The emails sound the same. A mystery person has installed spyware on your computer and recorded you while looking at pornography. If you don’t send money or cryptocurrency, the emailer will share that video with everyone you know. Often, the message contains a password, showing the sender knows something personal about you.
This is the basic set up for “sextortion” scams, a con that has plagued people for at least a decade. While the scam isn’t new, local and national agencies have noticed an increase in them during the COVID-19 pandemic. Oregon Attorney General Ellen Rosenblum said her office received about 213 calls about this scam since mid-March. New Hampshire also warned residents of a spike in sextortion scams, and security experts say local agencies are seeing more cases of it.
“A lot of scams have made a comeback. It’s almost like movies,” Rosenblum told TODAY Parents. “Unfortunately, people are falling for the scams and that’s a real problem.”
Download the TODAY app for the latest coverage on the coronavirus outbreak.
Scammers realize people are spending all of their time at home and in front of computers, so they gamble on the fact that pornography consumption has increased — or just assume people will respond out of embarrassment or worry.
“Scammers are playing on our fears and on our needs,” Lorrie Faith Cranor, director of the CyLab at Carnegie Mellon University in Pittsburgh, told TODAY Parents. “All of these are things that the scammers are trying to take advantage of.”
Cranor said that people often receive sextortion scams without ever visiting a porn site or doing anything untoward online. In fact, the scammers often do not possess any blackmail fodder.
“In almost all cases they don’t actually have any information. This is just to try to hope you fall for it,” she said. “The way some of these scams work, they convince you they are really watching you."
But if an email actually does have a password, that should be a sign that one’s account has gotten hacked at some point.
“Usually what happens here is the person who receives (the emails) is a victim of a data breach, and their account and password were discovered probably by a different attacker maybe years ago," Cranor said.
That means people who receive such emails with passwords should consider changing any passwords that are close to the one in the message.
“A lot of people will use the same basic password,” Cranor said. “The most important passwords to change are going to be the ones that would be of the accounts that use that exact password or variations of it.”
People definitely should not send the person money or bank account information no matter how threatening the emails sound. It’s incredibly hard for law enforcement to find and prosecute online scammers.
“It can be very difficult to actually get your money back,” Cranor said.
Most people will delete the emails and move on, but people who send any money or personal information should certainly contact their state's attorney general to report a claim. Rosenblum said Oregonians can access its consumer protection website to report a scam. And, people who live outside the state can contact the Federal Trade Commission.
Rosenblum says there are four signs that an email is a scam:
- It is full of poor grammar or spelling mistakes
- It includes an old or current password
- It is generic and doesn’t mention the sites one visited
- It has a short deadline to respond
While the scams are increasing, it doesn’t seem as if many are falling for them.
“Only in very few cases have we heard that money has actually (been sent),” Rosenblum said. “The request, oddly enough, is for Bitcoin, which many people don’t know what that is — especially older people. So thank goodness they don’t."
Elderly adults often become victims and warning parents and grandparents about sextortion can feel, well, awkward. No one wants to talk to Nana about online porn. Dr. Deborah Gilboa says that’s OK. People can warn their loved ones without even mentioning sex.
“You can always talk about the difficulty your mythical friend had,” Gilboa, a parenting expert, told TODAY. “You can say, ‘I wanted to tell you a story about this person I know.’”
This allows people to broach the subject without making any assumptions about what websites parents and grandparents have visited.
“What we shouldn’t do is presume to ask our parents about a website they might feel shame about. It’s not our business,” Gilboa said. “Lots of people have surfing patterns they would rather other people didn’t know about. We don’t have to get into specifics.”
It’s helpful to approach sextortion scams as if they were any other mundane fraud.
“You would call them about a tax scam or a credit card scam,” she explained. “You can say, ‘I wanted to be sure that you knew they were exploiting seniors’ newness to technology by making people believe they know all of your browsing information and you could be a victim.’”
Gilboa recommends that adult children use their expertise in their family to lead the conversation. So if someone’s parents like knowing the latest news or just enjoy being smarter than Uncle Roger, children can leverage that information as a way to start the chat.
“In exactly the same ways we look for respectful ways to get into our kids’ consciousness, we can get into our parents’ consciousness,” she said. “Don’t make the intervention worse than the problem.”