FancyMancy
Well-known member
- Joined
- Sep 20, 2017
- Messages
- 7,032
A highly-effective new email scam now circling the Web uses a clever ploy to trick victims into paying up.
The email uses an old password dump to convince the victims that the hacker was able to break into their webcam and record them as they watched online pornography. In order to keep this video from being released to the public Web, the criminal demands a payment.
One of the extortion letters says, “$1,400 is a fair price for our little secret.”
The scam is part of a new wave of financially-motivated sextortion campaigns targeting Web users, and it could soon plague businesses, as well.
Meriel Jane Waissman/Getty Images
Online sextortion has been around for many years, but previously it was limited primarily to predators who tried to extort victims into sending them nude photos and videos. The new wave of sextortion scams is different entirely — its motivation is money, not sex, and it’s being run by cybercriminals and hackers, some of whom may have connections to organised crime.
So why are hackers shifting to sextortion? It’s part of an overall trend in the cybercrime community toward extortion and blackmail in general, as this tactic is proving to be more profitable than many other types of scams.
‘13,000 complaints in July alone’
With the ubiquity of online pornography, and the fact that people are now more exposed online than ever before (from social media to cloud-based storage), sextortion is a scam that also makes a lot of sense for criminals. After all, what could be more humiliating for the average person than to have their nude photos or pornography habits exposed to family, friends, and business associates online?
This August, the FBI reported that online sextortion attempts of this type are on the rise. Over 13,000 complaints were filed in July alone.
As of now, most of these sextortion attempts seem to be part of generic spam campaigns, which are blasted out to Internet users across the country; however, a growing concern for businesses, banks, and the U.S. government is that hackers could soon use sextortion as a means for getting a backdoor inside a company.
For example, if someone can blackmail a vulnerable employee with the exposure of embarrassing videos and photos, the victim may be willing to share a password or provide another way into a corporate or government network for a hacker. The U.S. military has become so concerned with the threat of sextortion as a means of breaching a sensitive network that its various branches have launched multiple public awareness campaigns, like this Army CID alert.
Peter Parks/AFP/Getty Images
The types of sextortion scams
Sextortion can take many forms, including email-based scams, “watering holes”, and more personalised social engineering.
Currently documented email scams include the one mentioned above, which uses stolen PII (personally-identifiable information) to convince the intended victim that their computer or online accounts have been compromised, exposing embarrassing material.
Another clever email scam uses a pornography link as bait, and if the link is clicked, the user receives a second follow-up email which claims, “I know what you watched” to blackmail them into paying. Hackers have also developed a new type of ransomware which, instead of encrypting the computer, will hunt for any nude images stored on the device and then threaten to release them to the person’s online contacts.
(Photo: cofense.com)
While most of these email scammers are bluffing about having embarrassing images or videos of the victim, in some cases they actually do. A type of malware called the Remote Access Trojan (or RAT) can be used to hijack webcams, allowing the attacker to watch and record his victims, known as “slaves”.
Watering holes are another growing danger. Hackers are both creating fake pornography websites and mobile apps, and compromising legitimate adult sites. The ultimate motivation behind these attacks is money, whether it’s to infect the visitors with “blackmailware” or “scareware”; hijack account credentials; infect them with spyware; or steal their credit card numbers out-right.
Lastly, more direct social engineering attacks also exist. Typically these are “women” — either real women or men impersonating women — who connect with potential victims over Facebook and other social media channels. They will quickly steer the conversation toward sex, trying to get the victim to share nude photos or videos of themselves, either over email or through an actual video call. As soon as the nude images are shared, the conversation shifts from flirtation to extortion.
Who is most at risk?
Getty Images
Anyone with an Internet connection is a potential target for sextortion criminals. This is not a crime that only affects people who act “naughty” online. Even if a person has never visited a pornographic website, cybercriminals can still use webcam hacks — or fake claims of such — to convince victims they have been exposed.
That said, certain risk factors should be considered. Visiting pornography websites or downloading these apps may increase a person’s risk of malware and credential theft. A few years ago, one security researcher found that visitors to Pornhub had a 53% risk of getting infected with malware.
Of course, any time a person engages in online sex with a stranger, they are exposing themselves to scammers, webcam RATs, and other threats. Taking nude photographs also puts the person in danger of eventual exposure — this can occur in various ways, from lost/stolen devices to nude photo-stealing malware, hacked cloud accounts, and more.
From individual vitcims[sic] to businesses
There are two important ways the sextortion threat could evolve.
First, it is highly likely we will see sophisticated cybercriminal groups turn to sexual blackmail as a way to force employees into providing back-end access to corporate networks.
Hackers engage in “spear-phishing” attacks already, in which they find specific high-value targets within a company and email them a well-crafted, personalised phishing email in order to get them to click. It is not a stretch to imagine future attacks that exploit a person’s interest in pornography or compromising photos in a hacked account in order to blackmail that person into handing over company passwords. The hackers could engage in even more malicious and subversive activity.
How phishing works. (Photo: Boise State OIT Help Desk – Boise State University)
Second, a new technique called “deepfakes” could take sextortion to a whole new level. Deepfakes use artificial intelligence-based video editing software to create fake videos based on real facial images. Recently, a number of Hollywood celebrities have been exploited in this manner, as their public photos were used to create fake pornographic videos. This same technique could be used on anyone who shares photos of themselves online.
Never respond to a sextortion demand
The most important way to avoid sextortion victimisation is to use common sense.
Avoid high-risk activities like sexually-explicit video calls or instant messaging with strangers met online. Don’t take or store nude images from a web-connected device — like a smartphone or tablet. Don’t visit pornography websites from the same computer or smartphone that is used to login to bank accounts, or check email or social media. Instead, have a dedicated device to use for this, so it won’t matter as much if the device is infected. Tape over PC webcams.
Never respond to a sextortion demand. Scammers are looking for easy targets, and in most cases, they will move on if they don’t receive a response. Remember, that even if a victim does try to pay, there is nothing stopping the scammer from releasing the nude photos to the Web, anyway.
Businesses also need to have a layered defense in place that anticipates the threat of “rogue employees” who could be compromised by sextortion scammers. No single employee should have too much access to sensitive material or accounts. Passwords should be changed regularly and require two-factor authentication whenever possible. Wire transfers should require dual authorisation within the company. Incorporate sextortion awareness into security training for employees.
Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses; traditional financial institutions; technology companies; and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.
Related - Cyber expert - Investors should get serious about smart cars being hackable
https://uk.finance.yahoo.com/news/new-kind-sextortion-scam-rise-191229944.html
Searching for images of nudity? Imagine what the jew's surveillance, facial-recognition, and other things can do, then.
Why only his victims, known as slaves? What about all of the hers out there doing this?
Speaking of RATs - I always think that a large amount of these cyber crimes, fraud, etc., are done from "israel". Not to mention, about the Trojan and backdoor, that the jew rat is surreptitious, skulking around sneakily, slinking into things it does not belong.
By the way, I should warn you that the term "blackmail" is waycist. -
https://youtu.be/s8hWkiF5txU
Pornhub - Who Owns the Porn Industry? -
https://youtu.be/qJJnz2C8H28
All the more reason for newbs here to keep their mouths shut, protecting themselves both online and offline -
http://www.angelfire.com/empire/serpentis666/Extra.html
Using common sense in this world poisoned with toxic dudujew fart fumes and gasses, and disgusting Peughman shit smears, is rather difficult.
"Tape over PC webcams." Yeah, thanks, mark zuck, but what about Mac?
It's amazing that there needs to be a common sense bit of help for something.
It's amazing that there needs to be a common sense bit of help for business something.
It's also another tool which the jew is using to try and get rid of sex again, when backlash of/against the sexual things in everything. I urge everyone, and those coming from christianity/islam/other sexual oppression and suppression things especially, to use a form of Sex Magick (no, dear christians and ignorami - this is not perverse) which you are comfortable with - for example masturbation or your current sexual activity, if you have any - and use these energies in your workings and meditations. Orgasm energy is powerful, and stimulates your Kundalini, which is, by its very Nature, very sexual indeed. Not to mention it liberates, and it is very enjoyable! Don't let the jew take that, nor anything happy and positive, away from you.
The email uses an old password dump to convince the victims that the hacker was able to break into their webcam and record them as they watched online pornography. In order to keep this video from being released to the public Web, the criminal demands a payment.
One of the extortion letters says, “$1,400 is a fair price for our little secret.”
The scam is part of a new wave of financially-motivated sextortion campaigns targeting Web users, and it could soon plague businesses, as well.
Meriel Jane Waissman/Getty Images
Online sextortion has been around for many years, but previously it was limited primarily to predators who tried to extort victims into sending them nude photos and videos. The new wave of sextortion scams is different entirely — its motivation is money, not sex, and it’s being run by cybercriminals and hackers, some of whom may have connections to organised crime.
So why are hackers shifting to sextortion? It’s part of an overall trend in the cybercrime community toward extortion and blackmail in general, as this tactic is proving to be more profitable than many other types of scams.
‘13,000 complaints in July alone’
With the ubiquity of online pornography, and the fact that people are now more exposed online than ever before (from social media to cloud-based storage), sextortion is a scam that also makes a lot of sense for criminals. After all, what could be more humiliating for the average person than to have their nude photos or pornography habits exposed to family, friends, and business associates online?
This August, the FBI reported that online sextortion attempts of this type are on the rise. Over 13,000 complaints were filed in July alone.
As of now, most of these sextortion attempts seem to be part of generic spam campaigns, which are blasted out to Internet users across the country; however, a growing concern for businesses, banks, and the U.S. government is that hackers could soon use sextortion as a means for getting a backdoor inside a company.
For example, if someone can blackmail a vulnerable employee with the exposure of embarrassing videos and photos, the victim may be willing to share a password or provide another way into a corporate or government network for a hacker. The U.S. military has become so concerned with the threat of sextortion as a means of breaching a sensitive network that its various branches have launched multiple public awareness campaigns, like this Army CID alert.
Peter Parks/AFP/Getty Images
The types of sextortion scams
Sextortion can take many forms, including email-based scams, “watering holes”, and more personalised social engineering.
Currently documented email scams include the one mentioned above, which uses stolen PII (personally-identifiable information) to convince the intended victim that their computer or online accounts have been compromised, exposing embarrassing material.
Another clever email scam uses a pornography link as bait, and if the link is clicked, the user receives a second follow-up email which claims, “I know what you watched” to blackmail them into paying. Hackers have also developed a new type of ransomware which, instead of encrypting the computer, will hunt for any nude images stored on the device and then threaten to release them to the person’s online contacts.
(Photo: cofense.com)
While most of these email scammers are bluffing about having embarrassing images or videos of the victim, in some cases they actually do. A type of malware called the Remote Access Trojan (or RAT) can be used to hijack webcams, allowing the attacker to watch and record his victims, known as “slaves”.
Watering holes are another growing danger. Hackers are both creating fake pornography websites and mobile apps, and compromising legitimate adult sites. The ultimate motivation behind these attacks is money, whether it’s to infect the visitors with “blackmailware” or “scareware”; hijack account credentials; infect them with spyware; or steal their credit card numbers out-right.
Lastly, more direct social engineering attacks also exist. Typically these are “women” — either real women or men impersonating women — who connect with potential victims over Facebook and other social media channels. They will quickly steer the conversation toward sex, trying to get the victim to share nude photos or videos of themselves, either over email or through an actual video call. As soon as the nude images are shared, the conversation shifts from flirtation to extortion.
Who is most at risk?
Getty Images
Anyone with an Internet connection is a potential target for sextortion criminals. This is not a crime that only affects people who act “naughty” online. Even if a person has never visited a pornographic website, cybercriminals can still use webcam hacks — or fake claims of such — to convince victims they have been exposed.
That said, certain risk factors should be considered. Visiting pornography websites or downloading these apps may increase a person’s risk of malware and credential theft. A few years ago, one security researcher found that visitors to Pornhub had a 53% risk of getting infected with malware.
Of course, any time a person engages in online sex with a stranger, they are exposing themselves to scammers, webcam RATs, and other threats. Taking nude photographs also puts the person in danger of eventual exposure — this can occur in various ways, from lost/stolen devices to nude photo-stealing malware, hacked cloud accounts, and more.
From individual vitcims[sic] to businesses
There are two important ways the sextortion threat could evolve.
First, it is highly likely we will see sophisticated cybercriminal groups turn to sexual blackmail as a way to force employees into providing back-end access to corporate networks.
Hackers engage in “spear-phishing” attacks already, in which they find specific high-value targets within a company and email them a well-crafted, personalised phishing email in order to get them to click. It is not a stretch to imagine future attacks that exploit a person’s interest in pornography or compromising photos in a hacked account in order to blackmail that person into handing over company passwords. The hackers could engage in even more malicious and subversive activity.
How phishing works. (Photo: Boise State OIT Help Desk – Boise State University)
Second, a new technique called “deepfakes” could take sextortion to a whole new level. Deepfakes use artificial intelligence-based video editing software to create fake videos based on real facial images. Recently, a number of Hollywood celebrities have been exploited in this manner, as their public photos were used to create fake pornographic videos. This same technique could be used on anyone who shares photos of themselves online.
Never respond to a sextortion demand
The most important way to avoid sextortion victimisation is to use common sense.
Avoid high-risk activities like sexually-explicit video calls or instant messaging with strangers met online. Don’t take or store nude images from a web-connected device — like a smartphone or tablet. Don’t visit pornography websites from the same computer or smartphone that is used to login to bank accounts, or check email or social media. Instead, have a dedicated device to use for this, so it won’t matter as much if the device is infected. Tape over PC webcams.
Never respond to a sextortion demand. Scammers are looking for easy targets, and in most cases, they will move on if they don’t receive a response. Remember, that even if a victim does try to pay, there is nothing stopping the scammer from releasing the nude photos to the Web, anyway.
Businesses also need to have a layered defense in place that anticipates the threat of “rogue employees” who could be compromised by sextortion scammers. No single employee should have too much access to sensitive material or accounts. Passwords should be changed regularly and require two-factor authentication whenever possible. Wire transfers should require dual authorisation within the company. Incorporate sextortion awareness into security training for employees.
Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses; traditional financial institutions; technology companies; and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.
Related - Cyber expert - Investors should get serious about smart cars being hackable
https://uk.finance.yahoo.com/news/new-kind-sextortion-scam-rise-191229944.html
Searching for images of nudity? Imagine what the jew's surveillance, facial-recognition, and other things can do, then.
Why only his victims, known as slaves? What about all of the hers out there doing this?
Speaking of RATs - I always think that a large amount of these cyber crimes, fraud, etc., are done from "israel". Not to mention, about the Trojan and backdoor, that the jew rat is surreptitious, skulking around sneakily, slinking into things it does not belong.
By the way, I should warn you that the term "blackmail" is waycist. -
https://youtu.be/s8hWkiF5txU
Pornhub - Who Owns the Porn Industry? -
https://youtu.be/qJJnz2C8H28
All the more reason for newbs here to keep their mouths shut, protecting themselves both online and offline -
http://www.angelfire.com/empire/serpentis666/Extra.html
Using common sense in this world poisoned with toxic dudujew fart fumes and gasses, and disgusting Peughman shit smears, is rather difficult.
"Tape over PC webcams." Yeah, thanks, mark zuck, but what about Mac?
It's amazing that there needs to be a common sense bit of help for something.
It's amazing that there needs to be a common sense bit of help for business something.
It's also another tool which the jew is using to try and get rid of sex again, when backlash of/against the sexual things in everything. I urge everyone, and those coming from christianity/islam/other sexual oppression and suppression things especially, to use a form of Sex Magick (no, dear christians and ignorami - this is not perverse) which you are comfortable with - for example masturbation or your current sexual activity, if you have any - and use these energies in your workings and meditations. Orgasm energy is powerful, and stimulates your Kundalini, which is, by its very Nature, very sexual indeed. Not to mention it liberates, and it is very enjoyable! Don't let the jew take that, nor anything happy and positive, away from you.
![The Alchemist7 [JG]](/data/avatars/s/1/1057.jpg?1704756197){kind=avatar}
