Sextortion scam: don’t fall for this ‘I’m watching you’ phishing scam

Scam seeks to blackmail readers and is given more credibility by the fact the scammers mention your home address.

It’s been a busy year for phishing scams.

These scams usually involve posing as a legitimate business, trying to con the victim into sharing personal or bank details which the scammers can then make use of to swell their own accounts.

According to research from the Anti-Phishing Working Group (APWG), an international group of scam combatants like law enforcement and forensic investigators, the first quarter of the year saw more than one million total phishing attacks, making it the worst quarter on record.  

Part of the reason these scams are becoming more prevalent is because they are so effective. Huge sums of money are lost to these cons every day.

What’s more, they come in all sorts of different forms, and while one phishing scam might be posing as your bank, another might be trying to dupe you into handing over your details ‒ and your money ‒ in another way entirely.

I’m watching you

Last month a good friend of mine contacted me about a suspicious email they had received.

It was a blackmail threat, suggesting that their computer had been infected with a form of malware which gave the blackmailers access to the device’s webcam.

And this webcam had apparently been put to innovative use, filming my friend while they were visiting adult websites.

The email went on to suggest that these videos would be forwarded on to everyone in my friend’s contact book. This isn’t a new scam ‒ it’s been around for years now, so normally would not have got any attention.

However, there was an aspect to the scam email which was rather different, adding credibility to its claims, which made my friend seriously consider paying up, even if only momentarily.

Just one more thing

Now ordinarily, my friend would dismiss this email as exactly what it is ‒ an attempt by scammers to trick someone into handing over cash, out of some misplaced belief that they are about to be blackmailed.

However, there was one feature of this particular email that meant it stood out from other blatant scam attempts. And that was the fact that it mentioned their address.

It’s one thing for a dodgy email to pop up in your inbox, and address you by name with some ridiculous claim. A quick scan of my inbox’s spam folder reveals all sorts of nonsense, including two separate emails from a ‘Maureen’ in the USA about sending me millions of dollars from their foundation.

However, at best those emails refer to me as John, a fact fairly easy to ascertain given my forename is in my email address.

But I can’t ever remember having additional personal details, such as my actual address, included within the scam email. 

Is this actually legitimate?

Suddenly, what would have normally been dismissed as an obvious scam gains an air of credibility.

If they know where you live, then maybe they really do have incriminating videos of you? Perhaps they really do have access to all of your contacts and are willing to share this embarrassing material with them.

It’s easy to see why my friend was now uncertain of whether this really was a scam, or a genuine blackmail threat, pushing them to consider whether they actually would need to hand over money.

Thankfully, reason won out and they simply reported the phishing attempt.

The blackmail claim was always nonsense ‒ there is no way for scammers to remotely control a webcam to film you without your knowledge.

Indeed, they didn’t even know if my friend HAD a webcam in the first place, it’s simply an email format that they send out to thousands of addresses in the hope of getting a bite.

That doesn’t answer how they had my friends address, of course.

Logic would suggest that they got both the email and address in a cyberattack of a retailer that my friend had used ‒ after all, if you register with a shop online you likely have to provide them with your name and address, as well as an email.

Stay on your guard

It’s a useful reminder of how scammers are evolving, developing new techniques which can make older scam attempts a little more convincing. I’ve nearly been caught out myself, as I covered here on loveMONEY, by what was essentially a fairly basic phishing attempt on LinkedIn.

The sad fact is that every single day you will likely be on the end of some sort of scam attempt, whether it’s a dodgy email, text message or cold call. It can be wearying, constantly having to be on your toes to protect your hard earned cash against these crooks.

Yet we can’t get complacent. It’s once we lower our guard that we are most likely to get caught out, and end up handing over our cash to a criminal.

Comments


View Comments

Share the love