PHIshing scams have plagued the internet for decades, ever since the AOL days of the 90s. For those that don’t know what phishing is, it is the mass release of emails to thousands of users, with the goal of tricking people into disclosing their password or other personal information. Over time scammers evolved phishing into a much more effective scam, spear phishing, which targets specific individuals and employees the use of their personal information to scare or trick people into doing what the scammer wants. This method proved to be much more successful than normal phishing emails, accounting for 91% of attacks.
Now phishing emails have evolved into a new and potentially much more dangerous form, called “sextortion.” Nearly all sextortion emails have the same layout. They will immediately begin by revealing that they know the password for one of the accounts tied to your email account. The inclusion of your password is designed to scare people into thinking that the threat is legitimate, even though it is unfortunately easy for hackers to get one of billions of passwords leaked from massive data breaches, often from dark web sites.
After using your password, the sextortion email will claim that they infected the user’s computer with a Malware that logged all their activity, and even accessed their webcam. They then claim that they used the webcam to record the user watching “videos” and “doing nasty things” (it should be obvious why it’s called “sextortion”). The scammer will then threaten to send the video to everyone in the user’s contacts unless a ransom is paid. The scammer will demand a payment in bitcoin is paid to BTC account, thus making the payment untraceable. If the payment is not made within 24 hours, the video will be released.
Due to how similar many of these emails are structured, experts believe that the emails are created by an automated process, and there is no legitimacy to the threat of a compromising video. Regardless, this kind of blackmail is a serious crime, and the implications of it can cause serious harm to the lives of the victims. While the basis of the sextortion emails is likely false, the FBI offers ways to limit the risk of becoming a victim:
Never send compromising images of yourself to anyone, no matter who they are — or who they say they are
Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know
Turn off [and/or cover] any web cameras when you are not using them
These emails have been on the rise lately. If you receive one, it’s important to not panic and immediately give into the scammer’s demands. Most of these emails will have your old password, but almost none will include your real name, location, screenshots, or anything else that would imply that the threat is real. To help reduce the possibility of receiving these emails at all, make sure you change your password whenever it is stolen in a data breach, and use a password manager to protect all your passwords from being leaked.