“Sextortion” is a popular theme in media and the news, but it may or may not be a big deal. It might not even be a crime depending on where you live. No one can really come up with a consensus about what it is and how widespread it is. It’s even difficult to pin down what constitutes the typical perpetrator of this crime.
The Metaverse is a potential growth medium for the attack vector and Meta has been working on tools to mitigagte the problem for teenagers, but it requires preplanning and seperate technology
Sextortion defined broadly is any kind of blackmail using naked images, video or text to make the victim add to the criminals collection of similar content, force them to pay a ransom money, or perform morally or legally services. Then there is revenge porn (sharing explicit content to get back at a romantic partner) but the legality of that varies from state to state where it can be a felony or a misdemeanor. Wyoming, Mississippi and South Carolina don’t consider it a crime. In Europe it is considered a human rights violation but it is rarely prosecuted. However, both the EU and the US maintain websites dedicated to all forms of sextortion and how to avoid it.
Getting educated
Digital Forensics Corporation, a cybersecurity firm in Ohio, offer free services to educate people about how to avoid or deal with sextortion, mostly through TikTok videos. Ken Kuglin, marketing and research manager for the company said that 95 percent of extortion attacks are simply financial blackmail. And while teenagers can be vulnerable to these kind of attacks, they don’t always have access to the money adults have and are not usually financially extorted. “Things like revenge porn, is geared more towards using that content as leverage to get something else that they want,” including restoration of a relationship or to destroy a new relationship.
“We’ve seen a trend over the last five ears that have seen these numbers just skyrocketing in cases, not just here in the United States, but all over the world. world. These aggressors are attacking people between the ages of 10 and 17 years old. That seems to be the primary demographic. However, they’re really just going after anybody they can. So, yeah, it is a huge problem because there’s not a lot that’s being done about it anywhere.”
It’s clear that digital sextortion is a problem, although how big a problem is debatable. What isn’t debatable is how to avoid it and what to do about it if you are a victim.
A case study
Two years ago, Cyber Protection Magazine was contacted by a victim in the midst of a sextortion variant called a “romance” scam. He was the head of a small, California charity, married, middle-aged and a sports buff. He had been scrolling through Instagram sports posts, including those of young, female, fitness models. One of them sent him a direct message.
“Hi,” she said. “How are you?”
He was surprised and flattered by the attention and started a conversation. The scamemr, who may or may not have been what she appeared to be, over several days shared her financial problems with the victim. He offered to send her some money to pay a bill and the accepted. That payment was followed by pictures even more risque than what she had previously posted.
At this point the victim claimed he realized that this was a scam. “I decided to expose her for what she was and started baiting a trap.” The trap consisted of exchanging sexually charged texts with the scammer and sending her more money, which elicited more pictures and sexually suggestive texts. He was not clear on how this would “trap” the scammer.
Social engineered
What he did not realize was that during the early part of the conversation he gave his full name, job title, where he worked, the website for the charity, the names of his family and friends and other personal information. The scammer used this information to hack into his personal email, the charity’s email, mailing list, and website. When he sprang his “trap” and threatened to expose her the scammer replied that he had no idea who she was or where she was, but she knew everything about him. She threatened to flood the church website with the images she sent to him, along with the text conversations and email them to all donors, board members and his family.
That’s when he contacted the magazine, which he had been reading for a few weeks.
We spent time explaining what had happened and how she had gained access to his accounts and information, contacted the cybercrime unit in the victim’s county on his behalf which sent out an officer to collect the information. The officer told us later that he had instructed the victim to cut off all contact with the scammer.
The officer told the magazine and the victim that ignoring the scammers are the only effective defense and resolution to this crime. The primary motivation for digital criminals is profit. If the money dries up, even revenge against a recalcitrant victim is time spent that has no financial upside and most will move on.
Targeting the vulnerable
What makes this type of cyberattack so scummy is that the targets are generally innocent people just looking for a connection.
“Romance Scams target vulnerable, often lonely people,” Kuglin said. “The scams are generally more targeted in regard to the victims. Scammers will seek out easily manipulated individuals and begin the long con, first gaining trust and ultimately turning that trust and adoration in to a steady stream of income. Our in house statistics show that roughly 65% of romance scams turn in to sextortion/blackmail situations after the victim has made it clear that they are having doubts about the scammers legitimacy, or once they say they have no more money to offer. Typically these threats aren’t as impactful for these victims because in most cases, they do not have a spouse to hide it from, they are often retired and don’t fear any blowback from their employer, and the threat of being “posted online” just doesn’t bother them they same way it would a 15 year old boy or 30 year old married man.”
As Kuglin said, 95 per cent of sextortion attacks are driven by financial reasons leaving five percent for vengeful actions. The latter is predominantly done by jilted and unrequited lovers, but the mandate to ignore them is still the best defense. Sometimes embarrassment is the cost of doing stupid things. Better to take your lumps and move on.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.
Pingback: Social engineering criminals are after everyone - Cyber Protection Magazine