What Is Sextortion?

We’ve observed a recent uptick in “sextortion” email messages lately. In these messages, the scammer typically claims to possess a video of the recipient visiting an adult website and threatens to send the video to the recipient’s contacts if the recipient doesn’t remit payment via bitcoin.

In the email, the spammer usually includes the recipient’s name or username and an actual password used by the recipient. The presence of this personal, sensitive data makes these emails even more scary than your typical scam or phishing message. (Unfortuantely, the slew of recent data breaches have given spammers access to a lot of personal information, including names, usernames, email addresses, and passwords.)

If you haven’t received one of these emails yet, great! If you have, don’t panic: treat it as any other scam or phishing email: ignore and discard.

Review Your Passwords

Of course, if the email includes one of your current passwords, make sure you change all occurrences of that password immediately. Even if it’s an old password that you no longer use, double-check to make sure you are not using that password anywhere. Furthermore, if you haven’t done so in a while, consider changing all your passwords. Finally, it’s always good practice to avoid using the same password for everything—even slightly different passwords will provide you with more security if (when) a data breach exposes one of your passwords. You may also wish to consider using a password manager.

More information and details on sextortion email and techniques are available from Krebs on Security. For updates on security and other technology matters, please follow our Facebook page. If you have any questions or concerns, please don’t hesitate to contact us.