Sextortion is blackmail with the help of sexual content. Some people also call this type of attack the “porn scam”.
In sextortion, criminals pretend to be in possession of juicy material from their victims and threaten to publish this information and data.
Hence the name “sextortion”. It is made up of the English terms sex and extortion. Extortion means blackmail.
Sextortion can take place in different ways. The police, for example, make a fundamental distinction between two phenomena:
In both cases, it can be assumed that the blackmailers actually have sensitive material from their victims.
In this case, the threat actors contact individuals. They write to them and are in direct contact with them. Once sufficient trust has been built up, the perpetrators ask their victims to perform certain acts of a sexual nature. This can be done in front of a camera, but can also involve video and image recordings that the victim takes of themselves and sends to the attackers. They store the data and use it to put pressure on the victim and extort money. In this case, the criminals use social engineering methods. The criminals build up a relationship with the victim and as soon as they trust them, the situation is exploited. A similar approach can be seen in some phishing attacks. Here too, human emotions, e.g. curiosity, fear, but also shame, are appealed to, which then trigger certain reactions, such as the disclosure of trustworthy information.
In this case, the criminal actually has access to the computer and can view files. This can be done by infiltrating viruses and other malware, cracking passwords, but also by using unsecured WLAN connections. If the attacker has access to the systems and data, they can specifically search for sensitive material that they can use for the blackmail attempt. This may include images and video material showing the person themselves. But the perpetrators also use chat histories, an overview of websites visited or pornographic material actually consumed to put the victim under pressure.
In addition to these two types of attacks, there are also blackmail attempts in which the attacker only plays on fear and appeals to the victim’s sense of shame, but does not actually have any juicy material. Here, blackmail letters are sent to often randomly selected people – usually by email. The messages explain how the perpetrators obtained the data and are followed by an approximate description of the material that has allegedly fallen into the wrong hands. Here too, the fraudster is trying to extort money. However, further damage can also be caused. This method can be used to place malware on devices. For example, if the perpetrator links to the allegedly stolen data to prove that he is actually in possession of the photos and videos, all the victim has to do is click on the link and malware is downloaded.
You may be wondering how likely it is – especially in the workplace – to fall victim to a sextortion attack and what threat this scam actually poses. In fact, it’s not that far-fetched. According to the Federal Office for Information Security (BSI) status report on IT security in Germany 2022, sextortion emails account for 76% of all blackmail emails and are now one of the top 3 cyber threats to society alongside identity theft and fake stores.
You can take some measures to protect yourself – albeit often rather indirectly – from sextortion.
This prevents criminal hackers from gaining quick and easy access to your computer and therefore to your systems and data. This includes, among other things:
Caution: Irrespective of sextortion attempts, we advise you not to click on any links in emails that seem dubious or suspicious, as they may conceal malware. If in doubt, it is better to take a detour and search for the pages in your browser and open them that way.
In general, you should exercise caution on the Internet. A healthy level of mistrust is particularly beneficial when it comes to contact requests – especially from unknown persons. Do not share confidential or sensitive information by e-mail, text message or on the phone. In view of possible sextortion attempts, you should always be careful about who you send which recordings to. It is also advisable not to engage in intimate acts in video calls, as the other person could save the video or take screenshots. The material can be used against you. This can also apply to people you know and trust.
Do not respond to the demands and do not pay. Contact the police and report the case. Discuss the next steps with the relevant authority. Experts can then help you to solve the case. Hiring IT security experts can also help you. With the help of cyber experts, you can find out whether and how criminals have gained access to your computer. In this way, many a blackmail attempt can be nipped in the bud if it can be established that no criminal hacker has had access to sensitive data.
