Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Online sextortion scams have been around since 2009, but have evolved considerably over the years. Generally, sextortion scams begin with an email telling you that your computer and web cam have been hacked and that the scammers have video of you watching porn online. The scammer threatens to send the videos to people on your contact list unless you pay a ransom, which in recent years has most often been in the form of Bitcoin or some other cryptocurrency.
The sextortion emails sometimes include a password that they claim you used to log into a pornography site. The password is likely familiar to the victim because the scammer bought it on the Dark Web, where passwords and other data obtained through data breaches are sold to criminals. People who use the same password for all of their online accounts in particular would feel threatened by the appearance of a familiar password in the email.
One paragraph from the sextortion email currently circulating reads:
Been keeping tabs on your pathetic existence for a while now. It is simply your misfortune that I came across your misadventures. I invested in more days than I should have digging into your data. Extracted quite a bit of juicy info from your system and I’ve seen it all. Yeah, Yeah, I’ve got footage of you doing embarrassing things in your room (nice setup, by the way). I then developed videos and screenshots where on one side of the screen, there’s the videos you had been enjoying, and on the other part, it is your vacant face. With simply a single click, I can send this filth to all of your contacts.
In the last few weeks, people have been receiving sextortion emails with some new twists. First, the email contains a photograph of your residence with a threat to contact you at your home if you don’t pay the demanded Bitcoin ransom (approximately $2,000 in the sextortion email presently circulating). Scammers use services such as Google Maps to obtain the photos used in the emails and use AI to harvest other personal information such as your phone number and address, which are used in the email to make it appear more believable.
In another new development, the sextortion email contains a QR code to be used to pay the Bitcoin ransom. Cryptocurrencies are a favorite method of payment for scammers because of their anonymity and the difficulty in tracing the funds.
Additionally, the email refers to a type of spyware called Pegasus that can steal information from your computer without being discovered. In fact, Pegasus spyware does exist, but it is used only by government agencies.
But the truth is that they do not have the videos that they claim to have because if they did, they would show them to you in the email.
In the current sextortion scam, the claim that your web cam has been hacked is false, and merely an empty threat. While in this case, the scammer has not hacked your web cam, it is important to note that web cams can be hacked. To protect yourself, make sure that you change the default password on your webcam when you first install it. These default passwords are readily available to criminals. Another simple, low-tech thing I do is put a Post-It note over my webcam when it is not in use. This is a technique used by both Pope Francis and former FBI director James Comey.
So, while you can ignore this sextortion email, there are some basic related security steps we all should follow:
- Change the default password on your webcam to a unique, strong password
- Install security software on all of your devices and keep the software updated with the latest security patches as soon as they are issued
- Use strong, unique passwords for each of your online accounts
- Put a post it over your webcam when not in use
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
