Sextortion or sexual bribery is a serious criminal offence and it is an ever growing problem for authorities worldwide. It is very easy to become a victim and it can have devastating effect on people from all walks of life.
Online victims are often contacted by their perpetrators in the form of a social media friend request or via online chat or dating sites. Another tactic is for a cybercriminal to use compromised credentials to send unsuspecting victims sextortion emails. To grab one’s attention, they normally include the victim’s real password in the subject line of the email – to prove that they have access to the victim’s personal information.
Online perpetrators typically gain one’s trust by pretending to be someone else. They often lurk in chatrooms and use fake profiles in order to lure their victims. There is also a chance that the cybercriminal could hack into one’s electronic devices or online storage. This can be done using malware or by cracking or stealing login credentials.
Trusting people looking for the perfect partner or bored partners, or even undercover porn viewers are being increasingly targeted by cybercriminals. They work on the insecurities, naïvety and poor cybersecurity behaviour to coerce unsuspecting victims into parting with their money in order to prevent public humiliation and embarrassment.
Sextortion occurs when the perpetrator threatens to distribute one’s private and sensitive material if one doesn’t pay them. In certain cases they may even be forced to perform sexual favours or threaten to harm one’s relatives or friends by using information they have obtained from the device.
Security expert and J2 Software CEO John Mc Loughlin points to several versions of the attack, some via WhatsApp and other via email. “The WhatsApp variety is very common; boy meets girl by swiping right. The match is made and introductory texts are exchanged.”
“Almost immediately the beautiful girl shares intimate pictures and asks for the same in return. There is an almost aggressive exchange to ensure that the unsuspecting victim sends compromising photos that include showing their face,” he explains.
The perpetrators then reveal their true intentions and threaten to put the risqué nudes on the Internet, being sure to name the victim’s family members and work colleagues with whom they intend to share the photos.
Using information gathered from the texting – they identify victims’ social media accounts and in certain instances, use compromised details to access or hack their accounts. Once the bait is taken they move quickly to reel in their prey.
The tone is menacing and becomes increasingly urgent as they intimidate with threats of exposure and public humiliation. The modus operandi is pretty much always the same – demands for money in order to delete victims’ photos, mostly through cryptocurrency, but locally it is usually by eWallet or untraceable money transfers performed at retail stores.
He says another alarming trend is for cyber attackers to use compromised and leaked passwords that are easily available on the dark web and cyber underground. “The attacker then utilises a free email service to deliver the news that they have the victim’s password and have accessed their online activities.”
These messages are mostly poorly written, lack basic grammar and for the most part are identical. It only takes a very small hit rate to ensure a lucrative return. Once payment is made they destroy the pay-as-you-go sim card and move to the next victim.
Mc Loughlin says there are numerous ways to combat this, the simplest being to ensure that you stay far away from any illicit websites and another is to ensure that you change your passwords or use a reputable password manager. “Please do not use the same password on every site, platform and computer.”
Victims are less likely to report sextortion outside of their inner circle, they are too embarrassed and normally prefer to handle the situation on their own. Also, most victims are more likely to confide in someone they know rather than reporting it to law enforcement.
“Never send compromising images or selfies to anyone, no matter who they are or who they say they are. More importantly, do not open attachments from strangers and ensure the web camera and microphone is switched off when you are not using them,” he concludes.
Sextortion is an increasingly pervasive threat and it is not isolated to specific websites or apps, perpetrators use various forms of technology and platforms to reach their victims. The personal and psychological toll on victims is immense and most don’t seek help due to shame and self-blame.