Subscribe

Mobile the new sextortion tactic

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 23 Apr 2015
Sextortion has changed from a mere means of soliciting sexual favours into a lucrative money-making scheme, says Trend Micro.
Sextortion has changed from a mere means of soliciting sexual favours into a lucrative money-making scheme, says Trend Micro.

Cyber criminals have taken the Internet scam known as 'sextortion' onto mobile.

That's according to security software vendor Trend Micro, which defines sextortion as a means of coercing cyber crime victims to perform sexual favours or pay large sums of money in exchange for the non-exposure of their explicit images, videos or conversations, normally obtained via Skype.

Gregory Anderson, country manager at Trend Micro SA, says due to the sensitive nature of sextortion cases, they are seldom reported.

"We have not seen any local case studies but I am sure that SA is not exempt from this type of cyber crime," he says.

The online scam is nothing new in the cyber criminal landscape and these extortion tools are normally obtained through various chat programs, most notably Skype because of its multimedia capabilities, he notes.

In a recent research paper released by Trend Micro, the company cites examples of sextortion in the Far East that demonstrate how cyber criminals' improved sextortion tactics involve the use of mobile malware to steal data from victims' mobile devices, which is then used to scare victims into paying cyber criminals off.

Based on the evidence represented in the paper, Trend Micro researchers have deduced that sextortion has changed from a mere means of soliciting sexual favours into a lucrative money-making scheme.

Members of a sextortion crime ring in the Philippines created fake Facebook accounts, which presented them as attractive women to lure men into chatting with them, says Trend Micro. They then asked them to video-chat on Skype so they could engage in cybersex, which would allow the cyber criminals to record the victims, it adds.

These videos were used to blackmail victims into paying the perpetrators about $1 000 each to keep the compromising content private. Victims were told that refusal to pay up meant their videos would be made publicly available on YouTube or sent to all of their online contacts.

However, more recent examples of sextortion include a mobile component where cyber criminals pretend to experience audio problems during chat or Skype sessions and convince victims to download an Android application to fix the problem, forcing victims to use an Android smartphone or mobile device.

"Sextortion is a widespread, global issue, but it is taboo, and victims will most likely never admit to having been caught on tape in the first place," Anderson points out.

"The cases discovered by our researchers were complex operations that involved people across cultures and nations working together to effectively run a lucrative business. These cyber criminals were specifically targeting those who they knew would be most vulnerable because of their culture."

To avoid falling victim to such attacks, Anderson says: "First and foremost, users need to stop trusting that what they keep stored on mobile devices is private - cyber criminals have ways and means of accessing all sorts of personal user data."

He adds the individuals involved in these cases were also engaging with disguised cyber criminals online, so users should stay away from shady sites, and when it comes to social media, they should have private profiles and shouldn't accept anyone that they do not know personally.

Users should also be wary when downloading apps - there are so many fake apps out there that are made with malicious intent, he says.

Share