Bitcoin Sextortion: Scams Using Email, Videos, Passwords to Extort BTC
May 2, 2020
Millions of people worldwide have received sextortion scam emails in 2020 asking for bitcoin. These bitcoin sextortion schemes sometimes include recipients’ passwords to make the threat more real. The authorities have advised what to do if you receive a bitcoin sextortion email.
Bitcoin Sextortion Scams Proliferate Globally
The number of people targeted by bitcoin sextortion scams in 2020 has increased rapidly. According to an analysis by British security company Sophos, millions of people recently received sextortion scam emails in the week it analyzed.
“In fact, the number was probably more like tens or even hundreds of millions,” Sophos senior threat analyst Paul Ducklin wrote, adding that some people received between two and five different varieties of this scam. He explained, “The scams exploited global botnets on compromised PCs to dispatch millions of spam emails to recipients around the world,” elaborating:
Vietnam, Brazil, Argentina, the Republic of Korea, India, Italy, Mexico, Poland, Colombia, and Peru are the top 10 countries where these compromised computers were used to dispatch the spam messages.
The cybersecurity firm found that 81% of the millions of sextortion scam messages it analyzed were in English, 10% in Italian, 4% in German, 3.5% in French, and 1.2% in Chinese.
What Is Sextortion and Examples of Sextortion Emails 2020
Sextortion is a widely used form of online blackmail where a cyber scammer threatens to reveal intimate images or videos of someone online — often to their friends, family, work colleagues, or social media lists — unless they pay a ransom quickly. The scammer often asks for payment in cryptocurrency, particularly bitcoin.
A sextortion mail scammer may claim to have compromised your computer, or other electronic devices, threatening that your webcams have been recording you watching sexual content. “I know pretty much everything about you. Your entire Facebook contact list, phone contacts along with all the online activity on your computer,” the scammer may write. Another sextortion mail may say: “the last time you went to see porn material on webpages, my spyware was activated inside your personal computer which ended up logging a lovely video footage of your masturbation simply by activating your cam.”
Sophos also provided some examples, such as “We made a video of you on a porn site with the screenshots and the webcam footage side-by-side” and “We also used this malware to film you via your webcam and to take screenshots of your browser.” Sophoslabs security researcher Tamás Kocsír pointed out:
If you are worried about becoming the target of a sextortion scam, disable or cover the camera on your computer.
To make the threat more real, some sextortion mail may include your full or partial passwords as proof that there is actually malware on your computers. One of Sophos’ sextortion email examples reads:
Attention. We implanted malware on your computer, which means we have been keeping tabs on you, including grabbing your passwords and getting access to your accounts.
However, Ducklin advised that these passwords are often old ones you used before in the past. “In truth, the passwords sent out in these scams have typically been dredged up from old data breaches,” he opined. “Although the password you see may have been your password once, the crooks didn’t get it from your computer recently.”
Other than email, sextortion can occur on a number of social network platforms, such as Facebook Messenger, Whatsapp, Telegram, Skype, Kakaotalk, Line, and Wechat. In particular, Whatsapp sextortion schemes have been gaining popularity recently. On these platforms, someone can befriend you and ask for selfies or sexy videos of you which can then be used to blackmail you with.
Sextortion Scam Emails Asking for Bitcoin
A sextortion email often ends with a call for action to hurry the recipient to make immediate payment to prevent their explicit photos or videos from being shown to their friends, family, or other contacts. Ducklin detailed that the email could emphasize, “We know who they are, because we have your passwords,” adding:
The extortion demand is typically somewhere from $700 to $4000, payable to a bitcoin address provided in the email.
Bitcoin sextortion scams have proven to be lucrative for scammers, according to research by Sophos, since it takes little effort and investment to send scam emails that can result in a lot of money for them. The company recently traced the origins of millions of sextortion scam emails launched between September 2019 and February 2020 and analyzed what happened to the money deposited by victims into attackers’ bitcoin wallets.
Kocsír shared: “While most recipients either didn’t open the email or didn’t pay, enough of them did to net the attackers around 50.9 bitcoin, equivalent to nearly $500,000.”
The researcher additionally explained that some sextortion scammers use rather sophisticated techniques, such as “innovative obfuscation techniques designed to bypass anti-spam filters.” He further described that some “Examples of this include breaking up the words with invisible random strings, inserting blocks of white garbage text, or adding words in the Cyrillic alphabet to confuse machine scanning.”
Sextortion Is Illegal — What to Do if You Receive a Sextortion Email?
Receiving a bitcoin sextortion email can be alarming and intimidating. Many people are genuinely worried that the scammers may actually have their passwords or explicit photos and videos. However, anyone receiving a sextortion scam mail should know that scammers typically have no compromising information about them.
“It’s all a bluff,” Ducklin believes, asserting that the people behind sextortion email scams “don’t have malware on your computer, don’t have a video of you doing anything, don’t have screenshots of your browsing habits, and haven’t just stolen a list of your friends and family to send their non-existent video to.”
The U.K. National Crime Agency has advised how to deal with bitcoin sextortion scams. The organization recommends you report the scam to the police, do not pay any money, stop communicating with the person immediately, report the scam to your internet service provider, and take screenshots with as much information as possible for evidence. Californian District Attorney Jeff Reisig also advised what to do if you get a sextortion mail. He emphasized:
You should remember that sextortion is illegal. If you’re targeted in this kind of scam, you get in touch with your local police. It’s also recommended that you save all of the original e-mails from the hacker.
What do you think about bitcoin sextortion scams in 2020? Let us know in the comments section below.