The Office of Internet Security in Spain (OSI) has issued information concerning new online scam known as sextortion. It attributes threat alert level 4 (high) to this campaign. It may not be at the highest alert level of 5. However, it is crucial to be aware of this deceptive scheme targeting unsuspecting victims.
This scam impacts any internet user who has received the mentioned email or a similar one and has fallen prey to the extortion attempt.
A fraudulent email campaign has been identified, aiming to extort victims by demanding payment in Bitcoin cryptocurrency. They demand this payment to prevent the alleged sharing of intimate recordings with the victim’s contacts. This form of deception, commonly known as sextortion, can target anyone. The cybercriminal behind it does not actually possess any recordings of the victim. Instead, it’s a tactic designed to instill fear in the user, compelling them to act hastily and without careful consideration.
If you have received the mentioned email but have not made any payment, it is essential to delete it immediately. The scammer does not possess any such recordings; it is merely a ploy to persuade you to send them money using social engineering techniques.
Under no circumstances should you pay the extortionist or attempt to contact them by responding to the email. Doing so will confirm the active status of your account. It may then be exploited for future fraudulent activities.
However, if you have made a Bitcoin payment, it is crucial to take the following steps:
- Gather all possible evidence of the fraud, including communications, screenshots, etc., and report the incident to the relevant authorities.
- You can seek online witnesses (information in Spanish) to corroborate the evidence mentioned above.
- If you wish to verify whether any images or videos of you have been published, you can engage in egosurfing and exercise your right to be forgotten, requesting the removal of detrimental information to your reputation.
To protect yourself from such attacks and similar threats, please follow the recommended prevention guidelines of the OSI.
The fraudulent email in question appears to have been sent from an account likely generated randomly.
The subject of the email is ‘Esperando pago’ (Waiting for payment). However, there may be other emails with similar subjects.
The email body is written in Spanish without spelling errors, but it exhibits unnatural vocabulary and expressions, possibly due to translation from another language. Other messages with varying content but the same purpose may also appear.
The extortionist informs the victim that their device has been infected with spyware, which went undetected by antivirus software and was allegedly introduced when visiting a website. They claim that this spyware has captured intimate videos. The cybercriminals then threaten to share these videos with the recipient’s contacts unless a Bitcoin cryptocurrency payment is made within 48 hours to avoid leaving traces.
The short timeframe is designed to prevent the victim from analysing the situation thoroughly and to prompt quick action out of fear that the compromising material will be disseminated.
In light of this online scam, it is crucial to exercise caution and follow security guidelines provided by OSI and other reputable sources. By staying informed and vigilant, you can protect yourself from falling victim to such malicious schemes and help create a safer online environment for all users.