What type of person is more indecent than a Twitch streaming roastie, sadder than their legion of beta-male followers, and more rage-inducing than the combined posting history of Twitter’s blue checkmark brigade? Here’s the clue: they’re the people who annoy you the most. No… not naggers.
Scamming is a multi-billion dollar business. According to FBI figures, the sector amounted to a lucrative $3.5 billion in 2019 alone. Consider that this is just the scams they know about, and that $3.5 billion constitutes a pretty sizable tip of the iceberg. While crypto scams may take a variety of forms, in recent years one particular blackmail-for-bitcoin scam has proven to be incredibly lucrative and popular: the email sextortion. The particulars of the con, how it operates, and how you can avoid becoming its next victim are laid out here.
What’s the dirtiest, most shameful and disgusting porn you’ve ever fapped to?
Now ask yourself, would you want your friends, family, partner, priest, pets, and the nearest local police station to see a video of you watching it while strangling your one-eyed snake with a dog leash tied around your neck, as you bite down on an oversized orange, dressed in nothing but stockings, suspenders, and an embarrassing 80s Christmas sweater? We’re guessing not.
That’s the basic set up of the crypto sextortion scam, which threatens its prey by claiming to have caught them goop-handed. The con begins with an email that contains the victim’s password in the subject line – something which is usually enough to cause alarm on its own. From there, the scammer twists the knife further. The email looks like this:
Subject line: Your Password is PASSWORD1
I’m aware that PASSWORD1 is your password. You may not know me, and you are most likely wondering why you’re getting this mail, right?
I installed a malware on an adult vids site, and there’s more, you visited this site to have fun (you know what I mean). Once you were there on the website, my malware took control of your browser.
It started operating as a keylogger and remote desktop protocol which gave me access to your webcam. Immediately after that my software collected your complete contacts from your Messenger, FB, and email. I created a double-screen video. First part shows the video you were watching (you have a good taste lol…), and the second part displays the recording of your webcam.
Precisely what should you do?
Well, I believe, $1900 is a fair price for your little secret. You will make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
The email will then provide a BTC address to where you can send the payment and claim to have a special “pixel” that can inform the sender of the exact moment you have read it. There is just one slight problem with all of these claims: they’re an absolute crock.
The best response is to mark it as spam, and to change that password if it is used for any other account.
To understand the anatomy of the scam, sextortionists get their hands on password and email information by purchasing it on the darknet. Hundreds of millions of users’ data are available at the push of button, thanks to the irresponsible security practices of companies such as LinkedIn and eBay.
One of the biggest documented data breaches occurred in 2013 when the user information of 153 million Adobe customers was leaked. On that occasion the data which was lost went beyond emails and passwords, and even included credit card details. Adobe learned its lesson so very well that in 2019 it left the information of 7.5 million Creative Cloud online and unprotected. In 2016, the data of 412.2 million accounts was leaked by Adult Friend Finder. In May of 2019 the data of 137 million Canva users was compromised. Similar things happened at eBay (145M), Equifax (147M), LinkedIn (165M). The list goes on and on.
To check if one of your email/password combinations is known to have been compromised you can visit Have I Been Pwned and run a check for free. Fix the opsec and there is very little con artists can leverage against you.
Next Level Preventative Measures
The simple and safe way to beat this scam is to not panic. Always use strong passwords, change them regularly and whenever necessary, and never use the same password for multiple sites.
If the above measures are not enough to assuage all fears, we’ve assembled a list of some additional security measures any internet user can take.
- Abstinence – Make your life a no porn and no fap zone.
- Privacy – Cover your webcam with a piece of chewing gum.
- Crazy – Record and upload the masturbation video yourself. Your move, scammers!
Brenna Sparks regularly turns the tables on sextortion blackmailers, by threatening to NOT upload a recent video of her masturbating if they don’t send her bitcoin. Checkmate, scammers.