All of a sudden, you get an email demanding money in exchange for not releasing your personal photos. Is it real, or is this yet another scam?
Australians are losing big money to scammers, and it’s not going to stop. The more we lose, the more cybercriminals have to gain, and so unsurprisingly, they’re stepping it up by making it personal.
The Australian Cyber Security Centre has recently sent word that a scam email campaign is making the rounds using a form of extortion known as “sextortion”, whereby a scammer threatens to release sensitive photos unless they’re paid off.
A form of blackmailing, these emails are little more than scams, though they’re often used in such an aggressive manner, the scammer attempts to seal the deal by using a password once used by the target.
Armed with both an old password and the suggestion that a computer has been infiltrated, scammers insinuate that the image is real, hopefully forcing the hand of the victim in the hopes they make the payment.
Or in other words, scammers are using a bluffing tactic to force you in to paying them money.
How scammers have your password
It’s doubtful a scammer really has a sensitive image of you, and even more doubtful they’ve broken into your computer.
But that password helps makes the situation seem more real, so how does a scammer have one of your passwords?
Easy: if that password was ever used across services, and that service was hacked, there’s a good chance a hacker dumped the many thousands of passwords it broke open on a publicly available website.
It’s yet one more reason why you should be using one password per website, and why passwords need to be complicated. Not everyone does, mind you, and if you do use the same password consistently, if a service was hacked where you used it, there’s a good chance a scammer would have access to it, thereby making it feel more real.
That takes care of the password side of things, which is one of the factors used to make the whole sextortion email scam seem more real.
Are these scams new?
While these scams are being pushed into Australian inboxes just recently, and the NSW Police Force is listing examples of them on Facebook, these scams are hardly new.
They are timely, however.
This time last year, we wrote about a similar sextortion scam that was making the rounds, relying on similar misinformation, leveraging an old password and a form of blackmail. We even recorded a podcast on the subject, speaking to security experts on the matter.
What should you do if a sextortion scam email arrives in your inbox?
If you get one of the sextortion scam emails, you’ll likely read that the scammer will request payment by using a cryptocurrency, such as Bitcoin. Some scammers may even suggest gift cards, but the point here is that scammers are looking for a form of payment which isn’t trackable.
However you shouldn’t make any payment, as these scams are typically just scams, and nothing more.
If you get one of these scam emails, delete it. If it lists a current password, do yourself a favour and change it immediately. The next time you get one of these emails, you’ll know straight away that it’s as bogus as it comes.