Login Register
Follow Us

A dark, new alley

The steady rise in sextortion scam is rooted in the fact that a large chunk of population visits adult content on the Internet. Also, real recordings of individuals, lost or stolen from their computers, end up on the dark web.

Show comments

Sangeet Toor

The steady rise in sextortion scam is rooted in the fact that a large chunk of population visits adult content on the Internet. Also, real recordings of individuals, lost or stolen from their computers, end up on the dark web

The online sextortion landscape in India is ripe with both extortionists and victims. While the law and order is yet to catch up with the facts and figures and perpetrators, there is a latest dimension — the sextortion scammers. Their job is both lucrative and easy. They scour the old data breaches to find dumped passwords and email addresses. They match the credentials with a real individual and then send him an email.

The email suggests that the scammer installed a malware on the victim’s system in the past. This malware allowed the scammer to not only access victim’s data on the system, but to also watch him secretly. It is suggested that he has visited adult websites and he has been recorded while watching media on such websites, and in compromising position. Then victim’s email address and password are mentioned; unfortunately the victim recognises both. Now he believes the scammers. The rest of the email then dictates what the user must do to get out of this trench. He believes that the scammers own his social media accounts. They know his contact list. In order to keep the attackers from making the recording public, he must pay them.

There are many variants of this scam. In one, it seems as if the tricksters have sent the email from the victim’s email address itself. But it is not so. It is just a trick to control the user completely. The password, however, will be a match, probably to an older and frequently used one. The reasons are not because the attackers actually hacked the system, but they found the password from the previous data breaches.

Another variant asks the user to click on a link to see the proof of the recording. As soon as the victim clicks on the link, a real information stealing trojan is installed on the host system. This trojan then downloads and installs a ransomware. Therefore, a healthy system gets infected with serious malware. A scam transforms into a real problem.

Yet another variant mentions that the user was recorded through a malicious script installed on an adult website frequented by the user. “I installed the malicious script on the adult website and you downloaded it,” it says. It then explains the process by which the user system was hacked to convince the user and to effectively scare him into making a payment.

All these variants ask for a bitcoin payment ranging $200 to $8,000. According to estimates, such scammers make $50,000 per week using sextortion scams. The recent cases brought to the law enforcement in India were one or the other variant of the scam. The Central Crime Station and CID have received a dozen cases, and it is just a negligible number that represents the actual number of people being scared by this scam.

It is interesting to note that it is very difficult to nab the culprits. According to SecGuru, a security researcher, the new variant uses a real Hotmail or Outlook email address to send the email. Any spam filters do not block these emails, so they end up in end user’s inbox. There are both technological as well as jurisdictional limitations to find the scammer who can be living elsewhere in the world, and get back any payments already made to them. So, it is important that the user don’t give in to the scare tactics. The scammers do not know anything about your web browsing habits. They just employ a hit and trial method.

The steady rise in sextortion scam is rooted in the fact that a large chunk of population visits adult content on the Internet. Additionally, real recordings of individuals in compromising positions, lost or stolen from their systems in the past, end up on the dark web. The tricksters use the knowledge of these two factors in refining their scare tactic and in using the right kind of information to get the victim in believing in their story. Adopting better password hygiene and keeping the operating system up to date is important for keeping your data and online habits private. If you want to know if any of your accounts or passwords was ever hacked in the past, you can visit www.HaveIEverBeenPwned.com.

What the rulebook says

It is a good idea to educate yourself about the Indian Penal Code and Indian Criminal Procedure Code in case you want to take steps in the legal direction. Sections 292 and 354C of the IPC and Section 108 (1)(i)(a) of the CrPC gives you ample protection against anyone who threatens to make your private recordings or pictures in compromising position public, and against the publishing of such content. Fifty per cent of the sextortion scams exist in India, Russia, Indonesia, Vietnam and Kazakhstan. The chances are that the fraudster will be a citizen of India and legal complaint at the right time will scare the fraudster away. In case you really believe that the hackers have a real recording of you, you must visit the nearest cyber crime unit and make the incident known to the law enforcement agencies.

Dos

1. Delete the email right away

2. Run your system’s anti-virus program

3. If you are paranoid, change your account passwords

4. Turn on two factor authentication for your email and social media accounts

5. Cover the camera of your system with a duct tape if you don’t have a camera cover

Don’ts

1. Don’t click on any link given in the email

2. Never make any payments

3. Do not engage in any argument

Show comments
Show comments

Top News

Most Read In 24 Hours