There’s a new “sextortion” scam hitting people’s email inboxes.
In these emails, cybercriminals claim to have taken a video of their victims while they were visiting pornographic websites. The perpetrators threaten to send the video to the victim’s friends and family unless they pay out in bitcoin.
The scammers don’t provide evidence of the video, but they do give proof that they know one of your passwords, which is meant to convince you that they have access to your personal information — and insights into your private life.
“It’s enough to send shivers down anyone’s spine, but these chilling words are part of a new scam targeting men,” the Federal Trade Commission warns.
But security experts are calling the online perpetrators’ bluff.
Want to learn more?
- Important things to know about this scam
- What to do if you receive this email
- More ways to protect yourself online
Remember, these are scam emails designed to intimidate and scare you into giving the sender money. As such, the authors of these emails are probably bluffing.
They might have obtained your password from an unrelated public data breach at another company, but want you to believe it came from a less-than-savory website. By shaming you, they hope to pressure you into paying.
This is known as “sextortion,” and it’s a new twist on an old scam, according to the FTC.
“Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money,” writes Brian Krebs, a security writer who is investigating the scam.
It “is a serious crime that can lead to devastating consequences for victims,” he says.
After all, the scammer is most likely lying. The perpetrators count on you to feel so concerned that you act irrationally and pay whatever they demand.
Here are a few steps to help you take control of the situation.
- Before you give in to any demands, talk to someone you trust. A friend may be able to help you think more rationally in a situation like this and be able to explain what’s actually going on.
- Check if your information has been exposed using an online tool. Despite what these scammers say, it is much more likely they obtained your password from a major data breach and not from your computer. You can check whether your information has been exposed in a public data breach using Credit Karma’s free Identity Monitoring feature or the site Have I Been Pwned? If you find your email there, it means that account information was exposed and scammers likely picked it up from there. Again, that scenario is much more likely than what the scam email claims.
- Cover your webcam for peace of mind. Again, while these emails are scams and likely untrue, try putting a piece of tape or paper over your webcam. This could give you the peace of mind you need in case another scammer claims to have a video of you.
- Change your password. Make sure you create a strong password. “ABC12345” won’t cut it. If you need help remember difficult passwords, you can use a secure password manager to keep track of them.
How to spot a scam
Remember, it pays to be skeptical.
Con artists do their best to convince you that they’re someone you can trust. Imposters might pretend to be government officials, business professionals, charity workers or even a long-lost family member.
If you’re approached by someone you don’t know who’s asking for money or your personal information, the FTC recommends you search their name (or the name of their company) online alongside the word “scam” or “complaint” to see if anyone else has reported the same concern.
As for this particular trending scam, the email sextortionists are not pretending to be someone they aren’t, but they might be pretending to have video footage of you that they don’t actually have. The FTC says high-pressure tactics like this are “classic signs of a scam.”
We recommend you sign up for the FTC’s free scam alerts to help you stay on top of these situations.
Regardless of whether you’ve been targeted by one of these sextortionists, here are a few more tips you can take to protect yourself from cybercriminals.
- Set up multifactor authentication. This adds an additional layer of security to your online accounts by requiring anyone logging in to have more than just your username and password.
- Sign up for free credit monitoring with Credit Karma. If we notice important changes on your TransUnion or Equifax credit reports, we’ll send you an alert so you can check for suspicious activity.
- Fraud alerts and freezes. If you think your identity may have been stolen, you can ask the three major consumer credit bureaus — TransUnion, Experian and Equifax — to freeze or place a fraud alert on credit reports. These steps make it more difficult for criminals to open new financial accounts in your name.