Skip to Content
© Juan Moyano |
Security & privacy

An awful new twist on sextortion scams – what you need to know

COVID-19 has led many Americans to adopt a solitary lifestyle they might not be totally used to. Social isolation and staying indoors will not only protect you from viral exposure but can also protect others if you happen to be positive.

That said, the loneliness caused by social isolation hasn’t stopped people from seeking romance and companionship online. Internet dating is still going strong, even if people aren’t going out and meeting one another as much as before the pandemic. Tap or click here to see our complete guide to online dating.

But don’t think for a moment that hackers aren’t paying attention to this phenomenon. In an aggressive twist on classic sextortion scams, cybercriminals are now creating fake dating profiles to trick victims into sharing personal information. Then, when they least expect it, the trap is sprung and sextortion messages are sent. Here’s what you can do about it.

Forget bad pick-up lines, ransomware might be the next thing you get from Tinder

According to security researchers at the Internet Storm Center, cybercriminals are now looking for victims in places they haven’t tried before: Dating websites and apps. They’re creating fake profiles that they use to gain confidence and personal information from potential victims before using that data against them in sextortion scams.

These profiles usually take the shape of attractive young women looking for romance, which is one of the oldest internet fraud tricks in the book. But unlike typical fake profiles and scam accounts, these profiles will actively engage victims while prying for information like personal details, location and even sexual preferences.

Next, they’ll use this information to match you with leaked credentials from data breaches. This is how typical sextortion scams work since cybercriminals will pretend like they’ve “hacked” your computer to add impact to their messages. Of course, all they’re actually doing is using publically available data to make you think they have that kind of access.

Finally, the scammer hits you with a threatening email where they claim they’ll expose you unless you pay up with Bitcoin. They may even include some of the details you’ve shared in the message to show that they really mean business.

But, what makes this new wave of scams so dangerous is the fact that there is a social engineering component. If you happen to get explicit with one of these scammers, they now have access to highly sensitive information that nobody else would know. This makes the scam all the more convincing, which equals more successful payouts for each “job.”

This shift in strategy comes on the heels of the COVID-19 pandemic and shows just how adaptable cybercriminals are to social changes. Should this pattern continue we may see even more dangerous and provocative sextortion scams using deepfake technology further down the road. Horrifying, indeed!

RELATED: Deepfake ransomware tech is being sold for cheap on the Dark Web

What can I do to avoid getting suckered in by a fake profile?

Because these cybercriminals are using fake profiles to actively converse with victims, it can be much more difficult to discern them from real people. Fortunately, there are still a few red flags you can check along the way:

  • The profile has unusually attractive or model-caliber profile pictures.
  • The profile exhibits poor English skills in conversation, including spelling and grammar.
  • They ask you unusually pointed and personal questions in conversations.
  • They shift to sexually-explicit conversation topics without warning or too early-on.
  • They message you at unusual hours of the day despite claiming to be in your area.

If any of these apply to the profile you’re communicating with, you should think carefully before continuing the conversation. Odds are you might not actually be speaking with whoever that person claims to be.

But if you do ever reach the point where a sextortion email reaches your inbox, don’t panic! Unless you’ve shared some extremely lurid details in conversations with the scammer, their threats are almost entirely empty. Sextortionists almost never actually hack your computer but will insist they have total access to your private digital life in order to scare you.

Instead, make the sensible move and simply delete the message. If you don’t respond, you’re actually less likely to get a second round of threats. That’s because these scammers are in the business of hustling multiple people at a time. If you’re not a good lead, they will move on to another potential victim instead.

And we thought the fake profile issues on Facebook were bad. Tap or click here to see how you can spot fake friend requests on Facebook.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me