{"id":179502,"date":"2018-12-14T09:27:31","date_gmt":"2018-12-14T14:27:31","guid":{"rendered":"https:\/\/www.ntegrait.com\/sextortion-scam-pretending-to-come-from-your-hacked-email-account\/"},"modified":"2018-12-14T09:27:31","modified_gmt":"2018-12-14T14:27:31","slug":"sextortion-scam-pretending-to-come-from-your-hacked-email-account","status":"publish","type":"post","link":"https:\/\/ntegrait.com\/sextortion-scam-pretending-to-come-from-your-hacked-email-account\/","title":{"rendered":"Sextortion Scam Pretending To Come From Your Hacked Email Account"},"content":{"rendered":"

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.<\/p>\n

The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.<\/p>\n

\"Sextortion<\/p>\n

Here\u2019s a closer look at the threat and how to prevent such ruses in the future.<\/p>\n

What Happened in the Sextortion Case?<\/strong><\/p>\n

The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.<\/p>\n

In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim\u2019s activity in exchange for cryptocurrency.<\/p>\n

Are These Schemes Successful?<\/strong><\/p>\n

The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted \u20ac40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.<\/p>\n

What Did the Sextortion Email Say?<\/strong><\/p>\n

The English version of the scam had a subject line that included the victim\u2019s email address and \u201c48 hours to pay,\u201d e.g. \u201cusername@example.com 48 hours to pay,\u201d<\/p>\n

In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.<\/p>\n

Throughout several months, the email alleged, the victim\u2019s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim\u2019s social media and messages.<\/p>\n

\u201cWe are aware of your little and big secrets \u2026 yeah, you do have them,\u201d the email continued. \u201cWe saw and recorded your doings on porn websites. Your tastes are so weird, you know.\u201d<\/p>\n

The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim\u2019s device.<\/p>\n

For unsuspecting victims, receiving such an email could be terrifying. That\u2019s why so many people succumb to such demands and pay up.<\/p>\n

What Can Users Do?<\/strong><\/p>\n

While it\u2019s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It\u2019s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.<\/p>\n

Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:<\/p>\n