Did you receive one of those “porn scam” emails in the past week or so?
Millions of people did – in fact, the number was probably more like tens or even hundreds of millions, with some Naked Security readers reporting phlegmatically that they’d had two, three and even five different flavours of scam in the past few days.
Even if you’ve never had a sextortion email sample of your own, you’re probably familiar with the “porn scam” scenario, where cybercrimals send a message out of the blue that says something along these lines:
- ATTENTION! We implanted malware on your computer, which means we have been keeping tabs on you, including grabbing your passwords and getting access to your accounts.
- We also used this malware to film you via your webcam and to take screenshots of your browser.
- We made a video of you on a porn site with the screenshots and the webcam footage side-by-side.
- Oh, and the clock is ticking, so pay us some money pretty darn quickly or we’ll send the video to your friends and family. (We know who they are, because we have your passwords, remember?)
The extortion demand is typically somewhere from $700 to $4000, payable to a Bitcoin address provided in the email.
The good news is that it’s all a bluff, because the crooks behind this scam don’t have malware on your computer, don’t have a video of you doing anything, don’t have screenshots of your browsing habits, and haven’t just stolen a list of your friends and family to send their non-existent video to.
The bad news is that this sort of email is extremely confronting, even if you don’t watch porn and don’t have a webcam, because blackmail is an odious and unsettling crime under any circumstances.
What makes it worse is that the crooks often include a password in the email as “proof” of their claim to have malware on your computer…
….and that password very often really is a password you once used, even if it’s a few years old now or for an account you’ve already closed.
In truth, the passwords sent out in these scams have typically been dredged up from old data breaches.
Although the password you see may have been your password once, the crooks didn’t get it from your computer recently. (Word of warning: if you are still using that password, or anything like it, on any online account, change it now!)
As you can imagine, once recipients of these emails realise it’s all a cruel and criminal hoax, and that some crook is simply preying on their fears, the pressure is off and they can relax.
Unanswered questions
But where do all these emails come from? Why can’t they be stopped? How many people end up paying? Where does the money go?
Our researchers at SophosLabs decided to find out.
By combing through five months’ worth of sextortion-spam data, they came up with some intriguing answers that you can read about in the latest SophosLabs report.
SophosLabs found that a very small proportion of recipients actually paid the blackmail demands, for what looks like just a few hundred victims worldwide over the five months of the research; but with the demands typically being in the range of $1000 to $2000 each, the crooks nevertheless made just shy of half a million dollars during this period.
Simply put: as well as intimidating and unnerving many millions of people around the globe with the offensive and scary nature of the email content, the crooks managed to pull in a cool $100,000 a month.
As to where the money went, you can find out more of the gory details in the report, but this diagram gives you an idea of how and where the crooks “reinvested” their ill-gotten gains:
As to where the emails came from, the answer is, for the most part, that these huge sextortion spam surges came from innocent users whose computers were infected with spam-sending malware known as bots (short for “computer robots”).
These infected “zombie computers” can be fed remotely by the crooks with lists of email addresses. Each bot in the so-called “robot network”, or botnet, will then send out its own burst of spam, independently of all the others.
That means that there is no single source of the spam; no single server that can be blocked; no country that is an obvious culprit; and that the spam blasts happen in parallel from all over the world at the same time, as the report reveals:
So if you’ve ever wondered why spam blasts are hard to shut down, and why there isn’t one service provider or email sender that can be identified and taken down to bring the problem under control, it’s because zombie networks present an ever-changing mix of countries, computers and IP numbers – as well as a dynamic supply of what is essentially free bandwidth to the crooks.
The best way you can help to stop these porn scammers from sending so much spam is to make sure that you aren’t infected with zombie malware yourself.
Remember: when it comes to spam, if you aren’t part of the solution, you’re part of the problem!
You may also find this video useful:
By the way, if you’re looking for free anti-virus tools of the type we recommended in the video, you’ll find links in our Free Tools section below, from Sophos Home for Windows and Mac all the way to Sophos Antivirus for Linux.