Sextortion Scam

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Sextortion Scam

To hear that children are now being inserted into deepfake creations is horrifying, though perhaps unsurprising.

The way these attacks work is that potential victims are contacted through a variety of methods, most commonly by instant messaging apps.

There’s a few different ways sextortion attacks play out. One of the most basic forms is sending emails to people whose login details have been exposed in a password breach. The email claims to have nude photographs of the recipient, and threaten to release the photos unless the recipient pays up. There are no images, it’s all a lie.

The more traditional form of sextortion is where a fraudster convinces the person they’re speaking to that they’re interested in romance, obtains revealing images of the victim, and then uses those images for blackmail. The victim is asked to pay money, often wired or through digital currency, or else the images will be sent to the victim’s friends and family. As it’s usually easy to build up a picture of someone’s network on social media like Facebook and Twitter, the pressure may well be too much for the person on the receiving end of such a scam.

That's how it usually works. With deepfakes on the scene, a lot of the pre-scam work can simply be discarded. Now fraudsters go and grab some photos of their target, and feed those images into their faking tool of choice. All of that social engineering, the possibility of the victim not falling for it and sending revealing images is completely done away with. Why bother, when you can just swipe a photograph and press a few buttons?

The end result is the same. In fact, it’s arguably much worse as the pornographic movie creations thrown together by these tools are almost always a lot more graphic than anything a target would probably come up with. The pressure to pay up is going to be immense, and realistically non-internet savvy relatives or friends may not have even heard the word “deepfake” before. What are the chances of them knowing a file landing in their mailbox is fraudulent?

There are several general pieces of advice we can give when talking about the different sextortion tactics which exist:

1. Don’t engage: report. If you’re shown evidence of stolen images, report to your local authorities and the FBI as soon as you can. Never engage with the sextortionist.

2. Be cautious about what you say to someone online. When asked certain questions, be vague and never give specifics.

3. Remember that online, people can pretend to be someone they’re not, and can even look and sound like a different person with today's technology.

4. Personalize your security and privacy settings. Lock down your accounts as much as you can, and keep as much hidden from public view as possible.

5. Data is typically forever. Remember that once you send something to someone—whether they're a stranger, a romantic partner, relative, or friend—you have no control over where it goes next.

Remember - always watch for scams!