The link between passwords and sextortion

September 2018 Editor's Choice, Cyber Security

In recent weeks we have seen a massive increase in the number of sextortion attempts with SA’s press shining a spotlight on this increasing social media scourge.

Trusting people, looking for the perfect match, bored partners, or undercover porn viewers are being increasingly targeted by groups of people who work on insecurities, naïvety and poor cybersecurity behaviour to coerce unsuspecting victims into parting with their money in order to prevent public humiliation and embarrassment.

I have seen several versions of the attack, some via WhatsApp and other via email.

The WhatsApp variety is very common; boy meets girl by swiping right. The match is made and introductory texts are exchanged. Almost immediately the beautiful girl shares intimate pictures and asks for the same in return. There is an almost aggressive exchange to ensure that the unsuspecting victim sends compromising photos that include showing their face.

Almost immediately the attacker reveals his/her true intentions and threatens to put the risqué nudes on the Internet, being sure to name the victim’s family members and work colleagues with whom they intend to share the photos. Using information gathered from the texting – they identify victims’ social media accounts and in certain instances, use these details to compromise or hack their accounts. Once the bait is taken they move quickly to reel in their prey.

The tone is menacing and becomes increasingly urgent as they intimidate with threats of exposure and public humiliation. The modus operandi is pretty much always the same – demands for money in order to delete victims’ photos, mostly through eWallet or untraceable money transfers performed at retail stores.

Another alarming trend is for attackers to use compromised and leaked passwords that are easily available on the dark web and cyber underground. The would be attacker then utilises a free email service to deliver the news that they have the victim’s password and have accessed their online activities. This becomes a problem if the attacker has not only accessed the victim’s activities on an adult website or recorded adult videos but has also activated their webcam. The next step is extortion or face public exposure via videos of the victim watching porn.

These messages are mostly poorly written, lack basic grammar and for the most part are identical. It only takes a very small hit rate to ensure a lucrative return. Once you make the payment – they get rid of the pay as you go sim card and move to the next victim.

An extract of one of these emails is below:

Let’s get directly to the point. Nobody has paid me to check about you. You may not know me and you’re most likely wondering why you are getting this mail?

Well, I actually installed a malware on the xxx streaming (adult porn) web-site and you know what, you visited this website to experience fun (you know what I mean). While you were viewing video clips, your Internet browser started operating as a Remote Desktop with a keylogger which gave me access to your display screen as well as Web camera. Just after that, my software gathered all of your contacts from your Messenger, FB, and e-mail account. After that I made a double-screen video. 1st part shows the video you were viewing (you’ve got a nice taste : )), and 2nd part shows the recording of your cam, and it is you.

You have just two choices. Why don’t we check out each of these solutions in aspects?

1st choice is to dismiss this email message. In this instance, I am going to send your tape to almost all of your contacts and also just consider about the shame that you receive. Furthermore should you be in a romantic relationship, precisely how it is going to affect?

Number 2 option should be to pay me $1000. We are going to think of it as a donation. In this situation, I will instantaneously delete your video. You will keep going on daily life like this never occurred and you will never hear back again from me.

You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

There are numerous ways to combat this, the simplest being to ensure that you stay far away from any illicit websites and another is to ensure that you change your passwords regularly and please do not use the same password on every site, platform and computer.

But above all never take compromising selfies, because, like passwords, they should never be shared.

For more information contact J2 Software, +27 87 238 1870, john@j2.co.za, www.j2.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Platforms and community lead the future
May 2019, Milestone Systems , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions
Milestone Systems took a look into the future of open platforms and the power of community at MIPS EMEA in Copenhagen in March this year.

Read more...
30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Read more...
The consequences of false alerts
May 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Craig Donald discusses the impact of false alarm rates on the utility of intelligent security technology systems.

Read more...
The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Read more...
Protecting people’s money, and their data
May 2019, Cathexis Technologies, CA Southern Africa, IDEMIA , Editor's Choice, Integrated Solutions, Financial (Industry)
The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without.

Read more...
Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

Read more...
The benefits of background screening
May 2019, iFacts, Managed Integrity Evaluation , Editor's Choice, Security Services & Risk Management
Companies need to be more vigilant about the people they employ by making sure comprehensive background screening checks are conducted.

Read more...
Does your control room add value?
May 2019, Fidelity Security Group, G4S South Africa, Progroup , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure, Commercial (Industry)
Whether on- or offsite, control rooms are a critical aspect of security today and care must be taken in the design and rollout of these nerve centres.

Read more...
Intruder detection is becoming smarter and more mobile
May 2019, Elvey Security Technologies , Regal Distributors SA , Editor's Choice, Perimeter Security, Alarms & Intruder Detection
Alongside the new technologies continually being developed, existing technologies are being co-opted into not only performing an intrusion detection role, but combatting that bane of the electronic security industry: false alarms.

Read more...
iLegal 2019: Augmented surveillance - realising the full potential of CCTV
May 2019, Technews Publishing , Editor's Choice, News, Conferences & Events, Training & Education
iLegal 2019 will look at what is becoming known as Augmented Surveillance – using technologies and people interactively to maximise results from operators and control rooms in order to make intelligent security and business decisions.

Read more...