What is Sextortion?
Online Sextortion is where non-physical forms of intimidation are displayed to steal money from the victim. Using the threat of releasing sensitive imagery, audio or video they have of the victim to scare enough, the victim pays the demanded fees.
Although it’s not an entirely new term, varying degrees of Sextortion have existed since before the internet’s birth. In these instances, local news has reported issues of criminals, who refer to themselves as the apt hacking group, blackmailing individuals using private and sensitive information. It places these cases somewhere between sexual exploitation and sexual blackmail.
Sextortion emails, also known as an sexploitation email, fake emails are one of the most popular ways of sextortion, and in 2023, this is still the case.
“I got an email saying I was hacked and recorded”
The email will likely contain poorly worded English, demanding the victim to pay a large sum of money to protect the content from being shared and distributed. A threatening email asking for bitcoin is often sent as part of the sextortion scam.
Within the email, it is very common for the cybercriminal to give you an hourly countdown, making this play on your mind and worry you, enhancing your chances of paying the fee.
Cybercriminals often mention you’re defenceless and contacting the police will do more harm than good, as the email from the hackers claim they have an inappropriate video of you they will send to your friends and family. Sextortion emails often contain there is no way the police can help you and they cannot be tracked.
“The police cannot help you. I am an professional hacker from the apt hacking group” to try and instill fear.
An Example of a Sextortion Email
Here’s an example of a Sextortion email or Sexploitation email. They are not all the same, but this real-life example gives you a heads-up on the content you may have received.
There are other examples of sextortion emails that often state, “I regret to inform you about some sad news for you. Approximately a month or two ago, I have succeeded to gain a total access to all your devices utilized for browsing the internet. Moving forward, I have started observing your internet activities on a continuous basis.”
Another example of a real Sextortion Email from Which?
How do I deal with Sextortion?
The first step is to ensure you do not click any links or share any details. These emails often have no truth to them.
We recommend checking out quick ways to detect if an email is fake. Hopefully, it is clear that this sextortion email is affected, and the information on the email is entirely made up.
Should I Ignore Sextortion?
Yes, first of all, delete the email straight away. You can block the email through your Inbox tool, but no matter what, delete the email and do not respond.
How Long Does Sextortion Last?
Sextortion can last for days, weeks or even months. The length of sextortion varies. In our example email, the cybercriminal threatened action within 30 hours, although they also added the option to increase the time required. Very kind of them, right?
We’ve heard of sexploitation emails going on for days, even weeks. So, we recommend blocking and deleting emails as soon as possible and ignoring them.
Should I Be Worried About a Sextortion Email?
No, you should not be worried about a sextortion email. They have no truth in them. It can be worrying when you first receive a sextortion email, but please follow the appropriate steps to ignore them, and do not send money or bitcoin to the ‘professional hackers’.
However, there may be personal circumstances where sextortion can be real.
Suppose you have previously interacted with an individual on a personal level. They could have sensitive information involving you – it’s essential to consider whether the criminal is someone you have a history with.
Check the sender and see if you recognise the email address. Double-check to see if you have emailed their address before or interacted with them in any way.
In most cases, the cybercriminal is extremely unlikely to have any dangerous information about you if you do not recognise the sender.
What if the Sextortion email includes lots of correct information?
If the email includes a lot of correct information, this may be due to a data breach, social engineering or purchased data. If the email displays a worrying amount of information and sparks fear, here are some reassuring facts:
Sextortion Email Includes Old or Current Password
If the sextortion email contains an old password and no action has been taken, the hacker cannot get into anything valuable. It may seem scary, but most passwords are taken from data breaches. An old password from a data breach demonstrates that the password hasn’t been stolen directly from you and is invalid. We recommend creating a password with a minimum of 12 characters, including uppercase and lowercase letters, symbols and numbers. Make sure the password is something other than your dogs name, as pet names are extremely common in passwords. Cybercriminals can utilise social engineering to gain access to more information.
Sextortion Email Includes Phone Number
If the sextortion email includes your phone number, this is likely due to a data breach resulting in sold data or through social engineering. Like how hackers find out email addresses and phone numbers are taken from exposed data breaches. Often, these are paired up with data from the email address, as you would have entered this data into a website previously involved in a data breach. It is not uncommon for data to be revealed, with companies like Facebook still experiencing breaches as of 2021.
Your data may have also been involved in a breach many years ago. It’s common for people to keep their phone numbers the same, so Adobe in 2013 and Yahoo in the same year may be responsible for your phone number being publicly available. Unfortunately, there’s not much you can do about it other than swapping to a new number, and this can be a pain, especially for the new number to become part of a data breach again.
Is the email from my email address?
If the email is from your email address, this is due to manipulating the name in the ‘from:’ field. Whilst this can look scary, it means nothing. Hackers can manipulate the name in the ‘from:’ field, making the sextortion email look scarier. So, if the sextortion email seems like it comes from you, do not panic. This is a typical manipulation for cybercriminals.
Could a random person record my webcam?
There is a possibility that a random person can record your webcam, yes. Your webcam may be accessed remotely, but only if you allow a malicious site to unload the malware onto your computer.
A type of malware called Remote Access Trojans allows the hacker to turn on a webcam remotely.
Simple steps like having the Webroot Chrome extension can keep malicious sites at bay, as well as routinely updating your password, so any information hacker does have are useless.
However, this is usually just another way for cybercriminals to exploit you and play into your emotions. It’s a tactic used to spark fear, as there’s always that doubt in people’s minds. More often than not, it’s unlikely to be true unless there is malware on your computer.
We recommend running anti-virus software on your computer if you are worried about malware.
Try not to panic if a potential Sextortion email or sexploitation email enters your inbox. Follow the steps outlined in this blog as a priority. If an email arrives with sensitive information in your inbox, approach cautiously.
Contract your IT supplier with any concerns, and then if the sender is linked to you – the authorities should be alerted.
If you’ve followed all these steps and are still worried about a potential Sextortion email you’ve received, contact us by submitting a form at the bottom of this page.
Excellence IT is a cybersecurity-first Managed Service Provider (MSP) based outside Cardiff, UK and has helped transform hundreds of businesses, with over 20 years of experience.
Writes about IT and Cyber Security.