03.10.2023 - The big waves of fake sextortion have been easing off for a few months now, which seems to indicate that the phenomenon is no longer so lucrative for the scammers. The approach has been repeatedly adapted in the past in order to nevertheless find victims willing to pay among those who received the emails. With the latest version, it is no longer possible to rule out the possibility that malware has actually infected the computer. The attackers present a recent screenshot of the victim's computer as proof.
In fake sextortion emails, the fraudsters claim to have collected photo or video material showing the email recipient allegedly visiting pornographic websites. The extortionists threaten to publish the photo or video material if the ransom demanded is not paid within a certain period of time. The blackmailers send such demands in bulk on the off chance that the ransom will be paid. By threatening to publish the material, the criminals aim to intimidate the recipients and persuade them to pay up. However, the NCSC is not aware of any cases to date in which compromising footage existed.
But in a case reported to the NCSC last week, it cannot be ruled out that the victim's computer had actually been hacked. Although the text of the email resembled a normal fake sextortion email, the attackers attached a screenshot of the victim's desktop PC as proof. The email also contained information about the operating system currently used on the PC. It is not yet known where the attackers got this data, but the computer must have been accessed beforehand in order to obtain it. Nevertheless, the NCSC does not assume that compromising images exist in these cases either. If there were any, the attackers would certainly also use them in the extortion attempt, in order to lend credence to their ransom demands. In that case, the NCSC recommends disconnecting the computer from the internet and scanning it for malware or remote access programs. The most secure method is to reinstall the computer. Remember to back up your personal data beforehand. If you are considering filing a criminal complaint, we recommend that you discuss the above steps with the police first to ensure any evidence remains intact. Do not under any circumstances pay the money demanded by the blackmailers.
Various types of fake sextortion
In the past, attackers using fake sextortion emails have regularly tried various tricks to lend more force to their demands. The known variants are listed below:
The email appears to have been sent from the victim's own address
In order to make the victim believe that the email account has been hacked and that the fraudsters have access to it, they fake the sender address and insert the victim's address. Unfortunately, it is very easy to forge an email address. In this way, any sender address can be used in emails (see also the cybermyth "I can trust every email sender I know!"). However, these emails are just a bluff. The corresponding email account has not been hacked in these cases.
The fake sextortion email contains a password used by the victim
In another variant, the fraudsters claim to have hacked the email account and insert the victim's apparent existing passwords in the email. They do this by using old data leaks that they have found on the darknet. If the recipient has not changed their password for a long time, it can happen that the password really is one currently in use. In these cases, the password should be changed immediately. The claim that the attacker has access to the computer is a bluff here too. You can use the platform Have I Been Pwned to check whether your address has been compromised in a data leak.
In addition to receiving a fake sextortion email, social media accounts are hacked
If the password is still in use, attackers often use these access credentials to try to hack the corresponding internet services as well. Once they have gained access to the email account, they can also use the password reset function to take control of other accounts. The focus here is usually on social media accounts. By uploading content that violates the guidelines, the attackers attempt to have the account blocked by the social media service provider and thus unnerve the victim. The victim's computer has not been hacked in these cases either. Nevertheless, we recommend that you protect access to your internet services with two-factor authentication (one-time password, text message token, etc.) whenever available.
Current statistics
Last week's reports by category:
Last modification 03.10.2023
