Malware

The impact of sextortion

Sextortion is a pervasive threat that extends beyond Web sites and apps to other tech platforms, and has a devastating effect on victims.

Johannesburg, 05 Sep 2019
Read time 4min 20sec
John Mc Loughlin, security expert and CEO of J2 Software
John Mc Loughlin, security expert and CEO of J2 Software

Sextortion, or sexual bribery, is a serious criminal offence, and it is an ever-growing problem for authorities worldwide. It is very easy to become a victim and it can have a devastating effect on people from all walks of life.

Online victims are often contacted by perpetrators in the form of a social media friend request or via online chat or dating sites. Another tactic is for a cybercriminal to use compromised credentials to send unsuspecting victims sextortion e-mails. To grab one's attention, they normally include the victim's real password in the subject line of the e-mail to prove that they have access to the victim’s personal information.

Online perpetrators typically gain one's trust by pretending to be someone else. They often lurk in chatrooms and use fake profiles in order to lure their victims. There is also a chance that the cybercriminal could hack into one's electronic devices or online storage. This can be done using malware or by cracking or stealing login credentials.

Trusting people who are looking for the perfect partner, or bored partners, or even undercover porn viewers are being increasingly targeted by cybercriminals. They work on the insecurities, naïvety and poor cybersecurity behaviour to coerce unsuspecting victims into parting with their money in order to prevent public humiliation and embarrassment.

Sextortion occurs when the perpetrator threatens to distribute one's private and sensitive material if one doesn’t pay them. In certain cases, the victim may even be forced to perform sexual favours or the perpetrator threatens to harm one's relatives or friends by using information they have obtained from the device.

Security expert and J2 Software CEO John Mc Loughlin points to several versions of the attack, some via WhatsApp and others via e-mail.

"The WhatsApp variety is very common; boy meets girl by swiping right," he explains. "The match is made and introductory texts are exchanged. Almost immediately, the beautiful girl shares intimate pictures and asks for the same in return. There is an almost aggressive exchange to ensure that the unsuspecting victim sends compromising photos that include showing their face."

The perpetrators then reveal their true intentions and threaten to put the risqué nudes on the Internet, being sure to name the victim’s family members and work colleagues with whom they intend to share the photos.

Using information gathered from the texting, they identify victims’ social media accounts and, in certain instances, use compromised details to access or hack their accounts. Once the bait is taken, they move quickly to reel in their prey.

The tone is menacing and becomes increasingly urgent as they intimidate with threats of exposure and public humiliation. The modus operandi is pretty much always the same:  demands for money in order to delete victims’ photos, mostly through cryptocurrency, but locally it is usually by e-Wallet or untraceable money transfers performed at retail stores.

Mc Loughlin says another alarming trend is for cyber attackers to use compromised and leaked passwords that are easily available on the dark Web and cyber underground. "The attacker then utilises a free e-mail service to deliver the news that they have the victim’s password and have accessed their online activities."

These messages are mostly poorly written, lack basic grammar and, for the most part, are identical. It only takes a very small hit rate to ensure a lucrative return. Once payment is made, they destroy the pay-as-you-go SIM card and move to the next victim.

Mc Loughlin says there are numerous ways to combat this, the simplest being to ensure that you stay far away from any illicit Web sites. Another way to combat this is to ensure that you change your passwords or use a reputable password manager. “Please do not use the same password on every site, platform and computer.”

Victims are less likely to report sextortion outside of their inner circle; they are too embarrassed and normally prefer to handle the situation on their own. Also, most victims are more likely to confide in someone they know rather than report it to law enforcement.

"Never send compromising images or selfies to anyone, no matter who they are or who they say they are. More importantly, do not open attachments from strangers and ensure that the Web camera and microphone is switched off when you are not using them," he concludes.

Sextortion is an increasingly pervasive threat and it is not isolated to specific Web sites or apps. Perpetrators use various forms of technology and platforms to reach their victims. The personal and psychological toll on victims is immense and most don’t seek help because of shame and self-blame.

J2 Software

J2 Software is a security focused African technology business founded in 2006 to address the need for effective cybersecurity, governance, risk and compliance solutions in Africa.

The continued rise of cybercrime, identity theft and confidential data leakage drives the requirement for J2 Software's managed security service offerings, not only for competitive advantage, but as an absolute business necessity. The company offers managed cyber security services for every business. We ensure that you have greater visibility to identify risky behaviour and enhance the capability to respond to prevent losses.

J2 Software delivers essential tools that empower organisations to take control of their technology spend. The company's hand-picked solutions provide complete visibility over its customers' environment, while reducing risk and lowering costs.

J2 Software has provided services and solutions to renowned enterprise corporations with sites running in South Africa, Angola, Botswana, Kenya, Malawi, Mauritius, Mozambique, Tanzania, Uganda, Zambia, Australia, UK and Malta.

Editorial contacts
IT Public Relations Ivor van Rensburg (082) 652 8050 ivor@itpr.co.za
J2 Software John Mc Loughlin (021) 461 1223 john@j2.co.za
Have your say
Facebook icon
Youtube play icon