Beware: the ‘sextortion’ scam

Here at the eSafety Office we help Australians whose intimate images have been shared online without their consent. We call this image-based abuse. Sadly, it affects 1 in 10 Australians. Since October 2017, we’ve received over 300 reports through our image-based abuse portal, typically about intimate images or videos shared on websites hosted overseas.

However, the image-based abuse team are seeing more ‘sextortion’ cases being reported—a form of blackmail that usually originates via a dating app or social networking site and involves the threat to share or publish a victim’s intimate images. The threats typically pressure a victim into sending money or more intimate photos, in return for not sharing the content.

Recently, we’ve also been sent a number reports about an email scam where the sender claims they’ve hacked into an individual’s device and recorded intimate footage of them visiting a porn site. In an endeavour to add legitimacy, the sender often includes a password which the person recognises as a current or former password.

It’s important to know, this is simply a scam and there is no intimate footage.

Nonetheless, as online crime and sextortion scams become more sophisticated, we want Australians to be aware and to know what to do if they receive a similar email.

The scam – porn, passwords and bitcoin

The email typically starts:

Lets get directly to the point. <#@$%&> is your pass word. You do not know me and you are most likely thinking why you are getting this email? Absolutely no one has compensated me to investigate about you. 

Well, I installed a malware on the X video clips (pornographic material) site and you know what, you visited this site to have fun (you know what I mean). While you were viewing videos, your browser began functioning as a RDP with a keylogger which provided me with accessibility to your screen and web camera. After that, my software gathered your complete contacts from your Messenger, social networks, and e-mail account. And then I created a double video. First part shows the video you were viewing (you have a nice taste hahah), and next part displays the view of your cam, yeah its u.

The sender then threatens to send the individual’s intimate video to all their contacts and emphasises the shame it will bring upon them. However, the perpetrator also offers a way out: pay them a few thousand dollars via a Bitcoin address and they’ll delete the video.

Is it real?

In short, no. It’s a scam.

Although the passwords may be real, we’ve encountered no evidence that any person’s device has been hacked, or that a perpetrator has any intimate footage, or details of their contacts.

The perpetrators are relying on the fact they have a valid password for the individual, likely collected from previous data leaks. They’re also relying on the fact that online pornography is extremely popular, giving their target reason to believe the story is true.

What to do

If you receive an email similar to the one outlined above, simply disregard it.

We also recommend the following:

  • Don’t give them any money or give in to any other demands—this is very important as paying any sum of money will only result in more demands.
  • Don’t reply to the scammer and block the email address that’s contacted you.
  • Delete the scam email from your inbox.
  • Secure any online accounts associated with the password included in the email, and remember to update these regularly.
  • Make sure anti-virus software is installed on your device and is up to date.
  • If the scam email is from an Outlook email address (in our experience many are) – report the email address to Microsoft. You’ll find instructions on how to report Outlook accounts as phishing scams and abuse here. If the email address is from a different provider, the major email platforms generally have clear advice online about how to report a user.

You might also consider reporting the email to Scamwatch and taking a look at the advice on the Stay Smart Online website where you can sign up to their alert service to be kept up to date about online threats and how to manage them.

Image-based abuse

If someone is threatening you with an intimate image or video of you (i.e. they have sent the image or a screenshot to you) and are demanding payment, follow the advice on our Deal with sextortion page and report the image-based abuse to us at the eSafety Office.