scam
Sextortion — a portmanteau of “sex” and “extortion” — originally referred to blackmail using compromising photos or videos obtained either by hacking a victim’s device or voluntarily from the victim themselves. While this form of crime still exists, today’s sextortioners are far less likely to be in the possession of any juicy material. Some varieties of sextortion work even when the victim knows for certain that no compromising material featuring them could possibly exist. Let’s get to the bottom (so to speak) of all the latest sextortion scams, and ways to counter them.
“Your spouse is cheating on you”
This fresh sextortion tactic preys on jealousy instead of shame. A spouse receives an email from a “security company” saying it has gained access to (read: hacked) their other half’s personal devices and found proof of infidelity. For details, including a downloaded data archive, the recipient is invited to follow the link kindly provided. Of course, the attackers have no data at all other than the names and email addresses of the couple, and the link is there to extract money.
“I recorded you on video”
This is the classic sextortion scheme. The victim receives an email claiming that the sender hacked their computer or smartphone and recorded them through the webcam while they were browsing porn sites. To stop friends and family from seeing the video, the “hackers” demand an urgent payment in cryptocurrency. To make it more convincing, they may address the victim by name and insert in the email an actual password the recipient has used for some accounts. In reality, the sextortioners simply buy databases of stolen credentials, thousands of which are available on the dark web, and then fire out standard emails with passwords from this database to the corresponding addresses.
“You have a beautiful home”
To target those unfazed by cybervillains knowing their password, a new scheme was invented. The perpetrator mentions that if the victim fails to contact the attackers about the hush payment, they’ll come to discuss the matter in person. To add weight to the threat, the email includes a photo of the victim’s home taken from Google Maps. Obviously, for this trick to work, the attackers need databases that contain not only emails and passwords but also home addresses, which they can get from online-store data leaks.
“I recorded you on video, see for yourself”
Another popular sextortion scam doesn’t demand a cryptocurrency payment but instead tries to install malware on the victim’s computer. An email invites the recipient to watch a video to see how serious the threat is, but to do so they need to visit a website and install a special player — infected, of course.
“You’ve been deepfaked”
This relatively new version of the scam works quite well on people who are sure that no compromising videos of them exist. After all, deepfake videos and deepfake porn with celebrities’ faces superimposed on porn actors’ bodies have been widely reported in the media. The scam comes in two flavors: in one, the attackers simply claim to have made a deepfake; in the other, they actually have. It’s easy to tell them apart: in the latter, the deepfake is immediately presented to the victim — sometimes even in the form of a physical letter delivered to their work address. To make such a deepfake, of course, good-quality photos and videos of the victim are needed. You can reduce your chances of being attacked in this way by not posting countless selfies and other clear shots of your face on social media.
“You’re going to jail”
Another variety of sextortion is a scam email accusing the recipient of possessing child pornography. The sender claims to be work for law enforcement and is preparing a list of pedophiles for mass arrest. The recipient is among them, states the email. To get their name removed from the list, the victim is invited to pay a ransom. Criminals can be quite creative with their threats, so some variants of the scheme are even more outlandish: the sender may “work for the CIA”, “manage a website for hiring hitmen”, or even “have planted a bomb under your house”.
What to do if you receive a sextortion email
Don’t panic. Nearly all sextortion scams are just empty threats. Scammers send out millions of identical emails and do nothing to those who ignore them (since that’s all they can do). Therefore, the best response is to mark the email as spam and delete it. By the way, Kaspersky Plus and Kaspersky Premium users are protected against the vast majority of spam, as well as malicious websites and apps that are distributed under the guise of such spam.
The exception is when you know the sender personally, or there are real incriminating photos and videos attached to the email. In this case, you could be dealing not only with sextortion but also with defamatory deepfakes — two very serious crimes in most countries. Put all embarrassment aside and contact the police immediately.
How to guard against intimate photo leaks
If you’ve ever taken a nude, sent it to someone, or saved it on a device, read our detailed guide on how to safely store intimate photos and videos, and what to do if they still leak online (spoiler: they can still be removed even from the internet!)
Tips