The Sextortion Hoax Economy Has a Pulse

The Sextortion Hoax Economy Has a Pulse

The Sextortion Hoax Economy Has a Pulse 2048 1152 Mark Arnold

 

Sextortion Attempt in My Inbox

The sextortion hoax economy has a pulse. On Easter, during our modified annual family gathering and carefully coordinated and socially-distanced egg hunts with neighbors and friends, I received a sextortion phish. Its contents gave me pause. A scammer was seeking to trash my reputation online if I did not send $1900.00 in bitcoin by the next day. My response was not one of panic. “Exhale. This is a phish. None of us are exempt.” 

I feel compelled to blog about this phish given a recent conversation I had with one of my mentors who, too, had been targeted with a similar sextortion scam. My mentor’s panic was palpable—the worry—intense. My mentor asked, “What can I do? This is not something I would do.” The concerns of my mentor were immediately evident. The fear of public shaming by an unknown actor is more than just disconcerting. Threats of this kind are paralyzing for a community leader of prominence and standing, and high integrity. Bad actors are seizing on the power of shame.

My mentor’s story, like many others, is one of defenseless against an unknown entity. I get phished often as we all do but this one was different. My gut said, “Do nothing. Do not respond to their threats.” At the same time, I had increased empathy for my mentor. 

This particular scam dates back at least three years. Brian Krebs analyzed the sextortioners at length in a 2018 post on Krebs On Security. In the post, Krebs asserted that the scammer’s success was due to increased sophistication in execution. The hoax used semi-automated scripts to extract scores of stolen usernames and passwords “shady password lookup services.” Krebs and his readers’ (in the comment section) sextortion samples match my scammer’s threats verbatim.

My version of the scam included an oft-used username of mine plus an infrequently used password (other targeted users described different details, username + phone number). The scammers then claim to have compromised me on a not-safe-for-work (NSFW) site with malware planted to establish a remote desktop session (RDP) to a device of mine to harvest credentials and contact lists for my public shaming. Finally, the criminal(s) gave me 24 hours to avoid public shaming by sending compromising split video evidence to family friends and coworkers (some versions give targets 48 hrs to respond). CEO Marcin Kleczynski, in a 2019 CNBC post, labeled the sextortion scam a ‘commodity attack.’

The scammers cast a broad net of “odd” bitcoin ransoms, netting hauls of $10000 to $20000 a week. – an indication of those who have fallen prey through transactions tracked by enforcement agencies. It’s worth noting that criminal enterprises are moving away from bitcoin to other monetary platforms to avoid monitoring by enforcement agencies.  Scammers like the ones described in this post will likely follow suit.

What Can Sextortion Victims Do in Response?

The stark reality is Scammers (among us) will always ‘scam’. Not surprisingly, sextortion scammers are out in full force during this current pandemic, with a marked resurgence of hoaxes in the last week. Awareness and vigilance are necessary more than ever. Small businesses, mom and pop stores, nonprofits, and community organizations deserve our concerted help. There is a growing need to amplify ‘wash-rinse-repeat’ message around hygiene and vigilance:

Concerted efforts exist (e.g., No More Ransom is one example) to disseminate awareness and marshal resources to raise the bar for scammers in defense of citizens. It’s time to put sextortion hoaxes of this kind to rest so we can join forces with those fighting the broader scourge of sextortion worldwide. This fight is a global one worth taking on.

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies.Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

    Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.