Glossary

Sextortion

What is Sextortion?

Sextortion is an attempt to extort money or get victims do something against their will by threatening to release embarrassing, personal images or video about the victim. The compromising images may come from the victim's webcam which is hijacked by malware, or it may be fake imagery such as in sextortion scams.

Sextortion attacks often originate by email and are becoming a new form of ransomware. In a recent attack discovered by Barracuda Networks, the attacker used stolen personal data and passwords to gain access to victim's email and personal contacts. The attacker sends an email to the victim flaunting the stolen password to get their attention. They then claim to have installed malware on the victim's computer that can be used to send the sexually explicit images to all their contacts unless the victim pays a ransom.

Recognizing Sextortion Scams

A sextortion email often begins with a subject line like "your password is…" followed by one of your passwords that the attacker has gained from a data breach. The email will then claim to have the ability to remotely control your computer or distribute sexually explicit or personal images to your friends and contacts. Finally, the email will demand some type of action such as making a payment (often in Bitcoin) or clicking on a link.

Common characteristics of sextortion emails:

  • Misspelled or poorly written text
  • Evidence of a threat such as revealing a secret password, some data about one of your accounts or the name of a friend or associate
  • A claim to have installed malware such as a Remote Access Trojan (RAT) that can take control over your computer or email account

Here is an example of a recent sextortion email:

Date:

From:

Reply-to:

To:

Subject: password

Charset: iso-8859-1 *

password is your passphrase. Lets get right to the point. You do not know me and you are most likely wondering why you are getting this email? Nobody has compensated me to check you.

In fact, I placed a malware on the xxx streaming (sexually graphic) site and you know what, you visited this site to experience fun (you know what I mean). When you are watching videos, your internet browser initiated functioning as a Remote control Desktop having a keylogger which provided me with accessibility to your display screen and also webcam. Just after that my software program obtained every one of your contacts from your messenger, social networks, and emailaccount. After that, I made a video. 1st part displays the video you were watching (you have a nice taste lmao) and 2nd part displays the view of your webcam, and it is u.

There are two different solutions. We should check out each of these possibilities in particulars:

First alternative is to dismiss this email. In this scenario I most certainly will send your actual recorded material to every bit of your personal contacts and thus just imagine about the humiliation you feel. In addition, should you be in a romantic relationship, how will this affect?

Other choice would be to pay me $5000. I will name it as a donation. In this case, I most certainly will instantly discard your video footage. You could continue your daily ro utine like this never occurred and you will not ever hear back again from me.

You will make the payment via Bitcoin (if you don't know this, search for “how to buy bitcoin” in Google)

BTC address: 1AQPmkJbKtKbA9Kt4Dh2LyRJPyc8gADuPq

[CASE-sensitive so copy and paste it]

If you have been looking at going to the cops, anyway, this e mail can not be traced back to me. I have taken care of my steps. I am also not attempting to ask you for money very much. I wish to be paid.

You now have one day to make the payment. I have a unique pixel within this email and now I know that you have read this email. If I don't get the BitCoins, I will definitely send your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I do get paid, I will destroy the video right away. If you need proof reply with Yea! & I will send out your video to your 12 friends. This is non:negotiable offer thus do not waste my time and yours by replying to this email.

Transcribed by https://otter.ai

How to Protect Yourself from Sextortion

Do not pay the ramsom! Most sextortion attacks are scams in which the attacker cannot carry out their threat. Attackers are counting on you to act out of fear. Instead, immediately change the password of your email account and any other accounts that you think may have been compromised.

Next, you should take the following basic measures to stay protected:

  1. Do not pay the demanded ransomware.
  2. Periodically check if your email addresses have been involved in a data breach using a site such as haveibeenpwned.com.
  3. Create complex passwords that are different for each of your accounts to make it more difficult for hackers to guess your passwords based on your email address. A pasword manager can make this easier to manage.
  4. Make sure all your emails and data are backed up. An email protection solution like Barracuda Essentials can automate this.
  5. Turn off your webcam or install a camera cover on your computer to ensure the camera is not enabled without your knowledge and permission.
  6. Stay informed by checking sites like Barracuda Threat Spotlight and Barracuda Security Insight.

Learn More About Sextortion

Barracuda Essentials and Barracuda CloudGen Firewalls both offer real-time protection against sextortion emails and other types of ransomware. Barracuda Sentinel adds another layer of protection by detecting and stopping email account takeover and impersonation attacks that can arise from stolen login credentials.

Barracuda can filter inbound emails with multi-layer protection against all forms of ransomware. We can also back up every email and file to protect you from data loss. Outbound filtering blocks the sending of inappropriate content from protected email accounts.

Do you have questions about sextortion emails and sextortion scams? Contact us today.