Scammers scooped over $300,000 in Bitcoin by threatening to make unsuspecting victims’ activities on adult-only websites public.
Security experts warn about ‘Sextortion,’ a new form of crypto scam that was first reported in 2017 and gained popularity in 2018. Last week, a UK-based cybersecurity company Digital Shadows published research investigating this new phenomenon. The experts of digital risk protection detailed how cybercriminals have diversified their blackmailing methods.
Let’s Not Meet!
It all started with an email in which the sender claims to have access to the victim’s webcam and sensitive information. The criminals threaten that they have video evidence of a victim watching porn online and threaten to make this footage public if they do not pay a ransom, usually in Bitcoin. Naive victims sometimes fall for this trick in an attempt to hide their online secrets.
According to the research, since July 2018, sextortionists have made about $332,000 in Bitcoin due to their email-based scam. The sextortion fraudsters targeted 89,000 email recipients as potential victims, with the total number of attempts amounting to 792,000. The money from over 3,100 Bitcoin addresses was deposited to 92 Bitcoin wallets. An average ransom sum equaling $540.
First reports of the new scam date back to 2017, but last year began to run rampant. This year the issue still persists, according to numerous post published by Twitter users.
I keep getting emails threatening to send videos of me with my todger out to all my contacts unless I send them a shedload of bitcoins. The #Sextortion scammers are really boring
— Tim Trent (@AluciaCharter) February 18, 2019
A Perfect Victim
To earn easy Bitcoin, ‘sextortion’ scammers follow a similar scheme. They use social media networks, especially LinkedIn, to target high-earners. They then inform their victim that they have been caught performing some embarrassing activities like visiting sites with adult-only content. They claim they have recorded everything, including the victim’s activities while visiting these sites and threaten to reveal this to the victim’s contacts.
Here's a new form of cryptoblackmail. A friend received this out of the blue. Presumably, it's getting sent to everyone on the haveibeenpwnd list.
Be careful out there, never pay, never negotiate. pic.twitter.com/VFl5s1duCe
— Emin Gün Sirer (@el33th4xor) July 11, 2018
Of course, it is only a bluff, and the criminals do not have any videos, but the fear of public humiliation is a powerful driving factor. Besides, to convince a panicking victim, scammers present proof in the form of a hacked password bought from other sources. Now the poor victim is ready to pay.
According to the report, ‘sextortion’ scams come from email servers based worldwide, but the heaviest traffic was related to Vietnam, Brazil, and India. This may mean nothing, however, since these servers’ locations may also be falsified.
Help Wanted: Sextortionists
The Digital Shadows report revealed one more shocking find. The experts say that some of these ‘sextortionists’ appear to be extremely unsophisticated and unfortunate. However, there is another advanced group of experienced cybercriminals that are very different.
In particular, these criminals even perform recruiting activities searching for accomplices and promising them generous salaries of over $350,000 per year. The job scope of such ‘business assistants’ include help with spotting and targeting rich victims like high-earning company executives or lawyers with porn-watching habits.
Another criminal innovation, according to the report, is a new way of monetizing the stolen data. Now, hackers might not need to directly contact a victim with ransom demands. Instead, they might opt to launch a crowdfunding campaign on the dark web and sell the hacked data sets raising money from the criminal public.
Do you think scams like this will continue to proliferate into the cryptocurrency space? Let us know your thoughts in the comments below!