A recent FBI report in tells us that sextortion scams have more than doubled, up 242% in 2018 costing victims $83 million per year. Cyber criminals claim to have sensitive photos or similar information of a sexual nature and threatens to release it to your friends and family unless you pay extortion
Meet Sextortion: The Newest Online Sexual Threat
Sadly, the Internet is full of sexual crimes and dangers. Anonymity, free flowing money and instant access to digital data present a perfect recipe for risks ranging from child pornography to hacked devices to revenge porn. Now sexual extortion or sextortion is rapidly becoming a massive problem as hackers realize they can use phishing emails to trick people into paying to avoid sexual revelations or embarrassments.
The basic formula is that criminals obtain some information about many people – often from a data breach – often with no sexual nature. Then they contact those people and claim to have compromising information about that person which they will reveal to that person’s friends or family unless the victim pays an extortion fee. Beyond having the contact information for the victim, the criminal will often have some other information such as the names of the victims friends or their employer or websites they visit which they will use to add credibility to their claim and to make their threat more specific.
Anatomy of a Facebook Sextortion Scam
Earlier this year, several MyProfyle employees and millions of other people were exposed by a Facebook data breach. This breach exposed not only personal information about those Facebook users but information about their who their friends and family were. MyProfyle believes that this information was used by multiple sextortionists to make very specific sounding threats. Instead of simply saying, “We have your nude photos” or “We have a list of adult websites you visit” the criminals could now say, “We will send this information to Judy and your co-workers at abcbank.com”
Imagine how frightening that sounds but this specific threat is only possible because they know your email address @abcbank.com or get the name of your wife from you Facebook account. MyProfyle recognized this threat and the origin of the data very quickly but we also understand that many people would take this frightening message very seriously and would think for at least a moment about whether the threat is real and whether they should pay.
Botnets Shift from Ransomware to Sextortion
Technology used to weaponize other types of threats has shifted to the sextortion racket due to its success. Recently a decade-old botnet called Phorpiex that has infected nearly 500,000 computers and used them to distribute malware has been given a new job. Phorpiex was used over a five-month period to cheat innocent victims out of hundreds of thousands of dollars when it shifted its attention from shipping ransomware malware to sextortion phishing emails.
Phorpiex is continuously sending out sextortion emails by the millions. In the case of Phorpiex, the hacked database they contained not just names and emails but credentials for some data breached websites. The sextortion email presented those credentials to the victim and claimed that these credentials were used by them on adult websites (and that their computers were also infected with malware that had uploaded their private info to them). And who knows, maybe they were, but Phorpiex does know that. What we do know is hundreds of people were frightened enough to pay.
MyProfyle’s recommendation with all online requests for money is first and foremost not to comply. If you think the criminal truly does have compromising information – perhaps gathered by hacking a device – or they have proven its existence to you, you may wish to contact the FBI. Extortion is a serious crime and they may be able to help identify the criminals when they try to collect their ill-gotten bounty. The most important thing to remember is not to simply pay any money to these types of extortionists. If you pay, you will certainly be a victim for a long time to come or you will find out the hard way that they never had anything to begin with.
We also recommend signing up with MyProfyle’s Free For Life Identity Protection™ service because it remains the best way to find out if your information has been exposed which may help you determine if a future threat is real or just based on your name appearing in a data breach.