By Brooke Crothers, Fox News
Sextortion is evolving into nastier ways to try to extort people.
To date, the basic template for this cybercrime has been to claim people’s accounts have been hacked, with the criminals saying they have video proof – usually via webcam – of a person watching sexual content. The criminals demand immediate payment in Bitcoin – which gives the extortionist anonymity – or they will release the video to the public.
But this has taken a new twist, according to a blog post from ISC, a cybersecurity analysis site. The new tactic is for criminals to create fake accounts on dating websites pretending to be young women looking for new partners, Xavier Mertens, Senior ISC Handler, wrote in the post, citing an example on a Ukrainian forum.
Once the extortionists get a response, they attempt to extract personal information from the victim including name, mobile phone, location and sexual preferences.
Personal details, sometimes lurid, are published on the forum along with conversations and pictures, Mertens said.
“The big difference is…that details captured and published by the bad guys are real and not a simple old password extracted from a database dump a few years ago,” Mertens told Fox News via email.
To be unlisted, they have to register on the forum and pay money, according to Mertens. But that may not be the end of the problem for the victim.
“The problem is that, even if the victim pays, the forum is indexed by Google and other search engines…This makes the process to be unlisted very difficult, if not impossible!” Mertens wrote.
The FBI’s Internet Crime Complaint Center said it has seen an increase in reports of online extortion scams with more people staying at home during the COVID-19 pandemic and using their personal computer more.
“After the height of COVID-19…we saw a dramatic shift to capitalize on the fear and uncertainty of the pandemic,” Fahim Abbasi, Senior Security Researcher at Trustwave, an information security company, told Fox News.
“Sextortion continues to work because it plays off of realistic fears consumers have about online privacy and anonymity,” Abbasi added, noting that criminals can collect thousands of dollars in easy money this way.
“It is quite possible that the next big iteration will come in the form of deepfake technology where a victim’s face (taken from social media photos/video) is superimposed onto real acts taking place,” Abbasi explained. “We are not there yet – good deep fakes take a lot of time and effort, but the technology is rapidly evolving.”
Extortionists can trick victims into believing that they have the goods on them by revealing a victim’s credentials – such as usernames, passwords, and addresses – that have been exposed in the massive global data breaches over the past several years.
“The good news for recipients of these messages is that these are fictions, and the risk comes from responding or reacting, not from someone who supposedly accessed your webcam, microphone, or machine,” Kevin O’Brien, CEO & Co-Founder of cloud email security provider, GreatHorn, told Fox News.