Cybercriminals will go to any length to capture their ill-gotten gains. Growing beyond stealing identities and ransomware, the latest trend in cyber warfare – sexploitation – uses one of the most effective methods in convincing someone of doing something they don’t want to do: embarrassment.
Yes, embarrassment. In their latest scam, cybercriminals are attempting sexploitation in an attempt to gain take thousands from their victims.
What is Cyber Sexploitation?
In the context of cyber crimes, sexploitation occurs when an unsuspecting recipient receives an email from an anonymous or unknown individual stating that they have evidence of the user’s access to adult material or will send embarrassing videos or photos to family and friends, as well as with all of their contacts, if a ransom or payment is not made – usually in bitcoin. To add to the authenticity of the sexploitation crime, one of the recipient’s passwords is included.
While having this information disseminated to family and friends would be embarrassing on a personal level, the sexploitation email scam is augmented by the real consequences that association with explicit content can bring. Having explicit content exposed, particularly on the internet, could affect current or future employment, professional or romantic relationships, and mental health. The trauma associated with a similar phenomenon like revenge porn, when a former partner intentionally shares explicit material featuring their ex, has further demonstrated that sexploitation in the modern world is nothing to scoff at.
No Need to Panic
However, there is some good news: these types of emails are usually false. The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) published a recent public service announcement on common email and postal mail extortion activities inclusive of the commonalities associated with sexploitation.
Federal, state and local law enforcement, as well as information security experts, reassure that those who receive sexploitation solicitations were likely not the victim of a computer hack. The password given to “scare” the recipient was likely harvested in an unrelated third-party data breach. The genuine nature of the cybercriminal’s email address then allowed the sexploitation scam email to slide past spam filters and land in the inbox. But that doesn’t mean any material was actually extracted from the recipient’s hard drive.
4 Easy Steps for Mitigating Sexploitation Emails
- DO NOT PAY THE RANSOM – There is no validity to the threat. Paying only legitimizes the cybercriminals to continue to exploit unsuspecting people.
- CHANGE YOUR PASSWORD REGULARLY – The reason these scams are concerning is the fact that a legitimate password is provided, most often because individuals do not change their passwords on a regular basis and continue with the same password context. Learn more about password safety at our blog, “Password Protection: Tips and Tricks from an IT Expert.”
- CHECK TO SEE IF YOUR ACCOUNT INFORMATION HAS BEEN COMPROMISED – Use a trusted website, such as HaveIBeenPwned, to determine your level of public exposure stemming from third-party data breaches. Another resource is the OSAC’s article, “Have your online credentials been pwned (compromised)?”
- REPORT TO LAW ENFORCEMENT – If you believe you have been a victim of this scam, contact your local FBI office and file an online complaint with the IC3. Provide all relevant information in the complaint, including the extortion e-mail, information in the email header and bitcoin address, if available.
How Else Can I Protect Myself?
- Do not communicate with the cybercriminal.
- Use advanced authentication for accounts wherever you can.
- Ensure that the privacy controls on your social media accounts are enabled.
- Improve your awareness of information security risks and keep this in mind particularly in handling all email communication.
Cybercriminals succeed most when they target our greatest personal fears. Sexploitation triggers fears of not only embarrassment but also professional and personal repercussions. Fortunately, the vast majority of these emails are entirely false and use similar, predictable tricks to try and convince their victims.
Knowledge of these tricks can save users a lot of stress in the moment and act as a reminder that it’s always good to check up on your digital footprint.