How to Avoid Falling Prey to Sextortion

Share and earn Cybytes
Facebook Twitter LinkedIn Email

When it comes to the world of online scams, sextortion is one of the most common ones and a threat that’s not going away anytime soon. Because this threat is so pervasive and can take so many forms, we thought it would be best to do a write-up and offer you ways to protect yourself online and avoid sextortion scams.

What is sextortion?

It’s a form of blackmail in which a cybercriminal or a former friend or romantic partner tries to extract favors or financial gain from a victim.

Ever since the web became a daily destination for a majority of people, there have been cases of sextortion through the use of webcams, the threat of intimate pictures leaking and hundreds and thousands of victims. We believe that, with proper education, such damaging attacks could be averted or, at the very least mitigated.

Even though most people exercise caution in sending potentially compromising pictures and videos, sometimes even the best of us could be exposed to sextortion. A survey of 1,631 victims of sextortion revealed how every online user is, at one point or the other, potentially liable to become a sextortion victim.

Here’s why:

  • They were in a wanted romantic or sexual relationship—72% of those who knowingly provided images
  • Perpetrators pressured them to provide images or made them feel bad—51%
  • Perpetrators tricked them into providing images—15%
  • Perpetrators threatened or forced them to provide images—13%
  • They expected to be paid for the images—2%
  • They thought the pictures would be used for purposes such as modeling or acting—2%

But what if no one actually has compromising pictures of you?

Sextortion that demands a Bitcoin payment

Enter 2018’s most popular sextortion scam. It circulates via email and the cybercriminal will send you one of your own passwords to prove they have compromising images of you. Of course, they don’t, but some people have been fooled. Cybercriminals obtain stolen passwords and then simply fire off a flurry of emails to their owners, making threats and demanding hefty payments.

Here is one such email received by the mom of one Heimdal Security team member. After laughing for a bit at the sheer audacity of it, we had to investigate a bit further and see if anyone fell victim to it.


What’s worse is the fact that, in this case, 24 hours before the email above was sent, someone already fell victim to this scam. A simple search of the bitcoin address provided by the cybercriminal shows that someone sent 0.26 BTC there.


On July 17, one Bitcoin traded for around $7,500, which means a sextortion victim paid almost $2,000 after receiving a bogus email. If this scam were to circulate back in December 2017, that same victim would have paid around $5000.

This type of sextortion scam demanding payment in bitcoin is so widespread, it’s unbelievable. Just hours after Reddit officially announced they had a breach, due to the fact that employees relied on SMS-based two-factor authentication, plenty of users found threatening emails in their inbox. Why? The Reddit data breach exposed quite a few old usernames and passwords. Cybercriminals took those passwords to provide some “legitimacy” to their common online scam. Even one of Reddit’s employees received the sextortion message, pointing out the ways cybercriminals try to monetize stolen email databases.

Other types of scams and how to steer clear of online scams

As long as people will continue to have digital lives, sextortion will, in one way or another, remain one of the most common types of online scams. Whether it will come from a known person, after a phishing attack or as part of a spray-and-pray email scam campaign, there’s no question about it, it will happen time and time again.

As a regular user, you can’t prevent or anticipate all the tactics a cybercriminal might adopt. What you can do is remain vigilant and spend a bit of time educating yourself on the various types of online scams.

We gathered here quite a few resources:

How to proactively stop scams from even reaching you

As we said in our analysis over what happened at Facebook and how your privacy was breached, the best way to stop online scams (sextortion included) is to make sure your own defenses are up.

Here are the five essential steps to protect your privacy:

  1. Always consider the type of information or pictures you post or share online. Ask yourself: “What would I do if someone threatened to show this to everyone I know?” (more on this here and here, in our guide to protecting yourself against doxxing)
  2. Keep your devices and PC updated and protected not just with antivirus, but with a tool that can block infected links (more on this here)
  3. Use strong passwords and, to avoid reusing them, consider trying a password manager that can generate unique ones for every account
  4. Go on every social media account you have and review the privacy settings. Also, take the time to consider what friends and followers you have.
  5. Learn how to spot phishing attempts that could lead to a criminal obtaining your passwords and other sensitive information.

Here are a few quick tips to avoid phishing, one of the most common ways in which scammers can get to you:

  • Be careful what you click on in emails, especially when it comes to attachments.
  • Consider having an email just for subscriptions and another one for actually important stuff. Both of them should be secured strong (and different!) passwords.
  • Always hover your mouse over links and check where they go (a misspelled letter almost always means a compromised link)
  • Always check the sender and, if you don’t know the person, it’s probably best to not click on any attachments.
  • Secure your valuable accounts with two-factor authentication that relies on unique codes, not texts messages (it avoids the risk of SMS-hijacking). That way, even if someone gets your password, they’ll still be unable to login into your account.
  • Periodically check if your email addresses were compromised in a data breach (unfortunately, they happen quite often) using a tool like this.

If you want to know more, we have a mega-guide with phishing prevention tips here.

We want to know if you’ve been exposed to scams like these or ever received threatening messages of this type. It would be great if you’d comment below (and even include a screenshot!) to help others better spot scams.

Do you have another tip for staying safe? Let us know.

Heimdal Security Official logo

Spend time with your family, not updating their apps!
Silently and automatically update software
Close security gaps
Works great with your favorite antivirus


Download Heimdal FREE

The post How to Avoid Falling Prey to Sextortion appeared first on Heimdal Security Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Heimdal Security
We protect users and companies from cyber-criminal actions, by keeping confidential information and intellectual property safe. We build products focused on proactive cyber security and we dedicate a big part of our efforts to cyber security education for everyone.
Promoted Content
Expert Roundup: Is Internet Security a Losing Battle?
A while ago, one of our readers asked us to answer the following questions: Is Internet security a losing battle? How come companies are always 1-2 steps behind the fight? How can the bad guys respond so fast?That reader is certainly not the only one with this issue on his mind. Many Internet users feel discouraged by the current state of cyber crime and its consequences, and the rest don’t yet understand why they should care about it. We wanted to do something to change this.Naturally, users like you and me are not the only ones who wrestle this dilemma. Within the industry, cyber security experts are deeply involved in studying the causes and changes which have brought us to this point so they can create better solutions. Each of these experts brings a different perspective to the discussion, because no single person can ever claim to have the full picture.That is why we reached out to some of the most experienced cyber security specialists in the field to gather their thoughts on the topic. We believe that the questions we received are justified and they deserve an honest answer. And you will find plenty of them in the article!

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?