What is Sextortion?
Sextortion is a form of cybercrime where scammers send emails threatening to expose intimate images or videos of the recipient unless a ransom demand is paid. These emails are a type of phishing scam designed to extort money and sensitive information from victims through coercion and manipulation.
The emails often claim the scammers have compromising photos or videos of the recipient and threaten to send the materials to the victim’s contacts if the demand for money is not met. However, in most cases, the scammers do not actually possess any compromising materials. They are simply trying to scare victims into paying ransom or providing personal information.
Recent Surge in Sextortion Emails
In recent months, there has been a significant rise in sextortion email scams. Security researchers have reported a flood of these fraudulent extortion emails targeting victims globally.
The sextortion emails follow a similar template but are sent from constantly changing email addresses to evade detection by spam filters. They include subject lines like “Your dirty secret” and contain threatening text warning recipients the scammers have evidence of them visiting adult websites or engaging in compromising acts on their webcam.
The emails demand payment of cryptocurrencies, usually Bitcoin, within 48 hours to prevent exposure of the alleged compromising materials. The ransom payment demanded typically ranges from $500 to $2,000.
Malware Downloads Included in Recent Campaigns
While the vast majority of sextortion emails are simply hollow threats and scams, some recent campaigns have included dangerous malware payloads.
Security analysts have discovered many of the fake sextortion emails also contain malicious Word document attachments. If victims download and open these attachments, an infostealer malware called SodaMaster is installed on their device.
SodaMaster is a Trojan that secretly gathers sensitive data like passwords, financial information, and cryptocurrency wallet details from the infected device. It then transmits the stolen personal data back to the hackers behind the scam.
So recipients compromised by these emails not only face extortion attempts but also risk having their financial and personal information stolen through the malware infection.
Protecting Yourself from Sextortion Scams
Here are some tips to avoid falling victim to these sextortion email scams:
-
Delete suspicious emails immediately – Do not open emails from unknown senders, especially those demanding payment. Delete them right away.
-
Do not open attachments – Never download attachments from sextortion emails, as they may contain malware.
-
Do not communicate with the scammers – Avoid replying to the emails or contacting the fraudsters, as this can confirm you as a potential victim.
-
Change passwords – If you did mistakenly open an attachment, change passwords for all important accounts immediately in case your device is now infected with info-stealing malware.
-
Use strong security software – Make sure you have reputable antivirus software installed to detect and block any malware.
With cybercriminals constantly modifying their sextortion tactics, it’s crucial to stay vigilant against these socially-engineered email threats. Being cautious and refraining from engaging with the scammers will keep your information safe.
