recorded what the victim does while browsing porn sites via a webcam. To prevent all of their friends and acquaintances from seeing the video, they need to urgently transfer some cryptocurrency to the "hacker". To make the story more convincing, the victim may be addressed by name, and the letter often includes a password that the recipient actually used for some accounts. In reality, blackmailers simply buy a database of stolen credentials, of which there are thousands on the darknet, and send passwords from this database in a standard letter to email addresses that match the desired password.

"You have a beautiful house"​

For those who are not afraid that unknown villains know their password, a new scheme was invented. In it, the attacker mentions that if the victim does not contact the attacker to pay for silence, he will come to discuss this issue in person. To make it more convincing, a photo of the victim's house taken from Google maps is attached to the letter. It is clear that for this trick, hackers need databases containing not only e-mail and password, but also a home address, which blackmailers increasingly obtain from databases of hacked online stores.

"I captured you on video - see for yourself"​

Another popular blackmail scheme does not rely on immediate payments in Bitcoin, but tries to install malware on victims' computers. The text of the letter offers to watch compromising videos to see how serious the threat is - but to do this, you need to go to a website and install a special video player. Infected, of course.

"You've been deepfake"​

This relatively new version of the scam works well for those who are sure that there are no compromising videos of them. After all, deepfake videos and deepfake porn, in which the performers' faces are replaced with those of famous people, have been described many times in the media. There are two types of the scheme: in one, the authors of the letter baselessly claim to have made deepfakes, in the other, they actually make them. It is very easy to distinguish the first from the second - in the second scheme, deepfakes are immediately presented to the victim, sometimes even in the form of a physical letter delivered to the work address. To make such a deepfake, you first need to get good enough photos and videos of the victim. You can reduce the likelihood of such an attack by not posting numerous selfies and other images with a clearly distinguishable face on social networks.

"You will be put in jail"​

Another type of sextortion is fraudulent emails in which the recipient is accused of possessing child pornography. The sender is said to work for law enforcement and prepares lists for mass arrests of pedophiles. The list also includes the victim's details, i.e. the recipient of the email. In order to disappear from the list, the victim must pay a ransom. The attackers experiment with threats, so there are even more ridiculous variations of this scheme, in which the sender "works for the CIA," "runs a website with orders for hired killers," and even "planted a bomb under your house."

What to do if you receive an extortion letter​

Don't panic. Almost all sextortion schemes are just empty scares. Fraudsters send out millions of identical letters and do nothing — and can't do anything! — to those who ignore them. So the surest way to react to such a letter is to delete it and mark it as spam.

The exception is when you personally know the sender or the letter contains real incriminating photos and videos. In this case, it may be not only blackmail, but also the production of defamatory deepfakes - both actions are serious crimes in most countries of the world. You should contact the police immediately, overcoming understandable embarrassment.

How to protect yourself from intimate photo leaks​

If you've ever taken nudes, sent them to someone, or saved them on any of your devices, read our detailed analysis - how to safely store intimate photos and videos and what to do if they leak online (they can still be deleted even from the Internet!).

And for those who like to meet and spend time on dating services, we recommend listening to the episode “Dangerous Dating” of our podcast “Change your password!”, in which we discuss the real threats of dating and the basic principles of security for online dating.

Source