Sextortion: numerous people in Switzerland affected – authorities launch "stop-sextortion.ch"
The "fake sextortion" scam consists of making the victim believe that criminals have access to his/her webcam and that they were filmed while looking at pornography. A threat is then made that the videos will be sent to all the contacts of the recipient if a specific amount in bitcoins is not paid within a certain period of time. Usually a password from a data leak is given as proof that the computer has been compromised. However, in the majority of cases, this password is outdated and is no longer in use. Meanwhile, a number of other variants have been observed: mobile phone numbers are also used to convince the victim that the mobile phone has also been compromised. In another variant, as proof that the email account has been compromised, the message is apparently sent with the user's own email address. In fact, the sender is bogus, which can be done very easily and without much knowledge. A subtype of this phenomenon is fake blackmail with threats of an acid attack or a bomb attack. With both types, bitcoins should be paid to halt the attack. Blackmail emails are sent in several languages, including German, French, Italian and English.
Although their modus operandi remained broadly the same, criminals have constantly sought to modify their attempts at extortion, to increase pressure on victims and force them to pay. This table shows the main innovations used by criminals in 2018.
CHF 360,000 in bitcoin accounts reported to MELANI
Fake sextortion ("fake" because it is deception, no compromising images exist) has been increasingly observed since July 2018. Based on the analysis of the bitcoin addresses in the emails reported to MELANI, almost 100 bitcoins were paid in the second half of 2018, which corresponds to a current value of approximately CHF 360,000. Considering that sending mass emails is practically free of charge, the corresponding profit is huge. Whether or not the bitcoin addresses are used solely for sextortion is unknown.
Worldwide at least USD 22 million stolen using fake sextortion
The security organisation SANS recently published a tweet concerning a USD 22 million account which had been discovered in connection with fake sextortion.
Quelle: https://twitter.com/sans_isc/status/1085178635278041088
Another sextortion wave in 2019
At the start of 2019, bitcoins worth over CHF 40,000 were deposited in a single account within less than five days, which was used in connection with a large fake sextortion wave in German. This wave resulted in hundreds of reports to MELANI. Based on the language, it can be assumed that the target of this campaign was the German-speaking countries. The links between the individual bitcoin addresses suggest that at least five spam waves launched on 7 January 2019 are from a single group, even if the language in the emails and the type differ.
Do not pay the ransom!
The reason why so many people pay the ransom demand may be that people who look at pornography are ashamed and intimidated by such blackmail, so they do not talk about it and also do not report the blackmail, in particular as these are mostly relatively small ransom demands.
However, so long as the recipients concerned do not stop paying the ransom demands, this scam will be exacerbated and it is expected that these waves will continue, that copycats will jump on the bandwagon and the number will increase even more. P
Therefore, you should not pay the ransom under any circumstances. You can make a contribution to prevention by talking about these criminal tactics in your professional and personal circles. In this way, you will raise the awareness of employees, acquaintances and relatives so that they will not fall for such machinations.
Authorities launch "www.stop-sextortion.ch"
On the website www.stop-sextortion.ch, which was launched by the authorities today, you can find some information and report fake sextortion emails.