back to article Sextortion scum armed with leaked credentials are persistent pests

Persistence pays off for crooks when it comes to sextortion-based phishing scams, research into its effectiveness suggests. One variant bombards prospective marks with threats to release non-existent footage of them watching smut unless they give in to demands. Cleverly, these threats are lent an air of authenticity by using …

  1. Aristotles slow and dimwitted horse

    Black Mirror

    "Sextortion as a term initially referred to a sleazy cybercrime where perverts planted trojans on the PCs of young victims. Youngsters' PCs are often in their bedrooms and the malware was used to surreptitiously turn on webcams and record footage or pictures of victims."

    There is a very good episode of Black Mirror that is pertinent to this.

  2. Anonymous Coward
    Anonymous Coward

    These exploits only work because the victims' cultures have an inherited religious dogma about two of a human's most natural attributes - nudity and sex. The scammer's only weapon is the degree to which the social culture would punish the victim.

    1. Anonymous Coward
      Anonymous Coward

      These exploits only work...

      The scammer's only weapon is the degree to which the social culture would punish the victim.

      Not quite, it is the degree to which the victim believes the social culture would punish him or her.

      They might or might not be correct in their belief but they will act on that rather than whatever the reality is.

      1. LucreLout

        Re: These exploits only work...

        Not quite, it is the degree to which the victim believes the social culture would punish him or her.

        Some things are just private. I don't really care how the world would react to pictures of me nekkid being taken without my knowledge and circulated, I simply don't want it to happen because I don't wish to be so displayed.

        Good luck to the scammers though - I have stickers I remove when I need the web cam, and they're replaced at the end of the call.

    2. Waseem Alkurdi

      If the attacker does not exploit any weakness at all, this would not have made headlines.

      What value did your comment add to the discussion, apart from going off-topic?

      Suppose it wasn't the case, and that people roamed the world nude and sex with someone was as normal as breathing in their face. Would that cause this type of extortion to "poof"?

      1. Anonymous Coward
        Anonymous Coward

        "Would that cause this type of extortion to "poof"?"

        Yes.

        Because people are naked and see sex as a normal function doesn't change the way a human society organises itself for cooperative good. They will probably still have taboos.

        Anthropologist Bronislaw Malinowski made a study of the people of North-Western Melanesia from 1915 to 1918. The people treated sex as a normal function - even to the extent of children engaging with each other in play.

        He tried to educate the people about how pregnancy happened. The chief insisted that pregnancy only occurred after a couple were formally married. Malinowski had to admit that in the village the evidence did support the chief's version.

        They did have taboos. A man was not allowed to speak to his mother-in-law - if he did he was likely to commit suicide for breaking that rule.

        Another anthropologist visited an Amazon tribe. Arriving unexpectedly she encountered a naked man - who quickly ran into a hut. He then returned to greet her formally - now wearing the decoration of a thin band round his waist which signified his status as the chief. Otherwise he was still totally naked. Clothes are always an indicator of status in a particular culture - and often that is their primary purpose. Body decoration or scarification also serves the same purpose.

        Within living memory the Nuba in Africa were renowned for their nudity and public courtship rituals. Their region was eventually absorbed by a Muslim country - and they were forced to adopt fully covering clothes and abandon their tradition. Christian missionaries did the same wherever they went in the world.

        https://kwekudee-tripdownmemorylane.blogspot.com/2013/08/nuba-people-africas-ancient-people-of.html

  3. Anonymous Coward
    Anonymous Coward

    Why me?

    I've had half a dozen of these things, including two quoting the same password which I haven't used for a decade or more. I find them rather amusing and the fact that they claim to have used my non-existent does rather minimize the fear factor. I'm just curious as to how they choose their potential victims.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why me?

      If you put your email address in here: https://haveibeenpwned.com/ it might tell you where your details were nabbed from.

      1. find users who cut cat tail

        Re: Why me?

        > put your email address in here: https://haveibeenpwned.com/

        Tried it. It found my e-mail address in source code of a Unix tool I contributed to -- and presented it as a big red scary warning trying to sell me their password manager. Not sure about the utility of all that.

        1. expreg

          Re: Why me?

          Uh, what? Troy Hunt does not run any password manager companies, nor does he sell them. He advertises 1Password as that is one he uses personally and they've implemented his service into the extension. You can find his blog online, easily.

    2. JimC

      Re: Why me?

      Why on earth would they bother to choose when its so much easier to just mail everyone on their list?

    3. lsces

      Re: Why me?

      I'm up to 40 and demands are getting up to $5000 dollars now. My joke is I've never been able to get a camera working with the kit here so I'd happily pay to fix THAT problem, but while bitcoin is being used in this way I can't see ANY legitimate reason for the idea that it is a main stream financial service ... it's simply an illegal money laundering system in my book and should be shut down!

      1. phuzz Silver badge

        Re: Why me?

        "while bitcoin is being used in this way [...] it's simply an illegal money laundering system in my book"

        Cash is used far more often to launder money, should we ban cash?

    4. WolfFan Silver badge

      Re: Why me?

      I've lost count of the number I got, all quoting the same password I used only to access Adobe's crap many years ago. It was last used with Creative Suite 5.5, which tells you the age and where they probably got it from.

      That particular address was a gmail address. I killed it, and everything else I had which came from Google, after Google 'could not verify' that the address I used to use as a throwaway address for contacting things like El Reg's comments section. Very little traffic came to either of the two gmail addresses. except for spam. There was lots of spam. Now that I've dumped gmail, the spam count, and the attempted sextortion count, is way down.

      I quite like the thought of Google's servers slowly filling up with spam addressed to me...

      As for the sextortion twits... publish and be damned to you. Except that given that they've been trying this on for over a year now, I suspect that they have nothing to publish. Actually, I suspected that from the beginning.

      1. Ken Moorhouse Silver badge

        The common denominator...

        The common denominator in those that I have spoken to is that it is from an old gmail source. So if you're still using the same password for some years: change it and whilst you're at it, invoke two-factor authentication (but not with the Android phone tied to the same gmail address).

        Another question: those that have never had a gmail address: Have you had this type of spam in your Inbox (the variety containing text in it, as opposed to the ones without)? If "yes" then that blows a hole in my theory.

        1. Is It Me

          Re: The common denominator...

          Several people where I work have received and reported them to the helpdesk, all with work issued non-google linked email addresses.

          There have probably been many more that were just deleted and not forwarded on to the helpdesk

        2. Peter2 Silver badge

          Re: The common denominator...

          Another question: those that have never had a gmail address: Have you had this type of spam in your Inbox (the variety containing text in it, as opposed to the ones without)? If "yes" then that blows a hole in my theory.

          I have owned my own domain since before gmail was even released as a closed beta.

          I have never received a sextortion scam, although I have also never had a webcam that didn't have a physical power switch which has only been turned on when I want to use it. This sharply reduces the chances of anybody ever having any compromising photos of me using a webcam so I wouldn't have paid much attention in any case.

          I'm also male, and one assumes that script kiddies are still predominately male and so targeting woman.

  4. Alan J. Wylie
    1. WolfFan Silver badge

      Re: The consequences can be tragic

      They put a big ugly pop-up yammering something about cookies. I closed the window.

      1. WolfFan Silver badge

        Re: The consequences can be tragic

        It seems that I have acquired a little friend.

  5. doublelayer Silver badge

    They're using webmail accounts

    I wonder whether anyone at the webmail providers has done something to help track these people down. It is now the case that it's almost impossible to set up an account with the main providers without providing them with a phone number, at least, which they use to "verify" your existence. That implies that they should have those somewhere. If they can't use these to help find criminals, why are they violating standard users' privacy by making them give them one in the first place?

    1. WolfFan Silver badge

      Re: They're using webmail accounts

      I had (note past tense) a gmail account. I had a Yahoo acount, also past tense. I still have an outlook.com account. I very, very, VERY rarely connected to those accounts via a web browser; this may well have been the real reason why Google “could not verify” my now dead gmail account. I used IMAP for gmail and still do for outlook; yahoo, who were living in a dream world, wanted me to pay them to use IMAP, but POP was free. I gave each of them as little info as possible. (Another possible reason why Google “could not verify”) Some providers demand a physical address, but they don’t seem to actually check the address provided; 935 Pennsylvania Ave. NW, Washington, DC, works quite well. Even if it does evoke images of men in tutus and feathered boas.

      I detest webmail and decline to use it unless I absolutely have no choice, and I almost always have a choice. And where I must use webmail, the info provided is usually... massaged, shall we say.

      1. Peter2 Silver badge

        Re: They're using webmail accounts

        Except that one can buy a (new) pay as you go mobile for all of £10 with a SIM from most supermarkets, and you don't get asked for ID when doing so. A mobile number is not exactly a high bar to preventing access, although it does provide some possibility of getting caught due to CCTV in the store, and the mobile network knowing which base station it's connected to.

  6. T0G

    Disappointing quality

    I got one of these but the idiot used my landline number in the threat.

    It was just lazy, generic junk. If they don't put some effort into it, why should I give them any money?

  7. chivo243 Silver badge
    Devil

    What about the other way around?

    Hey bud,

    I see you haven't viewed any porn in sometime... It would be a shame if I told your mates you're not keeping your end of the bargain up? What would the boys down round the pub think?

  8. Ken Moorhouse Silver badge

    pay up after a sustained series of scams...

    ...rather than when they first appeared in their inbox

    This doesn't make sense unless the sender and link given were consistent throughout the campaign. If someone had a dozen emails from different places (as is typical with spam) then surely they would know that paying one of these would have no effect on satisfying the other eleven blackmailer's demands?

    BTW Asking a couple of questions of people who've had these emails. The common denominator I've found is...

    No, I'll hold off revealing the answer to that one for the moment. Can others ask the question and see if there is some kind of consensus? The other question is whether that email account has ever been linked to the account where the emails are appearing (if it is not the same account). The answer to that one is a unanimous "yes" so far.

  9. John Miles

    Been getting these for a while - though for a few days they seemed to mess up as it said

    "It appears that, (), is your password"

    Pretty certain my details came from the linked-in hack as it is only place I used the email address getting spammed.

    1. Ken Moorhouse Silver badge

      "It appears that, (), is your password"

      Maybe they had feedback from people saying that it was against GDPR to include that information in their email.

  10. N2

    Postal Blackmail?

    One of Python's finest.

  11. Nolveys
    Trollface

    Meanwhile, in Scotland...

    "Honey, look at the email these fools sent me! They think they can extort money from me by claiming that they have a video of me pleasuring myself to internet porn! How silly is that?"

    "Baaaaa!"

    1. Giovani Tapini
      Trollface

      Re: Meanwhile, in Scotland...

      What!

      The fools assumed you in Scotland had good enough bandwidth to stream anything at all :)

    2. Danny 2

      Re: Meanwhile, in Scotland...

      Only 2.5 million female Scots but six million ewes - you do the maaaths.

      NSFW (Not Suitable For Wool)

      https://must-see-scotland.com/sheep-in-scotland/

  12. Herby

    I've gotten a few...

    But none have been with the password I use here on ElReg. I think that is a good thing, as (so far) ElReg hasn't had a breach. Might be an example for others to follow!

    Yes, some have been "your password ()", which is kinda silly. Also I don't have a working web cam anyway.

  13. earl grey
    Devil

    spay and neuter

    that is all.

  14. N2

    According to them

    I can still hit the screen when I onanism, which they think that is shamefull

    I would consider it fairly good at 60

  15. FozzyBear
    Gimp

    Received a couple of these

    Blah, blah, blah, caught watching naughty things, blah, blah, blah, Doing naughty things, blah, blah, blah. Pay Up.

    Yeah, Yeah, If the email read along the lines of "You sick bastard, I actually puked watching what you did. What sort of weird sex freak are you. You should be locked up"

    I might actually believe them

    "Naughty things" . Pfft. Light weight

  16. Danny 2

    I have never been extorted

    Which proves they must have access to my financial details.

  17. John Gamble

    The Three Demands So Far

    Three such blackmail attempts. The first and third are probably from the same source, judging by the language style. Here's the bitcoin accounts they insisted I use:

    1: 1LKWwvjznDbgPVgMDvN6yRi5kSt7ZhdLt8

    2: 1j1tpwNNZDP74pdF1xm7QApHkSK6fDvMJ

    3: 1NpddYah4jMJ5hUx5yv6yEL1aPDGbNx4Td

    My bitcoin knowledge is pretty much zero -- I imagine posting these won't inconvenience them in any way. It still satisfies me a little bit to do so.

  18. Anonymous Coward
    Anonymous Coward

    A breach revealed!

    I got one of these messages (BTC Address: 1Mwcc7UVvHaX65oVMak3Wn6m2TmcSxGJaq - no transactions) and it surprisingly contained a password that was 14 random chars. If it was real it was unlikely a brute-force crack so was probably stored insecurely. My password manager has a good memory and it seems I had used it once, seven or more years ago, I think to enquire about a piece of CD encrypting software (it makes me wonder why I hadn't deleted the record by now). The company is Kernsafe.com who allegedly still specialise in secure storage solutions. Anyhoo, although they make it look a bit like they are in the US it seems that they are actually in China. Just for the fun of it I sent a support request asking if they were breached and why they never told anyone. I GOT A SUPPORT TICKET REPLY...

    "... Yes, your conjecture is completly right that our database has been hacked before a year, we are very sorry for this. The user information in the database in plain text and password was encrypted with simple arithmetic, then these data may be lost in that time. After that we have changed arithmetic to save user information. But the hacker had got previous version of data and recently these data seems put in their using for blackmails..."

    They never said why they didn't tell anyone, but I can probably guess.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like