Security News
Get Total AV Login

How to fight against Sextortion

What is Sextortion and how do we fight against it?

Published by Total AV Security Labs

We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them.

We received emails like the one below, which is a black-email or extorsion … in digital form. Since it related to sexual activities, we can call it "sextortion".

I have to say, that the amount of thoughts expressed in the email is interesting.

Here is the plain text of the email:

"Hello.

I do not want to judge anyone, but as a result of several occasions, we have point of contact from now. I do not think that caress oneself is very bad, but when all your relatives, colleagues and friend see it- its obviously awful.

So, closer to the point. You visited the website with роrn, which I’ve adjusted with the deleterious soft. Then you chose video, virus started working and your device became working as dedicated desktop immediately. Naturally, all cams and screen started recording instantly and then my virus collected all contacts from your device.

I text you on this e-mail address, because I got it it with my soft, and I guess you for sure check this work address.

The most important thing that I edited video, on one side it shows your screen record, on second your cams record. Its very amusingly. But it was sophisticated .

All in all- if you want me to delete all this compromising evidence, here is my BTC account address- 19erHb7FxesMTjSm3QB9bKAscpPw46fcSe (it must be without «spaces» or «=aquo;,check it). If you do not know how to make btc transactions, you can ask google or youtube for help- its very easy. It seems to me, that 290 usd will solve your problem and will destroy our touchpoint . You have thirty hours after reading this message(I put tracking pixel in it, ill know when you read it). If you will not finish transaction, ill share the compromising with all contacts I’ve collected from you.

Finally, you can ask police for help, but, obviously, they will not find me for 1 day, so you will be shamed at all. Sorry for misprints, I am foreign."

Even though most people exercise caution in sending potentially compromising pictures and videos, sometimes even the best of us could be exposed to sextortion. A survey of 1,631 victims of sextortion revealed how every online user is, at one point or the other, potentially liable to become a sextortion victim.

Here’s why:

  • They were in a wanted romantic or sexual relationship—72% of those who knowingly provided images

  • Perpetrators pressured them to provide images or made them feel bad—51%

  • Perpetrators tricked them into providing images—15%

  • Perpetrators threatened or forced them to provide images—13%

  • They expected to be paid for the images—2%

  • They thought the pictures would be used for purposes such as modeling or acting—2%

Now, let’s have a critical look on this email:

(they = the bad guys sending this junk )

1.They pretend to have hacked a porn website to install a virus  – Well, this is not unseen, as there is a lot of malvertising happening there. However, in order to have the technical ability to do that, it requires some knowledge.

  1. The language used impressed me: “which I’ve adjusted with the deleterious soft”

I have to confess that the use of “deleterious” is very surprising for me. It is actually an indication of automatic translation, especially considering the other grammar and syntactic mistakes in the text.

  1. “then my virus collected all contacts from your device.”

Ok, not very hard to do.

  1. “Then you chose video, virus started working and your device became working as dedicated desktop immediately. “

So, this give me a bit more information about how this “virus” is supposed to work. It could be a fake Flash plugin, which is “required” in order to see some videos. A known social engineering scheme for the unknowing people (read: men).

Now, the second part of the sentence is more interesting: “your device became working as dedicated desktop immediately”.

Leaving the bad language aside, I understand from this that the “virus” is a remote desktop software, which allows someone to share screens with somebody else.

Interesting, this is getting better and better.

  • “I text you on this e-mail address, because I got it with my soft, and I guess you for sure check this work address.”

So, they know that this is a “work address”… . Or maybe are they referring to an email address which is working. 

  1. Payment, via BTC, in USD… Interesting… Usually they say how many BTC they want, but since the value of BTC is fluctuating so much, it is probably easier to go for the sure income in USD. :)))

  2. “You have thirty hours after reading this message” – the deadline, which makes a good blackmail letter 

  3. “Finally, you can ask police for help” – he is making fun :)))

Last but not least:

The status of the BTC account: Zero 

Right so !

How to not fall for these traps

The most obvious advices:

- Never click on executables offered to download from websites

- Install an antivirus software

- Install a browser extension to filter the content

The not so obvious advices, since you might actually be in one of the above situations:

  • Don’t answer to the email and don’t pay – the email was sent to millions of people, they hope that you answer to make things even worse for you.

  • Never sends compromising pictures to anyone, no matter which software you use – there are always traces left and you don’t know who might get access to the receiving device