There’s Nothing Sexy About Sextortion
Quick Answer
Sextortion is a coercive scam where attackers threaten to expose embarrassing or fabricated material unless the victim pays, typically in cryptocurrency. The 2019 variant tracked by KnowBe4 took it further: attackers threatened to plant child pornography on the victim's devices and report them to authorities unless paid, weaponizing the irreversible reputational damage of even a false accusation. Earlier sextortion campaigns paired the threat with a real password leaked in a prior breach, making the demand seem credible. The FBI's IC3 advice: do not pay, save the email, report it, and assume the password (if any) is from a known data breach (check haveibeenpwned.com). Defenses: link-time phishing protection on inbound mail to filter most extortion campaigns, password managers and unique passwords per site, MFA on every account, and educating users that paying never resolves the threat, it just funds the next campaign.
There was a time when hackers and email scammers used spear phishing to trick their victims into sending money. By the time someone figured what had happened, the money was gone forever. But, people are starting to get wise to that tactic. So, what do the hackers do? They evolve…all the way to blackmail.
According to an article on security training firm KnowBe4’s website, the newest spear phishing threat encountered is one that threatens the victim with a new kind of blackmail called sextortion.
Sextortion is a form of sexual exploitation that employs non-physical forms of coercion to extort money or sexual favors from the victim.
In this case, the extortion is in the form of a threat to blame you for child pornography.
According to the article, the victim receives an email that “claims the CIA will bust you for child porn unless you pay 5,000 dollars and only then your records will be deleted.” The email also contains a malicious link.
The endgame for this type of blackmail is scary to imagine. It wouldn’t be difficult for the attackers to place actual child pornography on your computer or fill your search history with fake child pornography searches. Then they could anonymously notify the FBI or law enforcement which would cause a big headache for you.
In case you’re wondering how big of a problem sextortion is, an article on security website HelpNetSecurity confirmed that “Sextortion scams make up 10 percent of all spear-phishing attacks [and] continue to increase. Employees are twice as likely to be the target of blackmail than business email compromise.”
This is just one of the findings from a new report by Barracuda titled Spear Phishing: Top Threats and Trends. The report analyzed three major types of attacks: brand impersonation, business email compromise and blackmail.
Some of the findings in the report include the following:
- The majority of subject lines on sextortion emails contain some form of security alert.
- Attackers often include the victim’s email address or password in the subject line.
- Scammers use name-spoofing techniques to make the email appear to come from a company employee.
Even though spear phishing attacks are evolving, the tactics and techniques employed to pull them off remain the same. And that means the technology required to defend yourself against them still work. What technology is that? Cloud-based email security with Advanced Threat Defense like that offered by DuoCircle.
If you want to ensure unwanted child pornography never ends up on your computer, head on over to our phishing prevention services. You’ll be up and running in 10 minutes.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.