Over the past few months, we’ve written and spoken many times about a scam known as sextortion.
Sextortion is an online crime that combines sex and extortion – the crooks say that they have embarrassing pictures of you, and they’ll send the pictures to your friends and family…
…unless you pay them blackmail money.
To make the scam seem more believable, the crooks typically claim to have acquired the pics via your own webcam by hacking into your computer using malware and snooping on your online activities.
Sadly, this sort of malware, known as a remote access trojan (RAT), is not only technically possible, but has been used in the past in a number of widely publicised attacks.
One well-known RAT attack involved a college student called Jared James Abrahams, who supposedly spied on 150 young women including Miss Teen USA. Abrahams was caught, pleaded guilty and went to prison back in 2014. More recently, Jonathan Lee Eubanks got seven years for RATting his former employer’s business, wiping servers, diverting the website and ripping off company funds after he was fired.
Even if you never look at porn, sextortion emails are pretty confronting, and raise the question, “How much might the crooks know about me?”
Sometimes, sextortion emails arrive apparently from your own account, which frightens a lot of people into thinking the crooks already have access to their computer.
So we thought we’d make a short video that you can show to friends and family, just to clarify that the From: line in an email is as much under the control of the sender as the Subject: line or the text in the email itself:
(Watch directly on YouTube if the video won’t play here.)
What to do?
Most email programs, including webmail services such as Outlook.com and Gmail, automatically fill in the From: part for you and won’t let you pretend to be someone else – but that’s your email software protecting you from yourself.
The crooks don’t use that sort of email software – they use spam-sending “mail cannon” programs that let them structure their messages however they like, such as those spoofed emails you so often see.
So, don’t freak out! Just dump it in the trash.