I wish people would use their powers for good instead of extortion scams…
by Paul Ducklin
Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and extortionists.
Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime:
- Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a bogus identity, often by “borrowing” images, a name and a life story from someone else’s dating site account. Romance scammers may be prepared to invest weeks, months, or even years, into building an entirely fictitious, but apparently totally serious, online relationship. They may even propose marriage along the way. During this time they will abuse your trust to milk you for financial “help”, for example for visa fees, lawyers’ bills, airline tickets, medical expenses, and possibly much more.
- Sextortion, also known as “porn scamming”. This usually refers to blackmail messages that claim to have taken screenshots showing you viewing porn online, while at the same time catching you on your webcam. Porn scammers usually claim to have acquired their “evidence” by implanting malware on your computer to give them remote access. In reality, there are no screenshots and there is no video, but the criminals often include some personal data about you, usually acquired from an old data breach, to scare you into thinking their malware story might be true. The data is often a phone number, postcode or old password of yours.
The good news in the case of a porn scam is that the crooks don’t have anything on you, and the “malware” they claim to have implanted on your computer is just a pack of lies.
The bad news, however, is that there is a form of online sexual extortion that is effectively hybrid of romance scamming and porn scamming, where the criminals involved do indeed have content with which to blackmail you.