Search Posts

Sextortion, phishing and you

Posted on | By Scaine | No comments

What is it?

Sextortion is a label given to phishing emails that claim to have recorded you while browsing pornography. The “hacker” claims that he used your password to gain entry to your computer, then used the webcam to film you. The reason these sound so convincing (to many) is that the phishing email actually includes your password, lending credence to the story!

How do they know my password??
Data breaches are happening constantly and often the breach will include your password, along with your email address. The hackers are simply leveraging that against you to extort money. My own email address has so far been involved in 12 breaches, such as the 2013 Dropbox breach, the 2017 Disqus breach and a host of others, such as Kickstarter, LinkedIn and Last.fm.

Prominent security expert, Troy Hunt, runs a website which can check if your email address has ever been included in one of the many data breaches over the years. Just put your email address into https://haveibeenpwned.com to see if any of the breaches might affect you.

If so, then there’s a good chance that you’ll get one of these sextortion phishes.

So I’ve been hacked?
No, there is absolutely no evidence that this is anything other than a sordid scam. Hackers are not breaking into your computer just because they know one of the passwords for one (or more) of the websites you use. They’re simply relying on your emotional response to pay up, sometimes to the tune of thousands of pounds.

What should I do?
If you still use that password anywhere, change it immediately. This really brings home the need to never re-use your passwords – always have a unique password for every account or site you visit.

That would normally be impossible, but you should also be using a password manager which can do exactly that. In the past, I’ve talked about Lastpass, and that remains a great option. However, any of the popular options will work, as long as you use it with two-factor authentication (2FA).

Otherwise, the advice is of course to not pay the ransom. Incredibly, the scammers have reportedly already reaped nearly half a million pounds from this type of phish, but there’s absolutely no need to pay.

More information
The BBC recently covered this very topic on their BBC Trending page. You can watch the short video here: https://www.bbc.co.uk/news/av/stories-46323625/what-happened-when-sextortion-scammers-targeted-a-bbc-trending-reporter

Category: The Internet

Leave a Reply

Your email address will not be published. Required fields are marked *