Sextortionists Shift Scare Tactics
Sextortion is the act of convincing vulnerable people, often teenagers, to provide the sextortionist with sexually explicit photographs and videos under the threat of releasing other embarrassing material, such nude pictures that may already privately exist in the victim’s email, text messages or private social media.
The attacker does this by convincing the victim that they have hacked into their victims digital life and already have what is there.
99% of the time, this is a complete scam,but scared people do desperate things – like sending (more) sexually explicit material to the attackers in the hopes of getting them to not publicly release material the hackers claim to have. The hacker asks for a fraction of a bitcoin in payment.
One new tactic – including so called “legitimate” passwords to say, the user’s email account, in the pitch message. These passwords are often legitimate in the sense that the user used it at one time. This lends credibility to the pitch and the panicked victim does not think through how the hacker may have gotten that password. The attacker likely got the password from one of the thousands of cyber breaches.
So what should you do? Well, there is before you get a request and after you get a request from a hacker.
Before, you should practice good cyber hygiene. Install patches promptly for all software, stay away from sketchy web sites, choose good passwords, etc.
Second, enable two factor authentication – using either a text message to your phone as the second authentication factor, or, better yet, using one of the authenticator apps such as Facebook authenticator or Google authenticator as the second factor.
For parents, talk with your kids about the risk of taking pictures that if, in the wild, would embarrass themselves or worse.
Finally, parents need to talk to their kids about sharing compromising pictures and videos with others, no matter how much they think they are in love and no matter how many promises the other person makes. Understand that kids may be under amazing social pressure to conform – do not underestimate that.
After the fact, kids need to trust their parents, even though they are embarrassed, confused and scared. Parents need to work beforehand to get kids to understand that this is not something they can deal with by themselves.
Unfortunately, you may need to get legal advice and you should definitely not believe the hackers. One suggestion: ask for a sample of the photos that they claim to have. If the hack is legit – likely it is not – then you need to decide what to do. The police are going to say that you should go to them and that is probably an OK idea, but unless the hacker is someone you know, I would not get your hopes up.
On the other hand, it may be someone your child knows. In that case, you need to understand your options and a lawyer may be helpful. Releasing so-called revenge porn is a crime in many states.
Certainly prevention is easier than dealing with something after the fact and there are no easy answers as kids, especially, tend to do unexpected things. Discussing and planning is likely a good idea.
Source: Threatpost.