Criminals are emailing people and falsely claiming they have hacked into their computers or webcams and have access to compromising images and videos of them, according to the Australian Government’s National Anti-Scam Centre.
These criminals threaten people by saying they will release the images and videos unless they’re paid. They include personal details such as birth dates and addresses in the emails to intimidate people into sending them money.
These personal details are most likely from previous public data breaches. Anyone receiving this scam email should know that there is no evidence that the criminals sending these emails really do have access to people’s webcam or computer.
There have been hundreds of reports recently of people who have been targeted this way.
“Extortion doesn’t apply to just businesses dealing with ransomware attacks,” said Satnam Narang, Senior Staff Research Engineer at Tenable. “Individuals are also targeted in extortion attacks, especially due to the increased usage of smartphones and social media platforms coupled with the rise in sexting amongst young adults.”
“The success of these scams is compounded by the fact that cybercriminals are leveraging stolen data obtained through the plethora of data breaches that include sensitive information on potential victims, such as their home address, phone number, birth date, and other details,” he added.
“These cybercriminals use intimidation tactics to convince potential victims to send them money, typically through cryptocurrency platforms, as these types of transactions provide some degree of anonymity, and unlike traditional finance, involve transactions that are less likely to be recouped or reversed.”
“Another aspect that adds to this complexity is the use of generative AI tools to develop deepfakes or “deepnudes,” creating explicit images of potential victims. The FBI issued a warning about this trend in 2023, and as the proliferation of generative AI tools grows, it complicates some of the traditional warnings cybersecurity practitioners have been giving to potential victims about sextortion.”
The National Anti-Scam Centre says if people receive emails like this, they should not respond or pay any money. There is no evidence that the scammers who send these emails have access to your webcam or computer. The personal details contained in the emails have most likely come from previous public data breaches.
“For most users, sextortion campaigns may not utilise deepfakes or deepnudes and will rely on the empty threat to publish explicit photos in exchange for a cryptocurrency payment. Users should not engage with the cybercriminals making these threats and should ignore them. To help thwart the potential threat of deepfakes or deepnudes being created, users should consider restricting their social media profiles to friends and family, as deepfakes or deepnudes require existing content.”
The National Anti-Scam Centre says to delete such emails and contact a computer specialist if you have concerns about the security of your device. If a scammer has taken your money or personal details, contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.
Information on how to avoid scams after a data breach is available on the Australian Government’s Scamwatch website.
