There is a growing trend these days of what is know as “sextortion”. You receive an email that addresses you by name and knows one of your online passwords – and even may include the last three digits of your phone number. Now that the sender has your attention, the e-mail then proceeds to claim that malware placed on a porn site you’ve visited and that they will expose you – unless you pay up.

These so-called “sextortion” scams are on the rise, fueled by the recent data breaches that have released personal information into the wild.

For example the e-mail might read like this:

FINAL WARNING. You have the last chance to save your social life. I am not kidding. I give you the last 72 hours to make the payment before I send the video to all your friends and associates…

I’ve been watching you for a while because I hacked you through a trojan virus in an ad on a porn website. If you are not familiar with this, I will explain this. A trojan virus gives you full access and control over a computer, or any other device. This means that I can see everything on your screen and switch on your camera and microphone without you being aware of it.

Although frightening, there is good news, and that is that it is all a pack of lies, so you can relax – a little…

However there is some bad news because of how the crooks claim to have spied on you. Even if you don’t watch porn, what else might they know about you if they have spyware on your laptop?

You might be asking yourself – Is it technically possible?

Yes. malware does exist that makes it possible for a crook to turn on your webcam remotely. Back in 2014, a US teenager Jared James Abrahams, was sentenced to 18 months in federal prison for spying on women via their webcams.

Do the sextortionists have anything on you?

No. If you receive a sextortion email like the one shown above, without any stills from the video as proof or a link to view the file, then it’s just a bunch of hot air and bluster. The extortionists are just trying to scare you into paying them something.

Remember, they send out millions of these sextortion emails at a time, and even if only a few recipients get scared enough to pay, the crooks end up making thousands of dollars for very little original outlay..

How do they seem to know all about you?

There are many people I know who never watch porn, don’t even have a webcam, and yet get scared by some of the claims made in these emails. That’s because the extortionist tries to convince you that they really do know everything about you. They include personal details in the email that allegedly “prove” that there must be some sort of active spyware infection on your computer.

The extortionists might include one of your passwords. Often, it’s an old password, but usually it was genuinely yours. That can be scary, but it is still not reason to panic. These stolen passwords come from data breaches, where your data was compromised and stolen by someone else. However if the password is still current then you have to serious reconsider your overall password security and start to change your online passwords.

The extortionists might include your phone number. They use phone numbers, paired up with email addresses, also acquired through a data breach.

The crooks send the email from your own account. This is done by a common hacker trick known as address “spoofing” where they can insert anything they like in the e-mail headers. They can make it look like they sent the mail from your own e-mail account.

What to do?

Don’t panic, delete the email, (after reporting it to IT CyberSecurity) and don’t let the crooks trick you into contacting them at all.

What you can do?

In order to avoid becoming a victim of such a scam, it is important to take the following actions:

  • Do not use the same password for multiple sites.
  • Change passwords regularly.
  • Review sites like https://haveibeenpwned.com/ in order to determine whether or not an account of yours has been compromised
  • If you receive a suspicious or threatening email, do not click on any links or download any attachments. Contact IT CyberSecurity immediately.