Sign up to our newsletter
‘Sextortion’ attacks, where cybercriminals blackmail victims with the threat of exposing explicit photographs or messages are becoming increasingly common, according to a report by Bloomberg News.
The FBI has issued warnings that sextortion is on the rise – with attackers using methods including searching stolen computer equipment for explicit imagery, hacking social media accounts and using malware to steal images from computers.
Bloomberg describes one case in which a young mother (name withheld) was driven to suicide, and interviewed a New Hampshire woman whose suffering at the hands of a “sextortionist” left her feeling traumatised two years later.
Previous reports have highlighted cases in which children were targeted and blackmailed into uploading further naked pictures, which were then traded among paedophiles online.
“This is a growing problem,” said Wesley Hsu, chief of the cyber crimes unit at the U.S. Attorney’s Office in Los Angeles. Hsu says that the threat of exposure in sextortion attacks is particularly distressing as the internet is “quite permanent”.
Bloomberg reports that at least 20 criminals have been prosecuted for such scams – with victims thought to number in the thousands. The FBI has previously warned of a growing number of criminals involved in “sextortion”.
ESET security researcher Lysa Myers offers tips on how to avoid falling prey to sextortion – saying that criminals may try to befriend victims and trick them into sharing pictures, or may use malware to target victims’ webcams and take pictures themselves.
“There are two types of behaviors that are used in this crime,” Myers writes. “Trust-based tactics where the criminals take advantage of the relative anonymity of the Internet to trick victims into trusting them and revealing very personal details or sending revealing images. The criminals then use these as leverage to force their victims into sending more compromising pictures.”
Criminals also target victims with malware designed specifically for this form of attack, Myers says: “Malware-based attacks target the victim with malware that stealthily turns on the victim’s webcam. In this case the victim herself unwittingly provides revealing images that the criminal can use for blackmail to get the victim to provide yet more compromising pictures.”
Often, attackers use the threat of exposure to harvest more explicit pictures – and the FBI warns the tactic is often used against teenage girls. In one case, a 25-year-old, Brian Caputo has been indicted for an alleged eight-year campaign in which he targeted young females via social sites, and traded hundreds of explicit images with others on child pornography websites.
The FBI said, “Caputo convinced one minor female to take and then upload more than 660 sexually explicit images of herself to a Dropbox account controlled by Caputo. When agents executed a search warrant at his residence in Arvin on February 28, 2014, Caputo’s cell phone contained hundreds of images of girls ages 11-15 undressing, nude, or engaging in sexually explicit conduct. Caputo then traded the images with other Internet users.”
Predatory scammers also target victims via dating sites – where the scammer trades pictures with a victim, then threatens them with exposure. Even explicit messages can leave daters open to this form of attack.
Dating scams are one of the fastest-growing areas of fraud online, with a 27% rise year-on-year reported in the UK. The FBI issued an official warning this year, saying that women over 40 were particularly at risk.
“Their most common targets are women over 40, who are divorced, widowed, and/or disabled, but every age group and demographic is at risk,” the FBI said, “Here’s how the scam usually works. You’re contacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is emailed to you.”
Mark Brooks of Online Personals Watch offers tips on how to spot fake profiles on dating sites – and avoid being conned out of money, or threatened with exposure online.
Author Rob Waugh, We Live Security