Blackmail has been around for as long as shame – since the very moment criminals first discovered the value we hold in keeping that shame hidden.
The FBI defines sextortion as “a serious crime that occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favours, or money.” This crime is growing rapidly as social media, messaging apps and online dating become more popular; made all the worse by the commonplace exchange of explicit material online and the use of webcams for people to record themselves (or be secretly recorded). With this prevalence of sextortion crimes, it’s important that everyone is aware of what to look out for. Aside from the psychological and sometimes physical damage it imparts, a major problem with this crime is that many cases go unreported because victims are too embarrassed.
Typically, the perpetrator has (or purports to have) some compromising images or videos of the victim. They threaten to publish them online or share them with friends, family members, or colleagues if the victim doesn’t provide more material, engage in sexual acts, or hand over money. These threats are far from idle and often continue for numerous years. An infographic, released by Thorn, reveals that an alarming 45% of perpetrators actually carried out threats.
Sextortion is a growing concern
Sextortion cases are on the rise. In July 2018, the FBI received 13,000 more sextortion complaints than it had in the previous month. In the UK, more than 1,300 cases were reported in 2017, three times the number in 2015. Plus, this is probably just the tip of the iceberg given that so many cases go unreported.
Sextortion is thought to be rising in popularity among criminals due to the attractive nature of the crime. It’s very likely that targets will pay up instead of facing the embarrassing repercussions of having their private images and videos shared with friends, family members, colleagues, and the general public.
The ease with which victims fall prey to these schemes is a big concern for companies and governments too. Corporates employees could easily be swayed into handing over employee credentials and other information for use in future crimes.
Military personnel are prime targets because their conduct is closely monitored so they’re more likely to comply with demands. This is especially troubling when you consider they could provide a back door to classified information and even compromise national security.
The increase in suicide cases related to sextortion highlights the very serious nature of these crimes. These criminals are ruining and ending lives, so the social impact is immense.
Methods of sextortion
Sextortion can happen through a variety of methods, but here are a few general scenarios:
Email phishing schemes– An email arrives in your inbox stating that the sender has one of your passwords (which they will include in the email). They threaten to publish your intimate photos or videos unless you send money or explicit material, or perform sexual acts. Many of these scams are based on password harvesting, and unless you still have sensitive media on an old site, this could be a bluff.
Social media– Many sextortion scams start with seemingly harmless encounters over social media or dating sites. Eventually, the perpetrator will coerce the victim into sending explicit images, getting naked on camera, or performing sexual acts while on camera. The resulting images and videos can then be held to ransom.
Hacked accounts– If you’ve ever sent explicit images or videos via social media or a chat app, or have them stored on one of those platforms, someone could get their hands on them by hacking into your account. They could also use your account to share the images with friends, family members, and colleagues if you don’t comply with demands.
Hacked webcams– Some of the most creepy cases of sextortion involve malware being downloaded onto the victim’s device. Once there, it can allow a hacker to take control of cameras and microphones, and install keyloggers. This means someone could monitor your every move (in the vicinity of your computer). And through keyloggers, they can discover the credentials for all of your accounts. This might sound far-fetched, but it happens more often than you might think.
Real examples of sextortion
As if that’s not enough to make you wary about your online (and offline) activities, here are some real life examples of sextortion cases:
Luis Mijangos: In 2010, Luis Mijangos pled guilty to computer hacking and wiretapping in a case that involved the sextortion of hundreds of women, including dozens of minors. He created his own malware which victims unknowingly downloaded, giving him control of their computers. Mijangos recorded videos of his targets undressing, taking a shower, and having sex, and threatened to share the videos if they didn’t send him more pornographic images and videos. He was eventually sentenced to six years in prison, but the effects of his crimes on his victims will no doubt last a lot longer than that.
Lucas Michael Chansler: This man terrorized almost 350 girls from the US, Canada, and the UK. He posed as various teenage boys and persuaded the girls to send nude images. He threatened to share these images with the girls’ friends if they didn’t send more, and followed through on some of those threats. Chansler was eventually sent to prison for 105 years.
Gerardo Uribe: This 32-year old man masqueraded online as a 13-year-old boy, and later as a 25-year-old man, coercing a 12-year-old girl to produce child pornography of herself at his request in 2014. Uribe was eventually able to take over one of her social media accounts by resetting her password and locking her out. With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography. The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offences. He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison.
“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated”.The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.
“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.” “When it comes to online relationships,” Orkin said, “the best practice for children and adults is simple: If you don’t know a person in real life, don’t friend them on social media.”
How to avoid sextortion
It may sound simple to avoid finding yourself in one of these situations, but it’s surprising the number of people who accidentally get caught up in these schemes. This is especially true given the increased number of relationships that are forged through social media and online dating sites. Here are some tips to stay safe…
Be Smart Online– Although we all want to believe that true love exists, if a suitor seems too good to be true, chances are, it’s a scam. We’re not saying you need to take a completely cynical view of the online dating world, but you need to be savvy. Educate yourself about common scams and always try to think rationally about the encounters you’re having online.
Do a background check– If you have any doubts, it doesn’t hurt to dig a little deeper to find out who you’re really talking to. Many scammers create fake profiles, a practice known as “catfishing,” to lure in their prey. There are websites such as Romance Scam and Scamdigger dedicated to calling out these fraudsters, but it’s so easy for scammers to set up new ones.
Never send intimate videos or photos– This should go without saying, but you should always avoid sending intimate images or videos to anyone. But as they say, love is blind, and criminals can be extremely manipulative. Similarly, you should avoid keeping intimate photos or videos on your internet-connected devices. If you’re duped into downloading certain types of malware, you could be giving criminals full access to your machines. Once something gets uploaded online chances are it’s there forever.
Use strong passwords– Sextortion victims are often targeted after an account has been hacked. The criminal can use images or videos stored within the account, plus they can use the contacts if they follow through on their threats. It’s important to protect all of your accounts with strong passwords. This reduces the chance of a perpetrator guessing the password in a brute force attack.
Don’t open attachments from people you don’t know– Most email platforms and messaging systems have pretty decent spam filters. However, there could be some emails that slip through the cracks. If you happen to receive a message from someone you don’t know, make sure you don’t open any attachments. This is an easy way for hackers to infect your computer with malware that could enable them to install keyloggers and even take control of your device.
In the same vein, you should avoid following links in emails unless you’re sure of where they’re coming from. These can lead to fake websites that prompt you to enter credentials that can then be used to hack into your real accounts.
Turn off or cover cameras when not in use– Hopefully, no one has control of your webcam or microphone, but it’s better to be safe than sorry. It’s always best to shut off or cover your camera and turn off your microphone when not in use, just in case someone can see what you’re doing.
Encrypt your devices– If you store any type of sensitive data on your device, whether they’re work documents or explicit images or videos, then you should definitely consider encrypting your device, or at least the files and folders in question. This means that if anyone were to get their hands on your PC, laptop, or mobile device, they wouldn’t be able to recover the encrypted information without your password (or PIN or similar lock).
Use a VPN– A Virtual Private Network (VPN) encrypts your internet traffic and tunnels it through an intermediary server. Encrypted traffic is unreadable to anyone who intercepts it. This means that if a hacker is spying on your internet traffic, such as in the case of a man-in-the-middle attack, they won’t be able to uncover any information
References: Infographic – Thorn
Infographic – Brookings study
CybACADEMY courses powered by GoldPhish® educates employees on the cyber risk and helps build a more secure organisation with awareness training.
Our FREE Campaign is aimed at helping smaller businesses get one step ahead of the cyber criminals with Free awareness training.