Due to a rise in local reports, the west midlands regions want to provide the residents of the local area with information and advice on the dangers of sextortion scams, protection advice and where to report if you’ve fallen victim!
Sextortion scams are a type of phishing attack whereby people are coerced to pay a BitCoin ransom because they have been threatened with sharing video of themselves visiting adult websites. These scams are made to appear all the more credible because they provide seemingly plausible technical details about how this was achieved, and the phish can sometimes also include the individual’s password.
Phishes are designed to play on people’s emotions so that they will behave in a way which is out of character, and scams such as this are no different. The phisher is gambling that enough people will respond so that their scam is profitable; they do not know if you have a webcam, have been visiting adult websites, or the means by which you communicate with people – in short, they are guessing. The phisher hopes to emotionally trigger people so that they will ‘take the bait’ and pay the ransom.
The email can contain the victim’s own password in the subject line and demand a payment in Bitcoin to prevent videos of the victim, on their computer visiting adult websites, being shared.
An example email reads;
“It Seems that, XXXXXX, is your password.
I require your complete attention for the upcoming 24 hrs, or I may make sure you that you live out of guilt for the rest of your lifetime.
Hey, you do not know me personally. However I know all the things concerning you. Your present fb contact list, mobile phone contacts along with all the digital activity in your computer from past 176 days.
Which includes, your self pleasure video footage, which brings me to the main motive why I’m composing this particular mail to you.
Well the last time you went to see the porn material websites, my malware ended up being activated inside your computer which ended up documenting a beautiful footage of your self pleasure play by activating your cam. (you got a unquestionably weird taste by the way haha)
I have the full recording. If, perhaps you think I am playing around, simply reply proof and I will be forwarding the particular recording randomly to 8 people you know.“
What to do
- Do not reply to the email or click on any links contained within it. Instead, report it to: report@phishing.gov.uk and then delete it.
- Do not be tempted to pay the BitCoin ransom, doing so will likely encourage more scams as the phisher will know they have a ‘willing’ customer.
- Do not worry if the phish includes your password; in all likelihood this has been obtained from historic breaches of personal data. You can check if your account has been compromised and get future notifications by visiting: https://haveibeenpwned.com/
- If the email includes a password you still use then change it immediately, The National Cyber Security Centre recommend creating a strong, memorable passwords by using 3 random words
- Organisations can support employees by encouraging them to report incidents to their management, despite the sensitivities, in order to get the right support.
- If the phish includes a password you still use then change it immediately, advice on how to create suitable passwords and enable other factors of authentication is available from Cyber Aware: https://www.cyberaware.gov.uk/passwords
- If you have been a victim of a sextortion scam and have paid the BitCoin ransom, then report it to Warwickshire Police by calling 101..
- If you need emotional support this is available from charities such as Victim Support by calling 0808 168 9111 or visiting: https://www.victimsupport.org.uk/
- Raise awareness of sextortion scams within your business, allowing employees to familiarise themselves with tactics criminals use and monitor advancements in how the crime is perpetrated.
- Organisations can support employees by encouraging them to report incidents to their management, despite the sensitivities, in order to get the right support.