Sextortion Phishing Email Scam.
Don’t fall for it.

What is Sextortion? 

Sextortion is social engineering blackmail scam using fear of one’s privacy to extort bitcoin ransom. Don’t fall for it. Don’t Panic.

Phish Sextortion takes advantage of your fear that your most private moments will be exposed to the public. It usually starts with an email. The hacker or phisher by using fear misleads you into believing they have gained access to your computer, your files, your browsing habits and hardware like microphone and webcam. Porn sites are a business and will not give out your credentials or viewing habits of their visitors as this would greatly affect their business model. It is very difficult to take control of one individual’s hardware and then extort them. This model like many phish scams is aimed far and wide in the hope at least of few of the 1000s emails will panic, react and take the bait. Don’t fall for it. Don’t Panic.

How does Sextortion Phishing Email Scam work? 

It works by triggering your fears. If the hacker or phisher really had access to your computer, your ransom request would not come via external email but rather on your screen. You would see a copy of your explicit video on screen. The hackers use this claim of a recording you, to instil fear with the aim to blackmail you. They threaten to send the recording to your contacts, friends and family if you don’t pay the ransom. They do not have any recordings of you, it is social engineering techniques, to try to scare and shame you into paying.

In some versions of this email phish, the sextortion scam email subject line can include your password (new or old) and a small bit if personal information. Don’t panic. However, while this makes the email scam appear more credible, the scam is designed to play on your emotions so that you panic into an emotionally driven illogical reaction. Many 1000s of targets are emailed, the phisher is gambling that someone will react and enough people will respond in fear to make it worth pursuing. Furthermore, you will be emotionally triggered so that you will be phished, take the bait and pay the ransom. They use sales techniques like limiting the time period for paying, creating panic reactions as well providing a list of threats they will take to harm or expose you.

To make the scam appear more real they will spoof your email address to make it look as if your system is hacked. Spoofing or copying your email address is easy and common. Spoofing is where the receivers’ and senders’ emails are the same, i.e. yours. If you see an email addressed to you from your email address, it creates the illusion the phisher has access to your system. They do not, as why would a hacker send an email, an external service if they were inside your computer? Don’t fall for it. Don’t Panic. 

Common characteristics of Sextortion Phishing emails:

Bad Spelling and poor Grammar
Passwords (old or new) are revealed to install legitimacy.
Claims use of Remote Access Trojan (RAT) that has control over your computer or email account
Email Spoofing
Threats
Bitcoin Payments

How to protect yourself against Sextortion Email Blackmail?

Dont fall for it. Don’t Panic.
Zero Trust Policy. Treat all emails with suspicion, even emails that appear to be a legitimate internal company or organisational communications, emails from suppliers; especially emails from senders and suppliers you don’t recognise.
Delete the Sextortion email blackmail and mark it as spam.
If the threats are coming through your computer, ie not from external sources like email, install/update all anti-virus software. Update your router’s password and then Wi-Fi passwords. Contact an IT Company that can clean your PC.
Switch off, cover or hide the camera and microphone of your computer when you are not using them.
Routinely check all your devices for viruses and malware.
Update systems and programs installed on all your devices.
Regularly change passwords to complex alpha-numerical 16 characters. Use different password variations for each online account.
Do not send compromising photos. If the recipient is safe, a misplaced phone or tablet can easily provide access to a phisher.
Never open email attachments from unknown parties as they main contain macros that cannot be detected by antivirus software. 50% of all emails contain trackers or web beacons, personalised uniquely to your email. Don’t download images in your email client. View email as plain text or use an Email Privacy service or antitracking tools.
Do not pay the Sextortion email blackmail demanded ransomware.
Check if your email addresses have been involved in a data breach. Use https://haveibeenpwned.com/ If your email address is listed, make sure you update your password on any of the affected sites.

Sextortion Email Blackmail Example.

Hi. How are you?
I know, it’s unpleasant to start the conversation with bad news, but I have no choice. Few months ago, I have gained access to your devices that used by you for internet browsing. Afterwards, I could track down all your internet activities.

Here is the history of how it could become possible: At first, I purchased from hackers the access to multiple email accounts (nowadays, it is a really simple thing to do online). As result, I could easily log in to your email account (****@*****.com).

One week later, I installed a Trojan virus in the Operating Systems of all devices of yours, which you use to open email. Frankly speaking, it was rather straightforward (since you were opening the links from your inbox emails). Everything ingenious is quite simple. (o_0)!

My software enables me with access to all controllers inside devices of yours, like microphone, keyboard and video camera. I could easily download to my servers all your private info, including the history of web browsing and photos. I can effortlessly gain access to all your messengers, social networks accounts, emails, contact list as well as chat history. Virus of mine constantly keeps refreshing its signatures (because it is driver-based), and as result remains unnoticed by your antivirus.

Hence, you can already guess why I stayed undetected all this while. As I was gathering information about you, I couldn’t help but notice that you are also a true fan of adult-content websites. You actually love visiting porn sites and browsing through kinky videos, while pleasuring yourself. I could make a few dirty records with you in the main focus and montaged several videos showing the way you reach orgasm while masturbating with joy.

If you are still uncertain regarding the seriousness of my intentions, it only requires several mouse clicks for me to forward your videos to all your relatives, as well as friends and colleagues.

I can also make those vids become accessible by public.

I honestly think that you do not really want that to happen, considering the peculiarity of videos you like to watch, (you obviously know what I mean) all that kinky content can become a reason of serious troubles for you.

However, we can still resolve this situation in the following manner:

Everything you are required to do is a single transfer of $1360 USD to my account (or amount equivalent to bitcoin depending on exchange rate at the moment of transfer), and once the transaction is complete, I will straight away remove all the dirty content exposing you.

After that, you can even forget that you have come across me. Moreover, I swear that all the harmful software will be removed from all devices of yours as well.

Make no doubt that I will fulfill my part.

This is really a great deal that comes at a reasonable price, given that I have used quite a lot of energy to check your profile as well as traffic over an extended period of time.

If you have no idea about bitcoin purchase process – it can be straightforwardly done by getting all the necessary information online.

Here is my bitcoin wallet provided below: 17BSLhc597GybEuZ4DyFpdtceY3Moi3nWo

You should complete the abovementioned transfer within 48 hours (2 days) after opening this email.

The following list contains actions you should avoid attempting:

#Do not try replying my email (email in your inbox was generated by me alongside with return email address).
#Do not try calling police as well as other security forces. In addition, abstain from sharing this story with your friends.
After I find out (be sure, I can easily do that, given that I keep complete control of all your devices) – your kinky video will end up being available to public right away.
#Do not try searching for me – there is absolutely no reason to do that. Moreover, all transactions in cryptocurrency are always anonymous.
#Do not try reinstalling the OS on your devices or throwing them away. It is pointless as well, since all your videos have already been uploaded to remote servers.

The following list contains things you should not be worried about:

#That your money won’t reach my account.
– Rest assured, the transactions can be tracked, hence once the transaction is complete,  I will know about it, because I continuously observe all your activities (my trojan virus allows me to control remotely your devices, same as TeamViewer).
#That I still will share your kinky videos to public after you complete money transfer.
– Trust me, it’s pointless for me to continue troubling your life. If I really wanted, I would make it happen already!

Let’s make this deal in a fair manner!
Owh, one more thing…in future it is best that you don’t involve yourself in similar situations any longer!
One last advice from me – recurrently change all your passwords from all accounts.