Sextortion is where crooks email you out of the blue, say they have sex-related pictures or webcam footage of you, and demand you to pay them thousands of dollars, OR ELSE.
Even people who never watch porn and don’t have a webcam find this sort of scam confronting and scary…
…so we made a Naked Security Live video you can share with your less tech-savvy friends and family to set their minds at rest.
Watch now for answers in plain English to:
- Is webcam malware technically feasible?
- Is there anything at all behind these threats?
- Is it a worry if the crooks know my password or other personal information?
- Is it really possible to be tracked via email as the crooks claim?
- Is there still a risk if I don’t watch porn?
- Is it worth reporting these emails to my ISP?
- What to do next?
(Watch directly on YouTube if the video won’t play here.)
PS. Like the shirt in the video? They’re available at: https://shop.sophos.com/
Anonymous
What if you ask the extortionist for a sample of any embarrassing material?
Paul Ducklin
The only thing you know about the people at the other end is that they are lying, scheming crooks who are demanding money with menaces – in a word, blackmailers.
The very best thing that can come out of engaging with them is nothing. Most likely is that you will give away something, anything, even if it’s a tiny detail that’s down to an email header or a word choice, that could in theory work against you later.
So why bother?
You don’t poke a dead snake to see if it’s actually alive – if you are right and it’s dead there is no point in poking it; if you are wrong and it is not dead then you soon might be…
Stephen
IT Manager: To any and all users who see this. I have seen many instances of this. It does panic the user. Its a similar experience when asked if you carry weapons at airport security. You know you don’t have any but you’re sweating about what you may say.
The ONLY thing I recommend is that you contact your Administrator/IT Manager and inform them of this email being in your inbox (as to avoid circulating it, do not forward it). They should send the exact email (as is, headers and all) to your anti-spam company who will block this ‘category’ of email. They should also block the domain manually to be sure no such email goes to anyone else in the firm. Lastly they should carry out a track and trace for said email that may have been delivered to another user in your firm – then Delete it and Advise all on the topic.