Few things are scarier than a direct threat to you and your family. Whether it comes by email, text, or phone call, an extortion message can feel like a disgusting violation of privacy.
But add sexual blackmail to the mix, and all bets are off. If you’ve ever gotten an email from a hacker claiming they’ve got you on tape watching porn, you know exactly how disturbing “sextortion” scams are. Tap or click here to see why they’re back in the news again.
After skyrocketing in popularity during 2019, sextortion scams are now showing up in new varieties. Some of these messages are run-of-the-mill malware threats while others invoke fears over COVID-19. In any case, there’s no reason to take a single one of these messages seriously. Yes, really! Here’s why.
Get this message? It’s literally spam (and nothing more)
Sextortion emails are a major nuisance the world over, but they’re an extremely profitable one. According to Sophos’ Naked Security blog, these virtual threats have netted cybercriminals over $100,000 a month over the past five months (that’s in U.S. dollars, too!)
The reason? These messages are absolutely terrifying, and the typical ransom lies somewhere in the realm of $200 to $2000 per email. Not everyone pays up, of course, but setting the ransom as high as these criminals do makes the process worth their while — even if they only catch a few victims out of thousands of emails.
Since 2019, sextortion emails have shown a massive spike in popularity. And for 2020, they’re taking on a few new forms to bypass spam filters and savvy netizens.
One sextortion email discovered by Sophos in March actually threatens to infect you and your family with COVID-19, of all things, if you don’t pay the ransom.
“What αm Ι cαpable οf dοing? Ιf I wαnt, I cοuld eνen infect yοur whοle fαmily with the CοronαVirus, reνeαl all of yοur secrets. There αre cοuntless thiηgs I cαn dο.”
We’ve heard of hackers attacking computers with viruses, but not literal ones!
Here’s another sample sextortion email that reached Sophos’ inbox:
Subject: High level of risk. Your account has been hacked. Change your password.
Í am a hacker who has access to yoür operatíng system.
Í also have full access to yoür accoüňt.
Í’ve been watchíng yoü for a few months now.
The fact ís that yoü were ínfected wíth malware throügh an adült síte that yoü vísíted.
Íf yoü are not famílíar wíth thís, Í wíll explaín.
Trojan Vírüs gíves me füll access and control over a compüter or other devíce.
Thís means that Í can see everythíng on yoür screen, türn on the camera and mícrophone, büt yoü do not know aboüt ít.
Í also have access to all yoür contacts and all yoür correspondence.
Why yoür antívírüs díd not detect malware?
Answer: My malware üses the dríver, Í üpdate íts sígnatüres every 4 hoürs so that yoür antívírüs ís sílent.
Í made a vídeo showíng [REDACTED] on the left half of the screen, and ín the ríght half yoü see the vídeo that yoü watched. Wíth one clíck of the moüse, Í can send thís vídeo to all yoür emaíls and contacts on socíal networks. Í can also post access to all yoür e-maíl correspondence and messengers that yoü üse.
Íf yoü want to prevent thís, transfer the amoünt of $950(USD) to my bítcoín address (íf yoü do not know how to do thís, wríte to Google: ‘Büy Bítcoín’).
My bítcoín address (BŤC Wallet) ís: [REDACTED]
After receívíng the payment, Í wíll delete the vídeo and yoü wíll never hear me agaín.
Í gíve yoü 48 hoürs to pay.
Í have a notíce readíng thís letter, and the tímer wíll work when yoü see thís letter.
Fílíng a complaínt somewhere does not make sense becaüse thís emaíl cannot be tracked líke my bítcoín address.
Í do not make any místakes.
Íf Í fínd that yoü have shared thís message wíth someone else, the vídeo wíll be ímmedíately dístríbüted.
Scary, huh? At the very least, they were polite enough to sign off with a “best regards.”
But as scary as this message looks, is there any reason you should take it seriously? Aside from the odd use of nordic vowels, the hacker mentions high-level malware and video blackmail. Could they actually ruin your life as they say?
As it turns out, these threats are just as fake as the malware they supposedly planted on your computer. In other words, this sextortion scam is nothing more than bluster!
Fake threats from fake malware paid with fake money
Sextortion scammers specifically prey on a lack of knowledge surrounding cybercrime and malware. Just note the use of “technical jargon” like “My malware üses the dríver, Í üpdate íts sígnatüres every 4 hoürs.” Not only is this sentence grammatically incorrect, but it’s also technologically incorrect!
The threat of sextortion is more than enough to get people to pay. This lines up with most previous sextortion scams, which also featured lies about hackers and malware with little to show as proof of the hacking.
Some sextortionists do go a step further, though, and include a leaked password of yours as “evidence” that they’ve hacked your computer. But these are almost always retrieved from previously-known data breaches, which can serve as prospect lists for these enterprising hackers. Tap or click here to see previous examples of fake sextortion emails.
If you do get one of these messages, there is really only one solution: Ignore it! Responding or retaliating in any way is enough to make these hackers try and attack you again (or at the very least add you to a spam list for future attempts).
The same goes if you attempt to make a payment. Bitcoin is anonymized digital currency, and just like with cash, there’s no way to get it back once you’ve paid.
Plus, many of the programs used to process Bitcoin payments are rife with malware of their own. Tap or click here to see why Google pulled several bitcoin-related extensions for Chrome.
Thankfully, sextortion is something you don’t have to live in fear over. If you know the facts, you’ll understand that they’re just another garden-variety spam email. Let your email filter take care of it instead of wasting your time.