Sextortion Email Scammers Intensify Financial Demands with Targeted Approach

Blog

Every so often, sextortion emails that begin with phrases such as “Hello pervert” undergo redesigns. Recipients of these emails are often addressed in a provocative manner and presented with claims that the sender has been observing their online activities, threatening to publicize private matters.

Typically, these emails commence with a greeting that sets a tone of accusation, asserting that the recipient has been engaging in adult content consumption. The sender frequently stipulates that they possess incriminating videos depicting the recipient’s actions while viewing such material. In order to evade the dissemination of this so-called footage to the recipient’s acquaintances, a payment is demanded. The overall tone of these communications is intentionally threatening and manipulative, aimed at instilling fear and urgency.

This ongoing concern attracts a significant number of individuals seeking information about sextortion emails. Recently, a new variant has emerged, featuring certain traits that were previously unseen. Coincidentally, as living expenses have escalated, the sums requested by the scammers in these emails have also risen.

This latest email iteration suggests a possible origin, prompting further examination of its components.

“Hello pervert, I’ve sent this message from your Microsoft account.

I want to inform you about a very bad situation for you. However, you can benefit from it if you will act wisely.

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones, allowing hackers to monitor device owners’ activities. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS, and Windows. I guess you already figured out where I’m getting at.

It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me.

I’ve recorded many videos of you engaging with highly controversial adult content. Given that the questionable genre is almost always the same, I can conclude that you have a sick perversion.

I doubt you’d want your friends, family, and co-workers to know about it. However, I can disseminate this information with just a few clicks.

Every number in your contact list will suddenly receive these videos—on WhatsApp, on Telegram, on Instagram, on Facebook, and via email. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.

Don’t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a deserved punishment to stop you.

I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so am I. But my mercy is not free.

Transfer $1650 to my Litecoin (LTC) wallet: {redacted}

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all your devices, and disappear from your life. You can be sure—my benefit is only money. Otherwise, I wouldn’t be writing to you, but rather destroying your life without a word in a second.

I’ll be notified when you open my email, and from that moment, you have exactly 48 hours to send the money. If cryptocurrencies are uncharted waters for you, don’t worry; it’s very simple. Just google “crypto exchange” or “buy Litecoin,” and it will be no harder than purchasing items on Amazon.

I strongly warn you against the following:

  • Do not reply to this email. I’ve sent it from your Microsoft account.
  • Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, the videos will be published.
  • Don’t attempt to reset or destroy your devices. I’m monitoring all your activity, so you either agree to my terms or the videos will be published.

Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address.

Good luck, my perverted friend. I hope this is the last time we hear from each other.

And some friendly advice: from now on, don’t be so careless about your online security.”

Email Spoofing

Scammers frequently employ a clever tactic by indicating that the email has originated from the recipient’s Microsoft account. This spoofing strategy aims to create the illusion that the recipient’s device may have been compromised.

Email spoofing is a straightforward technique for scammers, as the email system does not verify the authenticity of the sender. This underlines the necessity for caution; even if an email appears to be from a known source, it could very well originate from a scammer.

For the technically inclined, a quick check of the email header can reveal authentication results that indicate a mismatch between the IP address and the domain, suggesting potential spoofing.

However, it is reasonable to assume that the average recipient may not consider conducting such an investigation, rendering the spoofing tactic effective in adding credibility to the email.

Encoding Errors

An analysis of the email source reveals insights into its origins. Notably, the email includes encoding errors such as repeated occurrences of “=D1=96” and others. These errors typically arise when Cyrillic or other non-Latin characters are improperly interpreted during encoding processes, often due to the use of automated systems that mishandle character sets.

The sequence =D1=96 corresponds to the quoted-printable encoding for the Unicode character U+0456, which is the Cyrillic letter “i.” This strongly suggests that the sender’s native language involves a script utilizing Cyrillic characters, predominantly associated with Eastern European and Central Asian languages, particularly Russian.

These encoding errors also indicate the use of non-advanced tools by the scammer. The awkward sentence structures and repetitive language patterns align with automated translation or text generation, indicative of a low-effort, high-volume campaign rather than one utilizing sophisticated artificial intelligence for personalization or nuance.

Price Increase

In previous months, the ransom amount demanded by scammers has risen—from $1200 in April to $1450 in May, with the latest correspondence now requiring $1650.

Several factors could account for this increase. It could reflect rising operational costs, or perhaps the scammers perceive an increased value in their threats and predictable outcomes.

Typically, scammers initiate with amounts they consider manageable, adjusting future demands based on the maximum payment they ascertain victims are comfortable with to evade repercussions.

Identifying Sextortion Emails

Recognizing sextortion emails becomes easier once one is aware of their characteristics. While not all of the features may be present in every correspondence, each serves as a red flag:

  • Often appear to be sent from the recipient’s own email address.
  • Contain accusations of inappropriate behavior with claims of possessing footage.
  • Mention the utilization of spyware like Pegasus to justify surveillance.
  • Include a purported password, likely acquired from a separate data breach.
  • Coerce recipients into rapid payment, often presenting a strict deadline.
  • Frequently include the message as an image or PDF attachment to bypass phishing detection.

Responding to Sextortion Emails

The primary response to such emails should be to refrain from engaging. Responding could signal to the sender that the address is monitored, prompting additional attempts to extort funds.

  • Avoid succumbing to pressure that could lead to hasty decisions; scammers thrive on the inability of victims to deliberate.
  • Refrain from opening unsolicited attachments, particularly if the sender’s address seems dubious.
  • If a password is mentioned, ensure it is not in current use and consider changing it immediately.
  • For password management, utilize a reliable password manager to organize credentials efficiently.
  • For added peace of mind, consider disabling webcams or employing physical covers when the device is inactive.

Assessing Your Digital Footprint

Sextortion emails commonly incorporate stolen passwords from prior data breaches. To ascertain what personal information of yours may be publicly available, consider utilizing a reputable digital footprint scan to generate a report reflecting your online exposure.

Maintaining a proactive stance on your digital security is essential. Cybersecurity threats should never be taken lightly. Protecting personal information is paramount for you and your family through reliable identity protection measures.