Insights

Sextortion Scam Emails

Sextortion Scam Emails

What is sextortion? 

Sextortion can occur in many different forms, from extortion that involves the threat of releasing compromising material in the form of sexual images or video footage from a dating app, to the use of visiting information from social networking or pornography sites. Criminals threaten that if the victim does not give them what they want (a transferred amount of money, engagement in sexual acts or the supply of more compromising material), they will distribute what they have… or at least what they claim they have. 

Over the last few months a particular email phishing scheme has been heavily reported.  
 

Beware of Scam Emails 

Something that has been circulating over the last six months is a sextortion scam email where the sender claims they have recorded footage of the victim visiting a porn site and threaten to release the video. The perpetrator says they will delete the video if the victim pays them a sum of money via a Bitcoin address. To add some legitimacy to the threat, the sender often includes a current or former password in the email. 
 

So is it actually legit? 

No, it’s not. It’s important to stay calm and know this is fake; a scam attempt to get a quick payment. The threats are not credible and there is no footage. The perpetrators are heavily relying on scaring the victim with a valid or previously valid password, they collect these passwords from previous data leaks published on the internet. They are also banking on how popular online pornography is, which gives people reason to believe this is real.  
If the password is still in use, change it immediately and check for any compromising activity on those accounts. If the password is not real or current, then you don’t need to worry about it anymore and you can disregard the email. These passwords are often from old, previously compromised third party companies which means the threat is empty. 
 

What you need to do 

If you encounter an email like the one described, we recommend you do the following: 

  • Do not panic 
  • Never give in to demands, it will only mean more demands 
  • Do not reply to the email and block the email address 
  • Delete the scam email  
  • Secure anything associated with the password included in the email with stronger passwords that are updated regularly, and review privacy and security settings 
  • Ensure your AV and Windows or Mac software is kept up to date 
  • Install anti-virus software on your device if you haven’t already and check if it is up to date 
  • Report the email address to the provider; MicrosoftGoogle; all main email platforms have clear online instructions on how to report email accounts as phishing scams 
  • Email or give us a call as soon as possible for immediate assistance on this matter at support@crofti.com.au / 07 3067 0001
Other related insights